CN111159744A - Method, device, equipment and storage medium for determining source user of data report - Google Patents

Method, device, equipment and storage medium for determining source user of data report Download PDF

Info

Publication number
CN111159744A
CN111159744A CN201911399521.8A CN201911399521A CN111159744A CN 111159744 A CN111159744 A CN 111159744A CN 201911399521 A CN201911399521 A CN 201911399521A CN 111159744 A CN111159744 A CN 111159744A
Authority
CN
China
Prior art keywords
encrypted
user
encryption
data report
report
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201911399521.8A
Other languages
Chinese (zh)
Inventor
冀学康
刘媛媛
朱红亮
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Missfresh Ecommerce Co Ltd
Original Assignee
Beijing Missfresh Ecommerce Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Missfresh Ecommerce Co Ltd filed Critical Beijing Missfresh Ecommerce Co Ltd
Priority to CN201911399521.8A priority Critical patent/CN111159744A/en
Publication of CN111159744A publication Critical patent/CN111159744A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Health & Medical Sciences (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Bioethics (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The application relates to a method and a device for determining a source user of a data report, computer equipment and a storage medium. The method comprises the following steps: acquiring an encrypted data report, wherein the encrypted data report contains at least one piece of digital data, and determining an original data report according to the content of non-encryptable digits in the at least one piece of digital data, wherein the original data report is a data report of the encrypted data report before encryption; acquiring the respective encryption position and encryption ciphertext of each user corresponding to the original data report; and determining the source user of the encrypted data report according to the respective encryption position and the encryption ciphertext of each user and the matching result of the content on the encryptable digit in the at least one piece of digital data. According to the scheme, the source user of the encrypted data report can be accurately determined without executing a manual checking step, so that the positioning efficiency of the source user of the encrypted data report is improved.

