CN112367159A - Medical data safety storage oriented hybrid encryption and decryption method and system - Google Patents

Medical data safety storage oriented hybrid encryption and decryption method and system Download PDF

Info

Publication number
CN112367159A
CN112367159A CN202011236546.9A CN202011236546A CN112367159A CN 112367159 A CN112367159 A CN 112367159A CN 202011236546 A CN202011236546 A CN 202011236546A CN 112367159 A CN112367159 A CN 112367159A
Authority
CN
China
Prior art keywords
key
encryption
ciphertext
rsa
algorithm
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202011236546.9A
Other languages
Chinese (zh)
Other versions
CN112367159B (en
Inventor
康海燕
邓婕
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Information Science and Technology University
Original Assignee
Beijing Information Science and Technology University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Information Science and Technology University filed Critical Beijing Information Science and Technology University
Priority to CN202011236546.9A priority Critical patent/CN112367159B/en
Publication of CN112367159A publication Critical patent/CN112367159A/en
Application granted granted Critical
Publication of CN112367159B publication Critical patent/CN112367159B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16HHEALTHCARE INFORMATICS, i.e. INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR THE HANDLING OR PROCESSING OF MEDICAL OR HEALTHCARE DATA
    • G16H10/00ICT specially adapted for the handling or processing of patient-related medical or healthcare data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/045Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0625Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation with splitting of the data block into left and right halves, e.g. Feistel based algorithms, DES, FEAL, IDEA or KASUMI
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3006Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
    • H04L9/302Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters involving the integer factorization problem, e.g. RSA or quadratic sieve [QS] schemes
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Abstract

The invention relates to a medical data safety storage-oriented hybrid encryption and decryption method, which comprises the steps that a sender encrypts a key for DES encryption by using RSA to form a ciphertext CK, encrypts a plaintext and a digital signature by using the RSA decryption key and a public encryption key together, combines the encrypted plaintext and the digital signature with the ciphertext CK to form a ciphertext C, and then sends the ciphertext C; and the receiver receives the ciphertext C, decrypts the key K in the ciphertext C by using the RSA decryption key Kdb, and then decrypts the plaintext and the digital signature MA by using the key K. The invention carries out double encryption on the encrypted information, strengthens the safety intensity of the algorithm, inherits the characteristics of a public key encryption system, does not need to worry about the related problems of key management, and is an ideal scheme for safe storage of medical data.

Description

Medical data safety storage oriented hybrid encryption and decryption method and system
Technical Field
The invention relates to the field of data encryption, in particular to a medical data safety storage oriented hybrid encryption and decryption method and system.
Background
Data encryption technology is the most common and important technology for ensuring the security of network information, and is also the most important research direction in cryptography. Cryptography is an emerging interdisciplinary that studies the encryption, decryption, and transformation of data information. Earlier in foreign research on cryptography, many practical Encryption algorithms have been proposed, such as des (data Encryption standard), RSA (Rivest-Shamir-advanced), aes (advanced Encryption standard), and ecc (explicit cultures Encryption) algorithms. The Liu's encryption algorithm is well known in China. The performance of the cryptosystem is mainly determined by the cryptoalgorithm, different cryptosystems are determined by different algorithms, and different cryptosystems have different advantages and disadvantages. Some algorithms are high-speed, simple and convenient, but encryption and decryption keys are the same, and key management is difficult; some algorithm keys are convenient and safe to manage, but are high in calculation overhead and low in processing speed.
The data encryption technology is known as the core technology of information security, and is mainly divided into symmetric encryption and asymmetric encryption, which are represented by DES algorithm and RSA algorithm, respectively. The DES algorithm is a block encryption algorithm, the calculation efficiency is high, the encryption speed is high, but the security depends on a secret key, while the RSA algorithm is an algorithm based on big number decomposition, a double-key system of a public key and a private key is adopted, the cracking difficulty is equal to the product of two big prime numbers, so the RSA algorithm is high in security, but the calculation cost is large, and the encryption speed is low. Although there is no effective way to decipher them in a short time, these conventional data encryption algorithms are no longer secure as the computer software and hardware are continuously developed to make the performance of the computer change day by day.
Data encryption technology is a technology of processing data (also referred to as plaintext) to be protected according to a predetermined encryption transformation method (encryption algorithm) to transform the data into data (ciphertext) that is difficult to recognize. The inverse process of data encryption, i.e. the process of recovering the ciphertext into plaintext according to the corresponding decryption transformation method (decryption algorithm), is called data decryption. In encryption technology, the key-based encryption algorithms can be divided into two categories: symmetric encryption techniques and asymmetric encryption techniques, the most influential of which are the data encryption DES algorithm and the RSA algorithm.
At present, DES and RSA algorithms are researched more at home and abroad, the DES algorithm and the RSA algorithm are improved independently, and the DES algorithm and the RSA algorithm are researched in a mixed mode, for example: the encryption algorithm based on triple DES, the rapid encryption algorithm based on RSA, the mixed data encryption algorithm based on DES and RSA and the like, but the algorithms either only pay attention to security and ignore the complexity of calculation, or accelerate the calculation efficiency but the security cannot be guaranteed, even if both the security and the calculation complexity are considered, the realization difficulty is large, and the practicability is low, so that a mixed encryption scheme with high security performance and high calculation speed is urgently needed in the field.
Disclosure of Invention
The invention aims to provide a medical data safe storage-oriented hybrid encryption and decryption method and system, which solve the problems of insufficient safety, slow calculation speed and poor practicability of important algorithms DES and RSA in the current symmetric encryption technology and asymmetric encryption technology, and further provide a hybrid encryption scheme with high safety performance, high operation speed and good practicability.
In order to achieve the purpose, the invention provides the following scheme:
a hybrid encryption method for secure storage of medical data, the method comprising:
generating a key K for DES encryption;
encrypting the secret key K by using RSA to form a ciphertext CK;
obtain RSA public encryption key Keb;
using an RSA decryption key together with said public encryption key Keb to form a digital signature MA;
encrypting plaintext and the digital signature MA by using the secret key K;
combining the encrypted plaintext and the encrypted digital signature MA with the ciphertext CK to form a ciphertext C;
and transmitting the ciphertext C.
Optionally, the specific form of the ciphertext CK is as follows: CK, keb (K) ═ CK.
Optionally, the specific form of the ciphertext C is as follows: c ═ K (plaintext, MA) + CK.
A hybrid encryption system oriented to secure storage of medical data, the system comprising:
a DES key generation unit for generating a key K for DES encryption;
the first encryption unit is used for encrypting the secret key K by using RSA to form a ciphertext CK;
a public encryption key acquisition unit for acquiring an RSA public encryption key Keb;
a first digital signature generation unit for forming a digital signature MA using an RSA decryption key together with the public encryption key Keb;
a second encryption unit configured to encrypt a plaintext and the digital signature MA using the key K;
the ciphertext generating unit is used for combining the encrypted plaintext, the encrypted digital signature MA and the ciphertext CK to form a ciphertext C;
and the sending unit is used for sending the ciphertext C.
A hybrid decryption method oriented to secure storage of medical data, the method comprising:
receiving a ciphertext C;
decrypting the key K in the ciphertext C by using an RSA decryption key Kdb;
and decrypting the plaintext and the digital signature MA by using the secret key K.
Optionally, after the decrypting the plaintext and the digital signature MA by using the key K, the method further includes:
obtain public key Kea;
the public key Kea and the decryption key Kdb are used for identity verification of the signature information;
carrying out digital processing on the signature information to form signature information of a receiver;
and sending the signature information of the receiver to the sender to confirm the received information.
Optionally, sending the signature information of the receiving party to the sending party to confirm that the information is received, further including:
both the sender and the receiver delete the key K.
A hybrid decryption system oriented to secure storage of medical data, the system comprising:
a receiving unit, configured to decrypt the key K in the ciphertext C using a decryption key Kdb;
and the decryption unit decrypts the plaintext and the digital signature MA by using the key K.
Optionally, the system further comprises a receiving-side processing unit for
Obtain the sender's public key Kea;
the public key Kea and the decryption key Kdb are used for identity verification of the signature information;
carrying out digital processing on the signature information to form signature information of a receiver;
and sending the signature information of the receiver to the sender to confirm the received information.
A hybrid encryption and decryption method for medical data secure storage, the method comprising:
the sender generates a key K for DES encryption;
encrypting the secret key K by using RSA to form a ciphertext CK;
obtain RSA public encryption key Keb;
using an RSA decryption key together with said public encryption key Keb to form a digital signature MA;
encrypting plaintext and the digital signature MA by using the secret key K;
combining the encrypted plaintext and the encrypted digital signature MA with the ciphertext CK to form a ciphertext C;
sending the ciphertext C to a receiving party;
the receiver decrypts the key K in the ciphertext C by using the RSA decryption key Kdb;
and decrypting the plaintext and the digital signature MA by using the secret key K.
According to the specific embodiment provided by the invention, the invention discloses the following technical effects:
the invention carries out double encryption on the encrypted information, strengthens the safety intensity of the algorithm, realizes local independence, avoids the threat of brute force cracking of the secret key, supplements each other, and has higher operation efficiency because of only double encryption.
The hybrid encryption scheme provided by the invention inherits the characteristics of a public key encryption system, so that the key management related problems do not need to be worried about, and the hybrid encryption scheme is an ideal scheme for safe storage of medical data.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings needed to be used in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings without inventive exercise.
Fig. 1 is a control flowchart of a hybrid encryption method for secure storage of medical data according to an embodiment of the present invention.
Fig. 2 is a schematic composition diagram of a hybrid encryption system for secure storage of medical data according to an embodiment of the present invention.
Fig. 3 is a control flowchart of a hybrid decryption method for secure storage of medical data according to a second embodiment of the present invention.
Fig. 4 is a schematic composition diagram of a hybrid decryption system for secure storage of medical data according to a second embodiment of the present invention.
Fig. 5 is a control flow chart of a hybrid encryption and decryption method for secure storage of medical data according to a third embodiment of the present invention.
Fig. 6 is a schematic diagram of TDEA encryption and decryption processes of a medical data secure storage-oriented hybrid encryption and decryption method according to a third embodiment of the present invention.
Fig. 7 is a schematic diagram of the encryption and decryption processes of the HDDES algorithm of the medical data secure storage-oriented hybrid encryption and decryption method according to the third embodiment of the present invention.
Fig. 8 is a time comparison diagram of DES and RSA algorithm encryption times of a hybrid encryption and decryption method for secure storage of medical data according to a third embodiment of the present invention.
Fig. 9 is a schematic diagram of a hybrid encryption scheme based on HDDES and IPNRSA for a hybrid encryption and decryption method for secure storage of medical data according to a third embodiment of the present invention.
Fig. 10 is a comparison diagram before and after encryption of medical electronic medical record data according to a hybrid encryption and decryption method for secure storage of medical data according to a third embodiment of the present invention.
Fig. 11 is a comparison diagram before and after decryption of medical electronic medical record data according to the hybrid encryption and decryption method for secure storage of medical data according to the third embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The invention aims to provide a medical data safety storage-oriented hybrid encryption and decryption method and system, and solves the problems of insufficient safety, low calculation speed and poor practicability of important algorithms DES and RSA in the current symmetric encryption technology and asymmetric encryption technology.
In order to make the aforementioned objects, features and advantages of the present invention comprehensible, embodiments accompanied with figures are described in further detail below.
The first embodiment is as follows:
as shown in fig. 1, a hybrid encryption method for secure storage of medical data is provided, where a sender is a (the encryption key is Kea, the decryption key is Kda), and a receiver is B (the encryption key is Keb, the decryption key is Kdb), and the implementation steps of the encryption scheme are as follows
A1, generating a key K for DES encryption;
the sender generates a key K for DES encryption, each key K being used only once in order to improve data security. The DES key can be any 56-bit number, so that a user can randomly generate the DES key, and the DES key is only 56 bits long, so that the processing efficiency is extremely high.
A2, encrypting the key K by RSA to form a ciphertext CK;
the sender obtains the public encryption key Keb of the receiver's RSA from the key server and encrypts key K of DES with Keb to form a ciphertext CK. The advantage of a public encryption key is that the key does not need to be delivered via a secure channel, which greatly simplifies key management, but requires a private key for encryption and decryption of the data actually transmitted.
A3, obtaining an RSA public encryption key Keb;
a4, using RSA decryption key and the public encryption key Keb to form a digital signature MA;
the sender generates the information to be signed and forms together the digital signature MA with its own RSA decryption keys Kda and Keb. The initial idea and target of RSA algorithm development are to make the Internet secure and reliable, and aim to solve the problem of using public channel to transmit DES algorithm key, which not only solves the problem well, but also can be used to complete the digital signature of telegraph text.
A5, encrypting plaintext and the digital signature MA by using the key K;
a6, combining the encrypted plaintext and the encrypted digital signature MA with the ciphertext CK to form a ciphertext C;
after encrypting the plaintext and signed information with K, the sender then forms a ciphertext C together with Ck for transmission to the recipient. C ═ K (plaintext, MA) + CK.
And A7, sending the ciphertext C.
The DES algorithm and the RSA algorithm are relatively excellent algorithms that have been tested for a long time in data encryption, but are still insufficient in processing efficiency, key management, and the like, and are described below separately.
The Data Encryption Standard (DES) algorithm is a block Encryption algorithm, which encrypts Data by using 64 bits (byte) as a block, wherein 8-bit parity check exists, and the effective key length is 56 bits. The encryption and decryption of the DES algorithm use the same algorithm (different key sequence), and its security depends on the key used.
The DES encryption algorithm is implemented by dividing 64-bit data into two parts (L, R) of 32 bits, using XOR operation and sign
Figure BDA0002766875510000061
And (4) showing. The encryption process can be summarized as follows:
the 64bit plaintext is initially transformed and recorded as IP.
Carrying out 16 times of iteration operations on the plaintext after the initial transformation, and respectively recording as T1,T2,…,T16. Each iteration is divided into a left part and a right part, each 32 bits, and is expressed as (L)n,Rn). The relationship between adjacent iterations is as follows (1) and (2):
Ln=Rn-1 (1)
Figure BDA0002766875510000071
wherein, KnRepresenting 16 subkeys of 48bit length used in 16 iterations. They are all generated by transforming the 56bit key, and each subkey is different.
After iterative operation, through a last transformation IP-1And (6) processing. The last transformation and the initial transformation are inverse transformation to each other, namely, the condition is satisfied:
IPIP-1=1 (3)
the DES encryption process can be expressed simply by the following equation (4):
DES(m)=IP-1(T16(…(T2(T1IP(m))))) (4)
the DES decryption process can be expressed simply by the following equation (5):
DES(m)=IP-1(T1(···(T15(T16IP(m))))) (5)
the RSA algorithm is proposed mainly based on the difficulty of factorization of large numbers, because it is easy to obtain the product of two large prime numbers, but it is difficult to factor the product. Therefore, the product of two large prime numbers can be exposed as a public key, while a prime number is factored into a private key. It is very difficult to break the plaintext out using the public key and the ciphertext to break the product of two large prime numbers, i.e. the security of the RSA algorithm is based on the difficulty of the product of the large prime numbers and the break factor.
The specific encryption and decryption method of the RSA algorithm is summarized as follows:
two large prime numbers p and q with similar digits are selected, but the values of the two numbers p and q cannot be close to each other.
The products n ═ p × q and Φ (n) ═ p-1 × (q-1) are calculated, where n represents the product of two large prime numbers.
Arbitrarily selecting an encryption key e1So that e1And (p-1) × (q-1) coprime, i.e., gcd (e, Φ (n)) ═ 1.
Calculating a decryption key e2So that e1e21mod phi (n), i.e. e1And e2Reciprocal, e2And n are coprime.
The encryption function is:
Figure BDA0002766875510000072
the decryption function is:
Figure BDA0002766875510000073
where m is plaintext and c is ciphertext. { e1N is a public key, e2For the private key, n is generally 1024 bits or more in length.
When RSA encrypts a plaintext M, the plaintext M is first divided into data packets of appropriate size, and then each packet is encrypted separately, and the length of each packet should be smaller than n bits.
In the aspect of processing efficiency of encryption and decryption, the DES algorithm is superior to the RSA algorithm, and because the length of the DES key is only 56 bits, the processing speed of the RSA algorithm in processing of multiple word length is obviously slower than that of the DES algorithm.
In the aspect of key management, the RSA algorithm is more superior to the DES algorithm, because the RSA algorithm can adopt a public form to distribute encryption keys, the updating of the encryption keys is easy, and the RSA algorithm only needs to keep secret to the decryption keys of different communication objects; the DES algorithm requires secret distribution of a key before communication, and is difficult to replace, and the DES algorithm needs to generate and store different keys for different communication targets.
The DES algorithm and the RSA algorithm are good in safety, and no effective method for deciphering the DES algorithm and the RSA algorithm in a short time exists at present. The DES algorithm is in principle impossible to implement for digital signature and identity authentication, but the RSA algorithm can be easily performed.
Generally speaking, the DES algorithm and the RSA algorithm have short and long lengths respectively, and the invention designs an encryption scheme which integrates the advantages of the DES algorithm and the RSA algorithm and avoids the defects of the DES algorithm and the RSA algorithm. The basic principle is as follows: before data communication, a message is encrypted in plain text by using a DES algorithm, and meanwhile, a DES key is encrypted by using an RSA algorithm and digital signature is realized. If the symmetric cipher system DES is used and the RSA asymmetric cipher key cipher system is used to transmit the DES cipher key, the high-speed convenience of DES and the convenience and safety of RSA cipher key management can be comprehensively exerted. Meanwhile, aiming at the method, the invention also provides a hybrid encryption system for medical data secure storage, as shown in fig. 2, the system comprises:
a DES key generation unit for generating a key K for DES encryption;
the first encryption unit is used for encrypting the secret key K by using RSA to form a ciphertext CK;
a public encryption key acquisition unit for acquiring an RSA public encryption key Keb;
a first digital signature generation unit for forming a digital signature MA using an RSA decryption key together with the public encryption key Keb;
a second encryption unit configured to encrypt a plaintext and the digital signature MA using the key K;
the ciphertext generating unit is used for combining the encrypted plaintext, the encrypted digital signature MA and the ciphertext CK to form a ciphertext C;
and the sending unit is used for sending the ciphertext C.
The mixed Encryption method and the system for medical Data safe storage provided by the embodiment of the invention firstly analyze the advantages and the defects of DES on the basis of the traditional DES and RSA algorithms, improve the DES Algorithm by combining the advantages of Triple Data Encryption Algorithm (TDEA) and Independent Sub-Key DES Encryption Algorithm (ISKDES), provide a mixed double DES Encryption Algorithm (HDDES), then carry out detailed research on a method for judging the prime number influencing the modular exponentiation speed of the RSA Algorithm, improve the original prime number judging method on the basis of not influencing the RSA security, and finally combine the RSA Algorithm (RSA Algorithm and the IPDES Encryption Algorithm) based on improved prime number judgment, a mixed encryption scheme based on HDDES and IPNRSA is formed, so that medical data can be stored safely and effectively.
Example two:
as shown in fig. 3, a hybrid decryption method oriented to secure storage of medical data, the method includes:
b1, receiving a ciphertext C; the receiving side receives the ciphertext C transmitted from the transmitting side.
B2, decrypting the key K in the ciphertext C by using an RSA decryption key Kdb;
after receiving the ciphertext C, the receiving party decrypts the DES key K in the C by using the decryption key Kdb of the receiving party.
B3, decrypting the plaintext and the digital signature MA by using the key K.
B4, obtaining a public key Kea;
b5, using the public key Kea and the decryption key Kdb to identify the signature information; the recipient authenticates the signature information with the sender's public key Kea and its own decryption key Kdb.
B6, carrying out digital processing on the signature information to form signature information of a receiver;
b7, sending the signature information of the receiver to the sender to confirm the received information.
B8, sender and receiver each delete the key K.
The DES algorithm key is too short, the encryption unit is only 64-bit binary, and 8 bits are applied to parity or other communication overhead, so its valid key is only 56 bits. This will inevitably reduce the security of the DES. As computer performance has developed, methods have been found to brute force DES keys, and as computers have become more powerful, 56-bit keys of DES cannot support security-critical applications at all.
And weak keys exist in the DES algorithm. There are 12 semi-weak keys and 4 weak keys in the DES algorithm. Since the key is divided into two parts in the process of generating the subkeys, if the two parts are divided into all 0 s or all 1 s, the subkeys generated in each round are the same. When the keys are all 0 or all l, or are each half of l or 0, weak keys or half-weak keys will be generated, which will reduce the security of the DES.
At present, the following methods are mainly used for the RSA algorithm attack:
forced cracking: try all private keys; mathematical attack: factoring the product of two prime numbers; timing attack: depending on the execution time of the decryption algorithm. In order to prevent the RSA algorithm from being forcibly broken, an ultra-long key must be used, so the greater the number of bits of the two large prime numbers p and q taken, the better, but this also makes the key generation speed, encryption and decryption speed slower and slower. For the two remaining attacks, the security of RSA is based on the difficulty of multiplying and integrating large prime numbers, so that cracking or breaking almost impossible at present is very costly.
RSA algorithm key generation is cumbersome. Since two large prime numbers p, q must be used to generate the key for RSA, it is difficult to use almost once pad, limited to prime number generation techniques. And its encryption speed is slow. The RSA algorithm not only has high security which is not available in DES, but also has quite popular and easy-to-understand algorithm process. However, the encryption speed is sacrificed in the background of high security, the p, q and other large prime numbers of the RSA are randomly generated by using a deterministic prime number judgment algorithm, and the encryption time of the RSA and the DES is almost hundreds of times.
Therefore, the invention combines two encryption algorithms to make up for the deficiencies of the two algorithms to form a mixed encryption scheme based on HDDES and IPNRSA, so that the medical data can be effectively and safely stored. In addition, the mixed encryption scheme based on HDDES and IPNRS inherits the characteristics of a public key encryption system, so that the key management related problems do not need to be worried about, and the mixed encryption scheme is an ideal scheme for safe storage of medical data. Meanwhile, an embodiment of the present invention further provides a hybrid decryption system for secure storage of medical data, as shown in fig. 4, the system includes:
a receiving unit, configured to decrypt the key K in the ciphertext C using a decryption key Kdb;
and the decryption unit decrypts the plaintext and the digital signature MA by using the key K.
A receiver processing unit for acquiring a public key Kea of the sender;
the public key Kea and the decryption key Kdb are used for identity verification of the signature information;
carrying out digital processing on the signature information to form signature information of a receiver;
and sending the signature information of the receiver to the sender to confirm the received information.
The mixed decryption method and the mixed decryption system for the medical data safe storage, provided by the embodiment of the invention, have the advantages that the original 64-bit secret key is expanded to 128 bits, the risk of exhaustive attack of the too short secret key is reduced, then the double encryption is carried out on the encrypted information by taking the advantage of the multiple encryption of the TDEA algorithm into account, the safety strength of the algorithm is enhanced, finally the 12-bit secret key is mapped by referring to the characteristic of the ISKDES algorithm, the local independence is realized, the threat of brute force cracking of the secret key is avoided, the two are complementary, and the operation efficiency is higher than that of the TDEA algorithm due to the fact that only the double encryption is adopted.
Example three:
as shown in fig. 5, a hybrid encryption and decryption method for secure storage of medical data includes:
the sender generates a key K for DES encryption;
encrypting the secret key K by using RSA to form a ciphertext CK;
obtain RSA public encryption key Keb;
using an RSA decryption key together with said public encryption key Keb to form a digital signature MA;
encrypting plaintext and the digital signature MA by using the secret key K;
combining the encrypted plaintext and the encrypted digital signature MA with the ciphertext CK to form a ciphertext C;
sending the ciphertext C;
the receiver receives the ciphertext C and decrypts the key K in the ciphertext C by using the RSA decryption key Kdb;
and decrypting the plaintext and the digital signature MA by using the secret key K.
The invention firstly analyzes the defects of the symmetric encryption algorithm DES, and the defects of the DES are specifically analyzed as follows:
1. the key length is too short. The encryption unit of the DES algorithm is only 64 bits binary and 8 bits are applied for parity or other communication overhead, so its valid key is only 56 bits. This will inevitably reduce the security of the DES algorithm. As computer performance has developed, methods have been found to brute force DES keys, and as computers have become more powerful, 56-bit keys of DES cannot support security-critical applications at all. Due to these obvious deficiencies of DES, the national institute of standards and technology in the united states no longer studied DES in 1997, but instead studied an alternative, Advanced Encryption Standard (AES).
2. A weak key exists. There are 12 semi-weak keys and 4 weak keys in the DES algorithm. Since the key is divided into two parts in the process of generating the subkeys, if the two parts are divided into all 0 s or all 1 s, the subkeys generated in each round are the same. When the keys are all 0 or all l, or are each half of l or 0, weak keys or half-weak keys will be generated, which will reduce the security of the DES.
Then, an improved DES algorithm improved aiming at the defects of the DES algorithm at home and abroad is researched and analyzed, and the method specifically comprises the following steps:
the improved DES algorithm still has many disadvantages, such as low data transmission rate, unsuitability for long-term data protection, and susceptibility to cracking by differential keys. Therefore, there have been many attempts by scholars at home and abroad to improve the DES algorithm, and in this context, a more influential triple DES algorithm (TDEA) and an independent subkey DES algorithm (ISKDES) have been successively proposed.
Triple DES algorithm: to make up for this deficiency, researchers have proposed a Triple DES Encryption Algorithm (TDEA) in which the length of the DES key is increased by three times and three different keys are used for triple encryption and decryption, since the conventional DES algorithm is short in key length and easy to break. The encryption process is as follows: first using a first re-key k1Encrypted and then encrypted with a second re-key k2Decrypting and finally using the third re-key k3Once again encrypted, i.e. C ═ Ek3(DK2(Ek1M)). The decryption is in reverse order, i.e. M ═ Dk1(EK2(Dk3C) ). The core of TDEA is to utilize k1、k2、k3The plaintext is encrypted for a plurality of times, and the key length is three times of that of DES. The TDEA algorithm is specifically implemented as shown in fig. 6, where fig. 6(a) is a TDEA algorithm encryption process, and fig. 6(b) is a TDEA algorithm decryption process, and this method increases the length of the secret key, improves the security strength of the algorithm, and effectively avoids brute force cracking, but increases the calculation time by f-1 times, where f represents a multiple, for example, the complexity of triple encryption time is increased by 3-1 to 2 times, and similarly, the complexity of decryption time is also increased by 3-1 to 2 times, so that this method is suitable for a network system with a network access network (lan) and a network access network (lan) networkThe operation efficiency is very low. In addition, although the key bit number in the TDEA is 168 bits, the threat of brute force cracking cannot be avoided for the current computer computing power.
DES algorithm of independent subkey: the key of the ISKDES algorithm depends on encryption with different randomly generated subkeys, i.e. the subkeys in each iteration are not generated with the same 56-bit binary key. Since each of the 16 iterations uses a 48-bit key, the ISKDES modified DES key length becomes 768 bits. The method can greatly increase the difficulty of exhaustive decryption, thereby improving the encryption strength of DES, but the key length is too long, and the overhead is also increased.
By taking the two excellent algorithm ideas (triple DES algorithm and independent sub-key DES algorithm) as reference, a hybrid double DES encryption algorithm (HDDES) is designed, and the specific steps are as follows:
on the basis of TDEA Algorithm and ISKDES Algorithm, a Hybrid Double DES Encryption Algorithm (HDDES) is provided. The algorithm expands a key of the DES from 64 bits to 128 bits, and divides the key into two sub-keys (64 bits of each sub-key) after mapping through a mapping table (as shown in table 1), which are respectively represented as key1 and key2, then encrypts the plaintext by using 16 sub-keys generated by key1 to generate ciphertext 1, and then encrypts the ciphertext 1 by using 16 sub-keys generated by key2 to generate ciphertext 2, so that the security strength is enhanced by double encryption. The specific process of the HDDES algorithm is shown in fig. 7, where fig. 7(a) shows the encryption process of the HDDES algorithm, and fig. 7(b) shows the decryption process of the HDDES algorithm.
97 98 52 21 101 86 103 54 105 3 107 23 109 83 89 112
17 18 19 20 100 22 108 24 25 26 27 28 29 30 31 32
49 50 51 9 53 104 55 56 57 123 59 60 61 62 63 64
81 82 110 84 85 102 87 88 111 90 91 92 93 94 95 96
65 35 67 68 69 37 71 72 40 74 75 76 117 127 79 80
43 116 106 4 114 6 125 8 9 10 121 12 13 118 15 16
113 5 115 2 77 14 119 41 11 122 58 124 7 126 78 128
33 34 66 36 70 38 39 73 120 42 1 44 45 46 47 48
Table 1 TDEA 128 bit key mapping table
The HDDES algorithm specifically comprises the following steps:
inputting: plaintext M, 128-bit key mapping table
And (3) outputting: double encrypted ciphertext C, double decrypted plaintext M
1. Expanding the key length: expanding the 64-bit key of the original DES to 128-bit length;
2. and (3) key mapping processing: inputting 128-bit keys, mapping according to the mapping table of FIG. 5 to obtain two sub-keys key1 and key2, each sub-key having 64 bits;
3. generating a sub-key: carrying out key processing on the two sub-keys key1 and key2 to respectively obtain 16 sub-keys;
4. plaintext double encryption: after a plaintext is input, the plaintext is encrypted once by using key1 and then encrypted for the second time by using key2 to generate a ciphertext C;
5. outputting a double encrypted ciphertext C;
6. plaintext double decryption: after the ciphertext is input, the ciphertext is decrypted for one time by using key2 and then decrypted for the second time by using key1 to restore the ciphertext into plaintext M;
7. outputting a double decrypted plaintext M;
then, the analysis is carried out aiming at the asymmetric encryption algorithm RSA, and the defect analysis of the RSA is as follows:
at present, the methods for RSA attack mainly include the following methods: forced cracking: try all private keys; second, mathematical attack: factoring the product of two prime numbers; timing attack: depending on the execution time of the decryption algorithm. In order to prevent the RSA algorithm from being forcibly broken, an ultra-long key must be used, so the greater the total number of bits of the two large prime numbers p and q, the better, but this also makes the key generation speed, encryption and decryption speed slower and slower. For the two remaining attacks, the security of RSA is based on the difficulty of multiplying and integrating large prime numbers, so that cracking or breaking almost impossible at present is very costly.
1. Key generation is cumbersome. Since two large prime numbers p, q must be used to generate the key for RSA, it is difficult to use almost once pad, limited to prime number generation techniques.
2. The encryption speed is slow. The RSA algorithm not only has high security which is not available in DES, but also has quite popular and easy-to-understand algorithm process. While the high security comes at the expense of the encryption speed, the encryption speed gap is further illustrated by comparing the time when the DES algorithm and the RSA algorithm encrypt a set of simple data (2KB data volume), as shown in fig. 8. Wherein, the large prime numbers such as p, q, etc. of RSA are all randomly generated by using a deterministic prime number judgment algorithm, and it can be seen that the encryption time of RSA and DES is almost different by hundreds times.
The modified RSA algorithm aiming at the RSA defects at home and abroad is researched and analyzed, and the latest research and analysis of the RSA are as follows:
the RSA algorithm is an algorithm based on large number decomposition, and the safety of RSA is high because large number decomposition is a well-known mathematical problem. Although the hardware of the computer is updated rapidly at present, and the performance of the computer breaks through the limit continuously, a great deal of time is still needed for breaking the decomposition of the large number. In addition, although the RSA algorithm gradually increases the length of the key in order to cope with the rapid development of computer power, the encryption speed of the RSA algorithm is limited by the generation speed of the key. In order to solve the problem of encryption speed of the RSA algorithm, two methods are commonly adopted by researchers at home and abroad. The first method is to improve the implementation of the key algorithm and take some measures to accelerate the operation speed, and the invention starts from this aspect, and researches how to improve the generation of the RSA key and improve the operation speed. The second approach is to find a new public key encryption algorithm to replace RSA, such as a public key encryption algorithm based on elliptic curve (ECC), and the advent of ECC realizes a significant breakthrough in efficiency, but since it is not widely used, a great deal of research is still theoretically based at present.
The core algorithm of the RSA is modular exponentiation of a large prime number, i.e. modular exponentiation of a large number, so to improve the efficiency of the RSA algorithm, the problem of the operation speed of modular exponentiation in the RSA must be solved, the core complexity in the modular exponentiation depends on modular operation, the modular operation includes division operation, and for a computer, the division operation needs to be performed several times of addition, subtraction and multiplication operations, which is time-consuming, so the performance of the RSA algorithm can be significantly improved on the assumption that the modular operation can be reduced as much as possible or even avoided by the RSA algorithm. Based on this, the invention carries on the detailed research to the judging prime number method which influences the RSA algorithm modular exponentiation speed on the premise of ensuring the RSA algorithm security, and carefully compares the advantages and disadvantages of the deterministic and probabilistic two prime number judging algorithms, then uses Montgomery fast exponentiation algorithm to optimize the classical probabilistic prime number judging algorithm-Miller-Rabin algorithm, proposes an Improved Fast Prime Number Judging Algorithm (IFPNJA), finally applies IFPNJA to RSA algorithm, forms an RSA algorithm (IPNRSA) based on the Improved prime number judgment.
The method for judging the prime number comprises the following steps: the method for judging prime numbers is divided into two types on the whole: the first is a deterministic prime number judgment algorithm, and the second is a probabilistic prime number judgment algorithm. A deterministic prime decision algorithm is intended to mean the name by which hundreds of prime numbers are generated, but with certain limitations. The probabilistic prime number judgment algorithm cannot guarantee that the prime number is generated in percentage, but has no great limit, and the speed of generating the prime number is faster than that of the deterministic prime number judgment algorithm. Generally, in actual life, a probabilistic prime number judgment algorithm is mostly adopted, although a percentage of generated prime numbers cannot be guaranteed, generated non-prime numbers are small probability events, and the probabilistic prime number judgment algorithm can generate pseudo prime numbers rapidly and irregularly to meet most requirements.
The most common of the deterministic prime number decision algorithms is the integer divisibility algorithm, i.e. the integer divisibility test, which is the principle that all integers used as divisors are smaller than n, n represents the product of two large prime numbers, and if any one of these numbers can be divided by n, then n is a complex number. The efficiency of the integer division algorithm is very low and its bit operation complexity is exponentially increased.
The well-known algorithms for probabilistic primality determination include: the Miller-Rabin algorithm, the Solovay-Strassen algorithm, the Lehman algorithm and the like, because the invention is improved and limited to space based on the Miller-Rabin probabilistic prime number judgment algorithm, the Miller-Rabin algorithm is only described in detail, and other famous algorithms are not described in detail.
Introduction of Miller-Rabin algorithm: if n is an odd prime number, n-1 ═ 2rm, r are non-negative integers, m is a positive odd number, a is any positive integer prime with n, then amEither [ identical to ] 1(mod n) or for some h (0. ltoreq. h. ltoreq.r-1), equation aw≡ -1(mod n) holds, where w ═ 2hAnd m is selected. It can be shown that the error probability of the Miller-Rabin algorithm is at most 4-1. If n passes t tests, then the probability that n is not prime will be 4-tWhile the error probabilities of the Solovay-Strassen algorithm and the Lehman algorithm are both 2-t
Because the deterministic prime number judgment algorithm has very low efficiency and high complexity and is not suitable for the modular exponentiation of the RSA algorithm, the invention directly adopts the probabilistic prime number judgment algorithm to improve the modular exponentiation of the RSA algorithm. The principle of each probabilistic prime number judgment algorithm shows that the probability of judging the prime number by the Miller-Rabin algorithm is far higher than that of the other two mainstream algorithms, so that the Miller-Rabin algorithm is selected for improvement, the Montgomery fast power algorithm which can greatly reduce the modular power operation is introduced for optimizing the Miller-Rabin algorithm to form an Improved Fast Prime Number Judgment Algorithm (IFPNJA), and the specific process is as follows:
inputting: large number A, B, Miller-Rabin algorithm, modulus N.
And (3) outputting: fast modular multiplication result of large number A, B.
Initial input: two large numbers A, B and a modulus N are input.
Selection cardinality: selecting a positive integer R which is coprime to N as a base number, and requiring that when R is 2kThen, N needs to satisfy: 2k-1≤N≤2kIn addition, the GCD (R, N) is required to be 1, where R may be any base, and for convenience of handling in the present invention, a power based on 2 is used.
Montgomery fast power multiplication: the Montgomery (A, B, N) ABR algorithm is used for simplifying the Miller-Rabin algorithm to carry out modular multiplication operation on the large number A, B-1(modN)。
The fast modular multiplication result of large number A, B is output.
The IFPNJA adopts Montgomery fast power algorithm, and has the main advantage that division is converted into shift operation, so that the calculation process is simplified, and the efficiency of large-number power multiplication operation is improved.
In order to improve the judgment efficiency of applying IFPNJA to the RSA algorithm, all even numbers and numbers which are divided by 5 in an integral way are directly removed in the initial stage of prime number generation, 53 small prime numbers are selected to form a screening array for deep screening, and then IFPNJA is applied to modular exponentiation of the RSA algorithm for rapid screening. All screening methods complement each other to form an RSA algorithm (IPNRSA) based on improved prime number judgment, and the specific improvement steps of the IPNRSA are as follows:
inputting: plaintext M, Miller-Rabin algorithm, random big array N.
And (3) outputting: encrypted ciphertext C, decrypted plaintext M.
Random large number generation: a large array N is randomly generated, except for an even number and a number divisible by 5.
Screening a large array: and selecting 53 small prime numbers and screening the large array N by a complementation method.
Optimizing the Miller-Rabin algorithm: and optimizing the Miller-Rabin algorithm by utilizing a Montgomery rapid power algorithm.
Generating large prime numbers p, q: the above steps are combined with IFPNJA to generate two large prime numbers p, q.
RSA encrypts the plaintext: a plaintext M is input, and an RSA key is generated by two large prime numbers p and q to encrypt the plaintext to generate a ciphertext C.
And outputting the encrypted ciphertext C.
RSA decrypts the plaintext: and inputting the ciphertext C, and generating an RSA key by using two large prime numbers p and q to decrypt the ciphertext to generate a plaintext M.
The decrypted plaintext M is output.
Based on the advantages of the two improved algorithms of the HDDES and the IPNRSA, the two improved algorithms utilize different stages of EMR data of the medical electronic case (namely, carry out mixed encryption), and further form a mixed encryption scheme oriented to medical data secure storage, which specifically comprises the following steps:
because the encryption and decryption processes (such as DES) of the symmetric encryption algorithm are very fast, the encryption efficiency is very high, the method is very suitable for the encryption of medical electronic medical record data EMR with fast update frequency and huge data volume, but the encryption and decryption (such as RSA) of the asymmetric encryption algorithm are very slow, the encryption efficiency is very low, the method is not suitable for the encryption of medical record data, but the security is very high due to the difficulty in cracking and the fear of stealing the key, so that the mixed encryption scheme combining the symmetric encryption and the asymmetric encryption is adopted to solve the problem, namely the medical data is subjected to mixed encryption by adopting HDDES and IPNRSA, and the specific process is shown in FIG. 9 and summarized as follows:
and the sender encrypts the medical data plaintext by using the HDDES key to obtain an encrypted ciphertext.
The sender encrypts the HDDES key information by using the public key of the IPNRSA to obtain an encryption key.
And the sender sends the mixed information of the encrypted ciphertext and the encrypted key.
And after the receiving party receives the mixed information, the private key of the IPNRSA is used for decrypting the encryption key to obtain the HDDES key.
And the receiver decrypts the encrypted ciphertext by using the HDDES key obtained by decryption to obtain the medical data plaintext.
The above-described hybrid encryption strategy based on HDDES and IPNRSA not only improves the efficiency of encrypting the medical data EMR but also ensures the security of transmitting the medical data EMR.
The invention adopts the real medical electronic medical record data picture (EMR picture) to carry out encryption and decryption, the experimental result is shown in fig. 10 and fig. 11, and the experimental analysis is as follows.
The medical data picture plaintext encryption effect is obvious. It can be seen from the left half of fig. 10 that the text part of the medical data picture before encryption is clearly visible, and then the medical data picture ciphertext (see the right half of fig. 10) is obtained after the encryption operation is performed, it can be seen from the right half of fig. 10 that almost all the text parts cannot be recognized by human eyes, and the text parts are represented in a messy code form when the operation of viewing the source file is performed in the background, which fully shows the encryption effectiveness of the hybrid encryption scheme provided by the present invention.
The medical data picture ciphertext decryption effect is obvious. From the left half of fig. 11, it can be seen that the medical data picture before decryption is completely blurred and hardly recognizable, and then the decryption operation is performed to obtain the medical data picture ciphertext (see the right half of fig. 11), and compared with the left half of fig. 10, it is obvious that the picture before encryption and decryption is almost lossless, which fully indicates the decryption effectiveness of the hybrid encryption scheme proposed by the present invention.
The invention has discussed the Triple DES Encryption Algorithm (TDEA) and Independent Sub Key DES Encryption Algorithm (ISKDES) the advantage and disadvantage of the Triple DES Encryption Algorithm, on the basis of TDEA Algorithm and ISKDES Algorithm, have proposed a mixed Double DES Encryption Algorithm (Hybrid Double DES Encryption Algorithm, HDDES), HDDES Algorithm has gathered TDEA and ISKDES advantage together, HDDES expand original 64bit cipher Key to 128 bits at first, have reduced the risk that the cipher Key is exhausted and attacked too short, then the advantage that TDEA Algorithm multiple Encryption, carry on the Double Encryption to the Encryption information, has strengthened the security intensity of the Algorithm, consult ISKDES characteristic of Algorithm map 12 bit cipher keys finally, have realized the partial independence, avoid the threat that the cipher Key is broken by the strength, both assist and become mutually, and because there are Double TDEA, the operation efficiency is higher than TDEA Encryption Algorithm.
Meanwhile, the invention also discusses the advantages and disadvantages of two prime number judgment algorithms of certainty and probability, and provides an Improved Fast Prime Number Judgment Algorithm (IFPNJA) on the basis of a Miller-Rabin probability prime number judgment algorithm, wherein the IFPNJA adopts Montgomery fast power algorithm, and the main advantage of converting division into shift operation is that the calculation process is simplified, and the efficiency of large number power multiplication operation is improved. Finally, IFPNJA is applied to an RSA algorithm to form an RSA algorithm (RSA algorithm based on improved prime number judgment, IPNRSA) based on improved prime number judgment.
Because the advantages and the disadvantages of the symmetrical encryption algorithm and the asymmetrical encryption algorithm in the aspect of medical electronic medical record data EMR with high updating frequency and huge data volume, the HDDES encryption algorithm and the IPNRSA encryption algorithm are combined to make up for the deficiencies of each other, and a mixed encryption scheme based on HDDES and IPNRSA is formed, so that the medical data can be safely stored. In addition, the mixed encryption scheme based on HDDES and IPNRSA inherits the characteristics of a public key encryption system, so that the key management related problems do not need to be worried about, and the mixed encryption scheme is an ideal scheme for safe storage of medical data.
The embodiments in the present description are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. For the system disclosed by the embodiment, the description is relatively simple because the system corresponds to the method disclosed by the embodiment, and the relevant points can be referred to the method part for description.
The principles and embodiments of the present invention have been described herein using specific examples, which are provided only to help understand the method and the core concept of the present invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, the specific embodiments and the application range may be changed. In view of the above, the present disclosure should not be construed as limiting the invention.

Claims (10)

1. A hybrid encryption method for medical data secure storage is characterized by comprising the following steps:
generating a key K for DES encryption;
encrypting the secret key K by using RSA to form a ciphertext CK;
obtain RSA public encryption key Keb;
using an RSA decryption key together with said public encryption key Keb to form a digital signature MA;
encrypting plaintext and the digital signature MA by using the secret key K;
combining the encrypted plaintext and the encrypted digital signature MA with the ciphertext CK to form a ciphertext C;
and transmitting the ciphertext C.
2. Hybrid encryption method for secure storage of medical data according to claim 1,
the specific form of the ciphertext CK is as follows: CK, keb (K) ═ CK.
3. Hybrid encryption method for secure storage of medical data according to claim 1,
the specific form of the ciphertext C is as follows: c ═ K (plaintext, MA) + CK.
4. A hybrid encryption system for secure storage of medical data, the system comprising:
a DES key generation unit for generating a key K for DES encryption;
the first encryption unit is used for encrypting the secret key K by using RSA to form a ciphertext CK;
a public encryption key acquisition unit for acquiring an RSA public encryption key Keb;
a first digital signature generation unit for forming a digital signature MA using an RSA decryption key together with the public encryption key Keb;
a second encryption unit configured to encrypt a plaintext and the digital signature MA using the key K;
the ciphertext generating unit is used for combining the encrypted plaintext, the encrypted digital signature MA and the ciphertext CK to form a ciphertext C;
and the sending unit is used for sending the ciphertext C.
5. A hybrid decryption method oriented to medical data secure storage is characterized by comprising the following steps:
receiving a ciphertext C;
decrypting the key K in the ciphertext C by using an RSA decryption key Kdb;
and decrypting the plaintext and the digital signature MA by using the secret key K.
6. The hybrid decryption method oriented to the secure storage of medical data according to claim 5, wherein after the decrypting the plaintext and the digital signature MA by using the key K, the method further comprises:
obtain public key Kea;
the public key Kea and the decryption key Kdb are used for identity verification of the signature information;
carrying out digital processing on the signature information to form signature information of a receiver;
and sending the signature information of the receiver to the sender to confirm the received information.
7. The hybrid decryption method oriented to medical data secure storage according to claim 6, wherein after sending the recipient signature information to the sender to confirm the receipt of the information, the method further comprises:
both the sender and the receiver delete the key K.
8. A hybrid decryption system oriented to secure storage of medical data, the system comprising:
a receiving unit, configured to decrypt the key K in the ciphertext C using a decryption key Kdb;
and the decryption unit decrypts the plaintext and the digital signature MA by using the key K.
9. Hybrid decryption system for secure storage of medical data according to claim 8,
further comprising a receiver processing unit for obtaining a public key Kea of the sender;
the public key Kea and the decryption key Kdb are used for identity verification of the signature information;
carrying out digital processing on the signature information to form signature information of a receiver;
and sending the signature information of the receiver to the sender to confirm the received information.
10. A hybrid encryption and decryption method for medical data secure storage is characterized by comprising the following steps:
the sender generates a key K for DES encryption;
encrypting the secret key K by using RSA to form a ciphertext CK;
obtain RSA public encryption key Keb;
using an RSA decryption key together with said public encryption key Keb to form a digital signature MA;
encrypting plaintext and the digital signature MA by using the secret key K;
combining the encrypted plaintext and the encrypted digital signature MA with the ciphertext CK to form a ciphertext C;
sending the ciphertext C;
the receiver receives the ciphertext C and decrypts the key K in the ciphertext C by using the RSA decryption key Kdb;
and decrypting the plaintext and the digital signature MA by using the secret key K.
CN202011236546.9A 2020-11-09 2020-11-09 Mixed encryption and decryption method and system for medical data secure storage Active CN112367159B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011236546.9A CN112367159B (en) 2020-11-09 2020-11-09 Mixed encryption and decryption method and system for medical data secure storage

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011236546.9A CN112367159B (en) 2020-11-09 2020-11-09 Mixed encryption and decryption method and system for medical data secure storage

Publications (2)

Publication Number Publication Date
CN112367159A true CN112367159A (en) 2021-02-12
CN112367159B CN112367159B (en) 2023-08-29

Family

ID=74509335

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011236546.9A Active CN112367159B (en) 2020-11-09 2020-11-09 Mixed encryption and decryption method and system for medical data secure storage

Country Status (1)

Country Link
CN (1) CN112367159B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112863676A (en) * 2021-04-23 2021-05-28 攀枝花市妇幼保健院(攀枝花市妇幼保健服务中心) Doctor advice push management system based on multiple signature technology

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101262341A (en) * 2008-02-22 2008-09-10 北京航空航天大学 A mixed encryption method in session system
WO2012152956A1 (en) * 2011-05-09 2012-11-15 PÉREZ I GIL, Antoni Shannon security double symmetrical cryptogram method by coding information for telematic and electronic transmission
US20190036678A1 (en) * 2015-01-12 2019-01-31 Morphology, LLC Systems and methods for implementing an efficient, scalable homomorphic transformation of encrypted data with minimal data expansion and improved processing efficiency
CN110113340A (en) * 2019-05-09 2019-08-09 程丁 Based on distribution RSA in Hadoop platform and DES mixed encryption method
CN110535868A (en) * 2019-09-05 2019-12-03 山东浪潮商用系统有限公司 Data transmission method and system based on Hybrid Encryption algorithm

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101262341A (en) * 2008-02-22 2008-09-10 北京航空航天大学 A mixed encryption method in session system
WO2012152956A1 (en) * 2011-05-09 2012-11-15 PÉREZ I GIL, Antoni Shannon security double symmetrical cryptogram method by coding information for telematic and electronic transmission
US20190036678A1 (en) * 2015-01-12 2019-01-31 Morphology, LLC Systems and methods for implementing an efficient, scalable homomorphic transformation of encrypted data with minimal data expansion and improved processing efficiency
CN110113340A (en) * 2019-05-09 2019-08-09 程丁 Based on distribution RSA in Hadoop platform and DES mixed encryption method
CN110535868A (en) * 2019-09-05 2019-12-03 山东浪潮商用系统有限公司 Data transmission method and system based on Hybrid Encryption algorithm

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
WENPING GUO等: "Security design for instant messaging system based on RSA and triple DES", 《2009 INTERNATIONAL CONFERENCE ONIMAGE ANALYSIS AND SIGNAL PROCESSING》 *
康海燕等: "差分隐私保护在数据挖掘中应用综述", 《山东大学学报》 *
陈菲;李少轩;: "改进的RSA加密算法在智能药箱数据存储中的应用", 网络安全技术与应用, no. 04 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112863676A (en) * 2021-04-23 2021-05-28 攀枝花市妇幼保健院(攀枝花市妇幼保健服务中心) Doctor advice push management system based on multiple signature technology

Also Published As

Publication number Publication date
CN112367159B (en) 2023-08-29

Similar Documents

Publication Publication Date Title
Singh A study of encryption algorithms (RSA, DES, 3DES and AES) for information security
Orobosade et al. Cloud application security using hybrid encryption
US20040034772A1 (en) Method and system for accelerated data encryption
Iyer et al. A novel idea on multimedia encryption using hybrid crypto approach
US8331558B2 (en) Method of cipher block chaining using elliptic curve cryptography
Mahesh et al. Design of new security algorithm: Using hybrid Cryptography architecture
Bhatele et al. A novel approach to the design of a new hybrid security protocol architecture
WO2009115824A1 (en) Encryption method
Achkoun et al. SPF-CA: A new cellular automata based block cipher using key-dependent S-boxes
Hoobi Efficient hybrid cryptography algorithm
Sood et al. A literature review on rsa, des and aes encryption algorithms
Srivastava et al. Review on quantum safe algorithms based on Symmetric Key and Asymmetric Key Encryption methods
CN107147626B (en) Encrypted file transmission method combining AES algorithm and ElGamal algorithm
CN112367159B (en) Mixed encryption and decryption method and system for medical data secure storage
US20060251248A1 (en) Public key cryptographic methods and systems with preprocessing
Mansour et al. AMOUN: Asymmetric lightweight cryptographic scheme for wireless group communication
Rahim Applied Pohlig-Hellman algorithm in three-pass protocol communication
Singh et al. Study & analysis of cryptography algorithms: RSA, AES, DES, T-DES, blowfish
Zhao DES-Co-RSA: a hybrid encryption algorithm based on DES and RSA
Rushdi et al. A pedagogical multi-key multi-stage package to secure communication channels
Hussein et al. An enhanced ElGamal cryptosystem for image encryption and decryption
Siva et al. Hybrid cryptography security in public cloud using TwoFish and ECC algorithm
EP1529390B1 (en) Method and system for accelerated data encryption
Sidhu Analyzing Modern Cryptography Techniques and Reviewing their Timeline (2023)
Harba Secure Data Encryption by Combination AES, RSA and HMAC

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant