CN110378128A - Data ciphering method, device and terminal device - Google Patents
Data ciphering method, device and terminal device Download PDFInfo
- Publication number
- CN110378128A CN110378128A CN201910522963.0A CN201910522963A CN110378128A CN 110378128 A CN110378128 A CN 110378128A CN 201910522963 A CN201910522963 A CN 201910522963A CN 110378128 A CN110378128 A CN 110378128A
- Authority
- CN
- China
- Prior art keywords
- data
- clear data
- encryption
- application server
- clear
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 65
- 230000005540 biological transmission Effects 0.000 claims abstract description 23
- 238000003860 storage Methods 0.000 claims abstract description 19
- 238000004590 computer program Methods 0.000 claims description 14
- 230000032258 transport Effects 0.000 claims 1
- 238000005516 engineering process Methods 0.000 abstract description 5
- 238000013500 data storage Methods 0.000 abstract description 4
- 238000004422 calculation algorithm Methods 0.000 description 8
- 238000010586 diagram Methods 0.000 description 8
- 230000006870 function Effects 0.000 description 7
- 238000012545 processing Methods 0.000 description 4
- 238000004364 calculation method Methods 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 238000007726 management method Methods 0.000 description 2
- 238000012544 monitoring process Methods 0.000 description 2
- 238000007792 addition Methods 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 238000000151 deposition Methods 0.000 description 1
- 238000009826 distribution Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000005611 electricity Effects 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000005457 optimization Methods 0.000 description 1
- 238000000926 separation method Methods 0.000 description 1
- 239000002699 waste material Substances 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6227—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Health & Medical Sciences (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Bioethics (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
Abstract
The present invention is suitable for field of computer technology, provides a kind of data ciphering method, device and terminal device, and the data ciphering method is applied to encryption server, comprising: obtains the clear data that application server is sent;If it is determined that the clear data belongs to encrypted object, then the clear data is encrypted, generates encryption data, and store the encryption data;If receiving the instruction of the acquisition clear data of application server transmission, the encryption data is decrypted to obtain the clear data, and the clear data is fed back to the application server.Present invention optimizes application server for storage resource and improve database server data storage safety.
Description
Technical field
The invention belongs to field of computer technology more particularly to a kind of data ciphering methods, device and terminal device.
Background technique
It is a kind of simply and manageable to being that application server is that web application or client application etc. provide
The access mechanism for resource of uniting.
But as the number of visiting people of client or website is more and more, application server is gradually unable to meet demand, it is special
It is not when business datum is more and more, the memory space of application server is obviously insufficient.
For this deficiency, the prior art, which provides, a kind of to be stored the business datum of application server to database server
Scheme.But the business datum stored in application server is all uploaded to database server by the program, will cause number
According to the unnecessary storage resource waste of library server, while it will also result in the low problem of storage efficiency.On the other hand, business datum
It is stored in database server and also exists simultaneously the risk stolen by hacker.
Summary of the invention
In view of this, the embodiment of the invention provides a kind of data ciphering method, device and terminal device, it is existing to solve
The technical problem that application server for storage resource optimization existing for technology is inadequate and database server safety is poor.
The first aspect of the embodiment of the present invention provides a kind of data ciphering method, and the data ciphering method is applied to number
According to library server, comprising:
Obtain the clear data that application server is sent;
If it is determined that the clear data belongs to encrypted object, then the clear data is encrypted, generates encryption data,
And store the encryption data;
If receiving the instruction of the acquisition clear data of application server transmission, the encryption data is solved
It is close to obtain the clear data, and the clear data is fed back into the application server.
The second aspect of the embodiment of the present invention provides a kind of data encryption device, and the data encryption device is configured at number
According to library server, comprising:
Receiving unit, for obtaining the clear data of application server transmission;
Encryption and storage unit, for if it is determined that the clear data belongs to encrypted object, then to the clear data into
Row encryption, generates encryption data, and store the encryption data;
Decryption and feedback unit, if the instruction of the acquisition clear data for receiving application server transmission,
The encryption data is decrypted to obtain the clear data, and the clear data is fed back into the application server.
The third aspect of the embodiment of the present invention provides a kind of terminal device, including memory and processor, described to deposit
The computer program that can be run on the processor is stored in reservoir, when the processor executes the computer program,
Realize following steps:
Obtain the clear data that application server is sent;
If it is determined that the clear data belongs to encrypted object, then the clear data is encrypted, generates encryption data,
And store the encryption data;
If receiving the instruction of the acquisition clear data of application server transmission, the encryption data is solved
It is close to obtain the clear data, and the clear data is fed back into the application server.
The fourth aspect of the embodiment of the present invention provides a kind of computer readable storage medium, the computer-readable storage
Media storage has computer program, and the computer program realizes following steps when being executed by processor:
Obtain the clear data that application server is sent;
If it is determined that the clear data belongs to encrypted object, then the clear data is encrypted, generates encryption data,
And store the encryption data;
If receiving the instruction of the acquisition clear data of application server transmission, the encryption data is solved
It is close to obtain the clear data, and the clear data is fed back into the application server.
In embodiments of the present invention, by distinguishing the business datum of application server, when judgement business datum category
In sensitive objects, i.e., in the case where encrypted object, business datum encryption is stored to database server, application is optimized
The storage resource of device server also improves the safety of database server data storage.
Detailed description of the invention
It to describe the technical solutions in the embodiments of the present invention more clearly, below will be to embodiment or description of the prior art
Needed in attached drawing be briefly described, it should be apparent that, the accompanying drawings in the following description is only of the invention some
Embodiment for those of ordinary skill in the art without any creative labor, can also be according to these
Attached drawing obtains other attached drawings.
Fig. 1 is a kind of running environment schematic diagram of data ciphering method provided in an embodiment of the present invention;
Fig. 2 is a kind of specific implementation flow chart of data ciphering method provided in an embodiment of the present invention;
Fig. 3 is the specific implementation flow chart of another data ciphering method provided in an embodiment of the present invention;
Fig. 4 is the specific implementation flow chart of another data ciphering method provided in an embodiment of the present invention;
Fig. 5 is a kind of structural schematic diagram of data encryption device provided in an embodiment of the present invention;
Fig. 6 is the structural schematic diagram of another data encryption device provided in an embodiment of the present invention;
Fig. 7 is the schematic diagram of terminal device provided in an embodiment of the present invention.
Specific embodiment
In being described below, for illustration and not for limitation, the tool of such as particular system structure, technology etc is proposed
Body details, to understand thoroughly the embodiment of the present invention.However, it will be clear to one skilled in the art that there is no these specific
The present invention also may be implemented in the other embodiments of details.In other situations, it omits to well-known system, device, electricity
The detailed description of road and method, in case unnecessary details interferes description of the invention.
In order to illustrate technical solutions according to the invention, the following is a description of specific embodiments.
Fig. 1 shows the running environment schematic diagram of data ciphering method provided in an embodiment of the present invention.Data ciphering method
Network system as described in Figure 1 is run on, as shown in Figure 1, network system includes terminal device 11, application server 12, sum number
According to library server 13.Terminal device 11, application server 12 and database server 13 are interacted to realize data encryption
Process.Terminal device 11 and application server 12 communicate to connect, and application server 12 and database server 13 communicate to connect.Its
In, application server 12 can be the web application installed on terminal device 11 or the corresponding backstage of client application
Server.Database server 13 can be also possible to database server cluster for single database server, for can be with
For storing the server for the network service data that web application or client application generate.Database server 13
It may include processor, memory and transmission part etc., processor can be used for carrying out following data ciphering methods, memory
It can be used for storing the data of the data and generation that need in following data encryption process, transmission part can be used for being counted
According to the reception and transmission of data in the server communication management process of library.
As shown in Figure 1, terminal device 11 is smart phone, in other embodiments of the present invention, terminal device can also be
Desktop computer, tablet computer, personal digital assistant (PDA) or wearable device etc..Database server can be redis number
According to library server or Cloud Server etc..In the embodiment shown in fig. 1, for the safety of communication, only terminal device 11 is in
In outer network environment, application server 12 and database server 13 are in intranet environment.
It should be noted that in other embodiments of the present invention, terminal device 11, application server 12 and database take
The quantity of business device 13 can change, such as can be 2 to 5, even more.In other embodiments of the present invention, no
Same application server can be with shared database server, alternatively, each application server corresponds to a database server.
These can be determined by user demand, can carry out selection setting, and Fig. 1 cannot be construed to concrete restriction of the invention.
Fig. 2 shows the implementation flow chart of data ciphering method provided in an embodiment of the present invention, this method process includes step
Rapid S201 to S203.Situation of this method suitable for the business datum application server to be transferred to database server.It should
Method is executed by data encryption device, and the data encryption device is configured at database server shown in FIG. 1, can be by software
And/or hardware realization.The specific implementation principle of each step is as follows.
S201 obtains the clear data that application server is sent.
Wherein, clear data refer to application program generate network service data, for example including but be not limited to user letter
Breath etc..
The network service data that user generates during accessing application server by terminal device, will be from application service
Device is stored to encryption server, at this point, encryption server obtains the clear data that application server is sent.That is, encryption
After server receives the clear data that application server is sent, judges whether the clear data belongs to encrypted object, i.e., whether belong to
In sensitive data.
S202 then encrypts the clear data if it is determined that the clear data belongs to encrypted object, generates encryption
Data, and store the encryption data.
In embodiments of the present invention, after database server receives the clear data of application server transmission, judgement
Whether the clear data belongs to encrypted object, if so, encrypting, generating encryption data and storing to the clear data;
If it is not, not encrypted to the clear data then.
Wherein, by judge clear data whether data encryption object, to clear data, the i.e. business datum of application program
It distinguishes, when business datum is related to sensitive data, is then encrypted in database server.
When encrypting to clear data, illustratively, encrypting fingerprint algorithm and the code key being currently generated can use,
Obtain the corresponding encryption data of the clear data.Wherein, the encrypting fingerprint algorithm can be the symmetrical calculation in national secret algorithm
Method (Sm1, Sm2), asymmetric arithmetic (Sm2), hash algorithm (Sm3), or be customized Encryption Algorithm of other users etc..This
Place is merely illustrative, and is not expressed as limiting the scope of the invention.
Wherein, the code key includes encryption code key and decryption code key, and the encryption code key and the decryption code key can
Think identical code key, or different code keys.For example, the encryption is secret when the Encryption Algorithm is symmetry algorithm
Key and the decryption code key are that symmetrical code key, the i.e. encryption of data and decryption use the same code key.With enciphering/deciphering speed
Fastly, it is suitable for the case where encrypting to big data quantity, but code key difficult management.When the Encryption Algorithm is asymmetric arithmetic
When, the encryption code key and the decryption code key are asymmetric code key, i.e., encryption reconciliation is respectively completed using different code keys
Close operation has the characteristics that public-key mechanism is flexible, but enciphering/deciphering speed is slow.It in practical applications, can be according to actual needs
It is chosen, not as limitation of the invention.
For example, using rivest, shamir, adelman in an embodiment of the present invention, database server is every between preset time
The safety of encryption data is further improved since the code key generated every time is not identical every generating a pair of of public key and private key.Tool
Body, database server generates a pair of of code key, a pair of of code key packet every prefixed time interval by a random number generator
Private key and public key are included, private key and public key are stored in database server, in addition, private key and public key are stored in specially
In the second server for storing code key.
It is understood that in embodiments of the present invention, the clear data for belonging to sensitive data is encrypted, generation pair
The ciphertext data of clear data described in Ying Yu mention so as to not store the clear data in database server directly
The high safety of data.Further, since the dynamic service data of database server itself is for developer and can not
See, even developer can not also know the dynamic service data of database server, ensure that the safety of data storage.
It should be noted that can be not added as an embodiment of the present invention for the clear data for being not belonging to encrypted object
Close processing is directly stored to database server;As another embodiment of the present invention, the clear data place can not be encrypted into
Application server is stored directly in after reason, without being stored in database server, to optimize the storage of database server
Resource.
S203, if the instruction of the acquisition clear data of application server transmission is received, to the encryption data
It is decrypted to obtain the clear data, and the clear data is fed back into the application server.
In embodiments of the present invention, when database server receives the acquisition clear data of application server transmission
Instruction after, the corresponding encryption data of the clear data is decrypted, to obtain the clear data to feed back
To the application server.
In embodiments of the present invention, by distinguishing the business datum of application server, when judgement business datum category
In the case where sensitive objects, business datum encryption is stored to database server, depositing for application server is optimized
Resource is stored up, the safety of database server data storage is also improved.
Another embodiment of the present invention provides the implementation processes of another data ciphering method, and this method is in Fig. 2 embodiment
On the basis of be further improved, to how to judge clear data whether belong to encrypted object process carried out it is specific excellent
Change.As shown in figure 3, the data ciphering method includes step S301 to S305.It should be noted that the embodiment and Fig. 2 are implemented
Example something in common repeats no more, in place of the corresponding description for referring to Fig. 2 embodiment.
S301 obtains the clear data that application server is sent.
S302, judges whether the clear data belongs to encrypted object.
In embodiments of the present invention, sensitive keys character library has been preset in database server, if sensitive keys character library includes
Dry sensitive keys word, sensitive keys word are provided by the experienced engineer in this field, belong to the object based on experience setting.It needs
It is noted that the sensitive keys word includes but is not limited to text, and letter, at least one of number and symbol etc..
Illustratively, whether step 302 includes: to judge in the clear data to include pre-set sensitive keys character library
In sensitive keys word execute step 303 if so, determining that the clear data belongs to encrypted object;If it is not, then determining institute
It states clear data and is not belonging to encrypted object.
Specifically, by introducing sensitive keys word monitoring technology in data server, it is in dynamic monitoring clear data
No there are sensitive keys words, and if it exists, is then encrypted.
In addition, in other embodiments of the present invention, the process of maintenance sensitive keys character library can also be increased, dynamically to library
In sensitive keys word carry out additions and deletions, achieve the effect that dynamic control, to further increase the accuracy of result.At this point, data
Library server receive user's triggering to the increasing of sensitive keys word in sensitive keys character library, delete or change operation and respond, thus more
New sensitive keys character library.Wherein, user can be SFC support, or system manager etc..
S303 then encrypts the clear data if it is determined that the clear data belongs to encrypted object, generates encryption
Data, and store the encryption data;
S304, if the instruction of the acquisition clear data of application server transmission is received, to the encryption data
It is decrypted to obtain the clear data, and the clear data is fed back into the application server.
In the embodiment of the present invention, by pre-set experience sensitive keys character library, comparing whether there is in clear data
Sensitive word, so that it is determined that whether clear data belongs to encrypted object, it is high-efficient.In addition, sensitive keys character library is updated by dynamic,
Further improve the accuracy of result.
Another embodiment of the present invention provides the implementation process of another data ciphering method, this method is real in Fig. 2 or Fig. 3
It applies and is further improved on the basis of example, data encryption and decryption processes are optimized.This is sentenced to implementation shown in Fig. 2
Example is illustrated for improving, as shown in figure 4, the data ciphering method includes step S401 to S403.It needs to illustrate
It is that the embodiment is repeated no more with Fig. 2 embodiment something in common, in place of the corresponding description for referring to Fig. 2 embodiment.
S401 obtains the clear data that application server is sent.
S402 then generates private cipher key k by random number generator if it is determined that the clear data belongs to encrypted object,
Public-key cryptography K=kG is generated according to the privately owned code key k, G is the basic point of default elliptic curve Ep (a, b);By the plaintext number
According to being encoded to the upper point M of default elliptic curve Ep (a, b), and generating random integers a r, r < n, n is the rank of the basic point G
Number;Calculate C1=M+rK;C2=rG, using C1 and C2 as the corresponding encryption data of the clear data;And store the encryption
Data.
In embodiments of the present invention, the elliptic curve Ep (a, b) for being suitble to encryption is preselected, illustratively, is selected
y2=x3+7.And it takes on the elliptic curve a bit, G as basic point.On the one hand elliptic curve selected by the present invention ensures calculating speed
Degree, on the other hand also ensures the safety of data.
After selected elliptic curve in the case where determining clear data for encrypted object, pass through random number generator
Private cipher key k is generated, public-key cryptography K=kG is then generated according to the privately owned code key k, G is default elliptic curve Ep (a, b)
Basic point.
Then the clear data is encoded to the upper point M of default elliptic curve Ep (a, b) again, and generation one random whole
Number r, r < n, n are the order of the basic point G.
Finally calculate C1=M+rK;C2=rG, using C1 and C2 as the corresponding encryption data of the clear data.
It is optionally, described that the clear data is encoded to the upper point M of default elliptic curve Ep (a, b) in step 402,
Include:
It handles the clear data progress decimal system to obtain decimal system plaintext m, using the decimal system plaintext m as described in
The abscissa of default elliptic curve, substitutes into the default elliptic curve, obtains the ordinate of the default elliptic curve, will be described
Abscissa and the ordinate combine to form the upper point M of the default elliptic curve Ep (a, b).
S403 obtains the encryption number if receiving the instruction of the acquisition clear data of application server transmission
According to C1 and C2, C1-kC2 is calculated, point M is obtained;Point M is decoded to obtain the corresponding clear data of the encryption data, and will
The clear data feeds back to the application server.
In embodiments of the present invention, due to C1-kC2=M+rK-k (rG)=M+rK-r (kG)=M, then point M is solved
Code can be obtained by clear data.
On the one hand the embodiment of the present invention can ensure the safety of encryption data, separately by the encryption method of elliptic curve
On the one hand can also allow ciphering process is unlikely to too slow, maximumlly optimizes system resource.
Another embodiment of the present invention provides the implementation processes of another data ciphering method, further, in above-mentioned Fig. 2
To Fig. 4 any embodiment, clear data is sent to the process and data of database server in application server
Library server feedback clear data can also be into order to further ensure the safe transmission of data to the process of application server
Clear data is encrypted in one step, and the process of this encryption can add clear data with database server
Close process is identical, can also be different, and specific encryption method refers to the description of previous embodiment, and details are not described herein again.
In embodiments of the present invention, illustratively, the clear data for obtaining application server and sending, comprising: obtain
Application server send by encrypted clear data.
It is described that the clear data is fed back into the application server, comprising: after the clear data is passed through encryption
Feed back to the application server.
It should be noted that working as the case where encrypted clear data is sent to database server by application server
Under, database server first needs for clear data to be decrypted, and then carries out Fig. 2 again and adds to the data of embodiment illustrated in fig. 4
Close process stores clear data encryption to database server.
In the case that encrypted clear data is fed back to application server by database server, application server is needed
It first to decrypt to obtain clear data.
The transmission process of the embodiment of the present invention, application server and database server has carried out data encryption, into one
Step improves the safety of data.
Corresponding to, based on data ciphering method, Fig. 5 shows number provided in an embodiment of the present invention described in foregoing embodiments
According to the structural block diagram of encryption device, for ease of description, only parts related to embodiments of the present invention are shown.
Referring to Fig. 5, data encryption device is configured at database server, comprising:
Receiving unit 51, for obtaining the clear data of application server transmission;
Encryption and storage unit 52, for if it is determined that the clear data belongs to encrypted object, then to the clear data
It is encrypted, generates encryption data, and store the encryption data;
Decryption and feedback unit 53, if the instruction of the acquisition clear data for receiving application server transmission,
Then the encryption data is decrypted to obtain the clear data, and the clear data is fed back into the application service
Device.
Optionally, as shown in fig. 6, the data encryption device further includes judging unit 54, for judging the plaintext number
According to whether belonging to encrypted object.
Optionally, the judging unit 54, is specifically used for:
Judge whether including the sensitive keys word in pre-set sensitive keys character library in the clear data, if so,
Then determine that the clear data belongs to encrypted object;If it is not, then determining that the clear data is not belonging to encrypted object.
Optionally, the encryption and storage unit 52, are specifically used for:
If receiving the instruction of the acquisition clear data of application server transmission, generated by random number generator
Private cipher key k generates public-key cryptography K=kG according to the privately owned code key k, and G is the basic point of default elliptic curve Ep (a, b);It will
The clear data is encoded to the upper point M of default elliptic curve Ep (a, b), and it is described for generating random integers a r, r < n, n
The order of basic point G;Calculate C1=M+rK;C2=rG using C1 and C2 as the corresponding encryption data of the clear data, and is stored
The encryption data.
Optionally, the decryption and feedback unit 53, are specifically used for:
If receiving the instruction of the acquisition clear data of application server transmission, obtain the encryption data C1 and
C2 calculates C1-kC2, obtains point M;Point M is decoded to obtain the corresponding clear data of the encryption data, and will be stated clearly
Literary data feedback is to the application server.
It is optionally, described that the clear data is encoded to the upper point M of default elliptic curve Ep (a, b), comprising:
It handles the clear data progress decimal system to obtain decimal system plaintext m, using the decimal system plaintext m as described in
The abscissa of default elliptic curve, substitutes into the default elliptic curve, obtains the ordinate of the default elliptic curve, will be described
Abscissa and the ordinate combine to form the upper point M of the default elliptic curve Ep (a, b).
Optionally, the receiving unit 51, is specifically used for: obtain application server send by encrypted plaintext number
According to;
The decryption and feedback unit 53, are specifically used for: by the clear data by feeding back to the application after encryption
Server.
Fig. 7 is the schematic diagram for the terminal device that one embodiment of the invention provides.As shown in fig. 7, the terminal of the embodiment is set
Standby 8 include: processor 70, memory 71 and are stored in the meter that can be run in the memory 71 and on the processor 70
Calculation machine program 72, such as data encryption program.The processor 70 realizes above-mentioned each number when executing the computer program 72
According to the step in encryption method embodiment, such as step 201 shown in Fig. 2 is to 203.Alternatively, the processor 70 execute it is described
The function of each module/unit in above-mentioned each Installation practice, such as unit 51 to 53 shown in Fig. 5 are realized when computer program 72
Function.
Illustratively, the computer program 72 can be divided into one or more module/units, it is one or
Multiple module/units are stored in the memory 71, and are executed by the processor 70, to complete the present invention.Described one
A or multiple module/units can be the series of computation machine program instruction section that can complete specific function, which is used for
Implementation procedure of the computer program 72 in the terminal device 7 is described.
The terminal device 7 can be database server, and cloud server etc. calculates equipment.The terminal device can wrap
It includes, but is not limited only to, processor 70, memory 71.It will be understood by those skilled in the art that Fig. 7 is only showing for terminal device 7
Example, does not constitute the restriction to terminal device 7, may include components more more or fewer than diagram, or combine certain components,
Or different components, such as the terminal device can also include input-output equipment, network access equipment, bus etc..
Alleged processor 70 can be central processing unit (Central Processing Unit, CPU), can also be
Other general processors, digital signal processor (Digital Signal Processor, DSP), specific integrated circuit
(Application Specific Integrated Circuit, ASIC), ready-made programmable gate array (Field-
Programmable Gate Array, FPGA) either other programmable logic device, discrete gate or transistor logic,
Discrete hardware components etc..General processor can be microprocessor or the processor is also possible to any conventional processor
Deng.
The memory 71 can be the internal storage unit of the terminal device 7, such as the hard disk or interior of terminal device 7
It deposits.The memory 71 is also possible to the External memory equipment of the terminal device 7, such as be equipped on the terminal device 7
Plug-in type hard disk, intelligent memory card (Smart Media Card, SMC), secure digital (Secure Digital, SD) card dodge
Deposit card (Flash Card) etc..Further, the memory 71 can also both include the storage inside list of the terminal device 7
Member also includes External memory equipment.The memory 71 is for storing needed for the computer program and the terminal device
Other programs and data.The memory 71 can be also used for temporarily storing the data that has exported or will export.
It is apparent to those skilled in the art that for convenience of description and succinctly, only with above-mentioned each function
Can unit, module division progress for example, in practical application, can according to need and by above-mentioned function distribution by different
Functional unit, module are completed, i.e., the internal structure of described device is divided into different functional unit or module, more than completing
The all or part of function of description.Each functional unit in embodiment, module can integrate in one processing unit, can also
To be that each unit physically exists alone, can also be integrated in one unit with two or more units, it is above-mentioned integrated
Unit both can take the form of hardware realization, can also realize in the form of software functional units.In addition, each function list
Member, the specific name of module are also only for convenience of distinguishing each other, the protection scope being not intended to limit this application.Above system
The specific work process of middle unit, module, can refer to corresponding processes in the foregoing method embodiment, and details are not described herein.
In the above-described embodiments, it all emphasizes particularly on different fields to the description of each embodiment, is not described in detail or remembers in some embodiment
The part of load may refer to the associated description of other embodiments.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit
The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple
In network unit.It can select some or all of unit therein according to the actual needs to realize the mesh of this embodiment scheme
's.
If the integrated module/unit be realized in the form of SFU software functional unit and as independent product sale or
In use, can store in a computer readable storage medium.Based on this understanding, the present invention realizes above-mentioned implementation
All or part of the process in example method, can also instruct relevant hardware to complete, the meter by computer program
Calculation machine program can be stored in a computer readable storage medium.
Embodiment described above is merely illustrative of the technical solution of the present invention, rather than its limitations;Although referring to aforementioned reality
Applying example, invention is explained in detail, those skilled in the art should understand that: it still can be to aforementioned each
Technical solution documented by embodiment is modified or equivalent replacement of some of the technical features;And these are modified
Or replacement, the spirit and scope for technical solution of various embodiments of the present invention that it does not separate the essence of the corresponding technical solution should all
It is included within protection scope of the present invention.
Claims (10)
1. a kind of data ciphering method, which is characterized in that the data ciphering method is applied to database server, comprising:
Obtain the clear data that application server is sent;
If it is determined that the clear data belongs to encrypted object, then the clear data is encrypted, generates encryption data, and deposit
Store up the encryption data;
If receiving the instruction of the acquisition clear data of application server transmission, the encryption data is decrypted
The application server is fed back to the clear data, and by the clear data.
2. data ciphering method as described in claim 1, which is characterized in that the plaintext number for obtaining application server and sending
According to later, further includes:
Judge whether the clear data belongs to encrypted object.
3. data ciphering method as claimed in claim 2, which is characterized in that it is described judge the clear data whether belong to plus
Close object, comprising:
Judge whether including the sensitive keys word in pre-set sensitive keys character library in the clear data, if so, sentencing
The fixed clear data belongs to encrypted object;If it is not, then determining that the clear data is not belonging to encrypted object.
4. data ciphering method as claimed in claim 1 or 2, which is characterized in that it is described that the clear data is encrypted,
Generate encryption data, comprising:
Private cipher key k is generated by random number generator, public-key cryptography K=kG is generated according to the privately owned code key k, G is default
The basic point of elliptic curve Ep (a, b);
The clear data is encoded to the upper point M of default elliptic curve Ep (a, b), and generates random integers a r, r < n, n
For the order of the basic point G;
Calculate C1=M+rK;C2=rG, using C1 and C2 as the corresponding encryption data of the clear data.
5. data ciphering method as claimed in claim 4, which is characterized in that described to be decrypted to obtain to the encryption data
The clear data, comprising:
The encryption data C1 and C2 is obtained, C1-kC2 is calculated, obtains point M;
Point M is decoded to obtain the corresponding clear data of the encryption data.
6. data ciphering method as claimed in claim 4, which is characterized in that it is described the clear data is encoded to preset it is ellipse
The upper point M of circular curve Ep (a, b), comprising:
It handles the clear data progress decimal system to obtain decimal system plaintext m, using the decimal system plaintext m as described default
The abscissa of elliptic curve substitutes into the default elliptic curve, the ordinate of the default elliptic curve is obtained, by the horizontal seat
Mark and the ordinate combine to form the upper point M of the default elliptic curve Ep (a, b).
7. data ciphering method as claimed in claim 1 or 2, which is characterized in that
It is described obtain application server send clear data, comprising: obtain application server send by encrypted bright
Literary data;
It is described that the clear data is fed back into the application server, comprising:
By the clear data by feeding back to the application server after encryption.
8. a kind of data encryption device, which is characterized in that the data encryption device is configured at database server, comprising:
Receiving unit, for obtaining the clear data of application server transmission;
Encryption and storage unit, for if it is determined that the clear data belongs to encrypted object, then adding to the clear data
It is close, encryption data is generated, and store the encryption data;
Decryption and feedback unit, if the instruction of the acquisition clear data for receiving application server transmission, to institute
It states encryption data to be decrypted to obtain the clear data, and the clear data is fed back into the application server.
9. a kind of terminal device, including memory and processor, it is stored with and can transports on the processor in the memory
Capable computer program, which is characterized in that when the processor executes the computer program, realize such as claim 1 to 7 times
The step of data ciphering method described in one.
10. a kind of computer readable storage medium, the computer-readable recording medium storage has computer program, and feature exists
In the computer program realizes the step of data ciphering method as described in any one of claim 1 to 7 when being executed by processor
Suddenly.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910522963.0A CN110378128A (en) | 2019-06-17 | 2019-06-17 | Data ciphering method, device and terminal device |
| PCT/CN2020/086841 WO2020253380A1 (en) | 2019-06-17 | 2020-04-24 | Data encryption method and apparatus, and terminal device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910522963.0A CN110378128A (en) | 2019-06-17 | 2019-06-17 | Data ciphering method, device and terminal device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110378128A true CN110378128A (en) | 2019-10-25 |
Family
ID=68248966
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910522963.0A Pending CN110378128A (en) | 2019-06-17 | 2019-06-17 | Data ciphering method, device and terminal device |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN110378128A (en) |
| WO (1) | WO2020253380A1 (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2020253380A1 (en) * | 2019-06-17 | 2020-12-24 | 深圳壹账通智能科技有限公司 | Data encryption method and apparatus, and terminal device |
| US20210111875A1 (en) * | 2017-09-27 | 2021-04-15 | Visa International Service Association | Secure shared key establishment for peer to peer communications |
| WO2022068361A1 (en) * | 2020-09-29 | 2022-04-07 | 深圳壹账通智能科技有限公司 | Encryption method and apparatus based on amendment amount, and device, and medium |
| WO2022068360A1 (en) * | 2020-09-29 | 2022-04-07 | 深圳壹账通智能科技有限公司 | Shared root key-based information processing method and apparatus, and device and medium |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101771699A (en) * | 2010-01-06 | 2010-07-07 | 华南理工大学 | Method and system for improving SaaS application security |
| CN103595730A (en) * | 2013-11-28 | 2014-02-19 | 中国科学院信息工程研究所 | Ciphertext cloud storage method and system |
| WO2014030706A1 (en) * | 2012-08-23 | 2014-02-27 | 日本電気株式会社 | Encrypted database system, client device and server, method and program for adding encrypted data |
| CN104809405A (en) * | 2015-04-24 | 2015-07-29 | 广东电网有限责任公司信息中心 | Structural data asset leakage prevention method based on hierarchical classification |
| CN108718313A (en) * | 2018-05-31 | 2018-10-30 | 深圳市文鼎创数据科技有限公司 | Application of software data uses method, terminal device and server safely |
| CN109670329A (en) * | 2018-12-28 | 2019-04-23 | 东信和平科技股份有限公司 | A kind of safe lead-in and lead-out method of server data and server |
Family Cites Families (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9094379B1 (en) * | 2010-12-29 | 2015-07-28 | Amazon Technologies, Inc. | Transparent client-side cryptography for network applications |
| CN104219046B (en) * | 2014-10-09 | 2017-06-30 | 山东师范大学 | A kind of active RFID encryption method based on lightweight asymmetrical encryption algorithm |
| US10157289B2 (en) * | 2016-09-26 | 2018-12-18 | Bank Of America Corporation | Progressive key rotation for format preserving encryption (FPE) |
| CN106971121B (en) * | 2017-04-10 | 2021-01-01 | 深圳乐信软件技术有限公司 | Data processing method, device, server and storage medium |
| CN107590396B (en) * | 2017-09-01 | 2020-03-17 | 泰康保险集团股份有限公司 | Data processing method and device, storage medium and electronic equipment |
| CN107958163A (en) * | 2017-12-07 | 2018-04-24 | 江苏大学 | Real-time dynamic data secure storage management system based on cloud platform |
| CN109214201B (en) * | 2018-08-31 | 2024-03-19 | 平安科技(深圳)有限公司 | Data sharing method, terminal equipment and computer readable storage medium |
| CN110378128A (en) * | 2019-06-17 | 2019-10-25 | 深圳壹账通智能科技有限公司 | Data ciphering method, device and terminal device |
-
2019
- 2019-06-17 CN CN201910522963.0A patent/CN110378128A/en active Pending
-
2020
- 2020-04-24 WO PCT/CN2020/086841 patent/WO2020253380A1/en active Application Filing
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101771699A (en) * | 2010-01-06 | 2010-07-07 | 华南理工大学 | Method and system for improving SaaS application security |
| WO2014030706A1 (en) * | 2012-08-23 | 2014-02-27 | 日本電気株式会社 | Encrypted database system, client device and server, method and program for adding encrypted data |
| CN103595730A (en) * | 2013-11-28 | 2014-02-19 | 中国科学院信息工程研究所 | Ciphertext cloud storage method and system |
| CN104809405A (en) * | 2015-04-24 | 2015-07-29 | 广东电网有限责任公司信息中心 | Structural data asset leakage prevention method based on hierarchical classification |
| CN108718313A (en) * | 2018-05-31 | 2018-10-30 | 深圳市文鼎创数据科技有限公司 | Application of software data uses method, terminal device and server safely |
| CN109670329A (en) * | 2018-12-28 | 2019-04-23 | 东信和平科技股份有限公司 | A kind of safe lead-in and lead-out method of server data and server |
Non-Patent Citations (1)
| Title |
|---|
| 李美云;李剑;黄超;: "基于同态加密的可信云存储平台", 信息网络安全, no. 09 * |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20210111875A1 (en) * | 2017-09-27 | 2021-04-15 | Visa International Service Association | Secure shared key establishment for peer to peer communications |
| US11563567B2 (en) * | 2017-09-27 | 2023-01-24 | Visa International Service Association | Secure shared key establishment for peer to peer communications |
| WO2020253380A1 (en) * | 2019-06-17 | 2020-12-24 | 深圳壹账通智能科技有限公司 | Data encryption method and apparatus, and terminal device |
| WO2022068361A1 (en) * | 2020-09-29 | 2022-04-07 | 深圳壹账通智能科技有限公司 | Encryption method and apparatus based on amendment amount, and device, and medium |
| WO2022068360A1 (en) * | 2020-09-29 | 2022-04-07 | 深圳壹账通智能科技有限公司 | Shared root key-based information processing method and apparatus, and device and medium |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2020253380A1 (en) | 2020-12-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111683071B (en) | Private data processing method, device, equipment and storage medium of block chain | |
| US9590807B2 (en) | Identity based public key cryptosystem | |
| US20210226770A1 (en) | Method, system, computer system and storage medium of uploading blockchain data | |
| CN110378128A (en) | Data ciphering method, device and terminal device | |
| CN102904713A (en) | Key exchange method for secret key encryption communication system | |
| Saxena et al. | Hybrid Cloud Computing for Data Security System | |
| CN110933026B (en) | Lightweight privacy protection equivalent query method | |
| KR101615137B1 (en) | Data access method based on attributed | |
| CN104967693A (en) | Document similarity calculation method facing cloud storage based on fully homomorphic password technology | |
| CN103873236A (en) | Searchable encryption method and equipment thereof | |
| CN110061957A (en) | Data encryption, decryption method, user terminal, server and data management system | |
| Taha et al. | An improved security schema for mobile cloud computing using hybrid cryptographic algorithms | |
| CN107204997A (en) | The method and apparatus for managing cloud storage data | |
| Ukwuoma et al. | Post-quantum cryptography-driven security framework for cloud computing | |
| CN115801220A (en) | Acceleration apparatus, computing system, and acceleration method | |
| CN116488919B (en) | Data processing method, communication node and storage medium | |
| CN113572604A (en) | Method, device and system for sending secret key and electronic equipment | |
| CN110474764B (en) | Ciphertext data set intersection calculation method, device, system, client, server and medium | |
| Dua et al. | A study of applications based on elliptic curve cryptography | |
| KR101812311B1 (en) | User terminal and data sharing method of user terminal based on attributed re-encryption | |
| CN111404674B (en) | Method and equipment for generating and receiving session key | |
| CN111459672A (en) | Transaction processing method, device, equipment and medium based on block chain network | |
| Li et al. | Epps: Efficient privacy-preserving scheme in distributed deep learning | |
| CN112699391B (en) | Target data sending method and privacy computing platform | |
| CN110231916A (en) | A kind of distributed data storage method, apparatus, storage medium and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |