System, method and device for dynamically encrypting data based on key library

Abstract

The invention discloses a system, method and device for dynamically encrypting data based on a key library, which can be used in the field of information security, and the system comprises an inter-application server, a key library server, a plurality of channel application servers and terminals interacting with respective channel application servers, wherein the key library server is used for configuring a data encryption rule for data interacting among different channel application servers and data interacting in the same channel application server, and generating a corresponding encryption program and a key file according to the data encryption rule; the inter-application server is used for downloading a corresponding encryption program and the key file from the key library server according to a data processing request of each channel application server, and encrypting or decrypting application data; and the channel application servers are used for downloading the corresponding encryption program and the key file from the key library server according to the data processing request of the terminal, and encrypting or decrypting the application data. According to the invention, the system safety can be improved.

Description

technical field [0001] The invention relates to the field of information security, in particular to a system, method and device for dynamically encrypting data based on a key storehouse. Background technique [0002] This section is intended to provide a background or context to embodiments of the invention that are recited in the claims. The descriptions herein are not admitted to be prior art by inclusion in this section. [0003] In the banking system, it is often necessary to use keys to securely encrypt some sensitive information (for example, user account passwords, system management passwords). Traditional key management methods have the following problems when encrypting data: [0004] ① Since the key record information is solidified in the program code, the program code needs to be reissued when the key needs to be changed, resulting in low application flexibility. [0005] ②Upstream and downstream applications involve manual operations such as key creation and up...

AI Technical Summary

Problems solved by technology

[0008] In the embodiment of the present invention, a system for dynamically encrypting data based on the key store is provided to solve the problem of fixing the key record information in the program code in the prior art The key management method in the system has the technical problems of poor flexibility, error-prone and low security. The system includes: an inter-application server, a key store server, multiple channel application servers, and a terminal interacting with each channel application server ; Among them, the key store server is used to configure the data encryption rules, and generate corresponding encryption programs and key files according to the data encryption rules. The data encryption rules are used to perform encryption and decryption processing on the following application data: Data, the data interacted in the same channel application server; the inter-application server communicates with the key store server and each channel application server separately, and is used to download the corresponding encryption program from the key store server according to the data processing request of each channel application server and key file to encrypt or decrypt application data; the channel application server communicates with the key store server to receive data processing requests from the terminal, and download the corresponding Encryption programs and key files to perform encryption or decryption of application data

[0009] The embodiment of the present invention also provides a method of dynamically encrypting data based on the key store, which is used to solve the problem of fixing the key record information in the program in the prior art. The key management method in the code has technical problems of poor flexibility, error-proneness, and low security. The method includes: configuring data encryption rules, which are used to perform encryption and decryption processing on the following application data: between different channel application servers Interactive data, data interactive in the same channel application server; generate corresponding encryption program and key file according to data encryption rules; according to the data processing request of the inter-application server or each channel application server, send Issue the corresponding encryption program and key file, so that the inter-application server or each channel application server can encrypt or decrypt the application data according to the received encryption program and key file

[0010] The embodiment of the present invention also provides a method for dynamically encrypting data based on the key storehouse, which is used to solve the problem of fixing the key record information in the program in the prior art. The key management method in the code has the technical problems of poor flexibility, error-prone and low security. The method includes: receiving a data processing request from the terminal; sending the received data processing request directly to the key store server or via The inter-application server sends it to the keystore server, where the encryption program and key file for encrypting or decrypting the application data are stored on the keystore server. The application data includes: data interacted between application servers in different channels, The data exchanged in the application server; receive the encryption program and key file issued by the key store server; perform encryption or decryption processing on the application data according to the received encryption program and key file; send the data encryption and decryption results to terminal

Images