[go: up one dir, main page]

CN113810407A - Data processing method, device and system and storage medium - Google Patents

Data processing method, device and system and storage medium Download PDF

Info

Publication number
CN113810407A
CN113810407A CN202111087125.9A CN202111087125A CN113810407A CN 113810407 A CN113810407 A CN 113810407A CN 202111087125 A CN202111087125 A CN 202111087125A CN 113810407 A CN113810407 A CN 113810407A
Authority
CN
China
Prior art keywords
data
encrypted
token table
request
token
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN202111087125.9A
Other languages
Chinese (zh)
Inventor
姜晟
范渊
杨勃
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
DBAPPSecurity Co Ltd
Original Assignee
DBAPPSecurity Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by DBAPPSecurity Co Ltd filed Critical DBAPPSecurity Co Ltd
Priority to CN202111087125.9A priority Critical patent/CN113810407A/en
Publication of CN113810407A publication Critical patent/CN113810407A/en
Withdrawn legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/45Network directories; Name-to-address mapping
    • H04L61/4505Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
    • H04L61/4511Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/088Usage controlling of secret information, e.g. techniques for restricting cryptographic keys to pre-authorized uses, different access levels, validity of crypto-period, different key- or password length, or different strong and weak cryptographic algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The application discloses a data processing method, a device, a system and a storage medium, wherein the method comprises the following steps: receiving a first request which is sent by a DNS server and carries data to be encrypted; according to the first request, encrypting each piece of data to be encrypted by using different token tables respectively to obtain a plurality of pieces of encrypted data; adding a marker character before each piece of encrypted data; the marking characters correspond to the token table one by one; and forwarding the encrypted data after the addition to a target server for data storage. The method enables an application to use a plurality of token tables for data encryption in a mixed mode, the dynamic token encryption mode does not change the storage length, fuzzy query is supported, and even if the token tables are leaked, a hacker can not completely decrypt the data when taking the token tables, so that the data security is greatly enhanced.

Description

Data processing method, device and system and storage medium
Technical Field
The present invention relates to the field of data encryption, and in particular, to a data processing method, apparatus, system, and storage medium.
Background
With the development of science and technology, a lot of data are not stored locally any more, the cost and efficiency of data leakage using a local area network are too low, more and more enterprise data are forced to be connected with a cloud, so that the data can be conveniently stored and analyzed, the safety problem is also brought, the data leakage of a large enterprise happens occasionally in several years, and each data leakage brings great loss to enterprises and users.
At present, in order to guarantee the security problem of data after cloud, the data is encrypted during uploading, and the encrypted data is decrypted during post-query, so that the sensitive data on the cloud is always encrypted, and the security of the data is guaranteed to a certain extent. However, the conventional encryption method may change the data length of the original data storage, and the original data may have only three characters, but the encrypted data may be very long and may have dozens of characters, which may cause that the original database does not support data of such length, which may cause the data to exceed the storage length in the database, and the encrypted data may not be subjected to fuzzy query, because the encrypted data of the fuzzy query may not be matched with the corresponding encrypted data.
Therefore, how to support fuzzy query and improve security without changing the storage length during data encryption is a technical problem to be urgently solved by those skilled in the art.
Disclosure of Invention
In view of the above, the present invention provides a data processing method, apparatus, system and storage medium, which support fuzzy query and greatly enhance data security without changing storage length by using dynamic tokenization encryption. The specific scheme is as follows:
a method of data processing, comprising:
receiving a first request which is sent by a DNS server and carries data to be encrypted;
according to the first request, encrypting each piece of data to be encrypted by using different token tables respectively to obtain a plurality of pieces of encrypted data;
adding a marker character in front of each piece of the encrypted data; the marking characters correspond to the token table one by one;
and forwarding the encrypted data after being added to a target server for data storage.
Preferably, in the data processing method provided in the embodiment of the present invention, the method further includes:
after the target server acquires the encrypted data according to the second request sent by the DNS server, receiving a third request which is sent by the target server and carries the encrypted data;
obtaining the corresponding token table according to the marker character added before the encrypted data in the third request;
decrypting the encrypted data according to the obtained token table to obtain decrypted data;
and sending the decrypted data to a client so that the client can present the decrypted data.
Preferably, in the data processing method provided in the embodiment of the present invention, while the encrypting each piece of data to be encrypted by using different token tables respectively, the method further includes:
and setting a validity period for each token table, wherein data encryption and decryption can be performed within the set validity period, and only data encryption can be performed when the set validity period is exceeded.
Preferably, in the above data processing method provided in an embodiment of the present invention, while decrypting the encrypted data according to the obtained token table, the method further includes:
when the obtained valid period of the token table exceeds the set valid period, updating the obtained token table through the control of the client;
and re-encrypting and decrypting the data according to the updated new token table.
An embodiment of the present invention further provides a data processing apparatus, including:
the request receiving module is used for receiving a first request which is sent by a DNS server and carries data to be encrypted;
the data encryption module is used for encrypting each piece of data to be encrypted by using different token tables according to the first request to obtain a plurality of pieces of encrypted data;
the character adding module is used for adding a marking character in front of each piece of encrypted data; the marking characters correspond to the token table one by one;
and the data forwarding module is used for forwarding the added encrypted data to a target server for data storage.
Preferably, in the data processing apparatus provided in the embodiment of the present invention, the request receiving module is further configured to receive a third request carrying the encrypted data sent by the target server after the target server obtains the encrypted data according to the second request sent by the DNS server;
further comprising:
a token table judgment module, configured to obtain the corresponding token table according to the marker character added before the encrypted data in the third request;
the data decryption module is used for decrypting the encrypted data according to the obtained token table to obtain decrypted data;
and the data issuing module is used for issuing the decrypted data to a client so that the client can present the decrypted data.
Preferably, in the data processing apparatus provided in the embodiment of the present invention, the data processing apparatus further includes:
and the validity period setting module is used for setting a validity period for each token table, encrypting and decrypting data in the set validity period, and only encrypting data when the set validity period is exceeded.
Preferably, in the data processing apparatus provided in the embodiment of the present invention, the data processing apparatus further includes:
and the token table updating module is used for updating the obtained token table under the control of the client when the obtained valid period of the token table exceeds the set valid period.
The embodiment of the invention also provides a data processing system which comprises the DNS server, the target server, the client and the data processing device provided by the embodiment of the invention.
The embodiment of the present invention further provides a computer-readable storage medium for storing a computer program, wherein the computer program, when executed by a processor, implements the above data processing method provided in the embodiment of the present invention.
As can be seen from the foregoing technical solutions, a data processing method provided by the present invention includes: receiving a first request which is sent by a DNS server and carries data to be encrypted; according to the first request, encrypting each piece of data to be encrypted by using different token tables respectively to obtain a plurality of pieces of encrypted data; adding a marker character before each piece of encrypted data; the marking characters correspond to the token table one by one; and forwarding the encrypted data after the addition to a target server for data storage.
The method provided by the invention can enable an application to mixedly use a plurality of token tables for data encryption, the dynamic token encryption mode does not change the storage length, supports fuzzy query, and even if the token table is leaked, a hacker can not completely decrypt the data when taking the token table, thereby greatly enhancing the security of the data. In addition, the invention also provides a corresponding device, a corresponding system and a corresponding computer readable storage medium for the data processing method, so that the method has higher practicability, and the device, the system and the computer readable storage medium have corresponding advantages.
Drawings
In order to more clearly illustrate the embodiments of the present invention or technical solutions in related arts, the drawings used in the description of the embodiments or related arts will be briefly introduced below, it is obvious that the drawings in the following description are only embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
FIG. 1 is a flow chart of a data processing method according to an embodiment of the present invention;
fig. 2 is a schematic diagram of a data encryption process provided in an embodiment of the present invention;
FIG. 3 is another flow chart of a data processing method according to an embodiment of the present invention;
FIG. 4 is a schematic structural diagram of a data processing apparatus according to an embodiment of the present invention;
fig. 5 is another schematic structural diagram of a data processing apparatus according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The invention provides a data processing method, which is based on a dynamic token table and comprises the following steps as shown in figure 1:
s1, after the user starts the encryption service through the client, the client sends a first request which is uploaded by the user and carries data to be encrypted to a DNS server;
it should be noted that, as shown in fig. 2, the precondition of the present invention is that a user logs in a client (i.e. an encryption platform), selects an application to be encrypted and an encrypted interface, and sends interface data (e.g. data to be encrypted) after configuration, along with encrypted interface fields.
S2, the DNS server forwards the first request carrying the data to be encrypted to the encryption server;
s3, the encryption server uses different token tables to encrypt each piece of data to be encrypted respectively according to the first request to obtain a plurality of pieces of encrypted data;
it should be noted that, if only one kind of token table is used to encrypt all data, it is easy for hackers to reverse-crack the token table, once the token table is cracked, all encrypted data will be exposed to hackers, and the risk still exists. The cryptographic server of the present invention itself therefore maintains a set of token tables having a plurality of different token tables. As shown in fig. 2, the encryption server may randomly pick a token table for the data to be encrypted in the interface, and encrypt the data using the token table.
S4, adding a marker character before each piece of encrypted data by the encryption server; the marking characters correspond to the token table one by one;
specifically, a marker character is added before a piece of encrypted data to indicate which token table is used for encryption of the encrypted data.
S5, the encryption server forwards the added encrypted data to a target server for data storage;
specifically, the target server is a cloud server, and data stored on the cloud server is encrypted data all the time, so that the safety of user data is protected.
In the data processing method provided by the embodiment of the invention, one application can use a plurality of token tables in a mixed manner for data encryption, the dynamic tokenization encryption mode does not change the storage length, fuzzy query is supported, even if the token tables leak, a hacker can not completely decrypt the data when taking one or two token tables, and the hacker does not know which token table each of thousands of data is used at all and whether the hacker has the data for changing the token tables, so that the data security is greatly enhanced.
Further, in a specific implementation, in the data processing method provided in the embodiment of the present invention, since dynamic multi-tokenization is also a reversible process, as shown in fig. 3, the method may further include the following steps:
s6, when the user requests data, sending a second request to the DNS server through the client;
s7, the DNS server forwards the second request to the target server;
s8, the target server acquires the encrypted data and sends a third request carrying the encrypted data to the encryption server;
s9, the encryption server obtains a corresponding token table according to the mark character added before the data is encrypted in the third request;
s10, the encryption server decrypts the encrypted data according to the obtained token table to obtain decrypted data;
s11, the encryption server sends the decrypted data to the client;
and S12, the client presents the decrypted data.
In practical applications, all encryption and decryption processes are imperceptible to users, and the use is not different from the prior non-encryption.
In addition, in order to further improve the security of the data, in a specific implementation, in the data processing method provided in the embodiment of the present invention, when the step S3 is executed to encrypt each piece of data to be encrypted by using different token tables, the method may further include: and setting a validity period for each token table, wherein data encryption and decryption can be performed within the set validity period, and only data encryption can be performed when the set validity period is exceeded.
That is to say, the invention combines the encryption mode of multiple tokens, sets the valid period for each token table, the valid period starts from the step of participating in data encryption, can encrypt and decrypt normally in the valid period, the valid period is exceeded, namely the token table can not analyze data after being invalid, only can encrypt data, can not decrypt data, the token table in hacker will lose effect, the interface returns the encrypted data. Preferably, the validity period of the token table used for encryption may be set to two weeks, where the two weeks may be a default value, that is, each token table used by a user has two worship validity periods, data in the validity period may be normally encrypted and decrypted by using the token table, and once the validity period expires, the data may be encrypted only, and cannot be correspondingly decrypted, and the data returned by the interface is an encrypted ciphertext.
After the token table is invalid, in order to further improve controllability of the data, in a specific implementation, in the data processing method provided in the embodiment of the present invention, when the step S10 is executed to decrypt the encrypted data according to the obtained token table, the method may further include: when the validity period of the obtained token table exceeds the set validity period, updating the obtained token table under the control of the client; and re-encrypting and decrypting the data according to the updated new token table.
That is, the present invention can autonomously update the token for the encryption method. When the set validity period is exceeded, the active right of the token table encryption can be moved to the user, the user can click the 'update token table' again at the client side, the token table is actively updated, and then the new token table in the multi-token table is used for carrying out encryption and decryption again, so that the decrypted data can be normally used. Therefore, even if the user data and the token table are leaked, a hacker can not decrypt the data when the expired and failed token table is taken by the hacker. The method not only reserves the advantages of a token encryption mode, but also hands over the right of encryption and decryption to the user, thereby not only greatly increasing the security of data, but also enabling the user to master the data independently and increasing the controllability of the user to the data. Preferably, the updated token is randomly generated, which is unpredictable, greatly improving the security and controllability of the data.
In addition, if the user does not need to use the tokenized encrypted data under a special scene, the user can also autonomously select to remove the encryption of the token table at the client, namely, the user actively abandons the encryption of the token table, the data can be decrypted into the plaintext again and stored in the database, and all the original encryption logic can not be used any more. Therefore, the operation right of data encryption and decryption is moved to the user, the user can sense the data encryption and update the encrypted token at any time according to the idea of the user, so that the data security is greatly improved, and the data security is guaranteed.
It should be noted that unlike encryption, tokenized data does not have any mathematical relationship to the original data and is typically used to protect sensitive data, such as credit card information (PCI), Personal Identity Information (PII) and Personal Health Information (PHI). Tokenization replaces sensitive data throughout an enterprise with data that is not itself valuable, thereby reducing the footprint of sensitive data on the enterprise system and greatly reducing the risk of losing sensitive data in the event of a leak.
Based on the same inventive concept, embodiments of the present invention further provide a data processing apparatus, and since the principle of the apparatus for solving the problem is similar to that of the foregoing data processing method, the implementation of the apparatus may refer to the implementation of the data processing method, and repeated details are not repeated.
In specific implementation, as shown in fig. 4, the data processing apparatus provided in the embodiment of the present invention specifically includes:
a request receiving module 11, configured to receive a first request carrying data to be encrypted, where the first request is sent by a DNS server;
the data encryption module 12 is configured to encrypt each piece of data to be encrypted by using different token tables according to the first request, so as to obtain multiple pieces of encrypted data;
a character adding module 13, configured to add a marker character before each piece of encrypted data; the marking characters correspond to the token table one by one;
and the data forwarding module 14 is used for forwarding the added encrypted data to the target server for data storage.
In the data processing device provided by the embodiment of the invention, the four modules interact with each other, a plurality of token tables are mixed for data encryption, the storage length is not changed, fuzzy query is supported, and even if the token tables are leaked, a hacker can not completely decrypt the data when taking the token tables, so that the data security is greatly enhanced.
In specific implementation, in the data processing apparatus provided in the embodiment of the present invention, the request receiving module 11 is further configured to receive a third request carrying encrypted data sent by the target server after the target server obtains the encrypted data according to the second request sent by the DNS server;
based on this, as shown in fig. 5, the method may further include:
the token table judging module 15 is configured to obtain a corresponding token table according to the marker character added before the encrypted data in the third request;
the data decryption module 16 is configured to decrypt the encrypted data according to the obtained token table to obtain decrypted data;
and the data issuing module 17 is configured to issue the decrypted data to the client, so that the client presents the decrypted data.
In specific implementation, as shown in fig. 5, the data processing apparatus provided in the embodiment of the present invention may further include:
and the validity period setting module 18 is used for setting a validity period for each token table, wherein data encryption and decryption can be performed within the set validity period, and only data encryption can be performed when the set validity period is exceeded.
In specific implementation, as shown in fig. 5, the data processing apparatus provided in the embodiment of the present invention may further include:
and a token table updating module 19, configured to update the obtained token table under the control of the client when the validity period of the obtained token table exceeds the set validity period.
For more specific working processes of the modules, reference may be made to corresponding contents disclosed in the foregoing embodiments, and details are not repeated here.
Correspondingly, the embodiment of the invention also discloses a data processing system which comprises the DNS server, the target server, the client and the data processing device disclosed by the embodiment.
For a more specific process of the above device, reference may be made to corresponding contents disclosed in the foregoing embodiments, and details are not repeated herein.
Further, the present invention also discloses a computer readable storage medium for storing a computer program; the computer program, when executed by a processor, implements the data processing method disclosed previously.
For more specific processes of the above method, reference may be made to corresponding contents disclosed in the foregoing embodiments, and details are not repeated here.
The embodiments are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same or similar parts among the embodiments are referred to each other. The system and the storage medium disclosed by the embodiment correspond to the method disclosed by the embodiment, so that the description is simple, and the relevant points can be referred to the method part for description.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative components and steps have been described above generally in terms of their functionality in order to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in Random Access Memory (RAM), memory, Read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
To sum up, a data processing method provided by the embodiment of the present invention includes: receiving a first request which is sent by a DNS server and carries data to be encrypted; according to the first request, encrypting each piece of data to be encrypted by using different token tables respectively to obtain a plurality of pieces of encrypted data; adding a marker character before each piece of encrypted data; the marking characters correspond to the token table one by one; and forwarding the encrypted data after the addition to a target server for data storage. The method enables an application to use a plurality of token tables for data encryption in a mixed mode, the dynamic token encryption mode does not change the storage length, fuzzy query is supported, and even if the token tables are leaked, a hacker can not completely decrypt the data when taking the token tables, so that the data security is greatly enhanced. In addition, the invention also provides a corresponding device, a corresponding system and a corresponding computer readable storage medium for the data processing method, so that the method has higher practicability, and the device, the system and the computer readable storage medium have corresponding advantages.
Finally, it should also be noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The data processing method, device, system and storage medium provided by the present invention are described in detail above, and the principle and the implementation of the present invention are explained in this document by applying specific examples, and the description of the above embodiments is only used to help understanding the method and the core idea of the present invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present invention.

Claims (10)

1. A data processing method, comprising:
receiving a first request which is sent by a DNS server and carries data to be encrypted;
according to the first request, encrypting each piece of data to be encrypted by using different token tables respectively to obtain a plurality of pieces of encrypted data;
adding a marker character in front of each piece of the encrypted data; the marking characters correspond to the token table one by one;
and forwarding the encrypted data after being added to a target server for data storage.
2. The data processing method of claim 1, further comprising:
after the target server acquires the encrypted data according to the second request sent by the DNS server, receiving a third request which is sent by the target server and carries the encrypted data;
obtaining the corresponding token table according to the marker character added before the encrypted data in the third request;
decrypting the encrypted data according to the obtained token table to obtain decrypted data;
and sending the decrypted data to a client so that the client can present the decrypted data.
3. The data processing method according to claim 2, wherein while the encrypting each piece of the data to be encrypted using a different token table respectively, further comprises:
and setting a validity period for each token table, wherein data encryption and decryption can be performed within the set validity period, and only data encryption can be performed when the set validity period is exceeded.
4. The data processing method according to claim 3, further comprising, while decrypting the encrypted data according to the obtained token table:
when the obtained valid period of the token table exceeds the set valid period, updating the obtained token table through the control of the client;
and re-encrypting and decrypting the data according to the updated new token table.
5. A data processing apparatus, comprising:
the request receiving module is used for receiving a first request which is sent by a DNS server and carries data to be encrypted;
the data encryption module is used for encrypting each piece of data to be encrypted by using different token tables according to the first request to obtain a plurality of pieces of encrypted data;
the character adding module is used for adding a marking character in front of each piece of encrypted data; the marking characters correspond to the token table one by one;
and the data forwarding module is used for forwarding the added encrypted data to a target server for data storage.
6. The data processing apparatus according to claim 5, wherein the request receiving module is further configured to receive a third request carrying the encrypted data sent by the target server after the target server obtains the encrypted data according to the second request sent by the DNS server;
further comprising:
a token table judgment module, configured to obtain the corresponding token table according to the marker character added before the encrypted data in the third request;
the data decryption module is used for decrypting the encrypted data according to the obtained token table to obtain decrypted data;
and the data issuing module is used for issuing the decrypted data to a client so that the client can present the decrypted data.
7. The data processing apparatus of claim 6, further comprising:
and the validity period setting module is used for setting a validity period for each token table, encrypting and decrypting data in the set validity period, and only encrypting data when the set validity period is exceeded.
8. The data processing apparatus of claim 7, further comprising:
and the token table updating module is used for updating the obtained token table under the control of the client when the obtained valid period of the token table exceeds the set valid period.
9. A data processing system comprising a DNS server, a target server, a client, and a data processing apparatus according to any one of claims 5 to 8.
10. A computer-readable storage medium for storing a computer program, wherein the computer program, when executed by a processor, implements the data processing method of any one of claims 1 to 4.
CN202111087125.9A 2021-09-16 2021-09-16 Data processing method, device and system and storage medium Withdrawn CN113810407A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111087125.9A CN113810407A (en) 2021-09-16 2021-09-16 Data processing method, device and system and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111087125.9A CN113810407A (en) 2021-09-16 2021-09-16 Data processing method, device and system and storage medium

Publications (1)

Publication Number Publication Date
CN113810407A true CN113810407A (en) 2021-12-17

Family

ID=78941302

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111087125.9A Withdrawn CN113810407A (en) 2021-09-16 2021-09-16 Data processing method, device and system and storage medium

Country Status (1)

Country Link
CN (1) CN113810407A (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103281179A (en) * 2011-10-31 2013-09-04 Ncr公司 System and method of securely delivering and verifying a mobile boarding pass
US20140164774A1 (en) * 2012-12-12 2014-06-12 Citrix Systems, Inc. Encryption-Based Data Access Management
CN107040520A (en) * 2017-03-13 2017-08-11 华北理工大学 A kind of cloud computing data-sharing systems and method
CN109120621A (en) * 2018-08-21 2019-01-01 杭州中天微系统有限公司 Data processor

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103281179A (en) * 2011-10-31 2013-09-04 Ncr公司 System and method of securely delivering and verifying a mobile boarding pass
US20140164774A1 (en) * 2012-12-12 2014-06-12 Citrix Systems, Inc. Encryption-Based Data Access Management
CN107040520A (en) * 2017-03-13 2017-08-11 华北理工大学 A kind of cloud computing data-sharing systems and method
CN109120621A (en) * 2018-08-21 2019-01-01 杭州中天微系统有限公司 Data processor

Similar Documents

Publication Publication Date Title
JP6838799B2 (en) Key export technology
US9432346B2 (en) Protocol for controlling access to encryption keys
US8140855B2 (en) Security-enhanced log in
US8549298B2 (en) Secure online service provider communication
KR101982237B1 (en) Method and system for data sharing using attribute-based encryption in cloud computing
US20030210791A1 (en) Key management
CN109729041B (en) Method and device for issuing and acquiring encrypted content
US9372987B1 (en) Apparatus and method for masking a real user controlling synthetic identities
US20120324225A1 (en) Certificate-based mutual authentication for data security
Li et al. An extended multi-server-based user authentication and key agreement scheme with user anonymity.
US8619978B2 (en) Multiple account authentication
US20080288776A1 (en) Security method using virtual keyboard
US11133926B2 (en) Attribute-based key management system
US8650405B1 (en) Authentication using dynamic, client information based PIN
AU2003233043A1 (en) System and method for storage and retrieval of a cryptographic secret from a plurality of network enabled clients
US7359518B2 (en) Distribution of secured information
EP3185465A1 (en) A method for encrypting data and a method for decrypting data
CN105721148A (en) Data file encryption method and system based on double random numbers
CN108170753B (en) A method for encryption and secure query of Key-Value database in public cloud
CN103368918A (en) Method, device and system for dynamic password authentication
WO2000022773A1 (en) System and method of sending and receiving secure data with a shared key
US11997191B2 (en) System and method for protecting secret data items using multiple tiers of encryption and secure element
Roy et al. A Hybrid Security Framework to Preserve Multilevel Security on Public Cloud Networks
Liu et al. ESMAC: Efficient and secure multi-owner access control with TEE in multi-level data processing
CN113810407A (en) Data processing method, device and system and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication
WW01 Invention patent application withdrawn after publication

Application publication date: 20211217