CN106487517A - data encryption and decryption method and device - Google Patents
data encryption and decryption method and device Download PDFInfo
- Publication number
- CN106487517A CN106487517A CN201610873485.4A CN201610873485A CN106487517A CN 106487517 A CN106487517 A CN 106487517A CN 201610873485 A CN201610873485 A CN 201610873485A CN 106487517 A CN106487517 A CN 106487517A
- Authority
- CN
- China
- Prior art keywords
- encryption
- key
- ciphertext
- decruption key
- encryption key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0478—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0866—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3231—Biological data, e.g. fingerprint, voice or retina
Abstract
The invention discloses a kind of data encryption and decryption method and device, it is related to Internet technical field, be prevented from other people and obtained in plain text so that user is impaired by cracking protection password.The data ciphering method of the present invention includes:Obtain the first encryption key and second encryption key of input, described first encryption key includes human body biological characteristic information, described second encryption key includes protecting password;According to predetermined encryption rule, using described first encryption key and described second encryption key, plaintext is encrypted, obtains the corresponding ciphertext of described plaintext.Corresponding data decryption method includes:Obtain the first decruption key, the second decruption key and the ciphertext to be decrypted of input, described first decruption key includes human body biological characteristic information, described second decruption key includes protecting password;Using described first decruption key and described second decruption key, described ciphertext is decrypted.The present invention is mainly suitable for being encrypted in the scene of deciphering to vital document.
Description
Technical field
The present invention relates to Internet technical field, more particularly to a kind of data encryption and decryption method and device.
Background technology
With the development of Internet technology, people are gradually accustomed to by required data in work or life electronically
Preserve in a computer.In actual applications, people inquire about for convenience, usually some e-files are saved in client originally
Ground.However, because client is easily attacked, so in order to avoid some important e-files (such as public private key pair) produce wind
These e-files are usually first encrypted by protecting password, then ciphertext are sent to server and are stored by danger.When
When needing using this e-file, terminal can show protection password entry prompt frame, and then terminal can be by the protection of input
Password ciphertext is decrypted, and obtains the e-file after deciphering.
But, protection password is easily broken, and for example other users can be passed through not in protecting password entry prompt frame
The disconnected mode attempting different protection passwords carries out protecting password cracking, consequently, it is possible to exist cracking successful risk, and then leads to
Important e-file is revealed, and brings heavy losses to user.
Content of the invention
In view of this, the present invention provides a kind of data encryption and decryption method and device, is prevented from other people by cracking guarantor
Retaining makes and obtains in plain text so that user is impaired.
The purpose of the present invention employs the following technical solutions to realize:
In a first aspect, the invention provides a kind of data ciphering method, methods described includes:
Obtain the first encryption key and second encryption key of input, described first encryption key includes human body biological characteristics
Information, described second encryption key includes protecting password;
According to predetermined encryption rule, using described first encryption key and described second encryption key, plaintext is carried out adding
Close, obtain the corresponding ciphertext of described plaintext.
In conjunction with a first aspect, in the first possible implementation of first aspect, according to predetermined encryption rule, utilizing
Described first encryption key and described second encryption key are encrypted to plaintext, obtain the corresponding ciphertext of described plaintext and include:
According to predetermined encryption order, using described first encryption key and described second encryption key, described plaintext is carried out
Double layer encryption, obtains described ciphertext.
In conjunction with the first possible implementation of first aspect, in the possible implementation of the second of first aspect
In, according to predetermined encryption order, using described first encryption key and described second encryption key, bilayer is carried out to described plaintext
Encryption, obtains described ciphertext and includes:
If ground floor encryption type is human body biological characteristic information, second layer encryption type is protection password, then utilize institute
State the first encryption key and ground floor encryption is carried out to described plaintext, result ground floor encrypted using described second encryption key
Carry out second layer encryption, obtain described ciphertext;
If ground floor encryption type is protection password, second layer encryption type is human body biological characteristic information, then utilize institute
State the second encryption key and ground floor encryption is carried out to described plaintext, result ground floor encrypted using described first encryption key
Carry out second layer encryption, obtain described ciphertext.
In conjunction with a first aspect, in the third possible implementation of first aspect, according to predetermined encryption rule, utilizing
Described first encryption key and described second encryption key are encrypted to plaintext, obtain the corresponding ciphertext of described plaintext and include:
Human body biological characteristic information in described first encryption key is converted into the first encryption key sequence;
Protection password in described second encryption key is converted into the second encryption key sequence;
Described first encryption key sequence and described second encryption key sequence are merged with process, obtains the 3rd encryption
Key sequence;
Using described 3rd encryption key sequence, described plaintext is encrypted, obtains described ciphertext.
Second aspect, the invention provides a kind of data decryption method, methods described includes:
Obtain the first decruption key, the second decruption key and the ciphertext to be decrypted of input, described first decruption key
Including human body biological characteristic information, described second decruption key includes protecting password;
Using described first decruption key and described second decruption key, described ciphertext is decrypted.
In conjunction with second aspect, in the first possible implementation of second aspect, using described first decruption key
And described second decruption key described ciphertext is decrypted including:
According to the deciphering order being determined by encryption order, using described first decruption key and described second decruption key
Described ciphertext is decrypted.
In conjunction with the first possible implementation of second aspect, in the possible implementation of the second of second aspect
In, according to the deciphering order being determined by encryption order, using described first decruption key and described second decruption key to institute
State ciphertext be decrypted including:
If ground floor encryption type is human body biological characteristic information, second layer encryption type is protection password, then utilize institute
State the second decruption key and ground floor deciphering is carried out to described ciphertext, and after successful decryption, using described first decruption key pair
The result of ground floor deciphering carries out second layer deciphering;
If ground floor encryption type is protection password, second layer encryption type is human body biological characteristic information, then utilize institute
State the first decruption key and ground floor deciphering is carried out to described ciphertext, and after successful decryption, using described second decruption key pair
The result of ground floor deciphering carries out second layer deciphering.
In conjunction with the possible implementation of the second of second aspect, in the third possible implementation of second aspect
In, methods described also includes:
After second layer successful decryption, obtain the corresponding plaintext of described ciphertext.
In conjunction with second aspect, in the 4th kind of possible implementation of second aspect, using described first decruption key
And described second decruption key described ciphertext is decrypted including:
Human body biological characteristic information in described first decruption key is converted to the first decruption key sequence;
Protection password in described second decruption key is converted to the second decruption key sequence;
Described first decruption key sequence and described second decruption key sequence are merged with process, obtains the 3rd deciphering
Key sequence;
It is decrypted using ciphertext described in described 3rd decruption key sequence pair.
The third aspect, the invention provides a kind of data encryption device, described device includes:
Acquiring unit, for obtaining the first encryption key and second encryption key of input, described first encryption key bag
Include human body biological characteristic information, described second encryption key includes protecting password;
Ciphering unit, for according to predetermined encryption rule, described first encryption key being obtained using described acquiring unit
With described second encryption key, plaintext is encrypted, obtains the corresponding ciphertext of described plaintext.
In conjunction with the third aspect, in the first possible implementation of the third aspect, described ciphering unit includes:
First encrypting module, for according to predetermined encryption order, using described first encryption key and described second encryption
Key carries out double layer encryption to described plaintext, obtains described ciphertext.
In conjunction with the first possible implementation of the third aspect, in the possible implementation of the second of the third aspect
In, the first encrypting module includes:
First encryption submodule, for being human body biological characteristic information when ground floor encryption type, second layer encryption type
During for protection password, using described first encryption key, ground floor encryption is carried out to described plaintext, close using the described second encryption
Key carries out second layer encryption to the result that ground floor is encrypted, and obtains described ciphertext;
Second encryption submodule, for being protection password when ground floor encryption type, second layer encryption type is given birth to for human body
During thing characteristic information, using described second encryption key, ground floor encryption is carried out to described plaintext, close using the described first encryption
Key carries out second layer encryption to the result that ground floor is encrypted, and obtains described ciphertext.
In conjunction with the third aspect, in the third possible implementation of the third aspect, described ciphering unit includes:
Modular converter, for being converted into the first encryption key by the human body biological characteristic information in described first encryption key
Sequence;
Described modular converter is additionally operable to for the protection password in described second encryption key to be converted into the second encryption key sequence
Row;
Merge module, described first encryption key sequence and described second encryption for obtaining to described modular converter are close
Key sequence merges process, obtains the 3rd encryption key sequence;
Second encrypting module, for described 3rd encryption key sequence using described merging module acquisition to described plaintext
It is encrypted, obtain described ciphertext.
Fourth aspect, the invention provides a kind of data decryption apparatus, described device includes:
Acquiring unit, for obtaining the first decruption key, the second decruption key and the ciphertext to be decrypted of input, described
First decruption key includes human body biological characteristic information, and described second decruption key includes protecting password;
Decryption unit, described first decruption key and described second deciphering for being obtained using described acquiring unit are close
Key is decrypted to described ciphertext.
In conjunction with fourth aspect, in the first possible implementation of fourth aspect, described decryption unit includes:
First deciphering module, for according to determined by encryption order deciphering order, using described first decruption key with
And described second decruption key is decrypted to described ciphertext.
In conjunction with the first possible implementation of fourth aspect, in the possible implementation of the second of fourth aspect
In, described first deciphering module includes:
First deciphering submodule, for being human body biological characteristic information when ground floor encryption type, second layer encryption type
During for protection password, using described second decruption key, ground floor deciphering is carried out to described ciphertext, and after successful decryption, utilize
Described first decruption key carries out second layer deciphering to the result that ground floor is deciphered;
Second deciphering submodule, for being protection password when ground floor encryption type, second layer encryption type is given birth to for human body
During thing characteristic information, using described first decruption key, ground floor deciphering is carried out to described ciphertext, and after successful decryption, utilize
Described second decruption key carries out second layer deciphering to the result that ground floor is deciphered.
In conjunction with the possible implementation of the second of fourth aspect, in the third possible implementation of fourth aspect
In, described first deciphering module is additionally operable to, after second layer successful decryption, obtain the corresponding plaintext of described ciphertext.
In conjunction with fourth aspect, in the 4th kind of possible implementation of second aspect, described decryption unit includes:
Modular converter, for being converted to the first decruption key by the human body biological characteristic information in described first decruption key
Sequence;
Described modular converter is additionally operable to for the protection password in described second decruption key to be converted to the second decruption key sequence
Row;
Merge module, for close to the described described first decruption key sequence merging module acquisition and described second deciphering
Key sequence merges process, obtains the 3rd decruption key sequence;
Second deciphering module, for merging, using described, the ciphertext described in described 3rd decruption key sequence pair that module obtains
It is decrypted.
The data encryption and decryption method providing by technique scheme, the present invention and device, can be by can uniquely mark
Know the human body biological characteristic information of user and protection this two keys of password are encrypted to a plaintext, rather than be used alone
Protection password is encrypted in plain text to this, thus when being subsequently decrypted to ciphertext, when needing this two keys all correct,
Can successful decryption ciphertext.It follows that after other users log in the account of active user, due to the human-body biological of other users
Characteristic information is different from the human body biological characteristic information of user during encryption file, so other users are continuously attempting to different protections
During password is decrypted, even if the protection password of input is correct, also cannot carry out successful decryption to ciphertext, thus
The file being prevented from encrypting is revealed, it is to avoid user is impaired.
Described above is only the general introduction of technical solution of the present invention, in order to better understand the technological means of the present invention,
And can be practiced according to the content of description, and in order to allow the above and other objects of the present invention, feature and advantage can
Become apparent, below especially exemplified by the specific embodiment of the present invention.
Brief description
By reading the detailed description of hereafter preferred implementation, various other advantages and benefit are common for this area
Technical staff will be clear from understanding.Accompanying drawing is only used for illustrating the purpose of preferred implementation, and is not considered as to the present invention
Restriction.And in whole accompanying drawing, it is denoted by the same reference numerals identical part.In the accompanying drawings:
The flow chart that Fig. 1 shows a kind of data ciphering method provided in an embodiment of the present invention;
The flow chart that Fig. 2 shows a kind of data decryption method provided in an embodiment of the present invention;
Fig. 3 a shows a kind of client-server encryption data interaction figure provided in an embodiment of the present invention;
Fig. 3 b shows a kind of client-server ciphertext data interaction figure provided in an embodiment of the present invention;
Fig. 3 c shows another kind client-server ciphertext data interaction figure provided in an embodiment of the present invention;
Fig. 4 shows a kind of composition frame chart of data encryption device provided in an embodiment of the present invention;
Fig. 5 shows the composition frame chart of another kind data encryption device provided in an embodiment of the present invention;
Fig. 6 shows a kind of composition frame chart of data decryption apparatus provided in an embodiment of the present invention;
Fig. 7 shows the composition frame chart of another kind data decryption apparatus provided in an embodiment of the present invention.
Specific embodiment
It is more fully described the exemplary embodiment of the disclosure below with reference to accompanying drawings.Although showing the disclosure in accompanying drawing
Exemplary embodiment it being understood, however, that may be realized in various forms the disclosure and should not be by embodiments set forth here
Limited.On the contrary, these embodiments are provided to be able to be best understood from the disclosure, and can be by the scope of the present disclosure
Complete conveys to those skilled in the art.
Embodiments provide a kind of data ciphering method, the method can apply to client-side, as Fig. 1 institute
Show, the method mainly includes:
101st, the first encryption key and second encryption key of input are obtained;
Wherein, the first encryption key includes human body biological characteristic information, and the second encryption key includes protecting password.Human body is given birth to
Thing characteristic information can unique mark user, and its type mainly includes fingerprint, iris, face, palmmprint, hand, vein or people
Ear etc..
Specifically, client obtains the first encryption key and the order of the second encryption key does not limit.Can first be obtained
One encryption key, then obtain the second encryption key;The second encryption key can also first be obtained, then obtain the first encryption key;?
Two encryption keys can be obtained simultaneously.
Exemplary, for obtaining this mode of two encryption keys simultaneously:Client can show on an interface
Input the information of human body biological characteristic information and the information of input protection password, then user is carried based on this two
Show information respectively corresponding input area input encryption key, finally click on determine so that client obtain simultaneously two plus
Key.
It should be noted that when inputting human body biological characteristic information, can directly input it is also possible to pass through image acquisition
Input;When being inputted by image acquisition, can pass through but be not limited to following method and realize, the method includes:
User inputs the image of user in corresponding input area, and gathers this image by client, and this image is entered
Row feature extraction, obtains human body biological characteristic information.For example, client can gather the facial image of user, then to this people
Face image is analyzed, and therefrom extracts face characteristic information.
102nd, according to predetermined encryption rule, using described first encryption key and described second encryption key, plaintext is carried out
Encryption, obtains the corresponding ciphertext of described plaintext.
Specifically, predetermined encryption rule is including but not limited to following several:(1) according to predetermined encryption order, successively to bright
Literary composition obtains corresponding ciphertext (" cipher mode one " in embodiment as described below) after carrying out two-layer encryption;(2) first first is added
Key and the second encryption key merge into a new encryption key, then with this new encryption key, plaintext are encrypted
Obtain ciphertext (" cipher mode two " in embodiment as described below).
It should be noted that encrypting, for based on two-layer, the cipher mode obtaining ciphertext, using the first encryption key pair
Plain text encryption, or when the file after the second encryption keys plaintext being encrypted using the first encryption key, can adopt
Realized with Fuzzy-ibe (Fuzzy Identity-Based Encryption, fuzzy Identity based encryption) encryption mechanism
Fuzzy technology is encrypted, it would however also be possible to employ other encryption technologies are encrypted to file, and here does not limit.Wherein, adopt
Fuzzy-ibe encryption mechanism is encrypted can have one when being subsequently decrypted in the human body biological characteristic information obtaining
It is also possible to successful decryption ciphertext is such that it is able to prevent encrypting plaintext user when being decrypted in the case of determining difference, if input
Human body biological characteristic information be slightly changed (for example fingerprint input area input fingerprint when, finger be aligned input area
Situation has deviation) and cannot successful decryption ciphertext.
You need to add is that, when being encrypted to plaintext using the first encryption key and the second encryption key, client
Need first the human body biological characteristic information in the first encryption key to be converted to the first encryption key sequence, by the second encryption key
In protection password be converted to the second encryption key sequence, then again with this two encryption key sequence to plaintext be encrypted.
Additionally, after client is encrypted acquisition ciphertext to plaintext, can be by the user of this ciphertext and active user
ID (Identity, identity number) is sent to server, so that ciphertext carries out safe storage in server side.
Data ciphering method provided in an embodiment of the present invention, can by can unique mark user human body biological characteristics letter
Cease and protection this two keys of password are encrypted to a plaintext, rather than be used alone protection password and this is carried out adding in plain text
Close, thus when being subsequently decrypted to ciphertext, when needing this two keys all correct, just can successful decryption ciphertext.Thus may be used
Know, when other users log in active user account after, due to other users human body biological characteristic information with encryption file when
The human body biological characteristic information of user is different, so other users are continuously attempting to the process that different protection passwords are decrypted
In, even if the protection password of input is correct, also successful decryption cannot be carried out to ciphertext such that it is able to prevent the file encrypted
Reveal, it is to avoid user is impaired.
Further, the step 102 in Fig. 1 can be to be specifically refined as the following two kinds mode:
Cipher mode one:According to predetermined encryption order, using described first encryption key and described second encryption key pair
Described plaintext carries out double layer encryption, obtains described ciphertext.
Specifically, predetermined encryption order can be divided into following two:(1) ground floor encrypts used encryption type (i.e.
Ground floor encryption type) it is human body biological characteristic information, the used encryption type of second layer encryption (i.e. second layer encryption class
Type) for protecting password;(2) the used encryption type of ground floor encryption is protection password, the used encryption of second layer encryption
Type is human body biological characteristic information.That is, during being encrypted acquisition ciphertext to plaintext, encryption order does not do
Limit.Both can using the first encryption key as the required key of ground floor encryption, using the second encryption key as the second layer plus
Close required key;Can also using the second encryption key as the required key of ground floor encryption, using the first encryption key as
The required key of second layer encryption.
When ground floor encryption type is human body biological characteristic information, and second layer encryption type is protection password, client
Using described first encryption key, ground floor encryption can be carried out to described plaintext, using described second encryption key to ground floor
The result of encryption carries out second layer encryption, obtains described ciphertext.When ground floor encryption type is protection password, the second layer encrypts class
When type is human body biological characteristic information, client can carry out ground floor using described second encryption key to described plaintext and add
Close, using described first encryption key, the result that ground floor is encrypted is carried out with second layer encryption, obtain described ciphertext.
Exemplary, after client obtains fingerprint image and protection password " abc123 " of user input, can first from
Take the fingerprint in fingerprint image characteristic information;Then carry out ground floor encryption using fingerprint feature information in plain text 1, obtain ciphertext
1;Finally using protection password " abc123 ", ciphertext 1 is encrypted with acquisition ciphertext 2.Wherein, ciphertext 2 is that plaintext 1 is corresponding
Ciphertext needed for end.
Cipher mode two:Human body biological characteristic information in described first encryption key is converted into the first encryption by client
Key sequence;Protection password in described second encryption key is converted into the second encryption key sequence;Then to described first
Encryption key sequence and described second encryption key sequence merge process, obtain the 3rd encryption key sequence;Finally utilize
Described 3rd encryption key sequence is encrypted to described plaintext, obtains described ciphertext.
Wherein, the mode of merging treatment is including but not limited to following several:(1) directly by the first encryption key sequence and the
Two encryption key sequence carry out head and the tail connect so that the length of the 3rd encryption key sequence be this two sequences length and;(2)
According to preset algorithm (being for example added both), the first encryption key sequence and the second encryption key sequence are calculated, obtains
Obtain the 3rd encryption key sequence.Exemplary, if the first encryption key sequence is " 123456 ", the second encryption key sequence is
" 896 ", then merging both and process the 3rd encryption key sequence obtaining can be " 123456896 ".
Further, the data ciphering method according to Fig. 1, an alternative embodiment of the invention additionally provides a kind of number
According to decryption method, the method can apply to client-side it is also possible to be applied to server side, as shown in Fig. 2 the method is main
Including:
201st, the first decruption key, the second decruption key and the ciphertext to be decrypted of input are obtained;
Wherein, the first decruption key includes human body biological characteristic information, and the second decruption key includes protecting password.With regard to people
The introduction of the correlation of body biological information refer to the associated description in the corresponding step 101 of Fig. 1, and this step repeats no more.
In actual applications, a user may encrypt a plaintext it is also possible to encrypt multiple plaintexts, and encrypts many
During individual plaintext, isolog may be using different encryption keys.For example, in encrypting plaintext 1, the human-body biological of input is special
Reference ceases for " right hand forefinger ", protects password to be " 123456 ";And in encrypting plaintext 2, the human body biological characteristic information of input
For " right hand middle finger ", password is protected to be " 987654 ".
During decrypting ciphertext, when the plaintext of active user's encryption is one, user can directly input first
Decruption key and the second decruption key, and the ciphertext title of ciphertext to be decrypted need not be inputted;When the plaintext of active user's encryption is
When multiple, which is in order to determine that it wants the ciphertext deciphered, then except wanting user input first decruption key and the second solution
Key outer in addition it is also necessary to the ciphertext title of user input ciphertext to be decrypted.
Implementing process and both can executing in client-side of the data decryption method that the present embodiment provides, can hold again
Row in server side, has as a example multiple plaintexts (i.e. server side be stored with multiple ciphertexts) by active user's encryption, to this below
The specific implementation of step is introduced:
When the present embodiment is implemented in client-side, the specific implementation of this step can be:When client receives
Input the ciphertext title of ciphertext to be decrypted after, or obtain input the first decruption key and the second decruption key after, permissible
To server send input ciphertext title and ID, then the reception server according to ciphertext title and ID feedback close
Literary composition.
When the present embodiment is implemented in server side, the specific implementation of this step can be:Server receives client
The first decruption key, the second decruption key, ciphertext title and ID that end sends, then according to ciphertext title and ID
Search corresponding ciphertext, the ciphertext finding is defined as ciphertext to be decrypted.
202nd, using described first decruption key and described second decruption key, described ciphertext is decrypted.
Corresponding with the encryption method in Fig. 1, the decryption method in this step is including but not limited to following several:(1)
If encryption method is to carry out two-layer encryption using predetermined encryption order to plaintext, determined by encryption order according to decryption method
Deciphering order, ciphertext is carried out obtain after two-layer deciphering with required the plaintext (" manner of decryption in embodiment as described below
One ");(2) if encryption method is using the encryption key after merging, plaintext to be encrypted, first by the first decruption key and the
Two decruption keys merge into a new decruption key, then ciphertext are decrypted with acquisition in plain text with this new decruption key
(" manner of decryption two " in embodiment as described below).
If it should be noted that when client is encrypted to file using the first encryption key, the encryption technology of employing
For Fuzzy-ibe, then it is also desirable to use when client or server by utilizing first decruption key are decrypted to file
Fuzzy-ibe technology.
When the present embodiment is implemented in client-side, after execution step 202, if successful decryption, needed for directly obtaining
In plain text, if deciphering unsuccessfully, can be with output display wrong cipher key information;When the present embodiment is implemented in server side, hold
After row step 202, if successful decryption, needing plain text feedback to client, if deciphering unsuccessfully, wrong cipher key can be pointed out
Feedback of the information carries out output display to client.
Data decryption method provided in an embodiment of the present invention, can be to using human body biological characteristic information and protection password
When the ciphertext that this two encryption keys obtain in plain text is decrypted, when needing this two keys all correct, just can successfully solve
Ciphertext.It follows that after other users log in the account of active user, due to the human body biological characteristic information of other users
Different from the human body biological characteristic information of user during encryption file, so other users are carried out continuously attempting to different protection passwords
During deciphering, even if the protection password of input is correct, also cannot carry out successful decryption such that it is able to prevent to ciphertext
The file of encryption is revealed, it is to avoid user is impaired.
Further, the step 202 in Fig. 2 can be to be specifically refined as the following two kinds mode:
Manner of decryption one:According to the deciphering order being determined by encryption order, using described first decruption key and described
Second decruption key is decrypted to described ciphertext.
Wherein, deciphering order is the inverted sequence of encryption order.Specifically, when ground floor encryption type is believed for human body biological characteristics
Breath, when second layer encryption type is protection password, it is possible to use described second decruption key carries out ground floor solution to described ciphertext
Close, and after successful decryption, using described first decruption key, second layer deciphering is carried out to the result that ground floor is deciphered;When first
Layer encryption type is protection password, when second layer encryption type is human body biological characteristic information, it is possible to use described first deciphering
Key carries out ground floor deciphering to described ciphertext, and after successful decryption, using described second decruption key, ground floor is deciphered
Result carry out second layer deciphering.
It should be noted that after the result that ground floor is deciphered carries out second layer successful decryption, just can obtain to be decrypted
The corresponding plaintext of ciphertext;And if ground floor is deciphered unsuccessfully, or the second layer is deciphered unsuccessfully, then cannot obtain in plain text.
Exemplary, when ground floor encryption type is face characteristic information, second layer encryption type is protection password
" abc123 ", when ciphertext to be decrypted is ciphertext x, is decrypted acquisition ciphertext first with protection password " abc123 " to ciphertext x
Y, recycles face characteristic information that ciphertext y is decrypted, obtains in plain text.
Additionally, when deciphering unsuccessfully, can be in client output display wrong cipher key information.In order to allow user to know
It is which decruption key input error, the Key Tpe of false key in wrong cipher key information, can be included.Specifically, if
Ground floor is deciphered unsuccessfully, then can will include the wrong cipher key information of the required Key Tpe of ground floor deciphering in client
Output display is to user;If ground floor successful decryption, the second layer is deciphered unsuccessfully, then can be close needed for second layer deciphering by including
The wrong cipher key information of key type is in client output display to user.
Manner of decryption two:First the human body biological characteristic information in described first decruption key can be converted to the first deciphering
Key sequence;Protection password in described second decruption key is converted to the second decruption key sequence;Then to described first
Decruption key sequence and described second decruption key sequence merge process, obtain the 3rd decruption key sequence;Finally utilize
Ciphertext described in described 3rd decruption key sequence pair is decrypted.
Wherein, merging treatment mode is identical with the merging treatment mode being used during encryption, will not be described here.
Based on above-mentioned data encryption process data decrypting process, below with the human body biological characteristic information of employing as face
Biological information, the equipment of deciphering is server, and encryption method is using " ground floor encryption type is believed for human body biological characteristics
Breath, second layer encryption type is protection password " as a example the mode of this two-layer encryption, illustrate the client clothes that data encryption is related to
Business device interaction (as Fig. 3 a), the client-server interaction (as Fig. 3 b) that data deciphering is related to:
301st, the facial image needed for client gathers encrypting plaintext, then extracts face characteristic letter from facial image
Breath, and this face characteristic information is switched to for the first encryption key sequence;
302nd, the protection password needed for client obtains encrypting plaintext, and this protection password is converted to the second encryption key
Sequence;
303rd, client is based on Fuzzy-ibe technology, carries out ground floor encryption using the first encryption key sequence to plaintext,
Obtain ciphertext 1;
304th, client carries out second layer encryption using the second encryption key sequence to ciphertext 1, obtains ciphertext 2;
305th, ciphertext 2 and ID are sent to server by client;
306th, server receives ciphertext 2 and the ID that client sends, and carries out binding storage;
It should be noted that all can be using the side mentioned by above-mentioned steps 301-306 for each encryption of plaintext process
Method.Below by active user ID as a example server side is stored with multiple ciphertexts, decrypting process is introduced:
307th, the facial image needed for client gathers decrypting ciphertext, then extracts face characteristic letter from facial image
Breath, and this face characteristic information is switched to for the first decruption key sequence;
308th, the protection password needed for client obtains decrypting ciphertext, and this protection password is converted to the second decruption key
Sequence;
309th, the first decruption key sequence, the second decruption key sequence, ciphertext title and ID are sent to by client
Server;
Wherein, because active user ID corresponds to multiple ciphertexts, so client needs to obtain the ciphertext name of ciphertext to be decrypted
Claim, so that server is according to ID and the unique determination of ciphertext title ciphertext to be decrypted.
310th, the first decruption key sequence of server reception client transmission, the second decruption key sequence, ciphertext title
And ID;
311st, server searches corresponding ciphertext (such as ciphertext 2) according to ciphertext title and ID;
312nd, server by utilizing the second decruption key sequence pair ciphertext 2 carries out ground floor deciphering;If successful decryption obtains close
Literary composition 1, then execution step 313,;If deciphering unsuccessfully, execution step 315;
313rd, server is based on Fuzzy-ibe technology, carries out second layer solution using the first decruption key sequence pair ciphertext 1
Close;If successful decryption obtains in plain text, execution step 314;If deciphering unsuccessfully, execution step 315;
314th, plaintext is sent to client by server;
315th, wrong cipher key information is sent to client by server.
Below again with the human body biological characteristic information of employing for face biological information, the equipment of deciphering is client institute
Genus equipment, encryption method is using " ground floor encryption type is human body biological characteristic information, and second layer encryption type is protection mouth
Make " as a example the mode of this two-layer encryption, illustrate the client-server interaction (as Fig. 3 a) that data encryption is related to, data
Decipher the client-server interaction (as Fig. 3 c) being related to:
Wherein, the interaction that encryption is related to refers to above-mentioned steps 301-306, deciphers the interaction being related to as described below
Step 316-325 (equally by active user ID as a example server side is stored with multiple ciphertexts):
316th, the facial image needed for client gathers decrypting ciphertext, then extracts face characteristic letter from facial image
Breath, and this face characteristic information is switched to for the first decruption key sequence;
317th, the protection password needed for client obtains decrypting ciphertext, and this protection password is converted to the second decruption key
Sequence;
318th, ciphertext title and ID are sent to server by client;Wherein, step 316,317,318 not successively
Order point;
319th, server receives ciphertext title and the ID that client sends;
320th, server searches corresponding ciphertext (such as ciphertext 2) according to ciphertext title and ID;
321st, the ciphertext finding is sent to client by server;
322nd, the ciphertext that client the reception server sends;
323rd, client carries out ground floor deciphering using the second decruption key sequence pair ciphertext 2;If successful decryption obtains close
Literary composition 1, then execution step 324,;If deciphering unsuccessfully, execution step 325;
324th, client is based on Fuzzy-ibe technology, carries out second layer solution using the first decruption key sequence pair ciphertext 1
Close;If successful decryption, obtain in plain text;If deciphering unsuccessfully, execution step 325;
325th, output display wrong cipher key information.
You need to add is that, for the interaction data between client and server, all can be calculated by default encryption
Method is encrypted transmission to the data of these interactions, thus ensureing the safety of interaction data, and then ensures the safety of plaintext.
Further, the data ciphering method according to Fig. 1, an alternative embodiment of the invention additionally provides a kind of number
According to encryption device, described device can apply to client-side, as shown in figure 4, described device mainly includes:Acquiring unit 41 with
And ciphering unit 42.Wherein,
Acquiring unit 41, for obtaining the first encryption key and second encryption key of input, described first encryption key
Including human body biological characteristic information, described second encryption key includes protecting password;
Wherein, human body biological characteristic information can unique mark user, and its type mainly include fingerprint, iris, face,
Palmmprint, hand, vein or human ear etc..
Specifically, acquiring unit 41 obtains the first encryption key and the order of the second encryption key does not limit.Can first obtain
Take the first encryption key, then obtain the second encryption key;The second encryption key can also first be obtained, then it is close to obtain the first encryption
Key;Two encryption keys can also be obtained simultaneously.
Ciphering unit 42, for according to predetermined encryption rule, described first encryption being obtained using described acquiring unit 41
Key and described second encryption key are encrypted to plaintext, obtain the corresponding ciphertext of described plaintext.
Further, as shown in figure 5, described ciphering unit 42 includes:
First encrypting module 421, for according to predetermined encryption order, being added using described first encryption key and described second
Key carries out double layer encryption to described plaintext, obtains described ciphertext.
Further, as shown in figure 5, the first encrypting module 421 includes:
First encryption submodule 4211, for being human body biological characteristic information when ground floor encryption type, the second layer is encrypted
When type is protection password, using described first encryption key, ground floor encryption is carried out to described plaintext, add using described second
Key carries out second layer encryption to the result that ground floor is encrypted, and obtains described ciphertext;
Second encryption submodule 4212, for being protection password when ground floor encryption type, second layer encryption type is behaved
During body biological information, using described second encryption key, ground floor encryption is carried out to described plaintext, add using described first
Key carries out second layer encryption to the result that ground floor is encrypted, and obtains described ciphertext.
It should be noted that encrypting, for based on two-layer, the cipher mode obtaining ciphertext, using the first encryption key pair
Plain text encryption, or when the file after the second encryption keys plaintext being encrypted using the first encryption key, can adopt
Realize fuzzy technology encryption with Fuzzy-ibe encryption mechanism, it would however also be possible to employ other encryption technologies are encrypted to file, here
Do not limit.
Further, as shown in figure 5, described ciphering unit 42 includes:
Modular converter 422, for being converted into the first encryption by the human body biological characteristic information in described first encryption key
Key sequence;
Described modular converter 422 is additionally operable to for the protection password in described second encryption key to be converted into the second encryption key
Sequence;
Merge module 423, for described first encryption key sequence and described second that described modular converter 422 is obtained
Encryption key sequence merges process, obtains the 3rd encryption key sequence;
Wherein, the mode of merging treatment is including but not limited to following several:(1) directly by the first encryption key sequence and the
Two encryption key sequence carry out head and the tail connect so that the length of the 3rd encryption key sequence be this two sequences length and;(2)
According to preset algorithm (being for example added both), the first encryption key sequence and the second encryption key sequence are calculated, obtains
Obtain the 3rd encryption key sequence.
Second encrypting module 424, for described 3rd encryption key sequence using described merging module 423 acquisition to institute
State literary composition clearly to be encrypted, obtain described ciphertext.
Data encryption device provided in an embodiment of the present invention, can by can unique mark user human body biological characteristics letter
Cease and protection this two keys of password are encrypted to a plaintext, rather than be used alone protection password and this is carried out adding in plain text
Close, thus when being subsequently decrypted to ciphertext, when needing this two keys all correct, just can successful decryption ciphertext.Thus may be used
Know, when other users log in active user account after, due to other users human body biological characteristic information with encryption file when
The human body biological characteristic information of user is different, so other users are continuously attempting to the process that different protection passwords are decrypted
In, even if the protection password of input is correct, also successful decryption cannot be carried out to ciphertext such that it is able to prevent the file encrypted
Reveal, it is to avoid user is impaired.
Further, the data decryption method according to Fig. 2, an alternative embodiment of the invention additionally provides a kind of number
According to deciphering device, described device can apply to client-side it is also possible to be applied to server side, as shown in fig. 6, described device
Main inclusion:Acquiring unit 51 and decryption unit 52.Wherein,
Acquiring unit 51, for obtaining the first decruption key, the second decruption key and the ciphertext to be decrypted of input, institute
State the first decruption key and include human body biological characteristic information, described second decruption key includes protecting password;
When the present embodiment is implemented in client-side, the ciphertext that acquiring unit 51 obtains is to obtain from server side inquiry.
When the present embodiment is implemented in server side, the first decruption key of acquiring unit 51 acquisition, the second decruption key, ciphertext title
And ID is sent by client and obtains.
Decryption unit 52, described first decruption key and described second for being obtained using described acquiring unit 51 are solved
Key is decrypted to described ciphertext.
When the present embodiment is implemented in client-side, if deciphering unsuccessfully, client can be carried with output display wrong cipher key
Show information;When the present embodiment is implemented in server side, if deciphering unsuccessfully, server can send wrong cipher key to client
Information.
Further, as shown in fig. 7, described decryption unit 52 includes:
First deciphering module 521, for according to the deciphering order being determined by encryption order, using described first decruption key
And described second decruption key is decrypted to described ciphertext.
Further, as shown in fig. 7, described first deciphering module 521 includes:
First deciphering submodule 5211, for being human body biological characteristic information when ground floor encryption type, the second layer is encrypted
When type is protection password, using described second decruption key, ground floor deciphering is carried out to described ciphertext, and after successful decryption,
Using described first decruption key, second layer deciphering is carried out to the result that ground floor is deciphered;
Second deciphering submodule 5212, for being protection password when ground floor encryption type, second layer encryption type is behaved
During body biological information, using described first decruption key, ground floor deciphering is carried out to described ciphertext, and after successful decryption,
Using described second decruption key, second layer deciphering is carried out to the result that ground floor is deciphered.
Further, described first deciphering module 5211 is additionally operable to, after second layer successful decryption, obtain described ciphertext pair
The plaintext answered.
Further, as shown in fig. 7, described decryption unit 52 includes:
Modular converter 522, for being converted to the first deciphering by the human body biological characteristic information in described first decruption key
Key sequence;
Described modular converter 522 is additionally operable to for the protection password in described second decruption key to be converted to the second decruption key
Sequence;
Merge module 523, for merging, to described, the described first decruption key sequence and described second that module 522 obtains
Decruption key sequence merges process, obtains the 3rd decruption key sequence;
Second deciphering module 524, for merging, using described, the described 3rd decruption key sequence pair institute that module 523 obtains
State ciphertext to be decrypted.
Data decryption apparatus provided in an embodiment of the present invention, can be to using human body biological characteristic information and protection password
When the ciphertext that this two encryption keys obtain in plain text is decrypted, when needing this two keys all correct, just can successfully solve
Ciphertext.It follows that after other users log in the account of active user, due to the human body biological characteristic information of other users
Different from the human body biological characteristic information of user during encryption file, so other users are carried out continuously attempting to different protection passwords
During deciphering, even if the protection password of input is correct, also cannot carry out successful decryption such that it is able to prevent to ciphertext
The file of encryption is revealed, it is to avoid user is impaired.
In the above-described embodiments, the description to each embodiment all emphasizes particularly on different fields, and does not have the portion described in detail in certain embodiment
Point, may refer to the associated description of other embodiment.
It is understood that the correlated characteristic in said method and device can mutually reference.In addition, in above-described embodiment
" first ", " second " etc. be for distinguishing each embodiment, and do not represent the quality of each embodiment.
Those skilled in the art can be understood that, for convenience and simplicity of description, the system of foregoing description,
Device and the specific work process of unit, may be referred to the corresponding process in preceding method embodiment, will not be described here.
Algorithm and display be not inherently related to any certain computer, virtual system or miscellaneous equipment provided herein.
Various general-purpose systems can also be used together with based on teaching in this.As described above, construct required by this kind of system
Structure be obvious.Additionally, the present invention is also not for any certain programmed language.It is understood that, it is possible to use various
Programming language realizes the content of invention described herein, and the description above language-specific done is to disclose this
Bright preferred forms.
In description mentioned herein, illustrate a large amount of details.It is to be appreciated, however, that the enforcement of the present invention
Example can be put into practice in the case of not having these details.In some instances, known method, structure are not been shown in detail
And technology, so as not to obscure the understanding of this description.
Similarly it will be appreciated that in order to simplify the disclosure and help understand one or more of each inventive aspect,
Above in the description to the exemplary embodiment of the present invention, each feature of the present invention is grouped together into single enforcement sometimes
In example, figure or descriptions thereof.However, the method for the disclosure should be construed to reflect following intention:I.e. required guarantor
The application claims of shield more features than the feature being expressly recited in each claim.More precisely, it is such as following
Claims reflected as, inventive aspect is all features less than single embodiment disclosed above.Therefore,
The claims following specific embodiment are thus expressly incorporated in this specific embodiment, wherein each claim itself
All as the separate embodiments of the present invention.
Those skilled in the art are appreciated that and the module in the equipment in embodiment can be carried out adaptively
Change and they are arranged in one or more equipment different from this embodiment.Can be the module in embodiment or list
Unit or assembly be combined into a module or unit or assembly, and can be divided in addition multiple submodule or subelement or
Sub-component.In addition to such feature and/or at least some of process or unit exclude each other, can adopt any
Combination is to all features disclosed in this specification (including adjoint claim, summary and accompanying drawing) and so disclosed
Where method or all processes of equipment or unit are combined.Unless expressly stated otherwise, this specification (includes adjoint power
Profit requires, summary and accompanying drawing) disclosed in each feature can carry out generation by the alternative features providing identical, equivalent or similar purpose
Replace.
Although additionally, it will be appreciated by those of skill in the art that some embodiments described herein include other embodiments
In included some features rather than further feature, but the combination of the feature of different embodiment means to be in the present invention's
Within the scope of and form different embodiments.For example, in the following claims, embodiment required for protection appoint
One of meaning can in any combination mode using.
The all parts embodiment of the present invention can be realized with hardware, or to run on one or more processor
Software module realize, or with combinations thereof realize.It will be understood by those of skill in the art that can use in practice
Microprocessor or digital signal processor (DSP) are realizing data encryption and decryption method according to embodiments of the present invention and device
In some or all parts some or all functions.The present invention is also implemented as described herein for executing
Some or all equipment of method or program of device (for example, computer program and computer program).So
The program realizing the present invention can store on a computer-readable medium, or can have the shape of one or more signal
Formula.Such signal can be downloaded from internet website and obtain, or provides on carrier signal, or with any other shape
Formula provides.
It should be noted that above-described embodiment the present invention will be described rather than limits the invention, and ability
Field technique personnel can design alternative embodiment without departing from the scope of the appended claims.In the claims,
Any reference markss between bracket should not be configured to limitations on claims.Word "comprising" does not exclude the presence of not
Element listed in the claims or step.Word "a" or "an" before element does not exclude the presence of multiple such
Element.The present invention can come real by means of the hardware including some different elements and by means of properly programmed computer
Existing.If in the unit claim listing equipment for drying, several in these devices can be by same hardware branch
To embody.The use of word first, second, and third does not indicate that any order.These words can be explained and run after fame
Claim.
Claims (18)
1. a kind of data ciphering method is it is characterised in that methods described includes:
Obtain the first encryption key and second encryption key of input, described first encryption key includes human body biological characteristics letter
Breath, described second encryption key includes protecting password;
According to predetermined encryption rule, using described first encryption key and described second encryption key, plaintext is encrypted, obtains
Obtain the corresponding ciphertext of described plaintext.
2. method according to claim 1 it is characterised in that according to predetermined encryption rule, encrypt close using described first
Key and described second encryption key are encrypted to plaintext, obtain the corresponding ciphertext of described plaintext and include:
According to predetermined encryption order, using described first encryption key and described second encryption key, bilayer is carried out to described plaintext
Encryption, obtains described ciphertext.
3. method according to claim 2 it is characterised in that according to predetermined encryption order, encrypt close using described first
Key and described second encryption key carry out double layer encryption to described plaintext, obtain described ciphertext and include:
If ground floor encryption type is human body biological characteristic information, second layer encryption type is protection password, then utilize described the
One encryption key carries out ground floor encryption to described plaintext, using described second encryption key, the result that ground floor is encrypted is carried out
The second layer is encrypted, and obtains described ciphertext;
If ground floor encryption type is protection password, second layer encryption type is human body biological characteristic information, then utilize described the
Two encryption keys carry out ground floor encryption to described plaintext, using described first encryption key, the result that ground floor is encrypted are carried out
The second layer is encrypted, and obtains described ciphertext.
4. method according to claim 1 it is characterised in that according to predetermined encryption rule, encrypt close using described first
Key and described second encryption key are encrypted to plaintext, obtain the corresponding ciphertext of described plaintext and include:
Human body biological characteristic information in described first encryption key is converted into the first encryption key sequence;
Protection password in described second encryption key is converted into the second encryption key sequence;
Described first encryption key sequence and described second encryption key sequence are merged with process, obtains the 3rd encryption key
Sequence;
Using described 3rd encryption key sequence, described plaintext is encrypted, obtains described ciphertext.
5. a kind of data decryption method is it is characterised in that methods described includes:
Obtain the first decruption key, the second decruption key and the ciphertext to be decrypted of input, described first decruption key includes
Human body biological characteristic information, described second decruption key includes protecting password;
Using described first decruption key and described second decruption key, described ciphertext is decrypted.
6. method according to claim 5 is it is characterised in that deciphered using described first decruption key and described second
Key described ciphertext is decrypted including:
According to the deciphering order being determined by encryption order, using described first decruption key and described second decruption key to institute
State ciphertext to be decrypted.
7. method according to claim 6 it is characterised in that according to determined by encryption order deciphering order, using institute
State the first decruption key and described second decruption key described ciphertext is decrypted including:
If ground floor encryption type is human body biological characteristic information, second layer encryption type is protection password, then utilize described the
Two decruption keys carry out ground floor deciphering to described ciphertext, and after successful decryption, using described first decruption key to first
The result of layer deciphering carries out second layer deciphering;
If ground floor encryption type is protection password, second layer encryption type is human body biological characteristic information, then utilize described the
One decruption key carries out ground floor deciphering to described ciphertext, and after successful decryption, using described second decruption key to first
The result of layer deciphering carries out second layer deciphering.
8. method according to claim 7 is it is characterised in that methods described also includes:
After second layer successful decryption, obtain the corresponding plaintext of described ciphertext.
9. method according to claim 5 is it is characterised in that deciphered using described first decruption key and described second
Key described ciphertext is decrypted including:
Human body biological characteristic information in described first decruption key is converted to the first decruption key sequence;
Protection password in described second decruption key is converted to the second decruption key sequence;
Described first decruption key sequence and described second decruption key sequence are merged with process, obtains the 3rd decruption key
Sequence;
It is decrypted using ciphertext described in described 3rd decruption key sequence pair.
10. a kind of data encryption device is it is characterised in that described device includes:
Acquiring unit, for obtaining the first encryption key and second encryption key of input, described first encryption key includes people
Body biological information, described second encryption key includes protecting password;
Ciphering unit, for according to predetermined encryption rule, described first encryption key being obtained using described acquiring unit and institute
State the second encryption key plaintext is encrypted, obtain the corresponding ciphertext of described plaintext.
11. devices according to claim 10 are it is characterised in that described ciphering unit includes:
First encrypting module, for according to predetermined encryption order, using described first encryption key and described second encryption key
Described plaintext is carried out with double layer encryption, obtains described ciphertext.
12. devices according to claim 11 are it is characterised in that the first encrypting module includes:
First encryption submodule, for being human body biological characteristic information when ground floor encryption type, second layer encryption type is to protect
When retaining makes, using described first encryption key, ground floor encryption is carried out to described plaintext, using described second encryption key pair
The result of ground floor encryption carries out second layer encryption, obtains described ciphertext;
Second encryption submodule, for being protection password when ground floor encryption type, second layer encryption type is that human-body biological is special
During reference breath, using described second encryption key, ground floor encryption is carried out to described plaintext, using described first encryption key pair
The result of ground floor encryption carries out second layer encryption, obtains described ciphertext.
13. devices according to claim 10 are it is characterised in that described ciphering unit includes:
Modular converter, for being converted into the first encryption key sequence by the human body biological characteristic information in described first encryption key
Row;
Described modular converter is additionally operable to for the protection password in described second encryption key to be converted into the second encryption key sequence;
Merge module, for described first encryption key sequence that described modular converter is obtained and described second encryption key sequence
Row merge process, obtain the 3rd encryption key sequence;
Second encrypting module, for being carried out to described plaintext using described described 3rd encryption key sequence merging module acquisition
Encryption, obtains described ciphertext.
A kind of 14. data decryption apparatus are it is characterised in that described device includes:
Acquiring unit, the first decruption key inputting for acquisition, the second decruption key and ciphertext to be decrypted, described first
Decruption key includes human body biological characteristic information, and described second decruption key includes protecting password;
Decryption unit, for described first decruption key that obtained using described acquiring unit and described second decruption key pair
Described ciphertext is decrypted.
15. devices according to claim 14 are it is characterised in that described decryption unit includes:
First deciphering module, for according to the deciphering order being determined by encryption order, using described first decruption key and institute
State the second decruption key described ciphertext is decrypted.
16. devices according to claim 15 are it is characterised in that described first deciphering module includes:
First deciphering submodule, for being human body biological characteristic information when ground floor encryption type, second layer encryption type is to protect
When retaining makes, using described second decruption key, ground floor deciphering is carried out to described ciphertext, and after successful decryption, using described
First decruption key carries out second layer deciphering to the result that ground floor is deciphered;
Second deciphering submodule, for being protection password when ground floor encryption type, second layer encryption type is that human-body biological is special
During reference breath, using described first decruption key, ground floor deciphering is carried out to described ciphertext, and after successful decryption, using described
Second decruption key carries out second layer deciphering to the result that ground floor is deciphered.
17. devices according to claim 16 are it is characterised in that described first deciphering module is additionally operable to decipher in the second layer
After success, obtain the corresponding plaintext of described ciphertext.
18. devices according to claim 14 are it is characterised in that described decryption unit includes:
Modular converter, for being converted to the first decruption key sequence by the human body biological characteristic information in described first decruption key
Row;
Described modular converter is additionally operable to for the protection password in described second decruption key to be converted to the second decruption key sequence;
Merge module, for merging, to described, described first decruption key sequence and the described second decruption key sequence that module obtains
Row merge process, obtain the 3rd decruption key sequence;
Second deciphering module, for being carried out using the described ciphertext described in described 3rd decruption key sequence pair merging module acquisition
Deciphering.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610873485.4A CN106487517A (en) | 2016-09-30 | 2016-09-30 | data encryption and decryption method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610873485.4A CN106487517A (en) | 2016-09-30 | 2016-09-30 | data encryption and decryption method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN106487517A true CN106487517A (en) | 2017-03-08 |
Family
ID=58268397
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610873485.4A Pending CN106487517A (en) | 2016-09-30 | 2016-09-30 | data encryption and decryption method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106487517A (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108923916A (en) * | 2018-06-22 | 2018-11-30 | 武汉彤科电力科技有限公司 | A kind of terminal symmetric key update exchange method |
| CN109272729A (en) * | 2018-09-05 | 2019-01-25 | 吴贤忠 | Thief-proof code remote controler recognition methods and device |
| CN109918929A (en) * | 2019-03-06 | 2019-06-21 | 上海春魁信息技术有限公司 | A kind of encrypting and decrypting method and device |
| CN109977919A (en) * | 2019-04-10 | 2019-07-05 | 厦门一通灵信息科技有限公司 | Data processing method, medium, equipment and device based on recognition of face |
| CN110392030A (en) * | 2018-04-20 | 2019-10-29 | 武汉真元生物数据有限公司 | A kind of authentication based on biological characteristic, method for processing business and system |
| CN111711640A (en) * | 2020-06-30 | 2020-09-25 | 郑州工业应用技术学院 | Safe computer network communication system |
| CN115277117A (en) * | 2022-07-08 | 2022-11-01 | 建信金融科技有限责任公司 | File viewing method and device, electronic equipment and storage medium |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20020108041A1 (en) * | 2001-01-10 | 2002-08-08 | Hideaki Watanabe | Public key certificate issuing system, public key certificate issuing method, information processing apparatus, information recording medium, and program storage medium |
| CN101340279A (en) * | 2008-07-09 | 2009-01-07 | 深圳市金蝶移动互联技术有限公司 | Method, system and apparatus for data ciphering and deciphering |
| CN102316452A (en) * | 2011-07-18 | 2012-01-11 | 辽宁国兴科技有限公司 | Cloud based duplex authorization login system utilizing near field communication (NFC) technology |
| CN104935429A (en) * | 2014-03-17 | 2015-09-23 | Tcl集团股份有限公司 | Data processing method and system employing multi-encryption technology |
| CN104994070A (en) * | 2015-05-27 | 2015-10-21 | 福州惟实信息科技有限公司 | Information transmission method capable of verifying information source based on encrypted double-layered two-dimension bar code |
| CN105553667A (en) * | 2015-12-16 | 2016-05-04 | 北京海泰方圆科技股份有限公司 | Dynamic password generating method |
| CN105656870A (en) * | 2015-06-29 | 2016-06-08 | 宇龙计算机通信科技(深圳)有限公司 | Data transmission method, device and system |
| CN105850072A (en) * | 2013-12-02 | 2016-08-10 | 三菱电机株式会社 | Data processing system, encryption apparatus, decryption apparatus, and program |
-
2016
- 2016-09-30 CN CN201610873485.4A patent/CN106487517A/en active Pending
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20020108041A1 (en) * | 2001-01-10 | 2002-08-08 | Hideaki Watanabe | Public key certificate issuing system, public key certificate issuing method, information processing apparatus, information recording medium, and program storage medium |
| CN101340279A (en) * | 2008-07-09 | 2009-01-07 | 深圳市金蝶移动互联技术有限公司 | Method, system and apparatus for data ciphering and deciphering |
| CN102316452A (en) * | 2011-07-18 | 2012-01-11 | 辽宁国兴科技有限公司 | Cloud based duplex authorization login system utilizing near field communication (NFC) technology |
| CN105850072A (en) * | 2013-12-02 | 2016-08-10 | 三菱电机株式会社 | Data processing system, encryption apparatus, decryption apparatus, and program |
| CN104935429A (en) * | 2014-03-17 | 2015-09-23 | Tcl集团股份有限公司 | Data processing method and system employing multi-encryption technology |
| CN104994070A (en) * | 2015-05-27 | 2015-10-21 | 福州惟实信息科技有限公司 | Information transmission method capable of verifying information source based on encrypted double-layered two-dimension bar code |
| CN105656870A (en) * | 2015-06-29 | 2016-06-08 | 宇龙计算机通信科技(深圳)有限公司 | Data transmission method, device and system |
| CN105553667A (en) * | 2015-12-16 | 2016-05-04 | 北京海泰方圆科技股份有限公司 | Dynamic password generating method |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110392030A (en) * | 2018-04-20 | 2019-10-29 | 武汉真元生物数据有限公司 | A kind of authentication based on biological characteristic, method for processing business and system |
| CN110392030B (en) * | 2018-04-20 | 2021-12-14 | 武汉真元生物数据有限公司 | Identity authentication and service processing method and system based on biological characteristics |
| CN108923916A (en) * | 2018-06-22 | 2018-11-30 | 武汉彤科电力科技有限公司 | A kind of terminal symmetric key update exchange method |
| CN109272729A (en) * | 2018-09-05 | 2019-01-25 | 吴贤忠 | Thief-proof code remote controler recognition methods and device |
| CN109272729B (en) * | 2018-09-05 | 2024-02-13 | 吴贤忠 | Identification method and device for anti-theft code remote controller |
| CN109918929A (en) * | 2019-03-06 | 2019-06-21 | 上海春魁信息技术有限公司 | A kind of encrypting and decrypting method and device |
| CN109918929B (en) * | 2019-03-06 | 2021-10-01 | 上海春魁信息技术有限公司 | Encryption and decryption method and device |
| CN109977919A (en) * | 2019-04-10 | 2019-07-05 | 厦门一通灵信息科技有限公司 | Data processing method, medium, equipment and device based on recognition of face |
| CN109977919B (en) * | 2019-04-10 | 2022-03-04 | 厦门一通灵信息科技有限公司 | Data processing method, medium, equipment and device based on face recognition |
| CN111711640A (en) * | 2020-06-30 | 2020-09-25 | 郑州工业应用技术学院 | Safe computer network communication system |
| CN115277117A (en) * | 2022-07-08 | 2022-11-01 | 建信金融科技有限责任公司 | File viewing method and device, electronic equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106487517A (en) | data encryption and decryption method and device | |
| US9781108B2 (en) | System and method of secure encryption for electronic data transfer | |
| US9432346B2 (en) | Protocol for controlling access to encryption keys | |
| JP4881119B2 (en) | User authentication method, user side authentication device, and program | |
| KR100969241B1 (en) | Method and system for managing data on a network | |
| Kwon et al. | Analysis and improvement of a pin-entry method resilient to shoulder-surfing and recording attacks | |
| US20090208004A1 (en) | File Encrypting/Decrypting Method, Apparatus, Program, And Computer-Readable Recording Medium Storing The Program | |
| CN107251476A (en) | Secret communication is managed | |
| EP3698514A1 (en) | System and method for generating and depositing keys for multi-point authentication | |
| CN103971043A (en) | Identity authentication method and authentication information acquisition method | |
| CN105187382B (en) | Prevent from hitting the multiple-factor identity identifying method of storehouse attack | |
| US8619978B2 (en) | Multiple account authentication | |
| CN105612728B (en) | The safe data channel authentication of implicit shared key | |
| JP2008258663A (en) | Information communication system | |
| CN113158250B (en) | Privacy protection network car booking method and system for eliminating once-matched drivers | |
| CN106452755A (en) | Method, apparatus and system for resetting protection passwords, based on decryption cryptograph of client | |
| CN106341227B (en) | The method, apparatus and system of resetting protection password based on server decryption ciphertext | |
| Sulaiman et al. | E-health services with secure mobile agent | |
| CN103780600B (en) | RSA public key cryptography based off-line electric power transaction information system authorization method | |
| CN107818263B (en) | Electronic document processing method and device, and electronic document encryption method and device | |
| EP3577849A1 (en) | Identity verification | |
| Maddipati | Implementation of Captcha as Graphical Passwords For Multi Security | |
| CN113259098B (en) | Visual password and double-random-phase encryption and decryption method and system | |
| KR100842014B1 (en) | Accessing protected data on network storage from multiple devices | |
| CN1480871A (en) | Method of digit identity authentication based on features of non-biophysics |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170308 |
|
| RJ01 | Rejection of invention patent application after publication |