WO2022100675A1 - Data encryption and data decryption methods, apparatus, storage medium, and electronic apparatus - Google Patents

Data encryption and data decryption methods, apparatus, storage medium, and electronic apparatus Download PDF

Info

Publication number
WO2022100675A1
WO2022100675A1 PCT/CN2021/130173 CN2021130173W WO2022100675A1 WO 2022100675 A1 WO2022100675 A1 WO 2022100675A1 CN 2021130173 W CN2021130173 W CN 2021130173W WO 2022100675 A1 WO2022100675 A1 WO 2022100675A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
encryption
storage space
decryption
rule
Prior art date
Application number
PCT/CN2021/130173
Other languages
French (fr)
Chinese (zh)
Inventor
黄琛
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2022100675A1 publication Critical patent/WO2022100675A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • G06F12/1408Protection against unauthorised use of memory or access to memory by using cryptography
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/18File system types
    • G06F16/188Virtual file systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services

Definitions

  • the embodiments of the present application relate to the field of communications, and in particular, to a data encryption and data decryption method, device, storage medium, and electronic device.
  • the data on the system is generally encrypted.
  • the encryption method used is generally that the application software operates on the data through some algorithms plus hardware characteristic values, etc., and the obtained operation result is the encrypted data, and the data is written into the storage.
  • the confidentiality level of this method is not enough, and it has a certain impact on IO performance.
  • the data is calculated through algorithms, hardware characteristic values, etc.
  • the software writes stored data, it calls this encryption interface, and then writes the data returned by the interface to the storage.
  • Encrypted data generally requires application software to call a specific interface to obtain it.
  • the adopted data encryption method has the problems of low data encryption security level, poor security efficiency and poor generality.
  • An embodiment of the present application provides a data encryption method, including: acquiring first data; determining a first storage space for storing the first data; determining an encryption corresponding to a first characteristic value of the first storage space rule; encrypting the first data based on the encryption rule to obtain first encrypted data.
  • An embodiment of the present application further provides a data decryption method, including: acquiring first encrypted data stored in a first storage space, where the first encrypted data is obtained by encrypting the first data based on an encryption rule , the encryption rule is a rule corresponding to the first feature value of the first storage space; the first feature value of the first storage space is determined, and the decryption rule corresponding to the first feature value is determined ; Decrypt the first encrypted data based on the decryption rule to obtain the first data.
  • An embodiment of the present application further provides a data encryption device, including: a first acquisition module, configured to acquire first data; a first determination module, configured to determine a first storage space for storing the first data; 2. A determination module, configured to determine an encryption rule corresponding to the first characteristic value of the first storage space; an encryption module, configured to perform encryption processing on the first data based on the encryption rule to obtain first encrypted data .
  • An embodiment of the present application further provides a data decryption device, including: a second acquisition module, configured to acquire first encrypted data stored in a first storage space, wherein the first encrypted data is a obtained after the data is encrypted, the encryption rule is a rule corresponding to the first characteristic value of the first storage space; a third determination module is used to determine the first characteristic value of the first storage space , and determine a decryption rule corresponding to the first feature value; a decryption module, configured to decrypt the first encrypted data based on the decryption rule to obtain the first data.
  • a data decryption device including: a second acquisition module, configured to acquire first encrypted data stored in a first storage space, wherein the first encrypted data is a obtained after the data is encrypted, the encryption rule is a rule corresponding to the first characteristic value of the first storage space; a third determination module is used to determine the first characteristic value of the first storage space , and determine a decryption rule corresponding to the first feature value; a decryption
  • Embodiments of the present application further provide a computer-readable storage medium, where a computer program is stored in the computer-readable storage medium, wherein the computer program is configured to execute the steps in any of the foregoing method embodiments when running. .
  • An embodiment of the present application further provides an electronic device, including a memory and a processor, where a computer program is stored in the memory, and the processor is configured to run the computer program to execute any of the above method embodiments. step.
  • the present application after obtaining the first data, determine the encryption rule corresponding to the first characteristic value of the first storage space from the first storage space storing the first encrypted data, and determine the encryption rule for the first data according to the first encryption rule. Encryption processing is performed to obtain the first encrypted data. Since different storage spaces correspond to different eigenvalues, the first eigenvalues of the first storage space for storing the first data are used to encrypt the first data, and there is no need to use upper-layer applications. Therefore, it can solve the problems of low data encryption security level, poor security efficiency and poor generality in the data encryption method adopted, realize partition encryption, improve the security level and security efficiency of data encryption, and improve The versatility of data encryption.
  • FIG. 1 is a block diagram of a hardware structure of a mobile terminal of a data encryption and data decryption method according to an embodiment of the present application
  • FIG. 2 is a flowchart of a data encryption method according to an embodiment of the present application.
  • Fig. 3 is the data encryption flow chart of the specific embodiment of the present application.
  • FIG. 4 is a schematic structural diagram of data encryption according to a specific embodiment of the present application.
  • FIG. 5 is a flowchart of a data encryption method according to an embodiment of the present application.
  • FIG. 6 is a flowchart of a data decryption method according to a specific embodiment of the present application.
  • FIG. 7 is a structural block diagram of a data encryption device according to an embodiment of the present application.
  • FIG. 8 is a structural block diagram of a data decryption apparatus according to an embodiment of the present application.
  • Embodiments of the present application provide a data encryption and data decryption method, device, storage medium, and electronic device to at least solve the problems of low data encryption security level, poor security efficiency, and poor versatility in the data encryption method used.
  • Fig. 1 is a hardware structure block diagram of a mobile terminal of a data encryption and data decryption method according to an embodiment of the present application.
  • the mobile terminal may include one or more (only one is shown in FIG.
  • processor 102 may include, but is not limited to, a processing device such as a microprocessor MCU or a programmable logic device FPGA) and a memory 104 for storing data, wherein the above-mentioned mobile terminal may also include a transmission device 106 and an input and output device 108 for communication functions.
  • a processing device such as a microprocessor MCU or a programmable logic device FPGA
  • memory 104 for storing data
  • the above-mentioned mobile terminal may also include a transmission device 106 and an input and output device 108 for communication functions.
  • FIG. 1 is only a schematic diagram, which does not limit the structure of the above-mentioned mobile terminal.
  • the mobile terminal may also include more or fewer components than those shown in FIG. 1 , or have a different configuration than that shown in FIG. 1 .
  • the memory 104 can be used to store computer programs, for example, software programs and modules of application software, such as computer programs corresponding to the data encryption and data decryption methods in the embodiments of the present application, and the processor 102 runs the computer programs stored in the memory 104. Thereby, various functional applications and data processing are performed, that is, the above-mentioned method is realized.
  • Memory 104 may include high-speed random access memory, and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some instances, the memory 104 may further include memory located remotely from the processor 102, and these remote memories may be connected to the mobile terminal through a network. Examples of such networks include, but are not limited to, the Internet, an intranet, a local area network, a mobile communication network, and combinations thereof.
  • Transmission device 106 is used to receive or transmit data via a network.
  • the specific example of the above-mentioned network may include a wireless network provided by a communication provider of the mobile terminal.
  • the transmission device 106 includes a network adapter (Network Interface Controller, NIC for short), which can be connected to other network devices through a base station so as to communicate with the Internet.
  • the transmission device 106 may be a radio frequency (Radio Frequency, RF for short) module, which is used to communicate with the Internet in a wireless manner.
  • RF Radio Frequency
  • FIG. 2 is a flowchart of a data encryption method according to an embodiment of the present application. As shown in FIG. 2 , the process includes the following steps:
  • Step S202 acquiring first data.
  • Step S204 determining a first storage space for storing the first data.
  • Step S206 determining an encryption rule corresponding to the first characteristic value of the first storage space.
  • Step S208 encrypting the first data based on the encryption rule to obtain first encrypted data.
  • the first data may be virtual file system (Virtual File System, VFS for short) data, that is, the VFS data is obtained to obtain DATA0, the first storage space for storing the first data is determined, and the first storage space for storing the first data is determined.
  • VFS Virtual File System
  • the first data is encrypted according to the encryption rule to obtain the first encrypted data DATA1.
  • the execution subject of the above steps may be a hardware encryption logic unit, for example, a field programmable gate array (Field Programmable Gate Array, FPGA for short). It can also be a later processor, or other data processing devices with similar processing capabilities, but it is not limited to this.
  • a hardware encryption logic unit for example, a field programmable gate array (Field Programmable Gate Array, FPGA for short). It can also be a later processor, or other data processing devices with similar processing capabilities, but it is not limited to this.
  • the present application after obtaining the first data, determine the encryption rule corresponding to the first characteristic value of the first storage space from the first storage space storing the first encrypted data, and determine the encryption rule for the first data according to the first encryption rule. Encryption processing is performed to obtain the first encrypted data. Since different storage spaces correspond to different eigenvalues, the first eigenvalues of the first storage space for storing the first data are used to encrypt the first data, and there is no need to use upper-layer applications. Therefore, it can solve the problems of low data encryption security level, poor security efficiency and poor generality in the data encryption method adopted, realize partition encryption, improve the security level and security efficiency of data encryption, and improve data encryption. Universality of encryption.
  • the method before acquiring the first data, further includes: acquiring the first characteristic value; and performing an initialization operation based on the first characteristic value, wherein the initialization operation is used to trigger execution An operation of acquiring the first data.
  • the first characteristic value before acquiring the first data, the first characteristic value may be acquired first, and the initialization operation is performed by using the first characteristic value.
  • the FPGA when the FPGA is used to implement data encryption, the first characteristic value of the first storage space may be obtained first, and the FPGA may be initialized by using the first characteristic value, so as to trigger the FPGA to perform the operation of obtaining the first data.
  • acquiring the first feature value includes: acquiring first identification information for identifying the first storage space; processing the first identification information based on a first algorithm to obtain a target value; determining the target value as the first characteristic value of the first storage space.
  • different storage spaces correspond to different identification information, and after obtaining the first identification information of the first storage space, the first identification information can be processed through a first algorithm to obtain a target value, and the target value It is determined as the first characteristic value of the first storage space.
  • the first identification information may be Block ID (block code), that is, the encoding information of the first storage space
  • the first algorithm may be a cryptographic hash function algorithm (Secure Hash Algorithm, SHA256 for short), and the Block ID is processed by the SHA256 algorithm.
  • KEY1 key 1
  • KEY1 is determined as the first characteristic value.
  • the first data may be encrypted according to the encryption rule.
  • the encryption rule may be adding KEY1 before DATA0 or after adding KEY1 to DATA0.
  • KEY1 may also be split into several parts and inserted into predetermined positions of DATA0 to obtain DATA1.
  • the method further includes: sending the first encrypted data to a block driver, to instruct the block driver to store the first encrypted data in the first storage space.
  • the first encrypted data may be sent to the Block driver, that is, the block driver, to instruct the block driver to store the first encrypted data in the first storage space.
  • FIG. 3 is a data encryption flow chart according to a specific embodiment of the present application. As shown in FIG. 3 , the flow includes:
  • Step S302 obtain hardware (hard disk, CPU) characteristic value, carry out SHA256 (corresponding to above-mentioned first algorithm) processing to the Block ID (corresponding to above-mentioned first identification information) of hardware, obtain KEY1 (corresponding to above-mentioned first characteristic value) .
  • SHA256 corresponding to above-mentioned first algorithm
  • Block ID corresponding to above-mentioned first identification information
  • KEY1 corresponding to above-mentioned first characteristic value
  • Step S304 use KEY1 to initialize the FPGA.
  • Step S306 acquiring VFS data, and obtaining DATA0 (corresponding to the above-mentioned first data).
  • Step S308 the algorithm in the FGPA encrypts and calculates DATA0 according to KEY1+DATA0 (corresponding to the above encryption rule) to obtain DATA1 (corresponds to the above first encrypted data).
  • step S310 DATA1 is sent to the Block drive.
  • FIG. 4 The schematic diagram of the structure of data encryption can be seen in FIG. 4 .
  • a filter driver that is, an encryption driver
  • the Block driver Use a hardware encryption logic unit, such as an FPGA, to receive data input, then encrypt the data according to the encryption logic and hardware eigenvalues, and output the encrypted data to the Block driver. Since different hardware corresponds to different eigenvalues, it can be The purpose of partition data encryption is achieved without perceiving user state programming, and the security level and security efficiency of data encryption are improved.
  • FIG. 5 is a flowchart of a data encryption method according to an embodiment of the present application. As shown in FIG. 5 , the process includes the following steps:
  • Step S502 Obtain the first encrypted data stored in the first storage space, wherein the first encrypted data is obtained by encrypting the first data based on an encryption rule, and the encryption rule is the same as that of the first storage space.
  • Step S504 determine the first characteristic value of the first storage space, and determine the decryption rule corresponding to the first characteristic value;
  • Step S506 Decrypt the first encrypted data based on the decryption rule to obtain the first data.
  • the first encrypted data may be block driving data, that is, obtaining block driving data to obtain DATA1 (first encrypted data), wherein the first encrypted data is data obtained by encrypting the first data according to an encryption rule , the first data may be VFS data, that is, DATA0 is obtained by acquiring VFS data.
  • the encryption rule is a rule corresponding to the first characteristic value of the first storage space. After acquiring the first encrypted data, determine the first feature value of the first storage space and the decryption rule with the first feature value object, and decrypt the first encrypted data according to the decryption rule to obtain the first data.
  • the execution body of the above steps may be a hardware encryption logic unit, for example, an FPGA. It can also be a later processor, or other data processing devices with similar processing capabilities, but it is not limited to this.
  • the first encrypted data stored in the first storage space is obtained, then the first characteristic value of the first storage space and the decryption rule corresponding to the first characteristic value are determined, and the first encrypted data is decrypted according to the decryption rule, to get the first data. Since different storage spaces correspond to different eigenvalues, the first encrypted data is decrypted by using the first eigenvalue corresponding to the first storage space, and the upper-layer application software does not need to be used for decryption. Therefore, the data existing in the related art can be solved. For the problems of low security level, poor security efficiency and poor generality, partition decryption is realized, the security level and security efficiency of data decryption are improved, and the generality of data decryption is improved.
  • the method before acquiring the first encrypted data stored in the first storage space, the method further includes: acquiring the first characteristic value; and performing an initialization operation based on the first characteristic value, wherein, The initialization operation is used to trigger the execution of the operation of acquiring the first encrypted data.
  • the first characteristic value before acquiring the first encrypted data, the first characteristic value may be acquired first, and the initialization operation is performed by using the first characteristic value.
  • the FPGA when the FPGA is used to decrypt the data, the first characteristic value of the first storage space may be obtained first, and the FPGA may be initialized by using the first characteristic value, so as to trigger the FPGA to perform the operation of obtaining the first decrypted data.
  • acquiring the first feature value includes: acquiring first identification information for identifying the first storage space; processing the first identification information based on a first algorithm to obtain a target value; determining the target value as the first characteristic value of the first storage space.
  • different storage spaces correspond to different identification information, and after obtaining the first identification information of the first storage space, the first identification information can be processed through a first algorithm to obtain a target value, and the target value It is determined as the first characteristic value of the first storage space.
  • the first identification information can be Block ID (block code), that is, the encoding information of the first storage space
  • the first algorithm can be SHA256
  • the Block ID can be processed by using the SHA256 algorithm to obtain KEY1 (key 1)
  • the KEY1 is determined as the first eigenvalue.
  • the first encrypted data can be decrypted according to the encryption rule.
  • the encryption rule may be adding KEY1 before DATA0 or after adding KEY1 to DATA0.
  • KEY1 may also be split into several parts and inserted into predetermined positions of DATA0 to obtain DATA1.
  • the first data can be obtained by simply removing the KEY1 part in the first encrypted data according to the encryption rules.
  • the method further includes: sending the first data to a virtual file system VFS driver.
  • the first data may be sent to the VFS driver for data calling or other operations on the first data.
  • FIG. 6 is a flowchart of a data decryption method according to a specific embodiment of the present application. As shown in FIG. 6 , the process includes:
  • Step S602 obtain hardware (hard disk, CPU) characteristic value, carry out SHA256 (corresponding to above-mentioned first algorithm) processing to the Block ID (corresponding to above-mentioned first identification information) of hardware, obtain KEY1 (corresponding to above-mentioned first characteristic value) .
  • SHA256 corresponding to above-mentioned first algorithm
  • Block ID corresponding to above-mentioned first identification information
  • KEY1 corresponding to above-mentioned first characteristic value
  • Step S604 use KEY1 to initialize the FPGA.
  • Step S606 obtaining BLOCK driving data to obtain DATA1 (corresponding to the above-mentioned first encrypted data).
  • Step S608 the algorithm in the FGPA performs decryption and calculation according to KEY1+DATA1 to obtain DATA0 (corresponding to the above-mentioned first data).
  • step S610 DATA0 is sent to the VFS driver.
  • the method according to the above embodiment can be implemented by means of software plus a necessary general hardware platform, and of course can also be implemented by hardware, but in many cases the former is better implementation.
  • the technical solution of the present application can be embodied in the form of a software product.
  • the computer software product is stored in a storage medium (such as ROM/RAM, magnetic disk, optical disk) and includes several instructions to
  • a terminal device which may be a mobile phone, a computer, a server, or a network device, etc.) executes the methods described in the various embodiments of this application.
  • a data encryption and data decryption apparatus is also provided, and the apparatus is used to implement the above-mentioned embodiments and preferred implementations, and what has been described will not be repeated.
  • the term "module” may be a combination of software and/or hardware that implements a predetermined function.
  • the apparatus described in the following embodiments is preferably implemented in software, implementations in hardware, or a combination of software and hardware, are also possible and contemplated.
  • Fig. 7 is the structural block diagram of the data encryption device according to the embodiment of the present application, as shown in Fig. 7, this device comprises:
  • the first obtaining module 72 is configured to obtain first data.
  • the first determining module 74 is configured to determine a first storage space for storing the first data.
  • the second determination module 76 is configured to determine an encryption rule corresponding to the first characteristic value of the first storage space.
  • An encryption module 78 configured to perform encryption processing on the first data based on the encryption rule to obtain first encrypted data.
  • the apparatus may be configured to acquire the first characteristic value before acquiring the first data; perform an initialization operation based on the first characteristic value, wherein the initialization operation is used to trigger execution An operation of acquiring the first data.
  • the apparatus may achieve the acquisition of the first feature value in the following manner: acquiring first identification information used to identify the first storage space; identifying the first identification based on a first algorithm The information is processed to obtain a target value; the target value is determined as the first characteristic value of the first storage space.
  • the apparatus may be further configured to send the first encrypted data to a block driver after encrypting the first data based on the encryption rule to obtain the first encrypted data , to instruct the block driver to store the first encrypted data in the first storage space.
  • Fig. 8 is the structural block diagram of the data decryption device according to the embodiment of the present application, as shown in Fig. 8, this device comprises:
  • the second acquiring module 82 is configured to acquire the first encrypted data stored in the first storage space, wherein the first encrypted data is obtained by encrypting the first data based on an encryption rule, and the encryption rule is the same as the The rule corresponding to the first feature value of the first storage space.
  • the third determination module 84 is configured to determine the first characteristic value of the first storage space, and determine a decryption rule corresponding to the first characteristic value.
  • the decryption module 86 is configured to decrypt the first encrypted data based on the decryption rule to obtain the first data.
  • the apparatus may be configured to acquire the first characteristic value before acquiring the first encrypted data stored in the first storage space; perform an initialization operation based on the first characteristic value, wherein, The initialization operation is used to trigger the execution of the operation of acquiring the first encrypted data.
  • the apparatus may achieve the acquisition of the first feature value in the following manner: acquiring first identification information used to identify the first storage space; identifying the first identification based on a first algorithm The information is processed to obtain a target value; the target value is determined as the first characteristic value of the first storage space.
  • the apparatus may be further configured to send the first data to a virtual file after decrypting the first encrypted data based on the decryption rule to obtain the first data System VFS driver.
  • the above modules can be implemented by software or hardware, and the latter can be implemented in the following ways, but not limited to this: the above modules are all located in the same processor; or, the above modules can be combined in any combination The forms are located in different processors.
  • Embodiments of the present application further provide a computer-readable storage medium, where a computer program is stored in the computer-readable storage medium, wherein the computer program is configured to execute the steps in any one of the above method embodiments when running.
  • the above-mentioned computer-readable storage medium may include, but is not limited to, a USB flash drive, a read-only memory (Read-Only Memory, referred to as ROM for short), and a random access memory (Random Access Memory, referred to as RAM for short) , mobile hard disk, magnetic disk or CD-ROM and other media that can store computer programs.
  • ROM Read-Only Memory
  • RAM Random Access Memory
  • Embodiments of the present application further provide an electronic device, including a memory and a processor, where a computer program is stored in the memory, and the processor is configured to run the computer program to execute the steps in any one of the above method embodiments.
  • the above-mentioned electronic device may further include a transmission device and an input-output device, wherein the transmission device is connected to the above-mentioned processor, and the input-output device is connected to the above-mentioned processor.
  • modules or steps of the present application can be implemented by a general-purpose computing device, and they can be centralized on a single computing device, or distributed in a network composed of multiple computing devices
  • they can be implemented in program code executable by a computing device, so that they can be stored in a storage device and executed by the computing device, and in some cases, can be performed in a different order than shown here.
  • the described steps, or they are respectively made into individual integrated circuit modules, or a plurality of modules or steps in them are made into a single integrated circuit module to realize.
  • the present application is not limited to any particular combination of hardware and software.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Data Mining & Analysis (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

Data encryption and data decryption methods, an apparatus, a storage medium, and an electronic apparatus. The data encryption method comprises: obtaining first data (S202); determining a first storage space used for storing the first data (S204); determining an encryption rule corresponding to a first characteristic value of the first storage space (S206); and performing encryption on the first data according to the encryption rule, so as to obtain first encrypted data (S208).

Description

数据加密及数据解密方法、装置、存储介质及电子装置Data encryption and data decryption method, device, storage medium and electronic device
交叉引用cross reference
本申请基于申请号为“202011255552.9”、申请日为2020年11月11日的中国专利申请提出,并要求该中国专利申请的优先权,该中国专利申请的全部内容在此以引入方式并入本申请。This application is based on the Chinese patent application with the application number "202011255552.9" and the filing date is November 11, 2020, and claims the priority of the Chinese patent application. The entire content of the Chinese patent application is hereby incorporated by reference Apply.
技术领域technical field
本申请实施例涉及通信领域,具体而言,涉及一种数据加密及数据解密方法、装置、存储介质及电子装置。The embodiments of the present application relate to the field of communications, and in particular, to a data encryption and data decryption method, device, storage medium, and electronic device.
背景技术Background technique
在瘦终端上搭建的系统,当要用于保密级别要求比较高的场景时,一般都会对系统上的数据进行加密。所采用的加密方式,一般都是应用软件通过一些算法加硬件特征值等,来对数据进行运算,得到的运算结果即是加密后数据,并将此数据写入存储。这种方法的保密级别还不够,而且对IO性能有一定的影响。When a system built on a thin terminal is to be used in a scenario with a high level of confidentiality, the data on the system is generally encrypted. The encryption method used is generally that the application software operates on the data through some algorithms plus hardware characteristic values, etc., and the obtained operation result is the encrypted data, and the data is written into the storage. The confidentiality level of this method is not enough, and it has a certain impact on IO performance.
数据加密有如下几种方式:There are several ways to encrypt data:
在上层应用软件侧,通过算法、硬件特征值等对数据进行计算,软件在写存储数据时,调用此加密接口,然后将接口返回的数据写入存储。On the upper-layer application software side, the data is calculated through algorithms, hardware characteristic values, etc. When the software writes stored data, it calls this encryption interface, and then writes the data returned by the interface to the storage.
使用硬件加密卡、加密狗等,这些一般是搭配特定的软件来进行使用。Use hardware encryption cards, dongles, etc., which are generally used with specific software.
以上几种加密方式,有如下缺点:The above encryption methods have the following disadvantages:
1:系统本身、软件本身并没有加密。如果将存储拆下来,然后通过挂载或其它的方式,是可以取出存储上的数据的。如果取到了软件本身数据(比如加密程序),则有一定的风险。1: The system itself and the software itself are not encrypted. If the storage is removed, and then the data on the storage can be taken out by mounting or other methods. If the data of the software itself (such as an encryption program) is obtained, there is a certain risk.
2:效率不高。算法消耗CPU,而加密狗等涉及到即时的USB通信等方式,效率不高。2: The efficiency is not high. The algorithm consumes CPU, and the dongle, etc. involve instant USB communication, etc., which is not efficient.
3:通用性不好。加密的数据一般需要应用软件调用特定接口才能得到。3: The versatility is not good. Encrypted data generally requires application software to call a specific interface to obtain it.
由此可知,所采用的数据加密方式存在的数据加密保密级别低,保密效率差且通用性差的问题。It can be seen from this that the adopted data encryption method has the problems of low data encryption security level, poor security efficiency and poor generality.
发明内容SUMMARY OF THE INVENTION
本申请实施例提供了一种数据加密方法,包括:获取第一数据;确定用于存储所述第一数据的第一存储空间;确定与所述第一存储空间的第一特征值对应的加密规则;基于所述加密规则对所述第一数据进行加密处理,以得到第一加密数据。An embodiment of the present application provides a data encryption method, including: acquiring first data; determining a first storage space for storing the first data; determining an encryption corresponding to a first characteristic value of the first storage space rule; encrypting the first data based on the encryption rule to obtain first encrypted data.
本申请实施例还提供了一种数据解密方法,包括:获取第一存储空间中存储的第一加密数据,其中,所述第一加密数据是基于加密规则对第一数据进行加密后所得到的,所述加密规则为与所述第一存储空间的第一特征值对应的规则;确定所述第一存储空间的所述第一特征值,并确定与所述第一特征值对应的解密规则;基于所述解密规则对所述第一加密数据进行解密,以得到所述第一数据。An embodiment of the present application further provides a data decryption method, including: acquiring first encrypted data stored in a first storage space, where the first encrypted data is obtained by encrypting the first data based on an encryption rule , the encryption rule is a rule corresponding to the first feature value of the first storage space; the first feature value of the first storage space is determined, and the decryption rule corresponding to the first feature value is determined ; Decrypt the first encrypted data based on the decryption rule to obtain the first data.
本申请实施例还提供了一种数据加密装置,包括:第一获取模块,用于获取第一数据;第一确定模块,用于确定用于存储所述第一数据的第一存储空间;第二确定模块,用于确定与所述第一存储空间的第一特征值对应的加密规则;加密模块,用于基于所述加密规则对所述第一数据进行加密处理,以得到第一加密数据。An embodiment of the present application further provides a data encryption device, including: a first acquisition module, configured to acquire first data; a first determination module, configured to determine a first storage space for storing the first data; 2. A determination module, configured to determine an encryption rule corresponding to the first characteristic value of the first storage space; an encryption module, configured to perform encryption processing on the first data based on the encryption rule to obtain first encrypted data .
本申请实施例还提供了一种数据解密装置,包括:第二获取模块,用于获取第一存储空间中存储的第一加密数据,其中,所述第一加密数据是基于加密规则对第一数据进行加密后所得到的,所述加密规则为与所述第一存储空间的第一特征值对应的规则;第三确定模块,用于确定所述第一存储空间的所述第一特征值,并确定与所述第一特征值对应的解密规则;解密模块,用于基于所述解密规则对所述第一加密数据进行解密,以得到所述第一数据。An embodiment of the present application further provides a data decryption device, including: a second acquisition module, configured to acquire first encrypted data stored in a first storage space, wherein the first encrypted data is a obtained after the data is encrypted, the encryption rule is a rule corresponding to the first characteristic value of the first storage space; a third determination module is used to determine the first characteristic value of the first storage space , and determine a decryption rule corresponding to the first feature value; a decryption module, configured to decrypt the first encrypted data based on the decryption rule to obtain the first data.
本申请实施例还提供了一种计算机可读存储介质,所述计算机可读存储介质中存储有计算机程序,其中,所述计算机程序被设置为运行时执行上述任一项方法实施例中的步骤。Embodiments of the present application further provide a computer-readable storage medium, where a computer program is stored in the computer-readable storage medium, wherein the computer program is configured to execute the steps in any of the foregoing method embodiments when running. .
本申请实施例还提供了一种电子装置,包括存储器和处理器,所述存储器中存储有计算机程序,所述处理器被设置为运行所述计算机程序以执行上述任一项方法实施例中的步骤。An embodiment of the present application further provides an electronic device, including a memory and a processor, where a computer program is stored in the memory, and the processor is configured to run the computer program to execute any of the above method embodiments. step.
通过本申请,在获取第一数据后,确定从用存储第一加密数据的第一存储空间,确定于第一存储空间的第一特征值对应的加密规则,根据第一加密规则对第一数据进行加密处理,以得到第一加密数据,由于不同的存储空间对应不同的特征值,利用存储第一数据的第一存储空间的第一特征值对第一数据进行加密处理,并且无需利用上层应用软件进行加密,因此,可以解决了所采用的数据加密方式中存在的数据加密保密级别低,保密效率差且通用性差的问题,实现了分区加密,提高了数据加密的保密级别以及保密效率,提升了数据加密的通用性。Through the present application, after obtaining the first data, determine the encryption rule corresponding to the first characteristic value of the first storage space from the first storage space storing the first encrypted data, and determine the encryption rule for the first data according to the first encryption rule. Encryption processing is performed to obtain the first encrypted data. Since different storage spaces correspond to different eigenvalues, the first eigenvalues of the first storage space for storing the first data are used to encrypt the first data, and there is no need to use upper-layer applications. Therefore, it can solve the problems of low data encryption security level, poor security efficiency and poor generality in the data encryption method adopted, realize partition encryption, improve the security level and security efficiency of data encryption, and improve The versatility of data encryption.
附图说明Description of drawings
图1是本申请实施例的一种数据加密及数据解密方法的移动终端的硬件结构框图;1 is a block diagram of a hardware structure of a mobile terminal of a data encryption and data decryption method according to an embodiment of the present application;
图2是本申请实施例的数据加密方法的流程图;2 is a flowchart of a data encryption method according to an embodiment of the present application;
图3是本申请具体实施例的数据加密流程图;Fig. 3 is the data encryption flow chart of the specific embodiment of the present application;
图4是本申请具体实施例的数据加密的结构示意图;4 is a schematic structural diagram of data encryption according to a specific embodiment of the present application;
图5是本申请实施例的数据加密方法的流程图;5 is a flowchart of a data encryption method according to an embodiment of the present application;
图6是本申请具体实施例的数据解密方法流程图;6 is a flowchart of a data decryption method according to a specific embodiment of the present application;
图7是本申请实施例的数据加密装置的结构框图;7 is a structural block diagram of a data encryption device according to an embodiment of the present application;
图8是本申请实施例的数据解密装置的结构框图。FIG. 8 is a structural block diagram of a data decryption apparatus according to an embodiment of the present application.
具体实施方式Detailed ways
本申请实施例提供了一种数据加密及数据解密方法、装置、存储介质及电子装置,以至少解决了所采用的数据加密方式存在的数据加密保密级别低,保密效率差且通用性差的问题。Embodiments of the present application provide a data encryption and data decryption method, device, storage medium, and electronic device to at least solve the problems of low data encryption security level, poor security efficiency, and poor versatility in the data encryption method used.
下文中将参考附图并结合实施例来详细说明本申请的实施例。Hereinafter, the embodiments of the present application will be described in detail with reference to the accompanying drawings and in conjunction with the embodiments.
需要说明的是,本申请的说明书和权利要求书及上述附图中的术语“第一”、“第二”等是用于区别类似的对象,而不必用于描述特定的顺序或先后次序。It should be noted that the terms "first", "second", etc. in the description and claims of the present application and the above drawings are used to distinguish similar objects, and are not necessarily used to describe a specific sequence or sequence.
本申请实施例中所提供的方法实施例可以在移动终端、计算机终端或者类似的运算装置中执行。以运行在移动终端上为例,图1是本申请实施例的一种数据加密及数据解密方法的 移动终端的硬件结构框图。如图1所示,移动终端可以包括一个或多个(图1中仅示出一个)处理器102(处理器102可以包括但不限于微处理器MCU或可编程逻辑器件FPGA等的处理装置)和用于存储数据的存储器104,其中,上述移动终端还可以包括用于通信功能的传输设备106以及输入输出设备108。本领域普通技术人员可以理解,图1所示的结构仅为示意,其并不对上述移动终端的结构造成限定。例如,移动终端还可包括比图1中所示更多或者更少的组件,或者具有与图1所示不同的配置。The method embodiments provided in the embodiments of the present application may be executed in a mobile terminal, a computer terminal, or a similar computing device. Taking running on a mobile terminal as an example, Fig. 1 is a hardware structure block diagram of a mobile terminal of a data encryption and data decryption method according to an embodiment of the present application. As shown in FIG. 1 , the mobile terminal may include one or more (only one is shown in FIG. 1 ) processor 102 (the processor 102 may include, but is not limited to, a processing device such as a microprocessor MCU or a programmable logic device FPGA) and a memory 104 for storing data, wherein the above-mentioned mobile terminal may also include a transmission device 106 and an input and output device 108 for communication functions. Those of ordinary skill in the art can understand that the structure shown in FIG. 1 is only a schematic diagram, which does not limit the structure of the above-mentioned mobile terminal. For example, the mobile terminal may also include more or fewer components than those shown in FIG. 1 , or have a different configuration than that shown in FIG. 1 .
存储器104可用于存储计算机程序,例如,应用软件的软件程序以及模块,如本申请实施例中的数据加密及数据解密方法对应的计算机程序,处理器102通过运行存储在存储器104内的计算机程序,从而执行各种功能应用以及数据处理,即实现上述的方法。存储器104可包括高速随机存储器,还可包括非易失性存储器,如一个或者多个磁性存储装置、闪存、或者其他非易失性固态存储器。在一些实例中,存储器104可进一步包括相对于处理器102远程设置的存储器,这些远程存储器可以通过网络连接至移动终端。上述网络的实例包括但不限于互联网、企业内部网、局域网、移动通信网及其组合。The memory 104 can be used to store computer programs, for example, software programs and modules of application software, such as computer programs corresponding to the data encryption and data decryption methods in the embodiments of the present application, and the processor 102 runs the computer programs stored in the memory 104. Thereby, various functional applications and data processing are performed, that is, the above-mentioned method is realized. Memory 104 may include high-speed random access memory, and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some instances, the memory 104 may further include memory located remotely from the processor 102, and these remote memories may be connected to the mobile terminal through a network. Examples of such networks include, but are not limited to, the Internet, an intranet, a local area network, a mobile communication network, and combinations thereof.
传输设备106用于经由一个网络接收或者发送数据。上述的网络具体实例可包括移动终端的通信供应商提供的无线网络。在一个实例中,传输设备106包括一个网络适配器(Network Interface Controller,简称为NIC),其可通过基站与其他网络设备相连从而可与互联网进行通讯。在一个实例中,传输设备106可以为射频(Radio Frequency,简称为RF)模块,其用于通过无线方式与互联网进行通讯。 Transmission device 106 is used to receive or transmit data via a network. The specific example of the above-mentioned network may include a wireless network provided by a communication provider of the mobile terminal. In one example, the transmission device 106 includes a network adapter (Network Interface Controller, NIC for short), which can be connected to other network devices through a base station so as to communicate with the Internet. In one example, the transmission device 106 may be a radio frequency (Radio Frequency, RF for short) module, which is used to communicate with the Internet in a wireless manner.
在本实施例中提供了一种数据加密方法,图2是根据本申请实施例的数据加密方法的流程图,如图2所示,该流程包括如下步骤:A data encryption method is provided in this embodiment, and FIG. 2 is a flowchart of a data encryption method according to an embodiment of the present application. As shown in FIG. 2 , the process includes the following steps:
步骤S202,获取第一数据。Step S202, acquiring first data.
步骤S204,确定用于存储所述第一数据的第一存储空间。Step S204, determining a first storage space for storing the first data.
步骤S206,确定与所述第一存储空间的第一特征值对应的加密规则。Step S206, determining an encryption rule corresponding to the first characteristic value of the first storage space.
步骤S208,基于所述加密规则对所述第一数据进行加密处理,以得到第一加密数据。Step S208, encrypting the first data based on the encryption rule to obtain first encrypted data.
在上述实施例中,第一数据可以是虚拟文件系统(Virtual File System,简称VFS)数据,即获取VFS数据得到DATA0,确定用于存储第一数据的第一存储空间,并确定出与第一存储空间的第一特征值对应的加密规则,根据加密规则对第一数据进行加密处理,得到第一加密数据DATA1。In the above embodiment, the first data may be virtual file system (Virtual File System, VFS for short) data, that is, the VFS data is obtained to obtain DATA0, the first storage space for storing the first data is determined, and the first storage space for storing the first data is determined. According to the encryption rule corresponding to the first feature value of the storage space, the first data is encrypted according to the encryption rule to obtain the first encrypted data DATA1.
示例性的,上述步骤的执行主体可以为硬件加密逻辑单元,例如,现场可编程逻辑门阵列(Field Programmable Gate Array,简称FPGA)。还可以为后来处理器,或其他具备类似处理能力的数据处理设备,但不限与此。Exemplarily, the execution subject of the above steps may be a hardware encryption logic unit, for example, a field programmable gate array (Field Programmable Gate Array, FPGA for short). It can also be a later processor, or other data processing devices with similar processing capabilities, but it is not limited to this.
通过本申请,在获取第一数据后,确定从用存储第一加密数据的第一存储空间,确定于第一存储空间的第一特征值对应的加密规则,根据第一加密规则对第一数据进行加密处理,以得到第一加密数据,由于不同的存储空间对应不同的特征值,利用存储第一数据的第一存储空间的第一特征值对第一数据进行加密处理,并且无需利用上层应用软件进行加密,因此,可以解决所采用的数据加密方式存在的数据加密保密级别低,保密效率差且通用性差的问题,实现了分区加密,提高了数据加密的保密级别以及保密效率,提升了数据加密的通用性。Through the present application, after obtaining the first data, determine the encryption rule corresponding to the first characteristic value of the first storage space from the first storage space storing the first encrypted data, and determine the encryption rule for the first data according to the first encryption rule. Encryption processing is performed to obtain the first encrypted data. Since different storage spaces correspond to different eigenvalues, the first eigenvalues of the first storage space for storing the first data are used to encrypt the first data, and there is no need to use upper-layer applications. Therefore, it can solve the problems of low data encryption security level, poor security efficiency and poor generality in the data encryption method adopted, realize partition encryption, improve the security level and security efficiency of data encryption, and improve data encryption. Universality of encryption.
在一个示例性实施例中,在获取第一数据之前,所述方法还包括:获取所述第一特征值;基于所述第一特征值执行初始化操作,其中,所述初始化操作用于触发执行获取所述第一数 据的操作。在本实施例中,在获取第一数据之前,可以首先获取第一特征值,利用第一特征值执行初始化操作。例如,当利用FPGA实现数据加密时,可以首先获取第一存储空间的第一特征值,利用第一特征值对FPGA进行初始化,以触发FPGA执行获取第一数据的操作。In an exemplary embodiment, before acquiring the first data, the method further includes: acquiring the first characteristic value; and performing an initialization operation based on the first characteristic value, wherein the initialization operation is used to trigger execution An operation of acquiring the first data. In this embodiment, before acquiring the first data, the first characteristic value may be acquired first, and the initialization operation is performed by using the first characteristic value. For example, when the FPGA is used to implement data encryption, the first characteristic value of the first storage space may be obtained first, and the FPGA may be initialized by using the first characteristic value, so as to trigger the FPGA to perform the operation of obtaining the first data.
在一个示例性实施例中,获取所述第一特征值包括:获取用于标识所述第一存储空间的第一标识信息;基于第一算法对所述第一标识信息进行处理,以得到目标数值;将所述目标数值确定为所述第一存储空间的所述第一特征值。在本实施例中,不同的存储空间对应不同的标识信息,在获取到第一存储空间的第一标识信息后,可以通过第一算法对第一标识信息进行处理,得到目标数值,将目标数值确定为第一存储空间的第一特征值。其中,第一标识信息可以为Block ID(块编码),即第一存储空间的编码信息,第一算法可以为密码散列函数算法(Secure Hash Algorithm,简称SHA256),利用SHA256算法对Block ID进行处理,可以得到KEY1(密匙1),将KEY1确定为第一特征值。在确定第一特征值后可以根据加密规则对第一数据进行加密处理。其中,加密规则可以为将KEY1添加到DATA0前,或者将KEY1添加到DATA0后,当然,也可以将KEY1拆分为几部分,分别插入到DATA0的预定位置处得到DATA1。In an exemplary embodiment, acquiring the first feature value includes: acquiring first identification information for identifying the first storage space; processing the first identification information based on a first algorithm to obtain a target value; determining the target value as the first characteristic value of the first storage space. In this embodiment, different storage spaces correspond to different identification information, and after obtaining the first identification information of the first storage space, the first identification information can be processed through a first algorithm to obtain a target value, and the target value It is determined as the first characteristic value of the first storage space. Wherein, the first identification information may be Block ID (block code), that is, the encoding information of the first storage space, and the first algorithm may be a cryptographic hash function algorithm (Secure Hash Algorithm, SHA256 for short), and the Block ID is processed by the SHA256 algorithm. After processing, KEY1 (key 1) can be obtained, and KEY1 is determined as the first characteristic value. After the first characteristic value is determined, the first data may be encrypted according to the encryption rule. The encryption rule may be adding KEY1 before DATA0 or after adding KEY1 to DATA0. Of course, KEY1 may also be split into several parts and inserted into predetermined positions of DATA0 to obtain DATA1.
在一个示例性实施例中,在基于所述加密规则对所述第一数据进行加密处理,以得到第一加密数据之后,所述方法还包括:将所述第一加密数据发送给块驱动,以指示所述块驱动将所述第一加密数据存储在所述第一存储空间中。在本实施例中,在得到第一加密数据后,可以将第一加密数据发送给Block驱动,即块驱动,以指示块驱动将第一加密数据存储在第一存储空间中。In an exemplary embodiment, after encrypting the first data based on the encryption rule to obtain the first encrypted data, the method further includes: sending the first encrypted data to a block driver, to instruct the block driver to store the first encrypted data in the first storage space. In this embodiment, after obtaining the first encrypted data, the first encrypted data may be sent to the Block driver, that is, the block driver, to instruct the block driver to store the first encrypted data in the first storage space.
下面结合具体实施方式对数据加密进行说明:Data encryption will be described below in conjunction with specific embodiments:
图3是根据本申请具体实施例的数据加密流程图,如图3所示,该流程包括:FIG. 3 is a data encryption flow chart according to a specific embodiment of the present application. As shown in FIG. 3 , the flow includes:
步骤S302,获取硬件(硬盘、CPU)特征值,对硬件的Block ID(对应于上述第一标识信息)进行SHA256(对应于上述第一算法)处理,得到KEY1(对应于上述第一特征值)。Step S302, obtain hardware (hard disk, CPU) characteristic value, carry out SHA256 (corresponding to above-mentioned first algorithm) processing to the Block ID (corresponding to above-mentioned first identification information) of hardware, obtain KEY1 (corresponding to above-mentioned first characteristic value) .
步骤S304,使用KEY1初始化FPGA。Step S304, use KEY1 to initialize the FPGA.
步骤S306,获取VFS数据,得到DATA0(对应于上述第一数据)。Step S306, acquiring VFS data, and obtaining DATA0 (corresponding to the above-mentioned first data).
步骤S308,FGPA里算法根据KEY1+DATA0(对应于上述加密规则)对DATA0进行加密计算得到DATA1(对应于上述第一加密数据)。Step S308, the algorithm in the FGPA encrypts and calculates DATA0 according to KEY1+DATA0 (corresponding to the above encryption rule) to obtain DATA1 (corresponds to the above first encrypted data).
步骤S310,将DATA1送入Block驱动。In step S310, DATA1 is sent to the Block drive.
其中,数据加密的结构示意图可参见附图4,如图4所示,在VFS驱动和Block驱动之间,设置一个filter驱动,即加密驱动。利用硬件加密逻辑单元,如FPGA,接收数据输入,然后根据加密逻辑和硬件特征值来对数据进行加密,并将加密后的数据输出至Block驱动,由于不同的硬件对应不同的特征值,因此可以在不感知用户态编程的情况下达到分区数据加密的目的,提高了数据加密的保密等级及保密效率。The schematic diagram of the structure of data encryption can be seen in FIG. 4 . As shown in FIG. 4 , a filter driver, that is, an encryption driver, is set between the VFS driver and the Block driver. Use a hardware encryption logic unit, such as an FPGA, to receive data input, then encrypt the data according to the encryption logic and hardware eigenvalues, and output the encrypted data to the Block driver. Since different hardware corresponds to different eigenvalues, it can be The purpose of partition data encryption is achieved without perceiving user state programming, and the security level and security efficiency of data encryption are improved.
在本实施例中还提供了一种数据解密方法,图5是根据本申请实施例的数据加密方法的流程图,如图5所示,该流程包括如下步骤:A data decryption method is also provided in this embodiment. FIG. 5 is a flowchart of a data encryption method according to an embodiment of the present application. As shown in FIG. 5 , the process includes the following steps:
步骤S502,获取第一存储空间中存储的第一加密数据,其中,所述第一加密数据是基于加密规则对第一数据进行加密后所得到的,所述加密规则为与所述第一存储空间的第一特征值对应的规则;Step S502: Obtain the first encrypted data stored in the first storage space, wherein the first encrypted data is obtained by encrypting the first data based on an encryption rule, and the encryption rule is the same as that of the first storage space. The rule corresponding to the first eigenvalue of the space;
步骤S504,确定所述第一存储空间的所述第一特征值,并确定与所述第一特征值对应的 解密规则;Step S504, determine the first characteristic value of the first storage space, and determine the decryption rule corresponding to the first characteristic value;
步骤S506,基于所述解密规则对所述第一加密数据进行解密,以得到所述第一数据。Step S506: Decrypt the first encrypted data based on the decryption rule to obtain the first data.
在上述实施例中,第一加密数据可以为Block驱动数据,即获取Block驱动数据得到DATA1(第一加密数据),其中,第一加密数据是通过加密规则对第一数据进行加密后得到的数据,第一数据可以是VFS数据,即获取VFS数据得到DATA0。加密规则为与第一存储空间的第一特征值对应的规则。在获取到第一加密数据后,确定第一存储空间的第一特征值,以及与第一特征值对象的解密规则,根据解密规则对第一加密数据进行解密,得到第一数据。In the above embodiment, the first encrypted data may be block driving data, that is, obtaining block driving data to obtain DATA1 (first encrypted data), wherein the first encrypted data is data obtained by encrypting the first data according to an encryption rule , the first data may be VFS data, that is, DATA0 is obtained by acquiring VFS data. The encryption rule is a rule corresponding to the first characteristic value of the first storage space. After acquiring the first encrypted data, determine the first feature value of the first storage space and the decryption rule with the first feature value object, and decrypt the first encrypted data according to the decryption rule to obtain the first data.
示例性的,上述步骤的执行主体可以为硬件加密逻辑单元,例如,FPGA。还可以为后来处理器,或其他具备类似处理能力的数据处理设备,但不限与此。Exemplarily, the execution body of the above steps may be a hardware encryption logic unit, for example, an FPGA. It can also be a later processor, or other data processing devices with similar processing capabilities, but it is not limited to this.
通过本申请,获取第一存储空间中存储的第一加密数据,然后确定第一存储空间的第一特征值,以及第一特征值对应的解密规则,根据解密规则对第一加密数据进行解密,以得到第一数据。由于不同的存储空间对应不同的特征值,利用第一存储空间对应的第一特征值对第一加密数据进行解密处理,并且无需利用上层应用软件进行解密,因此,可以解决相关技术中存在的数据保密级别低,保密效率差且通用性差的问题,实现了分区解密,提高了数据解密的保密级别以及保密效率,提升了数据解密的通用性。Through this application, the first encrypted data stored in the first storage space is obtained, then the first characteristic value of the first storage space and the decryption rule corresponding to the first characteristic value are determined, and the first encrypted data is decrypted according to the decryption rule, to get the first data. Since different storage spaces correspond to different eigenvalues, the first encrypted data is decrypted by using the first eigenvalue corresponding to the first storage space, and the upper-layer application software does not need to be used for decryption. Therefore, the data existing in the related art can be solved. For the problems of low security level, poor security efficiency and poor generality, partition decryption is realized, the security level and security efficiency of data decryption are improved, and the generality of data decryption is improved.
在一个示例性实施例中,在获取第一存储空间中存储的第一加密数据之前,所述方法还包括:获取所述第一特征值;基于所述第一特征值执行初始化操作,其中,所述初始化操作用于触发执行获取所述第一加密数据的操作。在本实施例中,在获取第一加密数据之前,可以首先获取第一特征值,利用第一特征值执行初始化操作。例如,当利用FPGA实现数据解密时,可以首先获取第一存储空间的第一特征值,利用第一特征值对FPGA进行初始化,以触发FPGA执行获取第一解密数据的操作。In an exemplary embodiment, before acquiring the first encrypted data stored in the first storage space, the method further includes: acquiring the first characteristic value; and performing an initialization operation based on the first characteristic value, wherein, The initialization operation is used to trigger the execution of the operation of acquiring the first encrypted data. In this embodiment, before acquiring the first encrypted data, the first characteristic value may be acquired first, and the initialization operation is performed by using the first characteristic value. For example, when the FPGA is used to decrypt the data, the first characteristic value of the first storage space may be obtained first, and the FPGA may be initialized by using the first characteristic value, so as to trigger the FPGA to perform the operation of obtaining the first decrypted data.
在一个示例性实施例中,获取所述第一特征值包括:获取用于标识所述第一存储空间的第一标识信息;基于第一算法对所述第一标识信息进行处理,以得到目标数值;将所述目标数值确定为所述第一存储空间的所述第一特征值。在本实施例中,不同的存储空间对应不同的标识信息,在获取到第一存储空间的第一标识信息后,可以通过第一算法对第一标识信息进行处理,得到目标数值,将目标数值确定为第一存储空间的第一特征值。其中,第一标识信息可以为Block ID(块编码),即第一存储空间的编码信息,第一算法可以为SHA256,利用SHA256算法对Block ID进行处理,可以得到KEY1(密匙1),将KEY1确定为第一特征值。在确定第一特征值后可以根据加密规则对第一加密数据进行解密处理。其中,加密规则可以为将KEY1添加到DATA0前,或者将KEY1添加到DATA0后,当然,也可以将KEY1拆分为几部分,分别插入到DATA0的预定位置处得到DATA1。在解密时,只需将根据加密规则将第一加密数据中的KEY1部分去掉,即可得到第一数据。In an exemplary embodiment, acquiring the first feature value includes: acquiring first identification information for identifying the first storage space; processing the first identification information based on a first algorithm to obtain a target value; determining the target value as the first characteristic value of the first storage space. In this embodiment, different storage spaces correspond to different identification information, and after obtaining the first identification information of the first storage space, the first identification information can be processed through a first algorithm to obtain a target value, and the target value It is determined as the first characteristic value of the first storage space. Wherein, the first identification information can be Block ID (block code), that is, the encoding information of the first storage space, the first algorithm can be SHA256, and the Block ID can be processed by using the SHA256 algorithm to obtain KEY1 (key 1), and the KEY1 is determined as the first eigenvalue. After the first characteristic value is determined, the first encrypted data can be decrypted according to the encryption rule. The encryption rule may be adding KEY1 before DATA0 or after adding KEY1 to DATA0. Of course, KEY1 may also be split into several parts and inserted into predetermined positions of DATA0 to obtain DATA1. During decryption, the first data can be obtained by simply removing the KEY1 part in the first encrypted data according to the encryption rules.
在一个示例性实施例中,在基于所述解密规则对所述第一加密数据进行解密,以得到所述第一数据之后,所述方法还包括:将所述第一数据发送给虚拟文件系统VFS驱动。在本实施例中,在得到第一数据后,可以将第一数据发送给VFS驱动,以供数据调用或对第一数据进行其他操作。In an exemplary embodiment, after decrypting the first encrypted data based on the decryption rule to obtain the first data, the method further includes: sending the first data to a virtual file system VFS driver. In this embodiment, after the first data is obtained, the first data may be sent to the VFS driver for data calling or other operations on the first data.
下面结合具体实施方式对数据解密进行说明:The data decryption will be described below in conjunction with specific embodiments:
图6是根据本申请具体实施例的数据解密方法流程图,如图6所示,该流程包括:FIG. 6 is a flowchart of a data decryption method according to a specific embodiment of the present application. As shown in FIG. 6 , the process includes:
步骤S602,获取硬件(硬盘、CPU)特征值,对硬件的Block ID(对应于上述第一标识 信息)进行SHA256(对应于上述第一算法)处理,得到KEY1(对应于上述第一特征值)。Step S602, obtain hardware (hard disk, CPU) characteristic value, carry out SHA256 (corresponding to above-mentioned first algorithm) processing to the Block ID (corresponding to above-mentioned first identification information) of hardware, obtain KEY1 (corresponding to above-mentioned first characteristic value) .
步骤S604,使用KEY1初始化FPGA。Step S604, use KEY1 to initialize the FPGA.
步骤S606,获取BLOCK驱动数据得到DATA1(对应于上述第一加密数据)。Step S606, obtaining BLOCK driving data to obtain DATA1 (corresponding to the above-mentioned first encrypted data).
步骤S608,FGPA里算法根据KEY1+DATA1进行解密计算得到DATA0(对应于上述第一数据)。Step S608, the algorithm in the FGPA performs decryption and calculation according to KEY1+DATA1 to obtain DATA0 (corresponding to the above-mentioned first data).
步骤S610,将DATA0送入VFS驱动。In step S610, DATA0 is sent to the VFS driver.
通过以上的实施方式的描述,本领域的技术人员可以清楚地了解到根据上述实施例的方法可借助软件加必需的通用硬件平台的方式来实现,当然也可以通过硬件,但很多情况下前者是更佳的实施方式。基于这样的理解,本申请的技术方案本质上可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质(如ROM/RAM、磁碟、光盘)中,包括若干指令用以使得一台终端设备(可以是手机,计算机,服务器,或者网络设备等)执行本申请各个实施例所述的方法。From the description of the above embodiments, those skilled in the art can clearly understand that the method according to the above embodiment can be implemented by means of software plus a necessary general hardware platform, and of course can also be implemented by hardware, but in many cases the former is better implementation. Based on this understanding, the technical solution of the present application can be embodied in the form of a software product. The computer software product is stored in a storage medium (such as ROM/RAM, magnetic disk, optical disk) and includes several instructions to A terminal device (which may be a mobile phone, a computer, a server, or a network device, etc.) executes the methods described in the various embodiments of this application.
在本实施例中还提供了一种数据加密及数据解密装置,该装置用于实现上述实施例及优选实施方式,已经进行过说明的不再赘述。如以下所使用的,术语“模块”可以实现预定功能的软件和/或硬件的组合。尽管以下实施例所描述的装置较佳地以软件来实现,但是硬件,或者软件和硬件的组合的实现也是可能并被构想的。In this embodiment, a data encryption and data decryption apparatus is also provided, and the apparatus is used to implement the above-mentioned embodiments and preferred implementations, and what has been described will not be repeated. As used below, the term "module" may be a combination of software and/or hardware that implements a predetermined function. Although the apparatus described in the following embodiments is preferably implemented in software, implementations in hardware, or a combination of software and hardware, are also possible and contemplated.
图7是根据本申请实施例的数据加密装置的结构框图,如图7所示,该装置包括:Fig. 7 is the structural block diagram of the data encryption device according to the embodiment of the present application, as shown in Fig. 7, this device comprises:
第一获取模块72,用于获取第一数据。The first obtaining module 72 is configured to obtain first data.
第一确定模块74,用于确定用于存储所述第一数据的第一存储空间。The first determining module 74 is configured to determine a first storage space for storing the first data.
第二确定模块76,用于确定与所述第一存储空间的第一特征值对应的加密规则。The second determination module 76 is configured to determine an encryption rule corresponding to the first characteristic value of the first storage space.
加密模块78,用于基于所述加密规则对所述第一数据进行加密处理,以得到第一加密数据。An encryption module 78, configured to perform encryption processing on the first data based on the encryption rule to obtain first encrypted data.
在一个示例性实施例中,所述装置可以用于在获取第一数据之前,获取所述第一特征值;基于所述第一特征值执行初始化操作,其中,所述初始化操作用于触发执行获取所述第一数据的操作。In an exemplary embodiment, the apparatus may be configured to acquire the first characteristic value before acquiring the first data; perform an initialization operation based on the first characteristic value, wherein the initialization operation is used to trigger execution An operation of acquiring the first data.
在一个示例性实施例中,所述装置可以通过如下方式实现获取所述第一特征值:获取用于标识所述第一存储空间的第一标识信息;基于第一算法对所述第一标识信息进行处理,以得到目标数值;将所述目标数值确定为所述第一存储空间的所述第一特征值。In an exemplary embodiment, the apparatus may achieve the acquisition of the first feature value in the following manner: acquiring first identification information used to identify the first storage space; identifying the first identification based on a first algorithm The information is processed to obtain a target value; the target value is determined as the first characteristic value of the first storage space.
在一个示例性实施例中,所述装置还可以用于在基于所述加密规则对所述第一数据进行加密处理,以得到第一加密数据之后,将所述第一加密数据发送给块驱动,以指示所述块驱动将所述第一加密数据存储在所述第一存储空间中。In an exemplary embodiment, the apparatus may be further configured to send the first encrypted data to a block driver after encrypting the first data based on the encryption rule to obtain the first encrypted data , to instruct the block driver to store the first encrypted data in the first storage space.
图8是根据本申请实施例的数据解密装置的结构框图,如图8所示,该装置包括:Fig. 8 is the structural block diagram of the data decryption device according to the embodiment of the present application, as shown in Fig. 8, this device comprises:
第二获取模块82,用于获取第一存储空间中存储的第一加密数据,其中,所述第一加密数据是基于加密规则对第一数据进行加密后所得到的,所述加密规则为与所述第一存储空间的第一特征值对应的规则。The second acquiring module 82 is configured to acquire the first encrypted data stored in the first storage space, wherein the first encrypted data is obtained by encrypting the first data based on an encryption rule, and the encryption rule is the same as the The rule corresponding to the first feature value of the first storage space.
第三确定模块84,用于确定所述第一存储空间的所述第一特征值,并确定与所述第一特征值对应的解密规则。The third determination module 84 is configured to determine the first characteristic value of the first storage space, and determine a decryption rule corresponding to the first characteristic value.
解密模块86,用于基于所述解密规则对所述第一加密数据进行解密,以得到所述第一数据。The decryption module 86 is configured to decrypt the first encrypted data based on the decryption rule to obtain the first data.
在一个示例性实施例中,所述装置可以用于在获取第一存储空间中存储的第一加密数据之前,获取所述第一特征值;基于所述第一特征值执行初始化操作,其中,所述初始化操作用于触发执行获取所述第一加密数据的操作。In an exemplary embodiment, the apparatus may be configured to acquire the first characteristic value before acquiring the first encrypted data stored in the first storage space; perform an initialization operation based on the first characteristic value, wherein, The initialization operation is used to trigger the execution of the operation of acquiring the first encrypted data.
在一个示例性实施例中,所述装置可以通过如下方式实现获取所述第一特征值:获取用于标识所述第一存储空间的第一标识信息;基于第一算法对所述第一标识信息进行处理,以得到目标数值;将所述目标数值确定为所述第一存储空间的所述第一特征值。In an exemplary embodiment, the apparatus may achieve the acquisition of the first feature value in the following manner: acquiring first identification information used to identify the first storage space; identifying the first identification based on a first algorithm The information is processed to obtain a target value; the target value is determined as the first characteristic value of the first storage space.
在一个示例性实施例中,所述装置还可以用于在基于所述解密规则对所述第一加密数据进行解密,以得到所述第一数据之后,将所述第一数据发送给虚拟文件系统VFS驱动。In an exemplary embodiment, the apparatus may be further configured to send the first data to a virtual file after decrypting the first encrypted data based on the decryption rule to obtain the first data System VFS driver.
需要说明的是,上述各个模块是可以通过软件或硬件来实现的,对于后者,可以通过以下方式实现,但不限于此:上述模块均位于同一处理器中;或者,上述各个模块以任意组合的形式分别位于不同的处理器中。It should be noted that the above modules can be implemented by software or hardware, and the latter can be implemented in the following ways, but not limited to this: the above modules are all located in the same processor; or, the above modules can be combined in any combination The forms are located in different processors.
本申请的实施例还提供了一种计算机可读存储介质,该计算机可读存储介质中存储有计算机程序,其中,该计算机程序被设置为运行时执行上述任一项方法实施例中的步骤。Embodiments of the present application further provide a computer-readable storage medium, where a computer program is stored in the computer-readable storage medium, wherein the computer program is configured to execute the steps in any one of the above method embodiments when running.
在一个示例性实施例中,上述计算机可读存储介质可以包括但不限于:U盘、只读存储器(Read-Only Memory,简称为ROM)、随机存取存储器(Random Access Memory,简称为RAM)、移动硬盘、磁碟或者光盘等各种可以存储计算机程序的介质。In an exemplary embodiment, the above-mentioned computer-readable storage medium may include, but is not limited to, a USB flash drive, a read-only memory (Read-Only Memory, referred to as ROM for short), and a random access memory (Random Access Memory, referred to as RAM for short) , mobile hard disk, magnetic disk or CD-ROM and other media that can store computer programs.
本申请的实施例还提供了一种电子装置,包括存储器和处理器,该存储器中存储有计算机程序,该处理器被设置为运行计算机程序以执行上述任一项方法实施例中的步骤。Embodiments of the present application further provide an electronic device, including a memory and a processor, where a computer program is stored in the memory, and the processor is configured to run the computer program to execute the steps in any one of the above method embodiments.
在一个示例性实施例中,上述电子装置还可以包括传输设备以及输入输出设备,其中,该传输设备和上述处理器连接,该输入输出设备和上述处理器连接。In an exemplary embodiment, the above-mentioned electronic device may further include a transmission device and an input-output device, wherein the transmission device is connected to the above-mentioned processor, and the input-output device is connected to the above-mentioned processor.
本实施例中的具体示例可以参考上述实施例及示例性实施方式中所描述的示例,本实施例在此不再赘述。For specific examples in this embodiment, reference may be made to the examples described in the foregoing embodiments and exemplary implementation manners, and details are not described herein again in this embodiment.
显然,本领域的技术人员应该明白,上述的本申请的各模块或各步骤可以用通用的计算装置来实现,它们可以集中在单个的计算装置上,或者分布在多个计算装置所组成的网络上,它们可以用计算装置可执行的程序代码来实现,从而,可以将它们存储在存储装置中由计算装置来执行,并且在某些情况下,可以以不同于此处的顺序执行所示出或描述的步骤,或者将它们分别制作成各个集成电路模块,或者将它们中的多个模块或步骤制作成单个集成电路模块来实现。这样,本申请不限制于任何特定的硬件和软件结合。Obviously, those skilled in the art should understand that the above-mentioned modules or steps of the present application can be implemented by a general-purpose computing device, and they can be centralized on a single computing device, or distributed in a network composed of multiple computing devices On the other hand, they can be implemented in program code executable by a computing device, so that they can be stored in a storage device and executed by the computing device, and in some cases, can be performed in a different order than shown here. Or the described steps, or they are respectively made into individual integrated circuit modules, or a plurality of modules or steps in them are made into a single integrated circuit module to realize. As such, the present application is not limited to any particular combination of hardware and software.
以上所述仅为本申请的优选实施例而已,并不用于限制本申请,对于本领域的技术人员来说,本申请可以有各种更改和变化。凡在本申请的原则之内,所作的任何修改、等同替换、改进等,均应包含在本申请的保护范围之内。The above descriptions are only preferred embodiments of the present application, and are not intended to limit the present application. For those skilled in the art, the present application may have various modifications and changes. Any modification, equivalent replacement, improvement, etc. made within the principles of this application shall be included within the protection scope of this application.

Claims (12)

  1. 一种数据加密方法,包括:A data encryption method comprising:
    获取第一数据;get the first data;
    确定用于存储所述第一数据的第一存储空间;determining a first storage space for storing the first data;
    确定与所述第一存储空间的第一特征值对应的加密规则;determining an encryption rule corresponding to the first characteristic value of the first storage space;
    基于所述加密规则对所述第一数据进行加密处理,以得到第一加密数据。The first data is encrypted based on the encryption rule to obtain first encrypted data.
  2. 根据权利要求1所述的数据加密方法,其中,所述在获取第一数据之前,所述方法还包括:The data encryption method according to claim 1, wherein, before acquiring the first data, the method further comprises:
    获取所述第一特征值;obtaining the first eigenvalue;
    基于所述第一特征值执行初始化操作,其中,所述初始化操作用于触发执行获取所述第一数据的操作。An initialization operation is performed based on the first characteristic value, wherein the initialization operation is used to trigger the execution of an operation of acquiring the first data.
  3. 根据权利要求2所述的数据加密方法,其中,所述获取所述第一特征值包括:The data encryption method according to claim 2, wherein the acquiring the first characteristic value comprises:
    获取用于标识所述第一存储空间的第一标识信息;obtaining first identification information for identifying the first storage space;
    基于第一算法对所述第一标识信息进行处理,以得到目标数值;processing the first identification information based on a first algorithm to obtain a target value;
    将所述目标数值确定为所述第一存储空间的所述第一特征值。The target value is determined as the first characteristic value of the first storage space.
  4. 根据权利要求1至权利要求3任一项所述的数据加密方法,其中,所述在基于所述加密规则对所述第一数据进行加密处理,以得到第一加密数据之后,所述方法还包括:The data encryption method according to any one of claims 1 to 3, wherein after performing encryption processing on the first data based on the encryption rule to obtain the first encrypted data, the method further comprises: include:
    将所述第一加密数据发送给块驱动,以指示所述块驱动将所述第一加密数据存储在所述第一存储空间中。Sending the first encrypted data to the block driver to instruct the block driver to store the first encrypted data in the first storage space.
  5. 一种数据解密方法,包括:A data decryption method, comprising:
    获取第一存储空间中存储的第一加密数据,其中,所述第一加密数据是基于加密规则对第一数据进行加密后所得到的,所述加密规则为与所述第一存储空间的第一特征值对应的规则;Acquire the first encrypted data stored in the first storage space, wherein the first encrypted data is obtained by encrypting the first data based on an encryption rule, and the encryption rule is the same as the first encrypted data of the first storage space. A rule corresponding to an eigenvalue;
    确定所述第一存储空间的所述第一特征值,并确定与所述第一特征值对应的解密规则;determining the first characteristic value of the first storage space, and determining a decryption rule corresponding to the first characteristic value;
    基于所述解密规则对所述第一加密数据进行解密,以得到所述第一数据。Decrypt the first encrypted data based on the decryption rule to obtain the first data.
  6. 根据权利要求5所述的数据解密方法,其中,所述在获取第一存储空间中存储的第一加密数据之前,所述方法还包括:The data decryption method according to claim 5, wherein before acquiring the first encrypted data stored in the first storage space, the method further comprises:
    获取所述第一特征值;obtaining the first eigenvalue;
    基于所述第一特征值执行初始化操作,其中,所述初始化操作用于触发执行获取所述第一加密数据的操作。An initialization operation is performed based on the first characteristic value, wherein the initialization operation is used to trigger an operation of acquiring the first encrypted data.
  7. 根据权利要求6所述的数据解密方法,其中,所述获取所述第一特征值包括:The data decryption method according to claim 6, wherein the acquiring the first characteristic value comprises:
    获取用于标识所述第一存储空间的第一标识信息;obtaining first identification information for identifying the first storage space;
    基于第一算法对所述第一标识信息进行处理,以得到目标数值;processing the first identification information based on a first algorithm to obtain a target value;
    将所述目标数值确定为所述第一存储空间的所述第一特征值。The target value is determined as the first characteristic value of the first storage space.
  8. 根据权利要求5至权利要求7中任一项所述的方法,其中,所述在基于所述解密规则对所述第一加密数据进行解密,以得到所述第一数据之后,所述方法还包括:The method according to any one of claims 5 to 7, wherein after decrypting the first encrypted data based on the decryption rule to obtain the first data, the method further include:
    将所述第一数据发送给虚拟文件系统VFS驱动。Send the first data to the virtual file system VFS driver.
  9. 一种数据加密装置,包括:A data encryption device, comprising:
    第一获取模块,用于获取第一数据;a first acquisition module for acquiring first data;
    第一确定模块,用于确定用于存储所述第一数据的第一存储空间;a first determining module, configured to determine a first storage space for storing the first data;
    第二确定模块,用于确定与所述第一存储空间的第一特征值对应的加密规则;a second determining module, configured to determine an encryption rule corresponding to the first characteristic value of the first storage space;
    加密模块,用于基于所述加密规则对所述第一数据进行加密处理,以得到第一加密数据。An encryption module, configured to perform encryption processing on the first data based on the encryption rule to obtain first encrypted data.
  10. 一种数据解密装置,包括:A data decryption device, comprising:
    第二获取模块,用于获取第一存储空间中存储的第一加密数据,其中,所述第一加密数据是基于加密规则对第一数据进行加密后所得到的,所述加密规则为与所述第一存储空间的第一特征值对应的规则;The second obtaining module is configured to obtain the first encrypted data stored in the first storage space, wherein the first encrypted data is obtained by encrypting the first data based on an encryption rule, and the encryption rule is the same as the encrypted data. Describe the rule corresponding to the first eigenvalue of the first storage space;
    第三确定模块,用于确定所述第一存储空间的所述第一特征值,并确定与所述第一特征值对应的解密规则;a third determining module, configured to determine the first feature value of the first storage space, and determine a decryption rule corresponding to the first feature value;
    解密模块,用于基于所述解密规则对所述第一加密数据进行解密,以得到所述第一数据。A decryption module, configured to decrypt the first encrypted data based on the decryption rule to obtain the first data.
  11. 一种计算机可读存储介质,所述计算机可读存储介质中存储有计算机程序,其中,所述计算机程序被处理器执行时实现所述权利要求1至4任一项中所述的数据加密方法的步骤,或者实现权利要求5至8任一项中所述的数据解密方法的步骤。A computer-readable storage medium, where a computer program is stored in the computer-readable storage medium, wherein the computer program implements the data encryption method described in any one of claims 1 to 4 when the computer program is executed by a processor , or the steps of implementing the data decryption method described in any one of claims 5 to 8.
  12. 一种电子装置,包括存储器、处理器以及存储在所述存储器上并可在所述处理器上运行的计算机程序,其特征在于,所述处理器执行所述计算机程序时实现所述权利要求1至4任一项中所述的数据加密方法的步骤,或者实现权利要求5至8任一项中所述的数据解密方法的步骤。An electronic device, comprising a memory, a processor, and a computer program stored on the memory and running on the processor, wherein the processor implements the claim 1 when the processor executes the computer program The steps of the data encryption method described in any one of claims 5 to 4, or the steps of implementing the data decryption method described in any one of claims 5 to 8.
PCT/CN2021/130173 2020-11-11 2021-11-11 Data encryption and data decryption methods, apparatus, storage medium, and electronic apparatus WO2022100675A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202011255552.9A CN114490451A (en) 2020-11-11 2020-11-11 Data encryption and data decryption method and device, storage medium and electronic device
CN202011255552.9 2020-11-11

Publications (1)

Publication Number Publication Date
WO2022100675A1 true WO2022100675A1 (en) 2022-05-19

Family

ID=81491188

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2021/130173 WO2022100675A1 (en) 2020-11-11 2021-11-11 Data encryption and data decryption methods, apparatus, storage medium, and electronic apparatus

Country Status (2)

Country Link
CN (1) CN114490451A (en)
WO (1) WO2022100675A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116975884A (en) * 2023-06-30 2023-10-31 萍乡逗花科技有限公司 Data security storage method and device

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103534976A (en) * 2013-06-05 2014-01-22 华为技术有限公司 Data security protection method, server, host, and system
CN106452770A (en) * 2015-08-12 2017-02-22 深圳市腾讯计算机系统有限公司 Data encryption method and apparatus, data decryption method and apparatus, and system
CN108133155A (en) * 2017-12-29 2018-06-08 北京联想核芯科技有限公司 Data encryption storage method and device
EP3379445A1 (en) * 2017-03-22 2018-09-26 Wincor Nixdorf International GmbH System and method to generate encryption keys based on information of peripheral devices
US20200082100A1 (en) * 2018-09-10 2020-03-12 John Almeida Storing and using multipurpose secret data
CN111444528A (en) * 2020-03-31 2020-07-24 海信视像科技股份有限公司 Data security protection method, device and storage medium

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103534976A (en) * 2013-06-05 2014-01-22 华为技术有限公司 Data security protection method, server, host, and system
CN106452770A (en) * 2015-08-12 2017-02-22 深圳市腾讯计算机系统有限公司 Data encryption method and apparatus, data decryption method and apparatus, and system
EP3379445A1 (en) * 2017-03-22 2018-09-26 Wincor Nixdorf International GmbH System and method to generate encryption keys based on information of peripheral devices
CN108133155A (en) * 2017-12-29 2018-06-08 北京联想核芯科技有限公司 Data encryption storage method and device
US20200082100A1 (en) * 2018-09-10 2020-03-12 John Almeida Storing and using multipurpose secret data
CN111444528A (en) * 2020-03-31 2020-07-24 海信视像科技股份有限公司 Data security protection method, device and storage medium

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116975884A (en) * 2023-06-30 2023-10-31 萍乡逗花科技有限公司 Data security storage method and device

Also Published As

Publication number Publication date
CN114490451A (en) 2022-05-13

Similar Documents

Publication Publication Date Title
US9735962B1 (en) Three layer key wrapping for securing encryption keys in a data storage system
JP6221014B1 (en) Secure shared key sharing system and method
US10547592B2 (en) Computing a global sum that preserves privacy of parties in a multi-party environment
US10425234B2 (en) Systems and methods for perfect forward secrecy (PFS) traffic monitoring via a hardware security module
WO2021017420A1 (en) Data processing method and apparatus, and electronic device
CN110661748B (en) Log encryption method, log decryption method and log encryption device
US20200175178A1 (en) Encrypted data exchange
CN107005577B (en) Fingerprint data processing method and processing device
WO2019001510A1 (en) Application information processing and downloading method, server, client and terminal device
CN111753320A (en) Data encryption method and device based on interceptor and computer equipment
CN113836559A (en) Sample alignment method, device, equipment and storage medium in federated learning
CN112883388A (en) File encryption method and device, storage medium and electronic device
WO2022100675A1 (en) Data encryption and data decryption methods, apparatus, storage medium, and electronic apparatus
CN114143108A (en) Session encryption method, device, equipment and storage medium
EP4125236A1 (en) Secret code verification protocol
CN114422237B (en) Data transmission method and device, electronic equipment and medium
CN115909560A (en) Data encryption method, data decryption method and door lock system
CN105681027A (en) HSM encrypted information synchronization method, device and system
US11455404B2 (en) Deduplication in a trusted execution environment
CN110502915B (en) Data processing method, device and system
CN111859351A (en) Method, system, server and storage medium for writing information into chip
CN106570410B (en) Data encryption method, data decryption method, device and system
CN114095157B (en) Key management method, key management device, computer equipment and readable storage medium
CN112688909B (en) Data transmission system, method, device, medium and equipment
CN113381854B (en) Data transmission method, device, equipment and storage medium

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21891195

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 06.10.2023)