CN117650890A - Data processing method and device - Google Patents
Data processing method and device Download PDFInfo
- Publication number
- CN117650890A CN117650890A CN202311647108.5A CN202311647108A CN117650890A CN 117650890 A CN117650890 A CN 117650890A CN 202311647108 A CN202311647108 A CN 202311647108A CN 117650890 A CN117650890 A CN 117650890A
- Authority
- CN
- China
- Prior art keywords
- data
- key
- encrypted data
- password
- secret key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000003672 processing method Methods 0.000 title claims abstract description 29
- 238000004590 computer program Methods 0.000 claims description 11
- 238000000034 method Methods 0.000 abstract description 17
- 238000004891 communication Methods 0.000 description 8
- 238000010586 diagram Methods 0.000 description 6
- 238000013500 data storage Methods 0.000 description 5
- 239000000284 extract Substances 0.000 description 5
- 230000003287 optical effect Effects 0.000 description 3
- 230000000694 effects Effects 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 238000005070 sampling Methods 0.000 description 2
- 238000001514 detection method Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Landscapes
- Storage Device Security (AREA)
Abstract
The application relates to the technical field of data security, and provides a data processing method and device. The method comprises the following steps: the terminal equipment acquires encrypted data from the database and sends the encrypted data to the password equipment; the encryption equipment obtains a corresponding key according to key parameters in the encrypted data to decrypt the encrypted data to obtain plaintext data; the cipher device feeds back the plaintext data to the terminal device. The encryption data is obtained by encrypting plaintext data by the password equipment according to the secret key and the secret key parameter of the secret key. The data processing method provided by the embodiment of the application can improve the processing efficiency of encrypting and decrypting the data by the terminal equipment.
Description
Technical Field
The present application relates to the field of data security technologies, and in particular, to a data processing method and apparatus.
Background
At present, in order to improve the security of data, a symmetric encryption and decryption mode can be adopted to encrypt and decrypt the data. Specifically, in the encryption process, the terminal device may acquire a key from the cryptographic device to encrypt the plaintext data, obtain ciphertext data, and store the correspondence between the ciphertext data and the key parameter of the key in the database. The key parameter may include, among other things, a key identification and/or a key version number. In the decryption process, after the terminal equipment acquires the corresponding key parameters from the database according to the ciphertext data, the ciphertext data and the ciphertext parameters are sent to the password equipment for decryption.
However, since the key is an important factor for securing data, the key needs to be regularly adjusted in order to reduce the risk of leakage of the key and the data. After the key is adjusted, a new version of the key is generated, and a new key parameter is correspondingly generated. After a large amount of data is encrypted, the terminal equipment needs to store the corresponding relation between a large amount of encrypted data and a large amount of key parameters, so that a proper key can be found for decryption when decryption is performed, and the processing efficiency of the terminal equipment on the data is affected. And each time the ciphertext data is decrypted, after the key parameter corresponding to the ciphertext data is searched from the database, a decryption request can be generated and sent to the password equipment for decryption, so that the decryption processing efficiency of the terminal equipment is low.
Disclosure of Invention
The present application aims to solve at least one of the technical problems existing in the related art. Therefore, the data processing method can improve the processing efficiency of encrypting and decrypting the data by the terminal equipment.
According to an embodiment of the first aspect of the present application, a data processing method applied to a terminal device includes:
obtaining encrypted data from a database and sending the encrypted data to a password device, so that the password device obtains a corresponding key to decrypt the encrypted data according to a key parameter in the encrypted data;
receiving plaintext data fed back by the password equipment according to the encrypted data;
the encryption data is obtained by encrypting plaintext data by the password equipment according to the secret key and the secret key parameter of the secret key.
According to the data processing method provided by the embodiment of the application, the encryption equipment encrypts the plaintext data according to the secret key and the secret key parameter of the secret key to obtain the encrypted data, the encrypted data is stored in the terminal equipment, and when decryption is needed, the terminal equipment sends the encrypted data to the password equipment, so that the password equipment obtains the corresponding secret key according to the secret key parameter in the encrypted data to decrypt the encrypted data, and therefore the terminal equipment only needs to send an encryption request comprising the plaintext data to the password equipment in a data encryption stage to obtain the corresponding encrypted data from the password equipment for storage, and the corresponding relation between the encrypted data and the secret key parameter is not required to be recorded. In the decryption stage, only the encrypted data is directly sent to the password equipment, which key parameter corresponds to the encrypted data is not required to be concerned, but the password equipment directly extracts the key parameter from the encrypted data to obtain the corresponding key for decryption, so that the operation required to be executed by the terminal equipment in the encryption and decryption process is reduced, and the processing efficiency of encrypting and decrypting the data by the terminal equipment is improved.
According to one embodiment of the present application, further comprising:
generating an encryption request according to plaintext data and selected key parameters, and sending the encryption request to a password device, so that the password device obtains a key corresponding to the key parameters in the encryption request, encrypts the plaintext data to obtain an initial ciphertext, and then adds the key parameters of the key to a designated position in the initial ciphertext to generate the encrypted data;
and receiving the encrypted data fed back by the password equipment.
According to one embodiment of the present application, the specified location is determined according to preset location information of the cryptographic device.
According to one embodiment of the present application, the preset location information includes at least one of a start location of the initial ciphertext or an end location of the initial ciphertext.
According to one embodiment of the present application, further comprising:
and deleting the key parameter in the terminal equipment under the condition that the encrypted data is received.
According to an embodiment of the second aspect of the present application, a data processing method is applied to a cryptographic device, and includes:
receiving encrypted data sent by the terminal equipment;
obtaining a corresponding key to decrypt the encrypted data according to the key parameter in the encrypted data;
and encrypting the plaintext data sent by the terminal equipment according to the secret key and the secret key parameter of the secret key by the encrypted data.
According to one embodiment of the present application, further comprising:
responding to an encryption request sent by the terminal equipment, acquiring the key corresponding to a key parameter in the encryption request, and encrypting plaintext data in the encryption request to obtain an initial ciphertext;
according to preset position information, adding a key parameter of the key to a designated position corresponding to the preset position information in the initial secret, and generating the encrypted data;
and sending the encrypted data to the terminal equipment.
According to one embodiment of the present application, obtaining a corresponding key to decrypt the encrypted data according to a key parameter in the encrypted data includes:
and determining the position of the key parameter in the encrypted data, matching with the position information, and acquiring a corresponding key to decrypt the encrypted data according to the key parameter in the encrypted data.
According to an embodiment of the third aspect of the present application, a data processing apparatus, applied to a terminal device, includes:
the first data processing module is used for acquiring encrypted data from a database and sending the encrypted data to the password equipment so that the password equipment can acquire a corresponding key to decrypt the encrypted data according to the key parameter in the encrypted data;
the plaintext data receiving module is used for receiving plaintext data fed back by the password equipment according to the encrypted data;
the encryption data is obtained by encrypting plaintext data by the password equipment according to the secret key and the secret key parameter of the secret key.
The data processing apparatus according to the embodiment of the fourth aspect of the present application is applied to a cryptographic device, and includes:
the encrypted data receiving module is used for receiving the encrypted data sent by the terminal equipment;
the second data processing module is used for obtaining a corresponding key to decrypt the encrypted data according to the key parameter in the encrypted data;
and encrypting the plaintext data sent by the terminal equipment according to the secret key and the secret key parameter of the secret key by the encrypted data.
An electronic device according to an embodiment of a fifth aspect of the present application includes a processor and a memory storing a computer program, where the processor implements the data processing method according to any of the above embodiments when executing the computer program.
A computer-readable storage medium according to an embodiment of a sixth aspect of the present application has stored thereon a computer program which, when executed by a processor, implements the data processing method according to any of the above-described embodiments.
A computer program product according to an embodiment of the seventh aspect of the present application, comprising: the computer program, when executed by a processor, implements a data processing method as described in any of the embodiments above.
The above technical solutions in the embodiments of the present application have at least one of the following technical effects:
the encryption device encrypts the plaintext data according to the secret key and the secret key parameter of the secret key to obtain encrypted data, the encrypted data is stored in the terminal device, and when decryption is needed, the terminal device sends the encrypted data to the secret key device, so that the secret key device obtains the corresponding secret key according to the secret key parameter in the encrypted data to decrypt the encrypted data, and therefore the terminal device only needs to send an encryption request comprising the plaintext data to the secret key device in a data encryption stage, so that the corresponding encrypted data is obtained from the secret key device to be stored, and the corresponding relation between the encrypted data and the secret key parameter is not required to be recorded. In the decryption stage, only the encrypted data is directly sent to the password equipment, which key parameter corresponds to the encrypted data is not required to be concerned, but the password equipment directly extracts the key parameter from the encrypted data to obtain the corresponding key for decryption, so that the operation required to be executed by the terminal equipment in the encryption and decryption process is reduced, and the processing efficiency of encrypting and decrypting the data by the terminal equipment is improved.
Drawings
For a clearer description of the present application or of the prior art, the drawings that are used in the description of the embodiments or of the prior art will be briefly described, it being apparent that the drawings in the description below are some embodiments of the present application, and that other drawings may be obtained from these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a topology diagram of a data processing system according to some embodiments of the present application;
FIG. 2 is a schematic flow chart of a data processing method according to an embodiment of the present disclosure;
FIG. 3 is a schematic diagram of a second flow of a data processing method according to an embodiment of the present disclosure;
FIG. 4 is a schematic diagram of a first structure of a data processing apparatus according to an embodiment of the present application;
FIG. 5 is a second schematic diagram of a data processing apparatus according to an embodiment of the present application;
fig. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
For the purposes of making the objects, technical solutions and advantages of the present application more apparent, the technical solutions in the present application will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present application, and it is apparent that the described embodiments are some, but not all, embodiments of the present application. All other embodiments, which can be made by one of ordinary skill in the art based on the embodiments herein without making any inventive effort, are intended to be within the scope of the present application.
The data processing method and apparatus provided in the embodiments of the present application will be described and illustrated in detail below by using several specific embodiments.
At present, in order to improve the security of data, a symmetric encryption and decryption mode can be adopted to encrypt and decrypt the data. In the related art, the method for encrypting and decrypting the data by adopting a symmetrical encryption and decryption mode is specifically as follows: in the encryption process, a terminal device acquires a key from a password device to encrypt plaintext data to obtain ciphertext data, and the corresponding relation between the ciphertext data and key parameters of the key is stored in a database. The key parameter may include, among other things, a key identification and/or a key version number. In the decryption process, after the terminal equipment acquires the corresponding key parameters from the database according to the ciphertext data, the ciphertext data and the ciphertext parameters are sent to the password equipment for decryption.
However, since the key is an important factor for securing data, the key needs to be regularly adjusted in order to reduce the risk of leakage of the key and the data. After the key is adjusted, a new version of the key is generated, and a new key parameter is correspondingly generated. After a large amount of data is encrypted, the terminal equipment needs to store the corresponding relation between a large amount of encrypted data and a large amount of key parameters, so that a proper key can be found for decryption when decryption is performed, and the processing efficiency of the terminal equipment on the data is affected. And each time the ciphertext data is decrypted, after the key parameter corresponding to the ciphertext data is searched from the database, a decryption request can be generated and sent to the password equipment for decryption, so that the decryption processing efficiency of the terminal equipment is low.
In view of the foregoing technical problems, an embodiment of the present application provides a data processing system, as shown in fig. 1, including a terminal device 10 and a password device 20, where the terminal device 10 is communicatively connected to the password device 20. In the data encryption stage, the terminal equipment sends plaintext data to the password equipment, so that the password equipment encrypts the plaintext data according to the secret key and the secret key parameter of the secret key to obtain encrypted data, and then the encrypted data is sent to the terminal equipment for storage. In the decryption stage, the terminal equipment directly sends the encrypted data to the password equipment, and the password equipment obtains the corresponding key according to the key parameter in the encrypted data to decrypt the encrypted data, so that the terminal equipment only needs to send an encryption request comprising plaintext data to the password equipment in the data encryption stage to obtain the corresponding encrypted data from the password equipment for storage, the corresponding relation between the encrypted data and the key parameter is not required to be recorded, and in the decryption stage, only needs to directly send the encrypted data to the password equipment, the key parameter corresponding to the encrypted data is not required to be concerned, but the key parameter is directly extracted from the encrypted data by the password equipment to obtain the corresponding key for decryption, thereby reducing the operation required to be executed by the terminal equipment in the encryption and decryption process and improving the processing efficiency of encrypting and decrypting the data by the terminal equipment.
According to some embodiments of the present application, a data processing method is provided, which can be applied to the foregoing terminal device and password device. The terminal device may be a mobile terminal and a desktop terminal, such as a mobile phone, a notebook computer or a desktop computer, or may be a server, such as an independent server or a server cluster formed by multiple servers, or may be a cloud server that provides basic cloud computing services such as cloud services, cloud credential pools, cloud computing, cloud functions, cloud storage, network services, cloud communication, middleware services, domain name services, security services, CDNs, and big data and artificial intelligent sampling point devices.
The cryptographic device is a device for encrypting and encrypting data, which may be implemented by a server, such as an independent server or a server cluster formed by a plurality of servers, and may also be a cloud server for providing cloud services, cloud credential pools, cloud computing, cloud functions, cloud storage, network services, cloud communication, middleware services, domain name services, security services, CDNs, basic cloud computing services such as big data and artificial intelligent sampling point devices, and the like.
As shown in fig. 2, the data processing method provided in this embodiment includes:
step 101, terminal equipment acquires encrypted data from a database and sends the encrypted data to password equipment;
step 102, the cipher equipment obtains a corresponding key to decrypt the encrypted data according to the key parameter in the encrypted data to obtain plaintext data;
and step 103, the password device feeds back the plaintext data to the terminal device.
The encryption data is obtained by encrypting plaintext data by the password equipment according to the secret key and the secret key parameter of the secret key.
In some embodiments, keys corresponding to the various key parameters are pre-stored in the cryptographic device. Wherein the key parameters include a key identification and a key version number. The key in the cryptographic device is used by a key identification, such as key index 1 or UUID, etc. When the key rotation is started, the latest version of the key is generated after the rotation period is up, so that different versions of keys exist under the same key identifier, and the keys of different versions under the same key identifier all have corresponding key version numbers.
When the terminal equipment needs to encrypt certain plaintext data, an encryption interface can be called, the plaintext data is packaged into an encryption request, and the encryption request is sent to the password equipment. After receiving the encryption request, the cryptographic device analyzes the encryption request to obtain plaintext data. After obtaining the plaintext data, the cryptographic device may randomly select a key parameter to obtain a corresponding key, and then encrypt the plaintext data using a corresponding encryption algorithm by using the key parameter and the corresponding key to obtain encrypted data. If a key identifier and a key version number are randomly selected, a corresponding key is obtained according to the key identifier and the key version number, and then the key identifier, the key version number, the key and plaintext data are input into a corresponding encryption algorithm for encryption, so that encrypted data are obtained. The encryption algorithm comprises SM1, SM4, AES, DES, 3DES and the like.
Or when the terminal equipment needs to encrypt a piece of plaintext data, all key parameters recorded by the terminal equipment can be acquired from the password equipment, one of the key parameters is selected, an encryption interface is called, the plaintext data and the key parameters are packaged into an encryption request, and the encryption request is sent to the password equipment. After receiving the encryption request, the cryptographic device analyzes the encryption request to obtain plaintext data and key parameters, and at the moment, the cryptographic device can acquire a corresponding key according to the key parameters and then input the key, the corresponding key parameters and the plaintext data into a corresponding encryption algorithm to obtain encrypted data.
In order to avoid the situation that the key parameters are difficult to acquire from the encrypted data in the follow-up process due to the fact that characters in the key parameters are scattered when the encrypted data are encrypted by using an encryption algorithm, the key parameters are marked as a single target character, and then the key, the plaintext data and the target character are input into the encryption algorithm for encryption, so that the encrypted data are obtained. Thus, the key parameter can be conveniently obtained from the encrypted data.
After the encryption device generates the encrypted data, the encrypted data can be sent to the terminal device, and the terminal device stores the encrypted data in a database of the terminal device. At this time, the terminal device only needs to store the encrypted data, and does not need to store the corresponding relation between the encrypted data and the key parameter. Thus, it is assumed that, when the corresponding relation between the encrypted data and the key parameter is originally stored, one column of data storage space is required to store the encrypted data, and the other column of data storage space is required to store the key parameter, and when the key parameter includes the key identifier and the key version number at the same time, one column of data storage space is required to store the key identifier or the key version number. However, the length of the key parameter has a limited effect compared with the performance of symmetric encryption, and only a single column of data storage space is needed to store the encrypted data, so that other storage space is not needed to store the key parameter.
When the terminal equipment needs to decrypt certain encrypted data, the encrypted data can be obtained from the database, then a decryption interface is called, the encrypted data is packaged into a decryption request, and the decryption request is sent to the password equipment. And under the condition that the decryption request is received, the encryption equipment analyzes the decryption request to obtain encrypted data, and then traverses the encrypted data to extract the key parameter. After the key parameter is extracted from the encrypted data, the cryptographic device can acquire the corresponding key according to the key parameter to decrypt the encrypted data.
If the encryption device successfully decrypts the encrypted data through the secret key, the encryption device can feed back the plaintext obtained after decryption after completing the decryption of the encrypted data to the terminal device; if the encryption device fails to decrypt the encrypted data through the secret key, the prompting information of the decryption failure is fed back to the terminal device.
The encryption device encrypts the plaintext data according to the secret key and the secret key parameter of the secret key to obtain encrypted data, the encrypted data is stored in the terminal device, and when decryption is needed, the terminal device sends the encrypted data to the secret key device, so that the secret key device obtains the corresponding secret key according to the secret key parameter in the encrypted data to decrypt the encrypted data, and therefore the terminal device only needs to send an encryption request comprising the plaintext data to the secret key device in a data encryption stage, so that the corresponding encrypted data is obtained from the secret key device to be stored, and the corresponding relation between the encrypted data and the secret key parameter is not required to be recorded. In the decryption stage, only the encrypted data is directly sent to the password equipment, which key parameter corresponds to the encrypted data is not required to be concerned, but the password equipment directly extracts the key parameter from the encrypted data to obtain the corresponding key for decryption, so that the operation required to be executed by the terminal equipment in the encryption and decryption process is reduced, and the processing efficiency of encrypting and decrypting the data by the terminal equipment is improved.
To improve the decryption efficiency of the encrypted data, in some embodiments, as shown in fig. 3, the method further includes:
in step 201, the terminal device generates an encryption request according to the plaintext data and the selected key parameter, and sends the encryption request to the cryptographic device.
In step 201, the cryptographic device obtains a key corresponding to the key parameter in the encryption request, and encrypts the plaintext data to obtain an initial ciphertext.
In step 203, the cryptographic device adds the key parameter of the key to the designated location in the initial secret to generate encrypted data.
In step 204, the cryptographic device sends the encrypted data to the terminal device.
In some embodiments, when the terminal device needs to encrypt a piece of plaintext data, all key parameters recorded by the terminal device may be obtained from the cryptographic device, then one of the key parameters is selected, and an encryption interface is called, and the plaintext data and the key parameters are packaged into an encryption request and sent to the cryptographic device. After receiving the encryption request, the cryptographic device analyzes the encryption request to obtain plaintext data and key parameters, and at the moment, the cryptographic device can acquire a corresponding key according to the key parameters and then input the key and plaintext data into a corresponding encryption algorithm to obtain initial ciphertext.
After obtaining the initial ciphertext, the cryptographic device may add the key parameter obtained from the encryption request to the specified location of the initial ciphertext, thereby obtaining the encrypted data. The specific position may be set according to the actual situation, for example, may be a starting position or an ending position of the initial ciphertext. Therefore, when the encrypted data is decrypted, the key parameters in the encrypted data can be rapidly positioned according to the appointed position, so that the key parameters are rapidly extracted, and further, the key corresponding to the key parameters can be rapidly obtained to decrypt the encrypted data.
Illustratively, assuming that the Key parameters include a Key identification KeyId and a Key version number KeyVer, the plaintext data is Plain, and the Key is Key, the cryptographic device may, upon finding the corresponding Key according to the Key identification KeyId and the Key version number KeyVer, the Key version number KeyVer is subjected to encryption operation through the Key Key to obtain an initial ciphertext Cipher, and then a Key identifier KeyId and the Key version number KeyVer are added to the first position of the initial ciphertext Cipher together, so that encrypted data NewCipherA (KeyId I KeyVer I Cipher) can be obtained; alternatively, the key identification KeyId and the key version number KeyVer may be added together to the last bit of the initial ciphertext Cipher, thus, encrypted data NewCipherB (Cipher KeyVer KeyId) can be obtained; alternatively, one of the key identification KeyId and the key version number KeyVer may be added to the first digit of the initial ciphertext Cipher, the other to the last digit of the initial ciphertext Cipher, if the key identification KeyId is added to the first digit of the initial ciphertext Cipher, the key version number KeyVer is added to the last digit of the initial ciphertext Cipher, thus, encrypted data NewCipherC (KeyId Cipher KeyVer) can be obtained.
After the encrypted data is obtained, the password device can record the appointed position corresponding to the encrypted data, and then the encrypted data is fed back to the terminal device. When the encrypted data sent by the terminal equipment is received, the key parameters can be quickly extracted and decrypted according to the appointed position corresponding to the encrypted data, so that the decryption efficiency of the password equipment is improved.
In order to further reduce the storage pressure of the terminal device, since the subsequent terminal device does not need to record the corresponding relationship between the encrypted data and the key parameter, in some embodiments, the key parameter corresponding to the encrypted data in the terminal device may be deleted when the terminal device receives the encrypted data from the cryptographic device, thereby reducing the storage pressure of the terminal device.
To further enhance the decryption efficiency, in some embodiments, the specified location may be determined based on preset location information of the cryptographic device. For example, the cryptographic device may be preset with preset location information, such as a start location of the initial ciphertext, an end location of the initial ciphertext, or an nth character of the initial ciphertext, to be inserted by the key parameter. When the encryption equipment receives an encryption request sent by the terminal equipment, the encryption equipment can respond to the encryption request sent by the terminal equipment to acquire a key corresponding to a key parameter in the encryption request, and encrypt plaintext data in the encryption request to obtain an initial ciphertext. After the initial ciphertext is obtained, the key parameter in the encryption request is added to the designated position corresponding to the preset position information in the initial ciphertext according to the preset position information preset by the initial ciphertext, so that the encrypted data is formed. Therefore, the terminal equipment does not need to record the corresponding relation between the encrypted data and the appointed position, and only needs to extract the key parameter from the encrypted data according to the preset position information when the encrypted data is received, so that the decryption efficiency of the password equipment is improved.
Meanwhile, since the designated location is determined according to the preset location information of the password device, in some embodiments, after the password device receives the encrypted data sent by the terminal device, the location where the key parameter in the encrypted data is located may be detected according to the preset location information, and whether the location is matched with the preset location information or not may be detected.
In order to improve the detection efficiency, a target position corresponding to the preset position information in the encrypted data can be positioned according to the preset position information, and then whether the key parameter exists in the target position is detected. If the encrypted data does not exist, the position of the key parameter in the encrypted data is not matched with the preset position information, and at the moment, the encrypted data can be judged to be not verified, and prompt information of decryption failure is sent to the terminal equipment. If the key parameter exists, the position of the key parameter in the encrypted data is indicated to be matched with the preset position information, and the key parameter can be extracted from the encrypted data at the moment so as to acquire the corresponding key according to the key parameter to decrypt the encrypted data. Therefore, before the encrypted data is decrypted by the key, the encrypted data is verified by the position of the key parameter, so that the decryption security is further improved.
The data processing apparatus provided in the present application will be described below, and the data processing apparatus described below and the data processing method described above may be referred to correspondingly to each other.
In an embodiment, as shown in fig. 4, there is provided a data processing apparatus, applied to a terminal device, including:
a first data processing module 210, configured to obtain encrypted data from a database, and send the encrypted data to a cryptographic device, so that the cryptographic device obtains a corresponding key according to a key parameter in the encrypted data to decrypt the encrypted data;
a plaintext data receiving module 220, configured to receive plaintext data fed back by the cryptographic device according to the encrypted data;
the encryption data is obtained by encrypting plaintext data by the password equipment according to the secret key and the secret key parameter of the secret key.
The encryption device encrypts the plaintext data according to the secret key and the secret key parameter of the secret key to obtain encrypted data, the encrypted data is stored in the terminal device, and when decryption is needed, the terminal device sends the encrypted data to the secret key device, so that the secret key device obtains the corresponding secret key according to the secret key parameter in the encrypted data to decrypt the encrypted data, and therefore the terminal device only needs to send an encryption request comprising the plaintext data to the secret key device in a data encryption stage, so that the corresponding encrypted data is obtained from the secret key device to be stored, and the corresponding relation between the encrypted data and the secret key parameter is not required to be recorded. In the decryption stage, only the encrypted data is directly sent to the password equipment, which key parameter corresponds to the encrypted data is not required to be concerned, but the password equipment directly extracts the key parameter from the encrypted data to obtain the corresponding key for decryption, so that the operation required to be executed by the terminal equipment in the encryption and decryption process is reduced, and the processing efficiency of encrypting and decrypting the data by the terminal equipment is improved.
In an embodiment, the first data processing module 210 is further configured to:
generating an encryption request according to plaintext data and selected key parameters, and sending the encryption request to a password device, so that the password device obtains a key corresponding to the key parameters in the encryption request, encrypts the plaintext data to obtain an initial ciphertext, and then adds the key parameters of the key to a designated position in the initial ciphertext to generate the encrypted data;
and receiving the encrypted data fed back by the password equipment.
In an embodiment, the specified location is determined according to preset location information of the cryptographic device.
In an embodiment, the preset location information includes at least one of a start location of the initial ciphertext or an end location of the initial ciphertext.
In an embodiment, the first data processing module 210 is further configured to:
and deleting the key parameter in the terminal equipment under the condition that the encrypted data is received.
In an embodiment, as shown in fig. 5, there is provided a data processing apparatus applied to a cryptographic device, including:
an encrypted data receiving module 310, configured to receive encrypted data sent by the terminal device;
the second data processing module 320 is configured to obtain a corresponding key according to a key parameter in the encrypted data, and decrypt the encrypted data;
and encrypting the plaintext data sent by the terminal equipment according to the secret key and the secret key parameter of the secret key by the encrypted data.
The encryption device encrypts the plaintext data according to the secret key and the secret key parameter of the secret key to obtain encrypted data, the encrypted data is stored in the terminal device, and when decryption is needed, the terminal device sends the encrypted data to the secret key device, so that the secret key device obtains the corresponding secret key according to the secret key parameter in the encrypted data to decrypt the encrypted data, and therefore the terminal device only needs to send an encryption request comprising the plaintext data to the secret key device in a data encryption stage, so that the corresponding encrypted data is obtained from the secret key device to be stored, and the corresponding relation between the encrypted data and the secret key parameter is not required to be recorded. In the decryption stage, only the encrypted data is directly sent to the password equipment, which key parameter corresponds to the encrypted data is not required to be concerned, but the password equipment directly extracts the key parameter from the encrypted data to obtain the corresponding key for decryption, so that the operation required to be executed by the terminal equipment in the encryption and decryption process is reduced, and the processing efficiency of encrypting and decrypting the data by the terminal equipment is improved.
In an embodiment, the second data processing module 320 is further configured to:
responding to an encryption request sent by the terminal equipment, acquiring the key corresponding to a key parameter in the encryption request, and encrypting plaintext data in the encryption request to obtain an initial ciphertext;
according to preset position information, adding a key parameter of the key to a designated position corresponding to the preset position information in the initial secret, and generating the encrypted data;
and sending the encrypted data to the terminal equipment.
In one embodiment, the second data processing module 320 is specifically configured to:
and determining the position of the key parameter in the encrypted data, matching with the position information, and acquiring a corresponding key to decrypt the encrypted data according to the key parameter in the encrypted data.
Fig. 6 illustrates a physical schematic diagram of an electronic device, as shown in fig. 6, which may include: processor 810, communication interface (Communication Interface) 820, memory 830, and communication bus 840, wherein processor 810, communication interface 820, memory 830 accomplish communication with each other through communication bus 840. Processor 810 may invoke computer programs in memory 830 to perform data processing methods including, for example: obtaining encrypted data from a database and sending the encrypted data to a password device, so that the password device obtains a corresponding key to decrypt the encrypted data according to a key parameter in the encrypted data; receiving plaintext data fed back by the password equipment according to the encrypted data; the encryption data is obtained by encrypting plaintext data by the password equipment according to the secret key and the secret key parameter of the secret key. Or,
receiving encrypted data sent by the terminal equipment; obtaining a corresponding key to decrypt the encrypted data according to the key parameter in the encrypted data; and encrypting the plaintext data sent by the terminal equipment according to the secret key and the secret key parameter of the secret key by the encrypted data.
Further, the logic instructions in the memory 830 described above may be implemented in the form of software functional units and may be stored in a computer-readable storage medium when sold or used as a stand-alone product. Based on such understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution, in the form of a software product stored in a storage medium, including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the methods of the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
In another aspect, embodiments of the present application further provide a processor-readable storage medium, where the processor-readable storage medium stores a computer program for causing a processor to execute the method provided in each of the above embodiments.
The processor-readable storage medium may be any available medium or data storage device that can be accessed by a processor including, but not limited to, magnetic memory (e.g., floppy disk, hard disk, tape, magneto-optical disk (MO), etc.), optical memory (e.g., CD, DVD, BD, HVD, etc.), and semiconductor memory (e.g., ROM, EPROM, EEPROM, nonvolatile memory (NAND FLASH), solid State Disk (SSD)), etc.
The apparatus embodiments described above are merely illustrative, wherein elements illustrated as separate elements may or may not be physically separate, and elements shown as elements may or may not be physical elements, may be located in one place, or may be distributed over a plurality of network elements. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment. Those of ordinary skill in the art will understand and implement the present invention without undue burden.
From the above description of the embodiments, it will be apparent to those skilled in the art that the embodiments may be implemented by means of software plus necessary general hardware platforms, or of course may be implemented by means of hardware. Based on this understanding, the foregoing technical solution may be embodied essentially or in a part contributing to the prior art in the form of a software product, which may be stored in a computer readable storage medium, such as ROM/RAM, a magnetic disk, an optical disk, etc., including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the method described in the respective embodiments or some parts of the embodiments.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present application, and are not limiting thereof; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the corresponding technical solutions.
Claims (12)
1. A data processing method, applied to a terminal device, comprising:
obtaining encrypted data from a database and sending the encrypted data to a password device, so that the password device obtains a corresponding key to decrypt the encrypted data according to a key parameter in the encrypted data;
receiving plaintext data fed back by the password equipment according to the encrypted data;
the encryption data is obtained by encrypting plaintext data by the password equipment according to the secret key and the secret key parameter of the secret key.
2. The data processing method according to claim 1, characterized by further comprising:
generating an encryption request according to plaintext data and selected key parameters, and sending the encryption request to a password device, so that the password device obtains a key corresponding to the key parameters in the encryption request, encrypts the plaintext data to obtain an initial ciphertext, and then adds the key parameters of the key to a designated position in the initial ciphertext to generate the encrypted data;
and receiving the encrypted data fed back by the password equipment.
3. The data processing method according to claim 2, wherein the specified location is determined based on preset location information of the cryptographic device.
4. A data processing method according to claim 3, wherein the preset position information includes at least one of a start position of the initial ciphertext or an end position of the initial ciphertext.
5. The data processing method according to claim 2, characterized by further comprising:
and deleting the key parameter in the terminal equipment under the condition that the encrypted data is received.
6. A data processing method, applied to a cryptographic device, comprising:
receiving encrypted data sent by the terminal equipment;
obtaining a corresponding key to decrypt the encrypted data according to the key parameter in the encrypted data;
and encrypting the plaintext data sent by the terminal equipment according to the secret key and the secret key parameter of the secret key by the encrypted data.
7. The data processing method of claim 6, further comprising:
responding to an encryption request sent by the terminal equipment, acquiring the key corresponding to a key parameter in the encryption request, and encrypting plaintext data in the encryption request to obtain an initial ciphertext;
according to preset position information, adding a key parameter of the key to a designated position corresponding to the preset position information in the initial secret, and generating the encrypted data;
and sending the encrypted data to the terminal equipment.
8. The data processing method according to claim 7, wherein obtaining a corresponding key to decrypt the encrypted data based on a key parameter in the encrypted data, comprises:
and determining the position of the key parameter in the encrypted data, matching with the position information, and acquiring a corresponding key to decrypt the encrypted data according to the key parameter in the encrypted data.
9. A data processing apparatus, characterized by being applied to a terminal device, comprising:
the first data processing module is used for acquiring encrypted data from a database and sending the encrypted data to the password equipment so that the password equipment can acquire a corresponding key to decrypt the encrypted data according to the key parameter in the encrypted data;
the plaintext data receiving module is used for receiving plaintext data fed back by the password equipment according to the encrypted data;
the encryption data is obtained by encrypting plaintext data by the password equipment according to the secret key and the secret key parameter of the secret key.
10. A data processing apparatus for use with a cryptographic device, comprising:
the encrypted data receiving module is used for receiving the encrypted data sent by the terminal equipment;
the second data processing module is used for obtaining a corresponding key to decrypt the encrypted data according to the key parameter in the encrypted data;
and encrypting the plaintext data sent by the terminal equipment according to the secret key and the secret key parameter of the secret key by the encrypted data.
11. An electronic device comprising a processor and a memory storing a computer program, characterized in that the processor implements the data processing method of any of claims 1 to 8 when executing the computer program.
12. A computer-readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the data processing method of any one of claims 1 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311647108.5A CN117650890A (en) | 2023-11-30 | 2023-11-30 | Data processing method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311647108.5A CN117650890A (en) | 2023-11-30 | 2023-11-30 | Data processing method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117650890A true CN117650890A (en) | 2024-03-05 |
Family
ID=90044736
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311647108.5A Pending CN117650890A (en) | 2023-11-30 | 2023-11-30 | Data processing method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117650890A (en) |
-
2023
- 2023-11-30 CN CN202311647108.5A patent/CN117650890A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110324143B (en) | Data transmission method, electronic device and storage medium | |
| CN109347835B (en) | Information transmission method, client, server, and computer-readable storage medium | |
| CN110519260B (en) | Information processing method and information processing device | |
| US20160337124A1 (en) | Secure backup and recovery system for private sensitive data | |
| CN106452770B (en) | Data encryption method, data decryption method, device and system | |
| CN113691502B (en) | Communication method, device, gateway server, client and storage medium | |
| CN109981255B (en) | Method and system for updating key pool | |
| CN107005577B (en) | Fingerprint data processing method and processing device | |
| CN111971929B (en) | Secure distributed key management system | |
| CN112632521B (en) | Request response method and device, electronic equipment and storage medium | |
| US20070160202A1 (en) | Cipher method and system for verifying a decryption of an encrypted user data key | |
| US11405202B2 (en) | Key processing method and apparatus | |
| CN111104691A (en) | Sensitive information processing method and device, storage medium and equipment | |
| CN111401901B (en) | Authentication method and device of biological payment device, computer device and storage medium | |
| CN111327629B (en) | Identity verification method, client and server | |
| US11321471B2 (en) | Encrypted storage of data | |
| CN111639357B (en) | Encryption network disk system and authentication method and device thereof | |
| CN112685786A (en) | Financial data encryption and decryption method, system, equipment and storage medium | |
| CN111917711B (en) | Data access method and device, computer equipment and storage medium | |
| CN110837643B (en) | Activation method and device of trusted execution environment | |
| CN112528309A (en) | Data storage encryption and decryption method and device | |
| CN105100030B (en) | Access control method, system and device | |
| KR101329789B1 (en) | Encryption Method of Database of Mobile Communication Device | |
| CN115361198A (en) | Decryption method, encryption method, device, computer equipment and storage medium | |
| WO2018043466A1 (en) | Data extraction system, data extraction method, registration device, and program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |