CN106936763A - Data encryption and the method and apparatus of decryption - Google Patents

Data encryption and the method and apparatus of decryption Download PDF

Info

Publication number
CN106936763A
CN106936763A CN201511008463.3A CN201511008463A CN106936763A CN 106936763 A CN106936763 A CN 106936763A CN 201511008463 A CN201511008463 A CN 201511008463A CN 106936763 A CN106936763 A CN 106936763A
Authority
CN
China
Prior art keywords
data
ciphertext
encryption
terminal device
cloud disk
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201511008463.3A
Other languages
Chinese (zh)
Inventor
杨硕
邵波
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Aisino Corp
Original Assignee
Aisino Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Aisino Corp filed Critical Aisino Corp
Priority to CN201511008463.3A priority Critical patent/CN106936763A/en
Publication of CN106936763A publication Critical patent/CN106936763A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention relates to security technology area, the method and apparatus for disclosing data encryption and decryption, the method for data encryption includes:The data that will upload to cloud disk are received from the terminal device of connection;The data for receiving are encrypted using key, the ciphertext of generation is segmented, segment data is obscured using including mixing the data mapping tables of position after front position is mixed with correspondence, ciphertext is obscured in generation;The terminal device that ciphertext returns to connection will be obscured, make terminal device by it is described obscure ciphertext and be sent to cloud disk stored.The present invention can be to cloud disk will be uploaded at user's used terminal data be encrypted so that user can be encrypted independently of cloud disk, increased the security of user data.

Description

Data encryption and the method and apparatus of decryption
Technical field
The present invention relates to security technology area, in particular it relates to a kind of method of data encryption and decryption and Device.
Background technology
With the development of network technology, Internet Service Provider can provide the service of cloud storage.User can be with In storing data into cloud disk.For example, user the data Cun Chudao cloud disks such as photo, video can be carried out it is standby Part.Because the data stored in cloud disk are generally the personal data of user, it is therefore desirable to provide a kind of technical side Case can store the data in cloud disk and maintain secrecy to user, and the data for placing user's storage are compromised.
In the prior art, safe and secret treatment is carried out to the data stored in cloud disk by Internet Service Provider. For example, being encrypted to the data stored in cloud disk by Internet Service Provider.The problem of this technical scheme It is that the security of the data of storage depends on the Prevention-Security that Internet Service Provider is used in cloud disk Measure.If the Prevention-Security measure that Internet Service Provider is used starts a leak by malicious attack, The user data of cloud disk storage may be compromised.
The content of the invention
It is an object of the invention to provide a kind of data encryption and the method and apparatus of decryption, can solve the problem that above-mentioned Technical problem, at least can partly solve above-mentioned technical problem.
To achieve these goals, the present invention provides a kind of method of data encryption, and the method includes:From The terminal device of connection receives the data that will upload to cloud disk;The data for receiving are added using key It is close, the ciphertext of generation is segmented, mapped using including mixing the data of front position and the mixed rear position of correspondence Table is obscured segment data, and ciphertext is obscured in generation;The terminal device that ciphertext returns to connection will be obscured, Make terminal device by it is described obscure ciphertext and be sent to cloud disk stored.
Preferably, methods described also includes:Generation random factor, according to the random factor is obtained Data mapping tables;Random factor is encrypted using key, generates the random factor of encryption;It is described to incite somebody to action Obscure the terminal device that ciphertext returns to connection, make terminal device obscure ciphertext and be sent to cloud disk by described Row storage includes:The terminal device that ciphertext returns to connection with the random factor of encryption will be obscured, make terminal The random factor for obscuring ciphertext and the encryption is sent to cloud disk and is stored by equipment.
Preferably, methods described also includes:When the presence duration of the key exceedes the term of validity, by institute Key updating is stated for new key;Regained by the terminal device for connecting and uploaded to the original of cloud disk Data;The initial data for having uploaded to cloud disk is encrypted using new key, uses data mapping tables Ciphertext after encryption is obscured, is generated and new is obscured ciphertext;New is obscured by ciphertext by terminal device Upload to cloud disk.
According to an aspect of the present invention, a kind of method of data deciphering is disclosed, the method includes:From even The terminal device for connecing receives the data including obscuring ciphertext downloaded from cloud disk;According to encryption when it is used including The data mapping tables of position obscure described ciphertext and are reduced into original cipher text after mixed front position and correspondence are mixed, make The original cipher text is decrypted into initial data by key used during with encryption;The initial data that will be decrypted is returned Back to terminal device.
Preferably, the data downloaded from cloud disk of the reception include the random factor of encryption;The basis It is used during encryption to obscure ciphertext also by described including mixing the data mapping tables of front position and the mixed rear position of correspondence Original includes into original cipher text:Key used enters to the random factor encrypted in the data of reception during using encryption Row decryption;The data mapping tables are obtained according to the random factor;Will be mixed using the data mapping tables Ciphertext of confusing is reduced into original cipher text.
Preferably, methods described also includes:Before decryption, password of the input for verifying is pointed out;
After receiving the password of input, verified using the password, solution is proceeded by after being verified It is close.
According to an aspect of the present invention, a kind of device of data encryption is disclosed, the device includes:Communication Module, for receiving the data that will upload to cloud disk from the terminal device of connection;Encrypting module, is used for The data for receiving are encrypted using key, the ciphertext of generation is segmented, using including mixing anteposition The data mapping tables for putting and corresponding to mixed rear position are obscured segment data, and ciphertext is obscured in generation;It is described Communication module is additionally operable to that the terminal device that ciphertext returns to connection will be obscured, and terminal device is obscured described Ciphertext is sent to cloud disk and is stored.
Preferably, the encrypting module is used to generate random factor, according to the random factor is obtained Data mapping tables;Random factor is encrypted using key, generates the random factor of encryption;It is described logical Letter module is used to that the terminal device that ciphertext returns to connection with the random factor of encryption will to be obscured, and sets terminal It is standby the random factor for obscuring ciphertext and the encryption is sent to cloud disk to be stored.
Preferably, described device also includes update module, and the update module is used for depositing when the key It is new key by the key updating, using the communication module by connecting when duration exceedes the term of validity The terminal device for connecing regains the initial data for having uploaded to cloud disk;The encrypting module is indicated to use New key is encrypted to the initial data for having uploaded to cloud disk, using data mapping tables to close after encryption Text is obscured, and generates and new obscures ciphertext;Indicate the communication module to pass through terminal device to mix new Ciphertext of confusing uploads to cloud disk.
According to an aspect of the present invention, a kind of device of data deciphering is disclosed, described device includes:It is logical Letter module is used to be received from the terminal device of connection the data including obscuring ciphertext downloaded from cloud disk;Decryption Module is for according to used including mixing front position and the corresponding data mapping tables for mixing rear position by institute when encrypting State and obscure ciphertext and be reduced into original cipher text, the original cipher text is decrypted into original by key used during using encryption Beginning data;The initial data that the communication module is additionally operable to decrypt returns to terminal device.
Preferably, the data downloaded from cloud disk of the reception include the random factor of encryption;The decryption Module is used for key used during using encryption and the random factor encrypted in the data of reception is decrypted;Root The data mapping tables are obtained according to the random factor;To obscure ciphertext using the data mapping tables to reduce Into original cipher text.
Preferably, described device also includes authentication module, for before decryption, pointing out input for verifying Password;After receiving the password of input, verified using the password, institute is indicated after being verified State deciphering module and proceed by decryption.
By above-mentioned technical proposal, the data that will upload to cloud disk are received from the terminal device of connection, made The data for receiving are encrypted with key, encryption gained ciphertext is obscured using data mapping tables, The terminal device that ciphertext returns to connection will be obscured, ciphertext will be obscured and be uploaded to cloud disk.So, it is possible The data that will upload to cloud disk are encrypted at user's used terminal so that user can be independently of Cloud disk is encrypted, and increased the security of user data;Ciphertext after encryption is obscured, enters one Step reduces the possibility that data are cracked;And ciphering process is transparent relative to user, user will not be increased Operation, improves Consumer's Experience.On the other hand, present invention also offers the solution secret skill corresponding with encryption Data in cloud disk can be decrypted by art scheme, facilitate user to obtain data in cloud disk.
Other features and advantages of the present invention will be described in detail in subsequent specific embodiment part.
Brief description of the drawings
Accompanying drawing is, for providing a further understanding of the present invention, and to constitute the part of specification, with Following specific embodiment is used to explain the present invention together, but is not construed as limiting the invention. In accompanying drawing:
Fig. 1 is the flow chart of the method for data encryption according to an embodiment of the invention;
Fig. 2 is the flow chart of the method for key updating according to an embodiment of the invention;
Fig. 3 is the flow chart of the method for data deciphering according to an embodiment of the invention;Fig. 4 is according to this Invent the schematic diagram of the application scenarios of an embodiment;
Fig. 5 is the flow chart of the method for data encryption and decryption according to an embodiment of the invention;
Fig. 6 is the structure chart of the device of data encryption according to an embodiment of the invention;
Fig. 7 is the structure chart of the device of data encryption according to an embodiment of the invention;
Fig. 8 is the structure chart of the device of data deciphering according to an embodiment of the invention;And
Fig. 9 is the structure chart of the device of data deciphering according to an embodiment of the invention.
Specific embodiment
Specific embodiment of the invention is described in detail below in conjunction with accompanying drawing.It should be appreciated that Specific embodiment described herein is merely to illustrate and explain the present invention, and is not intended to limit the invention.
Fig. 1 is the flow chart of the method for data encryption according to an embodiment of the invention, and the method can be used for Various security terminals, such as ciphering terminal, encryption and decryption terminal etc..As shown in figure 1, the method may include Following steps.
In step s 110, the data that will upload to cloud disk are received from the terminal device of connection.For example, It is illustrative so that method in the present invention is used for encryption and decryption terminal as an example.Encryption and decryption terminal can lead to Cross technology and the terminal devices such as USB interface (EBI), WiFi (wireless local area) or bluetooth Connection.Terminal device can be PC (PC), panel computer, intelligent terminal etc..In terminal device Driving in filter is set, after filter is by the data interception with characteristic value, send the data to Encryption and decryption terminal.When terminal device will upload the data to cloud disk, the data that will be uploaded to cloud disk set It is set to this feature value.In this way, encryption and decryption terminal can be obtained from terminal device will upload to cloud disk Data.
In the step s 120, the data for receiving are encrypted using key, the ciphertext of generation is carried out Segmentation, obscures segment data using including mixing the data mapping tables of position after front position is mixed with correspondence, Ciphertext is obscured in generation.In step s 130, the terminal device that ciphertext returns to connection will be obscured, makes end End equipment will obscure ciphertext and be sent to cloud disk and be stored.
In one embodiment, the above method may also include:Generation random factor, obtains according to random factor The data mapping tables;Random factor is encrypted using key, generates the random factor of encryption;Institute State and will obscure the terminal device that ciphertext returns to connection, terminal device will be obscured ciphertext and is sent to cloud disk and enter Row storage includes:The terminal device that ciphertext returns to connection with the random factor of encryption will be obscured, make terminal The random factor for obscuring ciphertext and the encryption is sent to cloud disk and is stored by equipment.Implement herein In example, data mapping tables are obtained according to random factor, the method that data mapping tables are obtained in the present invention is not limited With this, it would however also be possible to employ other method obtains data mapping tables.
For example, encryption and decryption terminal can have safety chip, communication interface (such as USB interface), Code keypad and LED (light emitting diode) screen.Encryption and decryption terminal can on startup, by LED The default password of screen prompt user input.User can input password by code keypad.Safety chip is sentenced Whether the password of disconnected input is matched with preset password, and cryptographic operation in the present invention is carried out upon a match.Communication After interface receives data from terminal device, safety chip is transferred data to, safety chip receives number According to, using key to receive data be encrypted.The key can be opened for the first time in encryption and decryption terminal Qi Shi, the key of random generation, or the key for pre-setting.
Safety chip is segmented to encryption gained ciphertext, and the size of each segment data is i K bit (examples During such as i=1, each segment data is 1K bits), data are divided into n sections, are expressed as e1, e2 ... ..., en. Safety chip generates random factor R, and mixed front position A (n) and mixed rear position are included according to random factor R acquisitions Put the data mapping tables of A ' (n).Can pre-set including mixed front position A (max) and mixed rear position A ' (max) set of mapping table, each mapping table can be generated by the shuffling method of playing card in set, The quantity that front position and mixed rear position are mixed in mapping table can be preset maximum value.Random factor is according to default Rule is rounded, and such as round off determines selected mapping table.For example, mapping table in set Quantity be 100, the span of random factor is 0 to 100, if the value of random factor is 16.8, Then the 17th mapping table is selected mapping table.The generating mode of above-mentioned mapping table is merely illustrative citing, Mapping table generating mode not limited to this in the present invention.For segment data e1, e2 ... ..., en, difference root Corresponding mixed rear position is searched in data mapping tables according to mixed front position, rear position is mixed by each point by corresponding Segment data is arranged, and ciphertext is obscured in acquisition.When the number of fragments n of the data for uploading is less than preset maximum value During max, n mapping relations are obscured segment data before taking mapping table.For example, segment data Quantity n is 10, and preset maximum value max is 100, takes 10 completion mappings before mapping table.Segments According to mixed rear position number may be discontinuous, in the case by position number order from small to large after mixed Segment data is arranged, ciphertext is obscured in acquisition.When the quantity n of the segment data for uploading is more than default maximum During value max, multiple random factors are produced, obtain multiple mapping tables, segment data is divided into some, Each several part is obscured using correspondence mappings table.
In segment data final stage may less than i K bits, can be to divided n bars segment data before N-1 bar segment datas are obscured, and the last item segment data is not participated in and obscured.For example, according to random The factor obtains the data mapping tables of mixed front position A (n-1) and mixed rear position A ' (n-1).For segment data E1, e2 ... ..., en-1 search corresponding mixed rear position according to mixed front position in data mapping tables respectively, press The corresponding mixed rear position of each segment data arranges segment data, will be by mixed rear position arrangement gained ciphertext With the last item segment data en combinations, obtain and obscure ciphertext.
In the present embodiment, data that can be to that will upload to cloud disk at user's used terminal are encrypted, Allow users to be encrypted independently of cloud disk, increased the security of user data;After encryption Ciphertext is obscured, and further reduces the possibility that data are cracked;And ciphering process is relative to user It is transparent, user's operation will not be increased, improve Consumer's Experience.
Fig. 2 is the flow chart of the method for key updating according to an embodiment of the invention, as shown in Fig. 2 May include following steps.
It is Xinmi City by key updating when the presence duration of key exceedes the term of validity in step S210 Key;In step S220, regained by the terminal device for connecting and uploaded to the original of cloud disk Data;In step S230, the initial data for having uploaded to cloud disk is encrypted using new key, Ciphertext after encryption is obscured using data mapping tables, is generated and new is obscured ciphertext;In step S240 In, new ciphertext of obscuring is uploaded to by cloud disk by terminal device.
In one embodiment, the terminal device by connecting regains the original for having uploaded to cloud disk Beginning data include:Ciphertext is obscured from what cloud disk obtained upload by the terminal device for connecting;During using encryption Key used will obscure ciphertext and be reduced to initial data with data mapping tables used when obscuring.Obtained in the present invention The method for obtaining initial data is not so limited, it would however also be possible to employ other method obtains initial data, such as from end The initial data of upload is searched in end equipment, the original for uploading to cloud disk of the local middle storage of terminal device is obtained Beginning data.
For example, the term of validity of key is set, timer is set by the term of validity, when the timer expires, It is new key by key updating.Safety chip is sent to terminal device by communication interface and obtains request of data, Terminal device obtains the data for having uploaded from cloud disk, and is transmitted to the communication interface of encryption and decryption terminal. Communication interface transfers data to safety chip.Safety chip is obtained after by data obscure and decrypt Initial data, is then encrypted, then ciphertext is obscured using new key to the initial data Obscure ciphertext.New ciphertext of obscuring is sent to by terminal device by communication interface, will be new by terminal device Ciphertext of obscuring be uploaded to cloud disk, obscure original in cloud disk ciphertext and covered.
In the present embodiment, key can be updated, further increase the safety of user data in cloud disk Property.
Fig. 3 is the flow chart of the method for data deciphering according to an embodiment of the invention.As shown in figure 3, The method may also include the steps of.
In step S310, received from cloud disk download including obscuring ciphertext from the terminal device of connection Data.For example, it is illustrative so that method in the present invention is used for encryption and decryption terminal as an example. Encryption and decryption terminal can be by USB interface (EBI), WiFi (wireless local area) or bluetooth It is connected with terminal device etc. technology.Terminal device can be for PC (PC), panel computer, intelligence eventually End etc..Filter is set in the driving of terminal device, after filter is by the data interception with characteristic value, Send the data to encryption and decryption terminal.When terminal device is from cloud disk downloading data, make the data of download With characteristic value.In this way, encryption and decryption terminal can obtain the data downloaded from cloud disk from terminal device.
Data including mixing front position and correspondence position after mixed used when in step s 320, according to encryption Mapping table will obscure ciphertext and be reduced into original cipher text, and be decrypted into for original cipher text by key used during using encryption Initial data.In step S330, the initial data that will be decrypted returns to terminal device.
In one embodiment, the data downloaded from cloud disk of the reception include the random factor of encryption;Institute State and obscured described including mixing the data mapping tables of front position and the mixed rear position of correspondence according to used when encrypting Ciphertext is reduced into original cipher text to be included:Key used is random to what is encrypted in the data of reception during using encryption The factor is decrypted;Data mapping tables are obtained according to random factor;To obscure ciphertext using data mapping tables It is reduced into original cipher text.
Methods described also includes:Before decryption, password of the input for verifying is pointed out;Receive input After password, verified using the password, decryption is proceeded by after being verified.
For example, encryption and decryption terminal can have safety chip, communication interface (such as USB interface), Code keypad and LED (light emitting diode) screen.The communication interface of encryption and decryption terminal receives terminal and sets The standby data downloaded from cloud disk, data include obscuring the random factor of ciphertext and encryption.Encryption and decryption terminal Before decryption the default password of user input can be pointed out by LED screen.User can be by password Input through keyboard password.Safety chip judges whether the password of input matches with preset password, enters upon a match Row decryption oprerations.Communication interface transfers data to safety chip, and safety chip is encrypted using secret key decryption Random factor, obtain random factor R.Safety chip according to the size of each segment data (for example, Be i K bits) and data in obscure the size of ciphertext and determine to obscure the number of fragments of ciphertext.
In the case of all obscuring the n bar segment datas for being separated when obscuring, safety chip according to Random factor R obtains the data mapping tables of position A ' (n) after including mixed front position A (n) and mixing.Obtain former In beginning ciphertext the corresponding mixed front position of each segment data and it is mixed after position, by position number after mixed from it is small to Big order sequence, obtains obscuring the corresponding mixed front position of each segment data in ciphertext, accordingly generates anti- To mapping table.For example, the quantity of segment data is 5 in original cipher text, data mapping tables include 10 Mapping to mixing front position and mixed rear position.Segment data 1~5 corresponds to mixed rear position respectively in original cipher text 2、6、1、8、4.Sorted by position number order from small to large after mixed, obtained obscuring in ciphertext point The corresponding mixed front position of segment data 1~5 is respectively 3,1,5,2,4, and thus generation includes obscuring ciphertext The back mapping table of the middle mixed front position of segment data correspondence.Afterwards, safety chip is according to each segment data Size and data in obscure the size of ciphertext and can determine that the size of the last item segment data.By reverse Mapping table will obscure ciphertext segmentation, and segment data is placed into the mixed front position of correspondence.If the mixed anteposition of correspondence The last item segment data is set to, is then segmented by the size of the last item segment data for determining, will The last item segment data for separating is placed into rearmost position.Obtained by above method safety chip and go to mix Ciphertext after confusing, is then decrypted acquisition initial data to ciphertext using key.
Situation about being obscured preceding n-1 bars segment data in the n bar segment datas that are separated when obscuring Under, safety chip is obtained according to random factor R includes mixed front position A (n-1) and mixed rear position A ' (n-1) Data mapping tables.Afterwards, safety chip will obscure ciphertext segmentation according to the size of each segment data. The preceding n-1 sections of segment data that will obscure ciphertext segmentation by mapping table obscure, and goes to obscure the data obtained The ciphertext obscured is combined into the last item segment data, ciphertext is decrypted using key then and is obtained Obtain initial data.
In the present embodiment, data that can be to being downloaded from cloud disk at user's used terminal are decrypted, solution Close process is transparent relative to user, reduces user's operating burden, improves Consumer's Experience.Fig. 4 is root According to the schematic diagram of the application scenarios of one embodiment of the invention, encryption and decryption terminal can have safety chip, communication Interface (such as USB interface), code keypad and LED (light emitting diode) screen.Encryption and decryption terminal The default password of user input can be pointed out by LED screen on startup.User can be by password Input through keyboard password.Safety chip judges whether the password of input matches with preset password, enters upon a match The following encrypt and decrypt operation of row.Wherein, communication interface is USB interface, the usb communication with PC Interface is connected, and the network interface card of PC is connected by wired or wireless network with cloud disk.Using characteristic value so that PC Driving in filter will upload to cloud disk data and from cloud disk download data interception, by communication The data is activation for intercepting is given encryption and decryption terminal by interface.Encryption and decryption terminal carries out following encryption and decryption operation.
In step S502, the communication interface of encryption and decryption terminal is received from the communication interface of the PC of connection The data of cloud disk will be uploaded to, safety chip will be transferred data to.In step S504, safe core Piece is encrypted using key to the data for receiving, and the ciphertext of generation is segmented.In step S506 In, safety chip generation random factor is obtained including the mixed rear position in mixed front position and correspondence according to random factor The data mapping tables put.In step S508, safety chip is entered using data mapping tables to segment data Row is obscured, and ciphertext is obscured in generation.In step S510, safety chip is entered using key to random factor Row encryption, the random factor of encryption is added to generation after obscuring ciphertext and uploads data.In step S512 In, safety chip will upload data and be transferred to communication interface, and communication interface returns to connection by data are uploaded Terminal device, terminal device is transmitted data to cloud disk and stored.In step S514, lead to Letter interface receives the data downloaded from cloud disk from the communication interface of the PC of connection, transfers data to safety Chip.In step S516, safety chip parsed from downloading data obscure ciphertext and encryption with The machine factor, is decrypted using the random factor of key pair encryption.In step S518, safety chip according to Random factor obtains data mapping tables.In step S520, safety chip will be mixed using data mapping tables Ciphertext of confusing is reduced into original cipher text.In step S522, safety chip uses key by original cipher text solution It is close into initial data.In step S524, the original number that safety chip will be decrypted by communication interface According to returning to terminal device.
In the present embodiment, data that can be to that will upload to cloud disk at user's used terminal are encrypted, Allow users to be encrypted independently of cloud disk, increased the security of user data;After encryption Ciphertext is obscured, and further reduces the possibility that data are cracked;And ciphering process is relative to user It is transparent, user's operation will not be increased, improve Consumer's Experience;Can be at user's used terminal to from cloud The data that disk is downloaded are decrypted, and decrypting process is transparent relative to user, reduces user's operating burden, Improve Consumer's Experience.
Fig. 6 is the structure chart of the device of data encryption according to an embodiment of the invention.For example, should Device can be used in the safety chip of security terminal, as shown in fig. 6, the device includes such as lower module.
Communication module 610, for receiving the data that will upload to cloud disk from the terminal device of connection;
Encrypting module 620, for being encrypted to the data for receiving using key, the ciphertext of generation is entered Row is segmented, and segment data is mixed using including mixing the data mapping tables of front position and correspondence mixed rear position Confuse, ciphertext is obscured in generation;
The communication module 610 is additionally operable to that the terminal device that ciphertext returns to connection will be obscured, and sets terminal It is standby by it is described obscure ciphertext and be sent to cloud disk stored.
For example, data biography is carried out between the communication module in the communication interface and safety chip of security terminal It is defeated.Communication interface receives data, transfers data to the communication module of device, is carried out by encrypting module Encrypt and obscure, communication module will obscure ciphertext and be transferred to communication interface, and communication interface will obscure ciphertext hair Give terminal device.
In one embodiment, encrypting module 620 is used to generate random factor, is obtained according to the random factor Obtain the data mapping tables;Random factor is encrypted using key, generates the random factor of encryption; Communication module 610 is used to that the terminal device that ciphertext returns to connection with the random factor of encryption will to be obscured, and makes The random factor for obscuring ciphertext and the encryption is sent to cloud disk and is stored by terminal device.
In one embodiment, as shown in fig. 7, described device also includes update module 710.Update module 710 are used for when the presence duration of the key exceedes the term of validity, are new key by the key updating, The initial data for having uploaded to cloud disk is regained by the terminal device for connecting using communication module 610; Indicate encrypting module 620 to be encrypted to the initial data for having uploaded to cloud disk using new key, use Data mapping tables are obscured ciphertext after encryption, generate and new obscure ciphertext;Indicate communication module 610 New ciphertext of obscuring is uploaded to by cloud disk by terminal device.
Further, update module 710 be used for indicate communication module 610 pass through connect terminal device from What cloud disk acquisition was uploaded obscures ciphertext;Key used will with data mapping tables used when obscuring during using encryption Obscure ciphertext and be reduced to initial data.
It is the structure chart of the device of data deciphering according to an embodiment of the invention shown in Fig. 8.Device bag Include:Communication module 810 is used to be received from cloud disk download including obscuring ciphertext from the terminal device of connection Data;Deciphering module 820 is used for the number including mixing front position and correspondence position after mixed used during according to encryption Obscure described ciphertext and be reduced into original cipher text according to mapping table, key used will be described original during using encryption Ciphertext is decrypted into initial data;The initial data that communication module 810 is additionally operable to decrypt returns to terminal Equipment.
Further, the data downloaded from cloud disk of the reception include the random factor of encryption;Decryption mould The random factor that block 820 is used to be encrypted in the data using the key to reception is decrypted;According to institute State random factor and obtain the data mapping tables;Using data mapping tables will obscure ciphertext be reduced into it is original close Text.
In one embodiment, as shown in figure 9, described device also includes authentication module 910, in solution Before close, password of the input for verifying is pointed out;After receiving the password of input, carried out using the password Checking, indicates the deciphering module to proceed by decryption after being verified.
Said apparatus are corresponding with preceding method, and corresponding part in method is referred to for the detailed description of device, Will not be repeated here.
In the present invention, data that can be to that will upload to cloud disk at user's used terminal are encrypted, Allow users to be encrypted independently of cloud disk, increased the security of user data;After encryption Ciphertext is obscured, and further reduces the possibility that data are cracked;And ciphering process is relative to user It is transparent, user's operation will not be increased, improve Consumer's Experience;Can be at user's used terminal to from cloud The data that disk is downloaded are decrypted, and decrypting process is transparent relative to user, reduces user's operating burden, Improve Consumer's Experience.On the other hand, present invention also offers the decryption technology scheme corresponding with encryption, Data in cloud disk can be decrypted, facilitate user to obtain data in cloud disk.
The preferred embodiment of the present invention is described in detail above in association with accompanying drawing, but, the present invention is not limited Detail in above-mentioned implementation method, in range of the technology design of the invention, can be to the present invention Technical scheme carry out various simple variants, these simple variants belong to protection scope of the present invention.
It is further to note that each particular technique feature described in above-mentioned specific embodiment, In the case of reconcilable, can be combined by any suitable means, in order to avoid unnecessary Repeat, the present invention is no longer separately illustrated to various possible combinations.
Additionally, can also be combined between a variety of implementation methods of the invention, as long as its Without prejudice to thought of the invention, it should equally be considered as content disclosed in this invention.

Claims (12)

1. a kind of method of data encryption, the method includes:
The data that will upload to cloud disk are received from the terminal device of connection;
The data for receiving are encrypted using key, the ciphertext of generation is segmented, using including mixed The data mapping tables of position are obscured segment data after front position and correspondence are mixed, and ciphertext is obscured in generation;
The terminal device that ciphertext returns to connection will be obscured, terminal device is obscured described ciphertext and is sent to Cloud disk is stored.
2. method according to claim 1, it is characterised in that methods described also includes:
Generation random factor, the data mapping tables are obtained according to the random factor;
Random factor is encrypted using key, generates the random factor of encryption;
It is described to obscure the terminal device that ciphertext returns to connection, terminal device is obscured ciphertext hair by described Being sent to cloud disk and carrying out storage includes:
The terminal device that ciphertext returns to connection with the random factor of encryption will be obscured, make terminal device by institute State and obscure the random factor of ciphertext and the encryption and be sent to cloud disk and stored.
3. method according to claim 1 and 2, it is characterised in that methods described also includes:
It is new key by the key updating when the presence duration of the key exceedes the term of validity;
The initial data for having uploaded to cloud disk is regained by the terminal device for connecting;
The initial data for having uploaded to cloud disk is encrypted using new key, uses data mapping tables pair Ciphertext is obscured after encryption, generates and new obscures ciphertext;
New ciphertext of obscuring is uploaded to by cloud disk by terminal device.
4. a kind of method of data deciphering, the method includes:
The data including obscuring ciphertext downloaded from cloud disk are received from the terminal device of connection;
The data mapping tables including mixing position after front position is mixed with correspondence used will be described mixed during according to encryption Ciphertext of confusing is reduced into original cipher text, and the original cipher text is decrypted into original number by key used during using encryption According to;
The initial data that will be decrypted returns to terminal device.
5. method according to claim 4, it is characterised in that the reception is downloaded from cloud disk Data include encryption random factor;
It is described according to encryption when it is used including mix front position and correspondence it is mixed after position data mapping tables by institute Stating to obscure ciphertext and be reduced into original cipher text includes:
Key used is decrypted to the random factor encrypted in the data of reception during using encryption;
The data mapping tables are obtained according to the random factor;
To obscure ciphertext using the data mapping tables and be reduced into original cipher text.
6. the method according to claim 4 or 5, it is characterised in that methods described also includes:
Before decryption, password of the input for verifying is pointed out;
After receiving the password of input, verified using the password, solution is proceeded by after being verified It is close.
7. a kind of device of data encryption, the device includes:
Communication module, for receiving the data that will upload to cloud disk from the terminal device of connection;
Encrypting module, for being encrypted to the data for receiving using key, the ciphertext of generation is divided Section, obscures segment data using including mixing the data mapping tables of position after front position is mixed with correspondence, Ciphertext is obscured in generation;
The communication module is additionally operable to that the terminal device that ciphertext returns to connection will be obscured, and incites somebody to action terminal device It is described obscure ciphertext and be sent to cloud disk stored.
8. device according to claim 7, it is characterised in that the encrypting module is used to generate Random factor, the data mapping tables are obtained according to the random factor;Random factor is entered using key Row encryption, generates the random factor of encryption;
The terminal that the communication module returns to connection for will obscure the random factor of ciphertext and encryption sets It is standby, make terminal device that the random factor for obscuring ciphertext and the encryption is sent into cloud disk and stored.
9. the device according to claim 7 or 8, it is characterised in that described device is also included more New module,
The update module is used for when the presence duration of the key exceedes the term of validity, by the key more It is newly new key, is regained by the terminal device for connecting using the communication module and uploaded to cloud The initial data of disk;Indicate the encrypting module using new key to having uploaded to the initial data of cloud disk It is encrypted, ciphertext after encryption is obscured using data mapping tables, generates and new obscure ciphertext;Refer to Show that new ciphertext of obscuring is uploaded to cloud disk by the communication module by terminal device.
10. a kind of device of data deciphering, the device includes:
Communication module is used to be received from the terminal device of connection the number including obscuring ciphertext downloaded from cloud disk According to;
Deciphering module is used to be reflected including mixing the data of front position and the mixed rear position of correspondence according to used when encrypting Firing table obscures described ciphertext and is reduced into original cipher text, and key used is by the original cipher text during using encryption It is decrypted into initial data;
The initial data that the communication module is additionally operable to decrypt returns to terminal device.
11. devices according to claim 10, it is characterised in that the reception under cloud disk The data of load include the random factor of encryption;
The deciphering module be used for using encryption when key used to receive data in encrypt it is random because Son is decrypted;The data mapping tables are obtained according to the random factor;Using the data mapping tables Ciphertext will be obscured and be reduced into original cipher text.
12. device according to claim 10 or 11, it is characterised in that described device also includes:
Authentication module, for before decryption, pointing out password of the input for verifying;Receive the close of input After code, verified using the password, indicate the deciphering module to proceed by decryption after being verified.
CN201511008463.3A 2015-12-29 2015-12-29 Data encryption and the method and apparatus of decryption Pending CN106936763A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201511008463.3A CN106936763A (en) 2015-12-29 2015-12-29 Data encryption and the method and apparatus of decryption

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201511008463.3A CN106936763A (en) 2015-12-29 2015-12-29 Data encryption and the method and apparatus of decryption

Publications (1)

Publication Number Publication Date
CN106936763A true CN106936763A (en) 2017-07-07

Family

ID=59459119

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201511008463.3A Pending CN106936763A (en) 2015-12-29 2015-12-29 Data encryption and the method and apparatus of decryption

Country Status (1)

Country Link
CN (1) CN106936763A (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107295012A (en) * 2017-08-01 2017-10-24 贝氏科技有限公司 Encrypting and deciphering system and method
CN110999253A (en) * 2017-08-23 2020-04-10 高通股份有限公司 Optimized network layer message processing
CN112073369A (en) * 2020-07-29 2020-12-11 国网浙江桐乡市供电有限公司 Encrypted communication method based on application layer
CN112073370A (en) * 2020-07-29 2020-12-11 国网浙江桐乡市供电有限公司 Client encryption communication method
CN112073179A (en) * 2020-07-21 2020-12-11 杜晓楠 Method for changing node session key in blockchain system, computer readable medium and blockchain system
CN113469683A (en) * 2021-06-30 2021-10-01 建信金融科技有限责任公司 Key storage method and device, electronic equipment and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102624708A (en) * 2012-02-23 2012-08-01 浙江工商大学 Efficient data encryption, updating and access control method for cloud storage
CN103209202A (en) * 2012-01-16 2013-07-17 联想(北京)有限公司 Method and device for transmitting data
US8694467B2 (en) * 2010-03-31 2014-04-08 Xerox Corporation Random number based data integrity verification method and system for distributed cloud storage
CN104298926A (en) * 2013-07-19 2015-01-21 腾讯科技(深圳)有限公司 Method and device for running encrypted file

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8694467B2 (en) * 2010-03-31 2014-04-08 Xerox Corporation Random number based data integrity verification method and system for distributed cloud storage
CN103209202A (en) * 2012-01-16 2013-07-17 联想(北京)有限公司 Method and device for transmitting data
CN102624708A (en) * 2012-02-23 2012-08-01 浙江工商大学 Efficient data encryption, updating and access control method for cloud storage
CN104298926A (en) * 2013-07-19 2015-01-21 腾讯科技(深圳)有限公司 Method and device for running encrypted file

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
徐汇文 等: "基于序列块的大文件快速加密方法研究与实现", 《计算机应用与软件》 *

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107295012A (en) * 2017-08-01 2017-10-24 贝氏科技有限公司 Encrypting and deciphering system and method
CN110999253A (en) * 2017-08-23 2020-04-10 高通股份有限公司 Optimized network layer message processing
CN110999253B (en) * 2017-08-23 2021-03-05 高通股份有限公司 Mesh device, method thereof, computer-readable medium, and electronic apparatus
CN112073179A (en) * 2020-07-21 2020-12-11 杜晓楠 Method for changing node session key in blockchain system, computer readable medium and blockchain system
CN112073179B (en) * 2020-07-21 2024-05-17 杜晓楠 Method for replacing node session key in blockchain system, computer readable medium and blockchain system
CN112073369A (en) * 2020-07-29 2020-12-11 国网浙江桐乡市供电有限公司 Encrypted communication method based on application layer
CN112073370A (en) * 2020-07-29 2020-12-11 国网浙江桐乡市供电有限公司 Client encryption communication method
CN112073369B (en) * 2020-07-29 2022-06-17 国网浙江桐乡市供电有限公司 Encrypted communication method based on application layer
CN113469683A (en) * 2021-06-30 2021-10-01 建信金融科技有限责任公司 Key storage method and device, electronic equipment and storage medium
CN113469683B (en) * 2021-06-30 2022-09-27 建信金融科技有限责任公司 Key storage method and device, electronic equipment and storage medium

Similar Documents

Publication Publication Date Title
CN106936763A (en) Data encryption and the method and apparatus of decryption
US8712041B2 (en) Content protection apparatus and content encryption and decryption apparatus using white-box encryption table
CN103873454B (en) Authentication method and equipment
US9729540B2 (en) System and method for user authentication
CN109150835A (en) Method, apparatus, equipment and the computer readable storage medium of cloud data access
US20120233462A1 (en) Method and system for automatically logging in a client
CN106599723B (en) File encryption method and device and file decryption method and device
CN102420821A (en) Method and system for improving transmission security of file
CN102684877A (en) Method and device for carrying out user information processing
JP2018502524A (en) Encryption control for information, information analysis method, system and terminal
CN106972927A (en) A kind of encryption method and system for different safety class
JP2016528845A (en) ID authentication system, apparatus, method, and ID authentication request apparatus
CN111615105A (en) Information providing method, information obtaining method, information providing device, information obtaining device and terminal
CN101621794A (en) Method for realizing safe authentication of wireless application service system
US9641328B1 (en) Generation of public-private key pairs
CN106355106A (en) Account information storing method and system
CN104219044A (en) Key secret method for encrypting storing device
CN101859351A (en) System and method for ensuring safe read of data stored in storage
CN102404337A (en) Data encryption method and device
CN106897631A (en) Data processing method, apparatus and system
CN103236934A (en) Method for cloud storage security control
CN104579680A (en) Method for safe distribution of seed
CN105791258A (en) Data transmission method, terminal and open platform
CN108270561A (en) Data transmission method for uplink and device, the generation method of cipher key index and device
US9654455B2 (en) Communication system, communication device, key management apparatus, and communication method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20170707