Note: Descriptions are shown in the official language in which they were submitted.
CA 03176858 2022-09-23
DATA PROCESSING METHOD AND SYSTEM
BACKGROUND OF THE INVENTION
Technical Field
[0001] The present invention relates to the field of data security technology,
and more
particularly to a data processing method and a corresponding system.
Description of Related Art
[0002] Currently, there are the following several methods for data security
management and
control in the field of big data:
[0003] Method 1, the same and single secret key is used to encrypt sensitive
data in the process
of data production or transmission before entry into the database, and the
data user uses
a corresponding (symmetric or asymmetric) secret key for decryption;
[0004] Method 2, sensitive data is performed with high-level permission
management and
control, and it is physically and technologically ensured that only the
essential personnel
can come in contact with the sensitive data;
[0005] Method 3, an encryption/decryption mechanism is implanted to the access
engine of the
database, and encryption and decryption of sensitive data are transparent to
users.
[0006] However, the above methods are all defective as specified below:
[0007] As regards Method 1, the data producer or the data user can come in
contact with the
encryption/decryption secret key, there is a risk of leakage of the secret
key, while the
encrypted data is no longer secure once the secret key is leaked;
[0008] As regards Method 2, although there is high-level permission management
and control,
the data warehouse management personnel can still come in direct contact with
sensitive
data, and the principle of minimization of permission is not satisfied;
1
Date Regue/Date Received 2022-09-23
CA 03176858 2022-09-23
[0009] As regards Method 3, implantation of the encryption/decryption
mechanism to the access
engine of the database cannot eliminate the possibility of data being leaked
in the process
of circulating the data before entry into the database.
SUMMARY OF THE INVENTION
[0010] Aiming to solve one of the technical problems prevailing in the state
of the art or existent
in the related technologies, the present invention provides a data processing
method and
a data processing system.
[0011] Specific technical solutions provided by the embodiments of the present
invention are as
follows.
[0012] According to the first aspect, the present invention provides a data
processing method,
the method is applied to a data processing system that comprises a service
gateway and a
service cluster, wherein the service cluster includes a plurality of service
instances, and a
database is deployed in the service cluster; the method comprises:
[0013] receiving, by the service gateway, a data encryption request sent from
a first user, and
routing the data encryption request to the service cluster, wherein the data
encryption
request carries therewith data to be encrypted and a data access permission;
[0014] invoking, by the service cluster, a corresponding service instance from
the plural service
instances to encrypt the data to be encrypted to generate a cyphertext, and to
generate an
encrypted event;
[0015] correspondingly storing the data access permission, an event number of
the encrypted
event, an encryption algorithm and a secret key used to encrypt the data to be
encrypted
in the database;
[0016] returning to the service gateway an encryption result containing the
cyphertext, an
identifier of the service cluster, and the event number; and
[0017] returning, by the service gateway, the encryption result to the first
user.
2
Date Regue/Date Received 2022-09-23
CA 03176858 2022-09-23
[0018] Further, when there are plural service clusters, the step of routing
the data encryption
request to the service cluster includes:
[0019] determining a service cluster having mapping relation to the first user
from the plural
service clusters according to a preset mapping relation table; and
[0020] routing the data encryption request to the service cluster having
mapping relation to the
first user.
[0021] Further, the plural service clusters include at least two selected from
a symmetric
encryption service cluster, a Hash algorithm service cluster, an asymmetric
encryption
service cluster, and a business customization encryption service cluster.
[0022] Moreover, the secret key is randomly extracted from a secret key pool,
and the method
further comprises:
[0023] replacing a secret key in the secret key pool according to a preset
secret key replacing
condition.
[0024] Further, the secret key replacing condition is one of the following
conditions:
[0025] the number of uses of the secret key in the secret key pool reaches a
number of uses
threshold; or
[0026] a time of existence of the secret key in the secret key pool reaches a
time threshold.
[0027] Moreover, the method further comprises:
[0028] receiving, by the service gateway, a data decryption request sent from
a second user,
wherein the data decryption request carries therewith a cyphertext to be
encrypted, a
service cluster identifier, and an encrypted event number;
[0029] routing, by the service gateway, the data decryption request to a
service cluster to which
the service cluster identifier corresponds;
[0030] enquiring in the database, by the service cluster, a data access
permission to which the
3
Date Regue/Date Received 2022-09-23
CA 03176858 2022-09-23
encrypted event number corresponds, and invoking a corresponding service
instance from
the plural service instances, when the second user possesses the data access
permission,
to decrypt the cyphertext to be encrypted based on an encryption algorithm and
a secret
key to which the encrypted event number corresponds and obtain a plaintext;
and
[0031] returning, by the service cluster, a decryption result containing the
plaintext to the service
gateway, so that the service gateway returns the decryption result to the
second user.
[0032] Further, the corresponding service instance is selected from the plural
service instances
according to a load balancing mode or a random mode.
[0033] According to the second aspect, there is provided a data processing
system that comprises
a service gateway and a service cluster, wherein the service cluster includes
a plurality of
service instances, and a database is deployed in the service cluster, wherein:
[0034] the service gateway is employed for receiving a data encryption request
sent from a first
user, and routing the data encryption request to the service cluster, wherein
the data
encryption request carries therewith data to be encrypted and a data access
permission;
[0035] the service cluster is employed for invoking a corresponding service
instance from the
plural service instances to encrypt the data to be encrypted to generate a
cyphertext, and
to generate an encrypted event;
[0036] the service cluster is further employed for correspondingly storing the
data access
permission, an event number of the encrypted event, an encryption algorithm
and a secret
key used to encrypt the data to be encrypted in the database; and
[0037] returning to the service gateway an encryption result containing the
cyphertext, an
identifier of the service cluster, and the event number; and
[0038] the service gateway is further employed for returning the encryption
result to the first user.
[0039] Further, when there are plural service clusters, the service gateway is
specifically
employed for:
[0040] determining a service cluster having mapping relation to the first user
from the plural
4
Date Regue/Date Received 2022-09-23
CA 03176858 2022-09-23
service clusters according to a preset mapping relation table; and
[0041] routing the data encryption request to the service cluster having
mapping relation to the
first user.
[0042] Further, the plural service clusters include at least two selected from
a symmetric
encryption service cluster, a Hash algorithm service cluster, an asymmetric
encryption
service cluster, and a business customization encryption service cluster.
[0043] Further, the secret key is randomly extracted from a secret key pool,
and the service
cluster is specifically employed for:
[0044] replacing a secret key in the secret key pool according to a preset
secret key replacing
condition.
[0045] Further, the secret key replacing condition is one of the following
conditions:
[0046] the number of uses of the secret key in the secret key pool reaches a
number of uses
threshold; or
[0047] a time of existence of the secret key in the secret key pool reaches a
time threshold.
[0048] Further, the service gateway is further employed for receiving a data
decryption request
sent from a second user, wherein the data decryption request carries therewith
a
cyphertext to be encrypted, a service cluster identifier, and an encrypted
event number;
[0049] the service gateway is further employed for routing the data decryption
request to a
service cluster to which the service cluster identifier corresponds;
[0050] the service cluster is further employed for enquiring in the database a
data access
permission to which the encrypted event number corresponds, and invoking a
corresponding service instance from the plural service instances, when the
second user
possesses the data access permission, to decrypt the cyphertext to be
encrypted based on
an encryption algorithm and a secret key to which the encrypted event number
corresponds and obtain a plaintext;
Date Regue/Date Received 2022-09-23
CA 03176858 2022-09-23
[0051] the service cluster is further employed for returning a decryption
result containing the
plaintext to the service gateway; and
[0052] the service gateway is further employed for returning the decryption
result to the second
user.
[0053] Moreover, the service cluster is specifically further employed for:
[0054] selecting the corresponding service instance from the plural service
instances according
to a load balancing mode or a random mode.
[0055] The technical solutions provided by the embodiments of the present
invention bring about
the following advantageous effects.
[0056] 1. None of the data producer and the data user comes in contact with
the
encryption/decryption secret keys during the process of data encryption and
data
decryption, whereby the risk for the data producer and the data user to leak
the secret key
is reduced, and security of data is rendered higher.
[0057] 2. Guarantee is supplied to the settlement of the principle of
minimization of data access
permissions, it is ensured that the data is transmitted and stored always by a
specific
cyphertext format, the plaintext cannot be obtained by both the system and the
personnel
involved during the transmission process and the storage phase, so high
security is
achieved.
BRIEF DESCRIPTION OF THE DRAWINGS
[0058] To describe the technical solutions in the embodiments of the present
invention more
clearly, drawings required for use in the description of the embodiments will
be briefly
introduced below. Apparently, the drawings introduced below are merely
directed to some
embodiments of the present invention, and it is possible for persons
ordinarily skilled in
6
Date Regue/Date Received 2022-09-23
CA 03176858 2022-09-23
the art to acquire other drawings without creative effort being spent in the
process based
on these drawings.
[0059] Fig. 1 is a view schematically illustrating an application environment
provided by the
embodiments of the present invention;
[0060] Fig. 2 is a flowchart illustrating a data processing method provided by
Embodiment 1 of
the present invention;
[0061] Fig. 3 is a flowchart illustrating a data processing method provided by
Embodiment 2 of
the present invention; and
[0062] Fig. 4 is a block diagram illustrating a data processing system
provided by Embodiment
3 of the present invention.
DETAILED DESCRIPTION OF THE INVENTION
[0063] To make the objectives, technical solutions and advantages of the
present invention more
lucid and clear, the technical solutions in the embodiments of the present
invention will
be clearly and comprehensively described below in conjunction with
accompanying
drawings in the embodiments of the present invention. Apparently, the
embodiments as
described below are merely partial, rather than the entire, embodiments of the
present
invention. All other embodiments makeable by persons ordinarily skilled in the
art on the
basis of the embodiments in the present invention without spending any
creative effort in
the process shall all fall within the protection scope of the present
invention.
[0064] As should be understood, the terms "first" and "second" etc. used in
the description of
the present application are merely for descriptive purposes, rather than for
indicating or
implying relative importance. In addition, unless explained otherwise in the
description
7
Date Regue/Date Received 2022-09-23
CA 03176858 2022-09-23
of the present application, the wordings of "plural" and "a plurality of'
denote the
meaning of "two or more".
[0065] Fig. 1 is a view schematically illustrating an application environment
provided by the
embodiments of the present invention, as shown in Fig. 1, the application
environment
can include client end 01, service gateway 02, and service cluster 03, wherein
client end
01 can be run in a user equipment of a data producer or a data supplier, and
can also be
run in a user equipment of a data user, understandably, client end 01 is not
restricted to
be one, and the user equipment includes, but is not limited to, any of such an
entity
equipment as a table computer, a panel computer, a notebook computer, a smart
mobile
phone, etc. Service gateway 02 can uniformly supply REST API (Application
Programming Interface) to client end 01 to receive an external request, and to
forward the
received external request to the backend service cluster, in addition, the
service gateway
further possesses such function as permission control; service cluster 03
includes such
plural service instances as service instance 1, service instance 2 ........
service instance n,
the plural service instances include many different types of service
instances, each type
of service instances is at least one, and each service instance can supply
encryption and
decryption services by deploying encryption and decryption algorithms therein.
[0066] Embodiment 1
[0067] This embodiment of the present invention provides a data processing
method, this data
processing method is applied to a data processing system that comprises a
service
gateway and a service cluster, of which the service cluster includes a
plurality of service
instances, and in the service cluster is deployed a database; as shown in Fig.
2, the data
processing method comprises the following steps.
[0068] 201 - receiving, by the service gateway, a data encryption request sent
from a first user,
and routing the data encryption request to the service cluster, wherein the
data encryption
8
Date Regue/Date Received 2022-09-23
CA 03176858 2022-09-23
request carries therewith data to be encrypted and a data access permission.
[0069] In this embodiment, the first user can be a data producer or a data
supplier, and the first
user submits the data encryption request to the service gateway through a
first client end.
[0070] The data to be encrypted as carried in the data encryption request can
be data that contains
sensitive information, such as user identification information or assets
information, etc.
[0071] The data access permission carried in the data encryption request is
used to indicate the
permission to decrypt cyphertext of the data to be encrypted, the data access
permission
can include a user identifier of the user authorized to access, and the user
identifier can
be a username, a client end address (such as MAC address), and so on, to which
no
definition is made here.
[0072] The service cluster can be any one of a symmetric encryption service
cluster, a Hash
algorithm service cluster, an asymmetric encryption service cluster, and a
business
customization encryption service cluster. The plural service instances
included in the
server cluster can include various different types of service instances, each
type of service
instances is at least one, and each service instance can supply encryption and
decryption
services by deploying encryption and decryption algorithms therein. The types
here are
identical with the deployed encryption and decryption algorithms.
[0073] When the service cluster is an asymmetric service cluster, the service
cluster can include
several DES encryption service instances, plural 3DES encryption service
instances,
plural 5M4 encryption service instances, and plural AES encryption service
instances;
when the service cluster is a Hash algorithm service cluster, the service
cluster can include
plural MD5 service instances, plural SHA service instances, plural 5M3 service
instances,
and plural AES encryption service instances; when the service cluster is an
asymmetric
encryption service cluster, the server cluster can include plural RSA
encryption service
9
Date Regue/Date Received 2022-09-23
CA 03176858 2022-09-23
instances, plural ECC encryption service instances, and plural SM2 encryption
service
instances.
[0074] Moreover, before routing the data encryption request to the service
cluster in step 201,
the method provided by this embodiment of the present invention can further
comprise:
[0075] performing identification verification and authentication on the first
user, returning
encryption request failure information to the first user if the first user
does not pass the
identification verification and authentication, and routing the data
encryption request to
the service cluster if the first user passes authentication.
[0076] In this embodiment, by performing identification verification and
authentication on
service invokers, different permissions can be supplied to different client
ends through
permission control, surveillance functions are provided for accesses and
availabilities of
service clusters, and different service clusters can be opened up to different
client ends,
so that security in accessing service clusters is enhanced.
[0077] Further, when there are plural service clusters, the process of routing
the data encryption
request to the service cluster in step 201 can include:
[0078] determining a service cluster having mapping relation to the user
identifier in the data
encryption request from the plural service clusters according to a preset
mapping relation
table, and routing the data encryption request to the service cluster having
mapping
relation to the user identifier.
[0079] The plural service clusters include at least two selected from a
symmetric encryption
service cluster, a Hash algorithm service cluster, an asymmetric encryption
service cluster,
and a business customization encryption service cluster.
[0080] During the process of specific implementation, after the data producer
or the data supplier
has completed service registration, the service gateway can create mapping
relations
Date Regue/Date Received 2022-09-23
CA 03176858 2022-09-23
between user identifiers of the data producer or the data supplier and plural
service
clusters, the mapping relations can be one-to-one relations and can also be
one-to-many
relations, whereby the data producer or the data supplier can randomly route
the data
encryption request to a service cluster having mapping relation to the user
identifier
through the first client end.
[0081] Besides, when the data encryption request carries therewith a
designated encryption
service identifier, the data encryption request can be routed to the service
cluster having
mapping relation to the user identifier and corresponding to encryption
service identifier.
[0082] In this embodiment, when there are plural service clusters, the
encryption request is
routed to the service cluster having mapping relation to the user identifier
in the data
encryption request according to a preset mapping relation table, whereby
invoking
requests for different encryption services by different users can be
satisfied, and it is
realized to control secure access to encrypted service clusters, so that
security in accessing
service clusters is enhanced.
[0083] 202 - invoking, by the service cluster, a corresponding service
instance from the plural
service instances to encrypt the data to be encrypted to generate a
cyphertext, and to
generate an encrypted event.
[0084] Specifically, this process can include:
[0085] selecting the corresponding service instance from the plural service
instances according
to a load balancing mode or a random mode; and
[0086] invoking the service instance to encrypt the data to be encrypted, to
generate a cyphertext,
and to simultaneously generate an encrypted event according to an encryption
algorithm
and a pre-generated secret key preset on the service instance.
[0087] The step of selecting the corresponding service instance from the
plural service instances
11
Date Regue/Date Received 2022-09-23
CA 03176858 2022-09-23
according to a load balancing mode includes:
[0088] monitoring in real time load statuses of plural service instances, and
selecting the service
instance with the smallest current load from the plural service instances
according to the
load balancing mode and in accordance with the monitoring result.
[0089] The load status of a service instance can include one or more selected
from a CPU
utilization rate, a memory utilization rate, magnetic disk reading/writing,
and network
connection status.
[0090] The secret key used for encrypting the data to be encrypted is randomly
extracted from a
secret key pool. In this embodiment, encryption/decryption secret key pools
can be
respectively set in advance with respect to different types of encryption
algorithms, and
preset numbers of secret keys are generated in advance in the
encryption/decryption
secret key pools, when the service cluster invokes a service instance to
perform
encryption service, one/a pair of secret key(s) can be randomly extracted from
the
corresponding encryption/decryption secret key pool to serve as the secret
key(s) to
encrypt the data to be encrypted this time.
[0091] Moreover, the method provided by this embodiment of the present
invention further
comprises:
[0092] replacing a secret key in the secret key pool according to a preset
secret key replacing
condition.
[0093] The secret key replacing condition is one of the following conditions:
[0094] the number of uses of the secret key in the secret key pool reaches a
number of uses
threshold; or
[0095] a time of existence of the secret key in the secret key pool reaches a
time threshold.
[0096] Specifically, when the number of uses of a secret key in the secret key
pool reaches the
12
Date Regue/Date Received 2022-09-23
CA 03176858 2022-09-23
number of uses threshold, the secret key can be deleted from the secret key
pool, and
one/a pair of new secret key(s) is/are simultaneously generated and placed in
the secret
key pool; alternatively, when the time of existence of a secret key in the
secret key pool
reaches the time threshold, the secret key can be deleted from the secret key
pool, and
one/a pair of new secret key(s) is/are simultaneously generated and placed in
the secret
key pool.
[0097] In the embodiments of the present invention, by replacing the secret
key in the secret key
pool according to a preset secret key replacing condition, security in the
data encrypting
process can be further supplied.
[0098] Exemplarily, suppose that the service instance invoked from a plurality
of service
instances is an AES encryption service instance, if the data to be encrypted
is an
identification card number, the AES encryption service instance is invoked to
encrypt the
identification card number according to an AES algorithm and a secret key
randomly
extracted from the secret key pool, the cyphertext generated from the
identification card
number is " eeL3F XVj nhb7J3x0j YJbki QZnnQj YOQH ScUG7VsWvCE=", the
corresponding cyphertext length is 44 bytes, the encryption service
simultaneously
generates an event number, and the event number is used to uniquely identify
the
encrypted event this time, wherein the event number can be a serial number
with a length
of 64 bits, and is expressed decimally.
[0099] 203 - correspondingly storing the data access permission, an event
number of the
encrypted event, an encryption algorithm and a secret key used to encrypt the
data to be
encrypted in the database.
[0100] The database can be embodied as a key-value database, in which data can
be organized,
retrieved, and stored in the form of key-value pairs.
13
Date Regue/Date Received 2022-09-23
CA 03176858 2022-09-23
[0101] Specifically, the event number of the encrypted event is taken as the
Key, the data access
permission, the encryption algorithm and the secret key used to encrypt the
data to be
encrypted are taken as the Value, and these are correspondingly stored in the
key-value
database.
[0102] In this embodiment, by using a key-value database to store the event
number of the
encrypted event, the data access permission, the encryption algorithm and the
secret key
used to encrypt the data to be encrypted, it can be facilitated to
subsequently lessen
resource consumption of the database by virtue of the quick and high-
performance
retrieval of the encrypted event number, and it is realized to manage and
control data
access permissions of cyphertexts, to prevent encryption algorithms and secret
keys in
the database from being decrypted by inadequate users to invoke decryption
services in
the service clusters to obtain plaintexts, whereby security of the data is
further enhanced.
[0103] 204 - returning to the service gateway an encryption result containing
the cyphertext, an
identifier of the service cluster, and the event number.
[0104] Specifically, the encrypted event number, the identifier of the service
cluster, and the
encrypted event number are assembled with a certain data format to obtain the
encryption
result.
[0105] During the process of specific implementation, the encryption result
can be a byte array
obtained by sequentially joining a byte array of the event number, the
identifier of the
service cluster, and a byte array of the cyphertext.
[0106] 205 - returning, by the service gateway, the encryption result to the
first user.
[0107] After the service gateway has returned the encryption result to the
first user, the first user
can store the encryption result in a data warehouse or to transmit it to other
users.
14
Date Regue/Date Received 2022-09-23
CA 03176858 2022-09-23
[0108] In the data processing method provided by the embodiments of the
present invention,
since the data encryption request sent from the user is routed and forwarded
through the
service gateway to the corresponding service cluster for encryption
processing, and an
encryption result is received returned from the service cluster, during the
process of
encryption, since the encryption algorithm and the secret key used to generate
the
cyphertext are stored by the service cluster in the database, the user cannot
come in
contact with the encryption secret key, so there is no risk of leaking the
secret key through
the data producer or the data user, so that higher data security is
guaranteed; at the same
time, since the data encryption request carries therewith a data access
permission,
guarantee is hence supplied to the settlement of the principle of minimization
of data
access permissions, it is ensured that the data is always transmitted and
stored with a
specific cyphertext format, and none of the system and personnel involved in
the
transmission process and the storage phase can obtain the plaintext, so the
data security
is further ensured.
[0109] Embodiment 2
[0110] This embodiment of the present invention provides a data processing
method, in this
embodiment, besides including the steps described with reference to Fig. 2,
the data
processing method further comprises step 301 to step 304 following step 205,
for the sake
of brevity, the steps described in Fig. 2 are omitted. As shown in Fig. 3, the
data
processing method further comprises the following steps.
[0111] 301 - receiving, by the service gateway, a data decryption request sent
from a second user,
wherein the data decryption request carries therewith a cyphertext to be
encrypted, a
service cluster identifier, and an encrypted event number.
[0112] In this embodiment, the second user can be a data user, and the second
user submits a
Date Regue/Date Received 2022-09-23
CA 03176858 2022-09-23
data encryption request to the service gateway through a second client end.
[0113] 302 - routing, by the service gateway, the data decryption request to a
service cluster to
which the service cluster identifier corresponds.
[0114] In this embodiment, the service gateway can determine the corresponding
service cluster
according to the service cluster identifier, and route the data decryption
request to the
corresponding service cluster.
[0115] Moreover, prior to step 302, the method provided by this embodiment of
the present
invention can further comprise:
[0116] performing identification verification and authentication on the second
user by the service
gateway, returning decryption request failure information to the second user
if the second
user does not pass the identification verification and authentication, and
routing the data
decryption request to the corresponding service cluster if the second user
passes
authentication.
[0117] In this embodiment, by performing identification verification and
authentication on
service invokers by the service gateway, different permissions can be supplied
to different
client ends through permission control, surveillance functions are provided
for accesses
and availabilities of service clusters, and different service clusters can be
opened up to
different client ends, so that security in accessing service clusters is
ensured, and
permission management and control are achieved for the invoked decryption
services.
[0118] 303 - enquiring in the database, by the service cluster, a data access
permission to which
the encrypted event number corresponds, and invoking a corresponding service
instance
from the plural service instances, when the second user possesses the data
access
permission, to decrypt the cyphertext to be encrypted based on an encryption
algorithm
and a secret key to which the encrypted event number corresponds and obtain a
plaintext.
16
Date Regue/Date Received 2022-09-23
CA 03176858 2022-09-23
[0119] In this embodiment, the service cluster can enquire the data access
permission to which
the encrypted event number corresponds in the database, and compare the user
identifier
of the second user with the user identifier of the authorized accessing user
in the data
access permission, in the case of consistent comparison, it is determined that
the second
user has the data access permission, in the case of inconsistent comparison,
the second
user does not have the data access permission, when the second user does not
have the
data access permission, the service cluster returns decryption request failure
information
to the second user through the service gateway.
[0120] After the service cluster has determined that the second user has the
data access
permission, a service instance is selected according to a load balancing mode
or a random
mode from a plurality of service instances all preset with the encryption
algorithm to
which the encrypted event number corresponds, so as to enable the service
instance to
decrypt the cyphertext to obtain a plaintext according to the encryption
algorithm and the
secret key.
[0121] During the process of specific implementation, load statuses of plural
service instances
preset with the encryption algorithm to which the encrypted event number
corresponds
can be monitored in real time, and the service instance with the smallest
current load is
selected from the plural service instances according to the load balancing
mode to
perform the decryption service.
[0122] The load status of a service instance can include one or more selected
from a CPU
utilization rate, a memory utilization rate, magnetic disk reading/writing,
and network
connection status.
[0123] 304 - returning, by the service cluster, a decryption result containing
the plaintext to the
service gateway, so that the service gateway returns the decryption result to
the second
17
Date Regue/Date Received 2022-09-23
CA 03176858 2022-09-23
user.
[0124] In the data processing method provided by the embodiments of the
present invention,
since the data decryption request sent from the user is routed and forwarded
through the
service gateway to the corresponding service cluster for decryption
processing, in the data
decrypting process, it is firstly judged whether the user as the data user has
the data access
permission, and the data decryption service is performed only when the data
access
permission is possessed, so that the data user is prevented from possibly
leaking the secret
key due to the contact of the data user with the secret key used to decrypt
the cyphertext,
whereby data security is rendered higher; in addition, it is also realized to
manage and
control data access permissions of cyphertexts, to prevent encryption
algorithms and
secret keys in the database from being decrypted by inadequate users to invoke
decryption
services in the service clusters to obtain plaintexts, whereby security of the
data is further
ensured.
[0125] Embodiment 3
[0126] This embodiment of the present invention provides a data processing
system, as shown
in Fig. 4, the data processing system can comprise service gateway 41 and
service clusters
42 that each includes a plurality of service instances and a database is
deployed in each
service cluster, wherein:
[0127] the service gateway 41 is employed for receiving a data encryption
request sent from a
first user, and routing the data encryption request to the service cluster,
wherein the data
encryption request carries therewith data to be encrypted and a data access
permission;
[0128] the service cluster 42 is employed for invoking a corresponding service
instance from the
plural service instances to encrypt the data to be encrypted to generate a
cyphertext, and
to generate an encrypted event;
[0129] the service cluster 42 is further employed for correspondingly storing
the data access
permission, an event number of the encrypted event, an encryption algorithm
and a secret
18
Date Regue/Date Received 2022-09-23
CA 03176858 2022-09-23
key used to encrypt the data to be encrypted in the database; and
[0130] returning to the service gateway an encryption result containing the
cyphertext, an
identifier of the service cluster, and the event number; and
[0131] the service gateway 41 is further employed for returning the encryption
result to the first
user.
[0132] Further, when there are plural service clusters, the service gateway 41
is specifically
employed for:
[0133] determining a service cluster having mapping relation to the first user
from the plural
service clusters according to a preset mapping relation table; and
[0134] routing the data encryption request to the service cluster having
mapping relation to the
first user.
[0135] Further, the plural service clusters 42 include at least two selected
from a symmetric
encryption service cluster, a Hash algorithm service cluster, an asymmetric
encryption
service cluster, and a business customization encryption service cluster.
[0136] Further, the secret key is randomly extracted from a secret key pool,
and the service
cluster 42 is specifically employed for:
[0137] replacing a secret key in the secret key pool according to a preset
secret key replacing
condition.
[0138] Further, the secret key replacing condition is one of the following
conditions:
[0139] the number of uses of the secret key in the secret key pool reaches a
number of uses
threshold; or
[0140] a time of existence of the secret key in the secret key pool reaches a
time threshold.
[0141] Further, the service gateway 41 is further employed for receiving a
data decryption
request sent from a second user, wherein the data decryption request carries
therewith a
19
Date Regue/Date Received 2022-09-23
CA 03176858 2022-09-23
cyphertext to be encrypted, a service cluster identifier, and an encrypted
event number;
[0142] the service gateway 41 is further employed for routing the data
decryption request to a
service cluster to which the service cluster identifier corresponds;
[0143] the service cluster 42 is further employed for enquiring in the
database a data access
permission to which the encrypted event number corresponds, and invoking a
corresponding service instance from the plural service instances, when the
second user
possesses the data access permission, to decrypt the cyphertext to be
encrypted based on
an encryption algorithm and a secret key to which the encrypted event number
corresponds and obtain a plaintext;
[0144] the service cluster 42 is further employed for returning a decryption
result containing the
plaintext to the service gateway; and
[0145] the service gateway 41 is further employed for returning the decryption
result to the
second user.
[0146] Moreover, the service cluster 42 is specifically further employed for:
[0147] selecting the corresponding service instance from the plural service
instances according
to a load balancing mode or a random mode.
[0148] The data processing system provided by this embodiment pertains to the
same inventive
concept as the data processing method provided by the foregoing embodiment of
the
present invention, can execute the data processing method provided by the
foregoing
embodiments of the present invention, and has corresponding functional modules
and
advantageous effects of executing data processing method. Technical details
not
particularized in this embodiment can be inferred from the data processing
method
provided by the foregoing embodiment of the present invention, and are not
redundantly
described in this context.
[0149] All the above optional technical solutions can be randomly combined to
form optional
embodiments of the present invention, and these are not redundantly described
in a one-
Date Regue/Date Received 2022-09-23
CA 03176858 2022-09-23
by-one basis.
[0150] As understandable by persons ordinarily skilled in the art, realization
of the entire or
partial steps of the aforementioned embodiments can be completed by hardware,
or by a
program instructing relevant hardware, the program can be stored in a computer-
readable
storage medium, and the storage medium can be a read-only memory, a magnetic
disk, or
an optical disk, etc.
[0151] What is described above is merely directed to preferred embodiments of
the present
invention, and is not meant to restrict the present invention. Any
modification, equivalent
substitution, and improvement makeable within the spirit and principle of the
present
invention shall all be covered by the protection scope of the present
invention.
21
Date Regue/Date Received 2022-09-23
