CN119128929B - Data encryption method, device, equipment, storage medium and computer program product - Google Patents
Data encryption method, device, equipment, storage medium and computer program productInfo
- Publication number
- CN119128929B CN119128929B CN202411107596.5A CN202411107596A CN119128929B CN 119128929 B CN119128929 B CN 119128929B CN 202411107596 A CN202411107596 A CN 202411107596A CN 119128929 B CN119128929 B CN 119128929B
- Authority
- CN
- China
- Prior art keywords
- data
- encryption
- encrypted
- key
- master key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/28—Databases characterised by their database models, e.g. relational or object models
- G06F16/283—Multi-dimensional databases or data warehouses, e.g. MOLAP or ROLAP
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Databases & Information Systems (AREA)
- Computer Hardware Design (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Data Mining & Analysis (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computing Systems (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Storage Device Security (AREA)
Abstract
本申请公开了一种数据加密方法、装置、设备、存储介质及计算机程序产品,涉及数据处理技术领域,公开了数据加密方法,包括:基于预设数据加密规则生成加密主密钥和加密副密钥;确定待加密数据服务中第一数据类型对应的第一加密数据,以及第二数据类型对应的第二加密数据;通过加密主密钥对第一加密数据进行加密,并通过加密副密钥对第二加密数据进行加密;在加密完成时,获得待加密数据服务对应的数据加密结果。应用上述技术方案,解决了现有技术中的数据分析系统在对数据仓库内的数据进行批量加工和运算时,往往需要将其拆解后逐笔解密、运算,再加密,导致执行效率降低的技术问题。
The present application discloses a data encryption method, apparatus, device, storage medium and computer program product, which relates to the field of data processing technology. The data encryption method includes: generating an encryption master key and an encryption sub-key based on a preset data encryption rule; determining first encrypted data corresponding to a first data type in a data service to be encrypted, and second encrypted data corresponding to a second data type; encrypting the first encrypted data using the encryption master key, and encrypting the second encrypted data using the encryption sub-key; and obtaining the data encryption result corresponding to the data service to be encrypted when the encryption is completed. The application of the above technical solution solves the technical problem in the prior art that when the data analysis system performs batch processing and calculation on the data in the data warehouse, it often needs to disassemble the data and decrypt, calculate, and encrypt it one by one, resulting in reduced execution efficiency.
Description
Technical Field
The present application relates to the field of data processing technology, and in particular, to a data encryption method, apparatus, device, storage medium, and computer program product.
Background
Today, with rapid development of information technology, data encryption is increasingly emphasized. Encryption technology is also well established. In order to ensure data security, many current application systems encrypt and store the whole table or the whole field containing the numerical value of the database, so that the encrypted data cannot directly participate in the operation. Because the encrypted summary or single data in the data warehouse cannot be directly used for batch processing and operation aiming at the data analysis system with higher data security requirements, when the batch processing and operation are needed for the data in the data warehouse, the data has to be decrypted and operated one by one after the data is disassembled and then encrypted, so that the execution efficiency is reduced.
The foregoing is provided merely for the purpose of facilitating understanding of the technical solutions of the present invention and is not intended to represent an admission that the foregoing is prior art.
Disclosure of Invention
The application mainly aims to provide a data encryption method, a device, equipment, a storage medium and a computer program product, which aim to solve the technical problem that in the prior art, when a data analysis system carries out batch processing and operation on data in a data warehouse, decryption and operation are needed to be carried out after the data analysis system is disassembled, and encryption is carried out again, so that the execution efficiency is reduced.
In order to achieve the above object, the present application provides a data encryption method, which includes:
generating an encryption master key and an encryption auxiliary key based on a preset data encryption rule;
Determining first encrypted data corresponding to a first data type and second encrypted data corresponding to a second data type in the data service to be encrypted;
Encrypting the first encrypted data by the encryption master key and encrypting the second encrypted data by the encryption slave key;
And when encryption is completed, obtaining a data encryption result corresponding to the data service to be encrypted.
In one embodiment, the step of generating the encryption master key and the encryption slave key based on the preset data encryption rule includes:
encrypting a plaintext input by a user through a first encryption algorithm based on a preset data encryption rule to obtain an encryption master key;
acquiring a master key generation character string from a preset application configuration file;
encrypting the encrypted master key and the master key generation character string through a second encryption algorithm to obtain a master key encryption result;
and generating an encryption auxiliary key based on the encryption result of the main key.
In one embodiment, the step of generating an encrypted secondary key based on the primary key encryption result includes:
decrypting the master key encryption result based on the master key generation character string by a target decryption algorithm corresponding to the second encryption algorithm to obtain the encrypted master key;
acquiring a secondary key generation character string from the preset application configuration file;
encrypting the encrypted main key and the auxiliary key generation character string through a third encryption algorithm to obtain an auxiliary key encryption result;
And encrypting the secondary key encryption result through the first encryption algorithm to generate an encrypted secondary key.
In an embodiment, after the step of obtaining the data encryption result corresponding to the data service to be encrypted when encryption is completed, the method further includes:
when a data query request is received, determining a data query interface;
Determining a target data index of the data to be queried in a preset data mart according to the data query interface;
determining a target level data table for storing the encrypted data packet corresponding to the data to be queried in the preset data marts according to the target data index;
Acquiring the encrypted data packet from the target level data table;
and decrypting the encrypted data packet through a preset decryption function to obtain the data to be queried.
In one embodiment, the data service to be encrypted includes a payroll data service, and the step of determining first encrypted data corresponding to a first data type and second encrypted data corresponding to a second data type in the data service to be encrypted includes:
determining first encrypted data corresponding to a first data type in the payroll data service as user work number data and user payroll data, and determining second encrypted data corresponding to a second data type as sum field data in non-payroll data;
The step of encrypting the first encrypted data by the encryption master key and the second encrypted data by the encryption slave key includes:
Encrypting the user work number data and the user payroll data through the encryption master key, and encrypting the amount field data through the encryption auxiliary key.
In an embodiment, after the step of obtaining the data encryption result corresponding to the data service to be encrypted when encryption is completed, the method further includes:
Storing the encrypted user work number data, the encrypted user payroll data and the encrypted amount field data in an STG layer;
transmitting the encrypted user work number data, the encrypted user salary data and the encrypted amount field data in the STG layer to an ETL layer when a salary inquiry request is received;
Preprocessing the encrypted user work number data, the encrypted user compensation data and the encrypted amount field data in the ETL layer to obtain processed compensation data, and sending the processed compensation data to a data mart layer;
Decrypting the processed payroll data in the data mart layer to obtain and output decrypted payroll data.
In addition, in order to achieve the above object, the present application also proposes a data encryption apparatus, the apparatus comprising:
the key generation module is used for generating an encryption main key and an encryption auxiliary key based on a preset data encryption rule;
The encryption data determining module is used for determining first encryption data corresponding to a first data type and second encryption data corresponding to a second data type in the data service to be encrypted;
the data encryption module is used for encrypting the first encrypted data through the encryption master key and encrypting the second encrypted data through the encryption auxiliary key;
and the encryption result acquisition module is used for acquiring the data encryption result corresponding to the data service to be encrypted when encryption is completed.
In addition, in order to achieve the above object, the present application also proposes a data encryption device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the computer program being configured to implement the steps of the data encryption method as described above.
In addition, to achieve the above object, the present application also proposes a storage medium that is a computer-readable storage medium, on which a computer program is stored, which computer program, when being executed by a processor, implements the steps of the data encryption method as described above.
Furthermore, to achieve the above object, the present application provides a computer program product comprising a computer program which, when executed by a processor, implements the steps of the data encryption method as described above.
The application provides a data encryption method, which comprises the steps of generating an encryption main key and an encryption auxiliary key based on preset data encryption rules, determining first encryption data corresponding to a first data type and second encryption data corresponding to a second data type in data service to be encrypted, encrypting the first encryption data through the encryption main key and encrypting the second encryption data through the encryption auxiliary key, obtaining a data encryption result corresponding to the data service to be encrypted when encryption is completed, and encrypting the first encryption data in the data service to be encrypted through the encryption main key and encrypting the second encryption data in the data service to be encrypted through the encryption auxiliary key so as to obtain a data encryption result corresponding to the data service to be encrypted, thereby solving the technical problems that a data analysis system in the prior art always needs to decrypt and calculate the data in a data warehouse one by one after the data analysis system is disassembled and then encrypt the data again, and the execution efficiency is reduced.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the application and together with the description, serve to explain the principles of the application.
In order to more clearly illustrate the embodiments of the application or the technical solutions of the prior art, the drawings which are used in the description of the embodiments or the prior art will be briefly described, and it will be obvious to a person skilled in the art that other drawings can be obtained from these drawings without inventive effort.
FIG. 1 is a schematic flow chart of a data encryption method according to an embodiment of the present application;
FIG. 2 is a schematic flow chart of a second embodiment of the data encryption method according to the present application;
FIG. 3 is a schematic flow chart of generating an encryption master key in the data encryption method of the present application;
FIG. 4 is a schematic flow chart of generating an encryption auxiliary key in the data encryption method of the present application;
FIG. 5 is a schematic flow chart of a third embodiment of a data encryption method according to the present application;
FIG. 6 is a diagram showing an encryption and decryption process in the data encryption method of the present application;
FIG. 7 is a schematic block diagram of a data encryption device according to an embodiment of the present application;
Fig. 8 is a schematic device structure diagram of a hardware operating environment related to a data encryption method in an embodiment of the present application.
The achievement of the objects, functional features and advantages of the present application will be further described with reference to the accompanying drawings, in conjunction with the embodiments.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the technical solution of the present application and are not intended to limit the present application.
For a better understanding of the technical solution of the present application, the following detailed description will be given with reference to the drawings and the specific embodiments.
The main solution of the embodiment of the application is that an encryption main key and an encryption auxiliary key are generated based on a preset data encryption rule, first encryption data corresponding to a first data type and second encryption data corresponding to a second data type in a data service to be encrypted are determined, the first encryption data are encrypted through the encryption main key, the second encryption data are encrypted through the encryption auxiliary key, and when encryption is completed, a data encryption result corresponding to the data service to be encrypted is obtained.
Because the data analysis system with higher requirements on data security in the prior art cannot directly use encrypted summary or single data in a data warehouse to participate in batch processing and operation, the batch processing and operation are often required to be carried out on the data in the data warehouse, decryption and operation are carried out one by one after the data warehouse is disassembled, encryption is carried out again, and the execution efficiency is greatly reduced.
The application provides a solution, which encrypts first encrypted data in a data service to be encrypted through an encryption master key and encrypts second encrypted data in the data service to be encrypted through an encryption auxiliary key so as to obtain a data encryption result corresponding to the data service to be encrypted, thereby solving the technical problem that the data analysis system in the prior art usually needs to decrypt and calculate the data in a data warehouse one by one after the data analysis system is disassembled when the data analysis system is used for batch processing and calculating the data in the data warehouse, and then encrypts the data after the data analysis system is disassembled, so that the execution efficiency is reduced.
It should be noted that, the execution body of the embodiment may be a computing service device having functions of data processing, network communication and program running, such as a tablet computer, a personal computer, a mobile phone, or an electronic device, a data encryption device, or the like, which can implement the above functions. Hereinafter, this embodiment and the following embodiments will be described with reference to a data encryption device (hereinafter, referred to as a device).
Based on this, an embodiment of the present application provides a data encryption method, referring to fig. 1, fig. 1 is a schematic flow chart of a first embodiment of the data encryption method of the present application.
In this embodiment, the data encryption method includes steps S10 to S40:
And S10, generating an encryption main key and an encryption auxiliary key based on a preset data encryption rule.
It should be noted that, the preset data encryption rule may be a rule that the key is defined as the encryption master key and the encryption slave key to encrypt data together. The encryption master key can be a key used for encrypting the final summarized amount generated by the processed and operated detail data in the data warehouse, and the encryption auxiliary key can be a key used for encrypting the key fields of non-numerical values in the detail data in the data warehouse, wherein the numerical value fields in the detail data still keep the plaintext, so that the operation is convenient, the association between tables is not affected, and the requirements of batch processing and operation can be met.
Step S20, determining first encrypted data corresponding to a first data type and second encrypted data corresponding to a second data type in the data service to be encrypted.
It should be understood that the data service to be encrypted may be any application service that needs to perform data encryption, for example, a payroll data service, an extraction data service, etc., which is not limited in this embodiment.
It should be noted that the first data type may be an amount data type in the data service to be encrypted, and correspondingly, the first encrypted data may be an amount data type in the data service to be encrypted.
It can be understood that the second data type can be a non-numeric data type in detail data in the data service to be encrypted, and correspondingly, the second encrypted data can be non-numeric data in the data service to be encrypted.
And step S30, encrypting the first encrypted data through the encryption master key, and encrypting the second encrypted data through the encryption auxiliary key.
And step S40, when encryption is completed, obtaining a data encryption result corresponding to the data service to be encrypted.
In a specific implementation, an encryption master key for encrypting the summarized amount in the detail data and an encryption auxiliary key for encrypting the non-numerical data in the detail data can be generated, then first encryption data corresponding to the amount data type in the detail data of the data service to be encrypted and second encryption data corresponding to the non-numerical data type in the detail data can be determined, finally the final summarized amount generated by the processed and calculated detail data can be encrypted through the encryption master key, key fields of the non-numerical data in the detail data are encrypted through the encryption auxiliary key, and a final data encryption result is obtained after encryption is completed.
It should be noted that, the scheme can directly use the encrypted data in the digital bins to participate in batch processing and operation, thereby reducing the processes of disassembly, decryption, operation and re-encryption, greatly improving the operation efficiency of the system and reducing the waiting response time of the system. In addition, the encrypted data can directly participate in operation without decryption, so that the risk of leakage of sensitive data after decryption is prevented, and the system security is improved.
Further, after the step S40, the method further includes determining a data query interface when a data query request is received, determining a target data index of data to be queried in a preset data mart according to the data query interface, determining a target level data table storing encrypted data packets corresponding to the data to be queried in the preset data mart according to the target data index, acquiring the encrypted data packets from the target level data table, and decrypting the encrypted data packets through a preset decryption function to obtain the data to be queried.
It should be noted that the data query request may be a request for instructing a device to perform a data query. The data query interface may be an interface for querying the data warehouse for corresponding data. In this embodiment, after receiving the data query request, the device may parse the data query request to obtain the current data query interface.
It will be appreciated that the target Data index may be an index corresponding to a location where Data to be queried is stored in a preset Data Mart, where the Data Mart (Data Mart) is an extended form of a Data warehouse, and is a small Data warehouse specifically designed and built for a specific user group. In practical application, a corresponding index value can be allocated to all data stored in the preset data mart, the index value can be mapped and stored with a data interface, a mapping relation table is built, and after a data query interface corresponding to the data to be queried is determined, a target data index of the data to be queried in the preset data mart can be queried from the mapping relation table according to the data query interface.
It should be noted that the target level data table may be a data table for storing data in a data mart. In this embodiment, a plurality of hierarchical data tables may be built according to data types and data weights corresponding to all data in a preset data mart, and corresponding index values are set for each hierarchical data table, so that after determining a target data index of data to be queried in the preset data mart, a corresponding target hierarchical data table may be determined according to the target data index, and an encrypted data packet corresponding to the data to be queried is queried in the target hierarchical data table, and then the encrypted data packet may be decrypted through a preset decryption function to obtain decrypted data to be queried. The embodiment does not limit the type and decryption mode of the preset decryption function.
The embodiment provides a data encryption method, which discloses generating an encryption main key and an encryption auxiliary key based on preset data encryption rules, determining first encryption data corresponding to a first data type and second encryption data corresponding to a second data type in data service to be encrypted, encrypting the first encryption data through the encryption main key and encrypting the second encryption data through the encryption auxiliary key, obtaining a data encryption result corresponding to the data service to be encrypted when encryption is completed, and encrypting the first encryption data in the data service to be encrypted through the encryption main key and encrypting the second encryption data in the data service to be encrypted through the encryption auxiliary key so as to obtain a data encryption result corresponding to the data service to be encrypted, so that the technical problems that in the prior art, when a data analysis system in a data warehouse is used for batch processing and operation, decryption, operation and encryption are needed after the data analysis system is disassembled one by one, and then encryption are often carried out, and the execution efficiency is reduced are solved.
In the second embodiment of the present application, the same or similar content as in the first embodiment of the present application may be referred to the above description, and will not be repeated. On this basis, please refer to fig. 2, fig. 2 is a flow chart of a data encryption method according to a second embodiment of the present application.
In this embodiment, step S10 includes steps S101 to S104:
Step S101, encrypting a plaintext input by a user through a first encryption algorithm based on a preset data encryption rule to obtain an encryption master key.
It should be noted that the first encryption Algorithm may be an Algorithm for encrypting the plaintext input by the user, for example, MD5 Algorithm (Message-Digest Algorithm 5), which is not limited in this embodiment.
Step S102, a master key generation character string is obtained from a preset application configuration file.
It should be noted that the above-mentioned preset application configuration file may be a file for storing configuration information of a data service to be encrypted, where the configuration of a database, the configuration of a cache class, a link of a file system, a password, a string for generating a key, and the like may be stored in the preset application configuration file in this embodiment, which is not limited in this embodiment.
It may be appreciated that the master key generation string may be a string stored in a preset application configuration file and used for generating a master key, where the master key generation string may be a random string generated by a random tool.
And step 103, encrypting the encrypted master key and the master key generation character string through a second encryption algorithm to obtain a master key encryption result.
It should be appreciated that the second encryption algorithm may be an algorithm for encrypting the master key and the character string, for example, an AES (Advanced Encryption Standard ) encryption algorithm, which is not limited in this embodiment. The master key encryption result may be a string obtained by encrypting the encrypted master key and the master key generation string, or other forms of encryption results.
And step S104, generating an encryption auxiliary key based on the encryption result of the main key.
In a specific implementation, referring to fig. 3, fig. 3 is a schematic flow chart of generating an encryption master key in the data encryption method of the present application. As shown in fig. 3, a user may log in to a key management system in a data service to be encrypted, and input a plaintext key in an interface displayed in the encryption management system, where the system may transcode the plaintext key input by the user through an MD5 algorithm to obtain a master key. Then, the device may read a master key generation string (i.e., application profile string 1 in fig. 3) for generating a master key in the preset application profile from the system, encrypt the master key and the master key generation string by using the AES encryption algorithm, obtain a master key encryption result, and store the master key encryption result in the ECS encryption file.
Further, the step S104 includes decrypting the master key encryption result based on the master key generation character string through a target decryption algorithm corresponding to the second encryption algorithm to obtain the encrypted master key, obtaining a secondary key generation character string from the preset application configuration file, encrypting the encrypted master key and the secondary key generation character string through a third encryption algorithm to obtain a secondary key encryption result, and encrypting the secondary key encryption result through the first encryption algorithm to generate an encrypted secondary key.
It should be noted that, the target decryption algorithm may be an algorithm for decrypting the data encrypted by the second encryption algorithm, and in this embodiment, if the second encryption algorithm is an AES encryption algorithm, the corresponding target decryption algorithm is an AES decryption algorithm.
It may be appreciated that the above-mentioned secondary key generation string may be a string used to generate an encrypted secondary key in a preset application profile. The third encryption algorithm may be an algorithm for encrypting the encrypted primary key and secondary key generation string, for example, an SM4 encryption algorithm, which is not limited in this embodiment.
In a specific implementation, referring to fig. 4, fig. 4 is a schematic flow chart of generating an encryption auxiliary key in the data encryption method of the present application. As shown in fig. 4, after the application is started, the encryption result of the main key and the main key generation string may be decrypted by using the AES decryption algorithm to obtain the main key, then the auxiliary key generation string (i.e., the application profile string 2 in fig. 4) for generating the encrypted auxiliary key may be read from the preset application profile, at this time, the main key and the auxiliary key generation string may be continuously encrypted by using the SM4 encryption algorithm to obtain the encrypted ciphertext, i.e., the auxiliary key encryption result may be finally encrypted by using the MD5 encryption algorithm to generate the auxiliary key, and the auxiliary key may be stored in the encrypted file.