Description

Method, device, equipment and storage medium for determining source user of data report
Technical Field
The embodiment of the application relates to the technical field of network music services, in particular to a method, a device, equipment and a storage medium for determining a source user of a data report.
Background
In the daily work of enterprises, a large number of data reports are often generated and provided to different users through various communication channels.
In the using process of the data report, the situation that partial data in the report or the whole report is leaked may occur, once the report is leaked, the enterprise usually needs to manually check the transmission situation of all pushed or acquired reports, and accordingly locates a source user who may leak the data report, thereby checking the leakage channel of the data report.
However, the solutions shown in the related arts require manual examination of all the transmission conditions of the pushed or acquired reports and determination of a source user who may leak the data report, and this process requires a large amount of manual examination time, which results in low positioning efficiency.
Disclosure of Invention
The embodiment of the application provides a method and a device for determining a source user of a data report, a computer device and a storage medium, which can improve the positioning efficiency of the source user of the data report, and the technical scheme is as follows:
in one aspect, a method for determining a source user of a data report is provided, the method comprising:
acquiring an encrypted data report, wherein the encrypted data report comprises at least one piece of digital data, and the digital data is divided into a non-encryptable digit and an encryptable digit according to digits;
determining an original data report according to the content of the non-encryptable digits in the at least one piece of digital data, wherein the original data report is a data report of the encrypted data report before encryption;
acquiring the respective encryption position and encryption ciphertext of each user corresponding to the original data report;
determining a source user of the encrypted data report according to the respective encryption position and the encryption ciphertext of each user and the matching result of the content on the encryptable digit in the at least one piece of digital data; and the encryption position and the encryption ciphertext of the source user encrypt the original data report to obtain the user of the encrypted data report.
Optionally, the determining, according to the respective encryption positions and encryption ciphertexts of the users and the matching result of the content on the encryptable digit in the at least one piece of digital data, the source user of the encrypted data report includes:
comparing the original data report with the encrypted data report, and determining an encrypted position and an encrypted number in the encrypted data report;
and determining the corresponding encryption position and encryption ciphertext in each user as the source user, wherein the encryption position and encryption number in the encryption data report are matched with the corresponding encryption user.
Optionally, before determining that the corresponding encrypted position and encrypted number in each user are matched with the encrypted position and encrypted number in the encrypted data report, the method further includes:
acquiring a report acquiring user, wherein the report acquiring user is a user who has requested the original data report;
the determining a matching user, in which the corresponding encrypted position and the corresponding encrypted number in each user are matched with the encrypted position and the corresponding encrypted number in the encrypted data report, as the source user includes:
and responding to the report form acquisition user to determine that the matched user exists, and determining the matched user as the source user.
Optionally, before the obtaining of the encrypted data report, the method further includes:
receiving a report extraction request which is sent by a terminal and used for extracting the original data report; the report extraction request comprises a user identifier of a requesting user;
acquiring an encryption position and an encryption ciphertext corresponding to the requesting user according to the user identifier of the requesting user;
replacing the content in the original data report according to the encrypted position and the encrypted ciphertext corresponding to the requesting user to obtain an encrypted data report taking the requesting user as a source user;
and returning the encrypted data report taking the requesting user as the source user to the terminal.
Optionally, the obtaining, according to the user identifier of the requesting user, an encryption position and an encryption ciphertext corresponding to the requesting user includes:
inquiring whether an encryption position and an encryption ciphertext corresponding to the requesting user are stored or not according to the user identifier of the requesting user;
responding to the stored encrypted position and encrypted ciphertext corresponding to the requesting user, and acquiring the stored encrypted position and encrypted ciphertext corresponding to the requesting user;
responding to the situation that the encrypted position and the encrypted ciphertext corresponding to the requesting user are not stored, and generating the encrypted position and the encrypted ciphertext corresponding to the requesting user;
and correspondingly storing the user identification of the requesting user, the encryption position and the encryption ciphertext corresponding to the requesting user.
Optionally, the generating an encrypted position and an encrypted ciphertext corresponding to the requesting user in response to not storing the encrypted position and the encrypted ciphertext corresponding to the requesting user includes:
randomly generating a temporary encryption position and a temporary encryption ciphertext according to the number of the encryption numbers;
in response to that the content corresponding to the temporary encryption position in the original data report is different from the temporary encryption ciphertext, taking the temporary encryption position and the temporary encryption ciphertext as the encryption position and the encryption ciphertext corresponding to the requesting user;
and responding to the original data report that the content corresponding to the temporary encryption position is the same as the temporary encryption ciphertext, and randomly generating a new temporary encryption position and a new temporary encryption ciphertext.
Optionally, before randomly generating the temporary encryption position and the temporary encryption ciphertext according to the number of the encryption numbers, the method further includes:
and acquiring the number of the encrypted numbers according to the number of users having the authority of acquiring the original data report.
In another aspect, an apparatus for determining a source user of a data report is provided, the apparatus comprising:
the encrypted data report comprises at least one piece of digital data, and the digital data is divided into a non-encryptable digit and an encryptable digit according to the digit;
an original report acquisition module, configured to determine an original data report according to content on a non-encryptable digit in the at least one piece of digital data, where the original data report is a data report of the encrypted data report before encryption;
the position ciphertext acquisition module is used for acquiring the respective encryption position and encryption ciphertext of each user corresponding to the original data report;
the user determining module is used for determining a source user of the encrypted data report according to the respective encrypted position and the encrypted ciphertext of each user and the matching result of the content on the encryptable digit in the at least one piece of digital data; and the encryption position and the encryption ciphertext of the source user encrypt the original data report to obtain the user of the encrypted data report.
Optionally, the user determination module includes:
the comparison unit is used for comparing the original data report with the encrypted data report and determining an encrypted position and an encrypted number in the encrypted data report;
and the source user determining unit is used for determining the corresponding encryption position and encryption ciphertext in each user as the matched user matched with the encryption position and encryption number in the encryption data report.
Optionally, the user determination module further includes:
a user determining unit, configured to, before the source user determining unit determines, as the source user, a matching user whose corresponding encrypted position and encrypted number are matched with the encrypted position and encrypted number in the encrypted data report, obtain a report obtaining user, where the report obtaining user is a user who has requested the original data report;
the source user determining unit is used for responding to the report and acquiring that the matched user exists in the user, and determining the matched user as the source user.
Optionally, the apparatus further comprises:
the extraction request receiving module is used for receiving a report extraction request which is sent by a terminal and used for extracting the original data report before the encrypted data report is obtained by the encrypted report obtaining module; the report extraction request comprises a user identifier of a requesting user;
the position ciphertext obtaining module is further used for obtaining an encrypted position and an encrypted ciphertext corresponding to the requesting user according to the user identifier of the requesting user;
the replacing module is used for replacing the content in the original data report according to the encrypted position and the encrypted ciphertext corresponding to the requesting user to obtain an encrypted data report taking the requesting user as a source user;
and the report returning module is used for returning the encrypted data report taking the requesting user as the source user to the terminal.
Optionally, when the encrypted location and the encrypted ciphertext corresponding to the requesting user are obtained according to the user identifier of the requesting user, the location ciphertext obtaining module is configured to,
inquiring whether an encryption position and an encryption ciphertext corresponding to the requesting user are stored or not according to the user identifier of the requesting user;
responding to the stored encrypted position and encrypted ciphertext corresponding to the requesting user, and acquiring the stored encrypted position and encrypted ciphertext corresponding to the requesting user;
responding to the situation that the encrypted position and the encrypted ciphertext corresponding to the requesting user are not stored, and generating the encrypted position and the encrypted ciphertext corresponding to the requesting user;
and correspondingly storing the user identification of the requesting user, the encryption position and the encryption ciphertext corresponding to the requesting user.
Optionally, when the encrypted position and the encrypted ciphertext corresponding to the requesting user are generated in response to the encrypted position and the encrypted ciphertext corresponding to the requesting user not being stored, the position ciphertext obtaining module is configured to,
randomly generating a temporary encryption position and a temporary encryption ciphertext according to the number of the encryption numbers;
in response to that the content corresponding to the temporary encryption position in the original data report is different from the temporary encryption ciphertext, taking the temporary encryption position and the temporary encryption ciphertext as the encryption position and the encryption ciphertext corresponding to the requesting user;
and responding to the original data report that the content corresponding to the temporary encryption position is the same as the temporary encryption ciphertext, and randomly generating a new temporary encryption position and a new temporary encryption ciphertext.
Optionally, the apparatus further comprises:
and the number acquisition module is used for acquiring the number of the encrypted numbers according to the number of the users having the authority of acquiring the original data report before the position ciphertext acquisition module randomly generates the temporary encrypted position and the temporary encrypted ciphertext according to the number of the encrypted numbers.
In another aspect, a computer device is provided, the computer device comprising a processor and a memory, the memory having stored therein at least one instruction, at least one program, set of codes, or set of instructions, which is loaded and executed by the processor to implement the source user determination method of a data report as described above.
In another aspect, a computer-readable storage medium is provided having stored therein at least one instruction, at least one program, set of codes, or set of instructions that is loaded and executed by a processor to implement a source user determination method of a data report as described above.
The technical scheme provided by the application can comprise the following beneficial effects:
determining an original data report according to the content on the non-encryptable digit number in at least one piece of digital data of an encrypted data report containing at least one piece of digital data, acquiring the respective encryption position and encryption ciphertext of each user corresponding to the original data report, and then determining a source user of the encrypted data report according to the respective encryption position and encryption ciphertext of each user and the matching result of the content on the encryptable digit number in at least one piece of digital data; different encryption positions and encryption ciphertexts are set for different users, and in a user positioning stage, contents on the encryption bits in the encrypted data report are matched with the encryption positions and the encryption ciphertexts of different users, so that a source user of the encrypted data report is determined, the source user of the encrypted data report can be accurately determined without executing a manual checking step in the process, and the positioning efficiency of the source user of the encrypted data report is improved.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the application.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present application and together with the description, serve to explain the principles of the application.
Fig. 1 is a system configuration diagram of a datagram table system to which various embodiments of the present application relate;
FIG. 2 is a flow diagram illustrating a method for source user determination of a data report in accordance with an exemplary embodiment;
FIG. 3 is a flow diagram illustrating a method for source user determination of a data report in accordance with an exemplary embodiment;
FIG. 4 is a schematic workflow diagram of a reporting system provided by an exemplary embodiment of the present application;
FIG. 5 is a flow chart for determining an encryptable digit and an employee encryption number according to the embodiment shown in FIG. 4;
FIG. 6 is a flow chart illustrating the extraction and encryption of a report according to the embodiment shown in FIG. 4;
FIG. 7 is a block diagram illustrating the structure of a source user determination mechanism for a data report in accordance with an exemplary embodiment;
FIG. 8 is a schematic diagram illustrating a configuration of a computer device, according to an example embodiment.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present application. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present application, as detailed in the appended claims.
The embodiment of the application provides a scheme for efficiently determining a source user of a data report, and the scheme can encrypt the data report aiming at different users, so that the source user is reversely released according to encrypted contents in the data report during decryption.
Referring to fig. 1, a system configuration diagram of a datagram table system according to various embodiments of the present application is shown. As shown in fig. 1, the system includes a server 120, a database 140, and a number of terminals 160.
The server 120 is a server, or a plurality of servers, or a virtualization platform, or a cloud computing service center.
The server 120 may be a server providing background support for generation, pushing, and source user positioning of data reports. The server 120 may be composed of one or more functional units. Alternatively, as shown in fig. 1, the server 120 may include an interface unit 120a, a data table management unit 120b, and a push unit 120 c.
The interface unit 120a is used for information interaction with the terminal 160 to receive a request of the terminal 160. In this embodiment of the present application, the request may be a request for obtaining a data report, or the request may be a request for locating a source user according to an encrypted data report, and the like.
The data report management unit 120b is configured to generate a data report and related information of each user corresponding to the data report.
The pushing unit 120c is configured to push request feedback to the terminal 160 corresponding to each user, where the request feedback may be an encrypted data report when the request is a request for obtaining the data report; when the request is a request to locate an originating user, the request feedback may be the located originating user.
The database 140 may be a Redis database, or may be another type of database. The database 140 is used to store various types of data, such as user information of each user, a report library including data reports, encryption related information of each user, and the like.
For example, after the data report management unit 120b generates the data report periodically or aperiodically, the data report is stored in the database 140; after the receiving unit 120a receives the request for obtaining the data report sent by the terminal 160, the pushing unit 120c extracts the data report from the database 140, encrypts the data report according to the encryption related information corresponding to the user, and returns the encrypted data report to the terminal 160; after the receiving unit 120a receives the request of positioning the source user of the encrypted data report sent by the terminal 160, the pushing unit 120c may push the identifier of the source user to the terminal 160 according to the encryption related information of each user and the encrypted data report after positioning the source user.
The terminal 160 may have a network connection function, for example, the terminal 160 may be a mobile phone, a tablet computer, an e-book reader, smart glasses, a smart watch, an MP3 player (Moving Picture Experts Group Audio layer iii, mpeg Audio layer 3), an MP4 player (Moving Picture Experts Group Audio layer IV, mpeg Audio layer 4), a laptop computer, a desktop computer, and the like.
The terminal 160 is connected to the server 120 via a communication network. Optionally, the communication network is a wired network or a wireless network.
Optionally, the system may further include a management device (not shown in fig. 1), which is connected to the server 120 through a communication network. Optionally, the communication network is a wired network or a wireless network.
Optionally, the wireless network or wired network described above uses standard communication techniques and/or protocols. The Network is typically the Internet, but may be any Network including, but not limited to, a Local Area Network (LAN), a Metropolitan Area Network (MAN), a Wide Area Network (WAN), a mobile, wireline or wireless Network, a private Network, or any combination of virtual private networks. In some embodiments, data exchanged over a network is represented using techniques and/or formats including Hypertext Mark-up Language (HTML), Extensible markup Language (XML), and the like. All or some of the links may also be encrypted using conventional encryption techniques such as Secure Socket Layer (SSL), Transport Layer Security (TLS), Virtual Private Network (VPN), Internet protocol Security (IPsec). In other embodiments, custom and/or dedicated data communication techniques may also be used in place of, or in addition to, the data communication techniques described above.
FIG. 2 is a flow diagram illustrating a method for source user determination of a data report that may be used in a computer device, such as the server of the system shown in FIG. 1 described above, in accordance with an exemplary embodiment. As shown in FIG. 2, the method for determining the source user of the data report may include the following steps:
step 21, obtaining an encrypted data report, where the encrypted data report includes at least one piece of digital data, and the digital data is divided into a non-encryptable digit and an encryptable digit according to the digit.
The number of digits refers to the position of a number in the number, including the number. For example, a 5-digit number 79284 is taken as an example, which includes 5 digits, that is, 5 digits, and each digit corresponds to a position in the 5-digit number.
In the embodiment of the present application, the digital data is obtained by arranging pure numbers in a number according to an original order, that is, for special symbols such as decimal point, no position is occupied in the corresponding digital data, for example, taking a decimal 458.96 as an example, the decimal corresponding digital data is 48596, and also contains 5 numbers, that is, 5 digits; alternatively, for the example of a percentage of 78.98%, the percentage corresponds to a numerical data of 7898, i.e. 4 digits.
In the embodiment of the present application, the digital data may be divided into the encryptable number of bits and the non-encryptable number of bits by the number of bits according to the number of bits of the digital data.
For example, in order to ensure that the influence of the data in the data report on the accuracy is less than 1% per thousand after the data in the data report is encrypted and disturbed, when the encryptable digit and the non-encryptable digit are divided, a field and data with the data digit exceeding 4 bits can be searched in the data report and used as the encryptable data; that is, from the first digit in the digital data, the number of bits beyond 4 bits is the "encryptable number of bits", and the number of bits within 4 bits is the "non-encryptable number of bits".
For example: in the data B "23,655,814" (12: 00 data 24/10/2018) in the report a, because the data itself has 8 bits, the first 4 bits can be used as "non-encryptable bits", and the last 4 bits can be used as "encryptable bits", which means that even if the 4 bits are changed arbitrarily, the influence of the overall data accuracy does not exceed 1 ‰.
Step 22, determining an original data report according to the content of the non-encryptable digits in the at least one piece of digital data, where the original data report is a data report of the encrypted data report before encryption.
And step 23, acquiring the respective encryption position and encryption ciphertext of each user corresponding to the original data report.
The encrypted position refers to the position of the encrypted content in the data report, and the encrypted ciphertext refers to the content, corresponding to the encrypted position, in the original data report, and after the content is encrypted, the content is shown in the encrypted data report corresponding to the encrypted position.
In the embodiment of the application, the server may set the corresponding encryption position and the corresponding encryption ciphertext corresponding to each user, and the encryption positions and the encryption ciphertexts corresponding to different users are different.
Step 24, determining the source user of the encrypted data report according to the respective encrypted position and encrypted ciphertext of each user and the matching result of the content on the bit number which can be encrypted in the at least one piece of digital data; and the encryption position and the encryption ciphertext of the source user encrypt the original data report to obtain the user of the encrypted data report.
To sum up, in the scheme shown in the embodiment of the present application, for an encrypted data report including at least one piece of digital data, according to the content on the non-encryptable digit number in the at least one piece of digital data, an original data report is determined, and the respective encryption position and encryption ciphertext of each user corresponding to the original data report are obtained, and then according to the respective encryption position and encryption ciphertext of each user, and the matching result of the content on the encryptable digit number in the at least one piece of digital data, the source user of the encrypted data report is determined; different encryption positions and encryption ciphertexts are set for different users, and in a user positioning stage, contents on the encryption bits in the encrypted data report are matched with the encryption positions and the encryption ciphertexts of different users, so that a source user of the encrypted data report is determined, the source user of the encrypted data report can be accurately determined without executing a manual checking step in the process, and the positioning efficiency of the source user of the encrypted data report is improved.
FIG. 3 is a flow diagram illustrating a method for source user determination of a data report that may be used in a computer device, according to an example embodiment. As shown in fig. 3, taking the computer device as the server of the system shown in fig. 1 as an example, the method for determining the source user of the data report may include the following steps:
step 301, receiving a report extraction request which is sent by a terminal and used for extracting the original data report; the report extraction request comprises the user identification of the requesting user.
In the embodiment of the application, after the server generates the original data report, the original data report can be stored, and when a subsequent request user needs to extract the original data report, the server can be accessed after logging in through the terminal, so that a report extraction request is sent to the server.
The method comprises the steps that a requesting user can access a website provided by a server through a browser in a terminal, the terminal receives and displays a webpage corresponding to the website, the requesting user can log in the webpage, a data report needing to be extracted is selected from the page which is successfully logged in, and then the terminal sends a report extracting request containing a user identifier of the requesting user to the server through the browser.
The user identifier of the requesting user may be a user ID of the requesting user.
Or, the requesting user may send the report extraction request to the server through an application program corresponding to the server. For example, after the requesting user opens the application installed in the terminal, login is performed in the application, and a data report to be extracted is performed in the application interface after login is successful, and then the terminal sends a report extraction request including the user identifier of the requesting user to the server through the application.
Step 302, obtaining an encryption position and an encryption ciphertext corresponding to the requesting user according to the user identifier of the requesting user.
In this embodiment of the application, the server may set an encryption position and an encryption ciphertext corresponding to each user, respectively, and the encryption position and the encryption ciphertext corresponding to different users are different. When the subsequent requesting user requests the original data report, the server can directly inquire the encrypted position and the encrypted ciphertext corresponding to the user identification according to the user identification.
The server usually generates a data report periodically or aperiodically, that is, the server may store a plurality of data reports simultaneously. In the embodiment of the application, the server sets the encryption position and the encryption ciphertext corresponding to each user respectively for each original data report.
Optionally, the step of obtaining, by the server, the encryption position and the encryption ciphertext corresponding to the requesting user according to the user identifier of the requesting user may be as follows:
s302a, the server inquires whether the encrypted position and the encrypted ciphertext corresponding to the requesting user are stored according to the user identification of the requesting user.
S302b, the server responds to the stored encrypted position and encrypted ciphertext corresponding to the requesting user, and obtains the stored encrypted position and encrypted ciphertext corresponding to the requesting user.
S302c, the server responds to the situation that the encrypted position and the encrypted ciphertext corresponding to the request user are not stored, and generates the encrypted position and the encrypted ciphertext corresponding to the request user; and correspondingly storing the user identification of the requesting user, the encryption position and the encryption ciphertext corresponding to the requesting user.
Optionally, for a data report, the number of users having authority to acquire the data report is large, but a small number of users may request to extract the data report later, and the scheme of setting the encryption position and the encryption ciphertext corresponding to each user may generate a large number of encryption positions and encryption ciphertexts that are not effectively utilized, thereby wasting processing resources and storage resources of the server.
For the above problems, after receiving a report extraction request sent by a terminal of a requesting user, a server may first query, according to a user identifier carried in the request, whether an encrypted position and an encrypted ciphertext corresponding to the requesting user already exist, and if the encrypted position and the encrypted ciphertext corresponding to the requesting user already exist, directly use the already existing encrypted position and the already existing encrypted ciphertext; otherwise, if the encrypted position and the encrypted ciphertext corresponding to the requesting user do not exist, the encrypted position and the encrypted ciphertext corresponding to the requesting user are generated and stored.
That is to say, in the embodiment of the present application, when a requesting user requests to extract the original data report from a server through a terminal for the first time, the server may generate and store an encrypted position and an encrypted ciphertext of the requesting user corresponding to the original data report, and subsequently, when the requesting user requests to extract the original data report from the server again, the server may directly use the stored encrypted position and the encrypted ciphertext of the requesting user.
The step of generating, by the server, the encrypted position and the encrypted ciphertext corresponding to the requesting user in response to the encrypted position and the encrypted ciphertext corresponding to the requesting user not being stored may be as follows:
s302c1, the server randomly generates a temporary encryption position and a temporary encryption ciphertext according to the number of encrypted digits.
The encrypted numbers refer to the number of the numbers to be encrypted in the original data report.
In the embodiment of the present application, the encryption position and the number of the encrypted ciphertext may be determined according to the number of the encrypted numbers. For example, the number of encryption positions and the number of encryption ciphertexts may be the same as the number of encryption numbers. For example, if the number of encrypted digits is 3, the number of encrypted positions and the number of encrypted ciphertexts are also 3, respectively, that is, the server needs to encrypt the digits at 3 different positions in the original data report.
Before randomly generating the temporary encryption position and the temporary encryption ciphertext according to the number of the encrypted numbers, the server can also obtain the number of the encrypted numbers according to the number of the users having the authority of obtaining the original data report.
In order to sufficiently distinguish different users, the more the number of users having the authority to acquire the original data report, the more the number of bits of the required ciphertext, and if the number of encrypted digits is set to be larger, the error of the original data report after encryption is expanded, therefore, in the embodiment of the present application, the server may determine the number of encrypted digits according to the number of users having the authority to acquire the original data report, wherein the number of users having the authority to acquire the original data report may be positively correlated with the number of encrypted digits, that is, the more the number of users having the authority to acquire the original data report, the more the number of encrypted digits, and accordingly, the less the number of users having the authority to acquire the original data report, the less the number of encrypted digits.
S302c2, in response to that the content corresponding to the temporary encrypted position in the original data report is different from the temporary encrypted ciphertext, taking the temporary encrypted position and the temporary encrypted ciphertext as the encrypted position and the encrypted ciphertext corresponding to the requesting user.
S302c3, in response to the content corresponding to the temporary encryption position in the original data report being the same as the temporary encryption ciphertext, randomly generating a new temporary encryption position and a temporary encryption ciphertext.
In the embodiment of the application, when the server randomly generates the temporary encryption position and the temporary encryption ciphertext according to the number of the encryption numbers, the content corresponding to the temporary encryption position in the original data report can be compared with the temporary encryption ciphertext, if the content is the same as the temporary encryption position, the encryption ciphertext cannot be identified subsequently even if the content is encrypted, that is, the decryption effect cannot be achieved, at this time, a new temporary encryption position and a new temporary encryption ciphertext can be randomly generated again and compared until the content corresponding to the temporary encryption position in the original data report is different from the temporary encryption ciphertext, and the temporary encryption position and the temporary encryption ciphertext are used as the encryption position and the encryption ciphertext corresponding to the requesting user.
And 303, replacing the content in the original data report according to the encrypted position and the encrypted ciphertext corresponding to the requesting user to obtain an encrypted data report taking the requesting user as a source user.
In the embodiment of the application, in order to improve the secrecy of encryption, the encrypted ciphertext may also be a number, and when the original data report is encrypted, the server may directly replace the number in the original data report at the encryption position corresponding to the requesting user with the encrypted ciphertext corresponding to the requesting user, so as to obtain the encrypted data report.
And step 304, returning the encrypted data report taking the requesting user as the source user to the terminal.
After the server generates the encrypted data report, the server can send the encrypted data report to the terminal corresponding to the requesting user.
Step 305, obtaining an encrypted data report, where the encrypted data report includes at least one piece of digital data, and the digital data is divided into a non-encryptable digit and an encryptable digit according to the digit.
In the embodiment of the application, after the report administrator finds that the encrypted data report is leaked, a source user positioning request can be sent to the server through the terminal of the report administrator, the source user positioning request can contain the leaked encrypted data report, and correspondingly, the server obtains the encrypted data report from the source user positioning request.
Step 306, determining an original data report according to the content of the non-encryptable digits in the at least one piece of digital data, wherein the original data report is a data report of the encrypted data report before encryption.
In this embodiment, since there may be many data reports in the server, that is, there may be a plurality of unencrypted data reports, and in the encrypted data report, since the encrypted position is on the encryptable digit in the digital data, in other words, in the original data report, the content on the non-encryptable digit in the digital data is the same as the content on the non-encryptable digit in the encrypted data report, the server may match the content on the non-encryptable digit in at least one piece of digital data in the encrypted data report with the content on the non-encryptable digit in at least one piece of digital data in each unencrypted data report in the server, so as to determine the original data report corresponding to the encrypted data report from each unencrypted data report.
And 307, acquiring the respective encryption position and encryption ciphertext of each user corresponding to the original data report.
Because the encrypted position and the encrypted ciphertext of each user in the server are stored corresponding to different original data reports, after the original data report corresponding to the encrypted data report is determined, the respective encrypted position and the respective encrypted ciphertext of each user corresponding to the original data report can be obtained through query.
308, determining a source user of the encrypted data report according to the respective encrypted position and the encrypted ciphertext of each user and the matching result of the content on the bit number which can be encrypted in the at least one piece of digital data; the encryption position and the encryption ciphertext of the source user encrypt the original data report to obtain the user of the encrypted data report
In the embodiment of the application, after acquiring the respective encryption position and the encryption ciphertext of each user, the server may extract corresponding content from the encrypted data report according to the encryption position of a certain user, compare the extracted content with the encryption ciphertext of the corresponding user, if the extracted content is consistent with the encryption ciphertext of the corresponding user, indicate that the user is a source user of the encrypted data report, and if the extracted content is inconsistent with the encryption ciphertext of the corresponding user, continue to compare the encryption position and the encryption ciphertext of a next user.
Optionally, the step of determining the source user of the encrypted data report according to the matching result between the encrypted position and the encrypted ciphertext of each user and the content on the encryptable digit in the at least one piece of digital data may be as follows:
s308a, the server compares the original data report with the encrypted data report to determine the encrypted position and the encrypted number in the encrypted data report.
S308b, the server determines the corresponding user with the encryption position and the encryption ciphertext matched with the encryption position and the encryption number in the encrypted data report as the source user.
In the above scheme, different users correspond to different encryption positions and encryption ciphertexts, so that when the encryption position and the encryption ciphertexts of each user are matched with the contents in the encrypted data report, the whole encrypted data report needs to be loaded to extract the contents from the encryption positions, which results in a large amount of memory occupation. Therefore, in the embodiment of the application, the server may first compare the original data report with the encrypted data report to obtain the encrypted position and the encrypted number in the encrypted data report by comparing the original data report with the encrypted data report with the distinguished positions and the corresponding numbers, and then match the encrypted position and the encrypted number in the encrypted data report with the corresponding encrypted position and encrypted ciphertext in each user, and determine the user corresponding to the matched encrypted position and encrypted ciphertext as the source user.
Optionally, the server determines a matching user, in the user, for which the corresponding encrypted position and encrypted number are matched with the encrypted position and encrypted number in the encrypted data report, as the source user, and may further obtain a report obtaining user, where the report obtaining user is a user who has requested the original data report; and when the matched user of which the corresponding encrypted position and the corresponding encrypted number are matched with the encrypted position and the corresponding encrypted number in the encrypted data report is determined as the source user, the server responds to the report to acquire that the matched user exists in the user, and determines the matched user as the source user.
In the embodiment of the application, in order to avoid mislocation, that is, to avoid locating a wrong user as a source user of an encrypted data report, the server may determine that the matched user is a source user of the encrypted data report if the corresponding encrypted position and encrypted number in each user are matched with the encrypted position and encrypted number in the encrypted data report, and then search whether the matched user has extracted the data report from the server, and if the matched user has not extracted the data report from the server, the matched user is a wrong user, that is, the matched user is not a source user of the encrypted data report, otherwise, if the matched user has extracted the data report from the server, the matched user may be determined as the source user of the encrypted data report.
To sum up, in the scheme shown in the embodiment of the present application, for an encrypted data report including at least one piece of digital data, according to the content on the non-encryptable digit number in the at least one piece of digital data, an original data report is determined, and the respective encryption position and encryption ciphertext of each user corresponding to the original data report are obtained, and then according to the respective encryption position and encryption ciphertext of each user, and the matching result of the content on the encryptable digit number in the at least one piece of digital data, the source user of the encrypted data report is determined; different encryption positions and encryption ciphertexts are set for different users, and in a user positioning stage, contents on the encryption bits in the encrypted data report are matched with the encryption positions and the encryption ciphertexts of different users, so that a source user of the encrypted data report is determined, the source user of the encrypted data report can be accurately determined without executing a manual checking step in the process, and the positioning efficiency of the source user of the encrypted data report is improved.
Taking the determination of the leakage source when the report is leaked in an enterprise scene as an example, based on the scheme shown in the above embodiment of the present application, the data content can be uniquely matched with the user through various data encryption modes. When a data leak occurs, the source of the data leak (locating to a person) can be uniquely determined. Referring to fig. 4, a workflow diagram of a reporting system according to an exemplary embodiment of the present application is shown. As shown in fig. 4, the whole system is divided into two parts, encryption and decryption. The encryption process processes original data and sends data tables after different ciphertexts are encrypted to different users; and in the decryption process, the users who leak the data report are traced back through the ciphertexts of different users. As shown in fig. 4, the workflow of the above system includes the following steps:
first, an encryption process:
in order to ensure that the influence on the accuracy is less than 1 per thousand after the data are artificially encrypted and disturbed, fields and data with data digits exceeding 4 are searched in a data report and used as data which can be encrypted; wherein the number of bits beyond 4 bits is taken as "encryptable number".
Before encrypting the datagram table, the server may determine the encrypted ciphertext digits according to the number of coherent users that may come into contact with the report.
Since the number of the relevant users who contact the report is usually not more than 1000 in the normal operation of the enterprise, it is assumed that the encrypted ciphertext is a 3-digit natural number, which ranges from 100-999. If the coherent users exceed 1000, the encrypted ciphertext can be uniformly set to be a natural number ranging from 1000 to the total number of the coherent users + 1000. For example, when the total number of related users is 356, the number of bits of the encrypted ciphertext is 3, and the selection range is [100, 999], and when the total number of related users is 1356, the number of bits of the encrypted ciphertext is 4, and the selection range is [1000, 2356 ].
S41, determining the encryptable data bit coordinates.
The server can traverse the original data of the report batch, and judge the data of the encryptable data column in each row according to the determined encryptable data column in the last step. For example, the server filters out the data of each row in the data report to obtain the valid data of the pure data after "+", "%". If the length of the valid data of the line data > is 5, then the data bits with subscript greater than 5 are all encryptable data bits. The server stores the coordinates of these digits in the Coordinate table of Mysql. The format of the encrypted location may be as follows:
list subscript, field name, digit subscript (left to right);
for example, location information 57, xkhb, 4; it refers to the position of report dataList, line 58, xkhb field, and bit 5 of the data.
S42, judging whether the number of the cipherable digits is insufficient, if yes, reconstructing the report, otherwise, entering S43.
If the encryptable digits of the data report of the batch are insufficient, the server can reconstruct the data structure of the report and increase the encryptable digits as much as possible.
If the data report does not need to be encrypted, when the enterprise staff extracts the data, the server does not encrypt the data report and directly returns the original data.
S43, the encryption digit and the encryption number of the batch are determined.
In the embodiment of the present application, the server may generate a "batch" process for each report at each time point. For example: report A belongs to the Times, and has 24 different batches every day and 168 different batches every week. Each batch has a unique batch number, which is composed of: xxxx (year) xx (day) xx (time) xx (minute) xxxx (name of report a). For example: 2018102515001001 represents 2018, 10, 25, 15: 00 "report a".
In each batch, the server selects 3 bits (assuming that a report has no more than 1000 recipients at most) from the "encryptable bits" determined in the previous step as the bits to be encrypted in the batch. The selection may be as follows:
assuming that the determined "cipherable digit" is N, an optional combination is
Figure BDA0002347143000000171
And (4) respectively. And randomly determining from the selectable range by using a random function (the random seed can adopt 'batch number'), so as to clarify the digits to be encrypted in the data report of the batch. For example: the cipherable digit is 5, and there are 10 combinations.
The server can randomly screen out the user encryption bit coordinates.
In order to ensure that the encryptable coordinates allocated to each employee are different as much as possible, the server randomly selects 3 encryption bit coordinates for each employee and puts the 3 encryption bit coordinates into Map < employee Id, encryption bit coordinates > assuming that all encryptable digital coordinates List are obtained in the previous step. Wherein, the encryption position coordinate is the encryption position.
S44, determining the encrypted digit cipher text of the user.
Because one report may contact the user in the daily business operation, the number of the report is usually not more than 1000. So assuming that less than 1000 people are tentatively assumed, one encrypted number (i.e., the above encrypted ciphertext) can be filtered for each user from 100-999. The encryption for each employee is unique. The server puts the encrypted number of each employee in Map < user Id, encrypted number >.
If the user exceeds 1000 (including 1000 persons), the server can randomly filter an encrypted number for each user within the range of 1000 to the total number of users +1000, and ensure uniqueness. Likewise, the server puts the encrypted number into Map < user Id, encrypted number >.
S45, storing the encrypted record.
In this embodiment, the server may record the following information into the database: the Batch number, the digital coordinates of the encrypted Batch, the User ID, the corresponding ciphertext, the number before the corresponding coordinate is encrypted, the number after the corresponding coordinate is encrypted, and the like are all stored in a User _ Report _ Batch _ Encryption table of the database.
Fig. 5 is a flowchart illustrating determining an encryptable digit and an employee encryption number for a corresponding report batch according to an embodiment of the present application. As shown in fig. 5, the process may include the following steps:
the server acquires the report batch and a user list corresponding to the batch report (which is equivalent to the identifier of the report) (S51); the server firstly judges whether the report of the batch exists or not according to the report batch (S52), if not, the process is ended, if the report of the batch exists, the coordinates of all data bits which can be encrypted in the original data report are obtained, namely, the available encryption positions (S53), then the encryption positions (namely, the encryption positions) and the encryption ciphertexts are randomly distributed for each user in the user list (S54), and then the report batch, the encryption positions corresponding to the user ID and the encryption ciphertexts are stored in a database (S55).
And S46, extracting the encrypted data report and outputting the data report.
In the embodiment of the application, when the report batch is generated, the server generates the encrypted coordinates and the encrypted number for the employee in advance, so when the employee extracts the report batch data, the server first obtains the original data of the batch from the database according to the batch number.
Secondly, the server obtains the encryption bit coordinates and the encrypted number from the database according to the batch number and the user id. And then, the server replaces the number in the corresponding position in the original data according to the encryption bit coordinates, and returns the encrypted data report to the user.
Please refer to fig. 6, which shows an encryption flowchart according to an embodiment of the present application. As shown in fig. 6, the encryption process may include the following steps:
when a request for extracting the data report is received, acquiring a user ID and a report batch of the data report requested to be extracted (S61); judging whether the encrypted digit and the encrypted ciphertext corresponding to the report batch and the user ID exist or not (S62); if the encrypted digit and the encrypted ciphertext corresponding to the report batch and the user ID do not exist, generating the encrypted digit and the encrypted ciphertext corresponding to the report batch and the user ID and storing the encrypted digit and the encrypted ciphertext in a database (S63); if the encrypted digit and the encrypted ciphertext corresponding to the report batch and the user ID exist or the encrypted digit and the encrypted ciphertext corresponding to the report batch and the user ID are newly generated, extracting the encrypted digit and the encrypted ciphertext corresponding to the report batch and the user ID from the database (S64); extracting an original data report corresponding to the report batch from the database (S65); encrypting the original data report according to the encrypted digit and the encrypted ciphertext extracted in the step S64 (S66); finally, the encrypted data report is output to the terminal corresponding to the user ID (S67), and the user extraction record is saved (S68).
Second, decryption process:
and S47, determining the encrypted batch according to the leaked data report.
In the embodiment of the application, when the leakage of the data report occurs, the server can retrieve data which is not 'encryptable data', namely data with no more than 4 bits, from the leaked report file. And then acquiring the data of the original report form in the database, and determining the encrypted batch by matching the data of the non-encrypted data.
S48, a user ID is acquired.
The server can obtain 'the batch encryption digit' by encrypting the batch; thereby obtaining a related ciphertext; and then the user ID is matched through the ciphertext, so that the leaking person or the leakage range is locked. The process may be as follows:
s48a, obtaining the user extraction record of the report batch.
In this embodiment, the server may query the database for all relevant user extraction records by encrypting the batch to narrow the scope of the lock.
And S48b, acquiring the ciphertext of the leakage report.
The server can retrieve all original data of the batch from the database by encrypting the batch, compare the original data with the leaked data one by one to obtain all encrypted data, and store the coordinates and the encrypted number of the encrypted digit in Map < the encrypted coordinates, the encrypted number >.
S48c, lock user Id.
In the embodiment of the present application, the server retrieves the User Id from the User _ Report _ Batch _ Encryption table in the database by Map < Encryption coordinate, Encryption number > obtained in S48 b.
Then, the user Id is confirmed again by obtaining the user extraction record and comparing the retrieved user Id in S48 a.
Through the scheme of the embodiment of the application, the data extracted by each user can be encrypted uniquely for each user under the condition that the error rate is not more than 1 per thousand, and the imperceptibility of the user can be realized. And once the leaked report data is found, the leaking person can be locked or the locking range can be reduced in the shortest possible time, such as 2 hours, so that the report data of enterprise operation is prevented from being further leaked, the normal operation of the enterprise is protected, and the safety of the enterprise operation data is improved.
FIG. 7 is a block diagram illustrating an architecture of a source user determination mechanism for a data report in accordance with an exemplary embodiment. The source user determination means of the data report may be used in a computer device, such as a server, to perform all or part of the steps in the embodiments shown in fig. 2 or fig. 3. The source user determination device of the data report may include:
an encrypted report acquisition module 701, configured to acquire an encrypted data report, where the encrypted data report includes at least one piece of digital data, and the digital data is divided into a non-encryptable digit and an encryptable digit according to digits;
an original report acquisition module 702, configured to determine an original data report according to content on a non-encryptable digit in the at least one piece of digital data, where the original data report is a data report of the encrypted data report before encryption;
a position ciphertext obtaining module 703, configured to obtain an encrypted position and an encrypted ciphertext of each user corresponding to the original data report;
a user determining module 704, configured to determine a source user of the encrypted data report according to a matching result between the respective encrypted position and the encrypted ciphertext of each user and the content on the encryptable digit in the at least one piece of digital data; and the encryption position and the encryption ciphertext of the source user encrypt the original data report to obtain the user of the encrypted data report.
Optionally, the user determining module 704 includes:
the comparison unit is used for comparing the original data report with the encrypted data report and determining an encrypted position and an encrypted number in the encrypted data report;
and the source user determining unit is used for determining the corresponding encryption position and encryption ciphertext in each user as the matched user matched with the encryption position and encryption number in the encryption data report.
Optionally, the user determining module 704 further includes:
a user determining unit, configured to, before the source user determining unit determines, as the source user, a matching user whose corresponding encrypted position and encrypted number are matched with the encrypted position and encrypted number in the encrypted data report, obtain a report obtaining user, where the report obtaining user is a user who has requested the original data report;
the source user determining unit is used for responding to the report and acquiring that the matched user exists in the user, and determining the matched user as the source user.
Optionally, the apparatus further comprises:
an extraction request receiving module, configured to receive a report extraction request for extracting the original data report, where the report extraction request is sent by a terminal before the encrypted data report is acquired by the encrypted report acquisition module 701; the report extraction request comprises a user identifier of a requesting user;
the position ciphertext obtaining module 703 is further configured to obtain, according to the user identifier of the requesting user, an encrypted position and an encrypted ciphertext corresponding to the requesting user;
the replacing module is used for replacing the content in the original data report according to the encrypted position and the encrypted ciphertext corresponding to the requesting user to obtain an encrypted data report taking the requesting user as a source user;
and the report returning module is used for returning the encrypted data report taking the requesting user as the source user to the terminal.
Optionally, when the encrypted location and the encrypted ciphertext corresponding to the requesting user are obtained according to the user identifier of the requesting user, the location ciphertext obtaining module 703 is configured to,
inquiring whether an encryption position and an encryption ciphertext corresponding to the requesting user are stored or not according to the user identifier of the requesting user;
responding to the stored encrypted position and encrypted ciphertext corresponding to the requesting user, and acquiring the stored encrypted position and encrypted ciphertext corresponding to the requesting user;
responding to the situation that the encrypted position and the encrypted ciphertext corresponding to the requesting user are not stored, and generating the encrypted position and the encrypted ciphertext corresponding to the requesting user;
and correspondingly storing the user identification of the requesting user, the encryption position and the encryption ciphertext corresponding to the requesting user.
Optionally, when the encrypted position and the encrypted ciphertext corresponding to the requesting user are generated in response to not storing the encrypted position and the encrypted ciphertext corresponding to the requesting user, the position ciphertext obtaining module 703 is configured to randomly generate a temporary encrypted position and a temporary encrypted ciphertext according to the number of encrypted digits;
in response to that the content corresponding to the temporary encryption position in the original data report is different from the temporary encryption ciphertext, taking the temporary encryption position and the temporary encryption ciphertext as the encryption position and the encryption ciphertext corresponding to the requesting user;
and responding to the original data report that the content corresponding to the temporary encryption position is the same as the temporary encryption ciphertext, and randomly generating a new temporary encryption position and a new temporary encryption ciphertext.
Optionally, the apparatus further comprises:
and a number obtaining module, configured to obtain the number of the encrypted digits according to the number of the users having the authority to obtain the original data report before the position ciphertext obtaining module 703 randomly generates the temporary encrypted position and the temporary encrypted ciphertext according to the number of the encrypted digits.
To sum up, in the scheme shown in the embodiment of the present application, for an encrypted data report including at least one piece of digital data, according to the content on the non-encryptable digit number in the at least one piece of digital data, an original data report is determined, and the respective encryption position and encryption ciphertext of each user corresponding to the original data report are obtained, and then according to the respective encryption position and encryption ciphertext of each user, and the matching result of the content on the encryptable digit number in the at least one piece of digital data, the source user of the encrypted data report is determined; different encryption positions and encryption ciphertexts are set for different users, and in a user positioning stage, contents on the encryption bits in the encrypted data report are matched with the encryption positions and the encryption ciphertexts of different users, so that a source user of the encrypted data report is determined, the source user of the encrypted data report can be accurately determined without executing a manual checking step in the process, and the positioning efficiency of the source user of the encrypted data report is improved.
FIG. 8 is a schematic diagram illustrating a configuration of a computer device, according to an example embodiment. The computer device 800 includes a Central Processing Unit (CPU)801, a system memory 804 including a Random Access Memory (RAM)802 and a Read Only Memory (ROM)803, and a system bus 805 connecting the system memory 804 and the central processing unit 801. The computer device 800 also includes a basic input/output system (I/O system) 806, which facilitates transfer of information between various components within the computer, and a mass storage device 807 for storing an operating system 813, application programs 814, and other program modules 815.
The basic input/output system 806 includes a display 808 for displaying information and an input device 809 such as a mouse, keyboard, etc. for user input of information. Wherein the display 808 and the input device 809 are connected to the central processing unit 801 through an input output controller 810 connected to the system bus 805. The basic input/output system 806 may also include an input/output controller 810 for receiving and processing input from a number of other devices, such as a keyboard, mouse, or electronic stylus. Similarly, input-output controller 810 also provides output to a display screen, a printer, or other type of output device.
The mass storage device 807 is connected to the central processing unit 801 through a mass storage controller (not shown) connected to the system bus 805. The mass storage device 807 and its associated computer-readable media provide non-volatile storage for the computer device 800. That is, the mass storage device 807 may include a computer-readable medium (not shown) such as a hard disk or CD-ROM drive.
Without loss of generality, the computer-readable media may comprise computer storage media and communication media. Computer storage media includes volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data. Computer storage media includes RAM, ROM, EPROM, EEPROM, flash memory or other solid state memory technology, CD-ROM, DVD, or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices. Of course, those skilled in the art will appreciate that the computer storage media is not limited to the foregoing. The system memory 804 and mass storage 807 described above may be collectively referred to as memory.
The computer device 800 may be connected to the internet or other network devices through a network interface unit 811 coupled to the system bus 805.
The memory further includes one or more programs, the one or more programs are stored in the memory, and the central processing unit 801 executes the one or more programs to implement all or part of the steps of the method shown in fig. 2 or fig. 3.
In an exemplary embodiment, a non-transitory computer readable storage medium comprising instructions, such as a memory comprising computer programs (instructions), executable by a processor of a computer device to perform all or part of the steps of the methods shown in the various embodiments of the present application, is also provided. For example, the non-transitory computer readable storage medium may be a Read-Only Memory (ROM), a Random Access Memory (RAM), a Compact Disc Read-Only Memory (CD-ROM), a magnetic tape, a floppy disk, an optical data storage device, and the like.
Other embodiments of the present application will be apparent to those skilled in the art from consideration of the specification and practice of the invention disclosed herein. This application is intended to cover any variations, uses, or adaptations of the invention following, in general, the principles of the application and including such departures from the present disclosure as come within known or customary practice within the art to which the invention pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the application being indicated by the following claims.
It will be understood that the present application is not limited to the precise arrangements described above and shown in the drawings and that various modifications and changes may be made without departing from the scope thereof. The scope of the application is limited only by the appended claims.

Claims (10)

1. A method for determining a source user for a data report, the method comprising:
acquiring an encrypted data report, wherein the encrypted data report comprises at least one piece of digital data, and the digital data is divided into a non-encryptable digit and an encryptable digit according to digits;
determining an original data report according to the content of the non-encryptable digits in the at least one piece of digital data, wherein the original data report is a data report of the encrypted data report before encryption;
acquiring the respective encryption position and encryption ciphertext of each user corresponding to the original data report;
determining a source user of the encrypted data report according to the respective encryption position and the encryption ciphertext of each user and the matching result of the content on the encryptable digit in the at least one piece of digital data; and the encryption position and the encryption ciphertext of the source user encrypt the original data report to obtain the user of the encrypted data report.
2. The method according to claim 1, wherein the determining a source user of the encrypted data report according to the matching result between the respective encrypted positions and the encrypted ciphertext of the respective users and the content on the encryptable number of bits in the at least one piece of digital data comprises:
comparing the original data report with the encrypted data report, and determining an encrypted position and an encrypted number in the encrypted data report;
and determining the corresponding encryption position and encryption ciphertext in each user as the source user, wherein the encryption position and encryption number in the encryption data report are matched with the corresponding encryption user.
3. The method of claim 2,
before determining the matched user, in which the corresponding encrypted position and encrypted number in each user are matched with the encrypted position and encrypted number in the encrypted data report, as the source user, the method further includes:
acquiring a report acquiring user, wherein the report acquiring user is a user who has requested the original data report;
the determining a matching user, in which the corresponding encrypted position and the corresponding encrypted number in each user are matched with the encrypted position and the corresponding encrypted number in the encrypted data report, as the source user includes:
and responding to the report form acquisition user to determine that the matched user exists, and determining the matched user as the source user.
4. The method of claim 1, wherein prior to obtaining the encrypted data report, further comprising:
receiving a report extraction request which is sent by a terminal and used for extracting the original data report; the report extraction request comprises a user identifier of a requesting user;
acquiring an encryption position and an encryption ciphertext corresponding to the requesting user according to the user identifier of the requesting user;
replacing the content in the original data report according to the encrypted position and the encrypted ciphertext corresponding to the requesting user to obtain an encrypted data report taking the requesting user as a source user;
and returning the encrypted data report taking the requesting user as the source user to the terminal.
5. The method according to claim 4, wherein the obtaining the encrypted location and the encrypted ciphertext corresponding to the requesting user according to the user identifier of the requesting user comprises:
inquiring whether an encryption position and an encryption ciphertext corresponding to the requesting user are stored or not according to the user identifier of the requesting user;
responding to the stored encrypted position and encrypted ciphertext corresponding to the requesting user, and acquiring the stored encrypted position and encrypted ciphertext corresponding to the requesting user;
responding to the situation that the encrypted position and the encrypted ciphertext corresponding to the requesting user are not stored, and generating the encrypted position and the encrypted ciphertext corresponding to the requesting user;
and correspondingly storing the user identification of the requesting user, the encryption position and the encryption ciphertext corresponding to the requesting user.
6. The method of claim 5, wherein generating the encrypted location and encrypted ciphertext corresponding to the requesting user in response to not storing the encrypted location and encrypted ciphertext corresponding to the requesting user comprises:
randomly generating a temporary encryption position and a temporary encryption ciphertext according to the number of the encryption numbers;
in response to that the content corresponding to the temporary encryption position in the original data report is different from the temporary encryption ciphertext, taking the temporary encryption position and the temporary encryption ciphertext as the encryption position and the encryption ciphertext corresponding to the requesting user;
and responding to the original data report that the content corresponding to the temporary encryption position is the same as the temporary encryption ciphertext, and randomly generating a new temporary encryption position and a new temporary encryption ciphertext.
7. The method of claim 6, wherein before randomly generating the temporary encryption position and the temporary encryption ciphertext according to the number of the encryption numbers, further comprising:
and acquiring the number of the encrypted numbers according to the number of users having the authority of acquiring the original data report.
8. An apparatus for source user determination of a data report, the apparatus comprising:
the encrypted data report comprises at least one piece of digital data, and the digital data is divided into a non-encryptable digit and an encryptable digit according to the digit;
an original report acquisition module, configured to determine an original data report according to content on a non-encryptable digit in the at least one piece of digital data, where the original data report is a data report of the encrypted data report before encryption;
the position ciphertext acquisition module is used for acquiring the respective encryption position and encryption ciphertext of each user corresponding to the original data report;
the user determining module is used for determining a source user of the encrypted data report according to the respective encrypted position and the encrypted ciphertext of each user and the matching result of the content on the encryptable digit in the at least one piece of digital data; and the encryption position and the encryption ciphertext of the source user encrypt the original data report to obtain the user of the encrypted data report.
9. A computer device comprising a processor and a memory, said memory having stored therein at least one instruction, at least one program, set of codes, or set of instructions, said at least one instruction, said at least one program, said set of codes, or set of instructions being loaded and executed by said processor to implement a source user determination method of a data report according to any one of claims 1 to 7.
10. A computer readable storage medium having stored therein at least one instruction, at least one program, a set of codes, or a set of instructions, which is loaded and executed by a processor to implement a source user determination method of a data report according to any one of claims 1 to 7.
CN201911399521.8A 2019-12-30 2019-12-30 Method, device, equipment and storage medium for determining source user of data report Pending CN111159744A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911399521.8A CN111159744A (en) 2019-12-30 2019-12-30 Method, device, equipment and storage medium for determining source user of data report

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911399521.8A CN111159744A (en) 2019-12-30 2019-12-30 Method, device, equipment and storage medium for determining source user of data report

Publications (1)

Publication Number Publication Date
CN111159744A true CN111159744A (en) 2020-05-15

Family

ID=70559415

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911399521.8A Pending CN111159744A (en) 2019-12-30 2019-12-30 Method, device, equipment and storage medium for determining source user of data report

Country Status (1)

Country Link
CN (1) CN111159744A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115688150A (en) * 2023-01-04 2023-02-03 徐工汉云技术股份有限公司 File encryption transmission method, decryption display method, storage medium and electronic equipment

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103618754A (en) * 2013-12-20 2014-03-05 山东中创软件商用中间件股份有限公司 Cookie anti-tamper method and device
CN104009839A (en) * 2014-06-16 2014-08-27 华中师范大学 Generating method for secret keys with user information
US20160147945A1 (en) * 2014-11-26 2016-05-26 Ims Health Incorporated System and Method for Providing Secure Check of Patient Records
CN108256340A (en) * 2017-12-22 2018-07-06 中国平安人寿保险股份有限公司 Collecting method, device, terminal device and storage medium
CN108733799A (en) * 2018-05-17 2018-11-02 深圳市买买提信息科技有限公司 A kind of method for processing report data, device and terminal
CN109583218A (en) * 2018-11-23 2019-04-05 泰康保险集团股份有限公司 Classified papers protection, localization method, device, equipment and readable storage medium storing program for executing
CN110096897A (en) * 2019-04-15 2019-08-06 山东三未信安信息科技有限公司 Data desensitization method and device, leaking data source localization method and device

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103618754A (en) * 2013-12-20 2014-03-05 山东中创软件商用中间件股份有限公司 Cookie anti-tamper method and device
CN104009839A (en) * 2014-06-16 2014-08-27 华中师范大学 Generating method for secret keys with user information
US20160147945A1 (en) * 2014-11-26 2016-05-26 Ims Health Incorporated System and Method for Providing Secure Check of Patient Records
CN108256340A (en) * 2017-12-22 2018-07-06 中国平安人寿保险股份有限公司 Collecting method, device, terminal device and storage medium
CN108733799A (en) * 2018-05-17 2018-11-02 深圳市买买提信息科技有限公司 A kind of method for processing report data, device and terminal
CN109583218A (en) * 2018-11-23 2019-04-05 泰康保险集团股份有限公司 Classified papers protection, localization method, device, equipment and readable storage medium storing program for executing
CN110096897A (en) * 2019-04-15 2019-08-06 山东三未信安信息科技有限公司 Data desensitization method and device, leaking data source localization method and device

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115688150A (en) * 2023-01-04 2023-02-03 徐工汉云技术股份有限公司 File encryption transmission method, decryption display method, storage medium and electronic equipment

Similar Documents

Publication Publication Date Title
US10977269B1 (en) Selective structure preserving obfuscation
US10891552B1 (en) Automatic parser selection and usage
US9646088B1 (en) Data collection and transmission
AU2014237406B2 (en) Method and apparatus for substitution scheme for anonymizing personally identifiable information
US10764039B2 (en) Dynamic generation and management of asymmetric cryptographic keys using distributed ledgers
US9081978B1 (en) Storing tokenized information in untrusted environments
US8245037B1 (en) Encryption key management
US10621209B1 (en) Automatic parser generation
US8955143B1 (en) Use of decoy data in a data store
CN108154038B (en) Data processing method and device
US20200184100A1 (en) Systems And Methods For Record Linkage
CN108809985B (en) Mobile platform system
US10204236B1 (en) Self-consistent structures for secure transmission and temporary storage of sensitive data
US8848922B1 (en) Distributed encryption key management
US20220311754A1 (en) Generating bridge match identifiers for linking identifers from server logs
CN113347163B (en) Single sign-on method, device, equipment and medium
US9665732B2 (en) Secure Download from internet marketplace
CN111881252A (en) Work report processing method and device, computer equipment and storage medium
CN113904832B (en) Data encryption method, device, equipment and storage medium
US11625368B1 (en) Data migration framework
US8037067B1 (en) Systems and methods for tracking user activity at website
US20190066012A1 (en) Enterprise customer website
WO2020112993A1 (en) Systems and methods for data usage monitoring in multi-tenancy enabled hadoop clusters
CN111181920A (en) Encryption and decryption method and device
CN113434588B (en) Data mining analysis method and device based on mobile communication ticket

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20200515

WD01 Invention patent application deemed withdrawn after publication