CN118018335A - Data hierarchical encryption method, device, equipment and medium - Google Patents
Data hierarchical encryption method, device, equipment and medium Download PDFInfo
- Publication number
- CN118018335A CN118018335A CN202410425917.XA CN202410425917A CN118018335A CN 118018335 A CN118018335 A CN 118018335A CN 202410425917 A CN202410425917 A CN 202410425917A CN 118018335 A CN118018335 A CN 118018335A
- Authority
- CN
- China
- Prior art keywords
- encrypted
- data
- encryption
- priority
- privacy
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 53
- 238000004891 communication Methods 0.000 claims description 21
- 238000004422 calculation algorithm Methods 0.000 claims description 19
- 238000012795 verification Methods 0.000 claims description 11
- 238000004590 computer program Methods 0.000 claims description 4
- 238000000605 extraction Methods 0.000 claims description 2
- 238000012545 processing Methods 0.000 description 17
- 230000008569 process Effects 0.000 description 7
- 238000004364 calculation method Methods 0.000 description 6
- 230000006870 function Effects 0.000 description 6
- 238000005516 engineering process Methods 0.000 description 5
- 238000012800 visualization Methods 0.000 description 5
- 230000009471 action Effects 0.000 description 3
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 235000019800 disodium phosphate Nutrition 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 239000000284 extract Substances 0.000 description 2
- 230000002093 peripheral effect Effects 0.000 description 2
- KLDZYURQCUYZBL-UHFFFAOYSA-N 2-[3-[(2-hydroxyphenyl)methylideneamino]propyliminomethyl]phenol Chemical compound OC1=CC=CC=C1C=NCCCN=CC1=CC=CC=C1O KLDZYURQCUYZBL-UHFFFAOYSA-N 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 230000003247 decreasing effect Effects 0.000 description 1
- 201000001098 delayed sleep phase syndrome Diseases 0.000 description 1
- 208000033921 delayed sleep phase type circadian rhythm sleep disease Diseases 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 238000000802 evaporation-induced self-assembly Methods 0.000 description 1
- 230000036541 health Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000004549 pulsed laser deposition Methods 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 230000001629 suppression Effects 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Landscapes
- Storage Device Security (AREA)
Abstract
The application relates to the technical field of privacy computing, in particular to a data hierarchical encryption method, a device, equipment and a medium, wherein the method comprises the following steps: receiving an encrypted data packet sent by a data participant; extracting data to be encrypted, a privacy priority and an encryption mode corresponding to the privacy priority from an encryption data packet, wherein the privacy priority and the encryption mode are pre-configured by a data participant according to an application scene of the data to be encrypted; and carrying out hierarchical encryption on each field to be encrypted in the data to be encrypted according to the privacy priority and the encryption mode. According to the method, the privacy priority and the encryption mode of the data which are sent by the data participant and configured according to the application scene in advance are received, and then each field is encrypted in a grading manner in an encryption mode corresponding to the privacy priority of the field, so that the problem that the data cannot be encrypted in a grading manner according to the privacy requirement of the application scene is solved.
Description
Technical Field
The present application relates to the field of privacy computing technologies, and in particular, to a data hierarchical encryption method, device, apparatus, and medium.
Background
Big data joint computing has been widely used in the industries of finance, medical health, public service, scientific research, and the like. Privacy protection computing technologies integrating cryptography, data science, distributed computing and other technologies can complete joint computing tasks of multiparty participation on the premise of protecting data privacy of all participants, promote trusted collaboration of multiparty data and break data islands.
At present, when each data participant performs joint calculation, an encryption mode needs to be negotiated first, then encryption is performed respectively, and finally the encrypted data is uploaded to a joint calculation platform. However, the usage scenarios of different encryption fields are often different, and the privacy degrees are also different, in the prior art, under the combined computing environment, data with different privacy priorities are used as a whole to be encrypted uniformly, and the data cannot be encrypted in a grading manner according to the privacy requirements of the application scenario.
Aiming at the problem that the data cannot be encrypted in a grading way according to the privacy requirement of an application scene, no effective solution is proposed at present.
Disclosure of Invention
The application provides a data hierarchical encryption method, device, equipment and medium, which are used for solving the technical problem that different data cannot be encrypted in a hierarchical manner according to the privacy requirement of an application scene.
According to an aspect of the embodiment of the present application, the present application provides a data hierarchical encryption method, which is applied to a privacy hierarchical system, where the privacy hierarchical system is disposed in a third party joint computing platform, and includes: receiving an encrypted data packet sent by a data participant; extracting data to be encrypted, a privacy priority and an encryption mode corresponding to the privacy priority from an encryption data packet, wherein the privacy priority and the encryption mode are pre-configured by a data participant according to an application scene of the data to be encrypted; and carrying out hierarchical encryption on each field to be encrypted in the data to be encrypted according to the privacy priority and the encryption mode.
Optionally, performing hierarchical encryption on each field to be encrypted in the data to be encrypted according to the privacy priority and the encryption mode includes: acquiring a plurality of fields to be encrypted in data to be encrypted, wherein the fields to be encrypted are obtained by dividing the data to be encrypted in advance for a data participant; determining privacy priorities corresponding to the fields to be encrypted; and carrying out hierarchical encryption on the field to be encrypted according to an encryption mode matched with the privacy priority, wherein the privacy priority at least comprises a first priority, a second priority and a third priority from high to low.
Optionally, performing hierarchical encryption on the field to be encrypted according to the encryption mode matched with the privacy priority comprises: if the privacy priority of the field to be encrypted is the first priority, acquiring a first encryption mode corresponding to the first priority; and anonymizing the field to be encrypted according to the first encryption mode to obtain and store the first encryption field.
Optionally, performing hierarchical encryption on the field to be encrypted according to the encryption mode matched with the privacy priority comprises: if the privacy priority of the field to be encrypted is the second priority, acquiring a second encryption mode corresponding to the first priority, wherein the second encryption mode comprises at least one encryption algorithm; and carrying out algorithm encryption on the field to be encrypted according to an encryption algorithm in the second encryption mode to obtain and store the second encryption field.
Optionally, performing hierarchical encryption on the field to be encrypted according to the encryption mode matched with the privacy priority comprises: if the privacy priority of the field to be encrypted is the third priority, the field to be encrypted is not encrypted, and the field to be encrypted is directly stored as the third encryption field.
Optionally, receiving the encrypted data packet sent by the data participant includes: under the condition that an encryption request sent by a target account of a data participant is detected, carrying out security verification on the target account; under the condition that the target account passes the security verification, a security channel is established; an encryption request is received over a secure channel and an encrypted data packet is extracted from the encryption request.
Optionally, after hierarchical encryption of each field to be encrypted in the data to be encrypted according to the privacy priority and the encryption manner, the method further includes: and if each field to be encrypted in the data to be encrypted is encrypted, deleting the data to be encrypted.
According to another aspect of the embodiment of the present application, the present application further provides a data hierarchical encryption device, which is applied to a privacy hierarchical system, where the privacy hierarchical system is disposed in a third party joint computing platform, and includes: the receiving module is used for receiving the encrypted data packet sent by the data participant; the extraction module is used for extracting data to be encrypted, privacy priority and an encryption mode corresponding to the privacy priority from the encrypted data packet, wherein the privacy priority and the encryption mode are pre-configured by a data participant according to an application scene of the data to be encrypted; and the encryption module is used for carrying out hierarchical encryption on each field to be encrypted in the data to be encrypted according to the privacy priority and the encryption mode.
According to another aspect of the embodiments of the present application, there is also provided an electronic device including a memory, a processor, a communication interface, and a communication bus, where the memory stores a computer program executable on the processor, the memory, the processor communicates with the communication interface through the communication bus, and the processor executes the steps of any of the methods.
According to another aspect of an embodiment of the present application, there is also provided a computer readable medium having non-volatile program code executable by a processor, the program code causing the processor to perform any of the methods described above.
The technical scheme of the application can be applied to the design of other privacy computing technologies by the privacy computing technology.
Compared with the related art, the technical scheme provided by the embodiment of the application has the following advantages:
the application provides a data hierarchical encryption method, which comprises the following steps: receiving an encrypted data packet sent by a data participant; extracting data to be encrypted, a privacy priority and an encryption mode corresponding to the privacy priority from an encryption data packet, wherein the privacy priority and the encryption mode are pre-configured by a data participant according to an application scene of the data to be encrypted; and carrying out hierarchical encryption on each field to be encrypted in the data to be encrypted according to the privacy priority and the encryption mode. According to the method, the privacy priority and the encryption mode of the data which are sent by the data participant and configured according to the application scene in advance are received, and then each field is encrypted in a grading manner in an encryption mode corresponding to the privacy priority of the field, so that the problem that the data cannot be encrypted in a grading manner according to the privacy requirement of the application scene is solved.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the application and together with the description, serve to explain the principles of the application.
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the related art, the drawings that are required to be used in the embodiments or the related technical descriptions will be briefly described, and it will be apparent to those skilled in the art that other drawings can be obtained according to these drawings without inventive effort.
FIG. 1 is a flow chart of an alternative data hierarchical encryption method provided in accordance with an embodiment of the present application;
FIG. 2 is a block diagram of an alternative data hierarchy encryption device provided in accordance with an embodiment of the present application;
fig. 3 is a schematic structural diagram of an alternative electronic device according to an embodiment of the present application.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present application more apparent, the technical solutions of the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present application, and it is apparent that the described embodiments are some embodiments of the present application, but not all embodiments of the present application. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
In the following description, suffixes such as "module", "component", or "unit" for representing elements are used only for facilitating the description of the present application, and are not of specific significance per se. Thus, "module" and "component" may be used in combination.
In the prior art, before each data participant uploads data to a trusted joint computing platform, the data needs to be encrypted in the respective environments of the data providers according to service requirements. In order to meet the requirement of subsequent joint computation, each data provider needs to negotiate the encrypted data, the encryption mode and encrypt the respective data. The disadvantage of this approach is that: after the data is encrypted and uploaded to the joint computing platform, different data or different fields of the data often correspond to different use scenes, the platform does not track the privacy of the data in a grading manner, and therefore the data is only one encrypted data in the joint computing platform.
That is, in the existing joint computing environment, data with different privacy priorities is unified and encrypted as a whole, and cannot be encrypted in a hierarchical manner according to the privacy requirements of an application scenario.
In order to solve the problems mentioned in the background art, according to an aspect of the embodiments of the present application, there is provided a data hierarchical encryption method, which is applied to a privacy hierarchical system, where the privacy hierarchical system is disposed in a third party federated computing platform, as shown in fig. 1, and the method includes:
step 101, receiving an encrypted data packet sent by a data participant;
Step 103, extracting data to be encrypted, a privacy priority and an encryption mode corresponding to the privacy priority from an encryption data packet, wherein the privacy priority and the encryption mode are pre-configured by a data participant according to an application scene of the data to be encrypted;
and 105, carrying out hierarchical encryption on each field to be encrypted in the data to be encrypted according to the privacy priority and the encryption mode.
The application provides a privacy grading system which is arranged on a third party joint computing platform and a data grading encryption method applied to the system.
The privacy grading system is responsible for receiving the encrypted data packets sent by each data participant, then grading and encrypting the data to be encrypted according to the encryption method in the encrypted data packets, storing the data to be encrypted, and processing the encrypted data by the combined computing platform.
In addition, in the scheme provided by the application, the step of data encryption is executed by the privacy grading system, which is different from the self-encryption of data by each data participant in the prior art. Therefore, the data participants do not need to negotiate, do not need to process data in respective environments in advance, save communication cost and can shorten a data operation link.
As an alternative embodiment, performing hierarchical encryption on each field to be encrypted in the data to be encrypted according to the privacy priority and the encryption manner includes: acquiring a plurality of fields to be encrypted in data to be encrypted, wherein the fields to be encrypted are obtained by dividing the data to be encrypted in advance for a data participant; determining privacy priorities corresponding to the fields to be encrypted; and carrying out hierarchical encryption on the field to be encrypted according to an encryption mode matched with the privacy priority, wherein the privacy priority at least comprises a first priority, a second priority and a third priority from high to low.
Specifically, different fields in the same piece of data also have privacy priorities of different levels due to different application scenes, so that the data participants need to divide the fields in the data and classify the privacy according to the application scenes. The method specifically comprises the following steps: the data participants extract data characteristics according to application scenes, for example, people group intersection functions of different data participants are realized, and each data participant only needs a list of fields of equipment ids; for example, if the extended functionality of the tag is to be implemented, each data participant needs to provide a device id and a corresponding tag field. The extracted data features are different from application scene to application scene.
After the data participant completes configuration of the field to be encrypted, the privacy priority and the encryption mode, the field to be encrypted, the privacy priority and the encryption mode are packed into an encryption data packet, and an encryption request is initiated to the system, wherein the encryption request carries the encryption data packet.
The configuration process of the data participant for the field to be encrypted, the privacy priority and the encryption mode can be completed on the privacy grading system. The system provides a plurality of encryption modes, and a plurality of encryption modes exist under different privacy priorities, so that different data providers can be ensured to confirm the privacy priorities and encryption algorithms according to requirements, and then the system is directly configured, and the communication cost of each data provider is reduced.
The privacy grading system extracts the fields to be encrypted in the encrypted data packet, selects the corresponding encryption mode according to the privacy priority corresponding to each field to be encrypted, and then carries out grading encryption on the fields to be encrypted.
Optionally, in the preferred embodiment of the present application, 3 priorities are set, and the levels from high to low are the first priority, the second priority and the third priority, so that in practical situations, the number of priorities may be increased or decreased, which is not limited in the present application.
As an alternative embodiment, performing hierarchical encryption on the field to be encrypted in an encryption manner matching the privacy priority includes: if the privacy priority of the field to be encrypted is the first priority, acquiring a first encryption mode corresponding to the first priority; and anonymizing the field to be encrypted according to the first encryption mode to obtain and store the first encryption field.
The application adopts anonymization treatment to the field to be encrypted with highest priority, and the specific anonymization treatment method comprises but is not limited to suppression, generalization, pseudonymization, shielding and the like.
For example, the to-be-encrypted field with the high privacy priority cannot obtain the original value to perform corresponding operation, and the to-be-encrypted field with the first priority is directly accessed into the privacy classification processing system in an anonymized mode, and finally falls on the third party joint computing platform.
It should be noted that, after encryption, both the third party and each data participant can only view anonymized data.
This way of direct anonymization, while the original field can no longer be identified by decryption, can be based on the encrypted data for some statistical measures such as the magnitude of the intersection, etc., i.e. this way of anonymization has no effect on some statistical level results.
As an alternative embodiment, performing hierarchical encryption on the field to be encrypted in an encryption manner matching the privacy priority includes: if the privacy priority of the field to be encrypted is the second priority, acquiring a second encryption mode corresponding to the first priority, wherein the second encryption mode comprises at least one encryption algorithm; and carrying out algorithm encryption on the field to be encrypted according to an encryption algorithm in the second encryption mode to obtain and store the second encryption field.
The application encrypts the field waiting for encryption with the priority level through a conventional encryption algorithm, and the specific encryption algorithm comprises the following steps: semi-homomorphic or homomorphic encryption algorithms. The privacy grading system can support the encryption algorithm which is currently mainstream in the market, and the data participants can select and configure according to actual requirements.
Illustratively, the field to be encrypted of the second priority requires encryption processing, and subsequently needs to participate in computation with an anonymous encryption value. After receiving the field to be encrypted, the privacy priority and the encryption mode (namely the calculation type) provided by the data participant, the third-party joint calculation platform encrypts the original data field by using a corresponding encryption algorithm, stores the encrypted data field in a privacy grading processing system, and the whole data encryption process is carried out in the data privacy grading processing system under the third-party joint calculation platform.
Preferably, the present application further provides a visualization system, after the account logs in, each data participant can view the encrypted data through the visualization interface, and the privacy hierarchical encryption system can keep the encryption record (including the encryption mode, the privacy priority of the data and other information) of each data, so that the user can query the encryption record of each data at the visualization interface.
Each data participant can log in the visualization system to view the corresponding desensitized data, and the data provider cannot view the original data.
As an alternative embodiment, performing hierarchical encryption on the field to be encrypted in an encryption manner matching the privacy priority includes: if the privacy priority of the field to be encrypted is the third priority, the field to be encrypted is not encrypted, and the field to be encrypted is directly stored as the third encryption field.
The application processes the field to be encrypted with the lowest priority in an unencrypted mode, namely, the field to be encrypted is displayed in a plaintext form.
Illustratively, the field to be encrypted of the third priority does not require encryption processing, and is subsequently required to participate in the calculation in the form of an original value. The third party joint computing platform can enter the privacy grading processing system in a plaintext form for storage after receiving the data fields, the privacy grade and the encryption mode provided by the data provider.
Each data participant can log in the visualization system to view the information of the corresponding data.
As an alternative embodiment, receiving an encrypted data packet sent by a data participant includes: under the condition that an encryption request sent by a target account of a data participant is detected, carrying out security verification on the target account; under the condition that the target account passes the security verification, a security channel is established; an encryption request is received over a secure channel and an encrypted data packet is extracted from the encryption request.
The data participator needs to register account number on the data privacy grading processing system, the data participator needs to log in own account number and password to perform various operations on the system, so before receiving encrypted data, the privacy grading system can verify the account number and password, and only if the verification is passed, a safety channel can be established to perform data transmission and the data to be encrypted is encrypted according to corresponding configuration.
Firstly, carrying out security verification. And then after the verification is passed, a safe and reliable channel is established, so that the data can be ensured to enter the system safely.
As an alternative embodiment, after hierarchical encryption of each field to be encrypted in the data to be encrypted according to the privacy priority and the encryption manner, the method further comprises: and if each field to be encrypted in the data to be encrypted is encrypted, deleting the data to be encrypted.
After the system performs encryption processing, the original data can be automatically deleted, so that the data security can be further ensured.
The system provided by the application also has a tracing function, the data can be classified according to the privacy priority, the data can be recorded and traced on the system, and the system can be used for configuring and checking the privacy classes of different data. Each time a request is made, information such as fields and encryption modes used by each data participant are recorded on the system, and the data provider can view the historical information.
The data hierarchical encryption method provided by the application can flexibly divide the privacy priority of the data and the fields in the data and configure the corresponding encryption mode under the condition of ensuring the data privacy; the security transmission channel is established, the data characteristics and configuration are uploaded to the platform, the data can be tracked and recorded, the security is ensured, meanwhile, the data processing link can be shortened maximally, the communication cost is saved, and the visual display of the data characteristics, the privacy level and the encryption mode on the system can be achieved.
The application provides a data hierarchical encryption method, which comprises the following steps: receiving an encrypted data packet sent by a data participant; extracting data to be encrypted, a privacy priority and an encryption mode corresponding to the privacy priority from an encryption data packet, wherein the privacy priority and the encryption mode are pre-configured by a data participant according to an application scene of the data to be encrypted; and carrying out hierarchical encryption on each field to be encrypted in the data to be encrypted according to the privacy priority and the encryption mode. According to the method, the privacy priority and the encryption mode of the data which are sent by the data participant and configured according to the application scene in advance are received, and then each field is encrypted in a grading manner in an encryption mode corresponding to the privacy priority of the field, so that the problem that the data cannot be encrypted in a grading manner according to the privacy requirement of the application scene is solved.
According to another aspect of the embodiment of the present application, the present application further provides a data hierarchical encryption device, which is applied to a privacy hierarchical system, where the privacy hierarchical system is disposed in a third party joint computing platform, as shown in fig. 2, and includes:
a receiving module 202, configured to receive an encrypted data packet sent by a data participant;
The extracting module 204 is configured to extract data to be encrypted, a privacy priority and an encryption mode corresponding to the privacy priority from the encrypted data packet, where the privacy priority and the encryption mode are preconfigured by the data participant according to an application scenario of the data to be encrypted;
the encryption module 206 is configured to perform hierarchical encryption on each field to be encrypted in the data to be encrypted according to the privacy priority and the encryption manner.
It should be noted that, the receiving module 202 in this embodiment may be used to perform step 101 in the embodiment of the present application, the extracting module 204 in this embodiment may be used to perform step 103 in the embodiment of the present application, and the encrypting module 206 in this embodiment may be used to perform step 105 in the embodiment of the present application.
Optionally, the encryption module 206 includes:
The acquisition sub-module is used for acquiring a plurality of fields to be encrypted in the data to be encrypted, wherein the fields to be encrypted are obtained by dividing the data to be encrypted in advance for a data participant;
the determining submodule is used for determining privacy priorities corresponding to the fields to be encrypted;
And the encryption sub-module is used for carrying out hierarchical encryption on the field to be encrypted according to an encryption mode matched with the privacy priority, wherein the privacy priority at least comprises a first priority, a second priority and a third priority from high to low.
Optionally, the encryption sub-module is further specifically configured to obtain a first encryption manner corresponding to the first priority if the privacy priority of the field to be encrypted is the first priority; and anonymizing the field to be encrypted according to the first encryption mode to obtain and store the first encryption field.
Optionally, the encryption sub-module is further specifically configured to obtain a second encryption mode corresponding to the first priority if the privacy priority of the field to be encrypted is a second priority, where the second encryption mode includes at least one encryption algorithm; and carrying out algorithm encryption on the field to be encrypted according to an encryption algorithm in the second encryption mode to obtain and store the second encryption field.
Optionally, the encryption sub-module is further specifically configured to, if the privacy priority of the field to be encrypted is the third priority, not encrypt the field to be encrypted, and directly store the field to be encrypted as the third encryption field.
Optionally, the receiving module 202 is further configured to perform security verification on the target account if an encryption request sent by the target account of the data participant is detected; under the condition that the target account passes the security verification, a security channel is established; an encryption request is received over a secure channel and an encrypted data packet is extracted from the encryption request.
Optionally, the device further includes a deletion module, configured to delete the data to be encrypted if each field to be encrypted in the data to be encrypted is encrypted after the fields to be encrypted in the data to be encrypted are encrypted in a hierarchical manner according to the privacy priority and the encryption mode.
It should be noted that the above modules are the same as examples and application scenarios implemented by the corresponding steps, but are not limited to what is disclosed in the above embodiments.
According to another aspect of the embodiment of the present application, as shown in fig. 3, the present application provides an electronic device, including a memory 31, a processor 32, a communication interface 33, and a communication bus 34, where the memory 31 stores a computer program that can be executed on the processor 32, and the memory 31, the processor 32 communicates with the communication interface 33 through the communication bus 34, and the processor 32 executes the steps of the method.
The memory and the processor in the electronic device communicate with the communication interface through a communication bus. The communication bus may be a peripheral component interconnect standard (PERIPHERAL COMPONENT INTERCONNECT, PCI) bus, or an extended industry standard architecture (Extended Industry Standard Architecture, EISA) bus, or the like. The communication bus may be classified as an address bus, a data bus, a control bus, or the like.
The memory may include random access memory (Random Access Memory, RAM) or may include non-volatile memory (non-volatile memory), such as at least one disk memory. Optionally, the memory may also be at least one memory device located remotely from the aforementioned processor.
The processor may be a general-purpose processor, including a central processing unit (Central Processing Unit, abbreviated as CPU), a network processor (Network Processor, abbreviated as NP), etc.; but may also be a digital signal processor (DIGITAL SIGNAL Processing, DSP), application Specific Integrated Circuit (ASIC), field-Programmable gate array (FPGA) or other Programmable logic device, discrete gate or transistor logic device, discrete hardware components.
According to another aspect of an embodiment of the present application, there is provided a computer readable medium having non-volatile program code executable by a processor, the program code causing the processor to perform the steps of any of the methods described above.
Optionally, in an embodiment of the present application, a computer readable medium is arranged to store program code for said processor to perform the above-mentioned method steps.
Alternatively, specific examples in this embodiment may refer to examples described in the foregoing embodiments, and this embodiment is not described herein.
When the embodiment of the application is specifically implemented, the above embodiments can be referred to, and the application has corresponding technical effects.
It is to be understood that the embodiments described herein may be implemented in hardware, software, firmware, middleware, microcode, or a combination thereof. For a hardware implementation, the Processing units may be implemented within one or more Application SPECIFIC INTEGRATED Circuits (ASICs), digital signal processors (DIGITAL SIGNAL Processing, DSPs), digital signal Processing devices (DSP DEVICE, DSPD), programmable logic devices (Programmable Logic Device, PLDs), field-Programmable gate arrays (Field-Programmable GATE ARRAY, FPGA), general purpose processors, controllers, micro-controllers, microprocessors, other electronic units for performing the functions described herein, or a combination thereof.
For a software implementation, the techniques described herein may be implemented by means of units that perform the functions described herein. The software codes may be stored in a memory and executed by a processor. The memory may be implemented within the processor or external to the processor.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
It will be clear to those skilled in the art that, for convenience and brevity of description, specific working procedures of the above-described systems, apparatuses and units may refer to corresponding procedures in the foregoing method embodiments, and are not repeated herein.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other manners. For example, the apparatus embodiments described above are merely illustrative, and for example, the division of the modules is merely a logical function division, and there may be additional divisions when actually implemented, for example, multiple modules or components may be combined or integrated into another system, or some features may be omitted or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or units, which may be in electrical, mechanical or other form.
The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in the embodiments of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer-readable storage medium. Based on such understanding, the technical solution of the embodiments of the present application may be embodied in essence or a part contributing to the prior art or a part of the technical solution, in the form of a software product stored in a storage medium, including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the method described in the embodiments of the present application. And the aforementioned storage medium includes: a usb disk, a removable hard disk, a ROM, a RAM, a magnetic disk, or an optical disk, etc. It should be noted that in this document, relational terms such as "first" and "second" and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The foregoing is only a specific embodiment of the application to enable those skilled in the art to understand or practice the application. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the application. Thus, the present application is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (10)
1. The data hierarchical encryption method is applied to a privacy grading system, and the privacy grading system is arranged in a third party joint computing platform and is characterized by comprising the following steps:
receiving an encrypted data packet sent by a data participant;
Extracting data to be encrypted, privacy priority and an encryption mode corresponding to the privacy priority from the encrypted data packet, wherein the privacy priority and the encryption mode are configured in advance by the data participant according to an application scene of the data to be encrypted, the privacy priority comprises a plurality of different grades, and the privacy priority of each grade corresponds to a specific encryption mode;
and carrying out hierarchical encryption on each field to be encrypted in the data to be encrypted according to the privacy priority and the encryption mode.
2. The method of claim 1, wherein said hierarchically encrypting each field of said data to be encrypted according to said privacy priority and said encryption scheme comprises:
Acquiring a plurality of fields to be encrypted in the data to be encrypted, wherein the fields to be encrypted are obtained by dividing the data to be encrypted in advance by the data participant;
determining the privacy priority corresponding to each field to be encrypted;
And carrying out hierarchical encryption on the field to be encrypted according to the encryption mode matched with the privacy priority, wherein the privacy priority at least comprises a first priority, a second priority and a third priority from high to low.
3. The method of claim 2, wherein said hierarchically encrypting the field to be encrypted in the encryption manner matching the privacy priority comprises:
If the privacy priority of the field to be encrypted is the first priority, acquiring a first encryption mode corresponding to the first priority;
And anonymizing the field to be encrypted according to the first encryption mode to obtain and store a first encryption field.
4. The method of claim 2, wherein said hierarchically encrypting the field to be encrypted in the encryption manner matching the privacy priority comprises:
If the privacy priority of the field to be encrypted is the second priority, a second encryption mode corresponding to the first priority is obtained, wherein the second encryption mode comprises at least one encryption algorithm;
and carrying out algorithm encryption on the field to be encrypted according to the encryption algorithm in the second encryption mode to obtain and store a second encryption field.
5. The method of claim 2, wherein said hierarchically encrypting the field to be encrypted in the encryption manner matching the privacy priority comprises:
and if the privacy priority of the field to be encrypted is the third priority, not encrypting, and directly storing the field to be encrypted as a third encryption field.
6. The method of claim 1, wherein receiving the encrypted data packets transmitted by the data participant comprises:
under the condition that an encryption request sent by a target account of the data participant is detected, carrying out security verification on the target account;
establishing a secure channel under the condition that the target account passes the secure verification;
and receiving the encryption request through the secure channel, and extracting the encrypted data packet from the encryption request.
7. The method of claim 1, wherein after hierarchically encrypting each field to be encrypted in the data to be encrypted according to the privacy priority and the encryption scheme, the method further comprises:
and if each field to be encrypted in the data to be encrypted is encrypted, deleting the data to be encrypted.
8. A data hierarchical encryption device applied to a privacy hierarchical system, wherein the privacy hierarchical system is arranged in a third party joint computing platform, and the data hierarchical encryption device is characterized by comprising:
The receiving module is used for receiving the encrypted data packet sent by the data participant;
The extraction module is used for extracting data to be encrypted, a privacy priority and an encryption mode corresponding to the privacy priority from the encrypted data packet, wherein the privacy priority and the encryption mode are pre-configured by the data participant according to an application scene of the data to be encrypted;
and the encryption module is used for carrying out hierarchical encryption on each field to be encrypted in the data to be encrypted according to the privacy priority and the encryption mode.
9. An electronic device comprising a memory, a processor, a communication interface and a communication bus, said memory storing a computer program executable on said processor, said memory, said processor communicating with said communication interface via said communication bus, characterized in that said processor, when executing said computer program, implements the steps of the method according to any of the preceding claims 1 to 7.
10. A computer readable medium having non-volatile program code executable by a processor, the program code causing the processor to perform the method of any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410425917.XA CN118018335A (en) | 2024-04-10 | 2024-04-10 | Data hierarchical encryption method, device, equipment and medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410425917.XA CN118018335A (en) | 2024-04-10 | 2024-04-10 | Data hierarchical encryption method, device, equipment and medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN118018335A true CN118018335A (en) | 2024-05-10 |
Family
ID=90960396
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202410425917.XA Pending CN118018335A (en) | 2024-04-10 | 2024-04-10 | Data hierarchical encryption method, device, equipment and medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN118018335A (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112583833A (en) * | 2020-12-14 | 2021-03-30 | 珠海格力电器股份有限公司 | Data encryption processing method and device, electronic equipment and storage medium |
| CN113946858A (en) * | 2021-12-20 | 2022-01-18 | 湖南丰汇银佳科技股份有限公司 | Identity security authentication method and system based on data privacy calculation |
| CN114499866A (en) * | 2022-04-08 | 2022-05-13 | 深圳致星科技有限公司 | Key hierarchical management method and device for federal learning and privacy calculation |
| CN114553491A (en) * | 2022-01-24 | 2022-05-27 | 大唐互联科技(武汉)有限公司 | Data grading encryption method, system and storage medium |
| CN114741728A (en) * | 2022-04-21 | 2022-07-12 | 蚂蚁区块链科技(上海)有限公司 | Method and device for protecting third-party identification category of private data |
| CN116070223A (en) * | 2021-11-01 | 2023-05-05 | 天津津淼科技有限公司 | Data transmission encryption method based on Android system client-to-server |
-
2024
- 2024-04-10 CN CN202410425917.XA patent/CN118018335A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112583833A (en) * | 2020-12-14 | 2021-03-30 | 珠海格力电器股份有限公司 | Data encryption processing method and device, electronic equipment and storage medium |
| CN116070223A (en) * | 2021-11-01 | 2023-05-05 | 天津津淼科技有限公司 | Data transmission encryption method based on Android system client-to-server |
| CN113946858A (en) * | 2021-12-20 | 2022-01-18 | 湖南丰汇银佳科技股份有限公司 | Identity security authentication method and system based on data privacy calculation |
| CN114553491A (en) * | 2022-01-24 | 2022-05-27 | 大唐互联科技(武汉)有限公司 | Data grading encryption method, system and storage medium |
| CN114499866A (en) * | 2022-04-08 | 2022-05-13 | 深圳致星科技有限公司 | Key hierarchical management method and device for federal learning and privacy calculation |
| CN114741728A (en) * | 2022-04-21 | 2022-07-12 | 蚂蚁区块链科技(上海)有限公司 | Method and device for protecting third-party identification category of private data |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108681966B (en) | Information supervision method and device based on block chain | |
| CN108900533B (en) | Shared data privacy protection method, system, terminal and medium | |
| EP3819855A1 (en) | Cross-block chain interaction method and system, computer device, and storage medium | |
| US9781109B2 (en) | Method, terminal device, and network device for improving information security | |
| US11528205B2 (en) | Tunneled monitoring service and method | |
| CN112131590A (en) | Database connection establishing method and device, computer equipment and storage medium | |
| CN112949545A (en) | Method, apparatus, computing device and medium for recognizing face image | |
| CN111046405B (en) | Data processing method, device, equipment and storage medium | |
| CN110266653B (en) | Authentication method, system and terminal equipment | |
| CN113343309B (en) | Natural person database privacy security protection method and device and terminal equipment | |
| CN113726515B (en) | UKEY-based key processing method, storage medium and electronic device | |
| CN108540591B (en) | Address book management method, address book management device and electronic equipment | |
| CN112636914B (en) | Identity verification method, identity verification device and smart card | |
| CN112423302A (en) | Wireless network access method, terminal and wireless access equipment | |
| CN117033012A (en) | Query method and device for interface call blacklist, electronic equipment and storage medium | |
| CN114567678B (en) | Resource calling method and device for cloud security service and electronic equipment | |
| CN118018335A (en) | Data hierarchical encryption method, device, equipment and medium | |
| CN115514523A (en) | Data security access system, method, device and medium based on zero trust system | |
| CN213122985U (en) | PIS authentication system | |
| CN115021908A (en) | Privacy removing method and device for triple composite function, computer equipment and medium | |
| CN114372092A (en) | Case collaborative search processing method, system, device and electronic equipment | |
| CN113052044A (en) | Method, apparatus, computing device, and medium for recognizing iris image | |
| CN113645025A (en) | Data encryption storage method, storage device, user equipment and storage medium | |
| CN113052045A (en) | Method, apparatus, computing device and medium for recognizing finger vein image | |
| CN111181831A (en) | Communication data processing method and device, storage medium and electronic device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |