[go: up one dir, main page]

CN117077170A - Data encryption method, device, equipment and medium - Google Patents

Data encryption method, device, equipment and medium Download PDF

Info

Publication number
CN117077170A
CN117077170A CN202311052568.3A CN202311052568A CN117077170A CN 117077170 A CN117077170 A CN 117077170A CN 202311052568 A CN202311052568 A CN 202311052568A CN 117077170 A CN117077170 A CN 117077170A
Authority
CN
China
Prior art keywords
data
business scenario
encryption algorithm
source system
symmetric encryption
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202311052568.3A
Other languages
Chinese (zh)
Inventor
张远琴
赵许福
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Bank of China Ltd
Original Assignee
Bank of China Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Bank of China Ltd filed Critical Bank of China Ltd
Priority to CN202311052568.3A priority Critical patent/CN117077170A/en
Publication of CN117077170A publication Critical patent/CN117077170A/en
Priority to PCT/CN2023/136038 priority patent/WO2025039410A1/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/04Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Finance (AREA)
  • Accounting & Taxation (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Medical Informatics (AREA)
  • Databases & Information Systems (AREA)
  • Development Economics (AREA)
  • Economics (AREA)
  • Marketing (AREA)
  • Strategic Management (AREA)
  • Technology Law (AREA)
  • General Business, Economics & Management (AREA)
  • Storage Device Security (AREA)

Abstract

The application discloses a data encryption method, a device, equipment and a medium, and relates to the field of network security or finance. The method is applied to a target system and comprises the following steps: responding to a service scene request sent by a source system, and selecting a symmetric encryption algorithm key corresponding to the source system and the service scene request from a matrix diagram of a target system; and performing data encryption on the data corresponding to the service scene request according to the symmetric encryption algorithm key. Therefore, by arranging the source system and the service scene request affecting the symmetric encryption algorithm key into a matrix diagram, when a new source system is accessed or the stock key value is changed, the step of modifying the system code logic can be avoided, and the symmetric encryption algorithm key is directly inquired and determined in the matrix diagram, so that the operation risk is avoided, the operation cost is reduced, and the data encryption is quick and efficient.

Description

一种数据加密方法、装置、设备及介质A data encryption method, device, equipment and medium

技术领域Technical field

本申请涉及网络安全领域或金融领域,特别涉及一种数据加密方法、装置、设备及介质。This application relates to the field of network security or finance, and in particular to a data encryption method, device, equipment and medium.

背景技术Background technique

包括银行系统在内的金融类交易系统,包含了国民个人信息、企业资金流转信息、社会经济活动信息等重要信息,因此不仅要求数据输入交易系统时需要经过严格审核,在数据传输和数据使用过程中,更应该采用严格的管理措施和技术手段加以保护,使得降低数据及其交易系统被非法访问、窃取、篡改和损毁的风险。Financial transaction systems, including banking systems, contain important information such as national personal information, corporate capital flow information, and socioeconomic activity information. Therefore, not only do data need to be strictly reviewed when entering the transaction system, but also during the data transmission and data use process. Strict management measures and technical means should be adopted to protect it, so as to reduce the risk of illegal access, theft, tampering and damage to the data and its transaction system.

相关技术中,一笔金融类交易可能从不通的源系统发起,再调用同一个目标系统进行交易处理。为保证传输过程中的数据安全,源系统会将数据加密后再送至目标系统,目标系统需对加密的数据解密后再进行交易处理。其中,加解密过程中使用的对称加密算法密钥是由双方系统约定。In related technologies, a financial transaction may be initiated from a different source system and then call the same target system for transaction processing. To ensure data security during transmission, the source system will encrypt the data before sending it to the target system. The target system needs to decrypt the encrypted data before processing the transaction. Among them, the symmetric encryption algorithm key used in the encryption and decryption process is agreed upon by both systems.

然而,当目标系统需要接收多个源系统的加密数据时,目标系统会与不同的源系统约定不同的对称加密算法密钥。当有新的源系统接入,或存量密钥值变化时,需要目标系统修改系统代码逻辑。修改系统代码逻辑不仅步骤繁琐,而且还会增加目标系统的运行风险。However, when the target system needs to receive encrypted data from multiple source systems, the target system will agree on different symmetric encryption algorithm keys with different source systems. When a new source system is connected or the existing key value changes, the target system needs to modify the system code logic. Modifying the system code logic is not only cumbersome, but also increases the operational risk of the target system.

发明内容Contents of the invention

有鉴于此,本申请实施例提供了一种数据加密方法、装置、设备及介质,能够当有新的源系统接入或存量密钥值变化时,规避修改系统代码逻辑的步骤,通过矩阵图确定对应的对称加密算法密钥,从而执行数据加密。In view of this, embodiments of the present application provide a data encryption method, device, equipment and medium, which can avoid the step of modifying the system code logic when a new source system is accessed or the existing key value changes. Through the matrix diagram Determine the corresponding symmetric encryption algorithm key to perform data encryption.

本申请实施例公开了如下技术方案:The embodiments of this application disclose the following technical solutions:

第一方面,本申请提供了一种数据加密方法,应用于目标系统,所述方法包括:In the first aspect, this application provides a data encryption method, which is applied to the target system. The method includes:

响应于源系统发出的业务场景请求,在所述目标系统的矩阵图中选择与所述源系统和所述业务场景请求对应的对称加密算法密钥;In response to the business scenario request issued by the source system, select the symmetric encryption algorithm key corresponding to the source system and the business scenario request in the matrix diagram of the target system;

根据所述对称加密算法密钥,对与所述业务场景请求对应的数据执行数据加密。Data encryption is performed on data corresponding to the business scenario request according to the symmetric encryption algorithm key.

可选的,所述矩阵图的构建方法具体包括:Optionally, the method of constructing the matrix diagram specifically includes:

将所有源系统作为所述矩阵图中的首行,将所有业务场景请求作为所述矩阵图中的首列,将与第i源系统和第j业务场景请求对应的对称加密算法密钥位于所述矩阵图中的第i列、第j行,以构建矩阵图,其中,i和j为正整数。Set all source systems as the first row in the matrix diagram, place all business scenario requests as the first column in the matrix diagram, and place the symmetric encryption algorithm keys corresponding to the i-th source system and the j-th business scenario request at the Describe the i-th column and j-th row in the matrix graph to construct a matrix graph, where i and j are positive integers.

可选的,所述根据所述对称加密算法密钥,对与所述业务场景请求对应的数据执行数据加密,包括:Optionally, performing data encryption on data corresponding to the business scenario request according to the symmetric encryption algorithm key includes:

将所述源系统、所述业务场景请求,和,所述与所述源系统和所述业务场景请求对应的对称加密算法密钥的组合结果转换为目标参数;Convert the combined result of the source system, the business scenario request, and the symmetric encryption algorithm key corresponding to the source system and the business scenario request into a target parameter;

若所述源系统和/或所述业务场景请求发生变化,则修改所述目标参数;If the source system and/or the business scenario request changes, modify the target parameters;

根据修改后的目标参数,对目标数据执行数据加密,所述目标数据是与所述业务场景请求,或,变化后的业务场景请求相对应的数据。Data encryption is performed on the target data according to the modified target parameters, and the target data is data corresponding to the business scenario request or the changed business scenario request.

可选的,所述根据所述对称加密算法密钥,对与所述业务场景请求对应的数据执行数据加密,包括:Optionally, performing data encryption on data corresponding to the business scenario request according to the symmetric encryption algorithm key includes:

识别所述业务场景请求中的敏感数据,所述敏感数据为敏感指数大于预设阈值的数据;Identify sensitive data in the business scenario request, where the sensitive data is data with a sensitivity index greater than a preset threshold;

根据所述对称加密算法密钥,对所述敏感数据执行数据加密。Data encryption is performed on the sensitive data based on the symmetric encryption algorithm key.

可选的,所述对称加密算法包括数据加密标准算法、三重数据加密算法和高级加密标准算法中的一种或多种。Optionally, the symmetric encryption algorithm includes one or more of a data encryption standard algorithm, a triple data encryption algorithm, and an advanced encryption standard algorithm.

第二方面,本申请提供了一种数据加密装置,应用于目标系统,所述装置包括:选择模块和执行模块;In the second aspect, this application provides a data encryption device, which is applied to the target system. The device includes: a selection module and an execution module;

所述选择模块,用于响应于源系统发出的业务场景请求,在所述目标系统的矩阵图中选择与所述源系统和所述业务场景请求对应的对称加密算法密钥;The selection module is configured to, in response to a business scenario request issued by the source system, select a symmetric encryption algorithm key corresponding to the source system and the business scenario request in the matrix diagram of the target system;

所述执行模块,用于根据所述对称加密算法密钥,对与所述业务场景请求对应的数据执行数据加密。The execution module is configured to perform data encryption on the data corresponding to the business scenario request according to the symmetric encryption algorithm key.

可选的,所述执行模块具体包括:识别子模块和加密子模块;Optionally, the execution module specifically includes: an identification sub-module and an encryption sub-module;

所述识别子模块,用于识别所述业务场景请求中的敏感数据,所述敏感数据为敏感指数大于预设阈值的数据;The identification submodule is used to identify sensitive data in the business scenario request, where the sensitive data is data with a sensitivity index greater than a preset threshold;

所述加密子模块,用于根据所述对称加密算法密钥,对所述敏感数据执行数据加密。The encryption submodule is used to perform data encryption on the sensitive data according to the symmetric encryption algorithm key.

可选的,所述对称加密算法包括数据加密标准算法、三重数据加密算法和高级加密标准算法中的一种或多种。Optionally, the symmetric encryption algorithm includes one or more of a data encryption standard algorithm, a triple data encryption algorithm, and an advanced encryption standard algorithm.

第三方面,本申请提供了一种数据加密设备,包括:存储器和处理器;In a third aspect, this application provides a data encryption device, including: a memory and a processor;

所述存储器,用于存储程序;The memory is used to store programs;

所述处理器,用于执行所述计算机程序时实现上述数据加密方法的步骤。The processor is configured to implement the steps of the above data encryption method when executing the computer program.

第四方面,本申请提供了一种计算机可读存储介质,所述可读存储介质上存储有计算机程序,所述计算机程序被处理器执行时,实现上述数据加密方法的步骤。In a fourth aspect, the present application provides a computer-readable storage medium. A computer program is stored on the readable storage medium. When the computer program is executed by a processor, the steps of the above-mentioned data encryption method are implemented.

相较于现有技术,本申请具有以下有益效果:Compared with the existing technology, this application has the following beneficial effects:

本申请公开了一种数据加密方法、装置、设备及介质,该方法包括:响应于源系统发出的业务场景请求,在目标系统的矩阵图中选择与源系统和业务场景请求对应的对称加密算法密钥;根据对称加密算法密钥,对与业务场景请求对应的数据执行数据加密。由此,通过将影响对称加密算法密钥的源系统和业务场景请求排列成矩阵图,可以当有新的源系统接入或存量密钥值变化时,规避修改系统代码逻辑的步骤,而直接在矩阵图中直接查询确定对称加密算法密钥,从而避免了运行风险,减少了运营成本,使得数据加密快捷高效。This application discloses a data encryption method, device, equipment and medium. The method includes: responding to a business scenario request issued by the source system, selecting a symmetric encryption algorithm corresponding to the source system and the business scenario request in the matrix diagram of the target system. Key; perform data encryption on the data corresponding to the business scenario request based on the symmetric encryption algorithm key. Therefore, by arranging the source systems and business scenario requests that affect the symmetric encryption algorithm key into a matrix diagram, when a new source system is accessed or the existing key value changes, the step of modifying the system code logic can be avoided and directly Directly query and determine the symmetric encryption algorithm key in the matrix diagram, thereby avoiding operational risks, reducing operating costs, and making data encryption fast and efficient.

附图说明Description of the drawings

为更清楚地说明本实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本申请的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to explain this embodiment or the technical solution in the prior art more clearly, the drawings needed to be used in the description of the embodiment or the prior art will be briefly introduced below. Obviously, the drawings in the following description are only For some embodiments of the present application, those of ordinary skill in the art can also obtain other drawings based on these drawings without exerting creative efforts.

图1为本申请实施例提供的一种数据加密方法的流程图;Figure 1 is a flow chart of a data encryption method provided by an embodiment of the present application;

图2为本申请实施例提供的一种数据加密装置的示意图;Figure 2 is a schematic diagram of a data encryption device provided by an embodiment of the present application;

图3为本申请实施例提供的一种计算机可读介质的示意图;Figure 3 is a schematic diagram of a computer-readable medium provided by an embodiment of the present application;

图4为本申请实施例提供的一种服务器的硬件结构示意图。Figure 4 is a schematic diagram of the hardware structure of a server provided by an embodiment of the present application.

具体实施方式Detailed ways

本发明提供的一种数据加密方法、装置、设备及介质可用于网络安全领域或金融领域。上述仅为示例,并不对本发明提供的一种数据加密方法、装置、设备及介质的应用领域进行限定。The data encryption method, device, equipment and medium provided by the present invention can be used in the network security field or the financial field. The above are only examples and do not limit the application fields of the data encryption method, device, equipment and medium provided by the present invention.

首先,先对本申请涉及到的技术术语进行解释:First, let’s explain the technical terms involved in this application:

对称加密算法(Symmetric Cryptography)是密码学中的一类加密算法,这类算法在加密和解密时使用相同的密钥。Symmetric Cryptography is a type of encryption algorithm in cryptography that uses the same key for encryption and decryption.

相关技术中,一笔金融类交易可能从不通的源系统发起,再调用同一个目标系统进行交易处理。为保证传输过程中的数据安全,源系统会将数据加密后再送至目标系统,目标系统需对加密的数据解密后再进行交易处理。其中,加解密过程中使用的对称加密算法密钥是由双方系统约定。In related technologies, a financial transaction may be initiated from a different source system and then call the same target system for transaction processing. To ensure data security during transmission, the source system will encrypt the data before sending it to the target system. The target system needs to decrypt the encrypted data before processing the transaction. Among them, the symmetric encryption algorithm key used in the encryption and decryption process is agreed upon by both systems.

然而,当目标系统需要接收多个源系统的加密数据时,目标系统会与不同的源系统约定不同的对称加密算法密钥。当有新的源系统接入,或存量密钥值变化时,需要目标系统修改系统代码逻辑。修改系统代码逻辑不仅步骤繁琐,而且还会增加目标系统的运行风险。However, when the target system needs to receive encrypted data from multiple source systems, the target system will agree on different symmetric encryption algorithm keys with different source systems. When a new source system is connected or the existing key value changes, the target system needs to modify the system code logic. Modifying the system code logic is not only cumbersome, but also increases the operational risk of the target system.

有鉴于此,本申请提供了一种数据加密方法、装置、设备及介质,该方法包括:响应于源系统发出的业务场景请求,在目标系统的矩阵图中选择与源系统和业务场景请求对应的对称加密算法密钥;根据对称加密算法密钥,对与业务场景请求对应的数据执行数据加密。由此,通过将影响对称加密算法密钥的源系统和业务场景请求排列成矩阵图,可以当有新的源系统接入或存量密钥值变化时,规避修改系统代码逻辑的步骤,而直接在矩阵图中直接查询确定对称加密算法密钥,从而避免了运行风险,减少了运营成本,使得数据加密快捷高效。In view of this, the present application provides a data encryption method, device, equipment and medium. The method includes: responding to a business scenario request issued by the source system, selecting the corresponding source system and business scenario request in the matrix diagram of the target system. The symmetric encryption algorithm key; perform data encryption on the data corresponding to the business scenario request based on the symmetric encryption algorithm key. Therefore, by arranging the source systems and business scenario requests that affect the symmetric encryption algorithm key into a matrix diagram, when a new source system is accessed or the existing key value changes, the step of modifying the system code logic can be avoided and directly Directly query and determine the symmetric encryption algorithm key in the matrix diagram, thereby avoiding operational risks, reducing operating costs, and making data encryption fast and efficient.

为了使本技术领域的人员更好地理解本申请方案,下面将结合本申请实施例中的附图,对本申请实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅是本申请一部分实施例,而不是全部的实施例。基于本申请中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本申请保护的范围。In order to enable those in the technical field to better understand the solutions of the present application, the technical solutions in the embodiments of the present application will be clearly and completely described below in conjunction with the accompanying drawings in the embodiments of the present application. Obviously, the described embodiments are only These are part of the embodiments of this application, but not all of them. Based on the embodiments in this application, all other embodiments obtained by those of ordinary skill in the art without creative efforts fall within the scope of protection of this application.

参见图1,该图为本申请实施例提供的一种数据加密方法的流程图。该方法应用于目标系统,该方法包括:Refer to Figure 1, which is a flow chart of a data encryption method provided by an embodiment of the present application. The method is applied to the target system and includes:

S101:响应于源系统发出的业务场景请求,在目标系统的矩阵图中选择与源系统和业务场景请求对应的对称加密算法密钥。S101: In response to the business scenario request issued by the source system, select the symmetric encryption algorithm key corresponding to the source system and the business scenario request in the matrix diagram of the target system.

对称加密算法密钥指的是发送和接收数据的双方(即源系统和目标系统)必使用相同的密钥对明文进行加密和解密运算。在一些具体的实现方式中,上述对称加密算法密钥可以包括数据加密标准算法、三重数据加密算法和高级加密标准算法中的一种或多种。The symmetric encryption algorithm key means that both parties sending and receiving data (ie, the source system and the target system) must use the same key to encrypt and decrypt the plain text. In some specific implementations, the above-mentioned symmetric encryption algorithm key may include one or more of a data encryption standard algorithm, a triple data encryption algorithm, and an advanced encryption standard algorithm.

参见表1,该表为本申请实施例提供的一种矩阵图的示意表。可以理解的是,该矩阵图是根据源系统、业务场景请求,和,与源系统和业务场景请求对应的对称加密算法密钥共同构建的。将所有源系统作为矩阵图中的首行,将所有业务场景请求作为矩阵图中的首列,将与第i源系统和第j业务场景请求对应的对称加密算法密钥位于矩阵图中的第i列、第j行,从而构建矩阵图,其中,i和j为正整数。Refer to Table 1, which is a schematic table of a matrix diagram provided by the embodiment of the present application. It can be understood that the matrix diagram is constructed based on the source system, the business scenario request, and the symmetric encryption algorithm key corresponding to the source system and the business scenario request. Put all source systems as the first row in the matrix diagram, put all business scenario requests as the first column in the matrix diagram, and place the symmetric encryption algorithm key corresponding to the i-th source system and the j-th business scenario request in the matrix diagram. Column i and row j, thereby constructing a matrix graph, where i and j are positive integers.

表1Table 1

源系统ASource System A 源系统BSource System B (支持新增系统)(Support new systems) 业务场景1Business scenario 1 对称加密算法密钥1Symmetric encryption algorithm key 1 对称加密算法密钥2Symmetric encryption algorithm key 2 ...... 业务场景2Business scenario 2 对称加密算法密钥3Symmetric encryption algorithm key 3 对称加密算法密钥4Symmetric encryption algorithm key 4 ...... 业务场景nbusiness scenario n ...... ...... ......

在接收到源系统发出的业务场景请求时,需要在目标系统的矩阵图中选择与源系统和业务场景请求对应的对称加密算法密钥。由表1可知,若接收到的请求为源系统A在业务场景1的条件下发出的请求,那么则可以在表1的矩阵图中选择对称加密算法密钥1;若接收到的请求为源系统B在业务场景2的条件下发出的请求,那么则可以在表1的矩阵图中选择对称加密算法密钥4。When receiving a business scenario request from the source system, you need to select the symmetric encryption algorithm key corresponding to the source system and the business scenario request in the matrix diagram of the target system. As can be seen from Table 1, if the received request is a request issued by source system A under the conditions of business scenario 1, then the symmetric encryption algorithm key 1 can be selected in the matrix diagram of Table 1; System B sends a request under the conditions of business scenario 2, then you can select symmetric encryption algorithm key 4 in the matrix diagram of Table 1.

需要说明的是,对于具体的源系统、业务场景及对称加密算法密钥,本申请不做限定。It should be noted that this application does not limit the specific source system, business scenario and symmetric encryption algorithm key.

S102:根据对称加密算法密钥,对与业务场景请求对应的数据执行数据加密。S102: Perform data encryption on the data corresponding to the business scenario request based on the symmetric encryption algorithm key.

在目标系统的矩阵图中选择与源系统和业务场景请求对应的对称加密算法密钥之后,即可根据对称加密算法密钥,对与业务场景请求对应的数据执行数据加密。After selecting the symmetric encryption algorithm key corresponding to the source system and business scenario request in the matrix diagram of the target system, data encryption can be performed on the data corresponding to the business scenario request based on the symmetric encryption algorithm key.

可以理解的是,即使是金融类交易系统,也并非所有与业务场景请求对应的数据均为敏感数据。那么,可以对与业务场景请求对应的数据进行筛选,仅对需要进行加密的数据进行加密,从而提升加密效率。It is understandable that even in financial trading systems, not all data corresponding to business scenario requests are sensitive data. Then, you can filter the data corresponding to the business scenario request and only encrypt the data that needs to be encrypted, thereby improving encryption efficiency.

在一些具体的实现方式中,可以首先识别业务场景请求中的敏感数据,该敏感数据可以指的是敏感指数大于预设阈值的数据。该敏感数据可以由相关技术人员自行设定,例如,相关技术人员可以将交易金额统一设置为敏感数据;也可以是用户根据自己的需要设定的,例如,用户可以将用户年收入设置为敏感数据。需要说明的是,对于具体的敏感数据及其设置方法,本申请不做限定。In some specific implementations, sensitive data in the business scenario request may be first identified. The sensitive data may refer to data with a sensitivity index greater than a preset threshold. This sensitive data can be set by relevant technical personnel themselves. For example, relevant technical personnel can set the transaction amount as sensitive data; it can also be set by the user according to their own needs. For example, the user can set the user's annual income as sensitive data. data. It should be noted that this application does not limit the specific sensitive data and its setting method.

在识别业务场景请求中的敏感数据之后,即可根据所述对称加密算法密钥,对所述敏感数据执行数据加密。After identifying the sensitive data in the business scenario request, data encryption can be performed on the sensitive data based on the symmetric encryption algorithm key.

可以理解的是,源系统和业务场景请求也可能发生变化。若变化为矩阵图中包含的源系统和/或业务场景,那么可以直接根据更改后的源系统和/或业务场景对应的对称加密算法密钥执行数据加密。Understandably, source systems and business scenario requests may also change. If the change is to the source system and/or business scenario included in the matrix diagram, data encryption can be performed directly based on the symmetric encryption algorithm key corresponding to the changed source system and/or business scenario.

若源系统和/或业务场景请求变化为矩阵图中不包含的源系统和/或业务场景,那么,则需要首先,将变化前的源系统、业务场景请求,和,与源系统和业务场景请求对应的对称加密算法密钥的组合结果转换为目标参数;随后,根据修改情况同时对目标参数进行修改;最后,根据修改后的目标参数,对目标数据执行数据加密,其中,目标数据是与业务场景请求,或,变化后的业务场景请求相对应的数据。If the source system and/or business scenario request changes to a source system and/or business scenario not included in the matrix diagram, then you need to first compare the source system and business scenario request before the change with the source system and business scenario The combined result of the corresponding symmetric encryption algorithm key of the request is converted into target parameters; then, the target parameters are modified simultaneously according to the modification; finally, data encryption is performed on the target data according to the modified target parameters, where the target data is the same as Business scenario request, or data corresponding to the changed business scenario request.

综上所述,本申请公开了一种数据加密方法,该方法应用于目标系统,包括:响应于源系统发出的业务场景请求,在目标系统的矩阵图中选择与源系统和业务场景请求对应的对称加密算法密钥;根据对称加密算法密钥,对与业务场景请求对应的数据执行数据加密。由此,通过将影响对称加密算法密钥的源系统和业务场景请求排列成矩阵图,可以当有新的源系统接入或存量密钥值变化时,规避修改系统代码逻辑的步骤,而直接在矩阵图中直接查询确定对称加密算法密钥,从而避免了运行风险,减少了运营成本,使得数据加密快捷高效。To sum up, this application discloses a data encryption method, which is applied to the target system and includes: in response to the business scenario request issued by the source system, selecting the data corresponding to the source system and the business scenario request in the matrix diagram of the target system. The symmetric encryption algorithm key; perform data encryption on the data corresponding to the business scenario request based on the symmetric encryption algorithm key. Therefore, by arranging the source systems and business scenario requests that affect the symmetric encryption algorithm key into a matrix diagram, when a new source system is accessed or the existing key value changes, the step of modifying the system code logic can be avoided and directly Directly query and determine the symmetric encryption algorithm key in the matrix diagram, thereby avoiding operational risks, reducing operating costs, and making data encryption fast and efficient.

参见图2,该图为本申请实施例提供的一种数据加密装置,该数据加密装置200包括:选择模块201和执行模块202;Referring to Figure 2, this figure shows a data encryption device provided by an embodiment of the present application. The data encryption device 200 includes: a selection module 201 and an execution module 202;

具体的,选择模块201,用于响应于源系统发出的业务场景请求,在目标系统的矩阵图中选择与源系统和业务场景请求对应的对称加密算法密钥;Specifically, the selection module 201 is configured to respond to the business scenario request issued by the source system and select the symmetric encryption algorithm key corresponding to the source system and the business scenario request in the matrix diagram of the target system;

执行模块202,用于根据对称加密算法密钥,对与业务场景请求对应的数据执行数据加密。The execution module 202 is configured to perform data encryption on data corresponding to the business scenario request according to the symmetric encryption algorithm key.

在一些具体的实现方式中,执行模块202具体包括:识别子模块和加密子模块;In some specific implementations, the execution module 202 specifically includes: an identification sub-module and an encryption sub-module;

识别子模块,用于识别业务场景请求中的敏感数据,敏感数据为敏感指数大于预设阈值的数据;The identification sub-module is used to identify sensitive data in business scenario requests. Sensitive data is data whose sensitivity index is greater than the preset threshold;

加密子模块,用于根据对称加密算法密钥,对敏感数据执行数据加密。The encryption submodule is used to perform data encryption on sensitive data based on the symmetric encryption algorithm key.

在一些具体的实现方式中,对称加密算法包括数据加密标准算法、三重数据加密算法和高级加密标准算法中的一种或多种。In some specific implementations, the symmetric encryption algorithm includes one or more of a data encryption standard algorithm, a triple data encryption algorithm, and an advanced encryption standard algorithm.

在一些具体的实现方式中,上述矩阵图的构建装置具体用于:将所有源系统作为矩阵图中的首行,将所有业务场景请求作为矩阵图中的首列,将与第i源系统和第j业务场景请求对应的对称加密算法密钥位于矩阵图中的第i列、第j行,以构建矩阵图,其中,i和j为正整数。In some specific implementations, the above-mentioned matrix diagram construction device is specifically used to: use all source systems as the first row in the matrix diagram, use all business scenario requests as the first column in the matrix diagram, and use the i-th source system and The symmetric encryption algorithm key corresponding to the j-th business scenario request is located in the i-th column and j-th row in the matrix diagram to construct a matrix diagram, where i and j are positive integers.

在一些具体的实现方式中,执行模块202具体包括:转换子模块、修改子模块和第二加密子模块;In some specific implementations, the execution module 202 specifically includes: a conversion sub-module, a modification sub-module and a second encryption sub-module;

具体的,转换子模块用于将源系统、业务场景请求,和,与源系统和业务场景请求对应的对称加密算法密钥的组合结果转换为目标参数;Specifically, the conversion submodule is used to convert the combination result of the source system, the business scenario request, and the symmetric encryption algorithm key corresponding to the source system and the business scenario request into the target parameter;

修改子模块用于若源系统和/或业务场景请求发生变化,则修改目标参数;The modification submodule is used to modify the target parameters if the source system and/or business scenario requests change;

第二加密子模块用于根据修改后的目标参数,对目标数据执行数据加密,目标数据是与业务场景请求,或,变化后的业务场景请求相对应的数据。The second encryption submodule is used to perform data encryption on the target data according to the modified target parameters. The target data is data corresponding to the business scenario request or the changed business scenario request.

综上,本申请公开了一种数据加密装置,该方法应用于目标系统,包括:选择模块和执行模块。由此,通过将影响对称加密算法密钥的源系统和业务场景请求排列成矩阵图,可以当有新的源系统接入或存量密钥值变化时,规避修改系统代码逻辑的步骤,而直接在矩阵图中直接查询确定对称加密算法密钥,从而避免了运行风险,减少了运营成本,使得数据加密快捷高效。In summary, this application discloses a data encryption device. The method is applied to the target system and includes: a selection module and an execution module. Therefore, by arranging the source systems and business scenario requests that affect the symmetric encryption algorithm key into a matrix diagram, when a new source system is accessed or the existing key value changes, the step of modifying the system code logic can be avoided and directly Directly query and determine the symmetric encryption algorithm key in the matrix diagram, thereby avoiding operational risks, reducing operating costs, and making data encryption fast and efficient.

本文中以上描述的功能可以至少部分地由一个或多个硬件逻辑部件来执行。例如,非限制性地,可以使用的示范类型的硬件逻辑部件包括:现场可编程门阵列(FPGA)、专用集成电路(ASIC)、专用标准产品(ASSP)、片上系统(SOC)、复杂可编程逻辑设备(CPLD)等等。The functions described above herein may be performed, at least in part, by one or more hardware logic components. For example, and without limitation, exemplary types of hardware logic components that may be used include: Field Programmable Gate Arrays (FPGAs), Application Specific Integrated Circuits (ASICs), Application Specific Standard Products (ASSPs), Systems on Chips (SOCs), Complex Programmable Logical device (CPLD) and so on.

参见图3,该图为本申请实施例提供的一种计算机可读介质的示意图。该计算机可读介质300上存储有计算机程序311,该计算机程序311被处理器执行时实现上述图1的数据加密方法的步骤。Refer to Figure 3, which is a schematic diagram of a computer-readable medium provided by an embodiment of the present application. A computer program 311 is stored on the computer-readable medium 300. When the computer program 311 is executed by a processor, the steps of the data encryption method in Figure 1 are implemented.

需要说明的是,本申请的上下文中,机器可读介质可以是有形的介质,其可以包含或存储以供指令执行系统、装置或设备使用或与指令执行系统、装置或设备结合地使用的程序。机器可读介质可以是机器可读信号介质或机器可读储存介质。机器可读介质可以包括但不限于电子的、磁性的、光学的、电磁的、红外的、或半导体系统、装置或设备,或者上述内容的任何合适组合。机器可读存储介质的更具体示例会包括基于一个或多个线的电气连接、便携式计算机盘、硬盘、随机存取存储器(RAM)、只读存储器(ROM)、可擦除可编程只读存储器(EPROM或快闪存储器)、光纤、便捷式紧凑盘只读存储器(CD-ROM)、光学储存设备、磁储存设备、或上述内容的任何合适组合。It should be noted that in the context of this application, a machine-readable medium may be a tangible medium that may contain or store a program for use by or in conjunction with an instruction execution system, apparatus, or device. . The machine-readable medium may be a machine-readable signal medium or a machine-readable storage medium. Machine-readable media may include, but are not limited to, electronic, magnetic, optical, electromagnetic, infrared, or semiconductor systems, devices or devices, or any suitable combination of the foregoing. More specific examples of machine-readable storage media would include one or more wire-based electrical connections, laptop disks, hard drives, random access memory (RAM), read only memory (ROM), erasable programmable read only memory (EPROM or flash memory), optical fiber, portable compact disk read-only memory (CD-ROM), optical storage device, magnetic storage device, or any suitable combination of the above.

需要说明的是,本申请上述的机器可读介质可以是计算机可读信号介质或者计算机可读存储介质或者是上述两者的任意组合。计算机可读存储介质例如可以是——但不限于——电、磁、光、电磁、红外线、或半导体的系统、装置或器件,或者任意以上的组合。计算机可读存储介质的更具体的例子可以包括但不限于:具有一个或多个导线的电连接、便携式计算机磁盘、硬盘、随机访问存储器(RAM)、只读存储器(ROM)、可擦式可编程只读存储器(EPROM或闪存)、光纤、便携式紧凑磁盘只读存储器(CD-ROM)、光存储器件、磁存储器件、或者上述的任意合适的组合。在本申请中,计算机可读存储介质可以是任何包含或存储程序的有形介质,该程序可以被指令执行系统、装置或者器件使用或者与其结合使用。而在本申请中,计算机可读信号介质可以包括在基带中或者作为载波一部分传播的数据信号,其中承载了计算机可读的程序代码。这种传播的数据信号可以采用多种形式,包括但不限于电磁信号、光信号或上述的任意合适的组合。计算机可读信号介质还可以是计算机可读存储介质以外的任何计算机可读介质,该计算机可读信号介质可以发送、传播或者传输用于由指令执行系统、装置或者器件使用或者与其结合使用的程序。计算机可读介质上包含的程序代码可以用任何适当的介质传输,包括但不限于:电线、光缆、RF(射频)等等,或者上述的任意合适的组合。It should be noted that the machine-readable medium mentioned above in this application may be a computer-readable signal medium or a computer-readable storage medium, or any combination of the above two. The computer-readable storage medium may be, for example, but is not limited to, an electrical, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus or device, or any combination thereof. More specific examples of computer readable storage media may include, but are not limited to: an electrical connection having one or more wires, a portable computer disk, a hard drive, random access memory (RAM), read only memory (ROM), removable Programmed read-only memory (EPROM or flash memory), fiber optics, portable compact disk read-only memory (CD-ROM), optical storage device, magnetic storage device, or any suitable combination of the above. As used herein, a computer-readable storage medium may be any tangible medium that contains or stores a program for use by or in connection with an instruction execution system, apparatus, or device. In this application, the computer-readable signal medium may include a data signal propagated in baseband or as part of a carrier wave, in which computer-readable program code is carried. Such propagated data signals may take many forms, including but not limited to electromagnetic signals, optical signals, or any suitable combination of the above. A computer-readable signal medium may also be any computer-readable medium other than a computer-readable storage medium that can send, propagate, or transmit a program for use by or in connection with an instruction execution system, apparatus, or device . Program code embodied on a computer-readable medium may be transmitted using any suitable medium, including but not limited to: wire, optical cable, RF (radio frequency), etc., or any suitable combination of the above.

上述计算机可读介质可以是上述电子设备中所包含的;也可以是单独存在,而未装配入该电子设备中。The above-mentioned computer-readable medium may be included in the above-mentioned electronic device; it may also exist independently without being assembled into the electronic device.

参见图4,该图为本申请实施例提供的一种服务器的硬件结构示意图,该服务器400可因配置或性能不同而产生比较大的差异,可以包括一个或一个以上中央处理器(central processing units,CPU)422(例如,一个或一个以上处理器)和存储器432,一个或一个以上存储应用程序440或数据444的存储介质430(例如一个或一个以上海量存储设备)。其中,存储器432和存储介质430可以是短暂存储或持久存储。存储在存储介质430的程序可以包括一个或一个以上模块(图示没标出),每个模块可以包括对服务器中的一系列指令操作。更进一步地,中央处理器422可以设置为与存储介质430通信,在服务器400上执行存储介质430中的一系列指令操作。Referring to Figure 4, this figure is a schematic diagram of the hardware structure of a server provided by an embodiment of the present application. The server 400 may vary greatly due to different configurations or performance, and may include one or more central processing units (central processing units). , CPU) 422 (eg, one or more processors) and memory 432, one or more storage media 430 (eg, one or more mass storage devices) that stores applications 440 or data 444. Among them, the memory 432 and the storage medium 430 may be short-term storage or persistent storage. The program stored in the storage medium 430 may include one or more modules (not shown in the figure), and each module may include a series of instruction operations on the server. Furthermore, the central processor 422 may be configured to communicate with the storage medium 430 and execute a series of instruction operations in the storage medium 430 on the server 400 .

服务器400还可以包括一个或一个以上电源426,一个或一个以上有线或无线网络接口450,一个或一个以上输入输出接口458,和/或,一个或一个以上操作系统441,例如Windows ServerTM,Mac OS XTM,UnixTM,LinuxTM,FreeBSDTM等等。Server 400 may also include one or more power supplies 426, one or more wired or wireless network interfaces 450, one or more input and output interfaces 458, and/or, one or more operating systems 441, such as Windows Server™, Mac OS XTM, UnixTM, LinuxTM, FreeBSDTM and many more.

上述实施例中由数据加密方法所执行的步骤可以基于该图4所示的服务器结构。The steps performed by the data encryption method in the above embodiment may be based on the server structure shown in FIG. 4 .

还需要说明的,根据本申请的实施例,上述图1中的流程示意图描述的数据加密方法的过程可以被实现为计算机软件程序。例如,本申请的实施例包括一种计算机程序产品,其包括承载在非暂态计算机可读介质上的计算机程序,该计算机程序包含用于执行上述图1的流程示意图中所示的方法的程序代码。It should also be noted that according to embodiments of the present application, the process of the data encryption method described in the flowchart in FIG. 1 can be implemented as a computer software program. For example, embodiments of the present application include a computer program product that includes a computer program carried on a non-transitory computer-readable medium, the computer program including a program for performing the method shown in the flowchart of FIG. 1 above. code.