In the embodiment, the method comprises the steps of encrypting a plaintext input by a user through a first encryption algorithm based on a preset data encryption rule to obtain an encrypted master key, obtaining a master key generation character string from a preset application configuration file, encrypting the encrypted master key and the master key generation character string through a second encryption algorithm to obtain a master key encryption result, and generating an encrypted auxiliary key based on the master key encryption result, so that encrypted data in a data warehouse can be directly used for batch processing and operation, the processes of disassembling, decrypting, operating and re-encrypting are reduced, the operation efficiency of a system is greatly improved, and the time for waiting for a response result of the system is shortened.
In the third embodiment of the present application, the same or similar content as the above-described embodiments may be referred to the above description, and will not be repeated herein. On this basis, please refer to fig. 5, fig. 5 is a flow chart of a data encryption method according to a third embodiment of the present application.
In this embodiment, the data service to be encrypted includes a payroll data service, and the step S20 includes:
Step S201, determining first encrypted data corresponding to a first data type in the payroll data service as user work number data and user payroll data, and determining second encrypted data corresponding to a second data type as sum field data in non-payroll data.
It should be appreciated that the user job number data described above may be data in an enterprise that is used to uniquely identify all employees.
Correspondingly, the step S30 includes:
step S301, encrypting the user work number data and the user pay data through the encryption master key, and encrypting the amount field data through the encryption auxiliary key.
In a specific implementation, the work number of the user and the payroll data of the user in the payroll data service can be encrypted through the encryption master key, and the sum field data in the non-payroll data in the payroll data service can be encrypted through the encryption auxiliary key, so that key fields in the payroll data service can be encrypted, and the data security in the payroll data service is ensured.
Further, after the step S40, the method further includes:
Storing the encrypted user work number data, the encrypted user pay data and the encrypted pay field data in the data encryption result in an STG layer, transmitting the encrypted user work number data, the encrypted user pay data and the encrypted pay field data in the STG layer to an ETL layer when a pay query request is received, preprocessing the encrypted user work number data, the encrypted user pay data and the encrypted pay field data in the ETL layer to obtain processed pay data, transmitting the processed pay data to a data market layer, decrypting the processed pay data in the data market layer to obtain and output decrypted pay data.
It should be noted that the STG Layer (STAGING LAYER) may be a Layer for storing original data in the data repository, and the STG Layer is mainly used as a temporary storage area before data enters the data repository, and is used for receiving original data extracted from an external system, and the ETL Layer (Extract, transform Layer) may be a Layer in the data repository, which is responsible for data preprocessing, and the data mart Layer is the MID Layer.
In a specific implementation, referring to fig. 6, fig. 6 is a schematic diagram showing an encryption and decryption process in the data encryption method of the present application. As shown in fig. 6, for the payroll data service, SAP payroll data and user's job number data may be encrypted according to the data encryption API by the master key, and then encryption key fields in non-payroll data, personnel data marts and payroll forces may be encrypted by the master key and the auxiliary key, to finally obtain an encryption result, where the encryption result includes encrypted user job number data, encrypted user payroll data, encrypted amount field data, and the like. Thereafter, the encrypted user job number data, the encrypted user payroll data, and the encrypted amount field data may be input into the STG layer data table. After receiving the data query request, the device may send the data requested to be queried to the ETL layer data table from the STG layer data table, perform preprocessing on the encrypted data in the ETL layer data table, obtain the processed encrypted data, and send the processed encrypted data to the MID layer data table. After that, the encrypted data after processing can be decrypted by a self-defined encryption/decryption function, and the decrypted data is output to the user as a query result. In addition, the decrypted data can be input into an RPT layer, namely a datagram surface layer, and the data layer can be calculated according to the report and analysis requirements.
In the embodiment, the first encryption data corresponding to the first data type in the salary data service is determined to be the user work number data and the user salary data, the second encryption data corresponding to the second data type is determined to be the sum field data in the non-salary data, the user work number data and the user salary data are encrypted through the encryption master key, the sum field data are encrypted through the encryption auxiliary key, and therefore data in the salary data service can be stored in an encrypted mode, and safety of the salary data is improved.
It should be noted that the foregoing examples are only for understanding the present application, and are not meant to limit the data encryption method of the present application, and more forms of simple transformation based on the technical concept are all within the scope of the present application.
The present application also provides a data encryption device, referring to fig. 7, the data encryption device includes:
A key generation module 10 for generating an encryption master key and an encryption slave key based on a preset data encryption rule;
The encrypted data determining module 20 is configured to determine first encrypted data corresponding to a first data type and second encrypted data corresponding to a second data type in the data service to be encrypted;
A data encryption module 30, configured to encrypt the first encrypted data with the encryption master key and encrypt the second encrypted data with the encryption slave key;
And the encryption result obtaining module 40 is configured to obtain, when encryption is completed, a data encryption result corresponding to the data service to be encrypted.
The data encryption device provided by the application adopts the data encryption method in the embodiment, and can solve the technical problem that the execution efficiency is reduced because the data analysis system in the prior art needs to decrypt and calculate the data one by one after the data analysis system is disassembled when the data in the data warehouse is processed and calculated in batches. Compared with the prior art, the beneficial effects of the data encryption device provided by the application are the same as those of the data encryption method provided by the embodiment, and other technical features in the data encryption device are the same as those disclosed by the method of the embodiment, and are not repeated here.
The application provides a data encryption device which comprises at least one processor and a memory in communication connection with the at least one processor, wherein the memory stores instructions executable by the at least one processor, and the instructions are executed by the at least one processor so that the at least one processor can execute the data encryption method in the first embodiment.
Referring now to fig. 8, a schematic diagram of a data encryption device suitable for use in implementing embodiments of the present application is shown. The data encryption device in the embodiment of the present application may include, but is not limited to, a mobile terminal such as a mobile phone, a notebook computer, a digital broadcast receiver, a PDA (Personal DIGITAL ASSISTANT: personal digital assistant), a PAD (Portable Application Description: tablet computer), a PMP (Portable MEDIA PLAYER: portable multimedia player), an in-vehicle terminal (e.g., an in-vehicle navigation terminal), and the like, and a fixed terminal such as a digital TV, a desktop computer, and the like. The data encryption device shown in fig. 8 is only an example, and should not impose any limitation on the functions and the scope of use of the embodiment of the present application.
As shown in fig. 8, the data encryption apparatus may include a processing device 1001 (e.g., a central processing unit, a graphics processor, etc.), which may perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM) 1002 or a program loaded from a storage device 1003 into a random access Memory (RAM: random Access Memory) 1004. In the RAM1004, various programs and data required for the operation of the data encryption device are also stored. The processing device 1001, the ROM1002, and the RAM1004 are connected to each other by a bus 1005. An input/output (I/O) interface 1006 is also connected to the bus. In general, a system including an input device 1007 such as a touch screen, a touch pad, a keyboard, a mouse, an image sensor, a microphone, an accelerometer, a gyroscope, etc., an output device 1008 including a Liquid crystal display (LCD: liquid CRYSTAL DISPLAY), a speaker, a vibrator, etc., a storage device 1003 including a magnetic tape, a hard disk, etc., and a communication device 1009 may be connected to the I/O interface 1006. The communication means 1009 may allow the data encryption device to communicate wirelessly or by wire with other devices to exchange data. While data encryption devices having various systems are shown in the figures, it should be understood that not all of the illustrated systems are required to be implemented or provided. More or fewer systems may alternatively be implemented or provided.
In particular, according to embodiments of the present disclosure, the processes described above with reference to flowcharts may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method shown in the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network through a communication device, or installed from the storage device 1003, or installed from the ROM 1002. The above-described functions defined in the method of the disclosed embodiment of the application are performed when the computer program is executed by the processing device 1001.
The data encryption equipment provided by the application adopts the data encryption method in the embodiment, and can solve the technical problem of data encryption. Compared with the prior art, the beneficial effects of the data encryption device provided by the application are the same as those of the data encryption method provided by the embodiment, and other technical features of the data encryption device are the same as those disclosed by the method of the previous embodiment, and are not repeated here.
It is to be understood that portions of the present disclosure may be implemented in hardware, software, firmware, or a combination thereof. In the description of the above embodiments, particular features, structures, materials, or characteristics may be combined in any suitable manner in any one or more embodiments or examples.
The foregoing is merely illustrative of the present application, and the present application is not limited thereto, and any person skilled in the art will readily recognize that variations or substitutions are within the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
The present application provides a computer-readable storage medium having computer-readable program instructions (i.e., a computer program) stored thereon for performing the data encryption method in the above-described embodiments.
The computer readable storage medium provided by the present application may be, for example, a U disk, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, or device, or a combination of any of the foregoing. More specific examples of a computer-readable storage medium may include, but are not limited to, an electrical connection having one or more wires, a portable computer diskette, a hard disk, a random access Memory (RAM: random Access Memory), a Read-Only Memory (ROM), an erasable programmable Read-Only Memory (EPROM: erasable Programmable Read Only Memory or flash Memory), an optical fiber, a portable compact disc Read-Only Memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In this embodiment, a computer-readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, or device. Program code embodied on a computer readable storage medium may be transmitted using any appropriate medium, including but not limited to electrical wiring, fiber optic cable, RF (Radio Frequency) and the like, or any suitable combination of the foregoing.
The computer readable storage medium may be included in the data encryption device or may exist alone without being incorporated in the data encryption device.
The computer readable storage medium carries one or more programs, and when the one or more programs are executed by the data encryption device, the data encryption device generates an encryption main key and an encryption auxiliary key based on preset data encryption rules, determines first encryption data corresponding to a first data type and second encryption data corresponding to a second data type in data service to be encrypted, encrypts the first encryption data through the encryption main key and encrypts the second encryption data through the encryption auxiliary key, and obtains a data encryption result corresponding to the data service to be encrypted when encryption is completed.
Computer program code for carrying out operations of the present application may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, smalltalk, C ++ and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of remote computers, the remote computer may be connected to the user's computer through any kind of network, including a local area network (LAN: local Area Network) or a wide area network (WAN: wide Area Network), or may be connected to an external computer (for example, through the Internet using an Internet service provider).
The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The modules involved in the embodiments of the present application may be implemented in software or in hardware. Wherein the name of the module does not constitute a limitation of the unit itself in some cases.
The readable storage medium provided by the application is a computer readable storage medium, and the computer readable storage medium stores computer readable program instructions (namely computer programs) for executing the data encryption method, so that the technical problem that the execution efficiency is reduced because the data analysis system in the prior art needs to decrypt and calculate one by one after the data in the data warehouse is disassembled and then encrypt the data when the data analysis system carries out batch processing and calculation on the data in the data warehouse is solved. Compared with the prior art, the beneficial effects of the computer readable storage medium provided by the application are the same as those of the data encryption method provided by the above embodiment, and are not described herein.
The application also provides a computer program product comprising a computer program which, when executed by a processor, implements the steps of a data encryption method as described above.
The computer program product provided by the application can solve the technical problem that the execution efficiency is reduced because the data analysis system in the prior art needs to decrypt and calculate the data one by one after being disassembled and then encrypt the data when the data analysis system carries out batch processing and calculation on the data in the data warehouse. Compared with the prior art, the beneficial effects of the computer program product provided by the application are the same as those of the data encryption method provided by the above embodiment, and are not described herein.
The foregoing description is only a partial embodiment of the present application, and is not intended to limit the scope of the present application, and all the equivalent structural changes made by the description and the accompanying drawings under the technical concept of the present application, or the direct/indirect application in other related technical fields are included in the scope of the present application.
Claims (8)
1. A method of encrypting data, said method comprising:
generating an encryption master key and an encryption auxiliary key based on a preset data encryption rule;
Determining first encrypted data corresponding to a first data type and second encrypted data corresponding to a second data type in the data service to be encrypted;
Encrypting the first encrypted data by the encryption master key and encrypting the second encrypted data by the encryption slave key;
When encryption is completed, obtaining a data encryption result corresponding to the data service to be encrypted;
The step of generating the encryption master key and the encryption auxiliary key based on the preset data encryption rule comprises the following steps:
encrypting a plaintext input by a user through a first encryption algorithm based on a preset data encryption rule to obtain an encryption master key;
acquiring a master key generation character string from a preset application configuration file;
encrypting the encrypted master key and the master key generation character string through a second encryption algorithm to obtain a master key encryption result;
decrypting the master key encryption result based on the master key generation character string by a target decryption algorithm corresponding to the second encryption algorithm to obtain the encrypted master key;
acquiring a secondary key generation character string from the preset application configuration file;
encrypting the encrypted main key and the auxiliary key generation character string through a third encryption algorithm to obtain an auxiliary key encryption result;
And encrypting the secondary key encryption result through the first encryption algorithm to generate an encrypted secondary key.
2. The method of claim 1, wherein after the step of obtaining the data encryption result corresponding to the data service to be encrypted when encryption is completed, the method further comprises:
when a data query request is received, determining a data query interface;
Determining a target data index of the data to be queried in a preset data mart according to the data query interface;
determining a target level data table for storing the encrypted data packet corresponding to the data to be queried in the preset data marts according to the target data index;
Acquiring the encrypted data packet from the target level data table;
and decrypting the encrypted data packet through a preset decryption function to obtain the data to be queried.
3. The method of claim 1, wherein the data service to be encrypted comprises a payroll data service, and wherein the step of determining first encrypted data corresponding to a first data type and second encrypted data corresponding to a second data type in the data service to be encrypted comprises:
determining first encrypted data corresponding to a first data type in the payroll data service as user work number data and user payroll data, and determining second encrypted data corresponding to a second data type as sum field data in non-payroll data;
The step of encrypting the first encrypted data by the encryption master key and the second encrypted data by the encryption slave key includes:
Encrypting the user work number data and the user payroll data through the encryption master key, and encrypting the amount field data through the encryption auxiliary key.
4. The method of claim 3, wherein after the step of obtaining the data encryption result corresponding to the data service to be encrypted when encryption is completed, the method further comprises:
Storing the encrypted user work number data, the encrypted user payroll data and the encrypted amount field data in an STG layer;
transmitting the encrypted user work number data, the encrypted user salary data and the encrypted amount field data in the STG layer to an ETL layer when a salary inquiry request is received;
Preprocessing the encrypted user work number data, the encrypted user compensation data and the encrypted amount field data in the ETL layer to obtain processed compensation data, and sending the processed compensation data to a data mart layer;
Decrypting the processed payroll data in the data mart layer to obtain and output decrypted payroll data.
5. A data encryption device, the device comprising:
the key generation module is used for generating an encryption main key and an encryption auxiliary key based on a preset data encryption rule;
The encryption data determining module is used for determining first encryption data corresponding to a first data type and second encryption data corresponding to a second data type in the data service to be encrypted;
the data encryption module is used for encrypting the first encrypted data through the encryption master key and encrypting the second encrypted data through the encryption auxiliary key;
The encryption result acquisition module is used for acquiring a data encryption result corresponding to the data service to be encrypted when encryption is completed;
The key generation module is further used for encrypting a plaintext input by a user through a first encryption algorithm based on a preset data encryption rule to obtain an encrypted master key, obtaining a master key generation character string from a preset application configuration file, encrypting the encrypted master key and the master key generation character string through a second encryption algorithm to obtain a master key encryption result, decrypting the master key encryption result through a target decryption algorithm corresponding to the second encryption algorithm based on the master key generation character string to obtain an encrypted master key, obtaining a slave key generation character string from the preset application configuration file, encrypting the encrypted master key and the slave key generation character string through a third encryption algorithm to obtain a slave key encryption result, encrypting the slave key encryption result through the first encryption algorithm to generate an encrypted slave key.
6. A data encryption device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the computer program being configured to implement the steps of the data encryption method according to any one of claims 1 to 4.
7. A storage medium, characterized in that the storage medium is a computer-readable storage medium, on which a computer program is stored, which computer program, when being executed by a processor, realizes the steps of the data encryption method according to any one of claims 1 to 4.
8. A computer program product, characterized in that it comprises a computer program which, when executed by a processor, implements the steps of the data encryption method according to any one of claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202411107596.5A CN119128929B (en) | 2024-08-13 | 2024-08-13 | Data encryption method, device, equipment, storage medium and computer program product |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202411107596.5A CN119128929B (en) | 2024-08-13 | 2024-08-13 | Data encryption method, device, equipment, storage medium and computer program product |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN119128929A CN119128929A (en) | 2024-12-13 |
| CN119128929B true CN119128929B (en) | 2025-09-05 |
Family
ID=93766115
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202411107596.5A Active CN119128929B (en) | 2024-08-13 | 2024-08-13 | Data encryption method, device, equipment, storage medium and computer program product |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN119128929B (en) |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108880791A (en) * | 2018-05-30 | 2018-11-23 | 招商银行股份有限公司 | Cryptographic key protection method, terminal and computer readable storage medium |
| CN110336662A (en) * | 2019-06-06 | 2019-10-15 | 平安科技(深圳)有限公司 | Digital information encryption method, device, computer equipment and storage medium |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7751565B2 (en) * | 2005-01-25 | 2010-07-06 | Pak Kay Yuen | Secure encryption system, device and method |
| US9342699B2 (en) * | 2013-11-06 | 2016-05-17 | Blackberry Limited | Method and apparatus for controlling access to encrypted data |
-
2024
- 2024-08-13 CN CN202411107596.5A patent/CN119128929B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108880791A (en) * | 2018-05-30 | 2018-11-23 | 招商银行股份有限公司 | Cryptographic key protection method, terminal and computer readable storage medium |
| CN110336662A (en) * | 2019-06-06 | 2019-10-15 | 平安科技(深圳)有限公司 | Digital information encryption method, device, computer equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN119128929A (en) | 2024-12-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11665000B2 (en) | Method and apparatus for processing privacy data of block chain, device, and storage medium | |
| US9344410B1 (en) | Telecommunication method for securely exchanging data | |
| US20210157938A1 (en) | Methods, media, apparatuses and computing devices of user data authorization based on blockchain | |
| US20230058013A1 (en) | Providing access to encrypted insights using anonymous insight records | |
| WO2018188383A1 (en) | Data processing method and device, server and storage medium | |
| WO2021133855A1 (en) | Establishing decentralized identifiers for algorithms, data schemas, data sets, and algorithm execution requests | |
| CN110858249A (en) | A kind of database file encryption method, decryption method and related device | |
| WO2020233049A1 (en) | Data authorization method and apparatus of blockchain system, storage medium, and electronic device | |
| CN111368196A (en) | Method, apparatus, device and readable storage medium for updating model parameters | |
| CN119128929B (en) | Data encryption method, device, equipment, storage medium and computer program product | |
| WO2023159458A1 (en) | Device runtime update pre-authentication | |
| JP2022141962A (en) | Data inquiry and writing methods, devices, electronic devices, readable storage media and computer programs | |
| WO2022247226A1 (en) | Applet monitoring method and device | |
| CN109462604B (en) | Data transmission method, device, equipment and storage medium | |
| EP3016343B1 (en) | Telecommunication method for securely exchanging data | |
| US20250068775A1 (en) | Systems and methods for data security on a mobile device | |
| CN116128415B (en) | Power equipment information sending method and device, electronic equipment and computer medium | |
| CN112765615B (en) | Data storage method, device and electronic device | |
| CN118677666B (en) | Data security transmission method, device, equipment and storage medium | |
| CN119783168A (en) | Data exchange method based on Web Restful API | |
| CN117640563A (en) | Production data access method, electronic device and readable storage medium | |
| CN116432230A (en) | Privacy information protection method, system, electronic device and storage medium | |
| CN119537355A (en) | Water management data transmission method, device, equipment and storage medium | |
| CN118802325A (en) | Question bank data processing method, device, equipment, storage medium and program product | |
| CN119782331A (en) | Method, device, electronic device and medium for maintaining consistency of heterogeneous data in different locations |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |