WO2019024230A1 - Information encryption and decryption method and device, computer equipment and storage medium - Google Patents

Information encryption and decryption method and device, computer equipment and storage medium Download PDF

Info

Publication number
WO2019024230A1
WO2019024230A1 PCT/CN2017/104670 CN2017104670W WO2019024230A1 WO 2019024230 A1 WO2019024230 A1 WO 2019024230A1 CN 2017104670 W CN2017104670 W CN 2017104670W WO 2019024230 A1 WO2019024230 A1 WO 2019024230A1
Authority
WO
WIPO (PCT)
Prior art keywords
document
field
server
privacy
key string
Prior art date
Application number
PCT/CN2017/104670
Other languages
French (fr)
Chinese (zh)
Inventor
张玉强
Original Assignee
上海壹账通金融科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 上海壹账通金融科技有限公司 filed Critical 上海壹账通金融科技有限公司
Publication of WO2019024230A1 publication Critical patent/WO2019024230A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/045Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network

Definitions

  • the present application relates to the field of computer technologies, and in particular, to an information encryption and decryption method, apparatus, computer device, and storage medium.
  • Asymmetric encryption is more secure, but when a large amount of private information is involved in the transmitted document, the encryption and decryption time takes a long time and is slow. Therefore, asymmetric encryption is only suitable for encrypting a small amount of data.
  • Symmetric encryption requires a fixed key locally in the terminal. There is a certain security risk, and security cannot be guaranteed.
  • An information encryption method comprising:
  • the key string is randomly generated, and the generated key string is stored;
  • the generated key string is asymmetrically encrypted using a server public key pre-published by the server, and the encrypted key string is sent to the server;
  • An information decryption method comprising:
  • the key string is decrypted using the server private key and the decrypted document string is used to decrypt the document ciphertext such that the document displays a privacy field.
  • An information encryption device comprising:
  • a key string generating module configured to randomly generate a key string when the application is switched to the open state in the mobile terminal, and store the generated key string;
  • An asymmetric cryptographic module configured to: when the application sends a communication request to the server for the first time, asymmetrically encrypt the generated key string by using a server public key pre-published by the server, and encrypt the key character Sending a string to the server;
  • the request obtaining module is configured to obtain a document uploading request triggered by the user in the application interface
  • a symmetric cryptographic module configured to parse a document carried in the document uploading request, locate a privacy field in the document, and symmetrically encrypt the private field to generate a document ciphertext by using the randomly generated key string;
  • a document uploading module configured to upload the generated document ciphertext to the server, so that the server decrypts the uploaded document ciphertext according to the received encrypted key string and the server private key.
  • An information decryption device comprising:
  • a communication request receiving module configured to receive a communication request sent by an application in the mobile terminal, and obtain a key string carried in the communication request, the key string is randomly generated by the mobile terminal when the application is started, and is asymmetrically encrypted by a pre-published server public key;
  • a document ciphertext receiving module configured to receive a document uploading request sent by the mobile terminal, and obtain a document ciphertext carried in the document uploading request;
  • a document decryption module for decrypting a key string using a server private key and decrypting the document ciphertext using the decrypted key string to cause the document to display a privacy field.
  • a computer device comprising a memory and a processor, the memory storing computer readable instructions, the computer readable instructions being executed by the processor, causing the processor to perform the step of: detecting a mobile terminal When the application is switched to the on state, the key string is randomly generated, and the generated key string is stored;
  • the generated key string is asymmetrically encrypted using a server public key pre-published by the server, and the encrypted key string is sent to the server;
  • a computer device comprising a memory and a processor, wherein the memory stores computationally readable instructions, the computer readable instructions being executed by the processor such that the processor performs the following steps:
  • the key string is decrypted using the server private key and the decrypted document string is used to decrypt the document ciphertext such that the document displays a privacy field.
  • One or more computer readable non-volatile storage media storing computer readable instructions, computing When the machine readable instructions are executed by one or more processors, cause one or more processors to perform the following steps:
  • the key string is randomly generated, and the generated key string is stored;
  • the generated key string is asymmetrically encrypted using a server public key pre-published by the server, and the encrypted key string is sent to the server;
  • One or more computer readable non-volatile storage media storing computing readable instructions that, when executed by one or more processors, cause one or more processors to perform the steps of:
  • the key string is decrypted using the server private key and the decrypted document string is used to decrypt the document ciphertext such that the document displays a privacy field.
  • FIG. 1 is an application environment diagram of an information encryption method in an embodiment
  • FIG. 2 is a schematic diagram showing the internal structure of a mobile terminal in an embodiment
  • 3 is a flow chart of an information encryption method in an embodiment
  • FIG. 6 is a schematic diagram showing the internal structure of a server in an embodiment
  • FIG. 7 is a flow chart of a method for decrypting information in an embodiment
  • FIG. 8 is a flow chart of a method for decrypting information in another embodiment
  • FIG. 9 is a structural block diagram of an information encryption apparatus in an embodiment
  • FIG. 10 is a structural block diagram of a symmetric cryptographic module in one embodiment.
  • Figure 11 is a block diagram showing the structure of an information decrypting apparatus in an embodiment.
  • an application environment diagram of an information encryption method including a mobile terminal 110 and a server 120.
  • the mobile terminal 110 can communicate with the server 120 over a network.
  • the mobile terminal 110 may be at least one of a smart phone, a tablet computer, a notebook computer, a POS machine, and an in-vehicle computer, but is not limited thereto.
  • the server 120 may be an independent physical server or a server cluster composed of a plurality of physical servers. The mobile terminal 110 monitors whether the set application is switched to the on state, and if so, randomly generates a key string.
  • the mobile terminal 110 stores in advance a public key issued by the server, and the mobile terminal performs asymmetric encryption processing on the generated key string using the public key, and uploads the encrypted key string to the server for storage.
  • the mobile terminal application sends a document to the server, the document is symmetrically encrypted using the key string, and the encrypted document is sent to the server, and the server can use the pre-stored private key and the key string received from the mobile terminal.
  • the document uploaded by the mobile terminal is decrypted to perform corresponding document processing operations.
  • a mobile terminal is provided on which an application can be installed.
  • the mobile terminal includes a processor coupled through a system bus, an internal memory, a non-volatile storage medium, a network interface, a display screen, and an input device.
  • the processor is used to provide computing and control capabilities to support the operation of the entire mobile terminal.
  • the non-volatile storage medium of the mobile terminal stores an operating system and computer readable instructions executable by the processor to implement an information encryption method provided by the following embodiments.
  • the internal memory in the mobile terminal provides an environment for the operation of the operating system and computer readable instructions in the non-volatile storage medium.
  • the network interface is used to connect to the network for communication.
  • the display is used to display various interfaces, for example, to display the application interface.
  • the input device is a touch layer covered on the display screen for the user to input various control commands. For example, in this embodiment, the user can input an application open command and a document upload command.
  • FIG. 2 is only a block diagram of a part of the structure related to the solution of the present application, and does not constitute a limitation of the mobile terminal to which the solution of the present application is applied.
  • the mobile terminal may include more or fewer components than shown in the figures, or some components may be combined, or have different component arrangements.
  • FIG. 3 is a schematic flow chart of a method according to an embodiment of the present application. It should be understood that although the various steps in the flowchart of FIG. 3 are sequentially displayed as indicated by the arrows, these steps are not necessarily performed in the order indicated by the arrows. Except as explicitly stated herein, the execution of these steps is not strictly limited, and may be performed in other sequences. Moreover, at least some of the steps in FIG. 3 may include a plurality of sub-steps or stages, which are not necessarily performed at the same time, but may be executed at different times, and the order of execution thereof is not necessarily This may be performed in sequence, but may be performed alternately or alternately with other steps or at least a portion of the sub-steps or stages of the other steps.
  • an information encryption method is provided.
  • the method is applied to the mobile terminal shown in FIG. 2 as an example, and specifically includes the following steps:
  • Step S202 When it is detected that the application in the mobile terminal switches to the on state, the key string is randomly generated, and the generated key string is stored.
  • the mobile terminal monitors status information of the specified one or more applications, and when monitoring the application to switch from Not running to the open state (such as Active foreground active state or Background background) In the running state, the mobile terminal generates a key string according to the set random algorithm, and stores the generated key string in the memory.
  • Not running to the open state such as Active foreground active state or Background background
  • whether the application is switched to the on state can be determined by monitoring the user's triggering operation on the application. It is also possible to determine whether the program has been switched on by monitoring the log information of the application. Further, when the terminal is detected to be in a networked state, the state of the terminal application is monitored.
  • the generation time of the key string and the corresponding application identifier are also associated.
  • the format of the stored content may be: application A+ generation time + key string.
  • Step S204 When the application first sends a communication request to the server, the generated key string is asymmetrically encrypted using the server public key, and the encrypted key string is sent to the server.
  • the monitoring application requests communication with the server.
  • the application first requests communication with the server (eg, the application requests the login server)
  • the mobile terminal uses a pre-stored server public key for asymmetric encryption.
  • a randomly generated key string and the encrypted key string is sent to the server along with the established first communication channel. Send the encrypted key string to the server as requested by the login server.
  • the key string is stored in the memory, that is, the server public key is asymmetrically encrypted, and the encrypted key string is encrypted. storage.
  • the application communicates with the server for the first time, the stored encrypted key string is sent directly to the server along with the established communication channel to avoid slowing down the request.
  • Step S206 Acquire a document upload request triggered by the user in the application interface.
  • Step S208 Parsing the document carried in the document uploading request, locating the privacy field in the document, and symmetrically encrypting the privacy field using the randomly generated key string to generate the document ciphertext.
  • the documentation here can be software documentation written by developers, such as software requirements documents, test documents, and so on.
  • the information encryption method for the above documents is applied to the cloud backup of the development stage document. It can also be an interactive document between the application and the server, which can be a local document. If the user sends a local document to a friend, the upload server needs to be forwarded by the server to the specified friend.
  • the application boundary can be triggered.
  • the button in the face sends a document upload request to the server, and the document upload request carries the document identifier to be uploaded.
  • the document corresponding to the document identifier includes private information, and the private information may be phone number information, identity number information, and consumption information.
  • the mobile terminal can obtain the document to be uploaded according to the document identifier, and parse the document content in the document, and find the privacy information included in the document according to the set privacy information search rule to locate the privacy field corresponding to the privacy information, and use the randomly generated
  • the key string (a key string that is not asymmetrically encrypted by the server public key) encrypts the located privacy field to generate a document ciphertext. In the generated document ciphertext, only the privacy field is secretly displayed by the encrypted string, and other contents are displayed in the original plaintext.
  • the privacy information in the uploaded document may also be marked in advance, such as bold text or highlighting private information in a different color.
  • the mark of the privacy field can be removed or removed, and the configuration can be configured as needed.
  • Step S210 Upload the generated document ciphertext to the server, so that the server decrypts the uploaded document ciphertext according to the received encrypted key string and the server private key.
  • the document ciphertext can be decrypted by using the encrypted key string obtained from the mobile terminal to obtain the original plaintext document.
  • the step of decrypting the document ciphertext by the server is: first, decrypting the encrypted key string by using the server private key to obtain a key string; and then using the key string to decrypt the privacy field in the ciphertext of the document.
  • the key string is asymmetrically encrypted, the security of the key string is effectively ensured, and the asymmetric encryption and decryption is performed only for the key string with a small amount of data, which does not affect the encryption and decryption efficiency.
  • Symmetric encryption and decryption is used for the privacy field, and even if the number of privacy fields is large, it can be quickly encrypted and decrypted. That is to say, the information decryption method of the embodiment ensures the encryption and decryption efficiency and effectively protects the information security.
  • This embodiment implements an organic combination of symmetric encryption and asymmetric encryption, which not only enables fast encryption of a large number of privacy fields, but also a random dynamic key generation method combined with the security advantages of asymmetric encryption. Make the cloud transmission and storage of information more secure and reliable.
  • step S208: parsing the document carried in the document uploading request, locating the privacy field in the document, and symmetrically encrypting the private field using the randomly generated key string to generate the document ciphertext includes:
  • Step S302 Acquire a document to be uploaded according to the document uploading request, and parse the document using a tool that supports the document format to obtain the document content.
  • the mobile terminal acquires a document specified by the user and opens or recognizes the content of the document using a tool (such as Office software) that supports the format of the uploaded document.
  • a tool such as Office software
  • the document content is parsed using the Notepad program. If the document is in xlsx format, the content of the document is parsed using the excel table program.
  • Step S304 Search for the privacy field to be encrypted in the document content, obtain the location information of the privacy field, and collect the obtained location information to generate an extension field.
  • the attribute information of the privacy field is preset, and the privacy field included in the document content is searched according to the preset attribute information.
  • the attribute information of the privacy field may be a numeric string of a set number of bits, such as an 11-digit numeric string (mobile communication number), a 13-digit numeric string (ID number), or a set of sensitive text before/after setting.
  • the corresponding information at the byte such as the sensitive text is "user name", "password", the string that appears after the user name is the privacy field; it can also be a string including the set symbol, such as the symbol containing "$" Consumption information, account information, etc.
  • the method further includes: calling a tool supporting the document format to display the document to be uploaded, and acquiring a specified operation of the user, the specified operation specifying The privacy field to be encrypted in the document.
  • the privacy field is determined by the set attribute or the privacy field is determined according to the user's designation, after the privacy field is determined, the location information of the determined privacy field in the document content is obtained, and each privacy field corresponds to one location information.
  • the location information of the obtained privacy field is further collected in an extension field. That is, an extension field is generated, which includes location information of all privacy fields to be encrypted.
  • Step S306 symmetrically encrypt the privacy field and the extension in the document by using the randomly generated key string Field, generating document ciphertext and encrypted extension fields.
  • the determined privacy field is symmetrically encrypted using the key string generated in step S202 to generate a document ciphertext, and the generated extension field is also encrypted using a key string.
  • the content in the document is a format in which the field name corresponds to the field value.
  • the privacy field to be encrypted is a field value, that is, the field values zhangsan and 12345678910 after the equal sign are required to be encrypted.
  • step S304 searching for the privacy field to be encrypted in the document content, obtaining the location information of the privacy field, and collecting the obtained location information to generate an extension field, which is in this embodiment: Get the field name in the document, and all the field names obtained by the collection generate the extension field.
  • the information encryption method includes the following steps:
  • Step S402 When it is detected that the application in the mobile terminal switches to the on state, the key string is randomly generated, and the generated key string is stored.
  • Step S404 When the application first sends a communication request to the server, the generated key string is asymmetrically encrypted using the server public key, and the encrypted key string is sent to the server.
  • Step S406 Acquire a document uploading request triggered by the user in the application interface, where the document uploading request carries the document to be uploaded, wherein the document to be uploaded is in the format of the field value corresponding to the field name, and the privacy field to be encrypted is a field value;
  • Step S408 Parse the document with a tool that supports the document format to obtain the document content, obtain all the field names in the document, and generate an extension field for all the field names obtained by the collection.
  • Step S410 symmetrically encrypt the privacy field and the extension field by using the randomly generated key string to generate a document ciphertext and an encrypted extension field.
  • Step S412 Send the generated document ciphertext and the encrypted extension field to the server, so that the server decrypts the extension field to obtain a set of all field names, locate each privacy field in the document ciphertext by the field name, and locate the location.
  • the privacy field is decrypted to get the document clear text.
  • the server After receiving the encrypted document ciphertext and the encrypted extension field ⁇ xxx1xxx2 ⁇ , the server first decrypts the extended field by using the key string to generate the decrypted extended field ⁇ namephoneNumber ⁇ , and then performs the string in the extended field.
  • Word segmentation get two strings of name and phoneNumber, then find the document ciphertext, quickly locate the location in the document where name and phoneNumber are located, and then quickly locate the privacy fields xxxx1 and xxxx2 that will be encrypted in the document, and then the privacy of the location.
  • the field is decrypted to get zhangsan and 12345678910, and the obtained field value is inserted into the specified position in the document to generate the document plaintext.
  • the encrypted field in the document can be quickly located, thereby achieving fast and accurate decryption to obtain the original document.
  • the terminal does not need to perform privacy field name convention with the server, and the encryption and decryption of the privacy field is more flexible and efficient.
  • the information encryption method further includes the following steps: when detecting that the terminal application is switched from the open state to the logout state, the mobile terminal clears the stored key string of the application.
  • a server in one embodiment, as shown in FIG. 6, includes a processor coupled through a system bus, a non-volatile storage medium, an internal memory, and a network interface.
  • the non-volatile storage medium of the server stores an operating system and computer readable instructions for implementing an information decryption method suitable for a server.
  • This processor is used to provide computing and control capabilities to support the operation of the entire server.
  • the internal memory in the server provides an environment for the operation of an operating system and computer readable instructions in a non-volatile storage medium for network communication with the mobile terminal. It will be understood by those skilled in the art that the structure shown in FIG.
  • FIG. 6 is only a block diagram of a part of the structure related to the solution of the present application, and does not constitute a limitation on the server to which the solution of the present application is applied.
  • the specific server may include a ratio. More or fewer components are shown in the figures, or some components are combined, or have different component arrangements.
  • an information decryption method is provided, which is described by taking the above-mentioned server as an example, and specifically includes the following steps:
  • Step S502 Receive a communication request sent by the application in the mobile terminal, and obtain a key string carried in the communication request, where the key string is randomly generated by the mobile terminal when the application is started, and the pre-published server public key is not Symmetric encryption processing.
  • the server pre-generates a pair of key pairs, the server public key and the server private key.
  • the server pre-posts the server public key to the mobile terminal, and the mobile terminal stores the server public key.
  • the server receives a key string asymmetrically encrypted by the server public key sent by the mobile terminal, and the key string is randomly generated when the mobile terminal detects that the application is started.
  • Step S504 Receive a document upload request sent by the mobile terminal, and obtain a document ciphertext carried in the document upload request.
  • Step S506 Decrypt the key string using the private key pre-stored in the server, and decrypt the document ciphertext using the decrypted key string to cause the document to display the privacy field.
  • the server decrypts the key string using the server private key and decrypts the document ciphertext using the decrypted key string.
  • an organic combination of symmetric encryption and decryption and asymmetric encryption and decryption is realized, which not only can quickly encrypt and decrypt a large number of privacy fields, but also a random dynamic key generation method combined with the security advantage of asymmetric encryption and decryption to enable cloud transmission of information. And storage is more secure and reliable.
  • an information decryption method which specifically includes the following steps:
  • Step S602 Receive a communication request sent by the application in the mobile terminal, and obtain a key string carried in the communication request, where the key string is randomly generated by the mobile terminal when the application is started, and the pre-published server public key is not Symmetric encryption processing.
  • Step S604 Receive a document uploading request sent by the mobile terminal, obtain a document ciphertext carried in the document uploading request and an extended field encrypted by the key string, and expand the location information of the encrypted privacy field in the field document.
  • Step S606 Decrypt the key string using the server private key, and decrypt the extended field by using the decrypted key string to obtain the location information of the encrypted privacy field.
  • Step S608 Locating the privacy field in the ciphertext according to the location information, and using the decrypted key The string decrypts the located privacy field and gets the document plaintext showing the privacy field.
  • the encrypted field in the document can be quickly located, thereby achieving fast and accurate decryption to obtain the original document.
  • the terminal does not need to perform privacy field name convention with the server, and the encryption and decryption of the privacy field is more flexible and efficient.
  • an information encryption apparatus comprising:
  • the key string generating module 702 is configured to randomly generate a key string and store the generated key string when the application in the mobile terminal is detected to switch to the on state.
  • the asymmetric encryption module 704 is configured to asymmetrically encrypt the generated key string using the server public key pre-published by the server when the application sends the communication request to the server for the first time, and send the encrypted key string to the server.
  • the request obtaining module 706 is configured to obtain a document upload request triggered by the user in the application interface.
  • the symmetric encryption module 708 is configured to parse the document carried in the document upload request, locate the privacy field in the document, and use the randomly generated key string to symmetrically encrypt the privacy field to generate the document ciphertext.
  • the document uploading module 710 is configured to upload the generated document ciphertext to the server, so that the server decrypts the uploaded document ciphertext according to the received encrypted key string and the server private key.
  • the symmetric encryption module 708 includes:
  • the document parsing module 802 is configured to obtain a document to be uploaded according to a document uploading request, and parse the document to obtain the document content by using a tool that supports the document format.
  • the extended field generating module 804 is configured to search for a privacy field to be encrypted in the document content, obtain location information of the privacy field, and collect the obtained location information to generate an extension field.
  • the encryption module 806 is configured to symmetrically encrypt the privacy field and the extension field in the document by using the randomly generated key string to generate the document ciphertext and the encrypted extension field.
  • the document content is a format in which the field name corresponds to a field value; the privacy field to be encrypted is a field value.
  • the extended field generating module 804 is further configured to obtain all the field names in the document content, and generate all the field names in the set to generate the extended field.
  • the document uploading module 710 is further configured to send the generated document ciphertext and the encrypted extension field to the server, so that the server decrypts the extended field to obtain a set of all the field names, and the field name is determined. Each private field in the ciphertext of the document is decrypted and the private field of the location is decrypted to obtain the clear text of the document.
  • an information decryption apparatus comprising:
  • the communication request receiving module 902 is configured to receive a communication request sent by the application in the mobile terminal, and obtain a key string carried in the communication request, where the key string is randomly generated by the mobile terminal when the application is started, and is pre-advertised.
  • the server public key is asymmetrically encrypted.
  • the document ciphertext receiving module 904 is configured to receive a document uploading request sent by the mobile terminal, and obtain a document ciphertext carried in the document uploading request.
  • the document decryption module 906 is configured to decrypt the key string using the server private key and decrypt the document ciphertext using the decrypted key string to cause the document to display a privacy field.
  • the document upload request further carries an encrypted field that is encrypted
  • the document decryption module 906 is further configured to decrypt the key string by using the server private key, and decrypt the extended field by using the decrypted key string to obtain location information corresponding to the encrypted privacy field in the ciphertext of the document; and locate the document dense according to the location information.
  • the privacy field in the text decrypts the located privacy field using the decrypted key string to obtain a clear text of the document showing the privacy field.
  • a computer device which can be a mobile terminal, including a memory and a processor, the memory storing computer readable instructions, when executed by the processor, causing the processor to execute The following steps: when the application in the mobile terminal is detected to switch to the on state, the key string is randomly generated, and the generated key string is stored; when the application first sends a communication request to the server, the server is pre-published by the server.
  • the key string generated by asymmetrically encrypting the public key, and sending the encrypted key string to the server obtaining a document upload request triggered by the user in the application interface; parsing the document carried in the document upload request, and locating the document a privacy field, and using the randomly generated key string symmetrically encrypting the privacy field to generate a document ciphertext; and uploading the generated document ciphertext to the server so that the server receives the encrypted key string and the server private key according to the received Decrypt the uploaded document ciphertext.
  • the step of parsing the document carried in the document upload request by the computer device processor, locating the privacy field in the document, and symmetrically encrypting the privacy field using the randomly generated key string to generate the document ciphertext comprises: Get the documents to be uploaded according to the document upload request, use support
  • the document format tool parses the document to obtain the document content; finds the privacy field to be encrypted in the document content, obtains the location information of the privacy field, and aggregates the acquired location information to generate an extension field; and symmetrically encrypts the document by using the randomly generated key string In the privacy field and extension field, the document ciphertext and the encrypted extension field are generated.
  • the document content is a format in which the field name corresponds to the field value;
  • the privacy field to be encrypted is a field value;
  • the step of the computer device processor searching for the privacy field to be encrypted in the document content, obtaining the location information of the privacy field, and collecting the acquired location information to generate the extension field is: obtaining all the field names in the document content, and collecting the acquired All field names generate extension fields;
  • the step of uploading the generated document ciphertext by the computer device processor to the server, so that the server decrypts the uploaded document ciphertext according to the received encrypted key string and the server private key is: generating the generated document ciphertext And the encrypted extension field is sent to the server, so that the server decrypts the extended field to obtain a set of all the field names, locates each privacy field in the document ciphertext by the field name, and decrypts the located privacy field to obtain the document plaintext.
  • a computer device comprising a memory and a processor, the memory storing computer readable instructions, the computer readable instructions being executed by the processor, causing the processor to perform the following Step: receiving a communication request sent by the application in the mobile terminal, and acquiring a key string carried in the communication request, where the key string is randomly generated by the mobile terminal when the application is started, and the pre-published server public key is asymmetric Encrypting processing; receiving a document uploading request sent by the mobile terminal, acquiring a document ciphertext carried in the document uploading request; and decrypting the key string by using the server private key, and decrypting the document ciphertext by using the decrypted key string, so that The document shows the privacy field.
  • the document upload request further carries an encrypted field that is encrypted
  • the computer device processor performs decryption of the key string using the server private key and decrypts the document ciphertext using the decrypted key string, so that the document displays the privacy field by decrypting the key character using the server private key String, and decrypting the extended field by using the decrypted key string to obtain location information corresponding to the encrypted privacy field in the ciphertext of the document; locating the privacy field in the ciphertext of the document according to the location information, and decrypting the location using the decrypted key string Privacy field, get the privacy field The document is clear.
  • one or more computer readable non-volatile storage media having computer readable instructions, when executed by one or more processors, causing one or more processors Performing the following steps: when the application in the mobile terminal is detected to switch to the on state, the key string is randomly generated, and the generated key string is stored; when the application first sends a communication request to the server, the server pre-advertises The server public key asymmetrically encrypts the generated key string, and sends the encrypted key string to the server; obtains a document upload request triggered by the user in the application interface; parses the document carried in the document upload request, and locates the document In the privacy field, and using the randomly generated key string symmetrically encrypting the privacy field to generate the document ciphertext; and uploading the generated document ciphertext to the server, so that the server is based on the received encrypted key string and the server private The key decrypts the uploaded document ciphertext.
  • the step of parsing the document carried in the document upload request by the processor, locating the privacy field in the document, and symmetrically encrypting the privacy field using the randomly generated key string to generate the document ciphertext comprises: according to the document Uploading a request to obtain a document to be uploaded, parsing the document using a tool that supports the document format to obtain the document content; finding a privacy field to be encrypted in the document content, obtaining location information of the privacy field, and collecting the obtained location information to generate an extension field; and using The randomly generated key string symmetrically encrypts the privacy field and the extension field in the document, and generates a document ciphertext and an encrypted extension field.
  • the document content is a format in which the field name corresponds to the field value;
  • the privacy field to be encrypted is a field value;
  • the step of the processor performing the search for the privacy field to be encrypted in the document content, obtaining the location information of the privacy field, and collecting the acquired location information to generate the extension field is: obtaining all the field names in the document content, and collecting all the fields in the collection. Name generation extension field;
  • the step of uploading the generated document ciphertext to the server by the processor, so that the server decrypts the uploaded document ciphertext according to the received encrypted key string and the server private key is: the generated document ciphertext and encryption
  • the extended field is sent to the server, so that the server decrypts the extended field to obtain a set of all field names, and locates each privacy field in the document ciphertext by the field name, and determines The privacy field of the bit is decrypted to get the document plaintext.
  • one or more computer readable non-volatile storage media having stored readable instructions that, when executed by one or more processors, cause one or more processors
  • the following steps are performed: receiving a communication request sent by an application in the mobile terminal, and acquiring a key string carried in the communication request, where the key string is randomly generated by the mobile terminal when the application is started, and the pre-published server public key Asymmetric encryption processing; receiving a document upload request sent by the mobile terminal, acquiring a document ciphertext carried in the document upload request; and decrypting the key string by using the server private key, and decrypting the document ciphertext by using the decrypted key string, To make the document display a privacy field.
  • the document upload request further carries an encrypted field that is encrypted
  • the step of decrypting the key string by the processor using the server private key and decrypting the document ciphertext using the decrypted key string, so that the document displays the privacy field is: decrypting the key string using the server private key, And decrypting the extended field by using the decrypted key string to obtain location information corresponding to the encrypted privacy field in the ciphertext of the document; and locating the privacy field in the ciphertext according to the location information, and decrypting the located privacy by using the decrypted key string Field, get the document plaintext showing the privacy field.
  • the storage medium may be a non-volatile storage medium such as a magnetic disk, an optical disk, or a read-only memory (ROM). .

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

An information encryption method, comprising: when it is detected that an application program in a mobile terminal is switched to an ON state, randomly generating a secret key character string and storing the generated secret key character string; when the application program sends a communication request to a server for the first time, asymmetrically encrypting the generated secret key character string by using a server public key published by the server in advance and sending the encrypted secret key character string to the server; obtaining a document uploading request triggered by a user in an interface of the application program; parsing a document carried by the document uploading request, locating a privacy field in the document, and symmetrically encrypting the privacy filed by using the randomly generated secret key character string to generate a document ciphertext; and uploading the generated document ciphertext to the server, so that the server decrypts the uploaded document ciphertext on the basis of the received encrypted secret key character string and a server private key.

Description

信息加密解密方法、装置、计算机设备和存储介质Information encryption and decryption method, device, computer device and storage medium
本申请要求于2017年8月2日提交中国专利局、申请号为2017106533376、发明名称为“信息加密解密方法、装置、计算机设备和存储介质”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application claims the priority of the Chinese Patent Application filed on August 2, 2017, the Chinese Patent Application No. 2017106533376, entitled "Information Encryption and Decryption Method, Apparatus, Computer Equipment, and Storage Media", the entire contents of which are incorporated by reference. Combined in this application.
技术领域Technical field
本申请涉及计算机技术领域,特别是涉及一种信息加密解密方法、装置、计算机设备和存储介质。The present application relates to the field of computer technologies, and in particular, to an information encryption and decryption method, apparatus, computer device, and storage medium.
背景技术Background technique
随着互联网的发展以及云计算的应用,越来越多的人趋向于将数据存储在云端。然而在这些数据中经常包含一些敏感信息,为了保护数据的隐私,需要对敏感的隐私信息进行加密处理。With the development of the Internet and the application of cloud computing, more and more people tend to store data in the cloud. However, these data often contain sensitive information. In order to protect the privacy of the data, sensitive private information needs to be encrypted.
传统的数据加密方法包括对称加密和非对称加密。非对称加密安全性更好,但当传输的文档中涉及大量的隐私信息时,加密解密时间花费较长,速度慢。因此,非对称加密仅适合对少量数据进行加密,而对称加密需要在终端本地固定秘钥,存在一定的安全风险,安全性不能保证。Traditional data encryption methods include symmetric encryption and asymmetric encryption. Asymmetric encryption is more secure, but when a large amount of private information is involved in the transmitted document, the encryption and decryption time takes a long time and is slow. Therefore, asymmetric encryption is only suitable for encrypting a small amount of data. Symmetric encryption requires a fixed key locally in the terminal. There is a certain security risk, and security cannot be guaranteed.
发明内容Summary of the invention
基于此,有必要提供一种加密解密方法、装置、计算机设备和存储介质。Based on this, it is necessary to provide an encryption and decryption method, apparatus, computer device, and storage medium.
一种信息加密方法,所述方法包括:An information encryption method, the method comprising:
当监测到移动终端中应用程序切换至开启状态时,随机生成密钥字符串,并存储生成的所述密钥字符串;When it is detected that the application in the mobile terminal switches to the on state, the key string is randomly generated, and the generated key string is stored;
当所述应用程序首次向服务器发送通信请求时,使用服务器预先公布的服务器公钥非对称加密生成的所述密钥字符串,并将加密后的所述密钥字符串发送至所述服务器; When the application sends a communication request to the server for the first time, the generated key string is asymmetrically encrypted using a server public key pre-published by the server, and the encrypted key string is sent to the server;
获取用户在所述应用程序界面中触发的文档上传请求;Obtaining a document upload request triggered by the user in the application interface;
解析所述文档上传请求中携带的文档,定位所述文档中的隐私字段,并使用随机生成的所述密钥字符串对称加密所述隐私字段生成文档密文;及Parsing a document carried in the document upload request, locating a privacy field in the document, and symmetrically encrypting the privacy field to generate a document ciphertext by using the randomly generated key string; and
将生成的所述文档密文上传至所述服务器,以使所述服务器根据接收的加密后的所述密钥字符串和服务器私钥解密上传的所述文档密文。And uploading the generated document ciphertext to the server, so that the server decrypts the uploaded document ciphertext according to the received encrypted key string and the server private key.
一种信息解密方法,所述方法包括:An information decryption method, the method comprising:
接收移动终端中应用程序发送的通信请求,获取所述通信请求中携带的密钥字符串,所述密钥字符串是所述移动终端在所述应用程序开启时随机生成的,且经预先公布的服务器公钥非对称加密处理;Receiving a communication request sent by the application in the mobile terminal, and acquiring a key string carried in the communication request, where the key string is randomly generated by the mobile terminal when the application is started, and is pre-announced Server public key asymmetric encryption processing;
接收所述移动终端发送的文档上传请求,获取所述文档上传请求中携带的文档密文;及Receiving a document upload request sent by the mobile terminal, and acquiring a document ciphertext carried in the document upload request; and
使用服务器私钥解密所述密钥字符串,并使用解密后的所述密钥字符串解密所述文档密文,以使所述文档显示出隐私字段。The key string is decrypted using the server private key and the decrypted document string is used to decrypt the document ciphertext such that the document displays a privacy field.
一种信息加密装置,所述装置包括:An information encryption device, the device comprising:
密钥字符串生成模块,用于当监测到移动终端中应用程序切换至开启状态时,随机生成密钥字符串,并存储生成的所述密钥字符串;a key string generating module, configured to randomly generate a key string when the application is switched to the open state in the mobile terminal, and store the generated key string;
非对称加密模块,用于当所述应用程序首次向服务器发送通信请求时,使用服务器预先公布的服务器公钥非对称加密生成的所述密钥字符串,并将加密后的所述密钥字符串发送至所述服务器;An asymmetric cryptographic module, configured to: when the application sends a communication request to the server for the first time, asymmetrically encrypt the generated key string by using a server public key pre-published by the server, and encrypt the key character Sending a string to the server;
请求获取模块,用于获取用户在所述应用程序界面中触发的文档上传请求;The request obtaining module is configured to obtain a document uploading request triggered by the user in the application interface;
对称加密模块,用于解析所述文档上传请求中携带的文档,定位所述文档中的隐私字段,并使用随机生成的所述密钥字符串对称加密所述隐私字段生成文档密文;及a symmetric cryptographic module, configured to parse a document carried in the document uploading request, locate a privacy field in the document, and symmetrically encrypt the private field to generate a document ciphertext by using the randomly generated key string; and
文档上传模块,用于将生成的所述文档密文上传至所述服务器,以使所述服务器根据接收的加密后的所述密钥字符串和服务器私钥解密上传的所述文档密文。And a document uploading module, configured to upload the generated document ciphertext to the server, so that the server decrypts the uploaded document ciphertext according to the received encrypted key string and the server private key.
一种信息解密装置,该装置包括:An information decryption device, the device comprising:
通信请求接收模块,用于接收移动终端中应用程序发送的通信请求,获取 通信请求中携带的密钥字符串,密钥字符串是移动终端在应用程序开启时随机生成的,且经预先公布的服务器公钥非对称加密处理;a communication request receiving module, configured to receive a communication request sent by an application in the mobile terminal, and obtain a key string carried in the communication request, the key string is randomly generated by the mobile terminal when the application is started, and is asymmetrically encrypted by a pre-published server public key;
文档密文接收模块,用于接收移动终端发送的文档上传请求,获取文档上传请求中携带的文档密文;及a document ciphertext receiving module, configured to receive a document uploading request sent by the mobile terminal, and obtain a document ciphertext carried in the document uploading request;
文档解密模块,用于使用服务器私钥解密密钥字符串,并使用解密后的密钥字符串解密文档密文,以使文档显示出隐私字段。A document decryption module for decrypting a key string using a server private key and decrypting the document ciphertext using the decrypted key string to cause the document to display a privacy field.
一种计算机设备,包括存储器和处理器,所述存储器中储存有计算机可读指令,所述计算机可读指令被所述处理器执行时,使得所述处理器执行以下步骤:当监测到移动终端中应用程序切换至开启状态时,随机生成密钥字符串,并存储生成的所述密钥字符串;A computer device comprising a memory and a processor, the memory storing computer readable instructions, the computer readable instructions being executed by the processor, causing the processor to perform the step of: detecting a mobile terminal When the application is switched to the on state, the key string is randomly generated, and the generated key string is stored;
当所述应用程序首次向服务器发送通信请求时,使用服务器预先公布的服务器公钥非对称加密生成的所述密钥字符串,并将加密后的所述密钥字符串发送至所述服务器;When the application sends a communication request to the server for the first time, the generated key string is asymmetrically encrypted using a server public key pre-published by the server, and the encrypted key string is sent to the server;
获取用户在所述应用程序界面中触发的文档上传请求;Obtaining a document upload request triggered by the user in the application interface;
解析所述文档上传请求中携带的文档,定位所述文档中的隐私字段,并使用随机生成的所述密钥字符串对称加密所述隐私字段生成文档密文;及Parsing a document carried in the document upload request, locating a privacy field in the document, and symmetrically encrypting the privacy field to generate a document ciphertext by using the randomly generated key string; and
将生成的所述文档密文上传至所述服务器,以使所述服务器根据接收的加密后的所述密钥字符串和服务器私钥解密上传的所述文档密文。And uploading the generated document ciphertext to the server, so that the server decrypts the uploaded document ciphertext according to the received encrypted key string and the server private key.
一种计算机设备,包括存储器及处理器,所述存储器中储存有计算可读指令,所述计算可读指令被所述处理器执行时,使得所述处理器执行以下步骤:A computer device comprising a memory and a processor, wherein the memory stores computationally readable instructions, the computer readable instructions being executed by the processor such that the processor performs the following steps:
接收移动终端中应用程序发送的通信请求,获取所述通信请求中携带的密钥字符串,所述密钥字符串是所述移动终端在所述应用程序开启时随机生成的,且经预先公布的服务器公钥非对称加密处理;Receiving a communication request sent by the application in the mobile terminal, and acquiring a key string carried in the communication request, where the key string is randomly generated by the mobile terminal when the application is started, and is pre-announced Server public key asymmetric encryption processing;
接收所述移动终端发送的文档上传请求,获取所述文档上传请求中携带的文档密文;及Receiving a document upload request sent by the mobile terminal, and acquiring a document ciphertext carried in the document upload request; and
使用服务器私钥解密所述密钥字符串,并使用解密后的所述密钥字符串解密所述文档密文,以使所述文档显示出隐私字段。The key string is decrypted using the server private key and the decrypted document string is used to decrypt the document ciphertext such that the document displays a privacy field.
一个或多个存储有计算机可读指令的计算机可读非易失性存储介质,计算 机可读指令被一个或多个处理器执行时,使得一个或多个处理器执行以下步骤:One or more computer readable non-volatile storage media storing computer readable instructions, computing When the machine readable instructions are executed by one or more processors, cause one or more processors to perform the following steps:
当监测到移动终端中应用程序切换至开启状态时,随机生成密钥字符串,并存储生成的所述密钥字符串;When it is detected that the application in the mobile terminal switches to the on state, the key string is randomly generated, and the generated key string is stored;
当所述应用程序首次向服务器发送通信请求时,使用服务器预先公布的服务器公钥非对称加密生成的所述密钥字符串,并将加密后的所述密钥字符串发送至所述服务器;When the application sends a communication request to the server for the first time, the generated key string is asymmetrically encrypted using a server public key pre-published by the server, and the encrypted key string is sent to the server;
获取用户在所述应用程序界面中触发的文档上传请求;Obtaining a document upload request triggered by the user in the application interface;
解析所述文档上传请求中携带的文档,定位所述文档中的隐私字段,并使用随机生成的所述密钥字符串对称加密所述隐私字段生成文档密文;及Parsing a document carried in the document upload request, locating a privacy field in the document, and symmetrically encrypting the privacy field to generate a document ciphertext by using the randomly generated key string; and
将生成的所述文档密文上传至所述服务器,以使所述服务器根据接收的加密后的所述密钥字符串和服务器私钥解密上传的所述文档密文。And uploading the generated document ciphertext to the server, so that the server decrypts the uploaded document ciphertext according to the received encrypted key string and the server private key.
一个或多个存储有计算可读指令的计算机可读非易失性存储介质,计算可读指令被一个或多个处理器执行时,使得一个或多个处理器执行以下步骤:One or more computer readable non-volatile storage media storing computing readable instructions that, when executed by one or more processors, cause one or more processors to perform the steps of:
接收移动终端中应用程序发送的通信请求,获取所述通信请求中携带的密钥字符串,所述密钥字符串是所述移动终端在所述应用程序开启时随机生成的,且经预先公布的服务器公钥非对称加密处理;Receiving a communication request sent by the application in the mobile terminal, and acquiring a key string carried in the communication request, where the key string is randomly generated by the mobile terminal when the application is started, and is pre-announced Server public key asymmetric encryption processing;
接收所述移动终端发送的文档上传请求,获取所述文档上传请求中携带的文档密文;及Receiving a document upload request sent by the mobile terminal, and acquiring a document ciphertext carried in the document upload request; and
使用服务器私钥解密所述密钥字符串,并使用解密后的所述密钥字符串解密所述文档密文,以使所述文档显示出隐私字段。The key string is decrypted using the server private key and the decrypted document string is used to decrypt the document ciphertext such that the document displays a privacy field.
本申请的一个或多个实施例的细节在下面的附图和描述中提出。本申请的其它特征和优点将从说明书、附图以及权利要求书变得明显。Details of one or more embodiments of the present application are set forth in the accompanying drawings and description below. Other features and advantages of the present invention will be apparent from the description, drawings and claims.
附图说明DRAWINGS
为了更清楚地说明本申请实施例中的技术方案,下面将对实施例中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本申请的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其它的附图。 In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings to be used in the embodiments will be briefly described below. Obviously, the drawings in the following description are only some embodiments of the present application, Those skilled in the art can also obtain other drawings based on these drawings without any creative work.
图1为一个实施例中信息加密方法的应用环境图;1 is an application environment diagram of an information encryption method in an embodiment;
图2为一个实施例中移动终端的内部结构示意图;2 is a schematic diagram showing the internal structure of a mobile terminal in an embodiment;
图3为一个实施例中信息加密方法的流程图;3 is a flow chart of an information encryption method in an embodiment;
图4为一个实施例中对文档进行加密处理时所涉及的流程图;4 is a flow chart involved in encrypting a document in an embodiment;
图5为另一个实施例中信息加密方法的流程图;5 is a flow chart of an information encryption method in another embodiment;
图6为一个实施例中服务器的内部结构示意图;6 is a schematic diagram showing the internal structure of a server in an embodiment;
图7为一个实施例中信息解密方法的流程图;7 is a flow chart of a method for decrypting information in an embodiment;
图8为另一个实施例中信息解密方法的流程图;8 is a flow chart of a method for decrypting information in another embodiment;
图9为一个实施例中信息加密装置的结构框图;9 is a structural block diagram of an information encryption apparatus in an embodiment;
图10为一个实施例中对称加密模块所涉及的结构框图;及10 is a structural block diagram of a symmetric cryptographic module in one embodiment; and
图11为一个实施例中信息解密装置的结构框图。Figure 11 is a block diagram showing the structure of an information decrypting apparatus in an embodiment.
具体实施方式Detailed ways
为了使本申请的技术方案及优点更加清楚明白,以下结合附图及实施例,对本申请进行进一步详细说明。应当理解,此处所描述的具体实施例仅仅用以解释本申请,并不用于限定本申请。In order to make the technical solutions and advantages of the present application more clear, the present application will be further described in detail below with reference to the accompanying drawings and embodiments. It is understood that the specific embodiments described herein are merely illustrative of the application and are not intended to be limiting.
如图1所示,在一个实施例中,提供了一种信息加密方法的应用环境图,该应用环境图包括移动终端110和服务器120。移动终端110可通过网络与服务器120通信。移动终端110可以是智能手机、平板电脑、笔记本电脑、POS机、车载电脑中的至少一种,但并不局限于此。服务器120可以是独立的物理服务器,也可以是多个物理服务器构成的服务器集群。移动终端110监控设定的应用程序是否切换至开启状态,若是,则随机生成密钥字符串。移动终端110中预先存储有服务器发布的公钥,移动终端使用公钥对生成的密钥字符串进行非对称加密处理,并将加密处理后的密钥字符串上传至服务器存储。当移动终端应用向服务器发送文档时,使用密钥字符串对文档进行对称加密,并将加密后的文档发送至服务器,服务器可使用预先存储的私钥以及从移动终端接收到的密钥字符串对移动终端上传的文档进行解密,以开展相应的文档处理操作。 As shown in FIG. 1, in one embodiment, an application environment diagram of an information encryption method is provided, the application environment diagram including a mobile terminal 110 and a server 120. The mobile terminal 110 can communicate with the server 120 over a network. The mobile terminal 110 may be at least one of a smart phone, a tablet computer, a notebook computer, a POS machine, and an in-vehicle computer, but is not limited thereto. The server 120 may be an independent physical server or a server cluster composed of a plurality of physical servers. The mobile terminal 110 monitors whether the set application is switched to the on state, and if so, randomly generates a key string. The mobile terminal 110 stores in advance a public key issued by the server, and the mobile terminal performs asymmetric encryption processing on the generated key string using the public key, and uploads the encrypted key string to the server for storage. When the mobile terminal application sends a document to the server, the document is symmetrically encrypted using the key string, and the encrypted document is sent to the server, and the server can use the pre-stored private key and the key string received from the mobile terminal. The document uploaded by the mobile terminal is decrypted to perform corresponding document processing operations.
如图2所示,在一个实施例中,提供了一种移动终端,该移动终端上可安装应用程序。该移动终端包括通过系统总线连接的处理器、内存储器、非易失性存储介质、网络接口、显示屏和输入装置。其中,该处理器用于提供计算和控制能力,支撑整个移动终端的运行。该移动终端的非易失性存储介质存储有操作系统和计算机可读指令,该计算机可读指令可被处理器所执行以实现以下各实施例所提供的一种信息加密方法。移动终端中的内存储器为非易失性存储介质中的操作系统和计算机可读指令的运行提供环境。网络接口用于连接到网络进行通信。显示屏用于显示各种界面,比如,可显示应用程序界面。输入装置为显示屏上覆盖的触摸层,用于供用户输入各种控制指令,例如,在本实施例中,可供用户输入应用程序开启指令以及文档上传指令等。As shown in FIG. 2, in one embodiment, a mobile terminal is provided on which an application can be installed. The mobile terminal includes a processor coupled through a system bus, an internal memory, a non-volatile storage medium, a network interface, a display screen, and an input device. The processor is used to provide computing and control capabilities to support the operation of the entire mobile terminal. The non-volatile storage medium of the mobile terminal stores an operating system and computer readable instructions executable by the processor to implement an information encryption method provided by the following embodiments. The internal memory in the mobile terminal provides an environment for the operation of the operating system and computer readable instructions in the non-volatile storage medium. The network interface is used to connect to the network for communication. The display is used to display various interfaces, for example, to display the application interface. The input device is a touch layer covered on the display screen for the user to input various control commands. For example, in this embodiment, the user can input an application open command and a document upload command.
本领域技术人员可以理解,图2中示出的移动终端的结构,仅仅是与本申请方案相关的部分结构的框图,并不构成对本申请方案所应用于其上的移动终端的限定,具体的移动终端可以包括比图中所示更多或更少的部件,或者组合某些部件,或者具有不同的部件布置。A person skilled in the art can understand that the structure of the mobile terminal shown in FIG. 2 is only a block diagram of a part of the structure related to the solution of the present application, and does not constitute a limitation of the mobile terminal to which the solution of the present application is applied. The mobile terminal may include more or fewer components than shown in the figures, or some components may be combined, or have different component arrangements.
图3为本申请一个实施例的方法的流程示意图。应该理解的是,虽然图3的流程图中的各个步骤按照箭头的指示依次显示,但是这些步骤并不是必然按照箭头指示的顺序依次执行。除非本文中有明确的说明,这些步骤的执行并没有严格的顺序限制,其可以以其他的顺序执行。而且,图3中的至少一部分步骤可以包括多个子步骤或者多个阶段,这些子步骤或者阶段并不必然是在同一时刻执行完成,而是可以在不同的时刻执行,其执行顺序也不必然是依次进行,而是可以与其他步骤或者其他步骤的子步骤或者阶段的至少一部分轮流或者交替地执行。3 is a schematic flow chart of a method according to an embodiment of the present application. It should be understood that although the various steps in the flowchart of FIG. 3 are sequentially displayed as indicated by the arrows, these steps are not necessarily performed in the order indicated by the arrows. Except as explicitly stated herein, the execution of these steps is not strictly limited, and may be performed in other sequences. Moreover, at least some of the steps in FIG. 3 may include a plurality of sub-steps or stages, which are not necessarily performed at the same time, but may be executed at different times, and the order of execution thereof is not necessarily This may be performed in sequence, but may be performed alternately or alternately with other steps or at least a portion of the sub-steps or stages of the other steps.
如图3所示,在一个实施例中,提供了一种信息加密方法,该方法以应用到如图2所示的移动终端中为例进行说明,具体包括如下步骤:As shown in FIG. 3, in an embodiment, an information encryption method is provided. The method is applied to the mobile terminal shown in FIG. 2 as an example, and specifically includes the following steps:
步骤S202:当监测到移动终端中应用程序切换至开启状态时,随机生成密钥字符串,并存储生成的密钥字符串。Step S202: When it is detected that the application in the mobile terminal switches to the on state, the key string is randomly generated, and the generated key string is stored.
移动终端监控指定的一个或者多个应用程序的状态信息,当监控到应用程序从Not running切换到开启状态(如Active前台活跃状态或者Background后台 运行状态)时,移动终端按照设定的随机算法生成密钥字符串,并将生成的密钥字符串存储在内存中。The mobile terminal monitors status information of the specified one or more applications, and when monitoring the application to switch from Not running to the open state (such as Active foreground active state or Background background) In the running state, the mobile terminal generates a key string according to the set random algorithm, and stores the generated key string in the memory.
在一个实施例中,可通过监控用户对应用程序的触发操作判断应用是否切换至开启状态。还可以通过监控应用程序的日志信息判断程序是否切换到了开启状态。进一步的,当检测到终端处于连网状态时,才对终端应用的状态进行监控。In one embodiment, whether the application is switched to the on state can be determined by monitoring the user's triggering operation on the application. It is also possible to determine whether the program has been switched on by monitoring the log information of the application. Further, when the terminal is detected to be in a networked state, the state of the terminal application is monitored.
在一个实施例中,在内存中存储密钥字符串时,还关联存储该密钥字符串的生成时间和对应的应用程序标识。举例来说,存储内容的格式可以是:应用程序A+生成时间+密钥字符串。In one embodiment, when the key string is stored in memory, the generation time of the key string and the corresponding application identifier are also associated. For example, the format of the stored content may be: application A+ generation time + key string.
步骤S204:当应用程序首次向服务器发送通信请求时,使用服务器公钥非对称加密生成的密钥字符串,并将加密后的密钥字符串发送至服务器。Step S204: When the application first sends a communication request to the server, the generated key string is asymmetrically encrypted using the server public key, and the encrypted key string is sent to the server.
以切换至开启状态的时间为起点,监控应用程序是否请求与服务器进行通信,当应用程序首次请求与服务器通信时(如应用程序请求登录服务器),移动终端使用预先存储的服务器公钥非对称加密随机生成的密钥字符串,并将加密后的密钥字符串随建立的首次通信通道发送至服务器。如随登录服务器请求将加密后的密钥字符串发送至服务器。Starting with the time to switch to the on state, the monitoring application requests communication with the server. When the application first requests communication with the server (eg, the application requests the login server), the mobile terminal uses a pre-stored server public key for asymmetric encryption. A randomly generated key string and the encrypted key string is sent to the server along with the established first communication channel. Send the encrypted key string to the server as requested by the login server.
在一个实施例中,还可以在生成密钥字符串后,对密钥字符串进行内存存储前,即获取服务器公钥对密钥字符串进行非对称加密,对加密后的密钥字符串进行存储。当应用程序与服务器首次通信时,直接将存储的加密后的密钥字符串随建立的通信通道发送至服务器,以避免拖慢请求的效率。In an embodiment, after the key string is generated, the key string is stored in the memory, that is, the server public key is asymmetrically encrypted, and the encrypted key string is encrypted. storage. When the application communicates with the server for the first time, the stored encrypted key string is sent directly to the server along with the established communication channel to avoid slowing down the request.
步骤S206:获取用户在应用程序界面中触发的文档上传请求。Step S206: Acquire a document upload request triggered by the user in the application interface.
步骤S208:解析文档上传请求中携带的文档,定位文档中的隐私字段,并使用随机生成的密钥字符串对称加密隐私字段生成文档密文。Step S208: Parsing the document carried in the document uploading request, locating the privacy field in the document, and symmetrically encrypting the privacy field using the randomly generated key string to generate the document ciphertext.
这里的文档可以是开发人员撰写的软件文档,如软件需求文档、测试文档等。针对上述文档的信息加密方法应用于开发阶段文档的云端备份。也可以是在应用程序与服务器之间的交互文档,可以是本地文档。如用户将本地文档发送给好友,需要上传服务器由服务器转发至指定好友。The documentation here can be software documentation written by developers, such as software requirements documents, test documents, and so on. The information encryption method for the above documents is applied to the cloud backup of the development stage document. It can also be an interactive document between the application and the server, which can be a local document. If the user sends a local document to a friend, the upload server needs to be forwarded by the server to the specified friend.
当用户需要将应用程序中的数据上传至服务器时,可通过触发应用程序界 面中的按钮,向服务器发送文档上传请求,该文档上传请求中携带待上传的文档标识。在本实施例中,文档标识对应的文档中包含有隐私信息,该隐私信息可以是电话号码信息、身份编号信息以及消费信息等。When the user needs to upload the data in the application to the server, the application boundary can be triggered. The button in the face sends a document upload request to the server, and the document upload request carries the document identifier to be uploaded. In this embodiment, the document corresponding to the document identifier includes private information, and the private information may be phone number information, identity number information, and consumption information.
移动终端可根据文档标识获取待上传的文档,并解析文档中得到文档内容,按照设定的隐私信息查找规则查找文档中所包含的隐私信息以定位隐私信息对应的隐私字段,并使用随机生成的密钥字符串(未经服务器公钥非对称加密的密钥字符串)对定位的隐私字段进行加密,生成文档密文。生成的文档密文中仅隐私字段以加密后形成的字符串进行隐秘显示,其他内容均以原始明文的形式显示。The mobile terminal can obtain the document to be uploaded according to the document identifier, and parse the document content in the document, and find the privacy information included in the document according to the set privacy information search rule to locate the privacy field corresponding to the privacy information, and use the randomly generated The key string (a key string that is not asymmetrically encrypted by the server public key) encrypts the located privacy field to generate a document ciphertext. In the generated document ciphertext, only the privacy field is secretly displayed by the encrypted string, and other contents are displayed in the original plaintext.
在一个实施例中,还可以预先对待上传的文档中的隐私信息进行标记,如文字加粗或者以不同的颜色突出显示隐私信息等。在定位文档中的隐私字段时,只需查找标记位置即可。对隐私字段进行加密后,可去除隐私字段的标记也可以不去除,具体可根据需要进行配置。In one embodiment, the privacy information in the uploaded document may also be marked in advance, such as bold text or highlighting private information in a different color. When locating the privacy field in a document, just look up the tag location. After the privacy field is encrypted, the mark of the privacy field can be removed or removed, and the configuration can be configured as needed.
步骤S210:将生成的文档密文上传至服务器,以使服务器根据接收的加密后的密钥字符串和服务器私钥解密上传的文档密文。Step S210: Upload the generated document ciphertext to the server, so that the server decrypts the uploaded document ciphertext according to the received encrypted key string and the server private key.
将生成的文档密文上传至服务器,以使服务器进行存储备份。当服务器需要对上传的文档进行相应的数据处理时,可通过从移动终端获取的加密后的密钥字符串对文档密文进行解密以获取原始明文文档。Upload the generated document ciphertext to the server for the server to perform a storage backup. When the server needs to perform corresponding data processing on the uploaded document, the document ciphertext can be decrypted by using the encrypted key string obtained from the mobile terminal to obtain the original plaintext document.
具体的,服务器解密文档密文的步骤为:首先使用服务器私钥对加密的密钥字符串进行解密,得到密钥字符串;再使用密钥字符串对文档密文中的隐私字段进行解密。Specifically, the step of decrypting the document ciphertext by the server is: first, decrypting the encrypted key string by using the server private key to obtain a key string; and then using the key string to decrypt the privacy field in the ciphertext of the document.
由于密钥字符串采用的是非对称加密,有效保证了密钥字符串的安全性,且仅针对数据量较小的密钥字符串进行非对称加解密,不会影响加解密效率。对隐私字段采用的是对称加解密,即使隐私字段数量庞大,也能够快速加解密。也就是本实施例的信息解密方法即保证了加解密效率又有效地保障了信息的安全。Since the key string is asymmetrically encrypted, the security of the key string is effectively ensured, and the asymmetric encryption and decryption is performed only for the key string with a small amount of data, which does not affect the encryption and decryption efficiency. Symmetric encryption and decryption is used for the privacy field, and even if the number of privacy fields is large, it can be quickly encrypted and decrypted. That is to say, the information decryption method of the embodiment ensures the encryption and decryption efficiency and effectively protects the information security.
本实施例实现了对称加密和非对称加密的有机结合,不仅能够对大量的隐私字段进行快速加密,随机动态的密钥生成方式加之非对称加密的安全性优势 使信息的云端传输和存储更加安全可靠。This embodiment implements an organic combination of symmetric encryption and asymmetric encryption, which not only enables fast encryption of a large number of privacy fields, but also a random dynamic key generation method combined with the security advantages of asymmetric encryption. Make the cloud transmission and storage of information more secure and reliable.
在一个实施例中,如图4所示,步骤S208:解析文档上传请求中携带的文档,定位文档中的隐私字段,并使用随机生成的密钥字符串对称加密隐私字段生成文档密文包括:In an embodiment, as shown in FIG. 4, step S208: parsing the document carried in the document uploading request, locating the privacy field in the document, and symmetrically encrypting the private field using the randomly generated key string to generate the document ciphertext includes:
步骤S302:根据文档上传请求获取待上传的文档,使用支持文档格式的工具解析文档得到文档内容。Step S302: Acquire a document to be uploaded according to the document uploading request, and parse the document using a tool that supports the document format to obtain the document content.
移动终端获取用户指定上传的文档,并使用支持该上传文档格式的工具(如Office软件)打开或者识别文档内容。The mobile terminal acquires a document specified by the user and opens or recognizes the content of the document using a tool (such as Office software) that supports the format of the uploaded document.
若文档为txt格式,则使用记事本程序解析该文档内容。若文档为xlsx格式,则使用excel表格程序解析该文档内容。If the document is in txt format, the document content is parsed using the Notepad program. If the document is in xlsx format, the content of the document is parsed using the excel table program.
步骤S304:在文档内容中查找待加密的隐私字段,获取隐私字段的位置信息,并集合获取的位置信息生成拓展字段。Step S304: Search for the privacy field to be encrypted in the document content, obtain the location information of the privacy field, and collect the obtained location information to generate an extension field.
在一个实施例中,预先设定隐私字段的属性信息,根据预先设定的属性信息查找文档内容中所包含的隐私字段。隐私字段的属性信息可以是设定位数的数字串、如11位的数字串(移动通信号码),13位的数字串(身份证编号);也可以是设定敏感文字前/后设定字节处对应的信息,如敏感文字为“用户名”、“密码”,用户名后出现的字符串即为隐私字段;还可以是包括设定符号的字符串,如包含“$”符号的消费信息,账目信息等。In one embodiment, the attribute information of the privacy field is preset, and the privacy field included in the document content is searched according to the preset attribute information. The attribute information of the privacy field may be a numeric string of a set number of bits, such as an 11-digit numeric string (mobile communication number), a 13-digit numeric string (ID number), or a set of sensitive text before/after setting. The corresponding information at the byte, such as the sensitive text is "user name", "password", the string that appears after the user name is the privacy field; it can also be a string including the set symbol, such as the symbol containing "$" Consumption information, account information, etc.
在另一个实施例中,在获取用户在应用程序界面中触发的文档上传请求的步骤之后,还包括:调用支持该文档格式的工具显示待上传的文档,获取用户的指定操作,该指定操作指定文档中的待加密的隐私字段。In another embodiment, after the step of acquiring a document uploading request triggered by the user in the application interface, the method further includes: calling a tool supporting the document format to display the document to be uploaded, and acquiring a specified operation of the user, the specified operation specifying The privacy field to be encrypted in the document.
无论是通过设定的属性确定隐私字段还是根据用户的指定确定隐私字段,在确定隐私字段后,均获取确定的隐私字段在文档内容中的位置信息,每一个隐私字段都对应一个位置信息。进而将获取的隐私字段的位置信息集合在一个拓展字段中。也就是,生成一个拓展字段,该拓展字段包括所有待加密的隐私字段的位置信息。Whether the privacy field is determined by the set attribute or the privacy field is determined according to the user's designation, after the privacy field is determined, the location information of the determined privacy field in the document content is obtained, and each privacy field corresponds to one location information. The location information of the obtained privacy field is further collected in an extension field. That is, an extension field is generated, which includes location information of all privacy fields to be encrypted.
步骤S306:使用随机生成的密钥字符串对称加密文档中的隐私字段和拓展 字段,生成文档密文和加密后的拓展字段。Step S306: symmetrically encrypt the privacy field and the extension in the document by using the randomly generated key string Field, generating document ciphertext and encrypted extension fields.
使用步骤S202中生成的密钥字符串对确定的隐私字段进行对称加密处理,生成文档密文,同时对生成的拓展字段也使用密钥字符串进行加密处理。The determined privacy field is symmetrically encrypted using the key string generated in step S202 to generate a document ciphertext, and the generated extension field is also encrypted using a key string.
在一个实施例中,当待上传的文档为配置文件时,也就是文档中的内容为字段名对应字段值的格式。举例来说,文档中的内容为:name=zhangsan,phoneNumber=12345678910,其中,name和phoneNumber为字段名,zhangsan和12345678910为字段值。待加密的隐私字段为字段值,也就是需要对等号后的字段值zhangsan和12345678910进行加密处理。In one embodiment, when the document to be uploaded is a configuration file, that is, the content in the document is a format in which the field name corresponds to the field value. For example, the content in the document is: name=zhangsan, phoneNumber=12345678910, where name and phoneNumber are field names, and zhangsan and 12345678910 are field values. The privacy field to be encrypted is a field value, that is, the field values zhangsan and 12345678910 after the equal sign are required to be encrypted.
当待上传的文档为上述的配置文件时,步骤S304:在文档内容中查找待加密的隐私字段,获取隐私字段的位置信息,并集合获取的位置信息生成拓展字段,在本实施例中为:获取文档中的字段名,集合获取的所有字段名生成拓展字段。When the document to be uploaded is the above-mentioned configuration file, step S304: searching for the privacy field to be encrypted in the document content, obtaining the location information of the privacy field, and collecting the obtained location information to generate an extension field, which is in this embodiment: Get the field name in the document, and all the field names obtained by the collection generate the extension field.
本实施例中,如图5所示,信息加密方法包括如下步骤:In this embodiment, as shown in FIG. 5, the information encryption method includes the following steps:
步骤S402:当监测到移动终端中应用程序切换至开启状态时,随机生成密钥字符串,并存储生成的密钥字符串。Step S402: When it is detected that the application in the mobile terminal switches to the on state, the key string is randomly generated, and the generated key string is stored.
步骤S404:当应用程序首次向服务器发送通信请求时,使用服务器公钥非对称加密生成的密钥字符串,并将加密后的密钥字符串发送至服务器。Step S404: When the application first sends a communication request to the server, the generated key string is asymmetrically encrypted using the server public key, and the encrypted key string is sent to the server.
步骤S406:获取用户在应用程序界面中触发的文档上传请求,文档上传请求中携带待上传的文档,其中,待上传的文档为字段名对应字段值的格式,待加密的隐私字段为字段值;Step S406: Acquire a document uploading request triggered by the user in the application interface, where the document uploading request carries the document to be uploaded, wherein the document to be uploaded is in the format of the field value corresponding to the field name, and the privacy field to be encrypted is a field value;
步骤S408:使用支持文档格式的工具解析文档得到文档内容,获取文档中的所有字段名,集合获取的所有字段名生成拓展字段。Step S408: Parse the document with a tool that supports the document format to obtain the document content, obtain all the field names in the document, and generate an extension field for all the field names obtained by the collection.
步骤S410:使用随机生成的密钥字符串对称加密隐私字段和拓展字段,生成文档密文和加密后的拓展字段。Step S410: symmetrically encrypt the privacy field and the extension field by using the randomly generated key string to generate a document ciphertext and an encrypted extension field.
步骤S412:将生成的文档密文和加密后的拓展字段发送至服务器,以使服务器对拓展字段进行解密获取所有字段名的集合,通过字段名定位文档密文中的每一个隐私字段,并对定位的隐私字段进行解密得到文档明文。 Step S412: Send the generated document ciphertext and the encrypted extension field to the server, so that the server decrypts the extension field to obtain a set of all field names, locate each privacy field in the document ciphertext by the field name, and locate the location. The privacy field is decrypted to get the document clear text.
举例来说,文档中的字段名为name和phoneNumber,对应的字段值为zhangsan和12345678910,将密钥字符串加密后的文档密文为:name=xxxx1,phoneNumber=xxxx2,生成的拓展字段为{namephoneNumber},加密后的拓展字段为{xxx1xxx2}。服务器接收到加密后的文档密文和加密后的拓展字段{xxx1xxx2}后,首先使用密钥字符串对拓展字段进行解密生成解密后的拓展字段{namephoneNumber},然后对拓展字段中的字符串进行分词处理,得到name和phoneNumber两个字符串,进而查找文档密文,快速定位name和phoneNumber所在文档中的位置,进而快速定位到文档中将加密处理的隐私字段xxxx1和xxxx2,然后对定位的隐私字段进行解密得到zhangsan和12345678910,将得到的字段值插入至文档中的指定位置,生成文档明文。For example, the fields in the document are named name and phoneNumber, the corresponding field values are zhangsan and 12345678910, and the document ciphertext encrypted by the key string is: name=xxxx1, phoneNumber=xxxx2, and the generated extension field is { namephoneNumber}, the encrypted extension field is {xxx1xxx2}. After receiving the encrypted document ciphertext and the encrypted extension field {xxx1xxx2}, the server first decrypts the extended field by using the key string to generate the decrypted extended field {namephoneNumber}, and then performs the string in the extended field. Word segmentation, get two strings of name and phoneNumber, then find the document ciphertext, quickly locate the location in the document where name and phoneNumber are located, and then quickly locate the privacy fields xxxx1 and xxxx2 that will be encrypted in the document, and then the privacy of the location. The field is decrypted to get zhangsan and 12345678910, and the obtained field value is inserted into the specified position in the document to generate the document plaintext.
本实施例中,通过传递拓展字段,可快速定位文档中加密的字段,进而实现快速精准的解密以得到原始文档。终端无需和服务器进行隐私字段名称约定,隐私字段的加密解密更加灵活高效。In this embodiment, by transmitting the extended field, the encrypted field in the document can be quickly located, thereby achieving fast and accurate decryption to obtain the original document. The terminal does not need to perform privacy field name convention with the server, and the encryption and decryption of the privacy field is more flexible and efficient.
在一个实施例中,信息加密方法还包括如下步骤:当监测到终端应用自开启状态切换到退出登录状态时,移动终端清除存储的该应用程序的密钥字符串。In an embodiment, the information encryption method further includes the following steps: when detecting that the terminal application is switched from the open state to the logout state, the mobile terminal clears the stored key string of the application.
在一个实施例中,如图6所示,提供了一种服务器,该服务器包括通过系统总线连接的处理器、非易失性存储介质、内存储器和网络接口。其中,该服务器的非易失性存储介质存储有操作系统和计算机可读指令,该计算机可读指令用于实现适用于服务器的一种信息解密方法。该处理器用于提供计算和控制能力,支撑整个服务器的运行。服务器中的内存储器为非易失性存储介质中的操作系统和计算机可读指令的运行提供环境,该服务器的网络接口用于与移动终端进行网络通信。本领域技术人员可以理解,图6中示出的结构,仅仅是与本申请方案相关的部分结构的框图,并不构成对本申请方案所应用于其上的服务器的限定,具体的服务器可以包括比图中所示更多或更少的部件,或者组合某些部件,或者具有不同的部件布置。In one embodiment, as shown in FIG. 6, a server is provided that includes a processor coupled through a system bus, a non-volatile storage medium, an internal memory, and a network interface. The non-volatile storage medium of the server stores an operating system and computer readable instructions for implementing an information decryption method suitable for a server. This processor is used to provide computing and control capabilities to support the operation of the entire server. The internal memory in the server provides an environment for the operation of an operating system and computer readable instructions in a non-volatile storage medium for network communication with the mobile terminal. It will be understood by those skilled in the art that the structure shown in FIG. 6 is only a block diagram of a part of the structure related to the solution of the present application, and does not constitute a limitation on the server to which the solution of the present application is applied. The specific server may include a ratio. More or fewer components are shown in the figures, or some components are combined, or have different component arrangements.
在一个实施例中,如图7所示,提供了一种信息解密方法,该方法以应用上述的服务器中为例进行说明,具体包括如下步骤: In an embodiment, as shown in FIG. 7, an information decryption method is provided, which is described by taking the above-mentioned server as an example, and specifically includes the following steps:
步骤S502:接收移动终端中应用程序发送的通信请求,获取通信请求中携带的密钥字符串,密钥字符串是移动终端在应用程序开启是随机生成的,且经预先公布的服务器公钥非对称加密处理。Step S502: Receive a communication request sent by the application in the mobile terminal, and obtain a key string carried in the communication request, where the key string is randomly generated by the mobile terminal when the application is started, and the pre-published server public key is not Symmetric encryption processing.
服务器预先生成一对密钥对,服务器公钥和服务器私钥。服务器将服务器公钥预先发布给移动终端,移动终端对服务器公钥进行存储。The server pre-generates a pair of key pairs, the server public key and the server private key. The server pre-posts the server public key to the mobile terminal, and the mobile terminal stores the server public key.
服务器接收移动终端发送的经服务器公钥非对称加密的密钥字符串,该密钥字符串在移动终端在监测到应用程序启动时随机生成的。The server receives a key string asymmetrically encrypted by the server public key sent by the mobile terminal, and the key string is randomly generated when the mobile terminal detects that the application is started.
步骤S504:接收移动终端发送的文档上传请求,获取文档上传请求中携带的文档密文。Step S504: Receive a document upload request sent by the mobile terminal, and obtain a document ciphertext carried in the document upload request.
步骤S506:使用服务器中预先存储的私钥解密密钥字符串,并使用解密后的密钥字符串解密文档密文,以使文档显示出隐私字段。Step S506: Decrypt the key string using the private key pre-stored in the server, and decrypt the document ciphertext using the decrypted key string to cause the document to display the privacy field.
服务器使用服务器私钥解密密钥字符串,并使用解密后的密钥字符串解密文档密文。The server decrypts the key string using the server private key and decrypts the document ciphertext using the decrypted key string.
本实施例实现了对称加解密和非对称加解密的有机结合,不仅能够对大量的隐私字段进行快速加解密,随机动态的密钥生成方式加之非对称加解密的安全性优势使信息的云端传输和存储更加安全可靠。In this embodiment, an organic combination of symmetric encryption and decryption and asymmetric encryption and decryption is realized, which not only can quickly encrypt and decrypt a large number of privacy fields, but also a random dynamic key generation method combined with the security advantage of asymmetric encryption and decryption to enable cloud transmission of information. And storage is more secure and reliable.
在一个实施例中,如图8所示,提供了一种信息解密方法,具体包括如下步骤:In an embodiment, as shown in FIG. 8, an information decryption method is provided, which specifically includes the following steps:
步骤S602:接收移动终端中应用程序发送的通信请求,获取通信请求中携带的密钥字符串,密钥字符串是移动终端在应用程序开启时随机生成的,且经预先公布的服务器公钥非对称加密处理。Step S602: Receive a communication request sent by the application in the mobile terminal, and obtain a key string carried in the communication request, where the key string is randomly generated by the mobile terminal when the application is started, and the pre-published server public key is not Symmetric encryption processing.
步骤S604:接收移动终端发送的文档上传请求,获取文档上传请求中携带的文档密文和经密钥字符串加密的拓展字段,拓展字段文档中加密的隐私字段的位置信息。Step S604: Receive a document uploading request sent by the mobile terminal, obtain a document ciphertext carried in the document uploading request and an extended field encrypted by the key string, and expand the location information of the encrypted privacy field in the field document.
步骤S606:使用服务器私钥解密密钥字符串,并使用解密后的密钥字符串解密拓展字段,得到加密的隐私字段的位置信息。Step S606: Decrypt the key string using the server private key, and decrypt the extended field by using the decrypted key string to obtain the location information of the encrypted privacy field.
步骤S608:根据位置信息定位文档密文中的隐私字段,使用解密后的密钥 字符串解密定位的隐私字段,得到显示出隐私字段的文档明文。Step S608: Locating the privacy field in the ciphertext according to the location information, and using the decrypted key The string decrypts the located privacy field and gets the document plaintext showing the privacy field.
本实施例中,通过传递拓展字段,可快速定位文档中加密的字段,进而实现快速精准的解密得到原始文档。终端无需和服务器进行隐私字段名称约定,隐私字段的加密解密更加灵活高效。In this embodiment, by transmitting the extended field, the encrypted field in the document can be quickly located, thereby achieving fast and accurate decryption to obtain the original document. The terminal does not need to perform privacy field name convention with the server, and the encryption and decryption of the privacy field is more flexible and efficient.
在一个实施例中,如图9所示,提供了一种信息加密装置,该装置包括:In one embodiment, as shown in FIG. 9, an information encryption apparatus is provided, the apparatus comprising:
密钥字符串生成模块702,用于当监测到移动终端中应用程序切换至开启状态时,随机生成密钥字符串,并存储生成的密钥字符串。The key string generating module 702 is configured to randomly generate a key string and store the generated key string when the application in the mobile terminal is detected to switch to the on state.
非对称加密模块704,用于当应用程序首次向服务器发送通信请求时,使用服务器预先公布的服务器公钥非对称加密生成的密钥字符串,并将加密后的密钥字符串发送至服务器。The asymmetric encryption module 704 is configured to asymmetrically encrypt the generated key string using the server public key pre-published by the server when the application sends the communication request to the server for the first time, and send the encrypted key string to the server.
请求获取模块706,用于获取用户在应用程序界面中触发的文档上传请求。The request obtaining module 706 is configured to obtain a document upload request triggered by the user in the application interface.
对称加密模块708,用于解析文档上传请求中携带的文档,定位文档中的隐私字段,并使用随机生成的密钥字符串对称加密隐私字段生成文档密文。The symmetric encryption module 708 is configured to parse the document carried in the document upload request, locate the privacy field in the document, and use the randomly generated key string to symmetrically encrypt the privacy field to generate the document ciphertext.
文档上传模块710,用于将生成的文档密文上传至服务器,以使服务器根据接收的加密后的密钥字符串和服务器私钥解密上传的文档密文。The document uploading module 710 is configured to upload the generated document ciphertext to the server, so that the server decrypts the uploaded document ciphertext according to the received encrypted key string and the server private key.
在一个实施例中,如图10所示,对称加密模块708包括:In one embodiment, as shown in FIG. 10, the symmetric encryption module 708 includes:
文档解析模块802,用于根据文档上传请求获取待上传的文档,使用支持文档格式的工具解析文档得到文档内容。The document parsing module 802 is configured to obtain a document to be uploaded according to a document uploading request, and parse the document to obtain the document content by using a tool that supports the document format.
拓展字段生成模块804,用于在文档内容中查找待加密的隐私字段,获取隐私字段的位置信息,并集合获取的位置信息生成拓展字段。The extended field generating module 804 is configured to search for a privacy field to be encrypted in the document content, obtain location information of the privacy field, and collect the obtained location information to generate an extension field.
加密模块806,用于使用随机生成的密钥字符串对称加密文档中的隐私字段和拓展字段,生成文档密文和加密后的拓展字段。The encryption module 806 is configured to symmetrically encrypt the privacy field and the extension field in the document by using the randomly generated key string to generate the document ciphertext and the encrypted extension field.
在一个实施例中,文档内容为字段名对应字段值的格式;待加密的隐私字段为字段值。In one embodiment, the document content is a format in which the field name corresponds to a field value; the privacy field to be encrypted is a field value.
拓展字段生成模块804,还用于获取文档内容中的所有字段名,集合获取的所有字段名生成拓展字段。The extended field generating module 804 is further configured to obtain all the field names in the document content, and generate all the field names in the set to generate the extended field.
文档上传模块710,还用于将生成的文档密文和加密后的拓展字段发送至服务器,以使服务器对拓展字段进行解密获取所有字段名的集合,通过字段名定 位文档密文中的每一个隐私字段,并对定位的隐私字段进行解密得到文档明文。The document uploading module 710 is further configured to send the generated document ciphertext and the encrypted extension field to the server, so that the server decrypts the extended field to obtain a set of all the field names, and the field name is determined. Each private field in the ciphertext of the document is decrypted and the private field of the location is decrypted to obtain the clear text of the document.
在一个实施例中,如图11所示,提供了一种信息解密装置,该装置包括:In one embodiment, as shown in FIG. 11, an information decryption apparatus is provided, the apparatus comprising:
通信请求接收模块902,用于接收移动终端中应用程序发送的通信请求,获取通信请求中携带的密钥字符串,密钥字符串是移动终端在应用程序开启时随机生成的,且经预先公布的服务器公钥非对称加密处理。The communication request receiving module 902 is configured to receive a communication request sent by the application in the mobile terminal, and obtain a key string carried in the communication request, where the key string is randomly generated by the mobile terminal when the application is started, and is pre-advertised. The server public key is asymmetrically encrypted.
文档密文接收模块904,用于接收移动终端发送的文档上传请求,获取文档上传请求中携带的文档密文。The document ciphertext receiving module 904 is configured to receive a document uploading request sent by the mobile terminal, and obtain a document ciphertext carried in the document uploading request.
文档解密模块906,用于使用服务器私钥解密密钥字符串,并使用解密后的密钥字符串解密文档密文,以使文档显示出隐私字段。The document decryption module 906 is configured to decrypt the key string using the server private key and decrypt the document ciphertext using the decrypted key string to cause the document to display a privacy field.
在一个实施例中,文档上传请求中还携带经加密处理的拓展字段;In an embodiment, the document upload request further carries an encrypted field that is encrypted;
文档解密模块906,还用于使用服务器私钥解密密钥字符串,并使用解密后的密钥字符串解密拓展字段,得到文档密文中加密的隐私字段对应的位置信息;根据位置信息定位文档密文中的隐私字段,使用解密后的密钥字符串解密定位的隐私字段,得到显示出隐私字段的文档明文。The document decryption module 906 is further configured to decrypt the key string by using the server private key, and decrypt the extended field by using the decrypted key string to obtain location information corresponding to the encrypted privacy field in the ciphertext of the document; and locate the document dense according to the location information. The privacy field in the text decrypts the located privacy field using the decrypted key string to obtain a clear text of the document showing the privacy field.
在一个实施例中,提供了一种计算机设备,该计算机设备可以是移动终端,包括存储器和处理器,存储器中储存有计算机可读指令,计算机可读指令被处理器执行时,使得处理器执行以下步骤:当监测到移动终端中应用程序切换至开启状态时,随机生成密钥字符串,并存储生成的密钥字符串;当应用程序首次向服务器发送通信请求时,使用服务器预先公布的服务器公钥非对称加密生成的密钥字符串,并将加密后的密钥字符串发送至服务器;获取用户在应用程序界面中触发的文档上传请求;解析文档上传请求中携带的文档,定位文档中的隐私字段,并使用随机生成的密钥字符串对称加密隐私字段生成文档密文;及将生成的文档密文上传至服务器,以使服务器根据接收的加密后的密钥字符串和服务器私钥解密上传的文档密文。In one embodiment, a computer device is provided, which can be a mobile terminal, including a memory and a processor, the memory storing computer readable instructions, when executed by the processor, causing the processor to execute The following steps: when the application in the mobile terminal is detected to switch to the on state, the key string is randomly generated, and the generated key string is stored; when the application first sends a communication request to the server, the server is pre-published by the server. The key string generated by asymmetrically encrypting the public key, and sending the encrypted key string to the server; obtaining a document upload request triggered by the user in the application interface; parsing the document carried in the document upload request, and locating the document a privacy field, and using the randomly generated key string symmetrically encrypting the privacy field to generate a document ciphertext; and uploading the generated document ciphertext to the server so that the server receives the encrypted key string and the server private key according to the received Decrypt the uploaded document ciphertext.
在一个实施例中,计算机设备处理器所执行的解析文档上传请求中携带的文档,定位文档中的隐私字段,并使用随机生成的密钥字符串对称加密隐私字段生成文档密文的步骤包括:根据文档上传请求获取待上传的文档,使用支持 文档格式的工具解析文档得到文档内容;在文档内容中查找待加密的隐私字段,获取隐私字段的位置信息,并集合获取的位置信息生成拓展字段;及使用随机生成的密钥字符串对称加密文档中的隐私字段和拓展字段,生成文档密文和加密后的拓展字段。In one embodiment, the step of parsing the document carried in the document upload request by the computer device processor, locating the privacy field in the document, and symmetrically encrypting the privacy field using the randomly generated key string to generate the document ciphertext comprises: Get the documents to be uploaded according to the document upload request, use support The document format tool parses the document to obtain the document content; finds the privacy field to be encrypted in the document content, obtains the location information of the privacy field, and aggregates the acquired location information to generate an extension field; and symmetrically encrypts the document by using the randomly generated key string In the privacy field and extension field, the document ciphertext and the encrypted extension field are generated.
在一个实施例中,文档内容为字段名对应字段值的格式;待加密的隐私字段为字段值;In one embodiment, the document content is a format in which the field name corresponds to the field value; the privacy field to be encrypted is a field value;
计算机设备处理器所执行的在文档内容中查找待加密的隐私字段,获取隐私字段的位置信息,并集合获取的位置信息生成拓展字段的步骤为:获取文档内容中的所有字段名,集合获取的所有字段名生成拓展字段;The step of the computer device processor searching for the privacy field to be encrypted in the document content, obtaining the location information of the privacy field, and collecting the acquired location information to generate the extension field is: obtaining all the field names in the document content, and collecting the acquired All field names generate extension fields;
计算机设备处理器所执行的将生成的文档密文上传至服务器,以使服务器根据接收的加密后的密钥字符串和服务器私钥解密上传的文档密文的步骤为:将生成的文档密文和加密后的拓展字段发送至服务器,以使服务器对拓展字段进行解密获取所有字段名的集合,通过字段名定位文档密文中的每一个隐私字段,并对定位的隐私字段进行解密得到文档明文。The step of uploading the generated document ciphertext by the computer device processor to the server, so that the server decrypts the uploaded document ciphertext according to the received encrypted key string and the server private key is: generating the generated document ciphertext And the encrypted extension field is sent to the server, so that the server decrypts the extended field to obtain a set of all the field names, locates each privacy field in the document ciphertext by the field name, and decrypts the located privacy field to obtain the document plaintext.
在一个实施例中,提供了一种计算机设备,该计算机设备可以是服务器,包括存储器和处理器,存储器中储存有计算机可读指令,计算机可读指令被处理器执行时,使得处理器执行以下步骤:接收移动终端中应用程序发送的通信请求,获取通信请求中携带的密钥字符串,密钥字符串是移动终端在应用程序开启时随机生成的,且经预先公布的服务器公钥非对称加密处理;接收移动终端发送的文档上传请求,获取文档上传请求中携带的文档密文;及使用服务器私钥解密密钥字符串,并使用解密后的密钥字符串解密文档密文,以使文档显示出隐私字段。In one embodiment, a computer device is provided, the computer device being a server, comprising a memory and a processor, the memory storing computer readable instructions, the computer readable instructions being executed by the processor, causing the processor to perform the following Step: receiving a communication request sent by the application in the mobile terminal, and acquiring a key string carried in the communication request, where the key string is randomly generated by the mobile terminal when the application is started, and the pre-published server public key is asymmetric Encrypting processing; receiving a document uploading request sent by the mobile terminal, acquiring a document ciphertext carried in the document uploading request; and decrypting the key string by using the server private key, and decrypting the document ciphertext by using the decrypted key string, so that The document shows the privacy field.
在一个实施例中,文档上传请求中还携带经加密处理的拓展字段;In an embodiment, the document upload request further carries an encrypted field that is encrypted;
计算机设备处理器所执行的使用服务器私钥解密密钥字符串,并使用解密后的密钥字符串解密文档密文,以使文档显示出隐私字段的步骤为:使用服务器私钥解密密钥字符串,并使用解密后的密钥字符串解密拓展字段,得到文档密文中加密的隐私字段对应的位置信息;根据位置信息定位文档密文中的隐私字段,使用解密后的密钥字符串解密定位的隐私字段,得到显示出隐私字段的 文档明文。The computer device processor performs decryption of the key string using the server private key and decrypts the document ciphertext using the decrypted key string, so that the document displays the privacy field by decrypting the key character using the server private key String, and decrypting the extended field by using the decrypted key string to obtain location information corresponding to the encrypted privacy field in the ciphertext of the document; locating the privacy field in the ciphertext of the document according to the location information, and decrypting the location using the decrypted key string Privacy field, get the privacy field The document is clear.
在一个实施例中,提供了一个或多个存储有计算机可读指令的计算机可读非易失性存储介质,计算机可读指令被一个或多个处理器执行时,使得一个或多个处理器执行以下步骤:当监测到移动终端中应用程序切换至开启状态时,随机生成密钥字符串,并存储生成的密钥字符串;当应用程序首次向服务器发送通信请求时,使用服务器预先公布的服务器公钥非对称加密生成的密钥字符串,并将加密后的密钥字符串发送至服务器;获取用户在应用程序界面中触发的文档上传请求;解析文档上传请求中携带的文档,定位文档中的隐私字段,并使用随机生成的密钥字符串对称加密隐私字段生成文档密文;及将生成的文档密文上传至服务器,以使服务器根据接收的加密后的密钥字符串和服务器私钥解密上传的文档密文。In one embodiment, there is provided one or more computer readable non-volatile storage media having computer readable instructions, when executed by one or more processors, causing one or more processors Performing the following steps: when the application in the mobile terminal is detected to switch to the on state, the key string is randomly generated, and the generated key string is stored; when the application first sends a communication request to the server, the server pre-advertises The server public key asymmetrically encrypts the generated key string, and sends the encrypted key string to the server; obtains a document upload request triggered by the user in the application interface; parses the document carried in the document upload request, and locates the document In the privacy field, and using the randomly generated key string symmetrically encrypting the privacy field to generate the document ciphertext; and uploading the generated document ciphertext to the server, so that the server is based on the received encrypted key string and the server private The key decrypts the uploaded document ciphertext.
在一个实施例中,处理器所执行的解析文档上传请求中携带的文档,定位文档中的隐私字段,并使用随机生成的密钥字符串对称加密隐私字段生成文档密文的步骤包括:根据文档上传请求获取待上传的文档,使用支持文档格式的工具解析文档得到文档内容;在文档内容中查找待加密的隐私字段,获取隐私字段的位置信息,并集合获取的位置信息生成拓展字段;及使用随机生成的密钥字符串对称加密文档中的隐私字段和拓展字段,生成文档密文和加密后的拓展字段。In an embodiment, the step of parsing the document carried in the document upload request by the processor, locating the privacy field in the document, and symmetrically encrypting the privacy field using the randomly generated key string to generate the document ciphertext comprises: according to the document Uploading a request to obtain a document to be uploaded, parsing the document using a tool that supports the document format to obtain the document content; finding a privacy field to be encrypted in the document content, obtaining location information of the privacy field, and collecting the obtained location information to generate an extension field; and using The randomly generated key string symmetrically encrypts the privacy field and the extension field in the document, and generates a document ciphertext and an encrypted extension field.
在一个实施例中,文档内容为字段名对应字段值的格式;待加密的隐私字段为字段值;In one embodiment, the document content is a format in which the field name corresponds to the field value; the privacy field to be encrypted is a field value;
处理器所执行的在文档内容中查找待加密的隐私字段,获取隐私字段的位置信息,并集合获取的位置信息生成拓展字段的步骤为:获取文档内容中的所有字段名,集合获取的所有字段名生成拓展字段;The step of the processor performing the search for the privacy field to be encrypted in the document content, obtaining the location information of the privacy field, and collecting the acquired location information to generate the extension field is: obtaining all the field names in the document content, and collecting all the fields in the collection. Name generation extension field;
处理器所执行的将生成的文档密文上传至服务器,以使服务器根据接收的加密后的密钥字符串和服务器私钥解密上传的文档密文的步骤为:将生成的文档密文和加密后的拓展字段发送至服务器,以使服务器对拓展字段进行解密获取所有字段名的集合,通过字段名定位文档密文中的每一个隐私字段,并对定 位的隐私字段进行解密得到文档明文。The step of uploading the generated document ciphertext to the server by the processor, so that the server decrypts the uploaded document ciphertext according to the received encrypted key string and the server private key is: the generated document ciphertext and encryption The extended field is sent to the server, so that the server decrypts the extended field to obtain a set of all field names, and locates each privacy field in the document ciphertext by the field name, and determines The privacy field of the bit is decrypted to get the document plaintext.
在一个实施例中,提供了一个或多个存储有计算可读指令的计算机可读非易失性存储介质,计算可读指令被一个或多个处理器执行时,使得一个或多个处理器执行以下步骤:接收移动终端中应用程序发送的通信请求,获取通信请求中携带的密钥字符串,密钥字符串是移动终端在应用程序开启时随机生成的,且经预先公布的服务器公钥非对称加密处理;接收移动终端发送的文档上传请求,获取文档上传请求中携带的文档密文;及使用服务器私钥解密密钥字符串,并使用解密后的密钥字符串解密文档密文,以使文档显示出隐私字段。In one embodiment, there is provided one or more computer readable non-volatile storage media having stored readable instructions that, when executed by one or more processors, cause one or more processors The following steps are performed: receiving a communication request sent by an application in the mobile terminal, and acquiring a key string carried in the communication request, where the key string is randomly generated by the mobile terminal when the application is started, and the pre-published server public key Asymmetric encryption processing; receiving a document upload request sent by the mobile terminal, acquiring a document ciphertext carried in the document upload request; and decrypting the key string by using the server private key, and decrypting the document ciphertext by using the decrypted key string, To make the document display a privacy field.
在一个实施例中,文档上传请求中还携带经加密处理的拓展字段;In an embodiment, the document upload request further carries an encrypted field that is encrypted;
处理器所执行的使用服务器私钥解密密钥字符串,并使用解密后的密钥字符串解密文档密文,以使文档显示出隐私字段的步骤为:使用服务器私钥解密密钥字符串,并使用解密后的密钥字符串解密拓展字段,得到文档密文中加密的隐私字段对应的位置信息;及根据位置信息定位文档密文中的隐私字段,使用解密后的密钥字符串解密定位的隐私字段,得到显示出隐私字段的文档明文。The step of decrypting the key string by the processor using the server private key and decrypting the document ciphertext using the decrypted key string, so that the document displays the privacy field is: decrypting the key string using the server private key, And decrypting the extended field by using the decrypted key string to obtain location information corresponding to the encrypted privacy field in the ciphertext of the document; and locating the privacy field in the ciphertext according to the location information, and decrypting the located privacy by using the decrypted key string Field, get the document plaintext showing the privacy field.
本领域普通技术人员可以理解实现上述实施例方法中的全部或部分流程,是可以通过计算可读指令来指令相关的硬件来完成,程序可存储于一计算机可读取存储介质中,该程序在执行时,可包括如上述各方法的实施例的流程。其中,前述的存储介质可为磁碟、光盘、只读存储记忆体(Read-Only Memory,ROM)等非易失性存储介质等。。A person skilled in the art can understand that all or part of the process of implementing the above embodiment method can be completed by computing readable instructions to instruct related hardware, and the program can be stored in a computer readable storage medium. When executed, the flow of an embodiment of the methods as described above may be included. The storage medium may be a non-volatile storage medium such as a magnetic disk, an optical disk, or a read-only memory (ROM). .
以上实施例的各技术特征可以进行任意的组合,为使描述简洁,未对上述实施例中的各个技术特征所有可能的组合都进行描述,然而,只要这些技术特征的组合不存在矛盾,都应当认为是本说明书记载的范围。The technical features of the above embodiments may be arbitrarily combined. For the sake of brevity of description, all possible combinations of the technical features in the above embodiments are not described. However, as long as there is no contradiction in the combination of these technical features, It is considered to be the range described in this specification.
以上实施例仅表达了本申请的几种实施方式,其描述较为具体和详细,但并不能因此而理解为对发明专利范围的限制。应当指出的是,对于本领域的普通技术人员来说,在不脱离本申请构思的前提下,还可以做出若干变形和改进,这些都属于本申请的保护范围。因此,本申请专利的保护范围应以所附权利要求为准。 The above embodiments are merely illustrative of several embodiments of the present application, and the description thereof is more specific and detailed, but is not to be construed as limiting the scope of the invention. It should be noted that a number of variations and modifications may be made by those skilled in the art without departing from the spirit and scope of the present application. Therefore, the scope of the invention should be determined by the appended claims.

Claims (20)

  1. 一种信息加密方法,包括:An information encryption method, including:
    当监测到移动终端中应用程序切换至开启状态时,随机生成密钥字符串,并存储生成的所述密钥字符串;When it is detected that the application in the mobile terminal switches to the on state, the key string is randomly generated, and the generated key string is stored;
    当所述应用程序首次向服务器发送通信请求时,使用服务器预先公布的服务器公钥非对称加密生成的所述密钥字符串,并将加密后的所述密钥字符串发送至所述服务器;When the application sends a communication request to the server for the first time, the generated key string is asymmetrically encrypted using a server public key pre-published by the server, and the encrypted key string is sent to the server;
    获取用户在所述应用程序界面中触发的文档上传请求;Obtaining a document upload request triggered by the user in the application interface;
    解析所述文档上传请求中携带的文档,定位所述文档中的隐私字段,并使用随机生成的所述密钥字符串对称加密所述隐私字段生成文档密文;及Parsing a document carried in the document upload request, locating a privacy field in the document, and symmetrically encrypting the privacy field to generate a document ciphertext by using the randomly generated key string; and
    将生成的所述文档密文上传至所述服务器,以使所述服务器根据接收的加密后的所述密钥字符串和服务器私钥解密上传的所述文档密文。And uploading the generated document ciphertext to the server, so that the server decrypts the uploaded document ciphertext according to the received encrypted key string and the server private key.
  2. 根据权利要求1所述的方法,其特征在于,所述解析所述文档上传请求中携带的文档,定位所述文档中的隐私字段,并使用随机生成的所述密钥字符串对称加密所述隐私字段生成文档密文包括:The method according to claim 1, wherein the parsing the document carried in the document upload request, locating a privacy field in the document, and symmetrically encrypting the password using the randomly generated key string The privacy field generates a document ciphertext including:
    根据所述文档上传请求获取待上传的文档,使用支持所述文档格式的工具解析所述文档得到文档内容;Obtaining a document to be uploaded according to the document uploading request, parsing the document by using a tool supporting the document format to obtain a document content;
    在所述文档内容中查找待加密的隐私字段,获取所述隐私字段的位置信息,并集合获取的位置信息生成拓展字段;及Searching for a privacy field to be encrypted in the document content, acquiring location information of the privacy field, and collecting the obtained location information to generate an extension field; and
    使用随机生成的所述密钥字符串对称加密所述文档中的隐私字段和所述拓展字段,生成文档密文和加密后的拓展字段。The privacy field and the extension field in the document are symmetrically encrypted using the randomly generated key string to generate a document ciphertext and an encrypted extension field.
  3. 根据权利要求2所述的方法,其特征在于,所述文档内容为字段名对应字段值的格式;待加密的所述隐私字段为所述字段值;The method according to claim 2, wherein the document content is a format in which a field name corresponds to a field value; and the privacy field to be encrypted is the field value;
    所述在所述文档内容中查找待加密的隐私字段,获取所述隐私字段的位置信息,并集合获取的位置信息生成拓展字段为:获取所述文档内容中的所有字段名,集合获取的所有字段名生成拓展字段;And searching for the privacy field to be encrypted in the document content, acquiring location information of the privacy field, and collecting the obtained location information to generate an extension field: acquiring all field names in the document content, and collecting all the acquired Field name generation extension field;
    所述将生成的所述文档密文上传至所述服务器,以使所述服务器根据接 收的加密后的所述密钥字符串和服务器私钥解密上传的所述文档密文为:将生成的文档密文和所述加密后的所述拓展字段发送至所述服务器,以使所述服务器对所述拓展字段进行解密获取所有所述字段名的集合,通过所述字段名定位所述文档密文中的每一个所述隐私字段,并对定位的所述隐私字段进行解密得到文档明文。Uploading the generated document ciphertext to the server, so that the server is connected according to the server Decrypting the encrypted key string and the server private key to decrypt the uploaded document ciphertext: sending the generated document ciphertext and the encrypted extension field to the server, so as to The server decrypts the extended field to obtain a set of all the field names, locates each of the privacy fields in the document ciphertext by using the field name, and decrypts the located privacy field to obtain a clear text of the document. .
  4. 一种信息解密方法,包括:A method of information decryption, comprising:
    接收移动终端中应用程序发送的通信请求,获取所述通信请求中携带的密钥字符串,所述密钥字符串是所述移动终端在所述应用程序开启时随机生成的,且经预先公布的服务器公钥非对称加密处理;Receiving a communication request sent by the application in the mobile terminal, and acquiring a key string carried in the communication request, where the key string is randomly generated by the mobile terminal when the application is started, and is pre-announced Server public key asymmetric encryption processing;
    接收所述移动终端发送的文档上传请求,获取所述文档上传请求中携带的文档密文;及Receiving a document upload request sent by the mobile terminal, and acquiring a document ciphertext carried in the document upload request; and
    使用服务器私钥解密所述密钥字符串,并使用解密后的所述密钥字符串解密所述文档密文,以使所述文档显示出隐私字段。The key string is decrypted using the server private key and the decrypted document string is used to decrypt the document ciphertext such that the document displays a privacy field.
  5. 根据权利要求4所述的方法,其特征在于,所述文档上传请求中还携带经加密处理的拓展字段;The method according to claim 4, wherein the document upload request further carries an extended field that is encrypted;
    使用服务器私钥解密所述密钥字符串,并使用解密后的所述密钥字符串解密所述文档密文,以使所述文档显示出隐私字段为:使用服务器私钥解密所述密钥字符串,并使用解密后的所述密钥字符串解密所述拓展字段,得到所述文档密文中加密的隐私字段对应的位置信息;及Decrypting the key string using a server private key and decrypting the document ciphertext using the decrypted key string such that the document displays a privacy field as: decrypting the key using a server private key a string, and decrypting the extended field by using the decrypted key string to obtain location information corresponding to the encrypted privacy field in the ciphertext of the document; and
    根据所述位置信息定位所述文档密文中的所述隐私字段,使用解密后的所述密钥字符串解密定位的所述隐私字段,得到显示出所述隐私字段的文档明文。And locating the privacy field in the document ciphertext according to the location information, and decrypting the located privacy field by using the decrypted key string to obtain a document plaintext displaying the privacy field.
  6. 一种信息加密装置,包括:An information encryption device includes:
    密钥字符串生成模块,用于当监测到移动终端中应用程序切换至开启状态时,随机生成密钥字符串,并存储生成的所述密钥字符串;a key string generating module, configured to randomly generate a key string when the application is switched to the open state in the mobile terminal, and store the generated key string;
    非对称加密模块,用于当所述应用程序首次向服务器发送通信请求时, 使用服务器预先公布的服务器公钥非对称加密生成的所述密钥字符串,并将加密后的所述密钥字符串发送至所述服务器;An asymmetric cryptographic module, when the application first sends a communication request to a server, The generated key string is asymmetrically encrypted using a server public key pre-published by the server, and the encrypted key string is sent to the server;
    请求获取模块,用于获取用户在所述应用程序界面中触发的文档上传请求;The request obtaining module is configured to obtain a document uploading request triggered by the user in the application interface;
    对称加密模块,用于解析所述文档上传请求中携带的文档,定位所述文档中的隐私字段,并使用随机生成的所述密钥字符串对称加密所述隐私字段生成文档密文;及a symmetric cryptographic module, configured to parse a document carried in the document uploading request, locate a privacy field in the document, and symmetrically encrypt the private field to generate a document ciphertext by using the randomly generated key string; and
    文档上传模块,用于将生成的所述文档密文上传至所述服务器,以使所述服务器根据接收的加密后的所述密钥字符串和服务器私钥解密上传的所述文档密文。And a document uploading module, configured to upload the generated document ciphertext to the server, so that the server decrypts the uploaded document ciphertext according to the received encrypted key string and the server private key.
  7. 根据权利要求6所述的装置,其特征在于,所述对称加密模块包括:The apparatus according to claim 6, wherein the symmetric encryption module comprises:
    文档解析模块,用于根据所述文档上传请求获取待上传的文档,使用支持所述文档格式的工具解析所述文档得到文档内容;a document parsing module, configured to obtain a document to be uploaded according to the document uploading request, and parse the document to obtain a document content by using a tool that supports the document format;
    拓展字段生成模块,用于在所述文档内容中查找待加密的隐私字段,获取所述隐私字段的位置信息,并集合获取的位置信息生成拓展字段;及An extended field generating module, configured to search for a privacy field to be encrypted in the document content, obtain location information of the privacy field, and collect the obtained location information to generate an extension field; and
    加密模块,用于使用随机生成的所述密钥字符串对称加密所述文档中的隐私字段和所述拓展字段,生成文档密文和加密后的拓展字段。And an encryption module, configured to symmetrically encrypt the privacy field and the extension field in the document by using the randomly generated key string, and generate a document ciphertext and an encrypted extension field.
  8. 根据权利要求7所述的装置,其特征在于,所述文档内容为字段名对应字段值的格式;待加密的所述隐私字段为所述字段值;The device according to claim 7, wherein the document content is a format in which a field name corresponds to a field value; and the privacy field to be encrypted is the field value;
    所述拓展字段生成模块,还用于获取所述文档内容中的所有字段名,集合获取的所有字段名生成拓展字段;及The extended field generating module is further configured to acquire all field names in the content of the document, and generate an extended field for all field names obtained by the set; and
    所述文档上传模块,还用于将生成的文档密文和所述加密后的所述拓展字段发送至所述服务器,以使所述服务器对所述拓展字段进行解密获取所有所述字段名的集合,通过所述字段名定位所述文档密文中的每一个所述隐私字段,并对定位的所述隐私字段进行解密得到文档明文。The document uploading module is further configured to send the generated document ciphertext and the encrypted extension field to the server, so that the server decrypts the extended field to obtain all the field names. And collecting, by using the field name, each of the privacy fields in the document ciphertext, and decrypting the located privacy field to obtain a document plaintext.
  9. 一种信息解密装置,包括:An information decryption device comprising:
    通信请求接收模块,用于接收移动终端中应用程序发送的通信请求,获 取通信请求中携带的密钥字符串,密钥字符串是移动终端在应用程序开启时随机生成的,且经预先公布的服务器公钥非对称加密处理;a communication request receiving module, configured to receive a communication request sent by an application in the mobile terminal, and obtain Obtaining a key string carried in the communication request, the key string is randomly generated by the mobile terminal when the application is started, and is asymmetrically encrypted by a pre-published server public key;
    文档密文接收模块,用于接收移动终端发送的文档上传请求,获取文档上传请求中携带的文档密文;及a document ciphertext receiving module, configured to receive a document uploading request sent by the mobile terminal, and obtain a document ciphertext carried in the document uploading request;
    文档解密模块,用于使用服务器私钥解密密钥字符串,并使用解密后的密钥字符串解密文档密文,以使文档显示出隐私字段。A document decryption module for decrypting a key string using a server private key and decrypting the document ciphertext using the decrypted key string to cause the document to display a privacy field.
  10. 根据权利要求9所述的装置,其特征在于,所述文档上传请求中还携带经加密处理的拓展字段;所述文档解密模块还用于使用服务器私钥解密密钥字符串,并使用解密后的密钥字符串解密拓展字段,得到文档密文中加密的隐私字段对应的位置信息;根据位置信息定位文档密文中的隐私字段,使用解密后的密钥字符串解密定位的隐私字段,得到显示出隐私字段的文档明文。The apparatus according to claim 9, wherein the document uploading request further carries an encrypted processing extension field; the document decryption module is further configured to decrypt the key string by using a server private key, and use the decrypted The key string decryption extension field obtains the location information corresponding to the encrypted privacy field in the document ciphertext; locates the privacy field in the document ciphertext according to the location information, and decrypts the located privacy field by using the decrypted key string to obtain the displayed The document for the privacy field is clear.
  11. 一种计算机设备,包括存储器及处理器,所述存储器中储存有计算可读指令,所述计算可读指令被所述处理器执行时,使得所述处理器执行以下步骤:A computer device comprising a memory and a processor, wherein the memory stores computationally readable instructions, the computer readable instructions being executed by the processor such that the processor performs the following steps:
    当监测到移动终端中应用程序切换至开启状态时,随机生成密钥字符串,并存储生成的所述密钥字符串;When it is detected that the application in the mobile terminal switches to the on state, the key string is randomly generated, and the generated key string is stored;
    当所述应用程序首次向服务器发送通信请求时,使用服务器预先公布的服务器公钥非对称加密生成的所述密钥字符串,并将加密后的所述密钥字符串发送至所述服务器;When the application sends a communication request to the server for the first time, the generated key string is asymmetrically encrypted using a server public key pre-published by the server, and the encrypted key string is sent to the server;
    获取用户在所述应用程序界面中触发的文档上传请求;Obtaining a document upload request triggered by the user in the application interface;
    解析所述文档上传请求中携带的文档,定位所述文档中的隐私字段,并使用随机生成的所述密钥字符串对称加密所述隐私字段生成文档密文;及Parsing a document carried in the document upload request, locating a privacy field in the document, and symmetrically encrypting the privacy field to generate a document ciphertext by using the randomly generated key string; and
    将生成的所述文档密文上传至所述服务器,以使所述服务器根据接收的加密后的所述密钥字符串和服务器私钥解密上传的所述文档密文。And uploading the generated document ciphertext to the server, so that the server decrypts the uploaded document ciphertext according to the received encrypted key string and the server private key.
  12. 根据权利要求11所述的计算机设备,其特征在于,所述处理器执行 所述计算机可读指令时还执行以下步骤:The computer device of claim 11 wherein said processor executes The computer readable instructions also perform the following steps:
    根据所述文档上传请求获取待上传的文档,使用支持所述文档格式的工具解析所述文档得到文档内容;Obtaining a document to be uploaded according to the document uploading request, parsing the document by using a tool supporting the document format to obtain a document content;
    在所述文档内容中查找待加密的隐私字段,获取所述隐私字段的位置信息,并集合获取的位置信息生成拓展字段;及Searching for a privacy field to be encrypted in the document content, acquiring location information of the privacy field, and collecting the obtained location information to generate an extension field; and
    使用随机生成的所述密钥字符串对称加密所述文档中的隐私字段和所述拓展字段,生成文档密文和加密后的拓展字段。The privacy field and the extension field in the document are symmetrically encrypted using the randomly generated key string to generate a document ciphertext and an encrypted extension field.
  13. 根据权利要求12所述的计算机设备,其特征在于,所述文档内容为字段名对应字段值的格式;待加密的所述隐私字段为所述字段值;The computer device according to claim 12, wherein the document content is a format in which a field name corresponds to a field value; and the privacy field to be encrypted is the field value;
    所述处理器执行所述计算机可读指令时还执行以下步骤:获取所述文档内容中的所有字段名,集合获取的所有字段名生成拓展字段;When the processor executes the computer readable instructions, the method further includes: acquiring all field names in the document content, and generating, by the set, all field names to generate an extension field;
    所述处理器执行所述计算机可读指令时还执行以下步骤:将生成的文档密文和所述加密后的所述拓展字段发送至所述服务器,以使所述服务器对所述拓展字段进行解密获取所有所述字段名的集合,通过所述字段名定位所述文档密文中的每一个所述隐私字段,并对定位的所述隐私字段进行解密得到文档明文。The processor, when executing the computer readable instructions, further performing the steps of: transmitting the generated document ciphertext and the encrypted extension field to the server, so that the server performs the extended field Decrypting obtains a set of all the field names, locates each of the privacy fields in the document ciphertext by using the field name, and decrypts the located privacy field to obtain a document plaintext.
  14. 一种计算机设备,包括存储器及处理器,所述存储器中储存有计算可读指令,所述计算可读指令被所述处理器执行时,使得所述处理器执行以下步骤:A computer device comprising a memory and a processor, wherein the memory stores computationally readable instructions, the computer readable instructions being executed by the processor such that the processor performs the following steps:
    接收移动终端中应用程序发送的通信请求,获取所述通信请求中携带的密钥字符串,所述密钥字符串是所述移动终端在所述应用程序开启时随机生成的,且经预先公布的服务器公钥非对称加密处理;Receiving a communication request sent by the application in the mobile terminal, and acquiring a key string carried in the communication request, where the key string is randomly generated by the mobile terminal when the application is started, and is pre-announced Server public key asymmetric encryption processing;
    接收所述移动终端发送的文档上传请求,获取所述文档上传请求中携带的文档密文;及Receiving a document upload request sent by the mobile terminal, and acquiring a document ciphertext carried in the document upload request; and
    使用服务器私钥解密所述密钥字符串,并使用解密后的所述密钥字符串解密所述文档密文,以使所述文档显示出隐私字段。The key string is decrypted using the server private key and the decrypted document string is used to decrypt the document ciphertext such that the document displays a privacy field.
  15. 根据权利要求14所述的计算机设备,其特征在于,所述文档上传 请求中还携带经加密处理的拓展字段;所述处理器执行所述计算机可读指令时还执行以下步骤:使用服务器私钥解密所述密钥字符串,并使用解密后的所述密钥字符串解密所述拓展字段,得到所述文档密文中加密的隐私字段对应的位置信息;及Computer device according to claim 14, wherein said document upload The request further carries an extended field of encryption processing; when the processor executes the computer readable instructions, the method further performs the steps of: decrypting the key string using a server private key, and using the decrypted key character Decrypting the extended field to obtain location information corresponding to the encrypted privacy field in the ciphertext of the document; and
    根据所述位置信息定位所述文档密文中的所述隐私字段,使用解密后的所述密钥字符串解密定位的所述隐私字段,得到显示出所述隐私字段的文档明文。And locating the privacy field in the document ciphertext according to the location information, and decrypting the located privacy field by using the decrypted key string to obtain a document plaintext displaying the privacy field.
  16. 一个或多个存储有计算机可读指令的计算机可读非易失性存储介质,计算机可读指令被一个或多个处理器执行时,使得一个或多个处理器执行以下步骤:One or more computer readable non-volatile storage media storing computer readable instructions, when executed by one or more processors, cause one or more processors to perform the steps of:
    当监测到移动终端中应用程序切换至开启状态时,随机生成密钥字符串,并存储生成的所述密钥字符串;When it is detected that the application in the mobile terminal switches to the on state, the key string is randomly generated, and the generated key string is stored;
    当所述应用程序首次向服务器发送通信请求时,使用服务器预先公布的服务器公钥非对称加密生成的所述密钥字符串,并将加密后的所述密钥字符串发送至所述服务器;When the application sends a communication request to the server for the first time, the generated key string is asymmetrically encrypted using a server public key pre-published by the server, and the encrypted key string is sent to the server;
    获取用户在所述应用程序界面中触发的文档上传请求;Obtaining a document upload request triggered by the user in the application interface;
    解析所述文档上传请求中携带的文档,定位所述文档中的隐私字段,并使用随机生成的所述密钥字符串对称加密所述隐私字段生成文档密文;及Parsing a document carried in the document upload request, locating a privacy field in the document, and symmetrically encrypting the privacy field to generate a document ciphertext by using the randomly generated key string; and
    将生成的所述文档密文上传至所述服务器,以使所述服务器根据接收的加密后的所述密钥字符串和服务器私钥解密上传的所述文档密文。And uploading the generated document ciphertext to the server, so that the server decrypts the uploaded document ciphertext according to the received encrypted key string and the server private key.
  17. 根据权利要求16所述的存储介质,其特征在于,所述计算机可读指令被所述处理器执行时还执行以下步骤:The storage medium of claim 16 wherein said computer readable instructions are further executed by said processor to perform the following steps:
    根据所述文档上传请求获取待上传的文档,使用支持所述文档格式的工具解析所述文档得到文档内容;Obtaining a document to be uploaded according to the document uploading request, parsing the document by using a tool supporting the document format to obtain a document content;
    在所述文档内容中查找待加密的隐私字段,获取所述隐私字段的位置信息,并集合获取的位置信息生成拓展字段;及 Searching for a privacy field to be encrypted in the document content, acquiring location information of the privacy field, and collecting the obtained location information to generate an extension field; and
    使用随机生成的所述密钥字符串对称加密所述文档中的隐私字段和所述拓展字段,生成文档密文和加密后的拓展字段。The privacy field and the extension field in the document are symmetrically encrypted using the randomly generated key string to generate a document ciphertext and an encrypted extension field.
  18. 根据权利要求17所述的存储介质,其特征在于,所述文档内容为字段名对应字段值的格式;待加密的所述隐私字段为所述字段值;The storage medium according to claim 17, wherein the document content is a format in which a field name corresponds to a field value; and the privacy field to be encrypted is the field value;
    所述计算机可读指令被所述处理器执行时还执行以下步骤:获取所述文档内容中的所有字段名,集合获取的所有字段名生成拓展字段;The computer readable instructions, when executed by the processor, further perform the steps of: acquiring all field names in the document content, and generating, by the set, all field names to generate an extension field;
    所述计算机可读指令被所述处理器执行时还执行以下步骤:将生成的文档密文和所述加密后的所述拓展字段发送至所述服务器,以使所述服务器对所述拓展字段进行解密获取所有所述字段名的集合,通过所述字段名定位所述文档密文中的每一个所述隐私字段,并对定位的所述隐私字段进行解密得到文档明文。The computer readable instructions, when executed by the processor, further perform the steps of: transmitting the generated document ciphertext and the encrypted extension field to the server to cause the server to pair the extension field Performing decryption to obtain a set of all the field names, and locating each of the privacy fields in the document ciphertext by using the field name, and decrypting the located privacy field to obtain a document plaintext.
  19. 一个或多个存储有计算机可读指令的计算机可读非易失性存储介质,计算机可读指令被一个或多个处理器执行时,使得一个或多个处理器执行以下步骤:One or more computer readable non-volatile storage media storing computer readable instructions, when executed by one or more processors, cause one or more processors to perform the steps of:
    接收移动终端中应用程序发送的通信请求,获取所述通信请求中携带的密钥字符串,所述密钥字符串是所述移动终端在所述应用程序开启时随机生成的,且经预先公布的服务器公钥非对称加密处理;Receiving a communication request sent by the application in the mobile terminal, and acquiring a key string carried in the communication request, where the key string is randomly generated by the mobile terminal when the application is started, and is pre-announced Server public key asymmetric encryption processing;
    接收所述移动终端发送的文档上传请求,获取所述文档上传请求中携带的文档密文;及Receiving a document upload request sent by the mobile terminal, and acquiring a document ciphertext carried in the document upload request; and
    使用服务器私钥解密所述密钥字符串,并使用解密后的所述密钥字符串解密所述文档密文,以使所述文档显示出隐私字段。The key string is decrypted using the server private key and the decrypted document string is used to decrypt the document ciphertext such that the document displays a privacy field.
  20. 根据权利要求19所述的存储介质,其特征在于,所述文档上传请求中还携带经加密处理的拓展字段;The storage medium according to claim 19, wherein the document upload request further carries an extended field that is encrypted;
    所述计算机可读指令被所述处理器执行时还执行以下步骤:使用服务器私钥解密所述密钥字符串,并使用解密后的所述密钥字符串解密所述拓展字段,得到所述文档密文中加密的隐私字段对应的位置信息;及The computer readable instructions, when executed by the processor, further perform the steps of: decrypting the key string using a server private key, and decrypting the extended field using the decrypted key string to obtain the Location information corresponding to the encrypted privacy field in the document ciphertext; and
    根据所述位置信息定位所述文档密文中的所述隐私字段,使用解密后的 所述密钥字符串解密定位的所述隐私字段,得到显示出所述隐私字段的文档明文。 Locating the privacy field in the document ciphertext according to the location information, using the decrypted The key string decrypts the located privacy field to obtain a document plaintext displaying the privacy field.
PCT/CN2017/104670 2017-08-02 2017-09-29 Information encryption and decryption method and device, computer equipment and storage medium WO2019024230A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201710653337.6A CN107666479A (en) 2017-08-02 2017-08-02 Information encrypting and decrypting method, apparatus, computer equipment and storage medium
CN201710653337.6 2017-08-02

Publications (1)

Publication Number Publication Date
WO2019024230A1 true WO2019024230A1 (en) 2019-02-07

Family

ID=61097240

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/104670 WO2019024230A1 (en) 2017-08-02 2017-09-29 Information encryption and decryption method and device, computer equipment and storage medium

Country Status (2)

Country Link
CN (1) CN107666479A (en)
WO (1) WO2019024230A1 (en)

Families Citing this family (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110365620B (en) * 2018-03-26 2021-08-13 中移(苏州)软件技术有限公司 Stream data privacy protection method and device
CN108897728B (en) * 2018-06-27 2023-04-07 平安科技(深圳)有限公司 Short message splicing processing method and device, computer equipment and storage medium
CN109150502A (en) * 2018-09-19 2019-01-04 广州通达汽车电气股份有限公司 Data ciphering method, device, system, computer equipment and storage medium
CN109246130A (en) * 2018-10-17 2019-01-18 深圳壹账通智能科技有限公司 Data ciphering method, device, computer equipment and storage medium
CN109635574A (en) * 2018-11-14 2019-04-16 李炜哲 File encryption-decryption method, system and storage medium in a kind of cloud storage system
WO2020133068A1 (en) * 2018-12-27 2020-07-02 福建联迪商用设备有限公司 Key transfer method, terminal and system
CN109670329A (en) * 2018-12-28 2019-04-23 东信和平科技股份有限公司 A kind of safe lead-in and lead-out method of server data and server
CN110557738B (en) * 2019-07-12 2022-06-07 安徽中科美络信息技术有限公司 Vehicle monitoring information safe transmission method and system
CN110677382A (en) * 2019-08-20 2020-01-10 中国平安财产保险股份有限公司 Data security processing method, device, computer system and storage medium
CN111177751B (en) * 2019-12-20 2022-05-24 苏州浪潮智能科技有限公司 Method and equipment for encrypting pdf file and readable medium
CN111832043B (en) * 2020-06-23 2023-10-03 平安科技(深圳)有限公司 Data encryption processing method, device, computer equipment and storage medium
CN111967023A (en) * 2020-07-03 2020-11-20 浙江数链科技有限公司 Data encryption and decryption method, device, system and readable storage medium
CN113259092A (en) * 2021-04-04 2021-08-13 余绍祥 Document distributed encryption system
CN113364760A (en) * 2021-06-01 2021-09-07 平安科技(深圳)有限公司 Data encryption processing method and device, computer equipment and storage medium
CN113868505A (en) * 2021-09-03 2021-12-31 北京达佳互联信息技术有限公司 Data processing method and device, electronic equipment, server and storage medium
CN115333809B (en) * 2022-07-29 2024-10-29 上海浦东发展银行股份有限公司 Data desensitization and restoration method based on symmetric encryption
CN116522382B (en) * 2023-04-17 2023-11-21 广州市安洛网络有限责任公司 Application program user information protection method and system

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150365385A1 (en) * 2014-06-11 2015-12-17 Bijit Hore Method and apparatus for securing sensitive data in a cloud storage system
CN105187456A (en) * 2015-10-27 2015-12-23 成都卫士通信息产业股份有限公司 Cloud-drive file data safety protection method
CN106161444A (en) * 2016-07-07 2016-11-23 北京信长城技术研究院 Secure storage method of data and subscriber equipment
CN106254324A (en) * 2016-07-26 2016-12-21 杭州文签网络技术有限公司 A kind of encryption method storing file and device
CN106506155A (en) * 2016-12-09 2017-03-15 四川师范大学 Cryptograph Sharing method under publicly-owned cloud environment
CN106534124A (en) * 2016-11-15 2017-03-22 浙江丞易软件开发有限公司 Integration encrypted storage tamper-proofing method and system

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103294961A (en) * 2013-06-07 2013-09-11 北京奇虎科技有限公司 Method and device for file encrypting/decrypting
US10057220B2 (en) * 2015-07-24 2018-08-21 International Business Machines Corporation Message encryption

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150365385A1 (en) * 2014-06-11 2015-12-17 Bijit Hore Method and apparatus for securing sensitive data in a cloud storage system
CN105187456A (en) * 2015-10-27 2015-12-23 成都卫士通信息产业股份有限公司 Cloud-drive file data safety protection method
CN106161444A (en) * 2016-07-07 2016-11-23 北京信长城技术研究院 Secure storage method of data and subscriber equipment
CN106254324A (en) * 2016-07-26 2016-12-21 杭州文签网络技术有限公司 A kind of encryption method storing file and device
CN106534124A (en) * 2016-11-15 2017-03-22 浙江丞易软件开发有限公司 Integration encrypted storage tamper-proofing method and system
CN106506155A (en) * 2016-12-09 2017-03-15 四川师范大学 Cryptograph Sharing method under publicly-owned cloud environment

Also Published As

Publication number Publication date
CN107666479A (en) 2018-02-06

Similar Documents

Publication Publication Date Title
WO2019024230A1 (en) Information encryption and decryption method and device, computer equipment and storage medium
WO2022252632A1 (en) Data encryption processing method and apparatus, computer device, and storage medium
CN108833101B (en) Data transmission method of Internet of things equipment, internet of things equipment and authentication platform
JP5679018B2 (en) Database encryption system, method and program
US20170295013A1 (en) Method for fulfilling a cryptographic request requiring a value of a private key
JP6048414B2 (en) Database apparatus, method and program
US8837734B2 (en) Managing encrypted data and encryption keys
US10951595B2 (en) Method, system and apparatus for storing website private key plaintext
US10153897B1 (en) Custom encryption function for communications between a client device and a server device
WO2019085449A1 (en) Service short message pushing method, apparatus, computer device and storage medium
WO2018136801A1 (en) End-to-end secure operations using a query matrix
WO2021114614A1 (en) Application program secure startup method and apparatus, computer device, and storage medium
WO2019205366A1 (en) Picture management method and apparatus, computer device, and storage medium
US11321471B2 (en) Encrypted storage of data
CN113301036A (en) Communication encryption method and device, equipment and storage medium
CN113824553A (en) Key management method, device and system
JP2007142504A (en) Information processing system
WO2019184741A1 (en) Application program information storing method and apparatus, and application program information processing method and apparatus
US20170200020A1 (en) Data management system, program recording medium, communication terminal, and data management server
JP2015090993A (en) Encryption control device, encryption control method and program
CN111767550B (en) Data storage method and device
CN112565156A (en) Information registration method, device and system
KR20130040065A (en) Electric apparatus and encrytion method thereof
JP2020048107A (en) Data management method, data management device, and data management program
JP7302404B2 (en) Information processing device and program

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17919929

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205 DATED 09/07/2020)

122 Ep: pct application non-entry in european phase

Ref document number: 17919929

Country of ref document: EP

Kind code of ref document: A1