CN117762994A - Data query method, device, electronic equipment and storage medium - Google Patents

Abstract

The invention provides a data query method, device, electronic equipment and storage medium, which include: decrypting the encrypted query keyword in response to a business data query request; performing character replacement encryption processing on the decrypted target query keyword to determine the target Query the target encrypted string corresponding to the keyword; perform database matching query based on the target encrypted string. By replacing traditional desensitized storage of sensitive information with character replacement and encrypted storage of sensitive information, the present invention achieves the purpose of supporting complete fuzzy search on encrypted sensitive information, ensuring more accurate fuzzy search results in the back-end database; sending encrypted query keywords through the front-end, The way the backend decrypts the target query keywords ensures the security of information transmission between the front and back ends, greatly improves the accuracy of query results and the security of information transmission between the front and back ends, and reduces the risk of leaking user sensitive information. Improved user experience when searching for sensitive information.

Description

Data query method, device, electronic equipment and storage medium

Technical field

The present invention relates to the field of computer technology, and in particular, to a data query method, device, electronic equipment and storage medium.

Background technique

In order to protect the privacy and security of users' sensitive information (such as users' mobile phone numbers, ID numbers, bank account numbers, etc.) and to support users' query operations on sensitive information, most companies will desensitize and store sensitive information; in this way, they can support querying sensitive information. information, reducing the risk of sensitive information leakage caused by hackers.

However, although desensitized storage reduces the risk of sensitive information leakage, it is not friendly to the query support of sensitive information and cannot match the desensitized part of the information, thus greatly reducing the accuracy of the query results.

Contents of the invention

The present invention provides a data query method, device, electronic equipment and storage medium to solve the problem of accurate query results of sensitive information caused by the inability in the prior art to match the desensitized part of the information in the desensitized stored sensitive information. By replacing the traditional desensitized storage of sensitive information with the character replacement method of encrypted storage of sensitive information, the purpose of encrypted sensitive information supporting fully fuzzy search is achieved, ensuring that the back-end database fuzzy search results are more accurate; sending encrypted queries through the front-end Keywords and the way the backend decrypts the target query keywords ensure the security of information transmission between the front and back ends, greatly improving the accuracy of query results and the security of information transmission between the front and back ends, while also effectively reducing the user's The risk of sensitive information leakage improves the user experience of searching for sensitive information.

The present invention provides a data query method, comprising:

In response to the business data query request, decrypt the encrypted query keyword;

Perform character replacement encryption processing on the decrypted target query keyword, and determine the target encrypted string corresponding to the target query keyword;

A database matching query is performed based on the target encrypted string.

According to a data query method provided by the present invention, the decrypted target query keyword is subjected to character replacement encryption processing, and the target encrypted string corresponding to the target query keyword is determined, including:

Based on the preset mapping relationship between query keywords and replacement strings, determine the target replacement strings corresponding to each of the target query keywords;

Arrange each target replacement string according to the order of the target query keyword, and determine the target encrypted string corresponding to the target query keyword.

According to a data query method provided by the present invention, database matching query is performed based on the target encrypted string, including:

When the business data query request is a front-end web page request to query the business data of the target user, the regular matching expression is determined based on the length of obfuscated characters inserted before and/or after the replacement string in the user's business row data pre-stored in the database. ;

Database matching query is performed based on the regular matching expression.

According to a data query method provided by the present invention, the method further includes:

For the sensitive information of each user to be stored, the query keyword in the user's sensitive information and the replacement string corresponding to the query keyword are determined based on the preset mapping relationship between the query keyword and the replacement string. , and insert a pre-configured target obfuscation string before and/or after the replacement string to determine the user's encrypted sensitive information;

Construct the user business data list based on the encrypted sensitive information of each user and the business data of each user; the number of user business row data contained in the user business data list and the number of users to be stored same.

According to a data query method provided by the present invention, the method further includes:

For each target confusion string, determine the target confusion string that meets the length requirements of the confusion characters from the replacement strings corresponding to all preset query keywords.

According to a data query method provided by the present invention, the method further includes:

For each target confusion string, the target confusion string that meets the length requirements of the confusion characters is randomly generated from preset different types of characters.

According to a data query method provided by the present invention, the method further includes:

For each target confusion string, the target confusion string that meets the length requirements of the confusion characters is determined based on the replacement strings and different types of characters corresponding to all preset query keywords.

According to a data query method provided by the present invention, the method further includes:

When at least one of the target business data is queried, encrypt the at least one of the queried target business data, and feed back the encrypted target encrypted business data to the front-end web page;

When the target business data is not queried, a prompt message indicating that the query failed is fed back to the front-end web page.

The invention also provides a data query device, including:

The data decryption module is used to decrypt encrypted query keywords in response to business data query requests;

A replacement encryption module, used to perform character replacement encryption processing on the decrypted target query keyword, and determine the target encrypted string corresponding to the target query keyword;

A data query module is used to perform database matching query based on the target encrypted string.

The present invention also provides an electronic device, including a memory, a processor and a computer program stored in the memory and executable on the processor. When the processor executes the program, it implements any of the above data query methods. .

The present invention also provides a non-transitory computer-readable storage medium on which a computer program is stored. When the computer program is executed by a processor, it implements any one of the above data query methods.

In the data query method, device, electronic equipment and storage medium provided by the present invention, in the data query method, when the back-end server responds to the business data query request, it first decrypts the encrypted query keyword, and then decrypts the decrypted target query keyword. Carry out character replacement encryption processing, and further perform database matching query based on the target encrypted string obtained by the character replacement encryption processing. In this way, by replacing traditional desensitized storage of sensitive information with character replacement encrypted storage of sensitive information, the purpose of encrypted sensitive information supporting complete fuzzy search is achieved, ensuring that the back-end database fuzzy search results are more accurate; further, encrypted queries are sent through the front-end Keywords and the way the backend decrypts the target query keywords ensure the security of information transmission between the front and back ends, greatly improving the accuracy of query results and the security of information transmission between the front and back ends, while also effectively reducing the user's The risk of sensitive information leakage improves the user experience of searching for sensitive information.

Description of the drawings

In order to explain the present invention or the technical solutions in the prior art more clearly, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below. Obviously, the drawings in the following description are of the present invention. For some embodiments of the invention, those of ordinary skill in the art can also obtain other drawings based on these drawings without exerting creative efforts.

Figure 1 is a schematic flow chart of the data query method provided by the present invention;

Figure 2 is a schematic structural diagram of the data query device provided by the present invention;

Figure 3 is a schematic structural diagram of the electronic device provided by the present invention.

Detailed ways

In order to make the purpose, technical solutions and advantages of the present invention more clear, the technical solutions in the present invention will be clearly and completely described below in conjunction with the accompanying drawings of the present invention. Obviously, the described embodiments are part of the embodiments of the present invention. , not all examples. Based on the embodiments of the present invention, all other embodiments obtained by those of ordinary skill in the art without making creative efforts fall within the scope of protection of the present invention.

In the embodiment of the present invention, "at least one" refers to one or more, and "multiple" refers to two or more. "And/or" describes the relationship between associated objects, indicating that there can be three relationships, for example, A and/or B, which can mean: A alone exists, A and B exist simultaneously, and B exists alone, where A and B can be singular or plural. In the text description of the present invention, the character "/" generally indicates that the related objects are in an "or" relationship. In addition, it should be noted that the serial numbers assigned to the described objects in the present invention, such as "first", "second", etc., are only used to distinguish the described objects and do not have any order or technical meaning.

In order to protect the privacy and security of users' sensitive information (such as users' mobile phone numbers, ID numbers, bank account numbers, etc.), most companies will encrypt and store sensitive information; in this way, they can reduce the risk of hacker intrusions while supporting users to query sensitive information. Risk of leakage of sensitive information. However, in order to support users' query operations on sensitive information, some companies will choose to encrypt and store sensitive information and also desensitize and store a copy of the sensitive information; some companies will choose to store users' sensitive information in clear text.

However, although storing sensitive data in plain text can support accurate matching queries, the risk of leakage of sensitive information is extremely high. Since the original sensitive information can be obtained through decryption of encrypted and stored sensitive information, it is also easy to leak the user's sensitive information; desensitized storage Although sensitive information supports fuzzy matching search to a certain extent and reduces the risk of sensitive information leakage, the query support for sensitive information is not friendly, and the desensitized part of the information cannot be matched and queried, thus greatly reducing the accuracy of the query results. Therefore, how to store sensitive information as plain text and support arbitrary matching queries is particularly important.

In order to solve the above technical problems, the present invention provides a data query method, device, electronic device and storage medium. The data query method, device, electronic device and storage medium of the present invention will be described below with reference to Figures 1-3. The data query method The back-end server can be a single server, or a server cluster composed of multiple servers, a cloud computing center, etc.; and, the back-end server at least has encryption and decryption functions, data storage functions, and list building functions. and matching query functions. The present invention does not limit the specific form of the backend server. Furthermore, the data query method can also be applied to a data query device provided in the back-end server. The data query device can be implemented by software, hardware, or a combination of both. The following describes the data query method by taking the execution subject of the data query method as the back-end server as an example.

In order to facilitate understanding of the data query method provided by the embodiments of the present invention, below, the data query method provided by the present invention will be described in detail through the following exemplary embodiments. It can be understood that the following exemplary embodiments can be combined with each other, and the same or similar concepts or processes may not be described again in some embodiments.

Referring to Figure 1, a schematic flow chart of a data query method provided by an embodiment of the present invention is shown. As shown in Figure 1, the data query method includes the following steps 110 to 130.

Step 110: In response to the business data query request, decrypt the encrypted query keyword.

Among them, the business data query request can be a query request automatically generated when the user enters the target query keyword on the front-end web page, and when the front-end web page detects the target query keyword input by the user, in order to ensure transmission security, the target query can be The keywords are encrypted, and the encrypted query keywords obtained after encryption are transmitted to the back-end server in the form of business data query requests. The encryption method used by the front-end web page may include but is not limited to one of other reversible encryption algorithms such as the Data Encryption Standard (DES) algorithm and the International Data Encryption Algorithm (IDEA).

The target query keyword here can be a keyword in the target sensitive information of the target user corresponding to the business data to be queried. Specifically, it can be a text or a plain text value; when the target query keyword is text, the number of words must be at least 1. , such as the surname or first name in the name, or the **province, **city, or **district in the home address; when the target query keyword is a plaintext value, the number of plaintext values can be at least two, for example The plain text value can be at least two digits from the ID number, document number or bank card number. The present invention does not specifically limit this.

Specifically, in step 110, when the back-end server receives the business data query request sent by the front-end web page, it will immediately respond to the business data query request, that is, decrypt the encrypted query keyword; the decryption method used here can be Determined based on the encryption method used by the front-end web page; for example, when the front-end web page uses the DES algorithm to encrypt the encrypted query keyword, the back-end server can use the key corresponding to DES encryption to decrypt the encrypted query keyword. In addition, if the back-end server has agreed upon the encryption and decryption methods and the method of obtaining the encryption and decryption keys with the front-end web page in advance, the back-end server can also obtain the decryption key according to the agreement and use the obtained decryption key pair Encrypted query keyword for decryption. The present invention does not specifically limit this.

Step 120: Perform character replacement encryption processing on the decrypted target query keyword to determine the target encrypted string corresponding to the target query keyword.

Specifically, in step 120, the back-end server can use predefined character replacement rules to perform character replacement encryption processing on the target query keyword obtained by decrypting it. That is, when the target query keyword is When text is used, the preconfigured text-character mapping relationship can be used to replace each target query keyword with the corresponding target character; when the target query keyword is a plaintext value, the preconfigured plaintext value-character can be used The mapping relationship between each target query keyword is replaced with the corresponding target character; when the target query key is a combination of at least 1 text and at least 1 plaintext value, the preconfigured text-plaintext value-character can be used The mapping relationship between each target query keyword is replaced with the corresponding target character; in this way, the target query keyword is subjected to character replacement encryption processing, thereby determining the target encrypted string corresponding to the target query keyword.

It should be noted that the replaceable characters configured in advance for each text and/or each plaintext value can be at least one of uppercase letters, lowercase letters, punctuation marks, underlines and special characters. There are no specific limitations here.

Step 130: Perform database matching query based on the target encrypted string.

Specifically, in step 130, the backend server pre-stores different encrypted sensitive information containing different encrypted strings in its database, and each encrypted sensitive information has a mapping relationship with the corresponding user's business data. Based on this, when the backend server responds to the business data query request and determines the target encrypted string, it can perform a database matching query based on the target encrypted string to determine whether there is target encrypted sensitive information containing the target encrypted string in the database. The corresponding target business data.

In the data query method provided by the embodiment of the present invention, when the back-end server responds to a business data query request, it first decrypts the encrypted query keyword, performs character replacement encryption processing on the decrypted target query keyword, and then further performs character replacement based on character replacement. The target encrypted string obtained by encryption processing is used for database matching query. In this way, by replacing traditional desensitized storage of sensitive information with character replacement encrypted storage of sensitive information, the purpose of encrypted sensitive information supporting complete fuzzy search is achieved, ensuring that the back-end database fuzzy search results are more accurate; further, encrypted queries are sent through the front-end Keywords and the way the backend decrypts the target query keywords ensure the security of information transmission between the front and back ends, greatly improving the accuracy of query results and the security of information transmission between the front and back ends, while also effectively reducing the user's The risk of sensitive information leakage improves the user experience of searching for sensitive information.

Based on the data query method shown in Figure 1 above, in an example embodiment, when the back-end server agrees with the front-end web page in advance on all types of query keywords that the user can input, the back-end server can provide all types of query keywords that the user can input. The query keywords are pre-configured with their corresponding replacement strings, so that the corresponding target encrypted string can be quickly determined when the target query keyword is subsequently decrypted. Based on this, the specific implementation process of step 120 may include:

First, based on the preset mapping relationship between query keywords and replacement strings, the target replacement strings corresponding to the target query keywords are determined; further, according to the order of the target query keywords, each target replacement string is Arrange them to determine the target encrypted string corresponding to the target query keyword.

Specifically, the front-end and back-end can pre-agree on the types of query keywords that users can enter on the front-end web page, such as text, plain text values (that is, numbers), uppercase letters, lowercase letters, punctuation marks, special characters, etc.; special characters can Symbols that use less frequently characters and are difficult to input directly, including but not limited to numeric symbols, mathematical symbols, Greek numerals, Greek letters, month symbols, date symbols, time symbols, special Chinese characters and music symbols, etc., and for each Query keywords are configured with corresponding replacement strings.

For example, when the type of the query keyword is a plain text value, the replacement strings for each of the 10 numbers from 0 to 9 can be as shown in Table 1.

Table 1

Based on this, based on the pre-stored mapping relationship between query keywords and replacement strings, the back-end server can first determine the target replacement string corresponding to each target query keyword, and then sort the target query keywords in order. By sorting each target replacement string, the target encrypted string corresponding to each target query keyword can be obtained.

For example, when the target query keyword is a plain text numerical type and is specifically 4288, as shown in Table 1, the target replacement string for "4" is "we", and the target replacement string for "2" is "cd" ", and the target replacement string of "8" is "nv". After arranging it in order, we can get that the target encrypted string corresponding to the four target query keywords "4288" is "wecdnvnv".

It should be noted that when the back-end server pre-configures the corresponding replacement string for each different type of query keyword, the length of the replacement string corresponding to each type of query keyword can be customized, that is, each The number of characters included in the replacement string can be customized, and each two adjacent replacement strings are different. For example, when the query keyword is a number, the length of the replacement string corresponding to each number is 2, that is, a string composed of 2 characters, as shown in Table 1; when the query keyword is a text, the length of the text corresponding to The length of the replacement string can be 3, that is, the replacement string consists of 3 characters. Each character in the replacement string corresponding to each query keyword can be customized or randomly generated. The present invention does not specifically limit this.

In the data query method provided by the embodiment of the present invention, the back-end server determines the target replacement string corresponding to each target query keyword and then sequentially arranges the target replacement strings, thereby improving the convenience and efficiency of determining the target encrypted string. reliability.

Based on the data query method shown in Figure 1 above, in an example embodiment, in order to improve the reliability and security of encrypted storage, the sensitive information in each user's user business row data pre-stored by the back-end server can be combined with The encrypted string and obfuscated characters are encrypted together. In subsequent queries, the query method can be determined based on the encryption method before matching the query. Based on this, the specific implementation process of step 130 may include:

First, when the business data query request is a front-end web page request to query the target user's business data, the regular matching expression is determined based on the length of obfuscated characters inserted before and/or after the replacement string in the user's business row data pre-stored in the database. ; Further perform database matching query based on regular matching expressions.

Specifically, a pre-built user business data list is stored in the database of the back-end server. The user business data list contains user business row data corresponding to different users. Each user business row data includes encrypted sensitive information of the corresponding user. and the corresponding user's business data. Each encrypted sensitive information is obtained by encrypting the keywords in the corresponding user's sensitive information by combining replacement strings and obfuscated characters. For example, when the sensitive information is a mobile phone number, the mobile phone number can be encrypted. The key numbers are first replaced with their corresponding replacement strings, and then several confusing characters are inserted in at least one place before the first replacement string, between adjacent replacement strings, and after the last replacement string. Obtain encrypted sensitive information.

Based on this, the backend server can determine a regular matching expression based on the length of confusing characters inserted before and/or after the replacement string in the user's business row data, so as to facilitate database matching queries based on the regular matching expression.

For example, if the encrypted sensitive information after inserting 4 obfuscated characters between the two replacement strings in the user business row data in the database is "actdsfab", and both "ac" and "ab" in "actdsfab" are When replacing the string, you can determine that the confusing character is "tdsf" and its length is 4. At this time, you can determine that the regular matching expression is ac[a-z]{4}ab.

In the data query method provided by the embodiment of the present invention, the back-end server performs database matching query through a regular matching expression determined based on the length of obfuscated characters inserted before and/or after the replacement string in the user's business row data, which can not only ensure Encrypted sensitive information is more difficult to crack, and it also effectively improves the security of encrypted storage of sensitive information and fully supports the reliability of fuzzy search.

Based on the data query method shown in Figure 1 above, in an example embodiment, in order to ensure that the encrypted and stored sensitive information can support fully fuzzy search in the later stage, the back-end server can pre-construct the sensitive information and business data of different users. User business data list. The specific process of the user business data list may include:

First, for each user's sensitive information to be stored, based on the preset mapping relationship between query keywords and replacement strings, determine the query keyword in the user's sensitive information and at least two replacement characters corresponding to the query keyword. string, and insert the pre-configured target obfuscation string before and/or after the replacement string to determine the user's encryption sensitive information; then, based on each user's respective encryption sensitive information and each user's respective business data, build the user business Data list; the number of user business row data contained in the user business data list is the same as the number of users to be stored.

Among them, sensitive information may include but is not limited to at least one of the user's name, ID number, mobile phone number, home address, bank account number, email address, medical information, educational background and other personal privacy data that the user does not want to disclose.

Specifically, for each user's sensitive information, the back-end server can select some or all of the keywords as query keywords for encryption. For example, when the sensitive information is a mobile phone number, some or all of the digits in the mobile phone number can be selected as the query. Keywords are encrypted; the encryption method can determine the replacement string corresponding to the query keyword based on the replacement string configured in advance for each keyword, and then insert the pre-configured target obfuscation before and/or after the determined replacement string. string.

For example, after referring to Table 1 to encrypt the query keyword of mobile phone number "15010424288" according to the replacement string and target confusion characters, the encrypted sensitive information obtained can be:

acacweffdeopabffabacnvacabrtffweopabcdcdrtweabwecdffuinvopnvnv; and every two black bold characters in the encrypted sensitive information are replacement strings corresponding to numbers, and the 4 characters between every two adjacent black bold characters are target confusion characters. In this way, each user's encrypted sensitive information can be obtained.

When the back-end server obtains the encrypted sensitive information of all users to be encrypted and stored, it can match all the encrypted sensitive information with the corresponding user's business data, and each user's encrypted sensitive information and its business data can be in the form of row data Displayed in the corresponding row of the list, you can get the constructed user business data list.

It should be noted that the preconfigured target obfuscation characters are inserted before and/or after the determined replacement string, the length of the inserted target obfuscation characters is the same, and the same number of inserted target obfuscation strings are all different.

In the data query method provided by the embodiment of the present invention, the back-end server encrypts the sensitive information of different users through the encryption method of replacing the string and the target obfuscation string, and then encrypts each encrypted sensitive information obtained by encryption and each user's respective Business data is constructed as a user business data list in the form of list row data. In this way, the combination of replacement encryption and obfuscated code encryption can ensure that encrypted sensitive information is more difficult to crack, and supports fully fuzzy search, providing reliable guarantee for the accuracy and reliability of subsequent data queries.

It should be noted that there is no need to agree in advance between the front-end and the back-end on the encryption and decryption methods of encrypting sensitive information by replacing strings and target obfuscation codes to prevent leakage of sensitive information. When querying data later, only the user input on the front-end web page is required. The query keywords are sensitive information, and the back-end server can perform database matching queries.

Based on the data query method shown in Figure 1 above, in an example embodiment, the back-end server can query the target obfuscation string inserted before and/or after the encrypted replacement string in the database through each preconfigured query. The replacement string corresponding to each keyword is determined. Based on this, the data query method provided by the present invention may also include:

For each target confusion string, determine the target confusion string that meets the length requirements of the confusion characters from the replacement strings corresponding to all preset query keywords.

Specifically, the back-end server can pre-configure the length of the target obfuscation characters contained in each target obfuscation string for the target obfuscation string inserted before and/or after the encrypted replacement string in the database, that is, the obfuscation character The length requirement can be pre-configured, and each target obfuscation string that meets the obfuscation character length requirement can be at least one replacement string among the pre-configured replacement strings corresponding to all query keywords. For example, as shown in Table 1, for the replacement strings corresponding to each number, if the pre-configured obfuscation character length is 4, you can randomly obtain 2 replacement strings with a character length of 2 to generate a target obfuscation character containing 4 obfuscation characters. String "acwe", "deop" or "rtff".

It should be noted that for each user's sensitive information, if N replacement strings need to be determined, N target confusion strings can be inserted. For example, if 11 replacement strings are determined for sensitive information such as a mobile phone number for encryption, then 11 target obfuscation strings can be determined to be inserted; or, if 4 replacement strings are determined, 4 target obfuscation characters can be inserted. string. Moreover, for the determined N target confusion strings, the target confusion string can be inserted before the first replacement string, or after the last replacement string, or between every two adjacent ones. The corresponding target confusion strings are inserted between the replacement strings; each two target confusion strings contain the same number of confusion characters, and each two target confusion strings are different.

It should also be noted that the total length of obfuscated characters for each target obfuscated string is the same as the total length of the replacement string. For example, when the replacement string is de, the target obfuscation string can be 3Y and contain 2 characters, both of which have a length of 2.

In the data query method provided by the embodiment of the present invention, the back-end server determines each target obfuscation string through the pre-configured replacement string corresponding to each query keyword, which improves the reliability and convenience of determining the target obfuscation string.

Based on the data query method shown in Figure 1 above, in an example embodiment, the back-end server can randomly select the target confusion string inserted before and/or after the encrypted replacement string in the database from different types of characters. Generate obfuscated strings for each target. Based on this, the data query method provided by the present invention may also include:

For each target confusion string, the target confusion string that meets the length requirements of the confusion characters is randomly generated from preset different types of characters.

Specifically, for the target obfuscation string inserted before and/or after the encrypted replacement string in the database, the back-end server can randomly select from uppercase letters, lowercase letters, numbers, underscores and special characters that meet the obfuscation character length requirements. Multiple characters are used as a target obfuscation string; in this way, several target obfuscation strings to be inserted can be determined.

For example, the randomly generated target obfuscated code with length 3 is aB1, or it can be 9M_, or it can be m@T.

In the data query method provided by the embodiment of the present invention, the back-end server randomly generates each target obfuscation string that meets the obfuscation character length requirements from different types of characters, thereby improving the convenience and reliability of determining the target obfuscation string.

Based on the data query method shown in Figure 1 above, in an example embodiment, the back-end server can query the target obfuscation string inserted before and/or after the encrypted replacement string in the database through each preconfigured query. The replacement strings and different types of characters corresponding to the keywords determine each target obfuscation string. Based on this, the data query method provided by the present invention may also include:

For each target confusion string, the target confusion string that meets the length requirements of the confusion characters is determined based on the replacement strings and different types of characters corresponding to all the preset query keywords.

Specifically, the back-end server can insert the target obfuscation string before and/or after the encrypted replacement string in the database from uppercase letters, lowercase letters, numbers, underscores and special characters, as well as pre-configured query keywords. In the respective replacement strings, multiple characters that meet the obfuscation character length requirements are determined as a target obfuscation string. In this way multiple target obfuscated strings to be inserted are determined.

For example, if you need to determine a target confusion string with a length of 5, you can combine Table 1 and different types of characters. The determined target confusion string can be ab_we, cd#M8, or 6@rt0.

In the data query method provided by the embodiment of the present invention, the back-end server randomly generates each target obfuscation string that meets the obfuscation character length requirements from the pre-configured replacement strings corresponding to each query keyword and different types of characters, thereby improving the efficiency of the data query. Determine the flexibility and reliability of each target obfuscation string.

Based on the data query method shown in Figure 1 above, in an example embodiment, after matching the query through the database, the back-end server can encrypt the query results and feed them back to the front-end web page or feed back the query failure results. Based on this, the data query method provided by the present invention may also include:

When at least one target business data is queried, the at least one target business data queried is encrypted, and the encrypted target encrypted business data is fed back to the front-end web page; when the target business data is not queried, Feed back query failure prompt information to the front-end web page.

Specifically, because of each encrypted sensitive information stored in the database of the back-end server, the inserted target obfuscation string contains the same number of target obfuscation characters (that is, the length) but the two adjacent target obfuscation strings are different. Therefore, when performing a database matching query based on the encrypted target encrypted string, a completely fuzzy search can be achieved; for example, when the target encrypted string is wecdnvnv and the regular matching expression is we[a-z]{4}cd[a-z]{4} nv[a-z]{4}nv, if the target encrypted sensitive information weabwecdffuinvopnvnv that matches the regular matching expression is searched after performing a database matching query, it can be determined that the target user to be queried and its corresponding target business data exist in the database , at this time, the target business data of the target user can be encrypted and fed back to the front-end web page; the encryption method here can be a reversible encryption method, or other encryption methods pre-agreed with the front-end web page. The present invention does not specifically limit this.

Correspondingly, if the database matching query does not find the target encrypted sensitive information that matches the regular matching expression, a prompt message indicating that the query failed can be fed back to the front-end web page. This prompt message can also prompt the user to check whether the input is not sensitive information. Target query keywords, and/or prompt the front-end web page to check whether the encryption method and encryption key are valid; further, if the query fails again after modification and/or inspection, or the cumulative number of queries exceeds the preset threshold ( For example, 3 times), it can be determined that the target user of the required query and all its information are not stored in the database.

In the data query method provided by the embodiment of the present invention, the back-end server improves the security of information transmission between the front-end and the back-end by encrypting the queried target business data and feeding it back to the front-end web page, or feeding back prompt information of failed query to the front-end web page. performance and reliability.

The data query device provided by the present invention is described below. The data query device described below and the data query method described above can be referenced correspondingly.

Referring to Figure 2, which is a schematic structural diagram of a data query device provided by the present invention. As shown in Figure 2, the data query device 200 includes: a data decryption module 210, a replacement encryption module 220 and a data query module 230.

The data decryption module 210 is used to decrypt the encrypted query keyword in response to the business data query request.

The replacement encryption module 220 is used to perform character replacement encryption processing on the decrypted target query keyword, and determine the target encrypted string corresponding to the target query keyword.

The data query module 230 is used to perform database matching queries based on the target encrypted string.

Optionally, the replacement encryption module 220 is specifically configured to determine the target replacement string corresponding to the target query keyword based on the preset mapping relationship between the query keyword and the replacement string; according to the order of the target query keyword, Arrange each target replacement string to determine the target encrypted string corresponding to the target query keyword.

Optionally, the data query module 230 is specifically configured to, when the business data query request is a front-end web page request to query the business data of the target user, insert the string before and/or after the replacement string in the user's business row data pre-stored in the database. The length of the obfuscated characters determines the regular matching expression; a database matching query is performed based on the regular matching expression.

Optionally, the data query module 230 is specifically configured to determine the query keywords in the user's sensitive information based on the preset query keyword-replacement string mapping relationship for each user's sensitive information to be stored. Query the replacement string corresponding to the keyword, and insert the pre-configured target obfuscation string before and/or after the replacement string to determine the user's encryption sensitive information; based on each user's respective encryption sensitive information and each user's respective business data to construct a user business data list; the number of user business row data contained in the user business data list is the same as the number of users to be stored.

Optionally, the data query module 230 is specifically configured to, for each target confusion string, determine the target confusion string that meets the length requirements of the confusion characters from the replacement strings corresponding to all preset query keywords.

Optionally, the data query module 230 is specifically configured to, for each target confusion string, randomly generate a target confusion string that meets the length requirements of the confusion characters from preset different types of characters.

Optionally, the data query module 230 is specifically configured to, for each target obfuscated string, determine the target obfuscated string that meets the obfuscated character length requirements based on the replacement strings and different types of characters corresponding to all preset query keywords.

Optionally, the data query device provided by the present invention may also include a data feedback module, configured to encrypt at least one of the queried target business data when at least one target business data is queried, and the encrypted result is The target encrypted business data is fed back to the front-end web page; if the target business data is not queried, a query failure message is fed back to the front-end web page.

The data query device 200 provided by the present invention can execute the technical solution of the data query method in any of the above embodiments. Its implementation principle and beneficial effects are similar to those of the data query method. Please refer to the implementation principle of the data query method. and beneficial effects, which will not be described in detail here.

Figure 3 illustrates a schematic diagram of the physical structure of an electronic device. As shown in Figure 3, the electronic device may include: a processor (processor) 310, a communication interface (Communications Interface) 320, a memory (memory) 330 and a communication bus 340, where , the processor 310, the communication interface 320, and the memory 330 complete communication with each other through the communication bus 340. The processor 310 can call logical instructions in the memory 330 to execute a data query method, which method includes:

In response to the business data query request, decrypt the encrypted query keyword; perform character replacement encryption processing on the decrypted target query keyword to determine the target encrypted string corresponding to the target query keyword; perform database matching query based on the target encrypted string .

In addition, the above-mentioned logical instructions in the memory 330 can be implemented in the form of software functional units and can be stored in a computer-readable storage medium when sold or used as an independent product. Based on this understanding, the technical solution of the present invention essentially or the part that contributes to the existing technology or the part of the technical solution can be embodied in the form of a software product. The computer software product is stored in a storage medium, including Several instructions are used to cause a computer device (which may be a personal computer, a server, or a network device, etc.) to execute all or part of the steps of the methods described in various embodiments of the present invention. The aforementioned storage media include: U disk, mobile hard disk, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), magnetic disk or optical disk and other media that can store program code.

On the other hand, the present invention also provides a computer program product. The computer program product includes a computer program. The computer program can be stored on a non-transitory computer-readable storage medium. When the computer program is executed by a processor, the computer can Execute the data query method provided by each of the above methods, which includes:

In response to the business data query request, decrypt the encrypted query keyword; perform character replacement encryption processing on the decrypted target query keyword to determine the target encrypted string corresponding to the target query keyword; perform database matching query based on the target encrypted string .

On the other hand, the present invention also provides a non-transitory computer-readable storage medium on which a computer program is stored. The computer program is implemented when executed by the processor to execute the data query method provided by each of the above methods. The method includes:

In response to the business data query request, decrypt the encrypted query keyword; perform character replacement encryption processing on the decrypted target query keyword to determine the target encrypted string corresponding to the target query keyword; perform database matching query based on the target encrypted string .

The device embodiments described above are only illustrative. The units described as separate components may or may not be physically separated. The components shown as units may or may not be physical units, that is, they may be located in One location, or it can be distributed across multiple network units. Some or all of the modules can be selected according to actual needs to achieve the purpose of the solution of this embodiment. Persons of ordinary skill in the art can understand and implement the method without any creative effort.

Through the above description of the embodiments, those skilled in the art can clearly understand that each embodiment can be implemented by software plus a necessary general hardware platform, and of course, it can also be implemented by hardware. Based on this understanding, the part of the above technical solution that essentially contributes to the existing technology can be embodied in the form of a software product. The computer software product can be stored in a computer-readable storage medium, such as ROM/RAM, magnetic disk, optical disk, etc., including a number of instructions to cause a computer device (which can be a personal computer, a server, or a network device, etc.) to execute the methods described in various embodiments or certain parts of the embodiments.

Finally, it should be noted that the above embodiments are only used to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, those of ordinary skill in the art should understand that it can still be used Modifications are made to the technical solutions described in the foregoing embodiments, or equivalent substitutions are made to some of the technical features; however, these modifications or substitutions do not cause the essence of the corresponding technical solutions to deviate from the spirit and scope of the technical solutions of the embodiments of the present invention.

Claims (11)

1. A method of querying data, comprising:

decrypting the encrypted query key in response to the service data query request;

performing character replacement encryption processing on the target query keyword obtained by decryption, and determining a target encryption character string corresponding to the target query keyword;

and carrying out database matching query based on the target encryption character string.

2. The data query method according to claim 1, wherein the performing the character replacement encryption processing on the target query keyword obtained by decryption to determine the target encrypted character string corresponding to the target query keyword includes:

Determining target replacement character strings corresponding to the target query keywords respectively based on a mapping relation between preset query keywords and the replacement character strings;

and arranging the target replacement character strings according to the sequence of the target query keywords, and determining the target encryption character strings corresponding to the target query keywords.

3. The data query method of claim 1, wherein performing a database matching query based on the target encrypted string comprises:

determining a regular matching expression based on the length of confusion characters inserted before and/or after the replacement of character strings in user business line data stored in advance in a database under the condition that the business data query request is a front-end webpage request for querying the business data of a target user;

and carrying out database matching query based on the regular matching expression.

4. A data query method as claimed in claim 3, wherein the method further comprises:

aiming at sensitive information of each user to be stored, determining a query keyword in the sensitive information of the user and a replacement character string corresponding to the query keyword based on a mapping relation between a preset query keyword and the replacement character string, and respectively inserting a preset target confusion character string before and/or after the replacement character string to determine encrypted sensitive information of the user;

Constructing the user service data list based on the encryption sensitive information of each user and the service data of each user; the number of user service line data contained in the user service data list is the same as the number of users to be stored.

5. The data query method of claim 4, wherein the method further comprises:

and determining the target confusion character strings meeting the confusion character length requirement from the preset replacement character strings corresponding to all the query keywords respectively aiming at each target confusion character string.

6. The data query method of claim 4, wherein the method further comprises:

and randomly generating target confusion character strings meeting the length requirements of the confusion characters from preset different types of characters aiming at each target confusion character string.

7. The data query method of claim 4, wherein the method further comprises:

and determining the target confusion character strings meeting the confusion character length requirement based on the preset replacement character strings and different types of characters corresponding to all the query keywords.

8. The data query method of any one of claims 1 to 7, further comprising:

under the condition that at least one piece of target service data is inquired, encrypting the inquired at least one piece of target service data, and feeding the encrypted target encrypted service data back to the front-end webpage;

and under the condition that the target service data is not queried, feeding back prompt information of query failure to the front-end webpage.

9. A data query device, comprising:

the data decryption module is used for decrypting the encrypted query keyword in response to the service data query request;

the replacing encryption module is used for carrying out character replacing encryption processing on the target query keyword obtained by decryption and determining a target encryption character string corresponding to the target query keyword;

and the data query module is used for carrying out database matching query based on the target encryption character string.

10. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the data query method of any of claims 1 to 8 when the program is executed by the processor.

11. A non-transitory computer readable storage medium having stored thereon a computer program, which when executed by a processor implements the data query method of any of claims 1 to 8.