WO2022142629A1 - 用户数据处理方法、装置、计算机设备及存储介质 - Google Patents

用户数据处理方法、装置、计算机设备及存储介质 Download PDF

Info

Publication number
WO2022142629A1
WO2022142629A1 PCT/CN2021/125569 CN2021125569W WO2022142629A1 WO 2022142629 A1 WO2022142629 A1 WO 2022142629A1 CN 2021125569 W CN2021125569 W CN 2021125569W WO 2022142629 A1 WO2022142629 A1 WO 2022142629A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
information
key
target
data
Prior art date
Application number
PCT/CN2021/125569
Other languages
English (en)
French (fr)
Inventor
郑如刚
Original Assignee
深圳壹账通智能科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳壹账通智能科技有限公司 filed Critical 深圳壹账通智能科技有限公司
Publication of WO2022142629A1 publication Critical patent/WO2022142629A1/zh

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/245Query processing
    • G06F16/2457Query processing with adaptation to user needs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6227Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Definitions

  • the present application relates to the technical field of data processing, and in particular, to a user data processing method, apparatus, computer equipment and storage medium.
  • Embodiments of the present application provide a user data processing method, device, computer equipment, and storage medium, so as to solve the problem of a relatively large security risk in the current method of storing user data.
  • a user data processing method comprising:
  • the user account, the user private key and the target ciphertext data are associated and stored in the business layer, and the user account and the user non-key information are associated and stored in the database.
  • a user data processing device comprising:
  • a user original data acquisition module used to acquire user original data, where the user original data includes a user account
  • a split processing acquisition module used for processing the user original data to obtain user key information and user non-key information
  • an encryption processing module configured to send the user key information to the business layer, perform encryption processing on the user key information, and obtain target ciphertext data and user private key;
  • the storage module is configured to associate and store the user account, the user private key and the target ciphertext data in the business layer, and associate and store the user account and the non-key information of the user in a database.
  • a computer device comprising a memory, a processor, and a readable storage medium stored in the memory and executable on the processor, wherein the processor implements the following steps when executing the readable storage medium:
  • the user account, the user private key and the target ciphertext data are associated and stored in the business layer, and the user account and the user non-key information are associated and stored in the database.
  • One or more readable storage media having computer-readable instructions stored thereon, the computer-readable storage media having computer-readable instructions stored thereon, wherein the computer-readable instructions, when executed by one or more processors, cause all The one or more processors perform the following steps:
  • the user account, the user private key and the target ciphertext data are associated and stored in the business layer, and the user account and the user non-key information are associated and stored in the database.
  • the above-mentioned user data processing method, device, computer equipment and storage medium obtain the user original data, which includes the user account; User critical information and user non-critical information are stored separately to provide technical support. Sending the user key information to the business layer, encrypting the user key information, and obtaining the target ciphertext data and the user's private key can effectively protect the user's key information and avoid leakage of the user's key information.
  • the user account, user private key and target ciphertext data are associated and stored in the business layer, and the user account and the user's non-critical information are associated and stored in the database. Separate storage of user data can effectively ensure user data security.
  • picture 1 is a schematic diagram of an application environment of the user data processing method in an embodiment of the present application.
  • picture 2 is a flowchart of a user data processing method in an embodiment of the present application.
  • picture 3 is another flowchart of the user data processing method in an embodiment of the present application.
  • picture 4 is another flowchart of the user data processing method in an embodiment of the present application.
  • picture 5 is another flowchart of the user data processing method in an embodiment of the present application.
  • picture 6 is another flowchart of the user data processing method in an embodiment of the present application.
  • picture 7 is another flowchart of the user data processing method in an embodiment of the present application.
  • picture 8 is another flowchart of the user data processing method in an embodiment of the present application.
  • picture 9 is a schematic block diagram of a user data processing device in an embodiment of the present application.
  • picture 10 It is a schematic diagram of a computer device in an embodiment of the present application.
  • the user data processing method provided by the embodiment of the present application can be applied in the application environment shown in FIG. 1 .
  • the user data processing method is applied in a user data processing system.
  • the user data processing system includes a client and a server as shown in FIG. 1 . Processing, the user's key key information and user's non-critical information are stored separately to effectively protect the security of the user's key information.
  • the client also known as the client, refers to the program corresponding to the server and providing local services for the client. Clients can be installed on, but not limited to, various personal computers, laptops, smartphones, tablets, and portable wearable devices.
  • the server can be implemented as an independent server or a server cluster composed of multiple servers.
  • a method for processing user data is provided, which is described by taking the method applied to the server in FIG. 1 as an example, including the following steps:
  • S201 Obtain user original data, where the user original data includes a user account.
  • the user original data is the data sent by the user to the server through the application.
  • the user original data may be the user data filled in by the user registration application or the data submitted by the user to the server for authentication, which is not limited here. .
  • the user account is the account of the user logging in to the application, for example, the user account may be the user's name or the like.
  • the user starts the application program on the client, fills in the user's original data on the application program, and clicks the confirm and submit button, so that the server obtains the user's original data.
  • S202 Process the user's original data to obtain user key information and user non-key information.
  • the user key information is information used to indicate the user's identity.
  • the user's key information includes but is not limited to the user's title and the user identity, wherein the user identity is an identity used to uniquely identify the user, for example, the user
  • the ID can be a user ID. Understandably, the key user information is usually data with a relatively small amount of data and high privacy.
  • User non-critical information is information other than user critical information, for example, user non-critical information may be user address, user video, user photo, and the like.
  • the user video and user photo can be stored on the server by the user to release the storage space of the client; or the user video and user photo can be registered as the user's own operation, which requires the user to collect photos in the application program interface. Submit the user's photo; or submit the user's video in the application's video capture interface to ensure that the user himself is the one who registers the application, to ensure the authenticity and effectiveness of the user's registration, and to avoid forgery of users. Understandably, the non-critical user information is usually data with a relatively large amount of data and low privacy.
  • the server After the server obtains the user's original data, it processes the user's original data to split the user's original data to obtain the user's key information and the user's non-key information.
  • the key information is separated to provide technical support for the subsequent storage of user key information and user non-critical information; the user's key information and user non-critical information are separated, because usually criminals usually only attack the database, so even if the criminals break the database, It is difficult to obtain complete data, and it is impossible to obtain complete information of users, which is conducive to ensuring the safety of key information of users.
  • S203 Send the key information of the user to the business layer, encrypt the key information of the user, and obtain the target ciphertext data and the private key of the user.
  • the target ciphertext data refers to data obtained after encrypting key user information.
  • the business layer is the layer that needs to write logic code according to actual business requirements.
  • the server usually stores all the data received in the database, but the data of the same user in the database is very complete. If the database is illegally breached, the user's data will be leaked.
  • the key information of the user is stored in the business layer. , encrypting the user's key information can effectively protect the user's key information and avoid leakage of the user's key information.
  • the user's original data is split to obtain the user's key information, and the user's key information is encrypted by using the user's public key to obtain the target ciphertext data, which is conducive to ensuring the security of the user's key information and avoids the direct use of the user's key information in the prior art.
  • the original data is stored in the database, the original user data cannot be encrypted, and the original user data cannot be effectively guaranteed.
  • an encryption algorithm is used in the business layer to encrypt the user's key information to obtain target ciphertext data, which can effectively protect the user's key information and avoid leakage of the user's key information.
  • S204 Associate and store the user account, the user private key and the target ciphertext data in the business layer, and associate and store the user account and the user's non-key information in the database.
  • the user account and the target ciphertext data are associated and stored in the business layer, and subsequently key user information in the business layer can be found according to the user account; user non-key information is associated and stored in the database, therefore, if the database is illegally breached , the hacker cannot obtain complete user data, which can effectively ensure the security of user data.
  • the user data processing method provided in this embodiment obtains user original data, which includes user accounts; and processes the user original data to obtain user key information and user non-critical information, which is used for subsequent user key information and user non-critical information.
  • Information is stored separately to provide technical support.
  • Sending the user's key information to the business layer, encrypting the user's key information, and obtaining the target ciphertext data and the user's private key can effectively protect the user's key information and avoid leakage of the user's key information.
  • the user account, user private key and target ciphertext data are associated and stored in the business layer, and the user account and user non-critical information are associated and stored in the database. Separate storage of user data can effectively ensure user data security.
  • the user original data includes original fields and field values corresponding to the original fields; step S202, that is, the user original data is processed to obtain user key information and user non-key information, including :
  • S301 Query an information classification table based on user original data, and the information classification table includes key fields;
  • the original field is a field representing the attributes of the data
  • the original field may be attributes of the user such as name, age, job title, and authority.
  • the field value is the value corresponding to the original field. For example, when the original field is age, the field value is xx years old; when the original field is permission, the field value is permission 1 or permission 2, etc.;
  • the information classification table is pre-configured and is used to process the user's original data to obtain a table of user key information and user non-critical information, so as to standardize the user's original data.
  • Key fields refer to the more critical fields.
  • key fields can be user permissions and user roles, etc. Among them, the user roles can be administrators and visitors; or ordinary employees and managers.
  • User permissions are used to restrict users' access to information items on the application. For example, user 1 can submit user contracts, user 2 can access user contracts and verify user contracts, etc., user 3 can approve payment slips, etc., that is, submit users
  • the contract and the verification user contract are the user rights.
  • the preset information classification table can provide technical support for the subsequent splitting of user key information and user non-key information, and ensure the specification of the processing process.
  • S302 Extract the field value of the original field matching the key field from the original user data to obtain the key user information.
  • S303 Extract the field value of the original field that does not match the key field from the user original data, so as to obtain the user's non-key information.
  • the field value of the original field matching the key field is determined as the user key information, and the user key information is extracted from the user original data; the field value of the original field that does not match the key field is determined as User non-critical information, and extract user non-critical information from user original data, realize the separation of user critical information and user non-critical information, ensure that user critical information and user non-critical information can be stored separately in the follow-up, effectively ensure user data Safety.
  • the user data processing method provided by this embodiment queries the information classification table based on the user's original data, and realizes the normalized processing of the user's original data. Extract the field values of the original fields that match the key fields from the user's original data to obtain the key user information; extract the field values of the original fields that do not match the key fields from the user's original data to obtain the user's non-key information , to ensure that key user information and non-critical user information can be stored separately in the follow-up, effectively ensuring user data security.
  • step S203 the key information of the user is encrypted to obtain the target ciphertext data and the user's private key, including:
  • the encryption algorithm refers to an asymmetric encryption algorithm
  • the asymmetric encryption algorithm is an algorithm that does not use the same key for encryption and decryption.
  • there are two keys namely the user public key and the user private key. must be paired, otherwise the encrypted data cannot be opened.
  • the user's public key refers to the key that can be announced to the outside world and is used to encrypt the user's key information.
  • the user's private key is the key used to decrypt the encrypted user's key information (that is, the target ciphertext data), and can only be known by the holder.
  • the asymmetric encryption method has two keys, and the user's public key can be made public, so there is no fear of others knowing it. When decrypting, it can be decrypted only with the matching user's private key, which is very good. It avoids the security problem of key transmission.
  • the user private key and the user public key are generated to provide technical support for encrypting the user key information.
  • S402 Encrypt key user information by using the user's public key to obtain target ciphertext data.
  • the user's key information is encrypted with the user's public key to obtain the target ciphertext data, and the target ciphertext data, the user account and the user's private key are associated and stored in the business layer, which can realize the protection of the user's key information.
  • an encryption algorithm is used to generate a user public key and a user private key corresponding to the user public key, which provides technical support for encrypting user key information.
  • the user's key information is encrypted by using the user's public key to obtain the target ciphertext data, which can realize the protection of the user's key information.
  • the target ciphertext data carries a user authority identifier; after step S204, that is, after the user account, the user private key and the target ciphertext data are associated and stored in the business layer, the user After the account and user non-critical information is associated and stored in the database, the method further includes:
  • S501 Obtain a user access request, where the user access request includes a user account and a target access object.
  • the user access request is a request that the user wants to access the function module on the application.
  • the target access object refers to the functional module that the user wishes to access.
  • the target access object may be contract verification, loan approval, or payment approval.
  • S502 Determine the target authority information and a query identifier corresponding to the target authority information based on the target access object.
  • the target permission information is set according to the target access object and is used to determine whether the user can access the target access object. That is, the user can access the target access object only if he has the target permission information.
  • the query identifier is an identifier indicating the query business layer or the database. It is understandable that determining whether the user can access and use it is determined based on the user's original user information. Therefore, in this embodiment, when the target access object is obtained, Then, according to the actual setting of the target access object, it is necessary to determine the target permission information and the query identifier, so as to determine whether to query the database or query at the business layer.
  • the corresponding target permission information is internal employees and working in the contract department; when the user's target access object is contract signing, the corresponding target permission information is the user For company customers and user pictures, etc.
  • the matching private key is the key corresponding to the user account, so that subsequent matching with the user private key corresponding to the user account can be performed to determine whether the user is a legitimate user.
  • the server obtains a pre-generated matching private key for subsequent matching with the user's private key to verify whether the user is legitimate.
  • the user authority identifier is an identifier used to indicate user authority, and the user authority identifier is an identifier obtained in advance according to the key information of the user. Understandably, since the target ciphertext data carries the user authority identifier, it is not necessary to Decrypting the ciphertext data is beneficial to protect the target ciphertext data.
  • the user's private key and the matching private key are obtained according to an encryption algorithm, which has high security. If the user's private key matches the matching private key, it indicates that the user is a legitimate user.
  • the matching information of the matching private key is sent to the business layer, so that the business layer feeds back the user permission ID to the server based on the matching information between the user private key and the matching private key, so that the server can process the user access request according to the user permission ID to realize the determination
  • user rights there is no need to decrypt the key user information stored in the business layer, which is beneficial to shorten the time for determining user rights; at the same time, when calling key user information, the user rights identifier is obtained by calling the business layer itself, which can solve the problem of using the current technology.
  • the data access layer feeds back data to the business layer, which exists in the problem of being hacked to obtain key user information remotely.
  • the user access request is processed based on the user authority identifier, specifically judging whether the user authority identifier includes the target authority information, and if the user authority identifier includes the target authority information, responding to the user access request; if the user authority identifier does not include the target authority information, It does not respond to the user's access request, and displays the information that the user does not meet the access rights.
  • target authority information is determined based on the target access object, so as to provide technical support for subsequent determination of whether the user can access the target access object. If the target permission information is the user's key information, the matching private key corresponding to the user account is obtained, so that the user's private key can be subsequently matched to verify whether the user is legitimate. If the user's private key matches the matching private key, obtain the user permission ID fed back by the business layer according to the target permission information, and process the user access request based on the user permission ID and target permission information. It is beneficial to protect the target ciphertext data; the user authority identifier can be obtained through the business layer itself, which can solve the problem that the current technology feeds data to the business layer through the data access layer to remotely obtain key user information by hackers.
  • the method further includes:
  • the query result is a result obtained by querying the non-critical user information in the database according to the target authority information. Understandably, the query result includes that the user non-critical information has target authority information, or the user non-critical information does not have target authority information.
  • the database is queried according to the target authority information to determine whether there is target authority information in the user's non-key information, so as to provide technical support for subsequent processing of user access requests.
  • S602 Process the user access request based on the query result.
  • the query result includes the target permission information
  • the user access request is responded; if the query result does not include the target permission information, the user access request is not responded, and the information that the user does not satisfy the access permission is displayed, so as to access the user according to the actual situation. request to be processed.
  • the database is queried to obtain the query result, which provides technical support for subsequent processing of the user access request.
  • the method further includes:
  • the service layer and the database are respectively queried, so as to process the user access request subsequently.
  • the server obtains the pre-generated matching private key for subsequent matching with the user's private key to verify whether the user is legitimate.
  • S703 Process the user access request based on the user authority identifier, the query result and the target authority information.
  • the user access request is responded to; if the set of the user authority identifier and the query result includes the target authority information, the user access request is not responded to, and the user does not respond to the request.
  • the query identifier is a business layer and a database
  • a matching private key corresponding to the user account is obtained, so as to subsequently match with the user private key to verify whether the user is legitimate. If the user's private key matches the matching private key, obtain the user authority identifier fed back by the business layer according to the target authority information; query the database according to the target authority information to obtain the query result; access the user based on the user authority identifier, the query result and the target authority information
  • the request is processed to process the user access request according to the actual situation.
  • the method before step S501, before acquiring the user access request, the method further includes:
  • S801 Obtain a user login request, where the user login request includes a user account and a user password.
  • the user login request is a request for the user to log in to the application.
  • S802 Verify the user account and the user password, and obtain an identity verification result.
  • the authentication result refers to the result of verifying the user account and user password. Understandably, if the user account and user password are correct, the authentication result is passed; if one of the user account and user password is incorrect, the authentication result is failed.
  • the server creates a registration information table in the business layer in advance, and the registration information table is used to record the user account and user password submitted by the user during registration. It should be noted that when the user modifies the user account and user password, the The registration information table is updated synchronously. When the server obtains the user account and the user password, it queries the registration information table to verify the user account and the user password.
  • the authentication result when the authentication result is passed, it proves that the user is a legitimate user. At this time, a matching private key corresponding to the user account is generated to provide technical support for subsequent user access, and jump to data access. interface for user access.
  • the user data processing method provided in this embodiment obtains a user login request, verifies the user account and the user password, and obtains the identity verification result; if the identity verification result is that the verification is passed, the user account and the user password are generated according to the user account number and the user password.
  • the corresponding matching private key provides technical support for subsequent user access, and jumps to the data access interface to obtain the user access request for user access.
  • a user data processing apparatus is provided, and the user data processing apparatus is in one-to-one correspondence with the user data processing method in the above-mentioned embodiment.
  • the user data processing apparatus includes a user original data acquisition module 901 , a split processing acquisition module 902 , an encryption processing module 903 and a storage module 904 .
  • the detailed description of each functional module is as follows:
  • User original data acquisition module 901 used to acquire user original data, where user original data includes user account
  • the split processing and acquisition module 902 is used for processing the original user data to obtain user key information and user non-key information;
  • the encryption processing module 903 is used to send the user key information to the business layer, perform encryption processing on the user key information, and obtain the target ciphertext data and the user private key;
  • the storage module 904 is configured to associate and store the user account, the user private key and the target ciphertext data in the business layer, and associate and store the user account and the user's non-key information in the database.
  • the user original data includes original fields and field values corresponding to the original fields;
  • the split processing acquisition module 902 includes: an information classification table query unit, a user key information acquisition unit, and a user non-key information acquisition unit.
  • the information classification table query unit is used to query the information classification table based on the user's original data, and the information classification table includes key fields;
  • the user key information acquisition unit is used to extract the field value of the original field matching the key field from the user original data, and obtain the user key information;
  • the user non-key information acquisition unit is used to extract the field values of the original fields that do not match the key fields from the user original data, and obtain the user non-key information.
  • the encryption processing module 903 includes: a key generation unit and an encryption unit.
  • a key generation unit used for generating a user public key and a user private key corresponding to the user public key by using an encryption algorithm when obtaining the user key information
  • the encryption unit is used for encrypting the user's key information by using the user's public key to obtain the target ciphertext data.
  • the target ciphertext data carries a user authority identifier; after the storage module 904, the apparatus further includes: a user access request acquisition module, a query identifier determination module, a matching private key acquisition module, and a first processing module.
  • the user access request acquisition module is used to acquire the user access request, and the user access request includes the user account and the target access object;
  • a query identifier determination module configured to determine the target permission information and the query identifier corresponding to the target permission information based on the target access object;
  • the matching private key acquisition module is used to obtain the matching private key corresponding to the user account if the query is identified as the business layer;
  • the first processing module is configured to, if the user private key matches the matching private key, obtain the user authority identifier fed back by the business layer according to the target authority information, and process the user access request based on the user authority identifier and the target authority information.
  • the apparatus further includes: a query result acquisition module and a second processing module.
  • the query result obtaining module is used to query the database according to the target authority information to obtain the query result if the query identifier is a database;
  • the second processing module is configured to process the user access request based on the query result.
  • the apparatus further includes: a matching private key acquisition module, a user authority identification and query result module, and a third processing module.
  • the matching private key acquisition module is used to obtain the matching private key corresponding to the user account if the query identifier is the business layer and database;
  • the user authority identification and query result module is used to obtain the user authority identification fed back by the business layer according to the target authority information if the user private key matches the matching private key; and query the database according to the target authority information to obtain the query result;
  • the third processing module is used for processing the user access request based on the user authority identifier, the query result and the target authority information.
  • the device before the user accesses the request acquisition module, the device further includes:
  • the user login request acquisition module is used to acquire the user login request, and the user login request includes the user account and the user password;
  • the verification module is used to verify the user account and user password, and obtain the authentication result
  • the jump module is used to generate a matching private key corresponding to the user account according to the user account and user password if the authentication result is passed, and jump to the data access interface to obtain the user access request.
  • Each module in the above-mentioned user data processing apparatus may be implemented in whole or in part by software, hardware and combinations thereof.
  • the above modules can be embedded in or independent of the processor in the computer device in the form of hardware, or stored in the memory in the computer device in the form of software, so that the processor can call and execute the operations corresponding to the above modules.
  • a computer device is provided, and the computer device may be a server, and its internal structure diagram may be as shown in FIG. 10 .
  • the computer device includes a processor, memory, a network interface, and a database connected by a system bus. Among them, the processor of the computer device is used to provide computing and control capabilities.
  • the memory of the computer device includes a non-volatile storage medium, an internal memory.
  • the non-volatile storage medium stores an operating system, a readable storage medium and a database.
  • the internal memory provides an environment for the operation of the operating system and the readable storage medium in the non-volatile storage medium.
  • the database of the computer equipment is used to store user raw data.
  • the network interface of the computer device is used to communicate with an external terminal through a network connection.
  • the readable storage medium implements a user data processing method when executed by a processor.
  • a computer device including a memory, a processor, and a readable storage medium stored on the memory and executable on the processor, and when the processor executes the readable storage medium, the user in the above embodiment is implemented
  • the steps of the data processing method such as steps S201 to S204 shown in FIG. 2 , or steps shown in FIG. 3 to FIG. 8 , are not repeated here to avoid repetition.
  • the processor executes the readable storage medium
  • the functions of each module/unit in this embodiment of the user data processing apparatus are implemented, for example, the user original data acquisition module 901, the split processing acquisition module 902, the encryption processing shown in FIG. 9
  • the functions of the module 903 and the storage module 904 are not repeated here in order to avoid repetition.
  • one or more readable storage media storing computer readable instructions are provided, the computer readable storage media having computer readable instructions stored thereon, the computer readable instructions being stored by one or more processors.
  • the one or more processors implement the steps of the user data processing method in the above embodiment, for example, steps S201-S204 shown in FIG. 2, or steps shown in FIG. 3 to FIG. 8, are: To avoid repetition, I will not repeat them here.
  • the processor executes the readable storage medium, the functions of each module/unit in this embodiment of the user data processing apparatus are implemented, for example, the user original data acquisition module 901, the split processing acquisition module 902, the encryption processing shown in FIG. 9
  • the functions of the module 903 and the storage module 904 are not repeated here in order to avoid repetition.
  • the readable storage medium in this embodiment includes a non-volatile readable storage medium and a volatile readable storage medium.
  • Nonvolatile memory may include read only memory (ROM), programmable ROM (PROM), electrically programmable ROM (EPROM), electrically erasable programmable ROM (EEPROM), or flash memory.
  • Volatile memory may include random access memory (RAM) or external cache memory.
  • RAM is available in various forms such as static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double data rate SDRAM (DDRSDRAM), enhanced SDRAM (ESDRAM), synchronous chain Road (Synchlink) DRAM (SLDRAM), memory bus (Rambus) direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM) and so on.
  • SRAM static RAM
  • DRAM dynamic RAM
  • SDRAM synchronous DRAM
  • DDRSDRAM double data rate SDRAM
  • ESDRAM enhanced SDRAM
  • SLDRAM synchronous chain Road (Synchlink) DRAM
  • SLDRAM synchronous chain Road (Synchlink) DRAM
  • Rambus direct RAM
  • DRAM direct memory bus dynamic RAM
  • RDRAM memory bus dynamic RAM

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Computational Linguistics (AREA)
  • Storage Device Security (AREA)

Abstract

一种用户数据处理方法、装置、计算机设备及存储介质,该方法包括:获取用户原始数据,所述用户原始数据包括用户账号(S201);对所述用户原始数据进行处理,得到用户关键信息和用户非关键信息(S202);将所述用户关键信息发送到业务层,对所述用户关键信息进行加密处理,获取目标密文数据和用户私钥(S203);将所述用户账号、用户私钥和目标密文数据关联存储在业务层中,将所述用户账号和所述用户非关键信息关联存储在数据库中(S204)。所述方法可以将用户关键信息和用户非关键信息分开存储,并对用户关键信息进行加密,有效保护用户关键信息的安全。

Description

用户数据处理方法、装置、计算机设备及存储介质
本申请以2020年12月28日提交的申请号为202011586148.X,名称为“用户数据处理方法、装置、计算机设备及存储介质”的中国发明申请为基础,并要求其优先权。
技术领域
本申请涉及数据处理技术领域,尤其涉及一种用户数据处理方法、装置、计算机设备及存储介质。
背景技术
目前,用户注册业务应用程序时,服务器常常将用户的所有信息存储在数据库的数据表中,但是发明人发现这种存储方法存在较大安全隐患,理由如下:1、数据调用时存在被非法获取的风险,当调用数据库的数据表中的用户关键信息返回到业务层过程中,黑客可以远程获取、修改数据和伪造数据等,存在用户关键信息泄露的安全隐患;2、所有数据存储在数据库中,不支持对用户关键信息进行加密,数据中用户关键信息无法得到有效保障。
技术问题
本申请实施例提供一种用户数据处理方法、装置、计算机设备及存储介质,以解决目前存储用户数据的方式存在较大安全隐患问题。
技术解决方案
一种用户数据处理方法,包括:
获取用户原始数据,所述用户原始数据包括用户账号;
对所述用户原始数据进行处理,得到用户关键信息和用户非关键信息;
将所述用户关键信息发送到业务层,对所述用户关键信息进行加密处理,获取目标密文数据和用户私钥;
将所述用户账号、用户私钥和目标密文数据关联存储在业务层中,将所述用户账号和所述用户非关键信息关联存储在数据库中。
一种用户数据处理装置,包括:
用户原始数据获取模块,用于获取用户原始数据,所述用户原始数据包括用户账号;
拆分处理获取模块,用于对所述用户原始数据进行处理,得到用户关键信息和用户非关键信息;
加密处理模块,用于将所述用户关键信息发送到业务层,对所述用户关键信息进行加密处理,获取目标密文数据和用户私钥;
存储模块,用于将所述用户账号、用户私钥和目标密文数据关联存储在业务层中,将所述用户账号和所述用户非关键信息关联存储在数据库中。
一种计算机设备,包括存储器、处理器以及存储在所述存储器中并可在所述处理器上运行的可读存储介质,其中,所述处理器执行所述可读存储介质时实现如下步骤:
获取用户原始数据,所述用户原始数据包括用户账号;
对所述用户原始数据进行处理,得到用户关键信息和用户非关键信息;
将所述用户关键信息发送到业务层,对所述用户关键信息进行加密处理,获取目标密文数据和用户私钥;
将所述用户账号、用户私钥和目标密文数据关联存储在业务层中,将所述用户账号和所述用户非关键信息关联存储在数据库中。
一个或多个存储有计算机可读指令的可读存储介质,所述计算机可读存储介质存储有计算机可读指令,其中,所述计算机可读指令被一个或多个处理器执行时,使得所述一个或多个处理器执行如下步骤:
获取用户原始数据,所述用户原始数据包括用户账号;
对所述用户原始数据进行处理,得到用户关键信息和用户非关键信息;
将所述用户关键信息发送到业务层,对所述用户关键信息进行加密处理,获取目标密文数据和用户私钥;
将所述用户账号、用户私钥和目标密文数据关联存储在业务层中,将所述用户账号和所述用户非关键信息关联存储在数据库中。
有益效果
上述用户数据处理方法、装置、计算机设备及存储介质,获取用户原始数据,所述用户原始数据包括用户账号;对所述用户原始数据进行处理,得到用户关键信息和用户非关键信息,为后续对用户关键信息和用户非关键信息分开存储提供技术支持。将所述用户关键信息发送到业务层,对所述用户关键信息进行加密处理,获取目标密文数据和用户私钥,可以有效地保护用户关键信息,避免用户关键信息泄露。将所述用户账号、用户私钥和目标密文数据关联存储在业务层中,将所述用户账号和所述用户非关键信息关联存储在数据库中,用户数据分开存储可以有效保证用户数据安全。
附图说明
为了更清楚地说明本申请实施例的技术方案,下面将对本申请实施例的描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本申请的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动性的前提下,还可以根据这些附图获得其他的附图。
1 是本申请一实施例中用户数据处理方法的一应用环境示意图;
2 是本申请一实施例中用户数据处理方法的一流程图;
3 是本申请一实施例中用户数据处理方法的另一流程图;
4 是本申请一实施例中用户数据处理方法的另一流程图;
5 是本申请一实施例中用户数据处理方法的另一流程图;
6 是本申请一实施例中用户数据处理方法的另一流程图;
7 是本申请一实施例中用户数据处理方法的另一流程图;
8 是本申请一实施例中用户数据处理方法的另一流程图;
9 是本申请一实施例中用户数据处理装置的一原理框图;
10 是本申请一实施例中计算机设备的一示意图。
具体实施方式
下面将结合本申请实施例中的附图,对本申请实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例是本申请一部分实施例,而不是全部的实施例。基于本申请中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都属于本申请保护的范围。
本申请实施例提供的用户数据处理方法,该用户数据处理方法可应用如图1所示的应用环境中。具体地,该用户数据处理方法应用在用户数据处理系统中,该用户数据处理系统包括如图1所示的客户端和服务器,客户端与服务器通过网络进行通信,用于实现将用户原始数据进行处理,将用户关键关键信息和用户非关键信息分开存储,有效保护用户关键信息的安全性。其中,客户端又称为用户端,是指与服务器相对应,为客户提供本地服务的程序。客户端可安装在但不限于各种个人计算机、笔记本电脑、智能手机、平板电脑和便携式可穿戴设备上。服务器可以用独立的服务器或者是多个服务器组成的服务器集群来实现。
在一实施例中,如图2所示,提供一种用户数据处理方法,以该方法应用在图1中的服务器为例进行说明,包括如下步骤:
S201:获取用户原始数据,用户原始数据包括用户账号。
其中,用户原始数据是用户通过应用程序向服务器发送的数据,例如,该用户原始数据可以是用户注册应用程序填写的用户数据或者用户为了进行身份验证时向服务器提交的数据,在此不做限定。
用户账号是用户登录应用程序的账号,例如,用户账号可以是用户姓名等。
具体地,用户在客户端启动应用程序,在应用程序上填写用户原始数据,并点击确认提交按钮,以便服务器获取用户原始数据。
S202:对用户原始数据进行处理,得到用户关键信息和用户非关键信息。
其中,用户关键信息是用于指示用户身份的信息,本实施例中,用户关键信息包括但不限于用户职务和用户身份标识,其中,用户身份标识是用于唯一识别用户的标识,例如,用户身份标识可以是用户身份证。可以理解地,用户关键信息通常是数据量比较少、私密性较高的数据。
用户非关键信息是除了用户关键信息以外的信息,例如,用户非关键信息可以是用户地址、用户视频和用户照片等。其中,用户视频和用户照片可以是用户需要存储在服务器上,以达到释放客户端的存储空间的作用;或者用户视频和用户照片是为了保证注册为用户本人操作,需要用户在应用程序的采集照片接口提交用户照片;或者在应用程序的采集视频接口提交用户视频,以保证注册应用程序的是用户本人,以保证用户注册的真实有效,避免出现伪造用户等情况。可以理解地,用户非关键信息通常是数据量比较多、且私密性较低的数据。
具体地,当服务器获取到用户原始数据后,则对用户原始数据进行处理,以对用户原始数据进行拆分,得到用户关键信息和用户非关键信息,可以理解地,将用户关键信息和用户非关键信息分开,为后续对用户关键信息和用户非关键信息分开存储提供技术支持;将用户关键信息和用户非关键信息分开,由于通常情况下不法分子通常只攻击数据库,因此即使不法分子攻破数据库也难以得到完整的数据,无法获取用户的完整信息,有利于保证用户关键信息的安全。
S203:将用户关键信息发送到业务层,对用户关键信息进行加密处理,获取目标密文数据和用户私钥。
其中,目标密文数据是指用户关键信息进行加密后得到的数据。业务层是需要根据实际业务需求编写逻辑代码的形成的层。服务器通常将接收到的所有数据都存储在数据库,但是在数据库中同一个用户的数据非常完整,若是被数据库非法攻破,则导致用户的数据泄露,本实施例,将用户关键信息存储在业务层中,对用户关键信息进行加密处理,可以有效地保护用户关键信息,避免用户关键信息泄露。
本实施例中,将用户原始数据拆分得到用户关键信息,采用用户公钥对用户关键信息进行加密,以得到目标密文数据,有利于保证用户关键信息安全,避免现有技术中直接将用户原始数据存储在数据库,无法对用户原始数据进行加密,无法有效保证用户原始数据的问题。
本实施例中,在业务层中采用加密算法对用户关键信息进行加密处理,得到目标密文数据,可以有效地保护用户关键信息,避免用户关键信息泄露。
S204:将用户账号、用户私钥和目标密文数据关联存储在业务层中,将用户账号和用户非关键信息关联存储在数据库中。
本实施例,将用户账号和目标密文数据关联存储在业务层中,后续可以根据用户账号找到业务层中的用户关键信息;用户非关键信息关联存储在数据库中,因此,若是被数据库非法攻破,黑客也无法得到完整的用户数据,可以有效保证用户数据安全。
本实施例所提供的用户数据处理方法,获取用户原始数据,用户原始数据包括用户账号;对用户原始数据进行处理,得到用户关键信息和用户非关键信息,为后续对用户关键信息和用户非关键信息分开存储提供技术支持。将用户关键信息发送到业务层,对用户关键信息进行加密处理,获取目标密文数据和用户私钥,可以有效地保护用户关键信息,避免用户关键信息泄露。将用户账号、用户私钥和目标密文数据关联存储在业务层中,将用户账号和用户非关键信息关联存储在数据库中,用户数据分开存储可以有效保证用户数据安全。
在一实施例中,如图3所示,用户原始数据包括原始字段和与原始字段相对应的字段值;步骤S202,即对用户原始数据进行处理,得到用户关键信息和用户非关键信息,包括:
S301:基于用户原始数据查询信息分类表,信息分类表包括关键字段;
其中,原始字段是表示数据的属性的字段,例如,原始字段可以是名字、年龄、职务和权限等用户的属性。字段值是原始字段对应的值,例如,原始字段是年龄时,则字段值为xx岁;原始字段是权限时,则字段值为权限1或者权限2等;
信息分类表是预先配置的,用于对用户原始数据进行处理,得到用户关键信息和用户非关键信息的表格,实现对用户原始数据规范化处理。关键字段是指较为关键的字段。例如,关键字段可以是用户权限和用户角色等。其中,用户角色可以是管理员和访客;或者普通员工和管理者等。用户权限是用来限制用户访问应用程序上的信息项的权限,例如,用户1可以提交用户合同,用户2可以访问用户合同和校验用户合同等,用户3可以审批放款单等,即提交用户合同和校验用户合同等即为用户权限。本实施例中,预先设置信息分类表可以为后续用户关键信息与用户非关键信息的拆分提供技术支持,保证处理过程的规范。
S302:从用户原始数据中抽取与关键字段相匹配的原始字段的字段值,以获取用户关键信息。
S303:从用户原始数据中抽取与关键字段不匹配的原始字段的字段值,以获取用户非关键信息。
本实施例中,将与关键字段相匹配的原始字段的字段值确定为用户关键信息,并从用户原始数据中抽取用户关键信息;将与关键字段不匹配的原始字段的字段值确定为用户非关键信息,并从用户原始数据中抽取用户非关键信息,实现将用户关键信息和用户非关键信息拆分,保证后续可以对用户关键信息和用户非关键信息分开存储,有效地保证用户数据安全。
本实施例所提供的用户数据处理方法,基于用户原始数据查询信息分类表,实现对用户原始数据规范化处理。从用户原始数据中抽取与关键字段相匹配的原始字段的字段值,以获取用户关键信息;从用户原始数据中抽取与关键字段不匹配的原始字段的字段值,以获取用户非关键信息,保证后续可以对用户关键信息和用户非关键信息分开存储,有效地保证用户数据安全。
在一实施例中,如图4所示,步骤S203,将对用户关键信息进行加密处理,获取目标密文数据和用户私钥,包括:
S401:当获取用户关键信息时,则采用加密算法生成用户公钥和与用户公钥对应的用户私钥。
其中,加密算法是指非对称式加密算法,非对称式加密算法就是加密和解密所使用的不是同一个密钥的算法,通常有两个密钥,即用户公钥和用户私钥,它们两个必需配对使用,否则不能打开加密后的数据。用户公钥是指可以对外公布的,用于对用户关键信息进行加密的密钥。用户私钥是用于对加密后的用户关键信息(即目标密文数据)进行解密的钥匙,只能由持有人一个人知道。可以理解地,非对称式的加密方法有两个密钥,且其中的用户公钥是可以公开的,也就不怕别人知道,解密时只要用匹配的用户私钥即可以解密,这样就很好地避免了密钥的传输安全性问题。
本实施例中,将用户关键信息发送给业务层之后,为了进一步提高用户关键数据的安全保障,则生成用户私钥和用户公钥,为实现对用户关键信息进行加密提供技术支持。
S402:采用用户公钥对用户关键信息进行加密,获取目标密文数据。
本实施中,采用用户公钥对用户关键信息加密,得到目标密文数据,并将目标密文数据、用户账号和用户私钥关联存储在业务层中,可以实现对用户关键信息的保护。
本实施例所提供的用户数据处理方法,当获取用户关键信息时,则采用加密算法生成用户公钥和与用户公钥对应的用户私钥,为实现对用户关键信息进行加密提供技术支持。采用用户公钥对用户关键信息进行加密,获取目标密文数据,可以实现对用户关键信息的保护。
在一实施例中,如图5所示,目标密文数据携带有用户权限标识;在步骤S204之后,即在将用户账号、用户私钥和目标密文数据关联存储在业务层中,将用户账号和用户非关键信息关联存储在数据库中之后,方法还包括:
S501:获取用户访问请求,用户访问请求包括用户账号和目标访问对象。
其中,用户访问请求是用户想访问应用程序上的功能模块的请求。目标访问对象是指用户希望访问的功能模块,例如,目标访问对象可以是合同校验、放款审批或者付款审批等。
具体地,应用程序的导航栏上显示的合同校验、放款审批或者付款审批等功能模块,用户在导航栏上点击目标访问对象,以向服务器发送用户访问请求,判断是否允许用户访问目标访问对象,当服务器接收到用户访问请求时,则根据用户访问请求得到用户账号和目标访问对象,以根据用户账号判断该用户是否具有对目标访问对象进行访问的权限。
S502:基于目标访问对象确定目标权限信息和目标权限信息对应的查询标识。
其中,目标权限信息是依据目标访问对象设定,用于确定用户是否能够访问目标访问对象所需要的信息,也就是说,用户只有具有目标权限信息才能访问目标访问对象。查询标识是指示查询业务层还是数据库的标识,可以理解地,判断用户能否访问和使用,则是依据用户的用户原始信息确定的,因此,本实施例中,当获取到目标访问对象时,则需要根据目标访问对象的实际设定,确定目标权限信息和查询标识,以便为后续确定去数据库查询还是在业务层查询。
作为一示例,当用户的目标访问对象为合同校验,其对应的目标权限信息为内部员工和就职于合同部门等;当用户的目标访问对象为合同签订,其对应的目标权限信息为该用户为公司客户和用户图片等。
S503:若查询标识为业务层,则获取与用户账号对应的匹配私钥。
其中,匹配私钥是与用户账号对应的密钥,以便后续与用户账号对应的用户私钥进行匹配,判断用户是否为合法用户。
本实施例中,当目标权限信息所需要为用户关键信息,则服务器获取预先生成的匹配私钥,以便后续与用户私钥进行匹配,验证用户是否合法。
S504:若用户私钥与匹配私钥匹配,则根据目标权限信息获取业务层反馈的用户权限标识,基于用户权限标识和目标权限信息对用户访问请求进行处理。
其中,用户权限标识是用于表示用户权限的标识,该用户权限标识是预先根据用户关键信息得到的标识,可以理解地,由于目标密文数据携带有用户权限标识,因此,可以不需对目标密文数据解密,有利于保护目标密文数据。
本实施例中,用户私钥与匹配私钥是根据加密算法得到的,具有较高的安全性,用户私钥与匹配私钥匹配,则说明该用户为合法用户,因此,将用户私钥与匹配私钥匹配的信息发送给业务层,以便业务层基于用户私钥与匹配私钥匹配的信息,将用户权限标识反馈给服务器,以便服务器根据用户权限标识对用户访问请求进行处理,以实现确定用户权限时,不需要对存储在业务层中的用户关键信息解密,有利于缩短确定用户权限的时长;同时调用用户关键信息时,是通过业务层自身调用得到用户权限标识,可以解决目前技术通过数据访问层将数据反馈给业务层存在的被黑客远程获取用户关键信息的问题。
其中,基于用户权限标识对用户访问请求进行处理,具体为判断用户权限标识是否包括目标权限信息,若用户权限标识包括目标权限信息,则响应用户访问请求;若用户权限标识不包括目标权限信息,则不响应用户访问请求,并显示用户不满足访问权限的信息。
本实施例所提供的用户数据处理方法,基于目标访问对象确定目标权限信息,以便为后续判断用户能否访问目标访问对象提供技术支持。若目标权限信息为用户关键信息,则获取与用户账号对应的匹配私钥,以便后续与用户私钥进行匹配,验证用户是否合法。若用户私钥与匹配私钥匹配,则根据目标权限信息获取业务层反馈的用户权限标识,基于用户权限标识和目标权限信息对用户访问请求进行处理,可以不需对目标密文数据解密,有利于保护目标密文数据;通过业务层自身调用得到用户权限标识,可以解决目前技术通过数据访问层将数据反馈给业务层存在的被黑客远程获取用户关键信息的问题。
在一实施例中,如图6所示,在步骤S502之后,即在基于目标访问对象确定目标权限信息之后,方法还包括:
S601:若查询标识为数据层,则根据目标权限信息查询数据库,获取查询结果。
其中,查询结果是根据目标权限信息查询数据库中的用户非关键信息得到的结果。可以理解地,查询结果为包括用户非关键信息存在目标权限信息,或者用户非关键信息不存在目标权限信息。
本实施例中,当查询标识为数据层,则根据目标权限信息查询数据库,以判断用户非关键信息是否存在目标权限信息,为后续对用户访问请求进行处理提供技术支持。
S602:基于查询结果对用户访问请求进行处理。
具体地,若查询结果包括目标权限信息,则响应用户访问请求;若查询结果不包括目标权限信息,则不响应用户访问请求,并显示用户不满足访问权限的信息,以根据实际情况对用户访问请求进行处理。
本实施例所提供的用户数据处理方法,若目标权限信息为调用用户非关键信息,则查询数据库,获取查询结果,为后续对用户访问请求进行处理提供技术支持。
在一实施例中,如图7所示,在步骤S502之后,即在基于目标访问对象确定目标权限信息之后,方法还包括:
S701:若查询标识为业务层和数据库,则获取与用户账号对应的匹配私钥;
本实施例中,当查询标识为业务层和数据库时,则分别查询业务层和数据库,以便后续对用户访问请求进行处理。当查询业务层时,服务器获取预先生成的匹配私钥,以便后续与用户私钥进行匹配,验证用户是否合法。
S702:若用户私钥与匹配私钥匹配,则根据目标权限信息获取业务层反馈的用户权限标识;并根据目标权限信息查询数据库,获取查询结果。
本实施例中的具体实施过程与步骤S502和S601相同,在此不再赘述。
S703:基于用户权限标识、查询结果和目标权限信息对用户访问请求进行处理。
本实施例中,当用户权限标识和查询结果的集合包括目标权限信息,则响应用户访问请求;若用户权限标识和查询结果的集合包括目标权限信息,则不响应用户访问请求,并显示用户不满足访问权限的信息,以根据实际情况对用户访问请求进行处理。例如,若目标权限信息包括权限1和权限2;用户权限标识包括权限1,查询结果为用户号具有权限2,则用户权限标识和查询结果的集合包括目标权限信息,响应用户访问请求。
本实施例所提供的用户数据处理方法,若查询标识为业务层和数据库,则获取与用户账号对应的匹配私钥,以便后续与用户私钥进行匹配,验证用户是否合法。若用户私钥与匹配私钥匹配,则根据目标权限信息获取业务层反馈的用户权限标识;并根据目标权限信息查询数据库,获取查询结果;基于用户权限标识、查询结果和目标权限信息对用户访问请求进行处理,以根据实际情况对用户访问请求进行处理。
在一实施例中,如图8所示,在步骤S501之前,在获取用户访问请求之前,方法还包括:
S801:获取用户登录请求,用户登录请求包括用户账号和用户密码。
其中,用户登录请求是用户登录应用程序的请求。
具体地,用户在应用程序上点击登录按钮,以向服务器发送用户登录请求,当服务器接收到用户登录请求时,则解析用户登录请求,以获取用户账号和用户密码,以便后续对用户账号和用户密码进行验证,判断该用户是否为合法用户。
S802:对用户账号和用户密码进行验证,获取身份验证结果。
其中,身份验证结果是指对用户账号和用户密码进行验证的结果。可以理解地,若用户账号和用户密码准确,则身份验证结果为验证通过;若用户账号和用户密码其中一个错误,则身份验证结果为验证不通过。
具体地,服务器预先在业务层中创建注册信息表,该注册信息表用于记录用户注册时提交的而用户账号和用户密码,需要说明地是,当用户修改用户账号和用户密码时,则该注册信息表同步更新,当服务器获取到用户账号和用户密码时,则查询注册信息表,以对用户账号和用户密码进行验证。
S803:若身份验证结果为验证通过,则生成与用户账号对应的匹配私钥;并跳转到数据访问界面,获取获取用户访问请求。
本实施例中,当身份验证结果为验证通过时,证明该用户是合法的用户,此时,生成与用户账号对应的匹配私钥,为后续的用户访问提供技术支持,并跳转数据访问呢界面,以便用户进行访问。
本实施例所提供的用户数据处理方法,获取用户登录请求,对用户账号和用户密码进行验证,获取身份验证结果;若身份验证结果为验证通过,则根据用户账号和用户密码,生成与用户账号对应的匹配私钥,为后续的用户访问提供技术支持,并跳转到数据访问界面,获取获取用户访问请求,以便用户进行访问。
应理解,上述实施例中各步骤的序号的大小并不意味着执行顺序的先后,各过程的执行顺序应以其功能和内在逻辑确定,而不应对本申请实施例的实施过程构成任何限定。
在一实施例中,提供一种用户数据处理装置,该用户数据处理装置与上述实施例中用户数据处理方法一一对应。如图9所示,该用户数据处理装置包括用户原始数据获取模块901、拆分处理获取模块902、加密处理模块903和存储模块904。各功能模块详细说明如下:
用户原始数据获取模块901,用于获取用户原始数据,用户原始数据包括用户账号;
拆分处理获取模块902,用于对用户原始数据进行处理,得到用户关键信息和用户非关键信息;
加密处理模块903,用于将用户关键信息发送到业务层,对用户关键信息进行加密处理,获取目标密文数据和用户私钥;
存储模块904,用于将用户账号、用户私钥和目标密文数据关联存储在业务层中,将用户账号和用户非关键信息关联存储在数据库中。
优选地,用户原始数据包括原始字段和与原始字段相对应的字段值;拆分处理获取模块902,包括:信息分类表查询单元、用户关键信息获取单元和用户非关键信息获取单元。
信息分类表查询单元,用于基于用户原始数据查询信息分类表,信息分类表包括关键字段;
用户关键信息获取单元,用于从用户原始数据中抽取与关键字段相匹配的原始字段的字段值,获取用户关键信息;
用户非关键信息获取单元,用于从用户原始数据中抽取与关键字段不匹配的原始字段的字段值,获取用户非关键信息。
优选地,加密处理模块903,包括:密钥生成单元和加密单元。
密钥生成单元,用于当获取用户关键信息时,则采用加密算法生成用户公钥和与用户公钥对应的用户私钥;
加密单元,用于采用用户公钥对用户关键信息进行加密,获取目标密文数据。
优选地,目标密文数据携带有用户权限标识;在存储模块904之后,装置还包括:用户访问请求获取模块、查询标识确定模块、匹配私钥获取模块和第一处理模块。
用户访问请求获取模块,用于获取用户访问请求,用户访问请求包括用户账号和目标访问对象;
查询标识确定模块,用于基于目标访问对象确定目标权限信息和目标权限信息对应的查询标识;
匹配私钥获取模块,用于若查询标识为业务层,则获取与用户账号对应的匹配私钥;
第一处理模块,用于若用户私钥与匹配私钥匹配,则根据目标权限信息获取业务层反馈的用户权限标识,基于用户权限标识和目标权限信息对用户访问请求进行处理。
优选地,在查询标识确定模块之后,装置还包括:查询结果获取模块和第二处理模块。
查询结果获取模块,用于若查询标识为数据库,则根据目标权限信息查询数据库,获取查询结果;
第二处理模块,用于基于查询结果对用户访问请求进行处理。
优选地,在查询标识确定模块之后,装置还包括:匹配私钥获取模块、用户权限标识和查询结果模块和第三处理模块。
匹配私钥获取模块,用于若查询标识为业务层和数据库,则获取与用户账号对应的匹配私钥;
用户权限标识和查询结果模块,用于若用户私钥与匹配私钥匹配,则根据目标权限信息获取业务层反馈的用户权限标识;并根据目标权限信息查询数据库,获取查询结果;
第三处理模块,用于基于用户权限标识、查询结果和目标权限信息对用户访问请求进行处理。
优选地,在用户访问请求获取模块之前,装置还包括:
用户登录请求获取模块,用于获取用户登录请求,用户登录请求包括用户账号和用户密码;
验证模块,用于对用户账号和用户密码进行验证,获取身份验证结果;
跳转模块,用于若身份验证结果为验证通过,则根据用户账号和用户密码,生成与用户账号对应的匹配私钥;并跳转到数据访问界面,获取获取用户访问请求。
关于用户数据处理装置的具体限定可以参见上文中对于用户数据处理方法的限定,在此不再赘述。上述用户数据处理装置中的各个模块可全部或部分通过软件、硬件及其组合来实现。上述各模块可以硬件形式内嵌于或独立于计算机设备中的处理器中,也可以以软件形式存储于计算机设备中的存储器中,以便于处理器调用执行以上各个模块对应的操作。
在一个实施例中,提供了一种计算机设备,该计算机设备可以是服务器,其内部结构图可以如图10所示。该计算机设备包括通过系统总线连接的处理器、存储器、网络接口和数据库。其中,该计算机设备的处理器用于提供计算和控制能力。该计算机设备的存储器包括非易失性存储介质、内存储器。该非易失性存储介质存储有操作系统、可读存储介质和数据库。该内存储器为非易失性存储介质中的操作系统和可读存储介质的运行提供环境。该计算机设备的数据库用于存储用户原始数据。该计算机设备的网络接口用于与外部的终端通过网络连接通信。该可读存储介质被处理器执行时以实现一种用户数据处理方法。
在一个实施例中,提供了一种计算机设备,包括存储器、处理器及存储在存储器上并可在处理器上运行的可读存储介质,处理器执行可读存储介质时实现上述实施例中用户数据处理方法的步骤,例如图2所示的步骤S201-S204,或者图3至图8中所示的步骤,为避免重复,这里不再赘述。或者,处理器执行可读存储介质时实现用户数据处理装置这一实施例中的各模块/单元的功能,例如图9所示的用户原始数据获取模块901、拆分处理获取模块902、加密处理模块903和存储模块904的功能,为避免重复,这里不再赘述。
在一实施例中,提供一个或多个存储有计算机可读指令的可读存储介质,所述计算机可读存储介质存储有计算机可读指令,所述计算机可读指令被一个或多个处理器执行时,使得所述一个或多个处理器执行时实现上述实施例中用户数据处理方法的步骤,例如图2所示的步骤S201-S204,或者图3至图8中所示的步骤,为避免重复,这里不再赘述。或者,处理器执行可读存储介质时实现用户数据处理装置这一实施例中的各模块/单元的功能,例如图9所示的用户原始数据获取模块901、拆分处理获取模块902、加密处理模块903和存储模块904的功能,为避免重复,这里不再赘述。本实施例中的可读存储介质包括非易失性可读存储介质和易失性可读存储介质。
本领域普通技术人员可以理解实现上述实施例方法中的全部或部分流程,是可以通过可读存储介质来指令相关的硬件来完成,所述的可读存储介质可存储于一非易失性计算机可读取存储介质中,该可读存储介质在执行时,可包括如上述各方法的实施例的流程。其中,本申请所提供的各实施例中所使用的对存储器、存储、数据库或其它介质的任何引用,均可包括非易失性和/或易失性存储器。非易失性存储器可包括只读存储器(ROM)、可编程ROM(PROM)、电可编程ROM(EPROM)、电可擦除可编程ROM(EEPROM)或闪存。易失性存储器可包括随机存取存储器(RAM)或者外部高速缓冲存储器。作为说明而非局限,RAM以多种形式可得,诸如静态RAM(SRAM)、动态RAM(DRAM)、同步DRAM(SDRAM)、双数据率SDRAM(DDRSDRAM)、增强型SDRAM(ESDRAM)、同步链路(Synchlink) DRAM(SLDRAM)、存储器总线(Rambus)直接RAM(RDRAM)、直接存储器总线动态RAM(DRDRAM)、以及存储器总线动态RAM(RDRAM)等。
所属领域的技术人员可以清楚地了解到,为了描述的方便和简洁,仅以上述各功能单元、模块的划分进行举例说明,实际应用中,可以根据需要而将上述功能分配由不同的功能单元、模块完成,即将所述装置的内部结构划分成不同的功能单元或模块,以完成以上描述的全部或者部分功能。
以上所述实施例仅用以说明本申请的技术方案,而非对其限制;尽管参照前述实施例对本申请进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本申请各实施例技术方案的精神和范围,均应包含在本申请的保护范围之内。

Claims (20)

  1. 一种用户数据处理方法,其中,包括:
    获取用户原始数据,所述用户原始数据包括用户账号;
    对所述用户原始数据进行处理,得到用户关键信息和用户非关键信息;
    将所述用户关键信息发送到业务层,对所述用户关键信息进行加密处理,获取目标密文数据和用户私钥;
    将所述用户账号、用户私钥和目标密文数据关联存储在业务层中,将所述用户账号和所述用户非关键信息关联存储在数据库中。
  2. 如权利要求1所述的用户数据处理方法,其中,所述用户原始数据包括原始字段和与所述原始字段相对应的字段值;所述对所述用户原始数据进行处理,得到用户关键信息和用户非关键信息,包括:
    基于所述用户原始数据查询信息分类表,所述信息分类表包括关键字段;
    从用户原始数据中抽取与所述关键字段相匹配的原始字段的字段值,获取用户关键信息;
    从用户原始数据中抽取与所述关键字段不匹配的原始字段的字段值,获取用户非关键信息。
  3. 如权利要求1所述的用户数据处理方法,其中,所述对所述用户关键信息进行加密处理,获取目标密文数据和用户私钥,包括:
    当获取所述用户关键信息时,则采用加密算法生成用户公钥和与所述用户公钥对应的用户私钥;
    采用所述用户公钥对所述用户关键信息进行加密,获取目标密文数据。
  4. 如权利要求1所述的用户数据处理方法,其中,所述目标密文数据携带有用户权限标识;在所述将所述用户账号、用户私钥和目标密文数据关联存储在业务层中,将所述用户账号和所述用户非关键信息关联存储在数据库中之后,所述方法还包括:
    获取用户访问请求,所述用户访问请求包括用户账号和目标访问对象;
    基于所述目标访问对象确定目标权限信息和所述目标权限信息对应的查询标识;
    若所述查询标识为业务层,则获取与所述用户账号对应的匹配私钥;
    若所述用户私钥与所述匹配私钥匹配,则根据目标权限信息获取业务层反馈的用户权限标识,基于所述用户权限标识和所述目标权限信息对所述用户访问请求进行处理。
  5. 如权利要求4所述的用户数据处理方法,其中,在所述基于所述目标访问对象确定目标权限信息之后,包括:
    若所述查询标识为数据库,则根据所述目标权限信息查询数据库,获取查询结果;
    基于所述查询结果对所述用户访问请求进行处理。
  6. 如权利要求4所述的用户数据处理方法,其中,在所述基于所述目标访问对象确定目标权限信息之后,包括:
    若所述查询标识为业务层和数据库,则获取与所述用户账号对应的匹配私钥;
    若所述用户私钥与所述匹配私钥匹配,则根据目标权限信息获取业务层反馈的用户权限标识;并根据目标权限信息查询数据库,获取查询结果;
    基于所述用户权限标识、查询结果和目标权限信息对所述用户访问请求进行处理。
  7. 如权利要求4所述的用户数据处理方法,其中,在所述获取用户访问请求之前,所述方法还包括:
    获取用户登录请求,所述用户登录请求包括所述用户账号和所述用户密码;
    对所述用户账号和所述用户密码进行验证,获取身份验证结果;
    若所述身份验证结果为验证通过,则根据所述用户账号和所述用户密码,生成与所述用户账号对应的匹配私钥;并跳转到数据访问界面,获取所述获取用户访问请求。
  8. 一种用户数据处理装置,其中,包括:
    用户原始数据获取模块,用于获取用户原始数据,所述用户原始数据包括用户账号;
    拆分处理获取模块,用于对所述用户原始数据进行处理,得到用户关键信息和用户非关键信息;
    加密处理模块,用于将所述用户关键信息发送到业务层,对所述用户关键信息进行加密处理,获取目标密文数据和用户私钥;
    存储模块,用于将所述用户账号、用户私钥和目标密文数据关联存储在业务层中,将所述用户账号和所述用户非关键信息关联存储在数据库中。
  9. 一种计算机设备,包括存储器、处理器以及存储在所述存储器中并可在所述处理器上运行的可读存储介质,其中,所述处理器执行所述可读存储介质时实现如下步骤:
    获取用户原始数据,所述用户原始数据包括用户账号;
    对所述用户原始数据进行处理,得到用户关键信息和用户非关键信息;
    将所述用户关键信息发送到业务层,对所述用户关键信息进行加密处理,获取目标密文数据和用户私钥;
    将所述用户账号、用户私钥和目标密文数据关联存储在业务层中,将所述用户账号和所述用户非关键信息关联存储在数据库中。
  10. 如权利要求9所述的计算机设备,其中,所述用户原始数据包括原始字段和与所述原始字段相对应的字段值;所述对所述用户原始数据进行处理,得到用户关键信息和用户非关键信息,包括:
    基于所述用户原始数据查询信息分类表,所述信息分类表包括关键字段;
    从用户原始数据中抽取与所述关键字段相匹配的原始字段的字段值,获取用户关键信息;
    从用户原始数据中抽取与所述关键字段不匹配的原始字段的字段值,获取用户非关键信息。
  11. 如权利要求9所述的计算机设备,其中,所述对所述用户关键信息进行加密处理,获取目标密文数据和用户私钥,包括:
    当获取所述用户关键信息时,则采用加密算法生成用户公钥和与所述用户公钥对应的用户私钥;
    采用所述用户公钥对所述用户关键信息进行加密,获取目标密文数据。
  12. 如权利要求9所述的计算机设备,其中,所述目标密文数据携带有用户权限标识;在所述将所述用户账号、用户私钥和目标密文数据关联存储在业务层中,将所述用户账号和所述用户非关键信息关联存储在数据库中之后,所述处理器执行所述可读存储介质时还实现如下步骤:
    获取用户访问请求,所述用户访问请求包括用户账号和目标访问对象;
    基于所述目标访问对象确定目标权限信息和所述目标权限信息对应的查询标识;
    若所述查询标识为业务层,则获取与所述用户账号对应的匹配私钥;
    若所述用户私钥与所述匹配私钥匹配,则根据目标权限信息获取业务层反馈的用户权限标识,基于所述用户权限标识和所述目标权限信息对所述用户访问请求进行处理。
  13. 如权利要求12所述的计算机设备,其中,在所述基于所述目标访问对象确定目标权限信息之后,包括:
    若所述查询标识为数据库,则根据所述目标权限信息查询数据库,获取查询结果;
    基于所述查询结果对所述用户访问请求进行处理;
    或者,
    若所述查询标识为业务层和数据库,则获取与所述用户账号对应的匹配私钥;
    若所述用户私钥与所述匹配私钥匹配,则根据目标权限信息获取业务层反馈的用户权限标识;并根据目标权限信息查询数据库,获取查询结果;
    基于所述用户权限标识、查询结果和目标权限信息对所述用户访问请求进行处理。
  14. 如权利要求12所述的计算机设备,其中,在所述获取用户访问请求之前,所述方法还包括:
    获取用户登录请求,所述用户登录请求包括所述用户账号和所述用户密码;
    对所述用户账号和所述用户密码进行验证,获取身份验证结果;
    若所述身份验证结果为验证通过,则根据所述用户账号和所述用户密码,生成与所述用户账号对应的匹配私钥;并跳转到数据访问界面,获取所述获取用户访问请求。
  15. 一个或多个存储有计算机可读指令的可读存储介质,所述计算机可读存储介质存储有计算机可读指令,其中,所述计算机可读指令被一个或多个处理器执行时,使得所述一个或多个处理器执行如下步骤:
    获取用户原始数据,所述用户原始数据包括用户账号;
    对所述用户原始数据进行处理,得到用户关键信息和用户非关键信息;
    将所述用户关键信息发送到业务层,对所述用户关键信息进行加密处理,获取目标密文数据和用户私钥;
    将所述用户账号、用户私钥和目标密文数据关联存储在业务层中,将所述用户账号和所述用户非关键信息关联存储在数据库中。
  16. 如权利要求15所述的可读存储介质,其中,所述用户原始数据包括原始字段和与所述原始字段相对应的字段值;所述对所述用户原始数据进行处理,得到用户关键信息和用户非关键信息,包括:
    基于所述用户原始数据查询信息分类表,所述信息分类表包括关键字段;
    从用户原始数据中抽取与所述关键字段相匹配的原始字段的字段值,获取用户关键信息;
    从用户原始数据中抽取与所述关键字段不匹配的原始字段的字段值,获取用户非关键信息。
  17. 如权利要求15所述的可读存储介质,其中,所述对所述用户关键信息进行加密处理,获取目标密文数据和用户私钥,包括:
    当获取所述用户关键信息时,则采用加密算法生成用户公钥和与所述用户公钥对应的用户私钥;
    采用所述用户公钥对所述用户关键信息进行加密,获取目标密文数据。
  18. 如权利要求15所述的可读存储介质,其中,所述目标密文数据携带有用户权限标识;在所述将所述用户账号、用户私钥和目标密文数据关联存储在业务层中,将所述用户账号和所述用户非关键信息关联存储在数据库中之后,所述计算机可读指令被一个或多个处理器执行时,使得所述一个或多个处理器还执行如下步骤:
    获取用户访问请求,所述用户访问请求包括用户账号和目标访问对象;
    基于所述目标访问对象确定目标权限信息和所述目标权限信息对应的查询标识;
    若所述查询标识为业务层,则获取与所述用户账号对应的匹配私钥;
    若所述用户私钥与所述匹配私钥匹配,则根据目标权限信息获取业务层反馈的用户权限标识,基于所述用户权限标识和所述目标权限信息对所述用户访问请求进行处理。
  19. 如权利要求18所述的可读存储介质,其中,在所述基于所述目标访问对象确定目标权限信息之后,包括:
    若所述查询标识为数据库,则根据所述目标权限信息查询数据库,获取查询结果;
    基于所述查询结果对所述用户访问请求进行处理;
    或者,
    若所述查询标识为业务层和数据库,则获取与所述用户账号对应的匹配私钥;
    若所述用户私钥与所述匹配私钥匹配,则根据目标权限信息获取业务层反馈的用户权限标识;并根据目标权限信息查询数据库,获取查询结果;
    基于所述用户权限标识、查询结果和目标权限信息对所述用户访问请求进行处理。
  20. 如权利要求18所述的可读存储介质,其中,在所述获取用户访问请求之前,所述方法还包括:
    获取用户登录请求,所述用户登录请求包括所述用户账号和所述用户密码;
    对所述用户账号和所述用户密码进行验证,获取身份验证结果;
    若所述身份验证结果为验证通过,则根据所述用户账号和所述用户密码,生成与所述用户账号对应的匹配私钥;并跳转到数据访问界面,获取所述获取用户访问请求。
     
PCT/CN2021/125569 2020-12-28 2021-10-22 用户数据处理方法、装置、计算机设备及存储介质 WO2022142629A1 (zh)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202011586148.XA CN112632581A (zh) 2020-12-28 2020-12-28 用户数据处理方法、装置、计算机设备及存储介质
CN202011586148.X 2020-12-28

Publications (1)

Publication Number Publication Date
WO2022142629A1 true WO2022142629A1 (zh) 2022-07-07

Family

ID=75286183

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2021/125569 WO2022142629A1 (zh) 2020-12-28 2021-10-22 用户数据处理方法、装置、计算机设备及存储介质

Country Status (2)

Country Link
CN (1) CN112632581A (zh)
WO (1) WO2022142629A1 (zh)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115102795A (zh) * 2022-08-26 2022-09-23 北京盈泽世纪科技发展有限公司 一种通信安全验证方法及系统
CN115495783A (zh) * 2022-09-20 2022-12-20 北京三维天地科技股份有限公司 一种配置式的数据服务暴露解决方法及系统
CN115801317A (zh) * 2022-10-14 2023-03-14 支付宝(杭州)信息技术有限公司 服务提供方法、系统、装置、存储介质及电子设备
CN116566737A (zh) * 2023-06-27 2023-08-08 云账户技术(天津)有限公司 基于SaaS平台的权限配置方法、装置及相关设备
CN117010024A (zh) * 2023-10-07 2023-11-07 国网山东省电力公司滨州市滨城区供电公司 光伏发电结算方法、系统、终端及存储介质

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112632581A (zh) * 2020-12-28 2021-04-09 深圳壹账通智能科技有限公司 用户数据处理方法、装置、计算机设备及存储介质
CN113177216B (zh) * 2021-04-30 2023-03-14 北京市商汤科技开发有限公司 一种数据传输方法、装置、计算机设备和存储介质
CN114372249A (zh) * 2022-03-21 2022-04-19 北京纷扬科技有限责任公司 一种基于权限码的数据权限控制方法及装置
CN116094838B (zh) * 2023-04-06 2023-07-14 苏州浪潮智能科技有限公司 一种数据加密方法及相关组件

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106022584A (zh) * 2016-05-13 2016-10-12 成都镜杰科技有限责任公司 小型企业资源管理方法
CN106022159A (zh) * 2016-05-13 2016-10-12 成都镜杰科技有限责任公司 基于云计算的erp数据处理方法
GB2580184A (en) * 2018-12-24 2020-07-15 Quantum Card Services Ltd A method of generating and displaying an avatar
US20200273116A1 (en) * 2019-02-21 2020-08-27 Agora AltX Path of funds blockchain system
CN111865582A (zh) * 2020-07-20 2020-10-30 普华云创科技(北京)有限公司 基于零知识证明的私钥离线存储方法、系统及存储介质
CN112632581A (zh) * 2020-12-28 2021-04-09 深圳壹账通智能科技有限公司 用户数据处理方法、装置、计算机设备及存储介质

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106022584A (zh) * 2016-05-13 2016-10-12 成都镜杰科技有限责任公司 小型企业资源管理方法
CN106022159A (zh) * 2016-05-13 2016-10-12 成都镜杰科技有限责任公司 基于云计算的erp数据处理方法
GB2580184A (en) * 2018-12-24 2020-07-15 Quantum Card Services Ltd A method of generating and displaying an avatar
US20200273116A1 (en) * 2019-02-21 2020-08-27 Agora AltX Path of funds blockchain system
CN111865582A (zh) * 2020-07-20 2020-10-30 普华云创科技(北京)有限公司 基于零知识证明的私钥离线存储方法、系统及存储介质
CN112632581A (zh) * 2020-12-28 2021-04-09 深圳壹账通智能科技有限公司 用户数据处理方法、装置、计算机设备及存储介质

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115102795A (zh) * 2022-08-26 2022-09-23 北京盈泽世纪科技发展有限公司 一种通信安全验证方法及系统
CN115102795B (zh) * 2022-08-26 2022-11-18 北京盈泽世纪科技发展有限公司 一种通信安全验证方法及系统
CN115495783A (zh) * 2022-09-20 2022-12-20 北京三维天地科技股份有限公司 一种配置式的数据服务暴露解决方法及系统
CN115801317A (zh) * 2022-10-14 2023-03-14 支付宝(杭州)信息技术有限公司 服务提供方法、系统、装置、存储介质及电子设备
CN116566737A (zh) * 2023-06-27 2023-08-08 云账户技术(天津)有限公司 基于SaaS平台的权限配置方法、装置及相关设备
CN116566737B (zh) * 2023-06-27 2023-09-26 云账户技术(天津)有限公司 基于SaaS平台的权限配置方法、装置及相关设备
CN117010024A (zh) * 2023-10-07 2023-11-07 国网山东省电力公司滨州市滨城区供电公司 光伏发电结算方法、系统、终端及存储介质
CN117010024B (zh) * 2023-10-07 2024-04-16 国网山东省电力公司滨州市滨城区供电公司 光伏发电结算方法、系统、终端及存储介质

Also Published As

Publication number Publication date
CN112632581A (zh) 2021-04-09

Similar Documents

Publication Publication Date Title
US11558381B2 (en) Out-of-band authentication based on secure channel to trusted execution environment on client device
WO2022142629A1 (zh) 用户数据处理方法、装置、计算机设备及存储介质
US9032219B2 (en) Securing speech recognition data
US9166787B2 (en) Securing encrypted virtual hard disks
US9461820B1 (en) Method and apparatus for providing a conditional single sign on
US9065593B2 (en) Securing speech recognition data
US11546321B2 (en) Non-custodial tool for building decentralized computer applications
US20140096213A1 (en) Method and system for distributed credential usage for android based and other restricted environment devices
US9906499B1 (en) Apparatus, system and method for secure data exchange
KR102137122B1 (ko) 보안 체크 방법, 장치, 단말기 및 서버
US9942042B1 (en) Key containers for securely asserting user authentication
WO2019007028A1 (zh) 基于可信任环境的认证保护系统、方法和存储介质
TW201926943A (zh) 資料傳輸方法及系統
US10142100B2 (en) Managing user-controlled security keys in cloud-based scenarios
US20220353092A1 (en) System and Method for Secure Internet Communications
US10516655B1 (en) Encrypted boot volume access in resource-on-demand environments
EP3886355A2 (en) Decentralized management of data access and verification using data management hub
CN112260997B (zh) 数据访问方法、装置、计算机设备和存储介质
CN114553557A (zh) 密钥调用方法、装置、计算机设备和存储介质
US9363274B2 (en) Methods and systems for broadcasting pictures
US10931454B1 (en) Decentralized management of data access and verification using data management hub
US11012245B1 (en) Decentralized management of data access and verification using data management hub
CN109981678B (zh) 一种信息同步方法及装置
CN112632589A (zh) 密钥托管方法、装置、设备及计算机可读存储介质
CN114785553A (zh) 权限认证方法、装置、计算机设备和存储介质

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21913374

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 28/09/2023)

122 Ep: pct application non-entry in european phase

Ref document number: 21913374

Country of ref document: EP

Kind code of ref document: A1