尽管已经采用特定于结构特征和/或方法逻辑动作的语言描述了本主题,但是应当理解所附权利要求书中所限定的主题未必局限于上面描述的特定特征或动作。相反,上面所描述的特定特征和动作仅仅是实现权利要求书的示例形式。Although the subject matter has been described in language specific to structural features and/or methodological acts, it is to be understood that the subject matter defined in the appended claims is not necessarily limited to the specific features or acts described above. Rather, the specific features and acts described above are merely example forms of implementing the claims.

虽然在上面论述中包含了若干具体实现细节,但是这些不应当被解释为对本申请的范围的限制。在单独的实施例的上下文中描述的某些特征还可以组合地实现在单个实施例中。相反地,在单个实施例的上下文中描述的各种特征也可以单独地或以任何合适的子组合的方式实现在多个实施例中。Although several specific implementation details are included in the above discussion, these should not be construed as limiting the scope of the application. Certain features that are described in the context of separate embodiments can also be implemented in combination in a single embodiment. Conversely, various features that are described in the context of a single embodiment can also be implemented in multiple embodiments separately or in any suitable subcombination.

以上描述仅为本申请的较佳实施例以及对所运用技术原理的说明。本领域技术人员应当理解,本申请中所涉及的公开范围,并不限于上述技术特征的特定组合而成的技术方案,同时也应涵盖在不脱离上述公开构思的情况下,由上述技术特征或其等同特征进行任意组合而形成的其它技术方案。例如上述特征与本申请中公开的(但不限于)具有类似功能的技术特征进行互相替换而形成的技术方案。The above description is only a preferred embodiment of the present application and an explanation of the technical principles used. Persons skilled in the art should understand that the disclosure scope involved in this application is not limited to technical solutions composed of specific combinations of the above technical features, but should also cover solutions consisting of the above technical features or without departing from the above disclosed concept. Other technical solutions formed by any combination of equivalent features. For example, a technical solution is formed by replacing the above features with technical features with similar functions disclosed in this application (but not limited to).

Claims (10)

1.一种数据加密方法,其特征在于,应用于目标系统,所述方法包括:1. A data encryption method, characterized in that, applied to a target system, the method includes: 响应于源系统发出的业务场景请求,在所述目标系统的矩阵图中选择与所述源系统和所述业务场景请求对应的对称加密算法密钥;In response to the business scenario request issued by the source system, select the symmetric encryption algorithm key corresponding to the source system and the business scenario request in the matrix diagram of the target system; 根据所述对称加密算法密钥,对与所述业务场景请求对应的数据执行数据加密。Data encryption is performed on data corresponding to the business scenario request according to the symmetric encryption algorithm key. 2.根据权利要求1所述的方法,其特征在于,所述矩阵图的构建方法具体包括:2. The method according to claim 1, characterized in that the construction method of the matrix diagram specifically includes: 将所有源系统作为所述矩阵图中的首行,将所有业务场景请求作为所述矩阵图中的首列,将与第i源系统和第j业务场景请求对应的对称加密算法密钥位于所述矩阵图中的第i列、第j行,以构建矩阵图,其中,i和j为正整数。Set all source systems as the first row in the matrix diagram, place all business scenario requests as the first column in the matrix diagram, and place the symmetric encryption algorithm keys corresponding to the i-th source system and the j-th business scenario request at the Describe the i-th column and j-th row in the matrix graph to construct a matrix graph, where i and j are positive integers. 3.根据权利要求1或2所述的方法,其特征在于,所述根据所述对称加密算法密钥,对与所述业务场景请求对应的数据执行数据加密,包括:3. The method according to claim 1 or 2, characterized in that performing data encryption on data corresponding to the business scenario request according to the symmetric encryption algorithm key includes: 将所述源系统、所述业务场景请求,和,所述与所述源系统和所述业务场景请求对应的对称加密算法密钥的组合结果转换为目标参数;Convert the combined result of the source system, the business scenario request, and the symmetric encryption algorithm key corresponding to the source system and the business scenario request into a target parameter; 若所述源系统和/或所述业务场景请求发生变化,则修改所述目标参数;If the source system and/or the business scenario request changes, modify the target parameters; 根据修改后的目标参数,对目标数据执行数据加密,所述目标数据是与所述业务场景请求,或,变化后的业务场景请求相对应的数据。Data encryption is performed on the target data according to the modified target parameters, and the target data is data corresponding to the business scenario request or the changed business scenario request. 4.根据权利要求1所述的方法,其特征在于,所述根据所述对称加密算法密钥,对与所述业务场景请求对应的数据执行数据加密,包括:4. The method of claim 1, wherein performing data encryption on data corresponding to the business scenario request according to the symmetric encryption algorithm key includes: 识别所述业务场景请求中的敏感数据,所述敏感数据为敏感指数大于预设阈值的数据;Identify sensitive data in the business scenario request, where the sensitive data is data with a sensitivity index greater than a preset threshold; 根据所述对称加密算法密钥,对所述敏感数据执行数据加密。Data encryption is performed on the sensitive data based on the symmetric encryption algorithm key. 5.根据权利要求1所述的方法,其特征在于,所述对称加密算法包括数据加密标准算法、三重数据加密算法和高级加密标准算法中的一种或多种。5. The method of claim 1, wherein the symmetric encryption algorithm includes one or more of a data encryption standard algorithm, a triple data encryption algorithm and an advanced encryption standard algorithm. 6.一种数据加密装置,其特征在于,应用于目标系统,所述装置包括:选择模块和执行模块;6. A data encryption device, characterized in that it is applied to a target system, and the device includes: a selection module and an execution module; 所述选择模块,用于响应于源系统发出的业务场景请求,在所述目标系统的矩阵图中选择与所述源系统和所述业务场景请求对应的对称加密算法密钥;The selection module is configured to, in response to a business scenario request issued by the source system, select a symmetric encryption algorithm key corresponding to the source system and the business scenario request in the matrix diagram of the target system; 所述执行模块,用于根据所述对称加密算法密钥,对与所述业务场景请求对应的数据执行数据加密。The execution module is configured to perform data encryption on the data corresponding to the business scenario request according to the symmetric encryption algorithm key. 7.根据权利要求1所述的方法,其特征在于,所述执行模块具体包括:识别子模块和加密子模块;7. The method according to claim 1, characterized in that the execution module specifically includes: an identification sub-module and an encryption sub-module; 所述识别子模块,用于识别所述业务场景请求中的敏感数据,所述敏感数据为敏感指数大于预设阈值的数据;The identification submodule is used to identify sensitive data in the business scenario request, where the sensitive data is data with a sensitivity index greater than a preset threshold; 所述加密子模块,用于根据所述对称加密算法密钥,对所述敏感数据执行数据加密。The encryption submodule is used to perform data encryption on the sensitive data according to the symmetric encryption algorithm key. 8.根据权利要求1所述的方法,其特征在于,所述对称加密算法包括数据加密标准算法、三重数据加密算法和高级加密标准算法中的一种或多种。8. The method of claim 1, wherein the symmetric encryption algorithm includes one or more of a data encryption standard algorithm, a triple data encryption algorithm and an advanced encryption standard algorithm. 9.一种数据加密设备,其特征在于,包括:存储器和处理器;9. A data encryption device, characterized by including: a memory and a processor; 所述存储器,用于存储程序;The memory is used to store programs; 所述处理器,用于执行所述程序,实现如权利要求1至5中任一项所述的方法的各个步骤。The processor is configured to execute the program and implement each step of the method according to any one of claims 1 to 5. 10.一种计算机存储介质,其上存储有计算机程序,其特征在于,所述计算机程序被处理器执行时,实现如权利要求1至5中任一项所述的方法的各个步骤。10. A computer storage medium with a computer program stored thereon, characterized in that, when the computer program is executed by a processor, each step of the method according to any one of claims 1 to 5 is implemented.
CN202311052568.3A 2023-08-21 2023-08-21 Data encryption method, device, equipment and medium Pending CN117077170A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN202311052568.3A CN117077170A (en) 2023-08-21 2023-08-21 Data encryption method, device, equipment and medium
PCT/CN2023/136038 WO2025039410A1 (en) 2023-08-21 2023-12-04 Data encryption method and apparatus, device, and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311052568.3A CN117077170A (en) 2023-08-21 2023-08-21 Data encryption method, device, equipment and medium

Publications (1)

Publication Number Publication Date
CN117077170A true CN117077170A (en) 2023-11-17

Family

ID=88717852

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311052568.3A Pending CN117077170A (en) 2023-08-21 2023-08-21 Data encryption method, device, equipment and medium

Country Status (2)

Country Link
CN (1) CN117077170A (en)
WO (1) WO2025039410A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN119254436A (en) * 2024-12-03 2025-01-03 深圳桑达银络科技有限公司 A cryptography-based end-to-end financial data encryption method and system
WO2025039410A1 (en) * 2023-08-21 2025-02-27 中国银行股份有限公司 Data encryption method and apparatus, device, and medium
CN119921984A (en) * 2024-12-26 2025-05-02 华兴海安集团数智科技有限公司 A data classification and grading secure transmission method and device

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9251355B2 (en) * 2013-07-30 2016-02-02 International Business Machines Corporation Field level database encryption using a transient key
US11520905B2 (en) * 2019-11-20 2022-12-06 Kyndryl, Inc. Smart data protection
CN112016104B (en) * 2020-07-14 2024-04-23 北京淇瑀信息科技有限公司 A method, device and system for encrypting financial sensitive data
CN114357485A (en) * 2022-01-04 2022-04-15 北京理房通支付科技有限公司 Key encryption and decryption management method and system
CN115314202B (en) * 2022-10-10 2023-01-24 哈尔滨工业大学(深圳)(哈尔滨工业大学深圳科技创新研究院) Data processing method, electronic device, and storage medium based on secure multi-party computation
CN115730349A (en) * 2022-12-02 2023-03-03 平安银行股份有限公司 Data encryption method based on different service scenes, computer equipment and computer readable storage medium
CN116186740A (en) * 2023-03-02 2023-05-30 金蝶软件(中国)有限公司 Data encryption method, device, equipment and storage medium
CN116522358A (en) * 2023-04-20 2023-08-01 北京车智慧信息技术有限公司 Data encryption method, device, computing equipment and storage medium
CN117077170A (en) * 2023-08-21 2023-11-17 中国银行股份有限公司 Data encryption method, device, equipment and medium

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2025039410A1 (en) * 2023-08-21 2025-02-27 中国银行股份有限公司 Data encryption method and apparatus, device, and medium
CN119254436A (en) * 2024-12-03 2025-01-03 深圳桑达银络科技有限公司 A cryptography-based end-to-end financial data encryption method and system
CN119921984A (en) * 2024-12-26 2025-05-02 华兴海安集团数智科技有限公司 A data classification and grading secure transmission method and device

Also Published As

Publication number Publication date
WO2025039410A1 (en) 2025-02-27

Similar Documents

Publication Publication Date Title
CN117077170A (en) Data encryption method, device, equipment and medium
US20190377832A1 (en) Systems and Methods for Enabling a Global Aggregated Search, While Allowing Configurable Client Anonymity
US20150381629A1 (en) Crowd Sourced Access Approvals
CN111914279B (en) An efficient and accurate privacy seeking intersection system, method and device
US10831632B2 (en) Cognitive in-memory API logging
US12443740B2 (en) Data management platform
US20230153457A1 (en) Privacy data management in distributed computing systems
WO2021012554A1 (en) Method and apparatus for updating data field in block chain, medium, and electronic device
CN117633835A (en) Data processing method, device, equipment and storage medium
US12375474B2 (en) System for secured electronic data access through machine-learning based analysis of combined access authorizations
CA3060855C (en) Method and device for managing hot and cold data, electronic device, and computer readable medium
JP2023526462A (en) Method and apparatus for processing information
CN111325621A (en) Protocol processing method, device, computer system and medium
CN114782013B (en) Request processing method and device for flow modeling and electronic equipment
TWM658453U (en) Information Security Risk Assessment System
CN118018335A (en) Data hierarchical encryption method, device, equipment and medium
CN113609156B (en) Data query and write method and device, electronic equipment and readable storage medium
US11886607B1 (en) Apparatus and method configured to facilitate the selective search of a database
US20220038507A1 (en) Methods, apparatuses and systems for negotiating digital standards and compliance
US20250328908A1 (en) Protecting data privacy using data-masking labels in systems providing request fulfillment by consortium
US20250220552A1 (en) Reduced on-demand and standing privilege access control assignment recommendations in multi-cloud environments
US10033704B2 (en) Securing enterprise data on mobile devices
CN114531247B (en) Data sharing method, device, equipment, storage medium and program product
CN111985511A (en) Method and device for realizing task classification
CN115829729A (en) Supply chain financial credit evaluation system and method based on three-chain architecture

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination