Search

CN-121980600-A - Data processing method, apparatus, computer device, readable storage medium, and program product

CN121980600ACN 121980600 ACN121980600 ACN 121980600ACN-121980600-A

Abstract

The present application relates to a data processing method, apparatus, computer device, computer readable storage medium and computer program product. The method comprises the steps of obtaining a first query instruction, carrying out analysis processing on the first query instruction to obtain analysis tree result data, determining field data to be encrypted according to the analysis tree result data, determining field encryption proportion in the field data to be encrypted by utilizing a hierarchical encryption algorithm, encrypting the field data to be encrypted according to the field encryption proportion to obtain an encrypted analysis tree, carrying out serialization operation on the encrypted analysis tree, and sending the serialized analysis tree to a database server, wherein the query result is obtained by the database server after the serialized analysis tree is inversely serialized, and the result data is obtained by carrying out query according to the analysis tree result data. The method can provide data security.

Inventors

  • LI JINLIN

Assignees

  • 天翼云科技有限公司

Dates

Publication Date
20260505
Application Date
20251222

Claims (10)

  1. 1. A method of data processing, the method comprising: Acquiring a first query instruction, and analyzing the first query instruction to obtain analysis tree result data; Determining field data to be encrypted according to the analysis tree result data; Determining field encryption proportion in field data to be encrypted by using a hierarchical encryption algorithm, and encrypting the field data to be encrypted according to the field encryption proportion to obtain an encrypted analysis tree; Serializing the encrypted analysis tree, and sending the serialized analysis tree to a database server; And acquiring a query result corresponding to the first query instruction, which is returned by the database server, wherein the query result is obtained by the database server after the serialized analysis tree is de-serialized, and querying the analysis tree result data according to the analysis tree result data.
  2. 2. The method of claim 1, wherein after the parsing tree result data is obtained, the method comprises: Storing the first query instruction and the analysis tree result data in a cache area in an associated manner; when a second query instruction is received, traversing the cache area to query whether the first query instruction matched with the second query instruction exists; And if the first query instruction matched with the second query instruction exists in the cache region, the analysis tree result data corresponding to the first query instruction is used as a query result corresponding to the second query instruction and is sent to the database server.
  3. 3. The method according to claim 1, wherein before determining a field encryption scale in field data to be encrypted using a hierarchical encryption algorithm, the method comprises: Determining the field type of the field data to be encrypted; and adding a preset encryption tag to the field data to be encrypted based on the field type, wherein the preset encryption tag is used for determining the encryption proportion.
  4. 4. A method according to claim 3, wherein the determining the field encryption ratio in the field data to be encrypted by using the hierarchical encryption algorithm, and encrypting the field data to be encrypted according to the field encryption ratio, to obtain the encrypted parse tree, includes: When the encryption tag of the field data to be encrypted is a preset encryption tag, acquiring an encryption proportion; dividing the field data to be encrypted into a plaintext prefix and a ciphertext suffix according to the encryption proportion; encrypting field data corresponding to the ciphertext suffix to obtain an encrypted ciphertext suffix; and splicing the plaintext prefix and the encrypted ciphertext suffix to obtain encrypted field data.
  5. 5. The method according to claim 4, wherein after the obtaining the query result corresponding to the first query instruction returned by the database server, the method includes: and obtaining the encryption field in the query result, and decrypting the encryption field in the query result to obtain result data.
  6. 6. The method of claim 4, wherein before dividing the field data to be encrypted into a plaintext prefix and a ciphertext suffix according to the encryption scale, the method comprises: when the encryption tag of the field data to be encrypted is a preset encryption tag, converting the field data to be encrypted into a character string; The dividing the field data to be encrypted into a plaintext prefix and a ciphertext suffix according to the encryption proportion includes: And dividing the character string into a plaintext prefix and a ciphertext suffix according to the encryption proportion.
  7. 7. A data processing apparatus, the apparatus comprising: the analysis tree acquisition module is used for acquiring a first query instruction, and analyzing the first query instruction to obtain analysis tree result data; The encryption data determining module is used for determining field data to be encrypted according to the analysis tree result data; The encryption module is used for determining field encryption proportion in field data to be encrypted by using a hierarchical encryption algorithm, encrypting the field data to be encrypted according to the field encryption proportion, and obtaining an encrypted analysis tree; The data sending module is used for carrying out serialization operation on the encrypted analysis tree and sending the serialized analysis tree to the database server; the result acquisition module is used for acquiring a query result corresponding to the first query instruction, which is returned by the database server, wherein the query result is obtained by the database server after the serialized analysis tree is inversely serialized, and query is carried out according to the analysis tree result data.
  8. 8. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor implements the steps of the method of any of claims 1 to 6 when the computer program is executed.
  9. 9. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the steps of the method of any of claims 1 to 6.
  10. 10. A computer program product comprising a computer program, characterized in that the computer program, when being executed by a processor, implements the steps of the method of any of claims 1 to 6.

Description

Data processing method, apparatus, computer device, readable storage medium, and program product Technical Field The present application relates to the field of computer technology, and in particular, to a data processing method, apparatus, computer device, computer readable storage medium, and computer program product. Background With the development of computer foundations, databases are increasingly used to realize data storage, and in order to ensure the security of data stored in the databases, the security of the databases is particularly important. In the related art, to ensure the security of data, protection measures are mainly specified according to the stage where the data is located, for example, a secure transmission protocol SSL/TLS is used at a data transmission node to realize data transmission, transparent storage encryption is used at a data persistence storage stage, and RLS (Row Level Security) or a data desensitization policy is used at a return result stage. However, in the method for guaranteeing data security in the related art, range query cannot be implemented in the full-secret database, and the data security is insufficient. Disclosure of Invention In view of the foregoing, it is desirable to provide a data processing method, apparatus, computer device, computer-readable storage medium, and computer program product that enable data security. In a first aspect, the present application provides a data processing method, including: acquiring a first query instruction, and analyzing the first query instruction to obtain analysis tree result data; determining field data to be encrypted according to the analysis tree result data; determining field encryption proportion in field data to be encrypted by using a hierarchical encryption algorithm, and encrypting the field data to be encrypted according to the field encryption proportion to obtain an encrypted analysis tree; Serializing the encrypted analysis tree, and sending the serialized analysis tree to a database server; And acquiring a query result corresponding to the first query instruction returned by the database server, wherein the query result is the result data of the analysis tree obtained by the database server after the serialized analysis tree is reverse-sequenced, and querying according to the result data of the analysis tree. In one embodiment, after the analysis tree result data is obtained, the data processing method includes the steps of storing a first query instruction and the analysis tree result data in a buffer area in an associated mode, traversing the buffer area to query whether the first query instruction matched with the second query instruction exists when the second query instruction is received, and if the first query instruction matched with the second query instruction exists in the buffer area, taking the analysis tree result data corresponding to the first query instruction as a query result corresponding to the second query instruction and sending the query result to a database server. In one embodiment, before determining the field encryption proportion in the field data to be encrypted by using the hierarchical encryption algorithm, the data processing method comprises the steps of determining the field type of the field data to be encrypted, and adding a preset encryption tag to the field data to be encrypted based on the field type, wherein the preset encryption tag is used for determining the encryption proportion. In an alternative embodiment, a hierarchical encryption algorithm is utilized to determine the field encryption proportion in the field data to be encrypted, and the field data to be encrypted is encrypted according to the field encryption proportion to obtain an encrypted analysis tree, wherein the method comprises the steps of obtaining the encryption proportion when the encryption label of the field data to be encrypted is a preset encryption label; dividing field data to be encrypted into a plaintext prefix and a ciphertext suffix according to encryption proportion, encrypting field data corresponding to the ciphertext suffix to obtain an encrypted ciphertext suffix, and splicing the plaintext prefix and the encrypted ciphertext suffix to obtain encrypted field data. In one embodiment, after obtaining a query result corresponding to the first query instruction returned by the database server, the data processing method includes obtaining an encrypted field in the query result, and decrypting the encrypted field in the query result to obtain result data. In one embodiment, before dividing field data to be encrypted into a plaintext prefix and a ciphertext suffix according to an encryption ratio, the data processing method comprises converting the field data to be encrypted into a character string when an encryption tag of the field data to be encrypted is a preset encryption tag, dividing the field data to be encrypted into the plaintext prefix and the ciphertext suffix according t