CN114598478B - Data encryption method, device, electronic equipment and storage medium - Google Patents
Data encryption method, device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN114598478B CN114598478B CN202210233728.3A CN202210233728A CN114598478B CN 114598478 B CN114598478 B CN 114598478B CN 202210233728 A CN202210233728 A CN 202210233728A CN 114598478 B CN114598478 B CN 114598478B
- Authority
- CN
- China
- Prior art keywords
- encryption
- target
- data
- key
- encryption key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 56
- 238000003860 storage Methods 0.000 title claims abstract description 20
- 238000004422 calculation algorithm Methods 0.000 claims abstract description 54
- 238000012545 processing Methods 0.000 claims abstract description 33
- 238000004891 communication Methods 0.000 claims description 18
- 238000004590 computer program Methods 0.000 claims description 12
- 238000012163 sequencing technique Methods 0.000 claims description 7
- 238000013475 authorization Methods 0.000 abstract description 8
- 238000005516 engineering process Methods 0.000 abstract description 6
- 230000008569 process Effects 0.000 description 9
- 230000005540 biological transmission Effects 0.000 description 8
- 238000010586 diagram Methods 0.000 description 5
- 238000004364 calculation method Methods 0.000 description 4
- 238000005336 cracking Methods 0.000 description 3
- 238000009826 distribution Methods 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 230000008878 coupling Effects 0.000 description 2
- 238000010168 coupling process Methods 0.000 description 2
- 238000005859 coupling reaction Methods 0.000 description 2
- 230000002093 peripheral effect Effects 0.000 description 2
- 238000012795 verification Methods 0.000 description 2
- 230000006978 adaptation Effects 0.000 description 1
- 238000005242 forging Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The application provides a data encryption method, a device, electronic equipment and a storage medium, wherein the method comprises the following steps: acquiring encryption configuration states of a plurality of encrypted data; under the condition that each encryption configuration state contains a target identifier, splicing the encryption data according to a preset scheme to obtain spliced data, wherein the target identifier is used for indicating the encryption configuration state to be a configuration completion state; processing the spliced data by using a target algorithm to obtain a target distributed encryption key; under the condition that the primary key identification is obtained, the target distributed encryption key is signed by utilizing an encryption algorithm, a first signature is generated, and the first signature and the target distributed encryption key are sent to a target distributed encryption key using end. The application solves the problems that the management and control of the highly confidential data are insufficient in the related technology, the holding account number of each user can not confirm the specific user, and potential safety hazards exist for system authorization.
Description
Technical Field
The present application relates to the field of data security, and in particular, to a method, an apparatus, an electronic device, and a storage medium for encrypting data.
Background
Along with the improvement of the requirements of large environments on user privacy and enterprise data security, certain challenges are met at the data encryption level, and in order to further improve the security in the data transmission process, the related technology generally adopts a mode of personal holding of an own account, and then through authority verification, under the condition of authorization of an administrator, the authority of a system or data access is owned, and the intrusion of certain dangerous visitors is limited in a mode that the authority cannot be obtained if the authority is not passed.
However, the existing method has the disadvantage that the control of the highly confidential data is insufficient, the account number of each user cannot identify the specific user, and a huge potential safety hazard exists for system authorization.
Disclosure of Invention
The application provides a data encryption method, a device, electronic equipment and a storage medium, which at least solve the problems that the management and control of highly confidential data are insufficient, the holding account number of each user cannot confirm a specific user, and huge potential safety hazards exist for system authorization in the related technology.
According to an aspect of an embodiment of the present application, there is provided a data encryption method, applied to a data encryption terminal, including:
acquiring encryption configuration states of a plurality of encrypted data;
Under the condition that each encryption configuration state comprises a target identifier, splicing the encryption data according to a preset scheme to obtain spliced data, wherein the target identifiers are used for indicating the encryption configuration state to be a configuration completion state;
Processing the spliced data by using a target algorithm to obtain a target distributed encryption key;
Under the condition that a primary key identifier is obtained, signing the target distributed encryption key by utilizing an encryption algorithm, generating a first signature, and sending the first signature and the target distributed encryption key to a target distributed encryption key using end, wherein the primary key identifier is used for uniquely characterizing the target distributed encryption key.
According to another aspect of the embodiment of the present application, there is also provided a data encryption method applied to a target distributed encryption key user terminal, the method including:
Transmitting information of a main key identifier to a data encryption end, wherein the main key identifier is used for uniquely representing the target distributed encryption key, the target distributed encryption key is a key obtained by processing spliced data by using a target algorithm, the spliced data is obtained by splicing the encrypted data according to a preset scheme under the condition that the encryption configuration states of a plurality of encrypted data are determined to contain the target identifier, and the target identifier is used for indicating that the encryption configuration state is a configuration completion state;
and receiving a first signature and the target distributed encryption key, wherein the first signature is information obtained by processing the target distributed encryption key by utilizing an encryption algorithm.
According to still another aspect of the embodiments of the present application, there is also provided an apparatus for encrypting data, the apparatus being a data encrypting terminal, the data encrypting terminal including:
An acquisition unit configured to acquire an encryption configuration state of a plurality of encrypted data;
the splicing unit is used for splicing the encrypted data according to a preset scheme to obtain spliced data under the condition that each encryption configuration state contains a target identifier, wherein the target identifier is used for indicating that the encryption configuration state is a configuration completion state;
The obtaining unit is used for processing the spliced data by utilizing a target algorithm to obtain a target distributed encryption key;
The first sending unit is used for signing the target distributed encryption key by utilizing an encryption algorithm under the condition that the primary key identifier is acquired, generating a first signature, and sending the first signature and the target distributed encryption key to a target distributed encryption key using end, wherein the primary key identifier is used for uniquely characterizing the target distributed encryption key.
According to still another aspect of the embodiments of the present application, there is also provided an apparatus for a data encryption method, the apparatus being an apparatus for a target distributed encryption key usage end, the target distributed encryption key usage end including:
The second sending unit is used for sending information requesting a main key identifier to a data encryption end, wherein the main key identifier is used for uniquely representing the target distributed encryption key, the target distributed encryption key is obtained by processing spliced data by using a target algorithm, the spliced data are data obtained by splicing the encrypted data according to a preset scheme under the condition that the encryption configuration states of a plurality of encrypted data are determined to contain target identifiers, and the target identifiers are used for indicating that the encryption configuration states are configuration completion states;
and the receiving unit is used for receiving a first signature and the target distributed encryption key, wherein the first signature is information obtained by processing the target distributed encryption key by utilizing an encryption algorithm.
According to still another aspect of the embodiments of the present application, there is provided an electronic device including a processor, a communication interface, a memory, and a communication bus, wherein the processor, the communication interface, and the memory complete communication with each other through the communication bus; wherein the memory is used for storing a computer program; a processor for performing the method steps of data encryption in any of the embodiments described above by running the computer program stored on the memory.
According to a further aspect of embodiments of the present application there is also provided a computer readable storage medium having stored therein a computer program, wherein the computer program is arranged to perform the method steps of any of the embodiments described above when run.
The embodiment of the application is applied to a recommendation system architecture in the technical field of recommendation, and in the embodiment of the application, the encryption configuration states of a plurality of encrypted data are obtained; under the condition that each encryption configuration state contains a target identifier, splicing the encryption data according to a preset scheme to obtain spliced data, wherein the target identifier is used for indicating the encryption configuration state to be a configuration completion state; processing the spliced data by using a target algorithm to obtain a target distributed encryption key; under the condition that a primary key identifier is obtained, signing the target distributed encryption key by utilizing an encryption algorithm, generating a first signature, and sending the first signature and the target distributed encryption key to a target distributed encryption key using end, wherein the primary key identifier is used for uniquely characterizing the target distributed encryption key. According to the embodiment of the application, after the configuration of the encrypted data set by a plurality of users is completed, the overall splicing processing and the subsequent algorithm calculation are carried out, when the data encryption end obtains the main key identification of the target distributed encryption key from the request sent by the target distributed encryption key use end, the obtained target distributed encryption key and the first signature generated by the target distributed encryption key are sent to the target distributed encryption key use end for carrying out the key cracking and management, the obtained target distributed encryption key prevents the overall key management from being stolen, ensures that no single person knows all keys in the whole data circulation process, and all parties of the key management cannot touch the complete keys, simultaneously ensures that the keys are prevented from being eavesdropped and forged by middle persons in the transmission process, ensures that the key distribution is safe and reliable, and even if specific users cannot be confirmed, the safety of a data layer can be ensured, and further the problem that the account number of each user cannot be confirmed to be specific for the management and the control of highly confidential data in the related technology is solved, and the system has huge hidden danger for the authorization is solved.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the invention and together with the description, serve to explain the principles of the invention.
In order to more clearly illustrate the embodiments of the invention or the technical solutions of the prior art, the drawings which are used in the description of the embodiments or the prior art will be briefly described, and it will be obvious to a person skilled in the art that other drawings can be obtained from these drawings without inventive effort.
FIG. 1 is a flow chart of an alternative method of data encryption according to an embodiment of the application;
FIG. 2 is a flow chart of an alternative method of data encryption according to an embodiment of the application;
FIG. 3 is a block diagram of an alternative data encryption side according to an embodiment of the present application;
FIG. 4 is a block diagram of an alternative target distributed encryption key consumer in accordance with an embodiment of the present application;
Fig. 5 is a block diagram of an alternative electronic device in accordance with an embodiment of the present application.
Detailed Description
In order that those skilled in the art will better understand the present application, a technical solution in the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings in which it is apparent that the described embodiments are only some embodiments of the present application, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the present application without making any inventive effort, shall fall within the scope of the present application.
It should be noted that the terms "first," "second," and the like in the description and the claims of the present application and the above figures are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the embodiments of the application described herein may be implemented in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
In order to further improve the security in the data transmission process, the related technology generally adopts a mode of authority verification after a personal holds an own account, under the condition of authority of an administrator, the system or the authority of data access is possessed, and the intrusion of a certain dangerous visitor is limited in a mode that the authority cannot be obtained if the authority is not passed. However, the disadvantage of the above existing method is that the account number of each user cannot identify the specific user, and there is a great safety hazard for system authorization.
In order to solve the above-mentioned problems, an embodiment of the present application proposes a data encryption method, as shown in fig. 1, where the method is applied to a data encryption end, and the flow of the method may include the following steps:
Step S101, an encryption configuration state of a plurality of encrypted data is acquired.
Alternatively, in an embodiment of the present application, a plurality of user key holders (i.e., users) is first determined, preferably more than three holders are determined, although the greater the number, the better. At this time, each secret key holder configures own password, all original values of the password are subjected to hash calculation, the password hash value is transmitted, and the original text is not easy to capture and crack in the transmission process.
The data encryptor receives the password data (i.e., the encrypted data) set by each of all the key holders, and determines the configuration state of the password set by each holder based on the encrypted data. The management and control of the relevant state can be generally performed through a management system of the data encryption party, and each person can configure the self partial key, wherein the encryption configuration state is divided into unconfiguration, configuration completion, configuration failure and the like.
Step S102, under the condition that each encryption configuration state contains a target identifier, splicing the encryption data according to a preset scheme to obtain spliced data, wherein the target identifier is used for indicating that the encryption configuration state is a configuration completion state.
Optionally, the next step is performed when it is determined that each encryption configuration state includes a target identifier, where the target identifier is used to indicate that the encryption configuration state is a configuration completion state, so that only if all key holders are successfully configured, the next step is performed.
And then splicing all the obtained encrypted data according to a preset scheme to obtain spliced data, wherein the preset scheme is a splicing rule set by the embodiment of the application, and related description is provided in the subsequent embodiment, and is not repeated here.
And step S103, processing the spliced data by using a target algorithm to obtain a target distributed encryption key.
Optionally, the embodiment of the application processes the obtained spliced data by using a target algorithm, such as a hash algorithm, to obtain the target distributed encryption key.
Step S104, under the condition that the primary key identification is obtained, signing the target distributed encryption key by utilizing an encryption algorithm, generating a first signature, and sending the first signature and the target distributed encryption key to a target distributed encryption key user terminal, wherein the primary key identification is used for uniquely characterizing the target distributed encryption key.
Optionally, when the data encryption terminal receives a primary key identifier, signing the target distributed encryption key by using an encryption algorithm to generate a first signature, wherein the primary key identifier has a unique corresponding relationship with the target distributed encryption key, and the target distributed encryption key can be determined according to the primary key identifier; the encryption algorithm may be an asymmetric encryption algorithm. The first signature may then be sent to the target distributed encryption key consumer along with the target distributed encryption key. In addition, in the embodiment of the application, a plurality of systems needing to enhance the security level exist, and the target distributed encryption key user end is any one of the systems needing to enhance the security level and is an actual user of the target distributed encryption key.
In the embodiment of the application, the encryption configuration state of a plurality of encrypted data is obtained; under the condition that each encryption configuration state contains a target identifier, splicing the encryption data according to a preset scheme to obtain spliced data, wherein the target identifier is used for indicating the encryption configuration state to be a configuration completion state; processing the spliced data by using a target algorithm to obtain a target distributed encryption key; under the condition that a primary key identifier is obtained, signing the target distributed encryption key by utilizing an encryption algorithm, generating a first signature, and sending the first signature and the target distributed encryption key to a target distributed encryption key using end, wherein the primary key identifier is used for uniquely characterizing the target distributed encryption key. According to the embodiment of the application, after the configuration of the encrypted data set by a plurality of users is completed, the overall splicing processing and the subsequent algorithm calculation are carried out, when the data encryption end obtains the main key identification of the target distributed encryption key from the request sent by the target distributed encryption key use end, the obtained target distributed encryption key and the first signature generated by the target distributed encryption key are sent to the target distributed encryption key use end for carrying out the key cracking and management, the obtained target distributed encryption key prevents the overall key management from being stolen, ensures that no single person knows all keys in the whole data circulation process, and all parties of the key management cannot touch the complete keys, simultaneously ensures that the keys are prevented from being eavesdropped and forged by middle persons in the transmission process, ensures that the key distribution is safe and reliable, and even if specific users cannot be confirmed, the safety of a data layer can be ensured, and further the problem that the account number of each user cannot be confirmed to be specific for the management and the control of highly confidential data in the related technology is solved, and the system has huge hidden danger for the authorization is solved.
As an optional embodiment, splicing the encrypted data according to a preset scheme, to obtain spliced data includes:
Acquiring a user account of a target user;
processing the user account by using a target algorithm to obtain character information;
Sequencing the character information according to a sequencing scheme to obtain a sequencing result;
and determining corresponding encrypted data according to the sequencing result, and performing splicing of the encrypted data to obtain spliced data.
Optionally, if all key holders have configured their own passwords, the user marks of multiple target users are obtained, and more specifically, the user marks are usually unique user accounts, and may be formed by numbers or character strings, and the target algorithm (i.e. hash algorithm) is calculated on the user accounts to obtain character information, where the character information is obtained according to a sorting scheme (such as a conventional sequence) of characters: english letters: a, b, c, … or a number: 0,1,2,3, or character string: and (3) sorting abc, bcd and the like to obtain a sorting result, wherein the sorting result of the user accounts and the encrypted data corresponding to each user is in one-to-one correspondence, so that after the sorting result of the user accounts is obtained, the arrangement sequence of the encrypted data can be known, and then the encrypted data is spliced according to the arrangement sequence of the encrypted data, so that a splicing result can be obtained. And then, carrying out integral hash operation on the splicing result to obtain the target distributed encryption key value.
The embodiment of the application can correspondingly determine the arrangement sequence of the encrypted data by sequencing the user accounts, and can ensure the key splicing sequence of the encrypted data corresponding to each user.
As an alternative embodiment, signing the target distributed encryption key with an encryption algorithm, generating a first signature, and sending the first signature and the target distributed encryption key to the target distributed encryption key user terminal includes:
Encrypting the target distributed encryption key by using an asymmetric encryption algorithm to obtain encryption information;
signing the target distributed encryption key by utilizing a private key of the target distributed encryption key to generate a first signature;
and sending the encryption information and the first signature to a target distributed encryption key user terminal.
Optionally, in the embodiment of the present application, an asymmetric encryption algorithm is used to encrypt the target distributed encryption key to obtain encrypted information; in the first signature generation stage, the private key of the target distributed encryption key is utilized to sign the target distributed encryption key, a first signature is generated, and then the encryption information and the first signature are sent to the target distributed encryption key using end.
In the embodiment of the application, the obtained encryption information and the first signature are used as transmission parameters to be sent to the target distributed encryption key using end together, so that the method has the meaning of preventing the related key value from being tampered in the transmission process.
It should be noted that, for simplicity of description, the foregoing method embodiments are all described as a series of acts, but it should be understood by those skilled in the art that the present application is not limited by the order of acts described, as some steps may be performed in other orders or concurrently in accordance with the present application. Further, those skilled in the art will also appreciate that the embodiments described in the specification are all preferred embodiments, and that the acts and modules referred to are not necessarily required for the present application.
From the description of the above embodiments, it will be clear to a person skilled in the art that the method according to the above embodiments may be implemented by means of software plus the necessary general hardware platform, but of course also by means of hardware, but in many cases the former is a preferred embodiment. Based on such understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art in the form of a software product stored in a storage medium (e.g. ROM (read-only memory)/RAM (Random Access Memory), magnetic disk, optical disk) and including instructions for causing a terminal device (which may be a mobile phone, a computer, a server, or a network device, etc.) to perform the method of the embodiments of the present application.
According to another aspect of the embodiment of the present application, there is further provided a data encryption method applied to a target distributed encryption key user end, as shown in fig. 2, the method includes:
Step S201, information requesting a primary key identifier is sent to a data encryption end, wherein the primary key identifier is used for uniquely representing a target distributed encryption key, the target distributed encryption key is a key obtained by processing spliced data by using a target algorithm, the spliced data is obtained by splicing the encrypted data according to a preset scheme under the condition that the encryption configuration states of a plurality of encrypted data are determined to contain target identifiers, and the target identifiers are used for indicating that the encryption configuration states are configuration completion states;
step S202, a first signature and a target distributed encryption key are received, wherein the first signature is information obtained by processing the target distributed encryption key by using an encryption algorithm.
The target distributed encryption key obtained by the embodiment of the application prevents the whole key management from being stolen, and ensures that no single person knows all keys in the whole data circulation process, thus ensuring the safety of a data layer even if a specific user cannot be confirmed.
As an alternative embodiment, after receiving the first signature and the target distributed encryption key, the method further comprises:
Decrypting the first signature by using the public key to obtain a second signature;
Comparing the first signature with the second signature;
In the case where the first signature and the second signature are the same, the target distributed encryption key is decrypted.
Optionally, in the decryption process of the target distributed encryption key using end, the target distributed encryption key using end is required to decrypt the first signature by using the distributed public key to obtain the second signature, and under the condition that the first signature and the second signature are completely consistent, the information in the encrypted packet is judged to be valid, and then the decryption data encryptor uses the asymmetric encryption algorithm to encrypt the encrypted information corresponding to the target distributed encryption key, so that the information in the target distributed encryption key can be obtained.
According to another aspect of the embodiment of the present application, there is also provided a data encryption apparatus for implementing the above-mentioned data encryption method. Fig. 3 is a block diagram of an alternative data encryption terminal according to an embodiment of the present application, and as shown in fig. 3, the data encryption terminal may include:
an acquisition unit 301 configured to acquire an encryption configuration state of a plurality of encrypted data;
The splicing unit 302 is configured to splice the encrypted data according to a preset scheme to obtain spliced data when each encryption configuration state includes a target identifier, where the target identifier is used to indicate that the encryption configuration state is a configuration completion state;
An obtaining unit 303, configured to process the spliced data by using a target algorithm to obtain a target distributed encryption key;
The first sending unit 304 is configured to sign the target distributed encryption key by using an encryption algorithm when the primary key identifier is obtained, generate a first signature, and send the first signature and the target distributed encryption key to the target distributed encryption key user, where the primary key identifier is used to uniquely characterize the target distributed encryption key.
It should be noted that, the acquiring unit 301 in this embodiment may be used to perform the above-mentioned step S101, the splicing unit 302 in this embodiment may be used to perform the above-mentioned step S102, the obtaining unit 303 in this embodiment may be used to perform the above-mentioned step S103, and the first transmitting unit 304 in this embodiment may be used to perform the above-mentioned step S104.
After the configuration of the encrypted data set by a plurality of users is completed, overall splicing processing and subsequent algorithm calculation are carried out, when a data encryption end obtains a main key identification of a target distributed encryption key from a request sent by a target distributed encryption key use end, the obtained target distributed encryption key and a first signature generated by the target distributed encryption key are sent to the target distributed encryption key use end for key cracking and management, the obtained target distributed encryption key prevents the whole key management from being stolen, ensures that no single person knows all keys in the whole data circulation process, simultaneously ensures that all parties of the key management cannot contact the complete key, simultaneously ensures that intermediate persons are prevented from eavesdropping and forging in the transmission process of the key, ensures that the key distribution is safe and reliable, and ensures that the security of a data layer even if specific users cannot be confirmed, thereby solving the problems that the high-secret account number of each user cannot confirm specific use and the system authorization has huge hidden danger.
As an alternative embodiment, the acquisition unit comprises:
The receiving module is used for receiving the encrypted data set by a plurality of target users, wherein the target users are key holding objects;
and the determining module is used for determining the encryption configuration state according to the encryption data.
As an alternative embodiment, the splicing unit comprises:
the acquisition module is used for acquiring the user account of the target user;
The processing module is used for processing the user account by utilizing a target algorithm to obtain character information;
the ordering module is used for ordering the character information according to the ordering scheme to obtain an ordering result;
and the splicing module is used for determining corresponding encrypted data according to the sequencing result, and splicing the encrypted data to obtain spliced data.
As an alternative embodiment, the first transmitting unit includes:
the encryption module is used for carrying out encryption processing on the target distributed encryption key by utilizing an asymmetric encryption algorithm to obtain encryption information;
the generation module is used for signing the target distributed encryption key by utilizing the private key of the target distributed encryption key to generate a first signature;
And the sending module is used for sending the encryption information and the first signature to the target distributed encryption key using end.
According to still another aspect of the embodiment of the present application, there is provided an apparatus for a data encryption method, where the apparatus is a target distributed encryption key usage end, as shown in fig. 4, the target distributed encryption key usage end includes:
A second sending unit 401, configured to send information requesting a primary key identifier to a data encryption end, where the primary key identifier is used to uniquely characterize a target distributed encryption key, the target distributed encryption key is a key obtained by processing spliced data by using a target algorithm, the spliced data is data obtained by splicing the encrypted data according to a preset scheme when it is determined that encryption configuration states of multiple encrypted data all include the target identifier, and the target identifier is used to indicate that the encryption configuration state is a configuration completion state;
And a receiving unit 402, configured to receive a first signature and a target distributed encryption key, where the first signature is information obtained by processing the target distributed encryption key with an encryption algorithm.
Optionally, the target distributed encryption key using end further includes:
A first decryption unit, configured to decrypt the first signature using the public key after receiving the first signature and the target distributed encryption key, to obtain a second signature;
a comparison unit for comparing the first signature with the second signature;
And a second decryption unit configured to decrypt the target distributed encryption key in a case where the first signature and the second signature are identical.
According to yet another aspect of the embodiments of the present application, there is also provided an electronic device, which may be a server, a terminal, or a combination thereof, for implementing the above-described data encryption method.
Fig. 5 is a block diagram of an alternative electronic device, according to an embodiment of the application, as shown in fig. 5, comprising a processor 501, a communication interface 502, a memory 503 and a communication bus 504, wherein the processor 501, the communication interface 502 and the memory 503 communicate with each other via the communication bus 504, wherein,
A memory 503 for storing a computer program;
The processor 501, when executing the computer program stored on the memory 503, performs the following steps:
acquiring encryption configuration states of a plurality of encrypted data;
Under the condition that each encryption configuration state contains a target identifier, splicing the encryption data according to a preset scheme to obtain spliced data, wherein the target identifier is used for indicating the encryption configuration state to be a configuration completion state;
Processing the spliced data by using a target algorithm to obtain a target distributed encryption key;
Under the condition that a primary key identifier is obtained, signing the target distributed encryption key by utilizing an encryption algorithm, generating a first signature, and sending the first signature and the target distributed encryption key to a target distributed encryption key using end, wherein the primary key identifier is used for uniquely characterizing the target distributed encryption key.
Alternatively, in the present embodiment, the above-described communication bus may be a PCI (PERIPHERAL COMPONENT INTERCONNECT, peripheral component interconnect standard) bus, or an EISA (Extended Industry Standard Architecture ) bus, or the like. The communication bus may be classified as an address bus, a data bus, a control bus, or the like. For ease of illustration, only one thick line is shown in fig. 5, but not only one bus or one type of bus.
The communication interface is used for communication between the electronic device and other devices.
The memory may include RAM or may include non-volatile memory (non-volatile memory), such as at least one disk memory. Optionally, the memory may also be at least one memory device located remotely from the aforementioned processor.
As an example, as shown in fig. 5, the memory 503 may include, but is not limited to, an acquisition unit 301, a splicing unit 302, a deriving unit 303, and a first transmitting unit 304 in the apparatus including the data encryption. In addition, other module units in the above-mentioned data encryption device may be included, but are not limited to, and are not described in detail in this example.
The processor may be a general purpose processor and may include, but is not limited to: CPU (Central Processing Unit ), NP (Network Processor, network processor), etc.; but may also be a DSP (DIGITAL SIGNAL Processing), ASIC (Application SPECIFIC INTEGRATED Circuit), FPGA (Field-Programmable gate array) or other Programmable logic device, discrete gate or transistor logic device, discrete hardware components.
In addition, the electronic device further includes: and the display is used for displaying the data encryption result.
Alternatively, specific examples in this embodiment may refer to examples described in the foregoing embodiments, and this embodiment is not described herein.
It will be appreciated by those skilled in the art that the structure shown in fig. 5 is only illustrative, and the device implementing the above data encryption method may be a terminal device, and the terminal device may be a smart phone (such as an Android Mobile phone, an iOS Mobile phone, etc.), a tablet computer, a palm computer, a Mobile internet device (Mobile INTERNET DEVICES, MID), a PAD, etc. Fig. 5 is not limited to the structure of the electronic device described above. For example, the terminal device may also include more or fewer components (e.g., network interfaces, display devices, etc.) than shown in fig. 5, or have a different configuration than shown in fig. 5.
Those of ordinary skill in the art will appreciate that all or part of the steps in the various methods of the above embodiments may be implemented by a program for instructing a terminal device to execute in association with hardware, the program may be stored in a computer readable storage medium, and the storage medium may include: flash disk, ROM, RAM, magnetic or optical disk, etc.
According to yet another aspect of an embodiment of the present application, there is also provided a storage medium. Alternatively, in the present embodiment, the above-described storage medium may be used for program code for performing the method of data encryption.
Alternatively, in this embodiment, the storage medium may be located on at least one network device of the plurality of network devices in the network shown in the above embodiment.
Alternatively, in the present embodiment, the storage medium is configured to store program code for performing the steps of:
acquiring encryption configuration states of a plurality of encrypted data;
Under the condition that each encryption configuration state contains a target identifier, splicing the encryption data according to a preset scheme to obtain spliced data, wherein the target identifier is used for indicating the encryption configuration state to be a configuration completion state;
Processing the spliced data by using a target algorithm to obtain a target distributed encryption key;
Under the condition that a primary key identifier is obtained, signing the target distributed encryption key by utilizing an encryption algorithm, generating a first signature, and sending the first signature and the target distributed encryption key to a target distributed encryption key using end, wherein the primary key identifier is used for uniquely characterizing the target distributed encryption key.
Alternatively, specific examples in the present embodiment may refer to examples described in the above embodiments, which are not described in detail in the present embodiment.
Alternatively, in the present embodiment, the storage medium may include, but is not limited to: various media capable of storing program codes, such as a U disk, ROM, RAM, a mobile hard disk, a magnetic disk or an optical disk.
According to yet another aspect of embodiments of the present application, there is also provided a computer program product or computer program comprising computer instructions stored in a computer readable storage medium; the processor of the computer device reads the computer instructions from the computer readable storage medium, and the processor executes the computer instructions to cause the computer device to perform the method steps of data encryption in any of the embodiments described above.
The foregoing embodiment numbers of the present application are merely for the purpose of description, and do not represent the advantages or disadvantages of the embodiments.
The integrated units in the above embodiments may be stored in the above-described computer-readable storage medium if implemented in the form of software functional units and sold or used as separate products. Based on such understanding, the technical solution of the present application may be embodied essentially or partly in the form of a software product, or all or part of the technical solution, which is stored in a storage medium, and includes several instructions for causing one or more computer devices (which may be personal computers, servers or network devices, etc.) to perform all or part of the steps of the method for encrypting data according to various embodiments of the present application.
In the foregoing embodiments of the present application, the descriptions of the embodiments are emphasized, and for a portion of this disclosure that is not described in detail in this embodiment, reference is made to the related descriptions of other embodiments.
In several embodiments provided by the present application, it should be understood that the disclosed client may be implemented in other manners. The above-described embodiments of the apparatus are merely exemplary, and are merely a logical functional division, and there may be other manners of dividing the apparatus in actual implementation, for example, multiple units or components may be combined or integrated into another system, or some features may be omitted, or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be through some interfaces, units or modules, or may be in electrical or other forms.
The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed over a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution provided in the present embodiment.
In addition, each functional unit in the embodiments of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units.
The foregoing is merely a preferred embodiment of the present application and it should be noted that modifications and adaptations to those skilled in the art may be made without departing from the principles of the present application, which are intended to be comprehended within the scope of the present application.
Claims (10)
1. A method for encrypting data, applied to a data encryption end, the method comprising:
acquiring encryption configuration states of a plurality of encrypted data;
Under the condition that each encryption configuration state comprises a target identifier, splicing the encryption data according to a preset scheme to obtain spliced data, wherein the target identifiers are used for indicating the encryption configuration state to be a configuration completion state;
Processing the spliced data by using a target algorithm to obtain a target distributed encryption key;
under the condition that a primary key identifier is obtained, signing the target distributed encryption key by utilizing an encryption algorithm, generating a first signature, and sending the first signature and the encrypted target distributed encryption key to a target distributed encryption key using end, wherein the primary key identifier is used for uniquely characterizing the target distributed encryption key.
2. The method of claim 1, wherein the obtaining the encryption configuration status of the plurality of encrypted data comprises:
receiving the encrypted data set by a plurality of target users, wherein the target users are key holding objects;
and determining the encryption configuration state according to the encryption data.
3. The method according to claim 2, wherein the splicing the encrypted data according to the preset scheme to obtain spliced data includes:
acquiring a user account of the target user;
processing the user account by using the target algorithm to obtain character information;
sorting the character information according to a sorting scheme to obtain a sorting result;
and determining the corresponding encrypted data according to the sequencing result, and splicing the encrypted data to obtain the spliced data.
4. The method of claim 1, wherein signing the target distributed encryption key with an encryption algorithm, generating a first signature, and transmitting the first signature and the encrypted target distributed encryption key to a target distributed encryption key consumer comprises:
encrypting the target distributed encryption key by using an asymmetric encryption algorithm to obtain encryption information;
Signing the target distributed encryption key by utilizing a private key of the target distributed encryption key to generate the first signature;
and sending the encryption information and the first signature to the target distributed encryption key user terminal.
5. A data encryption method, applied to a target distributed encryption key user terminal, comprising:
Transmitting information of a main key identifier to a data encryption end, wherein the main key identifier is used for uniquely representing the target distributed encryption key, the target distributed encryption key is a key obtained by processing spliced data by using a target algorithm, the spliced data is obtained by splicing the encrypted data according to a preset scheme under the condition that the encryption configuration states of a plurality of encrypted data are determined to contain the target identifier, and the target identifier is used for indicating that the encryption configuration state is a configuration completion state;
and receiving a first signature and the encrypted target distributed encryption key, wherein the first signature is information obtained by processing the target distributed encryption key by using an encryption algorithm.
6. The method of claim 5, wherein after said receiving the first signature and the encrypted target distributed encryption key, the method further comprises:
decrypting the first signature by using the public key to obtain a second signature;
Comparing the first signature with the second signature;
decrypting the target distributed encryption key if the content in the first signature and the second signature are the same.
7. An apparatus for encrypting data, the apparatus being a data encryption terminal, the data encryption terminal comprising:
An acquisition unit configured to acquire an encryption configuration state of a plurality of encrypted data;
the splicing unit is used for splicing the encrypted data according to a preset scheme to obtain spliced data under the condition that each encryption configuration state contains a target identifier, wherein the target identifier is used for indicating that the encryption configuration state is a configuration completion state;
The obtaining unit is used for processing the spliced data by utilizing a target algorithm to obtain a target distributed encryption key;
The first sending unit is used for signing the target distributed encryption key by utilizing an encryption algorithm under the condition that a primary key identifier is acquired, generating a first signature, and sending the first signature and the encrypted target distributed encryption key to a target distributed encryption key using end, wherein the primary key identifier is used for uniquely characterizing the target distributed encryption key.
8. An apparatus for a data encryption method, the apparatus being an apparatus of a target distributed encryption key usage end, wherein the target distributed encryption key usage end includes:
The second sending unit is used for sending information requesting a main key identifier to a data encryption end, wherein the main key identifier is used for uniquely representing the target distributed encryption key, the target distributed encryption key is obtained by processing spliced data by using a target algorithm, the spliced data are data obtained by splicing the encrypted data according to a preset scheme under the condition that the encryption configuration states of a plurality of encrypted data are determined to contain target identifiers, and the target identifiers are used for indicating that the encryption configuration states are configuration completion states;
And the receiving unit is used for receiving a first signature and the encrypted target distributed encryption key, wherein the first signature is information obtained by processing the target distributed encryption key by utilizing an encryption algorithm.
9. An electronic device comprising a processor, a communication interface, a memory and a communication bus, wherein the processor, the communication interface and the memory communicate with each other via the communication bus, characterized in that,
The memory is used for storing a computer program;
The processor is configured to perform the method steps of data encryption of any one of claims 1 to 4 or 5 to 6 by running the computer program stored on the memory.
10. A computer-readable storage medium, characterized in that the storage medium has stored therein a computer program, wherein the computer program, when executed by a processor, carries out the method steps of data encryption as claimed in any one of claims 1 to 4 or 5 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210233728.3A CN114598478B (en) | 2022-03-10 | 2022-03-10 | Data encryption method, device, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210233728.3A CN114598478B (en) | 2022-03-10 | 2022-03-10 | Data encryption method, device, electronic equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114598478A CN114598478A (en) | 2022-06-07 |
| CN114598478B true CN114598478B (en) | 2024-04-19 |
Family
ID=81808628
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210233728.3A Active CN114598478B (en) | 2022-03-10 | 2022-03-10 | Data encryption method, device, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114598478B (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110417543A (en) * | 2018-04-27 | 2019-11-05 | 腾讯科技(深圳)有限公司 | A kind of data ciphering method, device and storage medium |
| CN110516462A (en) * | 2019-08-30 | 2019-11-29 | 京东数字科技控股有限公司 | Method and apparatus for encryption data |
| CN111131278A (en) * | 2019-12-27 | 2020-05-08 | 京东数字科技控股有限公司 | Data processing method and device, computer storage medium and electronic equipment |
| CN111556498A (en) * | 2020-04-27 | 2020-08-18 | 中国银行股份有限公司 | Block chain-based APP signature verification method and device |
| WO2021017128A1 (en) * | 2019-07-29 | 2021-02-04 | 深圳壹账通智能科技有限公司 | Login token generation method and apparatus, login token verification method and apparatus, and server |
| CN113422753A (en) * | 2021-02-09 | 2021-09-21 | 阿里巴巴集团控股有限公司 | Data processing method and device, electronic equipment and computer storage medium |
| WO2021217870A1 (en) * | 2020-04-28 | 2021-11-04 | 平安科技(深圳)有限公司 | Cluster installation method, device, and apparatus using excel file, and storage medium |
-
2022
- 2022-03-10 CN CN202210233728.3A patent/CN114598478B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110417543A (en) * | 2018-04-27 | 2019-11-05 | 腾讯科技(深圳)有限公司 | A kind of data ciphering method, device and storage medium |
| WO2021017128A1 (en) * | 2019-07-29 | 2021-02-04 | 深圳壹账通智能科技有限公司 | Login token generation method and apparatus, login token verification method and apparatus, and server |
| CN110516462A (en) * | 2019-08-30 | 2019-11-29 | 京东数字科技控股有限公司 | Method and apparatus for encryption data |
| CN111131278A (en) * | 2019-12-27 | 2020-05-08 | 京东数字科技控股有限公司 | Data processing method and device, computer storage medium and electronic equipment |
| CN111556498A (en) * | 2020-04-27 | 2020-08-18 | 中国银行股份有限公司 | Block chain-based APP signature verification method and device |
| WO2021217870A1 (en) * | 2020-04-28 | 2021-11-04 | 平安科技(深圳)有限公司 | Cluster installation method, device, and apparatus using excel file, and storage medium |
| CN113422753A (en) * | 2021-02-09 | 2021-09-21 | 阿里巴巴集团控股有限公司 | Data processing method and device, electronic equipment and computer storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114598478A (en) | 2022-06-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20220191012A1 (en) | Methods For Splitting and Recovering Key, Program Product, Storage Medium, and System | |
| CN109274652B (en) | Identity information verification system, method and device and computer storage medium | |
| EP2999189A1 (en) | Network authentication method for secure electronic transactions | |
| CN110990827A (en) | Identity information verification method, server and storage medium | |
| CN107508791B (en) | Terminal identity verification method and system based on distributed key encryption | |
| CN108462581A (en) | Method, apparatus, terminal device and the storage medium that network token generates | |
| CN108243176B (en) | Data transmission method and device | |
| CN106060078B (en) | User information encryption method, register method and verification method applied to cloud platform | |
| US20140227999A1 (en) | Method, server and system for authentication of a person | |
| CN107920052B (en) | Encryption method and intelligent device | |
| CN108199847B (en) | Digital security processing method, computer device, and storage medium | |
| CN112615834B (en) | Security authentication method and system | |
| CN101420302A (en) | Safe identification method and device | |
| CN108667784B (en) | System and method for protecting internet identity card verification information | |
| CN110910978A (en) | Information processing method applied to block chain network and related device | |
| CN111130798A (en) | Request authentication method and related equipment | |
| CN113709115A (en) | Authentication method and device | |
| CN112699353A (en) | Financial information transmission method and financial information transmission system | |
| CN103592927A (en) | Method for binding product server and service function through license | |
| CN115276978A (en) | Data processing method and related device | |
| CN110266653B (en) | Authentication method, system and terminal equipment | |
| CN111901303A (en) | Device authentication method and apparatus, storage medium, and electronic apparatus | |
| CN117240625B (en) | Tamper-resistant data processing method and device and electronic equipment | |
| CN111585995A (en) | Method and device for transmitting and processing safety wind control information, computer equipment and storage medium | |
| CN108769038B (en) | Data processing method and device based on block chain |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |