CN108768938B - A kind of web data encryption and decryption method and device - Google Patents
A kind of web data encryption and decryption method and device Download PDFInfo
- Publication number
- CN108768938B CN108768938B CN201810332854.8A CN201810332854A CN108768938B CN 108768938 B CN108768938 B CN 108768938B CN 201810332854 A CN201810332854 A CN 201810332854A CN 108768938 B CN108768938 B CN 108768938B
- Authority
- CN
- China
- Prior art keywords
- encryption
- decryption
- webpage data
- browser
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 37
- 230000008569 process Effects 0.000 claims description 8
- 238000012217 deletion Methods 0.000 abstract description 2
- 230000037430 deletion Effects 0.000 abstract description 2
- 238000010586 diagram Methods 0.000 description 11
- 238000004590 computer program Methods 0.000 description 7
- 230000004048 modification Effects 0.000 description 7
- 238000012986 modification Methods 0.000 description 7
- 230000006870 function Effects 0.000 description 5
- 230000003993 interaction Effects 0.000 description 5
- 230000008859 change Effects 0.000 description 2
- 238000009877 rendering Methods 0.000 description 2
- 230000004075 alteration Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The present invention relates to field of information security technology, in particular to a kind of web data encryption and decryption method and device.This method are as follows: mark of the browser based on the current accessed page, determine encryption and decryption strategy corresponding with the current accessed page, it wherein, include the mark of current web page described in unique identification in the encryption and decryption strategy, to encryption and decryption web data attribute type set and encryption and decryption scheme;Browser is based on the encryption and decryption strategy and carries out encryption and decryption processing to web data.Using the above method, browser is according to encryption and decryption strategy corresponding with the current accessed page, the web data interacted between operation system to itself carries out encryption and decryption processing, this makes it possible under the premise of not carrying out upgrading to operation system, for the increase of each Webpage, deletion or the corresponding encryption and decryption strategy of dynamic configuration that operation system provides, the flexibility of configuration encryption and decryption strategy is improved.
Description
Technical Field
The invention relates to the technical field of information security, in particular to a webpage data encryption and decryption method and device.
Background
At present, a browser is mainly used for presenting webpage data pushed by a background server, and the webpage data is protected by encrypting and decrypting the webpage data in the webpage data interaction process of the browser and a service system.
In the prior art, the encryption and decryption of the web page data are performed by depending on the service system, and the web page data uploaded to the service system by the browser is encrypted to decrypt the data downloaded from the service system by the browser. At present, there are two ways for a common service system to encrypt and decrypt web page data:
the first mode is as follows: after the browser uploads the webpage data to the service system, the service system encrypts the webpage data uploaded by the browser; when the browser needs to download the webpage data from the service system, the service system decrypts the webpage data needing to be downloaded by the browser and sends the webpage data to the browser for displaying the webpage data.
The second mode is as follows: the business system calls the encryption and decryption control to encrypt the webpage data uploaded to the business system by the browser; and the business system calls the encryption and decryption control to decrypt the webpage data downloaded by the browser from the business system, and the browser displays the webpage data.
However, when a policy for encrypting and decrypting the web page data is required to be executed for a service system that does not encrypt and decrypt the web page data, or an existing encryption and decryption scheme of the service system needs to be upgraded, the service system also needs to be upgraded correspondingly, the service system needs to be modified, the modification cost is high, and the modification difficulty is high.
Disclosure of Invention
The embodiment of the invention aims to provide a webpage data encryption and decryption method and a device, which are used for solving the problem that a business system needs to be modified when a webpage data encryption and decryption strategy is added, deleted and modified in the prior art.
The specific technical scheme provided in the embodiment of the invention is as follows:
in a first aspect, the present invention provides a method for encrypting and decrypting web page data, including: the browser determines an encryption and decryption strategy corresponding to a current access page based on an identifier of the current access page, wherein the encryption and decryption strategy comprises an identifier uniquely identifying the current webpage, a set of attribute types of webpage data to be encrypted and decrypted and an encryption and decryption scheme; and the browser carries out encryption and decryption processing on the webpage data based on the encryption and decryption strategy.
By adopting the webpage data encryption and decryption method provided by the invention, the browser determines the corresponding encryption and decryption strategy preset aiming at the webpage according to the webpage of the currently accessed service system, and carries out encryption and decryption processing on the webpage data interacted between the browser and the service system based on the determined encryption and decryption strategy, and the encryption and decryption operation is carried out on the webpage data at the browser side according to the encryption and decryption strategy corresponding to the webpage, so that the addition, deletion or change of the encryption and decryption strategy of the webpage data interacted between each webpage and the service system can be realized on the premise of not modifying and upgrading the service system.
Optionally, before determining, by the browser, an encryption/decryption policy corresponding to the currently visited page based on the identifier of the currently visited page, the browser further includes:
the browser acquires the encryption and decryption strategy set from the encryption and decryption strategy management system.
Optionally, the determining, by the browser, an encryption/decryption policy corresponding to the currently visited page based on the identifier of the currently visited page includes:
the browser acquires a Uniform Resource Locator (URL) of the current access page;
and the browser determines an encryption and decryption strategy containing the URL of the current access page from the encryption and decryption strategy set according to the URL of the current access page.
Optionally, the encrypting and decrypting, by the browser, the webpage data based on the encryption and decryption policy includes:
the browser determines a corresponding encryption key according to the encryption and decryption scheme aiming at first webpage data which are required to be uploaded to a service system and belong to the attribute type set of the webpage data to be encrypted and decrypted, and encrypts the first webpage data by adopting the encryption key, wherein the encryption and decryption scheme is used for determining the encryption key respectively adopted when the webpage data of each attribute type are encrypted.
Optionally, the determining, by the browser, a corresponding encryption key according to the encryption and decryption scheme, and performing encryption processing on the first webpage data by using the encryption key includes:
the browser encrypts the webpage data disclosed to all users by adopting public keys in key pairs held by all users; or,
and the browser adopts a public key in a key pair held by the specified user to encrypt the webpage data disclosed to the specified user.
Optionally, the encrypting and decrypting, by the browser, the webpage data based on the encryption and decryption policy includes:
and the browser determines a corresponding decryption key according to the encryption and decryption scheme aiming at second webpage data which are downloaded from a service system and belong to the attribute type set of the webpage data to be encrypted and decrypted, and decrypts the second webpage data by adopting the decryption key, wherein the encryption and decryption scheme is used for determining the decryption keys respectively adopted when the webpage data of each attribute type are decrypted.
Optionally, the determining, by the browser, a corresponding decryption key according to the encryption and decryption scheme, and performing decryption processing on the second webpage data by using the decryption key includes:
the browser decrypts the webpage data disclosed to all users by adopting the private keys in the key pairs held by all users; or,
the browser decrypts the webpage data disclosed to the browser by using a private key in a key pair held by the browser.
In a second aspect, the present invention provides a web page data encryption and decryption apparatus, including:
the device comprises a determining unit, a processing unit and a processing unit, wherein the determining unit is used for determining an encryption and decryption strategy corresponding to a current access page based on an identifier of the current access page, and the encryption and decryption strategy comprises an identifier which uniquely identifies the current webpage, a set of attributes of webpage data to be encrypted and decrypted and an encryption and decryption scheme;
and the encryption and decryption unit is used for carrying out encryption and decryption processing on the webpage data based on the encryption and decryption strategy.
Optionally, before determining, based on the identifier of the currently accessed page, an encryption and decryption policy corresponding to the currently accessed page, the web page data encryption and decryption apparatus further includes:
and the acquisition unit is used for acquiring the encryption and decryption strategy set from the encryption and decryption strategy management system.
Optionally, when determining, based on the identifier of the current access page, an encryption/decryption policy corresponding to the current access page, the determining unit is configured to:
acquiring a Uniform Resource Locator (URL) of the current access page;
and determining an encryption and decryption strategy containing the URL of the current access page from the encryption and decryption strategy set according to the URL of the current access page.
Optionally, when the encryption and decryption policy is used to encrypt and decrypt the web page data, the encryption and decryption unit is configured to:
and aiming at first webpage data which needs to be uploaded to a service system and belongs to the attribute type set of the webpage data to be encrypted and decrypted, determining a corresponding encryption key according to the encryption and decryption scheme, and encrypting the first webpage data by adopting the encryption key, wherein the encryption and decryption scheme is used for determining the encryption keys respectively adopted when the webpage data of each attribute type are encrypted.
Optionally, when determining a corresponding encryption key according to the encryption and decryption scheme and encrypting the first webpage data by using the encryption key, the encryption and decryption unit is configured to:
aiming at the webpage data disclosed to all users, a public key in a key pair held by all users is adopted for encryption processing; or,
and aiming at the webpage data disclosed to the specified user, carrying out encryption processing by adopting a public key in a key pair held by the specified user.
Optionally, when the encryption and decryption policy is used to encrypt and decrypt the web page data, the encryption and decryption unit is configured to:
and determining a corresponding decryption key according to the encryption and decryption scheme for second webpage data which are downloaded from a service system and belong to the attribute type set of the webpage data to be encrypted and decrypted, and decrypting the second webpage data by using the decryption key, wherein the encryption and decryption scheme is used for determining the decryption keys respectively used when decrypting the webpage data of each attribute type.
Optionally, when determining a corresponding decryption key according to the encryption and decryption scheme and performing decryption processing on the second webpage data by using the decryption key, the encryption and decryption unit is configured to:
for the webpage data disclosed to all users, adopting private keys in key pairs held by all users to carry out decryption processing; or,
and (4) for the webpage data which is disclosed to the user, carrying out decryption processing by adopting a private key in a key pair held by the user.
In a third aspect, the present invention provides a computing device comprising: a memory for storing program instructions; a processor for calling the program instructions stored in the memory and executing any of the methods of the first aspect according to the obtained program.
In a fourth aspect, the present invention provides a computer-readable storage medium having stored thereon computer-executable instructions for causing a computer to perform the method of any one of the first aspects.
The invention has the following beneficial effects:
in summary, in the embodiment of the present invention, in the process of encrypting and decrypting web page data, a browser determines, based on an identifier of a current access page, an encryption and decryption policy corresponding to the current access page, where the encryption and decryption policy includes an identifier uniquely identifying the current web page, a set of attribute types of the web page data to be encrypted and decrypted, and an encryption and decryption scheme; and the browser carries out encryption and decryption processing on the webpage data based on the encryption and decryption strategy.
By adopting the method, the browser acquires the encryption and decryption strategy corresponding to the current access page, and carries out encryption and decryption processing on the webpage data interacted with the current access page provided by the business system on the local browser based on the encryption and decryption strategy, so that the corresponding encryption and decryption strategy can be randomly added, deleted or dynamically reconfigured aiming at each webpage provided by the business system on the premise of not upgrading the business system, the configuration flexibility of the encryption and decryption strategy is improved, and the cost of upgrading the encryption and decryption strategy is reduced.
Drawings
FIG. 1 is a detailed flowchart of a method for encrypting and decrypting web page data according to an embodiment of the present invention;
FIG. 2 is a schematic diagram of data interaction between a browser and an encryption and decryption policy management system and a service system according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of a web page data encryption and decryption apparatus according to an embodiment of the present invention.
Detailed Description
In order to facilitate understanding of the technical solutions introduced in the embodiments of the present invention, some definitions of terms are given:
1. the attribute type set of the webpage data to be encrypted and decrypted refers to a set used for specifically defining which types of webpage data belonging to which users need to be encrypted and decrypted.
2. The encryption and decryption scheme refers to encryption keys and/or decryption keys required for encryption and decryption of different types of webpage data.
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
First, the term "and" in the embodiment of the present invention is only one kind of association relationship describing an associated object, and indicates that three relationships may exist, for example, a and B may indicate: a exists alone, A and B exist simultaneously, and B exists alone. In addition, the character "/" herein generally indicates that the former and latter related objects are in an "or" relationship.
When the invention is referred to as "first", "second", "third" or "fourth", etc., ordinal terms, it should be understood that they are used for distinguishing only if they are actually used to express the order in context.
The scheme of the present invention will be described in detail by way of specific examples, but the present invention is not limited to the following examples.
Referring to fig. 1, in the embodiment of the present invention, a detailed flow of a method for encrypting and decrypting web page data is as follows:
step 100: the browser acquires the encryption and decryption strategy set from the encryption and decryption strategy management system.
In practical applications, a user may access each service provided in the service system through a browser, each service may correspond to a corresponding web page, and correspondingly, the browser may perform interaction of web page data with the service system, for example, the browser may upload web page data input by the user to the service system, and the browser may also download the web page data from the service system and present the web page data on the browser page. The service system is used for bearing service functions required by the client, and the browser is used for presenting each webpage of the service system. In order to ensure the security of the web data interacted between the browser and the service system, encryption and decryption processing needs to be performed on the web data interacted between the browser and the service system, and optionally, encryption processing may be performed on the web data uploaded to the service system from the browser, and decryption processing needs to be performed on the web data downloaded from the service system by the browser and displayed on a browser page.
The embodiment of the invention provides a system for encryption and decryption policy management (namely, an encryption and decryption policy management system), which is connected with a browser (or connected with a terminal where the browser is located), wherein the encryption and decryption policy management system can respectively configure corresponding encryption and decryption policies for each webpage provided by a service system in advance, the browser can acquire an encryption and decryption policy set configured for each webpage in the service system from the encryption and decryption policy management system, and the encryption and decryption policy management system can freely add, delete or change the encryption and decryption policies of any webpage in the operation process. The corresponding encryption and decryption strategies can be preset aiming at each webpage provided by the service system and stored in the encryption and decryption strategy management system.
For example, assuming that a browser performs web data interaction with a business system, where the business system includes a web page 11, a web page 12, a web page 13, and a web page 14, an encryption and decryption policy management system corresponding to the browser and/or the business system may be configured with the corresponding encryption and decryption policy 11, encryption and decryption policy 13, and encryption and decryption policy 14 for the web page 11, the web page 13, and the web page 14 in advance. If it is determined that a corresponding encryption and decryption policy needs to be set for the webpage 12, the corresponding encryption and decryption policy 12 may be directly configured for the webpage 12 in the encryption and decryption policy management system; if it is determined that a corresponding encryption and decryption policy does not need to be set for the webpage 11, the encryption and decryption policy configured for the webpage 11 can be directly deleted in the encryption and decryption policy management system; if it is determined that the encryption/decryption policy needs to be adjusted for the web page 14, the encryption/decryption policy 14 may be directly adaptively adjusted in the encryption/decryption policy management system.
In the embodiment of the present invention, when step 100 is executed, the method may specifically include: when the browser is started, the browser acquires an encryption and decryption strategy set from an encryption and decryption strategy management system connected with the browser.
Certainly, after the browser acquires the encryption and decryption policy set from the encryption and decryption policy management system for the first time, the browser may store the encryption and decryption policy set locally, and periodically acquire the latest encryption and decryption policy set from the encryption and decryption policy management system based on a preset period, or of course, may acquire the latest encryption and decryption policy set from the encryption and decryption policy management system based on an encryption and decryption policy set acquisition instruction triggered by a user.
In practical applications, in the process of installation and initialization of the browser, the corresponding public key pair and private key pair are preset for the user, and certainly, the private key pair can only be used by the browser home user, that is, when the private key pair is used, the user identity needs to be verified.
Step 110: the browser determines an encryption and decryption strategy corresponding to a current access page based on an identifier of the current access page, wherein the encryption and decryption strategy comprises an identifier uniquely identifying the current webpage, a set of attribute types of webpage data to be encrypted and decrypted and an encryption and decryption scheme.
In practical application, each webpage in the business system corresponds to an identifier for uniquely identifying the webpage, so that in the embodiment of the invention, the browser can determine the encryption and decryption strategy corresponding to the currently accessed webpage from the acquired encryption and decryption strategy set according to the identifier of the currently accessed webpage.
Specifically, in the embodiment of the present invention, when step 110 is executed, the browser acquires a Uniform Resource Locator (URL) of the current access page, and determines, according to the URL of the current access page, an encryption and decryption policy including the URL of the current access page from the acquired encryption and decryption policy set.
In practical application, the encryption and decryption policy corresponding to one web page at least comprises the following steps: an identifier for uniquely identifying the one web page, a set of attribute types of the web page data to be encrypted and/or decrypted, an encryption key corresponding to the web page data of any attribute type to be subjected to the encryption operation, and a decryption key corresponding to the web page data of any attribute type to be subjected to the decryption operation, … ….
Of course, in the embodiment of the present invention, according to the attribute type information of any webpage data, at least the type of any webpage data and/or the user information to which any webpage data belongs may be determined.
For example, the following may be determined according to the set of attribute types of the data of the web page to be encrypted and decrypted in the encryption and decryption policy corresponding to one web page: for a user a (i.e. a browser a), encryption processing needs to be performed on type 1 webpage data and type 3 webpage data uploaded to a service system by the user a, and decryption processing needs to be performed on type 2 webpage data and type 4 webpage data downloaded from the service system by the user a; for a user B (i.e. a browser B), encryption processing needs to be performed on type 1 webpage data and type 4 webpage data uploaded to a service system by the user B, and decryption processing needs to be performed on type 3 webpage data downloaded from the service system by the user B; … … are provided.
Further, the encryption and decryption scheme included in the encryption and decryption policy means determining whether an encryption operation needs to be performed or determining whether a decryption operation needs to be performed according to the attribute of one web page data, and determining an encryption key when determining that the encryption operation needs to be performed, and determining a decryption key when determining that the decryption operation needs to be performed.
Step 120: and the browser carries out encryption and decryption processing on the webpage data based on the encryption and decryption strategy.
In the embodiment of the present invention, when step 120 is executed, the manner in which the browser performs encryption and decryption processing on the web page data according to the encryption and decryption policy includes, but is not limited to, any one or a combination of the following two manners:
the first mode is as follows: the browser determines a corresponding encryption key according to the encryption and decryption scheme aiming at first webpage data which are required to be uploaded to a service system and belong to the attribute type set of the webpage data to be encrypted and decrypted, and encrypts the first webpage data by adopting the encryption key, wherein the encryption and decryption scheme is used for determining the encryption keys respectively adopted when the webpage data of each attribute type are encrypted.
Specifically, when the browser determines a corresponding encryption key according to the encryption/decryption scheme and encrypts the first webpage data by using the encryption key, the method specifically includes, but is not limited to, any one of the following two cases:
the first case is: the browser encrypts the webpage data disclosed to all users by using the public key in the key pair held by all users.
In practical application, when the browser is installed, a corresponding public key pair is preset for each user, that is, each user holds the public key pair, so that when the browser determines that any webpage data to be uploaded to the service system is the webpage data disclosed to all users, the public key in the public key pair can be used for encrypting any webpage data, and the encrypted webpage data can be uploaded to the service system.
The second case is: and the browser encrypts the webpage data disclosed to the specified user by adopting the public key in the key pair held by the specified user.
In practical application, when the browser is installed, corresponding private key pairs are preset for each user, that is, each user has a private key pair belonging to the user, so that when the browser determines that any webpage data to be uploaded to the service system is the webpage data only disclosed to a specified user, the public key in the private key pair owned by the specified user can be used for encrypting the any webpage data, and the encrypted any webpage data is uploaded to the service system.
The second way is: and the browser determines a corresponding decryption key according to the encryption and decryption scheme for second webpage data which are downloaded from a service system and belong to the attribute type set of the webpage data to be encrypted and decrypted, and decrypts the second webpage data by using the decryption key, wherein the encryption and decryption scheme is used for determining the decryption keys respectively used when decrypting the webpage data of each attribute type.
Specifically, when the browser determines a corresponding decryption key according to the encryption and decryption scheme and decrypts the second webpage data by using the decryption key, the method specifically includes, but is not limited to, any one of the following two cases:
the first case is: the browser decrypts the webpage data disclosed to all users by using the private key in the key pair held by all users.
In practical application, the browser determines that any encrypted webpage data downloaded from the service system is the webpage data disclosed to all users, decrypts the any webpage data by using a private key of a public key pair owned by the browser to obtain the decrypted any webpage data, and displays the any webpage data on a browser page through analysis and rendering.
The second case is: the browser decrypts the webpage data disclosed to the browser by using a private key in a key pair held by the browser.
In practical application, the browser determines that any encrypted webpage data downloaded from a service system is only webpage data which is disclosed to the browser, decrypts the any webpage data by using a private key of a private key pair held by the browser after determining the identity of a user to obtain the decrypted any webpage data, and displays the any webpage data on a browser page through analysis and rendering.
The above embodiment is further described in detail by using a specific application scenario, and referring to fig. 2, in the embodiment of the present invention, a data interaction diagram of a browser, an encryption and decryption policy management system, and a service system is shown. The browser can upload the webpage data input by the user to the service system, and can also download the webpage data from the service system and display the webpage data on the browser page. The encryption and decryption strategy management system is preset with encryption and decryption strategies corresponding to all webpage pages provided by the business system, so that a browser of any client can synchronize an encryption and decryption strategy set from the encryption and decryption strategy management system, determine a corresponding encryption and decryption strategy from the encryption and decryption strategy set according to the identification of the current access page when accessing the business system, and perform encryption and decryption processing on webpage data interacted with the current access page by using the encryption and decryption strategy.
Based on the above embodiments, referring to fig. 3, in an embodiment of the present invention, an encryption and decryption apparatus for web page data at least includes a determining unit 30 and an encryption and decryption unit 31, wherein,
a determining unit 30, configured to determine, based on an identifier of a current access page, an encryption and decryption policy corresponding to the current access page, where the encryption and decryption policy includes an identifier uniquely identifying the current web page, a set of data attributes of the web page to be encrypted and decrypted, and an encryption and decryption scheme;
and the encryption and decryption unit 31 is used for carrying out encryption and decryption processing on the webpage data based on the encryption and decryption strategy.
Optionally, before determining, based on the identifier of the currently accessed page, an encryption and decryption policy corresponding to the currently accessed page, the web page data encryption and decryption apparatus further includes:
and the acquisition unit is used for acquiring the encryption and decryption strategy set from the encryption and decryption strategy management system.
Optionally, when determining, based on the identifier of the current access page, an encryption/decryption policy corresponding to the current access page, the determining unit 30 is configured to:
acquiring a Uniform Resource Locator (URL) of the current access page;
and determining an encryption and decryption strategy containing the URL of the current access page from the encryption and decryption strategy set according to the URL of the current access page.
Optionally, when performing encryption and decryption processing on the web page data based on the encryption and decryption policy, the encryption and decryption unit 31 is configured to:
and aiming at first webpage data which needs to be uploaded to a service system and belongs to the attribute set of the webpage data to be encrypted and decrypted, determining a corresponding encryption key according to the encryption and decryption scheme, and encrypting the first webpage data by adopting the encryption key, wherein the encryption and decryption scheme is used for determining the encryption keys respectively adopted when the webpage data of each attribute type are encrypted.
Optionally, when determining a corresponding encryption key according to the encryption and decryption scheme and encrypting the first webpage data by using the encryption key, the encryption and decryption unit 31 is configured to:
aiming at the webpage data disclosed to all users, a public key in a key pair held by all users is adopted for encryption processing; or,
and aiming at the webpage data disclosed to the specified user, carrying out encryption processing by adopting a public key in a key pair held by the specified user.
Optionally, when performing encryption and decryption processing on the web page data based on the encryption and decryption policy, the encryption and decryption unit 31 is configured to:
and determining a corresponding decryption key according to the encryption and decryption scheme for second webpage data which are downloaded from a service system and belong to the attribute set of the webpage data to be encrypted and decrypted, and decrypting the second webpage data by using the decryption key, wherein the encryption and decryption scheme is used for determining the decryption keys respectively used when decrypting the webpage data of each attribute type.
Optionally, when determining a corresponding decryption key according to the encryption and decryption scheme and performing decryption processing on the second webpage data by using the decryption key, the encryption and decryption unit 31 is configured to:
for the webpage data disclosed to all users, adopting private keys in key pairs held by all users to carry out decryption processing; or,
and (4) for the webpage data which is disclosed to the user, carrying out decryption processing by adopting a private key in a key pair held by the user.
In summary, in the embodiment of the present invention, in the process of encrypting and decrypting web page data, a browser determines, based on an identifier of a current access page, an encryption and decryption policy corresponding to the current access page, where the encryption and decryption policy includes an identifier uniquely identifying the current web page, a set of attributes of the web page data to be encrypted and decrypted, and an encryption and decryption scheme; and the browser carries out encryption and decryption processing on the webpage data based on the encryption and decryption strategy.
By adopting the method, the browser acquires the encryption and decryption strategy corresponding to the current access page, and carries out encryption and decryption processing on the webpage data interacted with the current access page provided by the business system on the local browser based on the encryption and decryption strategy, so that the corresponding encryption and decryption strategy can be randomly added, deleted or dynamically reconfigured aiming at each webpage provided by the business system on the premise of not upgrading the business system, the configuration flexibility of the encryption and decryption strategy is improved, and the cost of upgrading the encryption and decryption strategy is reduced.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described in terms of flowcharts and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present invention have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all such alterations and modifications as fall within the scope of the invention.
It will be apparent to those skilled in the art that various modifications and variations can be made in the embodiments of the present invention without departing from the spirit or scope of the embodiments of the invention. Thus, if such modifications and variations of the embodiments of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to encompass such modifications and variations.
Claims (16)
1. A webpage data encryption and decryption method is characterized by comprising the following steps:
the browser determines an encryption and decryption strategy corresponding to a current access page based on an identifier of the current access page, wherein the encryption and decryption strategy comprises an identifier uniquely identifying the current access page, a to-be-encrypted and decrypted webpage data attribute type set and an encryption and decryption scheme, the encryption and decryption strategy is a periodically updated strategy, and the to-be-encrypted and decrypted webpage data attribute type set is a set used for determining the type of the to-be-encrypted and decrypted webpage data and/or user information to which the to-be-encrypted and decrypted webpage data belongs;
and the browser carries out encryption and decryption processing on the webpage data based on the encryption and decryption strategy.
2. The method of claim 1, wherein the browser, prior to determining the encryption and decryption policy corresponding to the currently visited page based on the identity of the currently visited page, further comprises:
the browser acquires the encryption and decryption strategy set from the encryption and decryption strategy management system.
3. The method of claim 2, wherein the browser determining, based on the identity of the currently visited page, the encryption and decryption policy corresponding to the currently visited page comprises:
the browser acquires a Uniform Resource Locator (URL) of the current access page;
and the browser determines an encryption and decryption strategy containing the URL of the current access page from the encryption and decryption strategy set according to the URL of the current access page.
4. The method of any one of claims 1-3, wherein the browser performs encryption and decryption processing on the webpage data based on the encryption and decryption policy, comprising:
the browser determines a corresponding encryption key according to the encryption and decryption scheme aiming at first webpage data which are required to be uploaded to a service system and belong to the attribute type set of the webpage data to be encrypted and decrypted, and encrypts the first webpage data by adopting the encryption key, wherein the encryption and decryption scheme is used for determining the encryption key respectively adopted when the webpage data of each attribute type are encrypted.
5. The method of claim 4, wherein the browser determines a corresponding encryption key according to the encryption and decryption scheme, and encrypts the first webpage data by using the encryption key, comprising:
the browser encrypts the webpage data disclosed to all users by adopting public keys in key pairs held by all users; or,
and the browser adopts a public key in a key pair held by the specified user to encrypt the webpage data disclosed to the specified user.
6. The method of any one of claims 1-3, wherein the browser performs encryption and decryption processing on the webpage data based on the encryption and decryption policy, comprising:
and the browser determines a corresponding decryption key according to the encryption and decryption scheme aiming at second webpage data which are downloaded from a service system and belong to the attribute type set of the webpage data to be encrypted and decrypted, and decrypts the second webpage data by adopting the decryption key, wherein the encryption and decryption scheme is used for determining the decryption keys respectively adopted when the webpage data of each attribute type are decrypted.
7. The method of claim 6, wherein the browser determines a corresponding decryption key according to the encryption/decryption scheme, and performs decryption processing on the second webpage data by using the decryption key, including:
the browser decrypts the webpage data disclosed to all users by adopting the private keys in the key pairs held by all users; or,
the browser decrypts the webpage data disclosed to the browser by using a private key in a key pair held by the browser.
8. An apparatus for encrypting and decrypting web page data, comprising:
the device comprises a determining unit, a processing unit and a processing unit, wherein the determining unit is used for determining an encryption and decryption strategy corresponding to a current access page based on an identifier of the current access page, the encryption and decryption strategy comprises an identifier for uniquely identifying the current access page, a to-be-encrypted and decrypted webpage data attribute type set and an encryption and decryption scheme, the encryption and decryption strategy is a periodically updated strategy, and the to-be-encrypted and decrypted webpage data attribute type set is a set used for determining the type of webpage data to be encrypted and decrypted and/or user information to which the webpage data to be encrypted and decrypted belongs;
and the encryption and decryption unit is used for carrying out encryption and decryption processing on the webpage data based on the encryption and decryption strategy.
9. The apparatus of claim 8, wherein prior to determining the encryption/decryption policy corresponding to the currently visited page based on the identity of the currently visited page, the web page data encryption/decryption apparatus further comprises: an acquisition unit;
the acquiring unit is used for acquiring the encryption and decryption strategy set from the encryption and decryption strategy management system.
10. The apparatus of claim 9, wherein, in determining the encryption/decryption policy corresponding to the current access page based on an identification of the current access page, the determination unit is to:
acquiring a Uniform Resource Locator (URL) of the current access page; and determining an encryption and decryption strategy containing the URL of the current access page from the encryption and decryption strategy set according to the URL of the current access page.
11. The apparatus according to any one of claims 9 to 10, wherein, when the encryption/decryption unit performs the encryption/decryption process on the web page data based on the encryption/decryption policy, the encryption/decryption unit is configured to:
and aiming at first webpage data which needs to be uploaded to a service system and belongs to the attribute type set of the webpage data to be encrypted and decrypted, determining a corresponding encryption key according to the encryption and decryption scheme, and encrypting the first webpage data by adopting the encryption key, wherein the encryption and decryption scheme is used for determining the encryption keys respectively adopted when the webpage data of each attribute type are encrypted.
12. The apparatus of claim 11, wherein the apparatus is characterized in that
According to the encryption and decryption scheme, determining a corresponding encryption key, and when the encryption key is used for encrypting the first webpage data, the encryption and decryption unit is used for:
aiming at the webpage data disclosed to all users, a public key in a key pair held by all users is adopted for encryption processing; or, for the webpage data disclosed to the specified user, the public key in the key pair held by the specified user is adopted for encryption processing.
13. The apparatus according to any one of claims 9 to 10, wherein, when the encryption/decryption unit performs the encryption/decryption process on the web page data based on the encryption/decryption policy, the encryption/decryption unit is configured to:
and determining a corresponding decryption key according to the encryption and decryption scheme for second webpage data which are downloaded from a service system and belong to the attribute type set of the webpage data to be encrypted and decrypted, and decrypting the second webpage data by using the decryption key, wherein the encryption and decryption scheme is used for determining the decryption keys respectively used when decrypting the webpage data of each attribute type.
14. The apparatus of claim 13, wherein when determining a corresponding decryption key according to the encryption/decryption scheme and performing decryption processing on the second web page data using the decryption key, the encryption/decryption unit is configured to:
for the webpage data disclosed to all users, adopting private keys in key pairs held by all users to carry out decryption processing; or, for the webpage data disclosed to itself, the private key in the key pair held by itself is used for decryption processing.
15. A computing device, comprising:
a memory for storing program instructions;
a processor for calling program instructions stored in said memory to execute the method of any one of claims 1 to 7 in accordance with the obtained program.
16. A computer-readable storage medium having stored thereon computer-executable instructions for causing a computer to perform the method of any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810332854.8A CN108768938B (en) | 2018-04-13 | 2018-04-13 | A kind of web data encryption and decryption method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810332854.8A CN108768938B (en) | 2018-04-13 | 2018-04-13 | A kind of web data encryption and decryption method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108768938A CN108768938A (en) | 2018-11-06 |
| CN108768938B true CN108768938B (en) | 2019-08-09 |
Family
ID=64010769
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810332854.8A Active CN108768938B (en) | 2018-04-13 | 2018-04-13 | A kind of web data encryption and decryption method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108768938B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP4035035A4 (en) * | 2019-09-25 | 2023-10-04 | Commonwealth Scientific and Industrial Research Organisation | Cryptographic services for browser applications |
| CN112579998B (en) * | 2019-09-30 | 2023-09-26 | 北京京东尚科信息技术有限公司 | Webpage access method, management system and electronic equipment in information interaction platform |
| CN111222075A (en) * | 2020-01-15 | 2020-06-02 | 平安普惠企业管理有限公司 | Data transmission method based on multiple Webviews, server and storage medium |
| CN112632585B (en) * | 2020-12-31 | 2022-04-01 | 北京海泰方圆科技股份有限公司 | Webpage data transmission system, method, device, medium and equipment |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104506518A (en) * | 2014-12-22 | 2015-04-08 | 中软信息系统工程有限公司 | Identity authentication method for access control of MIPS (Million Instructions Per Second) platform network system |
| CN105095694A (en) * | 2014-05-14 | 2015-11-25 | 腾讯科技(深圳)有限公司 | Method and system for calling plug-ins by webpages |
| CN105516208A (en) * | 2016-01-28 | 2016-04-20 | 邱铭钗 | WEB site link dynamic hiding method and device capable of effectively preventing network attacks |
| CN107305610A (en) * | 2016-04-22 | 2017-10-31 | 腾讯科技(深圳)有限公司 | The method and apparatus of access path processing, the methods, devices and systems of automatic machine identification |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| FI20155763A (en) * | 2015-10-26 | 2017-04-27 | Online Solutions Oy | METHOD AND SYSTEM FOR VERIFYING THE CERTIFICATE BY SSL PROTOCOL ON THE INTERNET ACCESS TO THE WEBSITE |
-
2018
- 2018-04-13 CN CN201810332854.8A patent/CN108768938B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105095694A (en) * | 2014-05-14 | 2015-11-25 | 腾讯科技(深圳)有限公司 | Method and system for calling plug-ins by webpages |
| CN104506518A (en) * | 2014-12-22 | 2015-04-08 | 中软信息系统工程有限公司 | Identity authentication method for access control of MIPS (Million Instructions Per Second) platform network system |
| CN105516208A (en) * | 2016-01-28 | 2016-04-20 | 邱铭钗 | WEB site link dynamic hiding method and device capable of effectively preventing network attacks |
| CN107305610A (en) * | 2016-04-22 | 2017-10-31 | 腾讯科技(深圳)有限公司 | The method and apparatus of access path processing, the methods, devices and systems of automatic machine identification |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108768938A (en) | 2018-11-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104852925B (en) | Mobile intelligent terminal anti-data-leakage secure storage, backup method | |
| CN108833091B (en) | Encryption method, decryption method and device for log file | |
| CN108768938B (en) | A kind of web data encryption and decryption method and device | |
| CN103607284B (en) | Identity authentication method and equipment and server | |
| CN111143869B (en) | Application package processing method and device, electronic equipment and storage medium | |
| US20140181514A1 (en) | Encryption key management program, data management system | |
| CN107920081B (en) | Login authentication method and device | |
| CN110661748B (en) | Log encryption method, log decryption method and log encryption device | |
| CN107733639B (en) | Key management method, device and readable storage medium | |
| KR20180131056A (en) | System for managing encryption keys for cloud services | |
| CN107040520B (en) | Cloud computing data sharing system and method | |
| CN104615929A (en) | Security key device for secure cloud services, and system and method of providing security cloud services | |
| JP2016072769A (en) | Data management system, data management method, and client terminal | |
| CN107066346B (en) | Data backup method, data recovery method and device | |
| US10043015B2 (en) | Method and apparatus for applying a customer owned encryption | |
| JP2014106690A (en) | Terminal equipment, server, content distribution system, content distribution method and program | |
| CN117993017B (en) | Data sharing system, method, device, computer equipment and storage medium | |
| KR101473656B1 (en) | Method and apparatus for security of mobile data | |
| CN102724328B (en) | Read client refreshes method, system and device after a while | |
| CN102724212B (en) | Read-later server realization method, read-later server realization system and read-later read server | |
| CN109194663A (en) | A kind of method and device of file storage and downloading based on cloud computing | |
| EP3975015B1 (en) | Applet package sending method and device and computer readable medium | |
| CN102761547B (en) | System and method for implementing read-later clients and read-later client | |
| CN109933994B (en) | Data hierarchical storage method and device and computing equipment | |
| CN115115384B (en) | Excitation event processing method and device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |