Data encryption and decryption system, data encryption method, computer device and program product

By employing a tiered and threat assessment strategy for the data encryption/decryption system, the system adaptively adjusts the encryption/decryption complexity, solving the problem that traditional encryption/decryption systems cannot adaptively adjust. This enables dynamic protection and optimization for different data levels and environments.

CN122394937APending Publication Date: 2026-07-14GUANGDONG ELECTRIC POWER COMM CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
GUANGDONG ELECTRIC POWER COMM CO LTD
Filing Date
2026-05-11
Publication Date
2026-07-14

AI Technical Summary

Technical Problem

Traditional encryption and decryption systems cannot adaptively adjust encryption and decryption complexity, nor can they dynamically adjust the complexity of encryption and decryption algorithms according to the type of data to be encrypted and the data environment.

Method used

A data encryption/decryption system is provided, including a data processing module, a static perception module, a dynamic perception module, and an encryption/decryption module. The system adaptively adjusts the encryption/decryption complexity through a hierarchical strategy and a threat assessment strategy, and achieves adaptive encryption/decryption processing by combining a key management module and a data storage module.

Benefits of technology

It achieves dynamic adjustment of encryption and decryption algorithm complexity based on data level and environmental threat level, reduces system load and computing resource consumption for low-value data, optimizes loading speed, and strengthens protection for high-value data in high-risk environments to prevent data leakage.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122394937A_ABST
    Figure CN122394937A_ABST
Patent Text Reader

Abstract

The application relates to a data encryption and decryption system, a data encryption method, computer equipment and a program product. The system comprises a data processing module, a static perception module and a dynamic perception module. The data processing module is used for analyzing and processing encrypted and decrypted data and issuing a control instruction. The static perception module is used for classifying the encrypted and decrypted data according to a hierarchical strategy based on the control instruction. The dynamic perception module is used for judging the threat of the data environment where the encrypted and decrypted data is located based on a threat judgment strategy according to the control instruction. The encryption and decryption module is used for adjusting the encryption and decryption complexity based on the control instruction, the classification result corresponding to the hierarchical strategy and the judgment result corresponding to the threat judgment strategy, and combining an adaptive adjustment strategy to encrypt and decrypt the encrypted and decrypted data. The application can adaptively adjust the encryption and decryption complexity of data.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This application relates to the field of data security technology, and in particular to a data encryption / decryption system, a data encryption method, a computer device, and a program product. Background Technology

[0002] To enhance data security, data is encrypted and decrypted. Data encryption and decryption is a technical system that uses specific algorithms to transform plaintext into ciphertext (encryption) and then reverse it (decryption). Its applications cover fields such as government, defense, and finance. The core elements of data encryption and decryption include plaintext, encryption algorithms, and ciphertext, and the main technologies involve data encryption, identity authentication, and digital signatures.

[0003] However, traditional encryption and decryption systems generally encrypt and decrypt data according to a set encryption and decryption algorithm. In practical applications, they cannot adaptively adjust the encryption and decryption complexity of the data to be encrypted and the data environment. Summary of the Invention

[0004] Therefore, it is necessary to provide a data encryption / decryption system, data encryption method, computer equipment, and program product that can adaptively adjust the encryption / decryption complexity of data to address the aforementioned technical problems.

[0005] Firstly, this application provides a data encryption / decryption system, the system comprising:

[0006] The data processing module is used to analyze and process encrypted and decrypted data and issue control commands.

[0007] The static perception module is used to classify encrypted and decrypted data according to a hierarchical strategy based on control commands.

[0008] The dynamic perception module is used to determine the threat level of the data environment in which the encrypted / decrypted data is located based on control commands and a threat assessment strategy.

[0009] The encryption / decryption module is used to encrypt and decrypt data based on control commands, the hierarchical results corresponding to the hierarchical strategy, the judgment results corresponding to the threat judgment strategy, and an adaptive adjustment strategy.

[0010] In one embodiment, the system further includes:

[0011] The key management module is used to manage and access keys based on control commands.

[0012] The data storage module is used to store encrypted and decrypted data.

[0013] Secondly, this application provides a data encryption method applied to the data encryption / decryption system described in the first aspect, the method comprising:

[0014] The data level corresponding to the data to be encrypted is determined based on the value and sensitivity characteristics of the data to be encrypted;

[0015] Use threat assessment strategies to determine the current level of environmental threat;

[0016] The encryption / decryption complexity is determined based on the data level and the environmental threat level; the environmental threat level is used to characterize the data security status of the data environment in which the data to be encrypted is located.

[0017] Encryption is performed on the data to be encrypted using encryption algorithms with encryption / decryption complexity corresponding to the complexity of encryption / decryption.

[0018] In one embodiment, the data levels include a first level, a second level, a third level, a fourth level, and a fifth level; the value characteristics include low value, medium value, high value, and very high value; and the sensitivity characteristics include low sensitivity, medium sensitivity, high sensitivity, and very high sensitivity.

[0019] Based on the value and sensitivity characteristics of the data to be encrypted, the corresponding data level is determined, including:

[0020] When the value characteristic is no value and the sensitivity characteristic is insensitive, the data level is determined to be the first level.

[0021] When the value characteristic is low value or the sensitivity characteristic is low sensitivity, the data level is determined to be the second level.

[0022] When the value characteristic is medium value or the sensitivity characteristic is medium sensitivity, the data level is determined to be the third level;

[0023] When the value characteristic is high value or the sensitivity characteristic is high sensitivity, the data level is determined to be the fourth level;

[0024] When the value characteristic is extremely high or the sensitivity characteristic is extremely high, the data level is determined to be level five.

[0025] In one embodiment, a threat assessment strategy is used to determine the current environmental threat level, including:

[0026] If the data environment is physically isolated or external devices cannot access the data environment, the environmental threat level will be determined as no threat.

[0027] If the data environment is isolated on an internal network or only allows authorized access, the environmental threat level is determined to be low threat.

[0028] If the data environment has an external access volume below a preset threshold, the environmental threat level will be determined as medium threat.

[0029] If the data is transmitted over a public network, the environmental threat level is determined to be high.

[0030] In one embodiment, the encryption / decryption complexity is determined based on the data level and the environmental threat level, including:

[0031] If the data level is Level 1, then the encryption / decryption complexity is determined to be exempt level;

[0032] If the data level is Level 2 and the environmental threat level is non-threatening or low-threat, then the encryption / decryption complexity is determined to be extremely simple.

[0033] If the data level is Level 3 and the environmental threat level is non-threatening, then the encryption / decryption complexity is determined to be extremely simple.

[0034] If the data level is Level 4 and the environmental threat level is non-threatening, then the encryption / decryption complexity is determined to be lightweight.

[0035] If the data level is Level 5 and the environmental threat level is non-threatening, then the encryption / decryption complexity is determined to be high.

[0036] In one embodiment, the method further includes:

[0037] If the data level is Level 2 and the environmental threat level is Medium Threat, then the encryption / decryption complexity is determined to be Lightweight.

[0038] If the data level is Level 2 and the environmental threat level is high threat, then the encryption / decryption complexity is determined to be general level.

[0039] If the data level is Level 2 and the environmental threat level increases from no threat or low threat to medium threat, then the encryption / decryption complexity is determined to be lightweight.

[0040] If the data level is Level 2 and the environmental threat level increases from no threat, low threat, or medium threat to high threat, then the encryption / decryption complexity is determined to be general level.

[0041] If the data level is Level 2 and the environmental threat level has regressed from medium threat to no threat or low threat, then the encryption / decryption complexity is determined to be minimal.

[0042] In one embodiment, the method further includes:

[0043] If the data level is Level 3 and the environmental threat level is low threat, then the encryption / decryption complexity is determined to be lightweight.

[0044] If the data level is Level 3 and the environmental threat level is Medium Threat, then the encryption / decryption complexity is determined to be General Level.

[0045] If the data level is Level 3 and the environmental threat level is High Threat, then the encryption / decryption complexity is determined to be High.

[0046] If the data level is level 3 and the environmental threat level regresses from high threat, then the threat assessment strategy is used to obtain multiple first environmental threat assessment results. If multiple first environmental threat assessment results do not rise to high threat again, then the last first environmental threat assessment result is used as the current environmental threat level, and the encryption / decryption complexity is determined based on the data level and the environmental threat level.

[0047] Thirdly, this application provides a computer device including a memory and a processor, wherein the memory stores a computer program, and the processor executes the computer program to implement the steps of the method of any one of claims 3 to 8.

[0048] Fourthly, this application provides a computer program product, including a computer program, which, when executed by a processor, implements the steps of the method in any of the second aspects.

[0049] The aforementioned data encryption / decryption system, data encryption method, computer equipment, and program products involve a data processing module analyzing and processing encrypted / decrypted data, and issuing control commands to instruct the static sensing module to classify the encrypted / decrypted data according to a classification strategy, to instruct the dynamic sensing module to determine the threat level of the data environment in which the encrypted / decrypted data resides based on a threat assessment strategy, and to instruct the encryption / decryption module to adjust the encryption / decryption complexity based on the classification results corresponding to the classification strategy and the judgment results corresponding to the threat assessment strategy, combined with an adaptive adjustment strategy, thereby achieving the function of encrypting and decrypting data. Through this method, this application can assign encryption / decryption algorithms of different complexity to data of different levels, thereby reducing the load on the encryption / decryption system and the consumption of computing resources for low-value data, optimizing loading speed, while focusing on protection for high-value data to prevent data leakage, thus achieving classified encryption / decryption of data of different levels. Attached Figure Description

[0050] To more clearly illustrate the technical solutions in the embodiments of this application or related technologies, the drawings used in the description of the embodiments of this application or related technologies will be briefly introduced below. Obviously, the drawings described below are only some embodiments of this application. For those skilled in the art, other related drawings can be obtained based on these drawings without creative effort.

[0051] Figure 1This is an application environment diagram of a data encryption / decryption system in one embodiment;

[0052] Figure 2 This is a block diagram of a data encryption / decryption system in one embodiment;

[0053] Figure 3 This is a flowchart illustrating a data encryption method in one embodiment;

[0054] Figure 4 This is a flowchart illustrating the process of determining the data level corresponding to the data to be encrypted in one embodiment;

[0055] Figure 5 This is a flowchart illustrating the process of determining the current environmental threat level in one embodiment;

[0056] Figure 6 This is a flowchart illustrating the process of determining encryption / decryption complexity in one embodiment.

[0057] Figure 7 This is a flowchart illustrating the process of determining encryption / decryption complexity in another embodiment;

[0058] Figure 8 This is a flowchart illustrating the process of determining encryption / decryption complexity in yet another embodiment;

[0059] Figure 9 This is an internal structural diagram of a computer device in one embodiment. Detailed Implementation

[0060] To make the objectives, technical solutions, and advantages of this application clearer, the following detailed description is provided in conjunction with the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative and not intended to limit the scope of this application.

[0061] It should be noted that the terms "first," "second," etc., used in this application can be used to describe various elements, but these elements are not limited by these terms. These terms are only used to distinguish the first element from the second element. The terms "comprising" and "having," and any variations thereof, used in this application, are intended to cover non-exclusive inclusion. The term "multiple" used in this application refers to two or more. The term "and / or" used in this application refers to one of the embodiments, or any combination of multiple embodiments.

[0062] The term "instruction" in this application can be either an explicit instruction or an implicit instruction. An explicit instruction can be understood as the sender clearly informing the receiver of the operation to be performed or the result to be requested in the instruction sent by the sender; an implicit instruction can be understood as the receiver making a judgment based on the instruction sent by the sender and determining the operation to be performed or the result to be requested based on the judgment result.

[0063] The data encryption and decryption system provided in this application embodiment can be applied to, for example... Figure 1 In the application environment shown, terminal 102 communicates with server 104 via a network. A data storage system can store the data that server 104 needs to process. The data storage system can be integrated onto server 104 or located on the cloud or other network servers. Terminal 102 can be, but is not limited to, various personal computers, laptops, smartphones, tablets, drones, low-altitude aircraft, IoT devices, and portable wearable devices. IoT devices can include smart speakers, smart TVs, smart air conditioners, smart in-vehicle devices, projection devices, etc. Portable wearable devices can include smartwatches, smart bracelets, head-mounted devices, etc. Head-mounted devices can be virtual reality (VR) devices, augmented reality (AR) devices, smart glasses, etc. Server 104 can be a standalone physical server, a server cluster or distributed system composed of multiple physical servers, or a cloud server providing cloud computing services.

[0064] In one exemplary embodiment, such as Figure 2 As shown, this application provides a data encryption / decryption system 200, which is applied to... Figure 1 Taking the application environment in [the example] as an example, the system includes:

[0065] The data processing module 202 is used to analyze and process encrypted and decrypted data and issue control commands.

[0066] The static perception module 204 is used to classify encrypted and decrypted data according to a hierarchical strategy based on control commands.

[0067] The dynamic sensing module 206 is used to determine the threat level of the data environment in which the encrypted / decrypted data is located based on the control command and the threat assessment strategy.

[0068] The encryption / decryption module 208 is used to encrypt and decrypt data based on control commands, the hierarchical results corresponding to the hierarchical strategy and the judgment results corresponding to the threat judgment strategy, and an adaptive adjustment strategy.

[0069] For example, control instructions can be used to instruct static sensing module 204, dynamic sensing module 206, encryption / decryption module 208, etc., to perform corresponding module functions. It should be noted that control instructions can be a single instruction to control a single module to perform a preset action, or multiple instructions to control multiple modules to perform multiple preset actions. The specific form of control instructions in this embodiment is not specifically limited.

[0070] In some examples, a tiered strategy can be used to determine the data level of the encrypted / decrypted data based on its value and sensitivity characteristics. A threat assessment strategy can be used to determine the data security status of the data environment in which the current data encryption / decryption system 200 operates. An adaptive adjustment strategy can be used to adaptively adjust the complexity of the encryption / decryption algorithm based on the aforementioned data level and the data security status of the current data environment in which the data encryption / decryption system 200 operates.

[0071] It is understandable that the various modules of the data encryption and decryption system 200 can be set up simultaneously in the server 104 of the above application environment, or simultaneously in the terminal 102 of the above application environment.

[0072] Furthermore, the data encryption / decryption system 200 can also be configured with its various modules on different devices within the application environment, based on actual data security requirements. For example, the data processing module 202 and encryption / decryption module 208 can be configured on server 104 within the application environment, while the static sensing module 204 and dynamic sensing module 206 can be configured on terminal 102 within the application environment, thus establishing a multi-device architecture data encryption / decryption system 200. Alternatively, the data processing module 202, static sensing module 204, dynamic sensing module 206, and encryption / decryption module 208 can be configured on different server devices within server 104.

[0073] It should be noted that the module deployment method of the data encryption and decryption system 200 is not limited to the implementation method mentioned in the above embodiments. As long as the data processing module 202 can instruct other modules to perform the corresponding module functions through control instructions, the module deployment method of the data encryption and decryption system 200 in this application embodiment is not specifically limited.

[0074] Specifically, the aforementioned encryption / decryption system analyzes and processes the encryption / decryption data through the data processing module 202, and issues control commands to instruct the static perception module 206 to classify the encryption / decryption data according to a classification strategy, to instruct the dynamic perception module 206 to determine the threat level of the data environment in which the encryption / decryption data is located based on a threat assessment strategy, and to instruct the encryption / decryption module 208 to adjust the encryption / decryption complexity according to the classification result corresponding to the classification strategy and the judgment result corresponding to the threat assessment strategy, combined with an adaptive adjustment strategy, thereby realizing the function of encrypting / decrypting the data. Through the above method, this application can assign encryption / decryption algorithms of different complexity to different levels of data and different data environment security situations. This reduces the load on the encryption / decryption system and the consumption of computing resources, optimizing loading speed, when the data is of low value and the environment is of low risk. Conversely, when the data is of high value and the environment is of high risk, it emphasizes protection to prevent data leakage, thus achieving adaptive encryption / decryption for the data to be encrypted.

[0075] In one embodiment, such as Figure 2 As shown, the system also includes:

[0076] Key management module 210, which is used to manage and invoke keys based on control commands;

[0077] Data storage module 212, the storage module is used to store encrypted and decrypted data.

[0078] For example, the key management module 210 can be set in Figure 1 In the application environment shown, server 104 can store the keys generated by each encryption and decryption algorithm. Figure 1 The data storage system of the application environment shown. In some examples, the data storage module 212 may also be located in the aforementioned data storage system.

[0079] In one exemplary embodiment, such as Figure 3 As shown, this application provides a data encryption method applied to the data encryption / decryption system 200 described in any of the above embodiments. The method includes the following steps S302 to S308. Wherein:

[0080] Step S302: Determine the data level corresponding to the data to be encrypted based on the value characteristics and sensitivity characteristics of the data to be encrypted.

[0081] Among these, value characteristics can be used to characterize the value of the data to be encrypted in actual production activities, while sensitivity characteristics can be used to characterize the sensitivity of the data to users. For example, publicly available data such as commercial product advertisements, public announcements, and general logs can be labeled as data to be encrypted with a lower data level, while data that directly affects the security of user production and sales, such as transaction data, confidential government documents, and system root keys, can be labeled as data to be encrypted with a higher value level.

[0082] For example, the value and sensitivity characteristics of the data to be encrypted can be manually labeled or machine labeled using machine learning, large models, etc., before encryption.

[0083] Specifically, the static perception module 204 of the data encryption and decryption system 200 can determine the data level corresponding to the data to be encrypted based on the value characteristics and sensitivity characteristics of the data to be encrypted.

[0084] Step S304: Use a threat assessment strategy to determine the current environmental threat level.

[0085] Among them, the environmental threat level is used to characterize the data security status of the data environment in which the data to be encrypted is located.

[0086] Specifically, the dynamic perception module 206 of the data encryption and decryption system 200 can use a threat assessment strategy to determine the environmental threat level of the data environment in which the data to be encrypted is located, thereby providing a data basis for subsequent adaptive adjustment of encryption and decryption complexity.

[0087] Step S306: Determine the encryption / decryption complexity based on the data level and environmental threat level.

[0088] For example, different encryption / decryption complexities correspond to different types of encryption / decryption algorithms.

[0089] Understandably, in practical applications, the higher the encryption and decryption complexity, the more computing resources and storage space the corresponding encryption and decryption algorithm will require during execution.

[0090] Specifically, the encryption / decryption module 208 of the data encryption / decryption system 200 determines the encryption / decryption complexity based on the calculated data level and the environmental threat level of the current data environment, so as to select a suitable encryption algorithm.

[0091] Step S308: Use the encryption algorithm corresponding to the encryption / decryption complexity to encrypt the data to be encrypted.

[0092] Specifically, the encryption / decryption module 208 of the data encryption / decryption system 200 encrypts the data to be encrypted according to the encryption algorithm corresponding to the above-mentioned encryption / decryption complexity. It can be understood that this embodiment adaptively selects the most suitable data encryption / decryption algorithm based on the data level of the data to be encrypted and the data security situation of the current data environment, which can fully leverage the advantages of various encryption / decryption algorithms while ensuring data security.

[0093] In one embodiment, data levels include first level, second level, third level, fourth level, and fifth level; value characteristics include low value, medium value, high value, and very high value; sensitivity characteristics include low sensitivity, medium sensitivity, high sensitivity, and very high sensitivity. Figure 4 As shown, the data level corresponding to the data to be encrypted is determined based on the value and sensitivity characteristics of the data to be encrypted, including the following steps S402 to S410. Wherein:

[0094] Step S402: When the value characteristic is no value and the sensitivity characteristic is insensitive, the data level is determined to be the first level.

[0095] Step S404: When the value characteristic is low value or the sensitivity characteristic is low sensitivity, the data level is determined to be the second level.

[0096] Step S406: When the value characteristic is medium value or the sensitivity characteristic is medium sensitivity, the data level is determined to be the third level.

[0097] Step S408: When the value characteristic is high value or the sensitivity characteristic is high sensitivity, the data level is determined to be the fourth level.

[0098] Step S410: When the value characteristic is extremely high or the sensitivity characteristic is extremely high, the data level is determined to be the fifth level.

[0099] For example, in practical applications, the first level of data to be encrypted can include public data or non-business data (such as commercial product promotions, public announcements, and general logs); the second level of data to be encrypted can include non-core business data (such as ordinary employee attendance records and non-confidential intranet files); the third level of data to be encrypted can include core business data (such as equipment operation data, ordinary business ledgers, and IoT-collected data); the fourth level of data to be encrypted can include important business / user privacy data (such as customer information, transaction records, and system configuration information); and the fifth level of data to be encrypted can include users' core secrets or key data of business systems (such as core financial transaction data, government secrets, and system root keys).

[0100] Specifically, the static perception module 204 of the data encryption / decryption system 200 determines the data level as the first level when the value characteristic is no value and the sensitivity characteristic is not sensitive; the data level is determined as the second level when the value characteristic is low value or the sensitivity characteristic is low sensitivity; the data level is determined as the third level when the value characteristic is medium value or the sensitivity characteristic is medium sensitivity; the data level is determined as the fourth level when the value characteristic is high value or the sensitivity characteristic is high sensitivity; and the data level is determined as the fifth level when the value characteristic is extremely high value or the sensitivity characteristic is extremely high sensitivity.

[0101] The embodiments of this application facilitate the data encryption / decryption system 200 to classify data according to its inherent characteristics (value characteristics, sensitivity characteristics) in the above manner, thereby assigning initial encryption / decryption algorithms of different complexity to the data to be encrypted in subsequent processes, and thus providing different levels of protection for the data to be encrypted at different data levels, so as to achieve better protection for high-level data and reduce the complexity of encryption / decryption algorithms for low-level data to reduce the occupation of device computing resources.

[0102] In one embodiment, such as Figure 5 As shown, the current environmental threat level is determined using a threat assessment strategy, including the following steps S502 to S508. Wherein:

[0103] Step S502: If the data environment is physically isolated or external devices cannot access the data environment, the environmental threat level is determined to be non-threatening.

[0104] Step S504: If the data environment is isolated on an internal network or only accepts authorized access, then the environmental threat level is determined to be low threat.

[0105] Step S506: If the external access volume of the data environment is lower than the preset threshold, the environmental threat level is determined to be medium threat.

[0106] Step S508: If the data environment is a public network transmission environment, the environmental threat level is determined to be high threat.

[0107] Specifically, the dynamic sensing module 206 of the data encryption / decryption system 200 determines the environmental threat level of the current data environment as non-threatening when the data environment is physically isolated or external devices cannot access the data environment; it determines the environmental threat level of the current data environment as low threat when the data environment is isolated on an intranet or only accepts authorized access; it determines the environmental threat level of the current data environment as medium threat when the external access volume of the current data environment is lower than a preset threshold; and it determines the environmental threat level as high threat when all data in the current system is transmitted over the public network (or can be accessed by multiple entities on the public network).

[0108] In one embodiment, such as Figure 6 As shown, the encryption / decryption complexity is determined based on the data level and environmental threat level, including the following steps S602 to S610. Wherein:

[0109] Step S602: If the data level is Level 1, then the encryption / decryption complexity is determined to be exempt level.

[0110] Step S604: If the data level is Level 2 and the environmental threat level is non-threatening or low threat, then the encryption / decryption complexity is determined to be extremely simple.

[0111] Step S606: If the data level is Level 3 and the environmental threat level is non-threatening, then the encryption / decryption complexity is determined to be extremely simple.

[0112] Step S608: If the data level is level 4 and the environmental threat level is non-threatening, then the encryption / decryption complexity is determined to be lightweight.

[0113] Step S610: If the data level is Level 5 and the environmental threat level is non-threatening, then the encryption / decryption complexity is determined to be high.

[0114] For example, an encryption / decryption complexity of "exemption level" indicates that the current data to be encrypted does not yet require encryption / decryption; when the encryption / decryption complexity is "extremely simple level," the corresponding encryption / decryption algorithm can be a lightweight version of the SM7 algorithm or a simplified ZUC algorithm; when the encryption / decryption complexity is "lightweight level," the corresponding encryption / decryption algorithm can be the standard SM7 / ZUC + simplified SM3; when the encryption / decryption complexity is "general level," the corresponding encryption / decryption algorithm can be SM4-CBC / ECB + full SM3 + SM2 lightweight authentication; when the encryption / decryption complexity is "high level," the corresponding encryption / decryption algorithm can be SM4-GCM + full SM2 + SM9.

[0115] Specifically, when the data level of the data to be encrypted is Level 1, the encryption / decryption module 208 of the data encryption / decryption system 200 determines the encryption / decryption complexity to be at the exempt level, thereby minimizing the operational load on the encryption / decryption system and reducing the occupation of device computing resources, while improving data loading speed; if the data level is Level 2 and the environmental threat level is non-threatening or low-threat, then the encryption / decryption complexity is determined to be at the simplified level; if the data level is Level 3 and the environmental threat level is non-threatening, then the encryption / decryption complexity is determined to be at the simplified level, thereby reducing the operational load on the encryption / decryption system and reducing the occupation of device computing resources. The system aims to ensure adequate encryption and decryption protection for Level 2 and Level 3 data. If the data level is Level 4 and the environmental threat level is non-threatening, the encryption and decryption complexity is set to lightweight. This reduces the load on the encryption and decryption system and the consumption of computing resources, while still providing good encryption and decryption algorithm protection for Level 4 data. If the data level is Level 5 and the environmental threat level is non-threatening, the encryption and decryption complexity is set to high. This prioritizes the protection of Level 5 data, thereby preventing malicious tampering or leakage of Level 5 data.

[0116] Through the above methods, this application can assign encryption and decryption algorithms with different levels of complexity to different data levels and different data environment security conditions. This reduces the load on the encryption and decryption system and the occupation of computing resources when the data is of low value and the environment is of low risk, thereby optimizing the loading speed. When the data is of high value and the environment is of high risk, the focus is on protection to avoid data leakage. This achieves adaptive encryption and decryption for the data to be encrypted.

[0117] In one embodiment, such as Figure 7 As shown, the method further includes steps S702 to S710. Wherein:

[0118] Step S702: If the data level is Level 2 and the environmental threat level is Medium Threat, then the encryption / decryption complexity is determined to be Lightweight.

[0119] Step S704: If the data level is Level 2 and the environmental threat level is high threat, then the encryption / decryption complexity is determined to be general level.

[0120] Step S706: If the data level is Level 2 and the environmental threat level increases from no threat or low threat to medium threat, then the encryption / decryption complexity is determined to be lightweight.

[0121] Step S708: If the data level is Level 2 and the environmental threat level increases from no threat, low threat, or medium threat to high threat, then the encryption / decryption complexity is determined to be general level.

[0122] Step S710: If the data level is Level 2 and the environmental threat level has regressed from medium threat to no threat or low threat, then the encryption / decryption complexity is determined to be extremely simple.

[0123] Specifically, when the data encryption / decryption system 200's encryption / decryption module 208 is at level two and the environmental threat level is medium threat, the encryption / decryption complexity is determined to be lightweight. This reduces the load on the encryption / decryption system and the consumption of device computing resources, while still providing good encryption / decryption algorithm protection capabilities. When the data level is level two and the environmental threat level is high threat, the encryption / decryption complexity is determined to be general-purpose. If the data level is level two and the environmental threat level increases from no threat or low threat to medium threat, the encryption / decryption complexity is determined to be lightweight. If the data level is level two and the environmental threat level increases from no threat, low threat, or medium threat to high threat, the encryption / decryption complexity is determined to be general-purpose. If the data level is level two and the environmental threat level reverts from medium threat to no threat or low threat, the encryption / decryption complexity is determined to be extremely simple.

[0124] Through the above methods, the embodiments of this application can dynamically adjust the complexity of encryption and decryption algorithms for different levels of data and different data environment security conditions. This reduces the load on the encryption and decryption system and the occupation of computing resources when the data is of low value and the environment is of low risk, thereby optimizing the loading speed. When the data is of high value and the environment is of high risk, the focus is on protection to avoid data leakage. This achieves adaptive encryption and decryption for the data to be encrypted.

[0125] In one embodiment, such as Figure 8 As shown, the method further includes steps S802 to S808. Wherein:

[0126] Step S802: If the data level is Level 3 and the environmental threat level is low threat, then the encryption / decryption complexity is determined to be lightweight.

[0127] Step S804: If the data level is Level 3 and the environmental threat level is Medium Threat, then the encryption / decryption complexity is determined to be General Level.

[0128] Step S806: If the data level is Level 3 and the environmental threat level is High Threat, then the encryption / decryption complexity is determined to be High.

[0129] In step S808, if the data level is level 3 and the environmental threat level has regressed from high threat, the threat judgment strategy is used to obtain multiple first environmental threat judgment results; if the multiple first environmental threat judgment results do not rise to high threat again, the last first environmental threat judgment result is used as the current environmental threat level, and the encryption / decryption complexity is determined based on the data level and the environmental threat level.

[0130] For example, if the current data environment's threat level regresses from medium to low, lightweight encryption and decryption can be used. However, if the threat assessment strategy further determines that the current data environment's threat level has regressed to Level 3 (high threat), then the strategy re-collects five first-level environmental threat assessment results. If the environmental threat level in any of these five first-level environmental threat assessment results does not rise back to high threat, then the Level 3 data to be encrypted uses the encryption and decryption complexity corresponding to the last assessment result. For instance, if the last first-level environmental threat assessment result is medium threat, then the general-level encryption algorithm corresponding to the Level 3 data is used to encrypt it. If any of the five first-level environmental threat assessment results shows a regression to high threat, then the advanced-level encryption algorithm is still used for data encryption and decryption.

[0131] Specifically, when the data encryption / decryption module 208 of the data encryption / decryption system 200 is at level 3 and the environmental threat level is low threat, the encryption / decryption complexity is determined to be lightweight; if the data level is level 3 and the environmental threat level is medium threat, the encryption / decryption complexity is determined to be general-purpose; if the data level is level 3 and the environmental threat level is high threat, the encryption / decryption complexity is determined to be high-level; if the data level is level 3 and the environmental threat level regresses from high threat, the threat assessment strategy is used to obtain multiple first environmental threat assessment results; if multiple first environmental threat assessment results do not rise to high threat again, the last first environmental threat assessment result is used as the current environmental threat level, and the encryption / decryption complexity is determined based on the data level and the environmental threat level.

[0132] Through the above methods, the embodiments of this application can dynamically adjust the complexity of encryption and decryption algorithms for different levels of data and different data environment security conditions. This reduces the load on the encryption and decryption system and the occupation of computing resources when the data is of low value and the environment is of low risk, thereby optimizing the loading speed. When the data is of high value and the environment is of high risk, the focus is on protection to avoid data leakage. This achieves adaptive encryption and decryption for the data to be encrypted.

[0133] In some possible implementations, the method may further include the following steps S902 to S908. Wherein:

[0134] Step S902: If the data level is level four and the environmental threat level is low threat, then the encryption / decryption complexity is determined to be general level.

[0135] Step S904: If the data level is level 4 and the environmental threat level is medium or high threat, then the encryption / decryption complexity is determined to be high.

[0136] Step S906: If the data level is level 4 and the environmental threat level regresses from low threat, then the threat judgment strategy is used to obtain multiple second environmental threat judgment results; if the multiple second environmental threat judgment results do not rise to high threat, then the last second environmental threat judgment result is used as the current environmental threat level, and the encryption / decryption complexity is determined according to the data level and the environmental threat level.

[0137] Step S908: If the data level is level four and the environmental threat level has regressed from medium threat or high threat, then the threat judgment strategy is used to obtain multiple third environmental threat judgment results; if the multiple third environmental threat judgment results are all non-threat, then the environmental threat level is set to non-threat, and the encryption / decryption complexity is determined according to the data level and the environmental threat level.

[0138] For example, when the threat assessment strategy determines that the threat level of the data environment in the fourth level of the low-threat data environment has regressed, the threat assessment strategy can collect five second-environment threat assessment results. If the threat level does not rise to the low-threat level again in the five second-environment threat assessment results, the data in the fourth level of the data environment will be encrypted and decrypted using the corresponding encryption and decryption complexity level. If the threat level rises to the low-threat level again in the five second-environment threat assessment results, the general level will still be used for encryption and decryption.

[0139] For example, when the threat assessment strategy determines that the current data environment threat level of the data to be encrypted, which is at the level of medium or high threat (Level 4), has regressed, the threat assessment strategy collects 10 third-environment threat assessment results. If all 10 third-environment threat assessment results are maintained at the no-threat level, then encryption and decryption are performed using the corresponding encryption and decryption complexity level (i.e., lightweight encryption and decryption). If not, then high-level encryption and decryption are still used.

[0140] It should be noted that, through the above method, the embodiments of this application can dynamically adjust the complexity of the encryption and decryption algorithm for different levels of data and different data environment security conditions. This reduces the load on the encryption and decryption system and the occupation of computing resources when the data is of low value and the environment is of low risk, thereby optimizing the loading speed. When the data is of high value and the environment is of high risk, the focus is on protection to avoid data leakage. This achieves adaptive encryption and decryption for the data to be encrypted.

[0141] In some possible implementations, the grading results in the above embodiments can also be verified based on a manual verification strategy to improve the labeling accuracy.

[0142] For example, the specific content of the manual verification strategy is as follows: for the first level of data to be encrypted, 20% of the first level of data to be encrypted is captured. If the failure rate of the verification result exceeds 85%, the machine will re-label it through machine learning or large model recognition.

[0143] For the second level of data to be encrypted, 30% of the data to be encrypted at the second level is captured. If the failure rate of the verification result exceeds 90%, the machine will re-label it.

[0144] For the third level of data to be encrypted, 50% of the data to be encrypted at the third level is captured. If the failure rate of the verification result exceeds 95%, the machine will re-label it.

[0145] For the data to be encrypted at levels four and five, 80% of the data to be encrypted at levels four and five are captured. If the failure rate of the verification results exceeds 98%, the data will be manually re-labeled.

[0146] Through the above methods, the embodiments of this application can ensure the accuracy of data classification as much as possible, while minimizing the amount of manual verification work.

[0147] In some possible implementations, when the encryption / decryption algorithm's key is no longer needed, the key cache in memory can be destroyed by hardware overwriting, while the root key is permanently stored in the HSM, thereby increasing key security.

[0148] It should be understood that although the steps in the flowcharts of the embodiments described above are shown sequentially according to the arrows, these steps are not necessarily executed in the order indicated by the arrows. Unless explicitly stated herein, there is no strict order restriction on the execution of these steps, and they can be executed in other orders. Moreover, at least some steps in the flowcharts of the embodiments described above may include multiple steps or multiple stages. These steps or stages are not necessarily completed at the same time, but can be executed at different times. The execution order of these steps or stages is not necessarily sequential, but can be performed alternately or in turn with other steps or at least some of the steps or stages in other steps. It is understood that the steps in different embodiments can be freely combined as needed, and all non-contradictory solutions formed by such combinations are within the scope of protection of this application.

[0149] In one exemplary embodiment, a computer device is provided, which may be a server, and its internal structure diagram may be as follows: Figure 9 As shown, this computer device includes a processor, memory, input / output (I / O) interfaces, and a communication interface. The processor, memory, and I / O interfaces are connected via a system bus, and the communication interface is also connected to the system bus via the I / O interfaces. The processor provides computational and control capabilities. The memory includes non-volatile storage media and internal memory. The non-volatile storage media stores the operating system, computer programs, and a database. The internal memory provides the environment for the operating system and computer programs stored in the non-volatile storage media. The database stores data to be encrypted. The I / O interfaces are used for exchanging information between the processor and external devices. The communication interface is used for communicating with external terminals via a network connection. When the computer program is executed by the processor, it implements a data encryption method.

[0150] Those skilled in the art will understand that Figure 9 The structure shown is merely a block diagram of a portion of the structure related to the present application and does not constitute a limitation on the computer device to which the present application is applied. Specific computer devices may include more or fewer components than those shown in the figure, or combine certain components, or have different component arrangements.

[0151] In one embodiment, this application provides a computer device including a memory and a processor, wherein the memory stores a computer program, and the processor executes the computer program to implement the steps of the method described in any of the above embodiments.

[0152] In one embodiment, this application provides a computer-readable storage medium having a computer program stored thereon, which, when executed by a processor, implements the steps of the method described in any of the above embodiments.

[0153] In one embodiment, a computer program product includes a computer program that, when executed by a processor, implements the steps of the method described in any of the above embodiments.

[0154] It should be noted that the user information (including but not limited to user device information, user personal information, etc.) and data (including but not limited to data used for analysis, data stored, data displayed, etc.) involved in this application are all information and data authorized by the user or fully authorized by all parties, and the collection, use and processing of the relevant data must comply with relevant regulations.

[0155] Those skilled in the art will understand that all or part of the processes in the methods of the above embodiments can be implemented by a computer program instructing related hardware. The computer program can be stored in a non-volatile computer-readable storage medium, and when executed, it can include the processes of the embodiments of the above methods. Any references to memory, databases, or other media used in the embodiments provided in this application can include at least one of non-volatile memory and volatile memory. Non-volatile memory can include read-only memory (ROM), magnetic tape, floppy disk, flash memory, optical memory, high-density embedded non-volatile memory, resistive random access memory (ReRAM), magnetic random access memory (MRAM), ferroelectric random access memory (FRAM), phase change memory (PCM), graphene memory, etc. Volatile memory can include random access memory (RAM) or external cache memory, etc. By way of illustration and not limitation, RAM can take many forms, such as Static Random Access Memory (SRAM) or Dynamic Random Access Memory (DRAM). The databases involved in the embodiments provided in this application may include at least one type of relational database and non-relational database. Non-relational databases may include, but are not limited to, blockchain-based distributed databases. The processors involved in the embodiments provided in this application may be general-purpose processors, central processing units, graphics processing units, digital signal processors, programmable logic devices, quantum computing-based data processing logic devices, artificial intelligence (AI) processors, etc., and are not limited to these.

[0156] The technical features of the above embodiments can be combined in any way. For the sake of brevity, not all possible combinations of the technical features in the above embodiments are described. However, as long as there is no contradiction in the combination of these technical features, they should be considered to be within the scope of this application.

[0157] The embodiments described above are merely illustrative of several implementation methods of this application, and while the descriptions are specific and detailed, they should not be construed as limiting the scope of this patent application. It should be noted that those skilled in the art can make various modifications and improvements without departing from the concept of this application, and these all fall within the protection scope of this application. Therefore, the protection scope of this application should be determined by the appended claims.

Claims

1. A data encryption / decryption system, characterized in that, The system includes: A data processing module is used to analyze and process encrypted and decrypted data and issue control commands. A static perception module is used to classify the encrypted and decrypted data according to the control command and a classification strategy. A dynamic perception module is used to determine the threat level of the data environment in which the encrypted / decrypted data is located based on the control command and a threat assessment strategy. An encryption / decryption module is used to encrypt and decrypt the data based on the control command, the classification result corresponding to the classification strategy, and the judgment result corresponding to the threat judgment strategy, combined with an adaptive adjustment strategy to adjust the encryption / decryption complexity.

2. The system according to claim 1, characterized in that, The system also includes: A key management module, which is used to manage and invoke keys based on control commands; A data storage module is provided for storing the encrypted / decrypted data.

3. A data encryption method, characterized in that, Applied to the data encryption / decryption system of claim 1 or 2, the method includes: The data level corresponding to the data to be encrypted is determined based on the value and sensitivity characteristics of the data to be encrypted; Use threat assessment strategies to determine the current level of environmental threat; The encryption / decryption complexity is determined based on the data level and the environmental threat level; the environmental threat level is used to characterize the data security status of the data environment in which the data to be encrypted is located. The data to be encrypted is encrypted using the encryption algorithm corresponding to the encryption / decryption complexity.

4. The method according to claim 3, characterized in that, The data levels include Level 1, Level 2, Level 3, Level 4, and Level 5; the value characteristics include low value, medium value, high value, and extremely high value; the sensitivity characteristics include low sensitivity, medium sensitivity, high sensitivity, and extremely high sensitivity. The step of determining the data level corresponding to the data to be encrypted based on the value and sensitivity characteristics of the data to be encrypted includes: If the value characteristic is worthless and the sensitivity characteristic is insensitive, then the data level is determined to be the first level; When the value characteristic is low value or the sensitivity characteristic is low sensitivity, the data level is determined to be the second level; When the value characteristic is medium value or the sensitivity characteristic is medium sensitivity, the data level is determined to be the third level. When the value characteristic is high value or the sensitivity characteristic is high sensitivity, the data level is determined to be the fourth level; When the value characteristic is extremely high or the sensitivity characteristic is extremely high, the data level is determined to be the fifth level.

5. The method according to claim 3, characterized in that, The method of using threat assessment strategies to determine the current environmental threat level includes: If the data environment is physically isolated or external devices cannot access the data environment, then the environmental threat level is determined to be non-threatening. If the data environment is isolated within an intranet or only accepts authorized access, then the threat level of the environment is determined to be low threat. If the data environment has an external access volume lower than a preset threshold, then the environmental threat level is determined to be medium threat. If the data environment is a public network transmission environment, then the environmental threat level is determined to be high threat.

6. The method according to any one of claims 3 to 5, characterized in that, The process of determining encryption / decryption complexity based on the data level and the environmental threat level includes: If the data level is the first level, then the encryption / decryption complexity is determined to be exempt level; If the data level is Level 2 and the environmental threat level is non-threatening or low-threat, then the encryption / decryption complexity is determined to be extremely simple. If the data level is level three and the environmental threat level is non-threatening, then the encryption / decryption complexity is determined to be extremely simple. If the data level is level four and the environmental threat level is non-threatening, then the encryption / decryption complexity is determined to be lightweight. If the data level is Level 5 and the environmental threat level is non-threatening, then the encryption / decryption complexity is determined to be high.

7. The method according to claim 6, characterized in that, The method further includes: If the data level is Level 2 and the environmental threat level is Medium Threat, then the encryption / decryption complexity is determined to be Lightweight. If the data level is level two and the environmental threat level is high threat, then the encryption / decryption complexity is determined to be general level. If the data level is level two and the environmental threat level increases from no threat or low threat to medium threat, then the encryption / decryption complexity is determined to be lightweight. If the data level is level two, and the environmental threat level increases from no threat, low threat, or medium threat to high threat, then the encryption / decryption complexity is determined to be at the general level. If the data level is Level 2 and the environmental threat level has regressed from medium threat to no threat or low threat, then the encryption / decryption complexity is determined to be minimal.

8. The method according to claim 4, characterized in that, The method further includes: If the data level is level three and the environmental threat level is low threat, then the encryption / decryption complexity is determined to be lightweight. If the data level is level 3 and the environmental threat level is medium threat, then the encryption / decryption complexity is determined to be general level. If the data level is level 3 and the environmental threat level is high threat, then the encryption / decryption complexity is determined to be high. If the data level is level three and the environmental threat level regresses from high threat, then the threat judgment strategy is used to obtain multiple first environmental threat judgment results; if multiple first environmental threat judgment results do not rise to high threat again, then the last first environmental threat judgment result is used as the current environmental threat level, and the encryption / decryption complexity is determined based on the data level and the environmental threat level.

9. A computer device comprising a memory and a processor, wherein the memory stores a computer program, characterized in that, When the processor executes the computer program, it implements the steps of the method according to any one of claims 3 to 8.

10. A computer program product, comprising a computer program, characterized in that, When the computer program is executed by a processor, it implements the steps of the method according to any one of claims 3 to 8.