Search

CN-121984689-A - User data processing method, device and system

CN121984689ACN 121984689 ACN121984689 ACN 121984689ACN-121984689-A

Abstract

The embodiment of the invention provides a processing method of user data, which is operated on a client side and comprises the following steps of triggering a processing request for encrypting first user data selected by a first user applied to the client side, generating a first encryption factor, encrypting the first user data selected by the first user according to the first encryption factor to obtain first ciphertext data, acquiring a first user public key which corresponds to the first user applied to the client side and is used for asymmetric encryption processing from a data protection system server side, encrypting the first encryption factor according to the first user public key to obtain first encryption factor ciphertext data, and uploading the first ciphertext data and the first encryption factor ciphertext data to the data protection system server side to be stored corresponding to the first user public key. The invention encrypts the user data at the client, enhances the security and privacy protection, and saves the public key and the ciphertext for subsequent operation, so that the user can control the user data.

Inventors

  • LI XIAOYUN

Assignees

  • 东方魂数智科技(北京)有限公司

Dates

Publication Date
20260505
Application Date
20241028

Claims (10)

  1. 1. A processing method of user data, which runs on a client side, comprises the following steps: triggering a processing request for encrypting first user data selected by a first user applied to a client; Generating a first encryption factor; Encrypting the first user data selected by the first user according to the first encryption factor to obtain first ciphertext data; Acquiring a first user public key corresponding to a first user applied by a client side and used for asymmetric encryption processing from a data protection system server side; Encrypting the first encryption factor according to the first user public key to obtain first encryption factor ciphertext data; and uploading the first ciphertext data and the first encryption factor ciphertext data to the data protection system server side to be stored in correspondence with the first user public key.
  2. 2. The method of claim 1, wherein upon triggering a processing request to encrypt first user data selected by a first user of a client application, the method further comprises: Acquiring a first user public key and a first user private key which can be subjected to asymmetric encryption and decryption processing by a first user of a client application; Storing the first user private key at the client side; And uploading the first user public key to the data protection system server side for storage.
  3. 3. The method according to claim 2, wherein the step of uploading the first user public key to the data protection system server side for saving includes: Acquiring client application information and/or a first user ID of a client application; Uploading client application information and/or a first user ID of a client application and a first user public key of a client application user to the data protection system server for corresponding storage; wherein the client application information and/or the client application first user ID is also saved in correspondence with a client application creator ID of the data protection system server.
  4. 4. The method according to claim 2, wherein the method further comprises: triggering a decryption viewing processing request of first user data of a first user applied to a client; acquiring first ciphertext data and first encryption factor ciphertext data of a first user applied by a client from a data protection system server; Acquiring a first user private key of a first user of a client application from a client application side; Decrypting the first encryption factor ciphertext data according to the first user private key to obtain a first encryption factor; and decrypting the first ciphertext data according to the first encryption factor to obtain first user data.
  5. 5. The method according to claim 2, wherein the method further comprises: Responding to an authorization request of a second user of a request authorizer for the first user data, and acquiring first encryption factor ciphertext data of a client application first user and a second user public key of the second user of the request authorizer from a data protection system server side; Acquiring a first user private key of a first user of a client application from a client application side; Decrypting the first encryption factor ciphertext data according to the first user private key to obtain a first encryption factor; Encrypting the first encryption factor according to the second user public key to obtain third encryption factor ciphertext data; Uploading the third encryption factor ciphertext data to the data protection system server side, and correspondingly storing the third encryption factor ciphertext data, the second user public key and the first ciphertext data.
  6. 6. The method according to claim 2, wherein the method further comprises: in response to a transfer request of a third user of a request transfer party for the first user data, acquiring first encryption factor ciphertext data of the first user of the client application and a third user public key of the third user of the request transfer party from a data protection system server side; Acquiring a first user private key of a first user of a client application from a client application side; Decrypting the first encryption factor ciphertext data according to the first user private key to obtain a first encryption factor; encrypting the first encryption factor according to the third user public key to obtain fourth encryption factor ciphertext data; Uploading fourth encryption factor ciphertext data to the data protection system server side, and correspondingly storing the fourth encryption factor ciphertext data, the third user public key and the first ciphertext data; And updating the data protection system server side to mark the first ciphertext data under the data item of the first user applied by the client side as a deleting state.
  7. 7. The method according to any one of claims 1-6, wherein the method further comprises: Acquiring a supervisor public key of asymmetric encryption and decryption processing of a supervisor; encrypting the first encryption factor according to the supervision public key to obtain second encryption factor ciphertext data; Uploading the second encryption factor ciphertext data to the data protection system server side, and storing the second encryption factor ciphertext data, the first user public key, the first ciphertext data and the first encryption factor ciphertext data correspondingly.
  8. 8. A server apparatus for a user data protection system, comprising: The system background management module is configured to establish and manage users in the system and log in and access the users; The public key hosting module is configured to acquire and manage a user public key uploaded by a client application user; the data right determining module is configured to acquire and manage ciphertext data and encryption factor ciphertext data uploaded by a client application user; A data transceiver module configured to receive data between a transmission and a client; And the encrypted data storage module is configured to correspondingly store the ciphertext data uploaded by the client application user, the encryption factor ciphertext data and the user public key.
  9. 9. A client computer device comprising a storage medium, a processor and a computer program stored on the storage medium and executable on the processor, characterized in that the processor implements the method of any of claims 1-7 when executing the computer program.
  10. 10. A user data protection system comprising a server device for a user data protection system according to claim 8 and at least one client computer device according to claim 9.

Description

User data processing method, device and system Technical Field The present invention relates to the field of digital encryption technologies, and in particular, to a method, an apparatus, and a system for processing user data. Background At present, in terms of privacy protection of user data in the mobile internet, a cloud storage mode mainly adopted by an application program developer is adopted, and the application program developer determines which user data to store for a user. Through a user data use protocol, an application program developer takes the initiative for users, uploads and cloud storage is carried out on user data required by the application program developer, and based on the use management required by subsequent commercialization of an application program platform, the application program developer does not provide design and interaction of user data management for the users in the application program. However, as web2.0 is upgraded to web3.0, web3.0 emphasizes the privacy and security of user data, so that the application platform needs to employ various encryption technologies to protect the user data and transaction security, which has been a major trend of internet development. In the published patent application number CN202211066431.9, the patent name of the patent is a method, a device and a storage medium for encrypting and transmitting data of a client and a server, the method, the device and the storage medium for encrypting and transmitting data of the client and the server are disclosed, wherein the method for the patent comprises the steps that after a client receives user information after logging in, a client public key and a client private key are randomly generated; the method comprises the steps of carrying out asymmetric encryption on user information and a client public key by a server public key, transmitting the user information and the client public key to a server, carrying out asymmetric decryption on the server by a server private key, verifying the user information, obtaining a symmetric key associated with user login at this time, carrying out asymmetric encryption on user login success information and the symmetric key by the client public key, transmitting the user login success information and the symmetric key to the client, carrying out asymmetric decryption operation by the client by using the client private key, obtaining user request data in real time, carrying out symmetric encryption on the user request data by using the symmetric key, and transmitting the user request data to the server. However, the prior art still does not give any teaching or technical disclosure on how to perform encryption protection of user data for users on the application client side. Disclosure of Invention The embodiment of the invention provides a processing method, a device and a system for user data, which are used for realizing encryption protection of user data facing users and providing higher data security and privacy protection level for the users. The embodiment of the invention provides a processing method of user data, which is operated on a client side and comprises the following steps of triggering a processing request for encrypting first user data selected by a first user applied to the client side, generating a first encryption factor, encrypting the first user data selected by the first user according to the first encryption factor to obtain first ciphertext data, obtaining a first user public key which corresponds to the first user applied to the client side and is used for asymmetric encryption processing from a data protection system server side, encrypting the first encryption factor according to the first user public key to obtain first encryption factor ciphertext data, and uploading the first ciphertext data and the first encryption factor ciphertext data to the data protection system server side to be stored in a mode corresponding to the first user public key. Optionally, when a processing request for encrypting the first user data selected by the first user of the client application is triggered, the method further comprises the steps of obtaining a first user public key and a first user private key which can be used for asymmetric encryption and decryption processing by the first user of the client application, storing the first user private key on the client side, and uploading the first user public key to the server side of the data protection system for storage. Optionally, the step of uploading the first user public key to the data protection system server side for saving may include the steps of obtaining client application information and/or a client application first user ID, and uploading the client application information and/or the client application first user ID and the first user public key of the client application user to the data protection system server side for corresponding saving, wherein the client application information a