CN106936763A - Data encryption and the method and apparatus of decryption - Google Patents
Data encryption and the method and apparatus of decryption Download PDFInfo
- Publication number
- CN106936763A CN106936763A CN201511008463.3A CN201511008463A CN106936763A CN 106936763 A CN106936763 A CN 106936763A CN 201511008463 A CN201511008463 A CN 201511008463A CN 106936763 A CN106936763 A CN 106936763A
- Authority
- CN
- China
- Prior art keywords
- data
- ciphertext
- encryption
- terminal device
- cloud disk
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The present invention relates to security technology area, the method and apparatus for disclosing data encryption and decryption, the method for data encryption includes:The data that will upload to cloud disk are received from the terminal device of connection;The data for receiving are encrypted using key, the ciphertext of generation is segmented, segment data is obscured using including mixing the data mapping tables of position after front position is mixed with correspondence, ciphertext is obscured in generation;The terminal device that ciphertext returns to connection will be obscured, make terminal device by it is described obscure ciphertext and be sent to cloud disk stored.The present invention can be to cloud disk will be uploaded at user's used terminal data be encrypted so that user can be encrypted independently of cloud disk, increased the security of user data.
Description
Technical field
The present invention relates to security technology area, in particular it relates to a kind of method of data encryption and decryption and
Device.
Background technology
With the development of network technology, Internet Service Provider can provide the service of cloud storage.User can be with
In storing data into cloud disk.For example, user the data Cun Chudao cloud disks such as photo, video can be carried out it is standby
Part.Because the data stored in cloud disk are generally the personal data of user, it is therefore desirable to provide a kind of technical side
Case can store the data in cloud disk and maintain secrecy to user, and the data for placing user's storage are compromised.
In the prior art, safe and secret treatment is carried out to the data stored in cloud disk by Internet Service Provider.
For example, being encrypted to the data stored in cloud disk by Internet Service Provider.The problem of this technical scheme
It is that the security of the data of storage depends on the Prevention-Security that Internet Service Provider is used in cloud disk
Measure.If the Prevention-Security measure that Internet Service Provider is used starts a leak by malicious attack,
The user data of cloud disk storage may be compromised.
The content of the invention
It is an object of the invention to provide a kind of data encryption and the method and apparatus of decryption, can solve the problem that above-mentioned
Technical problem, at least can partly solve above-mentioned technical problem.
To achieve these goals, the present invention provides a kind of method of data encryption, and the method includes:From
The terminal device of connection receives the data that will upload to cloud disk;The data for receiving are added using key
It is close, the ciphertext of generation is segmented, mapped using including mixing the data of front position and the mixed rear position of correspondence
Table is obscured segment data, and ciphertext is obscured in generation;The terminal device that ciphertext returns to connection will be obscured,
Make terminal device by it is described obscure ciphertext and be sent to cloud disk stored.
Preferably, methods described also includes:Generation random factor, according to the random factor is obtained
Data mapping tables;Random factor is encrypted using key, generates the random factor of encryption;It is described to incite somebody to action
Obscure the terminal device that ciphertext returns to connection, make terminal device obscure ciphertext and be sent to cloud disk by described
Row storage includes:The terminal device that ciphertext returns to connection with the random factor of encryption will be obscured, make terminal
The random factor for obscuring ciphertext and the encryption is sent to cloud disk and is stored by equipment.
Preferably, methods described also includes:When the presence duration of the key exceedes the term of validity, by institute
Key updating is stated for new key;Regained by the terminal device for connecting and uploaded to the original of cloud disk
Data;The initial data for having uploaded to cloud disk is encrypted using new key, uses data mapping tables
Ciphertext after encryption is obscured, is generated and new is obscured ciphertext;New is obscured by ciphertext by terminal device
Upload to cloud disk.
According to an aspect of the present invention, a kind of method of data deciphering is disclosed, the method includes:From even
The terminal device for connecing receives the data including obscuring ciphertext downloaded from cloud disk;According to encryption when it is used including
The data mapping tables of position obscure described ciphertext and are reduced into original cipher text after mixed front position and correspondence are mixed, make
The original cipher text is decrypted into initial data by key used during with encryption;The initial data that will be decrypted is returned
Back to terminal device.
Preferably, the data downloaded from cloud disk of the reception include the random factor of encryption;The basis
It is used during encryption to obscure ciphertext also by described including mixing the data mapping tables of front position and the mixed rear position of correspondence
Original includes into original cipher text:Key used enters to the random factor encrypted in the data of reception during using encryption
Row decryption;The data mapping tables are obtained according to the random factor;Will be mixed using the data mapping tables
Ciphertext of confusing is reduced into original cipher text.
Preferably, methods described also includes:Before decryption, password of the input for verifying is pointed out;
After receiving the password of input, verified using the password, solution is proceeded by after being verified
It is close.
According to an aspect of the present invention, a kind of device of data encryption is disclosed, the device includes:Communication
Module, for receiving the data that will upload to cloud disk from the terminal device of connection;Encrypting module, is used for
The data for receiving are encrypted using key, the ciphertext of generation is segmented, using including mixing anteposition
The data mapping tables for putting and corresponding to mixed rear position are obscured segment data, and ciphertext is obscured in generation;It is described
Communication module is additionally operable to that the terminal device that ciphertext returns to connection will be obscured, and terminal device is obscured described
Ciphertext is sent to cloud disk and is stored.
Preferably, the encrypting module is used to generate random factor, according to the random factor is obtained
Data mapping tables;Random factor is encrypted using key, generates the random factor of encryption;It is described logical
Letter module is used to that the terminal device that ciphertext returns to connection with the random factor of encryption will to be obscured, and sets terminal
It is standby the random factor for obscuring ciphertext and the encryption is sent to cloud disk to be stored.
Preferably, described device also includes update module, and the update module is used for depositing when the key
It is new key by the key updating, using the communication module by connecting when duration exceedes the term of validity
The terminal device for connecing regains the initial data for having uploaded to cloud disk;The encrypting module is indicated to use
New key is encrypted to the initial data for having uploaded to cloud disk, using data mapping tables to close after encryption
Text is obscured, and generates and new obscures ciphertext;Indicate the communication module to pass through terminal device to mix new
Ciphertext of confusing uploads to cloud disk.
According to an aspect of the present invention, a kind of device of data deciphering is disclosed, described device includes:It is logical
Letter module is used to be received from the terminal device of connection the data including obscuring ciphertext downloaded from cloud disk;Decryption
Module is for according to used including mixing front position and the corresponding data mapping tables for mixing rear position by institute when encrypting
State and obscure ciphertext and be reduced into original cipher text, the original cipher text is decrypted into original by key used during using encryption
Beginning data;The initial data that the communication module is additionally operable to decrypt returns to terminal device.
Preferably, the data downloaded from cloud disk of the reception include the random factor of encryption;The decryption
Module is used for key used during using encryption and the random factor encrypted in the data of reception is decrypted;Root
The data mapping tables are obtained according to the random factor;To obscure ciphertext using the data mapping tables to reduce
Into original cipher text.
Preferably, described device also includes authentication module, for before decryption, pointing out input for verifying
Password;After receiving the password of input, verified using the password, institute is indicated after being verified
State deciphering module and proceed by decryption.
By above-mentioned technical proposal, the data that will upload to cloud disk are received from the terminal device of connection, made
The data for receiving are encrypted with key, encryption gained ciphertext is obscured using data mapping tables,
The terminal device that ciphertext returns to connection will be obscured, ciphertext will be obscured and be uploaded to cloud disk.So, it is possible
The data that will upload to cloud disk are encrypted at user's used terminal so that user can be independently of
Cloud disk is encrypted, and increased the security of user data;Ciphertext after encryption is obscured, enters one
Step reduces the possibility that data are cracked;And ciphering process is transparent relative to user, user will not be increased
Operation, improves Consumer's Experience.On the other hand, present invention also offers the solution secret skill corresponding with encryption
Data in cloud disk can be decrypted by art scheme, facilitate user to obtain data in cloud disk.
Other features and advantages of the present invention will be described in detail in subsequent specific embodiment part.
Brief description of the drawings
Accompanying drawing is, for providing a further understanding of the present invention, and to constitute the part of specification, with
Following specific embodiment is used to explain the present invention together, but is not construed as limiting the invention.
In accompanying drawing:
Fig. 1 is the flow chart of the method for data encryption according to an embodiment of the invention;
Fig. 2 is the flow chart of the method for key updating according to an embodiment of the invention;
Fig. 3 is the flow chart of the method for data deciphering according to an embodiment of the invention;Fig. 4 is according to this
Invent the schematic diagram of the application scenarios of an embodiment;
Fig. 5 is the flow chart of the method for data encryption and decryption according to an embodiment of the invention;
Fig. 6 is the structure chart of the device of data encryption according to an embodiment of the invention;
Fig. 7 is the structure chart of the device of data encryption according to an embodiment of the invention;
Fig. 8 is the structure chart of the device of data deciphering according to an embodiment of the invention;And
Fig. 9 is the structure chart of the device of data deciphering according to an embodiment of the invention.
Specific embodiment
Specific embodiment of the invention is described in detail below in conjunction with accompanying drawing.It should be appreciated that
Specific embodiment described herein is merely to illustrate and explain the present invention, and is not intended to limit the invention.
Fig. 1 is the flow chart of the method for data encryption according to an embodiment of the invention, and the method can be used for
Various security terminals, such as ciphering terminal, encryption and decryption terminal etc..As shown in figure 1, the method may include
Following steps.
In step s 110, the data that will upload to cloud disk are received from the terminal device of connection.For example,
It is illustrative so that method in the present invention is used for encryption and decryption terminal as an example.Encryption and decryption terminal can lead to
Cross technology and the terminal devices such as USB interface (EBI), WiFi (wireless local area) or bluetooth
Connection.Terminal device can be PC (PC), panel computer, intelligent terminal etc..In terminal device
Driving in filter is set, after filter is by the data interception with characteristic value, send the data to
Encryption and decryption terminal.When terminal device will upload the data to cloud disk, the data that will be uploaded to cloud disk set
It is set to this feature value.In this way, encryption and decryption terminal can be obtained from terminal device will upload to cloud disk
Data.
In the step s 120, the data for receiving are encrypted using key, the ciphertext of generation is carried out
Segmentation, obscures segment data using including mixing the data mapping tables of position after front position is mixed with correspondence,
Ciphertext is obscured in generation.In step s 130, the terminal device that ciphertext returns to connection will be obscured, makes end
End equipment will obscure ciphertext and be sent to cloud disk and be stored.
In one embodiment, the above method may also include:Generation random factor, obtains according to random factor
The data mapping tables;Random factor is encrypted using key, generates the random factor of encryption;Institute
State and will obscure the terminal device that ciphertext returns to connection, terminal device will be obscured ciphertext and is sent to cloud disk and enter
Row storage includes:The terminal device that ciphertext returns to connection with the random factor of encryption will be obscured, make terminal
The random factor for obscuring ciphertext and the encryption is sent to cloud disk and is stored by equipment.Implement herein
In example, data mapping tables are obtained according to random factor, the method that data mapping tables are obtained in the present invention is not limited
With this, it would however also be possible to employ other method obtains data mapping tables.
For example, encryption and decryption terminal can have safety chip, communication interface (such as USB interface),
Code keypad and LED (light emitting diode) screen.Encryption and decryption terminal can on startup, by LED
The default password of screen prompt user input.User can input password by code keypad.Safety chip is sentenced
Whether the password of disconnected input is matched with preset password, and cryptographic operation in the present invention is carried out upon a match.Communication
After interface receives data from terminal device, safety chip is transferred data to, safety chip receives number
According to, using key to receive data be encrypted.The key can be opened for the first time in encryption and decryption terminal
Qi Shi, the key of random generation, or the key for pre-setting.
Safety chip is segmented to encryption gained ciphertext, and the size of each segment data is i K bit (examples
During such as i=1, each segment data is 1K bits), data are divided into n sections, are expressed as e1, e2 ... ..., en.
Safety chip generates random factor R, and mixed front position A (n) and mixed rear position are included according to random factor R acquisitions
Put the data mapping tables of A ' (n).Can pre-set including mixed front position A (max) and mixed rear position A '
(max) set of mapping table, each mapping table can be generated by the shuffling method of playing card in set,
The quantity that front position and mixed rear position are mixed in mapping table can be preset maximum value.Random factor is according to default
Rule is rounded, and such as round off determines selected mapping table.For example, mapping table in set
Quantity be 100, the span of random factor is 0 to 100, if the value of random factor is 16.8,
Then the 17th mapping table is selected mapping table.The generating mode of above-mentioned mapping table is merely illustrative citing,
Mapping table generating mode not limited to this in the present invention.For segment data e1, e2 ... ..., en, difference root
Corresponding mixed rear position is searched in data mapping tables according to mixed front position, rear position is mixed by each point by corresponding
Segment data is arranged, and ciphertext is obscured in acquisition.When the number of fragments n of the data for uploading is less than preset maximum value
During max, n mapping relations are obscured segment data before taking mapping table.For example, segment data
Quantity n is 10, and preset maximum value max is 100, takes 10 completion mappings before mapping table.Segments
According to mixed rear position number may be discontinuous, in the case by position number order from small to large after mixed
Segment data is arranged, ciphertext is obscured in acquisition.When the quantity n of the segment data for uploading is more than default maximum
During value max, multiple random factors are produced, obtain multiple mapping tables, segment data is divided into some,
Each several part is obscured using correspondence mappings table.
In segment data final stage may less than i K bits, can be to divided n bars segment data before
N-1 bar segment datas are obscured, and the last item segment data is not participated in and obscured.For example, according to random
The factor obtains the data mapping tables of mixed front position A (n-1) and mixed rear position A ' (n-1).For segment data
E1, e2 ... ..., en-1 search corresponding mixed rear position according to mixed front position in data mapping tables respectively, press
The corresponding mixed rear position of each segment data arranges segment data, will be by mixed rear position arrangement gained ciphertext
With the last item segment data en combinations, obtain and obscure ciphertext.
In the present embodiment, data that can be to that will upload to cloud disk at user's used terminal are encrypted,
Allow users to be encrypted independently of cloud disk, increased the security of user data;After encryption
Ciphertext is obscured, and further reduces the possibility that data are cracked;And ciphering process is relative to user
It is transparent, user's operation will not be increased, improve Consumer's Experience.
Fig. 2 is the flow chart of the method for key updating according to an embodiment of the invention, as shown in Fig. 2
May include following steps.
It is Xinmi City by key updating when the presence duration of key exceedes the term of validity in step S210
Key;In step S220, regained by the terminal device for connecting and uploaded to the original of cloud disk
Data;In step S230, the initial data for having uploaded to cloud disk is encrypted using new key,
Ciphertext after encryption is obscured using data mapping tables, is generated and new is obscured ciphertext;In step S240
In, new ciphertext of obscuring is uploaded to by cloud disk by terminal device.
In one embodiment, the terminal device by connecting regains the original for having uploaded to cloud disk
Beginning data include:Ciphertext is obscured from what cloud disk obtained upload by the terminal device for connecting;During using encryption
Key used will obscure ciphertext and be reduced to initial data with data mapping tables used when obscuring.Obtained in the present invention
The method for obtaining initial data is not so limited, it would however also be possible to employ other method obtains initial data, such as from end
The initial data of upload is searched in end equipment, the original for uploading to cloud disk of the local middle storage of terminal device is obtained
Beginning data.
For example, the term of validity of key is set, timer is set by the term of validity, when the timer expires,
It is new key by key updating.Safety chip is sent to terminal device by communication interface and obtains request of data,
Terminal device obtains the data for having uploaded from cloud disk, and is transmitted to the communication interface of encryption and decryption terminal.
Communication interface transfers data to safety chip.Safety chip is obtained after by data obscure and decrypt
Initial data, is then encrypted, then ciphertext is obscured using new key to the initial data
Obscure ciphertext.New ciphertext of obscuring is sent to by terminal device by communication interface, will be new by terminal device
Ciphertext of obscuring be uploaded to cloud disk, obscure original in cloud disk ciphertext and covered.
In the present embodiment, key can be updated, further increase the safety of user data in cloud disk
Property.
Fig. 3 is the flow chart of the method for data deciphering according to an embodiment of the invention.As shown in figure 3,
The method may also include the steps of.
In step S310, received from cloud disk download including obscuring ciphertext from the terminal device of connection
Data.For example, it is illustrative so that method in the present invention is used for encryption and decryption terminal as an example.
Encryption and decryption terminal can be by USB interface (EBI), WiFi (wireless local area) or bluetooth
It is connected with terminal device etc. technology.Terminal device can be for PC (PC), panel computer, intelligence eventually
End etc..Filter is set in the driving of terminal device, after filter is by the data interception with characteristic value,
Send the data to encryption and decryption terminal.When terminal device is from cloud disk downloading data, make the data of download
With characteristic value.In this way, encryption and decryption terminal can obtain the data downloaded from cloud disk from terminal device.
Data including mixing front position and correspondence position after mixed used when in step s 320, according to encryption
Mapping table will obscure ciphertext and be reduced into original cipher text, and be decrypted into for original cipher text by key used during using encryption
Initial data.In step S330, the initial data that will be decrypted returns to terminal device.
In one embodiment, the data downloaded from cloud disk of the reception include the random factor of encryption;Institute
State and obscured described including mixing the data mapping tables of front position and the mixed rear position of correspondence according to used when encrypting
Ciphertext is reduced into original cipher text to be included:Key used is random to what is encrypted in the data of reception during using encryption
The factor is decrypted;Data mapping tables are obtained according to random factor;To obscure ciphertext using data mapping tables
It is reduced into original cipher text.
Methods described also includes:Before decryption, password of the input for verifying is pointed out;Receive input
After password, verified using the password, decryption is proceeded by after being verified.
For example, encryption and decryption terminal can have safety chip, communication interface (such as USB interface),
Code keypad and LED (light emitting diode) screen.The communication interface of encryption and decryption terminal receives terminal and sets
The standby data downloaded from cloud disk, data include obscuring the random factor of ciphertext and encryption.Encryption and decryption terminal
Before decryption the default password of user input can be pointed out by LED screen.User can be by password
Input through keyboard password.Safety chip judges whether the password of input matches with preset password, enters upon a match
Row decryption oprerations.Communication interface transfers data to safety chip, and safety chip is encrypted using secret key decryption
Random factor, obtain random factor R.Safety chip according to the size of each segment data (for example,
Be i K bits) and data in obscure the size of ciphertext and determine to obscure the number of fragments of ciphertext.
In the case of all obscuring the n bar segment datas for being separated when obscuring, safety chip according to
Random factor R obtains the data mapping tables of position A ' (n) after including mixed front position A (n) and mixing.Obtain former
In beginning ciphertext the corresponding mixed front position of each segment data and it is mixed after position, by position number after mixed from it is small to
Big order sequence, obtains obscuring the corresponding mixed front position of each segment data in ciphertext, accordingly generates anti-
To mapping table.For example, the quantity of segment data is 5 in original cipher text, data mapping tables include 10
Mapping to mixing front position and mixed rear position.Segment data 1~5 corresponds to mixed rear position respectively in original cipher text
2、6、1、8、4.Sorted by position number order from small to large after mixed, obtained obscuring in ciphertext point
The corresponding mixed front position of segment data 1~5 is respectively 3,1,5,2,4, and thus generation includes obscuring ciphertext
The back mapping table of the middle mixed front position of segment data correspondence.Afterwards, safety chip is according to each segment data
Size and data in obscure the size of ciphertext and can determine that the size of the last item segment data.By reverse
Mapping table will obscure ciphertext segmentation, and segment data is placed into the mixed front position of correspondence.If the mixed anteposition of correspondence
The last item segment data is set to, is then segmented by the size of the last item segment data for determining, will
The last item segment data for separating is placed into rearmost position.Obtained by above method safety chip and go to mix
Ciphertext after confusing, is then decrypted acquisition initial data to ciphertext using key.
Situation about being obscured preceding n-1 bars segment data in the n bar segment datas that are separated when obscuring
Under, safety chip is obtained according to random factor R includes mixed front position A (n-1) and mixed rear position A ' (n-1)
Data mapping tables.Afterwards, safety chip will obscure ciphertext segmentation according to the size of each segment data.
The preceding n-1 sections of segment data that will obscure ciphertext segmentation by mapping table obscure, and goes to obscure the data obtained
The ciphertext obscured is combined into the last item segment data, ciphertext is decrypted using key then and is obtained
Obtain initial data.
In the present embodiment, data that can be to being downloaded from cloud disk at user's used terminal are decrypted, solution
Close process is transparent relative to user, reduces user's operating burden, improves Consumer's Experience.Fig. 4 is root
According to the schematic diagram of the application scenarios of one embodiment of the invention, encryption and decryption terminal can have safety chip, communication
Interface (such as USB interface), code keypad and LED (light emitting diode) screen.Encryption and decryption terminal
The default password of user input can be pointed out by LED screen on startup.User can be by password
Input through keyboard password.Safety chip judges whether the password of input matches with preset password, enters upon a match
The following encrypt and decrypt operation of row.Wherein, communication interface is USB interface, the usb communication with PC
Interface is connected, and the network interface card of PC is connected by wired or wireless network with cloud disk.Using characteristic value so that PC
Driving in filter will upload to cloud disk data and from cloud disk download data interception, by communication
The data is activation for intercepting is given encryption and decryption terminal by interface.Encryption and decryption terminal carries out following encryption and decryption operation.
In step S502, the communication interface of encryption and decryption terminal is received from the communication interface of the PC of connection
The data of cloud disk will be uploaded to, safety chip will be transferred data to.In step S504, safe core
Piece is encrypted using key to the data for receiving, and the ciphertext of generation is segmented.In step S506
In, safety chip generation random factor is obtained including the mixed rear position in mixed front position and correspondence according to random factor
The data mapping tables put.In step S508, safety chip is entered using data mapping tables to segment data
Row is obscured, and ciphertext is obscured in generation.In step S510, safety chip is entered using key to random factor
Row encryption, the random factor of encryption is added to generation after obscuring ciphertext and uploads data.In step S512
In, safety chip will upload data and be transferred to communication interface, and communication interface returns to connection by data are uploaded
Terminal device, terminal device is transmitted data to cloud disk and stored.In step S514, lead to
Letter interface receives the data downloaded from cloud disk from the communication interface of the PC of connection, transfers data to safety
Chip.In step S516, safety chip parsed from downloading data obscure ciphertext and encryption with
The machine factor, is decrypted using the random factor of key pair encryption.In step S518, safety chip according to
Random factor obtains data mapping tables.In step S520, safety chip will be mixed using data mapping tables
Ciphertext of confusing is reduced into original cipher text.In step S522, safety chip uses key by original cipher text solution
It is close into initial data.In step S524, the original number that safety chip will be decrypted by communication interface
According to returning to terminal device.
In the present embodiment, data that can be to that will upload to cloud disk at user's used terminal are encrypted,
Allow users to be encrypted independently of cloud disk, increased the security of user data;After encryption
Ciphertext is obscured, and further reduces the possibility that data are cracked;And ciphering process is relative to user
It is transparent, user's operation will not be increased, improve Consumer's Experience;Can be at user's used terminal to from cloud
The data that disk is downloaded are decrypted, and decrypting process is transparent relative to user, reduces user's operating burden,
Improve Consumer's Experience.
Fig. 6 is the structure chart of the device of data encryption according to an embodiment of the invention.For example, should
Device can be used in the safety chip of security terminal, as shown in fig. 6, the device includes such as lower module.
Communication module 610, for receiving the data that will upload to cloud disk from the terminal device of connection;
Encrypting module 620, for being encrypted to the data for receiving using key, the ciphertext of generation is entered
Row is segmented, and segment data is mixed using including mixing the data mapping tables of front position and correspondence mixed rear position
Confuse, ciphertext is obscured in generation;
The communication module 610 is additionally operable to that the terminal device that ciphertext returns to connection will be obscured, and sets terminal
It is standby by it is described obscure ciphertext and be sent to cloud disk stored.
For example, data biography is carried out between the communication module in the communication interface and safety chip of security terminal
It is defeated.Communication interface receives data, transfers data to the communication module of device, is carried out by encrypting module
Encrypt and obscure, communication module will obscure ciphertext and be transferred to communication interface, and communication interface will obscure ciphertext hair
Give terminal device.
In one embodiment, encrypting module 620 is used to generate random factor, is obtained according to the random factor
Obtain the data mapping tables;Random factor is encrypted using key, generates the random factor of encryption;
Communication module 610 is used to that the terminal device that ciphertext returns to connection with the random factor of encryption will to be obscured, and makes
The random factor for obscuring ciphertext and the encryption is sent to cloud disk and is stored by terminal device.
In one embodiment, as shown in fig. 7, described device also includes update module 710.Update module
710 are used for when the presence duration of the key exceedes the term of validity, are new key by the key updating,
The initial data for having uploaded to cloud disk is regained by the terminal device for connecting using communication module 610;
Indicate encrypting module 620 to be encrypted to the initial data for having uploaded to cloud disk using new key, use
Data mapping tables are obscured ciphertext after encryption, generate and new obscure ciphertext;Indicate communication module 610
New ciphertext of obscuring is uploaded to by cloud disk by terminal device.
Further, update module 710 be used for indicate communication module 610 pass through connect terminal device from
What cloud disk acquisition was uploaded obscures ciphertext;Key used will with data mapping tables used when obscuring during using encryption
Obscure ciphertext and be reduced to initial data.
It is the structure chart of the device of data deciphering according to an embodiment of the invention shown in Fig. 8.Device bag
Include:Communication module 810 is used to be received from cloud disk download including obscuring ciphertext from the terminal device of connection
Data;Deciphering module 820 is used for the number including mixing front position and correspondence position after mixed used during according to encryption
Obscure described ciphertext and be reduced into original cipher text according to mapping table, key used will be described original during using encryption
Ciphertext is decrypted into initial data;The initial data that communication module 810 is additionally operable to decrypt returns to terminal
Equipment.
Further, the data downloaded from cloud disk of the reception include the random factor of encryption;Decryption mould
The random factor that block 820 is used to be encrypted in the data using the key to reception is decrypted;According to institute
State random factor and obtain the data mapping tables;Using data mapping tables will obscure ciphertext be reduced into it is original close
Text.
In one embodiment, as shown in figure 9, described device also includes authentication module 910, in solution
Before close, password of the input for verifying is pointed out;After receiving the password of input, carried out using the password
Checking, indicates the deciphering module to proceed by decryption after being verified.
Said apparatus are corresponding with preceding method, and corresponding part in method is referred to for the detailed description of device,
Will not be repeated here.
In the present invention, data that can be to that will upload to cloud disk at user's used terminal are encrypted,
Allow users to be encrypted independently of cloud disk, increased the security of user data;After encryption
Ciphertext is obscured, and further reduces the possibility that data are cracked;And ciphering process is relative to user
It is transparent, user's operation will not be increased, improve Consumer's Experience;Can be at user's used terminal to from cloud
The data that disk is downloaded are decrypted, and decrypting process is transparent relative to user, reduces user's operating burden,
Improve Consumer's Experience.On the other hand, present invention also offers the decryption technology scheme corresponding with encryption,
Data in cloud disk can be decrypted, facilitate user to obtain data in cloud disk.
The preferred embodiment of the present invention is described in detail above in association with accompanying drawing, but, the present invention is not limited
Detail in above-mentioned implementation method, in range of the technology design of the invention, can be to the present invention
Technical scheme carry out various simple variants, these simple variants belong to protection scope of the present invention.
It is further to note that each particular technique feature described in above-mentioned specific embodiment,
In the case of reconcilable, can be combined by any suitable means, in order to avoid unnecessary
Repeat, the present invention is no longer separately illustrated to various possible combinations.
Additionally, can also be combined between a variety of implementation methods of the invention, as long as its
Without prejudice to thought of the invention, it should equally be considered as content disclosed in this invention.
Claims (12)
1. a kind of method of data encryption, the method includes:
The data that will upload to cloud disk are received from the terminal device of connection;
The data for receiving are encrypted using key, the ciphertext of generation is segmented, using including mixed
The data mapping tables of position are obscured segment data after front position and correspondence are mixed, and ciphertext is obscured in generation;
The terminal device that ciphertext returns to connection will be obscured, terminal device is obscured described ciphertext and is sent to
Cloud disk is stored.
2. method according to claim 1, it is characterised in that methods described also includes:
Generation random factor, the data mapping tables are obtained according to the random factor;
Random factor is encrypted using key, generates the random factor of encryption;
It is described to obscure the terminal device that ciphertext returns to connection, terminal device is obscured ciphertext hair by described
Being sent to cloud disk and carrying out storage includes:
The terminal device that ciphertext returns to connection with the random factor of encryption will be obscured, make terminal device by institute
State and obscure the random factor of ciphertext and the encryption and be sent to cloud disk and stored.
3. method according to claim 1 and 2, it is characterised in that methods described also includes:
It is new key by the key updating when the presence duration of the key exceedes the term of validity;
The initial data for having uploaded to cloud disk is regained by the terminal device for connecting;
The initial data for having uploaded to cloud disk is encrypted using new key, uses data mapping tables pair
Ciphertext is obscured after encryption, generates and new obscures ciphertext;
New ciphertext of obscuring is uploaded to by cloud disk by terminal device.
4. a kind of method of data deciphering, the method includes:
The data including obscuring ciphertext downloaded from cloud disk are received from the terminal device of connection;
The data mapping tables including mixing position after front position is mixed with correspondence used will be described mixed during according to encryption
Ciphertext of confusing is reduced into original cipher text, and the original cipher text is decrypted into original number by key used during using encryption
According to;
The initial data that will be decrypted returns to terminal device.
5. method according to claim 4, it is characterised in that the reception is downloaded from cloud disk
Data include encryption random factor;
It is described according to encryption when it is used including mix front position and correspondence it is mixed after position data mapping tables by institute
Stating to obscure ciphertext and be reduced into original cipher text includes:
Key used is decrypted to the random factor encrypted in the data of reception during using encryption;
The data mapping tables are obtained according to the random factor;
To obscure ciphertext using the data mapping tables and be reduced into original cipher text.
6. the method according to claim 4 or 5, it is characterised in that methods described also includes:
Before decryption, password of the input for verifying is pointed out;
After receiving the password of input, verified using the password, solution is proceeded by after being verified
It is close.
7. a kind of device of data encryption, the device includes:
Communication module, for receiving the data that will upload to cloud disk from the terminal device of connection;
Encrypting module, for being encrypted to the data for receiving using key, the ciphertext of generation is divided
Section, obscures segment data using including mixing the data mapping tables of position after front position is mixed with correspondence,
Ciphertext is obscured in generation;
The communication module is additionally operable to that the terminal device that ciphertext returns to connection will be obscured, and incites somebody to action terminal device
It is described obscure ciphertext and be sent to cloud disk stored.
8. device according to claim 7, it is characterised in that the encrypting module is used to generate
Random factor, the data mapping tables are obtained according to the random factor;Random factor is entered using key
Row encryption, generates the random factor of encryption;
The terminal that the communication module returns to connection for will obscure the random factor of ciphertext and encryption sets
It is standby, make terminal device that the random factor for obscuring ciphertext and the encryption is sent into cloud disk and stored.
9. the device according to claim 7 or 8, it is characterised in that described device is also included more
New module,
The update module is used for when the presence duration of the key exceedes the term of validity, by the key more
It is newly new key, is regained by the terminal device for connecting using the communication module and uploaded to cloud
The initial data of disk;Indicate the encrypting module using new key to having uploaded to the initial data of cloud disk
It is encrypted, ciphertext after encryption is obscured using data mapping tables, generates and new obscure ciphertext;Refer to
Show that new ciphertext of obscuring is uploaded to cloud disk by the communication module by terminal device.
10. a kind of device of data deciphering, the device includes:
Communication module is used to be received from the terminal device of connection the number including obscuring ciphertext downloaded from cloud disk
According to;
Deciphering module is used to be reflected including mixing the data of front position and the mixed rear position of correspondence according to used when encrypting
Firing table obscures described ciphertext and is reduced into original cipher text, and key used is by the original cipher text during using encryption
It is decrypted into initial data;
The initial data that the communication module is additionally operable to decrypt returns to terminal device.
11. devices according to claim 10, it is characterised in that the reception under cloud disk
The data of load include the random factor of encryption;
The deciphering module be used for using encryption when key used to receive data in encrypt it is random because
Son is decrypted;The data mapping tables are obtained according to the random factor;Using the data mapping tables
Ciphertext will be obscured and be reduced into original cipher text.
12. device according to claim 10 or 11, it is characterised in that described device also includes:
Authentication module, for before decryption, pointing out password of the input for verifying;Receive the close of input
After code, verified using the password, indicate the deciphering module to proceed by decryption after being verified.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201511008463.3A CN106936763A (en) | 2015-12-29 | 2015-12-29 | Data encryption and the method and apparatus of decryption |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201511008463.3A CN106936763A (en) | 2015-12-29 | 2015-12-29 | Data encryption and the method and apparatus of decryption |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106936763A true CN106936763A (en) | 2017-07-07 |
Family
ID=59459119
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201511008463.3A Pending CN106936763A (en) | 2015-12-29 | 2015-12-29 | Data encryption and the method and apparatus of decryption |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106936763A (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107295012A (en) * | 2017-08-01 | 2017-10-24 | 贝氏科技有限公司 | Encrypting and deciphering system and method |
CN110999253A (en) * | 2017-08-23 | 2020-04-10 | 高通股份有限公司 | Optimized network layer message processing |
CN112073369A (en) * | 2020-07-29 | 2020-12-11 | 国网浙江桐乡市供电有限公司 | Encrypted communication method based on application layer |
CN112073370A (en) * | 2020-07-29 | 2020-12-11 | 国网浙江桐乡市供电有限公司 | Client encryption communication method |
CN112073179A (en) * | 2020-07-21 | 2020-12-11 | 杜晓楠 | Method for changing node session key in blockchain system, computer readable medium and blockchain system |
CN113469683A (en) * | 2021-06-30 | 2021-10-01 | 建信金融科技有限责任公司 | Key storage method and device, electronic equipment and storage medium |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102624708A (en) * | 2012-02-23 | 2012-08-01 | 浙江工商大学 | Efficient data encryption, updating and access control method for cloud storage |
CN103209202A (en) * | 2012-01-16 | 2013-07-17 | 联想(北京)有限公司 | Method and device for transmitting data |
US8694467B2 (en) * | 2010-03-31 | 2014-04-08 | Xerox Corporation | Random number based data integrity verification method and system for distributed cloud storage |
CN104298926A (en) * | 2013-07-19 | 2015-01-21 | 腾讯科技(深圳)有限公司 | Method and device for running encrypted file |
-
2015
- 2015-12-29 CN CN201511008463.3A patent/CN106936763A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8694467B2 (en) * | 2010-03-31 | 2014-04-08 | Xerox Corporation | Random number based data integrity verification method and system for distributed cloud storage |
CN103209202A (en) * | 2012-01-16 | 2013-07-17 | 联想(北京)有限公司 | Method and device for transmitting data |
CN102624708A (en) * | 2012-02-23 | 2012-08-01 | 浙江工商大学 | Efficient data encryption, updating and access control method for cloud storage |
CN104298926A (en) * | 2013-07-19 | 2015-01-21 | 腾讯科技(深圳)有限公司 | Method and device for running encrypted file |
Non-Patent Citations (1)
Title |
---|
徐汇文 等: "基于序列块的大文件快速加密方法研究与实现", 《计算机应用与软件》 * |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107295012A (en) * | 2017-08-01 | 2017-10-24 | 贝氏科技有限公司 | Encrypting and deciphering system and method |
CN110999253A (en) * | 2017-08-23 | 2020-04-10 | 高通股份有限公司 | Optimized network layer message processing |
CN110999253B (en) * | 2017-08-23 | 2021-03-05 | 高通股份有限公司 | Mesh device, method thereof, computer-readable medium, and electronic apparatus |
CN112073179A (en) * | 2020-07-21 | 2020-12-11 | 杜晓楠 | Method for changing node session key in blockchain system, computer readable medium and blockchain system |
CN112073179B (en) * | 2020-07-21 | 2024-05-17 | 杜晓楠 | Method for replacing node session key in blockchain system, computer readable medium and blockchain system |
CN112073369A (en) * | 2020-07-29 | 2020-12-11 | 国网浙江桐乡市供电有限公司 | Encrypted communication method based on application layer |
CN112073370A (en) * | 2020-07-29 | 2020-12-11 | 国网浙江桐乡市供电有限公司 | Client encryption communication method |
CN112073369B (en) * | 2020-07-29 | 2022-06-17 | 国网浙江桐乡市供电有限公司 | Encrypted communication method based on application layer |
CN113469683A (en) * | 2021-06-30 | 2021-10-01 | 建信金融科技有限责任公司 | Key storage method and device, electronic equipment and storage medium |
CN113469683B (en) * | 2021-06-30 | 2022-09-27 | 建信金融科技有限责任公司 | Key storage method and device, electronic equipment and storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106936763A (en) | Data encryption and the method and apparatus of decryption | |
US8712041B2 (en) | Content protection apparatus and content encryption and decryption apparatus using white-box encryption table | |
CN103873454B (en) | Authentication method and equipment | |
US9729540B2 (en) | System and method for user authentication | |
CN109150835A (en) | Method, apparatus, equipment and the computer readable storage medium of cloud data access | |
US20120233462A1 (en) | Method and system for automatically logging in a client | |
CN106599723B (en) | File encryption method and device and file decryption method and device | |
CN102420821A (en) | Method and system for improving transmission security of file | |
CN102684877A (en) | Method and device for carrying out user information processing | |
JP2018502524A (en) | Encryption control for information, information analysis method, system and terminal | |
CN106972927A (en) | A kind of encryption method and system for different safety class | |
JP2016528845A (en) | ID authentication system, apparatus, method, and ID authentication request apparatus | |
CN111615105A (en) | Information providing method, information obtaining method, information providing device, information obtaining device and terminal | |
CN101621794A (en) | Method for realizing safe authentication of wireless application service system | |
US9641328B1 (en) | Generation of public-private key pairs | |
CN106355106A (en) | Account information storing method and system | |
CN104219044A (en) | Key secret method for encrypting storing device | |
CN101859351A (en) | System and method for ensuring safe read of data stored in storage | |
CN102404337A (en) | Data encryption method and device | |
CN106897631A (en) | Data processing method, apparatus and system | |
CN103236934A (en) | Method for cloud storage security control | |
CN104579680A (en) | Method for safe distribution of seed | |
CN105791258A (en) | Data transmission method, terminal and open platform | |
CN108270561A (en) | Data transmission method for uplink and device, the generation method of cipher key index and device | |
US9654455B2 (en) | Communication system, communication device, key management apparatus, and communication method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170707 |