CN101282212B - System and method for encipherment and decipherment based on template - Google Patents
System and method for encipherment and decipherment based on template Download PDFInfo
- Publication number
- CN101282212B CN101282212B CN2008101120058A CN200810112005A CN101282212B CN 101282212 B CN101282212 B CN 101282212B CN 2008101120058 A CN2008101120058 A CN 2008101120058A CN 200810112005 A CN200810112005 A CN 200810112005A CN 101282212 B CN101282212 B CN 101282212B
- Authority
- CN
- China
- Prior art keywords
- template
- data
- ciphertext
- operator
- deciphering
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The present invention relates to a ciphering/deciphering system based on a formwork and a method thereof, which belong to the technical field of information security. The ciphering to data is executed through a group of keys for ciphering the original text. The invention uses the existing ciphering technique for executing hybrid and cross ciphering to the original text through introducing a structured formwork of a data conversion subclass. When the method according to the invention is adopted, the characteristic of the ciphered data is weakened and the deciphering must be completed through the conjunction of the key and the structured formwork. Partial deciphering to the ciphertext can also be realized. The invention is suitable for the ciphering and deciphering the data in which the English word, number and Chinese characteristic are combined.
Description
Technical field
The invention belongs to field of information security technology, be specifically related to a kind of encrypting and decrypting system and method based on template.
Background technology
The AES and the method for the existing a lot of maturation of encrypting and decrypting, but because word frequency characteristic that vocabulary uses in the language performance and the regularity of using AES itself its essence is to reach through mapping algorithm, key and obscure distinctive purpose.
Multiple mixed encryption method also is the method that current simple raising deciphering cracks difficulty; Data encryption has a lot of research at home and abroad; Hybrid Encryption such as application number are 02152606.0 one Chinese patent application (publication number CN1503503A; Open day 2004.06.09) a kind of " data encryption, decryption method and device " disclosed; This method proposes the user and defines the module combinations of specifying a plurality of AESs in advance, cooperates data attribute correspondence and choice of dynamical mechanism, chooses a group encryption algoritic module combination data are done encryption.This method only proposes a kind of mode of encrypting module algorithm combination, and the encrypt and decrypt both sides need to confirm in advance the enciphering algorithm module composition mechanism, have increased difficulty for both sides' sync information.
Need frequent replacing key to guarantee the fail safe of encryption method in the practical application; And the cost of changing key is the key that needs to upgrade synchronously transmit leg and reciever; Particularly for the application of multiple Hybrid Encryption; Key is changed the probability that frequently will cause key to be intercepted and captured or crack and is increased, the reduction of its fail safe, and bring numerous and diverse key of rapid expansion to need management.
The literal encryption method of mentioning in existing literature or the patent does not also have to find the method based on the encrypted combination mode of template at present.
Summary of the invention
To the problem that exists in the prior art, the purpose of this invention is to provide a kind of encrypting and decrypting system and method based on template, this System and method for can be through the template of data conversion operator collection; Mix and use existing encryption technology; Obscuring the characteristic of enciphered data, thereby promote multiple Hybrid Encryption effect greatly, reduce the management difficulty of key series; Be easy to management and use; And, can realize the key dynamic combined has effectively been disperseed the safe pressure of key through the structured features of template.
For realizing the foregoing invention purpose; The technical scheme that the present invention adopts is: a kind of encrypting and decrypting system based on template; Comprise ciphertext container, template manager and operator manager; Wherein said ciphertext container be used to preserve ciphertext and original text and carry out encrypt, decryption processing, the structuring template that template manager is used to manage and provides the data conversion of ciphertext container encrypting and decrypting to use, the operator manager is used for managing and preserve the operator of the AES that encrypting and decrypting process needs use and gathers and association key; Described ciphertext container, template manager and operator manager link to each other successively, and the operator manager links to each other with the ciphertext container;
Said ciphertext container comprises transmit leg ciphertext container and recipient's ciphertext container; Said transmit leg ciphertext container carries out data encryption to operator manager request operator to the data designated zone and handles according to being provided with in the encrypted template; Said reciever ciphertext container carries out data decryption to operator manager request operator to the data designated zone and handles according to being provided with in the deciphering template; Described data designated zone is the part, the discontinuous zone of data in original text or the processing procedure;
Structuring template in the said template manager is used for that definition is encrypted, the deciphering rule set, is a kind of nested structural data of being made up of node of supporting, the structuring template comprises encrypted template and deciphers template.
Further; The ciphertext container perhaps is made up of the series processing that defines in the template the decryption processing of ciphertext for the encryption of original text; Promptly according to the operator sequencing that defines in the structuring template; Carry out data conversion one by one and handle, encryption is handled by the data conversion of a series of operators that original text is carried out of structuring template definition and is formed, and decryption processing then is made up of the data conversion processing of the reverse sequence of the correspondence that ciphertext is carried out.
Further; Each node definition is once operated the data conversion of original text or ciphertext in the said structuring template; Comprise: the key that data conversion operator, data conversion object, data verification operator, output encoder definition and encryption or deciphering need use; Wherein said data conversion operator is meant DEA or other data conversion rule; The data conversion object is meant the data area that needs conversion, and the data verification operator is the method that is used for verification msg legitimacy or validity, and the output encoder definition is meant the data of encrypting back output with which kind of coded system are preserved.
Further, described encrypted template is the processing order that has defined data conversion through the structured relations of its node, and the processing order that defines in described deciphering template and the encrypted template is just in time opposite.
Further; Be provided with in the described operator manager be used for to original text or ciphertext is encrypted or decryption processing enciphering algorithm module be used for the data transformation module of general data format conversion; The key that wherein need use in the data transformation module processing procedure is by the key information that writes down in the cryptographic key containers of system configuration, the template or directly provided by user's input.
A kind of encrypting and decrypting method based on template, this method may further comprise the steps:
1) acceptance of transmit leg ciphertext container needs the original text data of encryption, to template manager request encrypted template; Template is supported the nested configuration characteristics;
2) transmit leg ciphertext container is according to being provided with in the encrypted template, and the specific data that the operator deal with data is set through each node in the encrypted template is regional, to operator manager request operator data encryption is carried out in the data designated zone and is handled; Described specific data zone is the part, the discontinuous zone of data in original text or the processing procedure; Data in the above-mentioned processing procedure are meant the data area of original text and process encryption mixing afterwards, and the data area of each node setting allows to exist overlapping in the template;
3) transmit leg is accomplished after the above-mentioned encryption, is arranged on embedded template identification information in the ciphertext according to encrypted template, sends ciphertext to reciever after the completion data encryption;
4) acceptance of reciever ciphertext container needs to check the template identification information of its use after the encrypt data of deciphering, to the corresponding deciphering template of template manager request; Because template is supported the nested configuration characteristics, can only ask by nested subtemplate, or local according to the template of reciever authority distribution;
5) reciever ciphertext container carries out data decryption to operator manager request operator to the data designated zone and handles according to being provided with in the deciphering template;
6) reciever ciphertext container is provided with according to the deciphering template and accomplishes after the above-mentioned decryption processing, ciphertext is reduced to original text exports.
Further, in the step 1), the ciphertext container at first according to encrypted template or user's input of system configuration, to template manager request encrypted template, then according to processing order that defines in the encrypted template and cipher mode, carries out encryption to original text.
Further; In the step 3); The template identification information of being added is used for reciever identification and Search and Orientation arrives the deciphering template that needs use, and template identification information is to relate to the stream data that deciphering need be used data message after comprising the template identification title and removing formwork structure definition relevant information.Formwork structure definition relevant information is meant the definition structure before template data does not change.
Further, in the step 4), above-mentioned encrypted template also can be as original text and encrypted transmission with the deciphering template.
Further, in the step 5), reciever is according to accepting the Template Information that ciphertext embeds, and searches and reduce the deciphering template of coupling.
Further, in the step 6), reciever is deciphered ciphertext according to the deciphering template, and the processing order of its data conversion defines in the deciphering template, and its decryption processing order is just in time just in time opposite with the encryption order.
Further, in step 2) and/or step 5) in, need input password or key like encryption and/or decryption processing, provide by key information or user's input in the cryptographic key containers of system configuration, the encrypted template.
Effect of the present invention is: adopt method and system of the present invention, through the syntagmatic between the template definition key, promoted cipher round results in the multiple Hybrid Encryption processing greatly; And promoted the fail safe of key, and the most important thing is the way to manage of this template, greatly reduce the difficulty of the management of key series; Be easy to management and use; And, can realize the key dynamic combined has effectively been disperseed the safe pressure of key through the structured features of template.And; Because Chinese character classification literal adopts double-byte representation in computer; Different with English, the numeral of byte, and how a lot of the relative English alphabet of Chinese character number of words is, and the variation mapping mode of its literal code is more; It is better that it obscures the characteristic of eliminating word frequency in the back, we can say that this is the advantage that an aspect encrypted in the Chinese character literal.
Description of drawings
Fig. 1 is based on the encrypting and decrypting system structure chart of template in the embodiment of the invention;
Fig. 2 is based on the encryption method flow chart of template in the embodiment of the invention;
Fig. 3 is based on the decryption method flow chart of template in the embodiment of the invention.
Embodiment
Below in conjunction with Figure of description and embodiment the present invention is done further description.
As shown in Figure 1, a kind of encrypting and decrypting system based on template mainly comprises ciphertext container 11, template manager 12 and operator manager 13, and wherein ciphertext container 11 is used to preserve ciphertext and original text and carries out encryption, decryption processing; The structuring template that template manager 12 is used to manage and provides the data conversion of ciphertext container encrypting and decrypting to use, this template comprises encrypted template and deciphering template; Operator manager 13 is used for managing and preserving the AES of encrypting and decrypting process needs use, the operator set and the association key of encryption method.Described ciphertext container 11, template manager 12 link to each other with operator manager 13 successively, and the operator manager links to each other with ciphertext container 11.
In the present embodiment; Ciphertext container 11 is for the encryption of original text or to the decrypting process of ciphertext; Processing sequence by defining in the structuring template is formed; Handled by the data conversion to a series of original text that defines in the structuring template like encryption and to form, decryption processing then is made up of the data conversion processing of the reverse sequence of the correspondence that ciphertext is carried out.
In the present embodiment; The structuring template that above-mentioned template manager 12 uses is used for definition to encrypting, decipher rule set; It is a kind of nested structural data of forming by node of supporting; Once to the data conversion operation of original text or ciphertext, this definition comprises in each node definition in the structuring template: the key that data conversion operator, data conversion object, data verification operator, output encoder definition and encryption or deciphering need use, and wherein the data conversion operator is meant DEA or other data conversion rule; The typical case is like the des encryption algorithm etc.; Wherein the data conversion object is meant the data area that needs conversion, and the data verification operator is the existing method that is used for verification msg legitimacy or validity, like MD5 hashing algorithm; Wherein output encoder definition is meant the data of encrypting back output with which kind of coded system are preserved, and typical case as BASE64 encode etc.
In the present embodiment, the structuring template that above-mentioned template manager 12 uses uses the structured relations of its node to define the orbution of deal with data conversion, and the processing order that defines in deciphering template and the encrypted template is just in time opposite.
In the present embodiment; Be provided with in the described operator manager be used for to original text or ciphertext is encrypted or the enciphering algorithm module of decryption processing be used for the data transformation module of general data format conversion; The key that wherein need use in the data transformation module processing procedure is by the key information that writes down in the cryptographic key containers of system configuration, the template or directly provided by user's input.
As shown in Figures 2 and 3, a kind of encrypting and decrypting method based on template may further comprise the steps:
1) acceptance of transmit leg ciphertext container needs the original text 21 of encryption, to template manager request encrypted template 22;
In the present embodiment, the original text that transmit leg prepare to be encrypted is " 2008 Good Luck Beijing ", being encoded to of its computer 16 systems " 0,032 0,030 0,030 0,038 5317 4EAC, 5965 8FD0 ".
In the present embodiment, the ciphertext container to the encrypted template of template manager request definition (hereinafter to be referred as XmlT-1) as follows, wherein password is by system configuration:
<?xml?version=″1.0″encoding=″utf-8″?>
< template id=" B3EB8AB7-6163-4873-B37F-2C9FE0263143 " name=" biconjugate test "
type=″EncDes″>
<items?rule=″Package″>
< item id=" 08-23 " name=" DES operator " functor=" DES " >
<vector?type=″password″><![CDATA[123]]></vector>
<regions>
<section?No=″1″begin=″0″end=″3″/>
</regions>
<input>
<validate?method=″″/>
</input>
<output?encoding=″Base64″/>
</item>
< item id=" 07-05 " name=" 3DES operator " functor=" TripleDES " >
<vector?type=″password″><![CDATA[321]]></vector>
<regions>
<section?No=″1″begin=″8″end=″end″/>
</regions>
<output?encoding=″UTF8″/>
</item>
</items>
</template>
2) transmit leg ciphertext container is according to (being the defined particular content of each node in the encrypted template) is set in the encrypted template; Search and ask to encrypt operator 23 to the operator manager; Data encryption is carried out in the data designated zone handled 24; In this process; Need input password or key like enciphering transformation, provide by key information or user input in the cryptographic key containers (all comprise cryptographic key containers in the general operation system, apparatus of the present invention are through the cryptographic key containers of interface interchange operating system) of system configuration, the encrypted template;
In the present embodiment; Encrypted template is made up of two data transform definition nodes; Wherein first id equals " 08-23 ", name is called the operator of " DES operator ", searches actual encryption operator for " DES " in the operator manager, and this operator is that the data of 0 to 3 byte are encrypted to the data directory of input; Wherein Crypted password is " 123 ", and its data of encrypting back output are exported with the Base64 form coding; Second id equals the operator that " 07-05 " name is called " 3DES operator "; Search actual encryption operator in the operator manager for " TripleDES "; This operator is 10 to encrypt to the data at data end to the data directory of input; Wherein Crypted password is " 321 ", and its data of encrypting back output are exported with the UTF8 form coding;
Ciphering process is:
1) id equals the operator of " 08-23 "; The data of searching data directory and be 0 to 3 byte are " 2008 "; Corresponding coding " 0,032 0,030 0,030 0038 "; Carrying out the data of encrypting the back generation is " BF47 EBAB B82E 5AEA "; Output is encoded according to Base64; Then newly-generated digital coding is: " 00520037 002B, 0,072 0,036 0,079 0,036 0,034 0036 006C 006F 003D ", then corresponding with unencrypted Good Luck Beijing coding " 5317 4EAC, 5965 8FD0 " is combined as new data: " 00520037 002B, 0,072 0,036 0,079 0,036 0,034 0036 006C 006F 003D, 5317 4EAC5965 8FD0 ".Carrying out rear pattern plate (hereinafter to be referred as XmlT-2) is changed to
<?xml?version=″1.0″encoding=″utf-8″?>
< template id=" B3EB8AB7-6163-4873-B37F-2C9FE0263143 " name=" biconjugate test "
type=″EncDes″>
<items?rule=″Package″>
Item id=" 08-23 " name=" DES operator " functor=" DES " serial=" 1 "
<vector?type=″password″><![CDATA[123]]></vector>
<regions>
<section?No=″1″begin=″0″end=″11″/>
</regions>
<input>
<validate?method=″″/>
</input>
<output?encoding=″Base64″/>
</item>
< item id=" 07-05 " name=" 3DES operator " functor=" TripleDES " >
<vector?type=″password″><![CDATA[321]]></vector>
<regions>
<section?No=″1″begin=″8″end=″end″/>
</regions>
<output?encoding=″UTF8″/>
</item>
</items>
</template>
Can find out that from above-mentioned template the section of operator record changes after treatment, write down the length of end position, and the order serial that this operator has write down when pre-treatment be 1 for data after encrypting;
2) id equals the operator of " 07-05 "; In above-mentioned encrypted result data, searching data directory is that 8 bytes are to the corresponding coding of end of data " 0036 006C 006F 003D, 5317 4EAC, 5965 8FD0 "; Carrying out the data of encrypting the back generation is " 83CF 1ACB F362 CFF4 9,701 0978 272A 1A3E2AEB 9,0D4 6685 664D "; Output is encoded according to UTF8, and then newly-generated digital coding is: " 8FE8 E18F 8BAB 8DEF ECA2 B4BF 9CE9 E081 B8A5 9CE2 E1AABEA8 ABE2 E9AB 9483 9AE6 E685 8D99 "
Be combined as new data with encode when the pre-operator unencryption " 0,052 0037 002B 0,072 0,036 0,079 0,036 0034 ": " 0,052 0037 002B, 0,072 0,036 0,079 0,036 0034 8FE8 E18F8BAB 8DEF ECA2 B4BF 9CE9 E081 B8A5 9CE2E 1AA BEA8 ABE2 E9AB9483 9AE6 E685 8D99 ".Carrying out rear pattern plate (hereinafter to be referred as XmlT-3) is changed to
<?xml?version=″1.0″encoding=″utf-8″?>
< template id=" B3EB8AB7-6163-4873-B37F-2C9FE0263143 " name=" biconjugate test "
type=″EncDes″>
<items?rule=″Package″>
Item id=" 08-23 " name=" DES operator " functor=" DES " serial=" 1 "
<vector?type=″password″><![CDATA[123]]></vector>
<regions>
<section?No=″1″begin=″0″end=″11″/>
</regions>
<input>
<validate?method=″″/>
</input>
<output?encoding=″Base64″/>
</item>
Item id=" 07-05 " name=" 3DES operator " functor=" TripleDES " serial=" 2 "
<vector?type=″password″><![CDATA[321]]></vector>
<regions>
<section?No=″1″begin=″8″end=″end″/>
</regions>
<output?encoding=″UTF8″/>
</item>
</items>
</template>
Can find out from above-mentioned template that after handling through the operator of " 07-05 ", the section record changes, write down the variation that physical length that end is labeled as the ED position has taken place, and the order serial that this operator has write down when pre-treatment be 2;
In the present embodiment; The specific data zone is the discontinuous local data in the original text data in the encrypted template; Its data area scope appointment in template, this specific data zone can also be original text and the data area that mixes afterwards through encryption, and the data area of encryption settings physically allows to exist overlapping in the template; But do not allow to exist overlapping on the processing order, its processing order is by the structures shape of template.
3) transmit leg is accomplished after the above-mentioned encryption, and ciphertext is according to the encrypted template setting, and embedded template information is sent ciphertext 25 to reciever after the completion data encryption;
The ciphertext that original text obtains after encrypting through the ciphertext container in the present embodiment is " 0,052 0037 002B0072,0,036 0,079 0,036 0034 8FE8 E18F 8BAB 8DEF ECA2 B4BF 9CE9 E081B8A5 9CE2 E1AA BEA8 ABE2 E9AB, 9483 9AE6 E685 8D99 ".In the step (3), after transmit leg is accomplished and is encrypted, must be at encrypt file head added pattern identification information, its additional Template Information is meant and removes the formwork structure definition that deciphering need be used the stream data of information.In final present embodiment; Embedded template information is " template x5EB3EB8AB7-6163-4873-B37F-2C9FE0263143 EncDes " Package " 1:id " 08-23 " 123 0 11 2:id " 07-05 " 321 8$. " in the ciphertext head that reciever sends. above-mentioned template representes the data head of fixed definitions; What the back was right after is the data length of this template identification information; 94 bytes are promptly arranged, definition subsequently be that the GUID of globally unique identifier of this template is B3EB8AB7-6163-4873-B37F-2C9FE0263143.
4) to need decrypted data stream be ciphertext 31 to the acceptance of reciever ciphertext container, checks the Template Information of its use, to the corresponding deciphering template 32 of template manager request.
In the present embodiment, reciever is accepted the Template Information that ciphertext embeds, and from ciphertext, seeks in the added pattern identification information; The GUID of globally unique identifier that extracts this template is B3EB8AB7-6163-4873-B37F-2C9FE0263143; In template manager, find corresponding template by this GUID, according to template style, the data shown in XmlT-1; Synthetic with above-mentioned added pattern identification information, recover to generate the data shown in the XmlT-3 again.
Take place unusually as not having corresponding templates or generating the data shown in the XmlT-3, then decrypting process is all failed.
5) reciever ciphertext container,, to operator manager request deciphering operator 33 and carries out data decryption to the data designated zone and handles 34 according to the order of definition according in the deciphering template (promptly deciphering the defined particular content of each node in the template) being set.Its process and ciphering process are just in time opposite.
In the present embodiment; Because what encryption was all adopted is symmetric encipherment algorithm; Reciever uses identical template with transmit leg, according to the deciphering template, ciphertext is deciphered; Order and ciphering process that its applying decryption is handled are just in time opposite, need provide the processing of key identical with prior art in the decrypting process.
6) reciever ciphertext container is provided with after the above-mentioned decryption processing of reverse completion according to the deciphering template, ciphertext is reduced to original text exports 35.
Application of the present invention obtains following implementation result:
1. based on the encrypted combination of template, the data area that reaches data encryption process intersects encrypts, and the data encrypted characteristic weakens more, has increased to crack difficulty;
2. template is supported nested and its structures, can support the part distribution of template, promptly can realize: the 1) partial update of template; 2) based on the local distribution of the template of authorizing; 3) template itself can be used as cryptographic object; 4) template possesses the signature verification ability; 5) template must be used with common key, lacks either party and all can cause the deciphering failure.6) can realize deciphering, can be applicable to the encryption application occasion of specific and authority classification etc. to the part of ciphertext;
3. through checking, method of the present invention is particularly suitable for the encryption of original text of the literal mixing of English digital and Chinese character type.
Method of the present invention is not limited to the embodiment described in the embodiment, and those skilled in the art's technical scheme according to the present invention draws other execution mode, belongs to technological innovation scope of the present invention equally.
Claims (12)
1. encrypting and decrypting system based on template; Comprise ciphertext container, template manager and operator manager; Wherein said ciphertext container is used to preserve ciphertext and original text and carries out encryption, decryption processing; The structuring template that described template manager is used to manage and provides the data conversion of ciphertext container encrypting and decrypting to use; Described operator manager is used for managing and preserve the operator set and the association key of the AES that encrypting and decrypting process needs use, and described ciphertext container, template manager and operator manager link to each other successively, and the operator manager links to each other with the ciphertext container;
Said ciphertext container comprises transmit leg ciphertext container and recipient's ciphertext container; Said transmit leg ciphertext container carries out data encryption to operator manager request operator to the data designated zone and handles according to being provided with in the encrypted template; Said reciever ciphertext container carries out data decryption to operator manager request operator to the data designated zone and handles according to being provided with in the deciphering template; Described data designated zone is the part, the discontinuous zone of data in original text or the processing procedure;
Structuring template in the said template manager is used for that definition is encrypted, the deciphering rule set, is a kind of nested structural data of being made up of node of supporting, the structuring template comprises encrypted template and deciphers template.
2. a kind of encrypting and decrypting system as claimed in claim 1 based on template; It is characterized in that: described ciphertext container is handled by the sequence of operators that defines in the structuring template for the encryption of original text or to the decryption processing of ciphertext and is formed; Promptly according to the operator sequencing that defines in the structuring template; Carrying out data conversion one by one handles; Encryption is handled by the data conversion of a series of operators that original text is carried out of structuring template definition and is formed, and decryption processing then is made up of the data conversion processing of the reverse sequence of the correspondence that ciphertext is carried out.
3. a kind of encrypting and decrypting system as claimed in claim 2 based on template; It is characterized in that: each node definition is once operated the data conversion of original text or ciphertext in the said structuring template; This definition comprises: the key that data conversion operator, data conversion object, data verification operator, output encoder definition and encryption or deciphering need use; Wherein said data conversion operator is meant DEA or other data conversion rule; The data conversion object is meant the data area that needs conversion; The data verification operator is the method that is used for verification msg legitimacy or validity, and the output encoder definition is meant the data of encrypting back output with which kind of coded system are preserved.
4. a kind of encrypting and decrypting system as claimed in claim 3 based on template; It is characterized in that: described encrypted template is the processing order that has defined data conversion through the structured relations of its node, and the processing order that defines in described deciphering template and the encrypted template is just in time opposite.
5. a kind of encrypting and decrypting system as claimed in claim 4 based on template; It is characterized in that: be provided with in the described operator manager be used for to original text or ciphertext is encrypted or the enciphering algorithm module of decryption processing be used for the data transformation module of general data format conversion; The key that wherein need use in the data transformation module processing procedure is by the key information that writes down in the cryptographic key containers of system configuration, the template or directly provided by user's input.
6. encrypting and decrypting method based on template, this method may further comprise the steps:
1) acceptance of transmit leg ciphertext container needs the original text data of encryption, to template manager request encrypted template; Template is supported the nested configuration characteristics;
2) transmit leg ciphertext container is according to being provided with in the encrypted template, and the specific data that the operator deal with data is set through each node in the encrypted template is regional, to operator manager request operator data encryption is carried out in the data designated zone and is handled; Described specific data zone is the part, the discontinuous zone of data in original text or the processing procedure; Data in the above-mentioned processing procedure are meant the data area of original text and process encryption mixing afterwards, and the data area of each node setting allows to exist overlapping in the template;
3) transmit leg is accomplished after the above-mentioned encryption, is arranged on embedded template identification information in the ciphertext according to encrypted template, sends ciphertext to reciever after the completion data encryption;
4) acceptance of reciever ciphertext container needs to check the template identification information of its use after the encrypt data of deciphering, to the corresponding deciphering template of template manager request; Because template is supported the nested configuration characteristics, can only ask by nested subtemplate, or local according to the template of reciever authority distribution;
5) reciever ciphertext container carries out data decryption to operator manager request operator to the data designated zone and handles according to being provided with in the deciphering template;
6) reciever ciphertext container is provided with according to the deciphering template and accomplishes after the above-mentioned decryption processing, ciphertext is reduced to original text exports.
7. a kind of encrypting and decrypting method as claimed in claim 6 based on template; It is characterized in that: in the step 1); The ciphertext container is at first imported according to the encrypted template or the user of system configuration; To template manager request encrypted template,, original text is carried out the encryption of series then according to processing order that defines in the encrypted template and cipher mode.
8. like claim 6 or 7 described a kind of encrypting and decrypting methods based on template; It is characterized in that: in the step 3); Embedded template identification information is used for reciever identification and Search and Orientation arrives the deciphering template that needs use; Template identification information is to relate to the stream data that deciphering need be used data message after comprising the template identification title and removing formwork structure definition relevant information, and described formwork structure definition relevant information is meant the definition structure before template data does not change.
9. like claim 6 or 7 described a kind of encrypting and decrypting methods based on template, it is characterized in that: in the step 4), above-mentioned encrypted template and deciphering template are also as original text and encrypted transmission.
10. like claim 6 or 7 described a kind of encrypting and decrypting methods based on template, it is characterized in that: in the step 5), reciever is according to accepting the Template Information that ciphertext embeds, and searches and reduce the deciphering template of coupling.
11. like claim 6 or 7 described a kind of encrypting and decrypting methods based on template; It is characterized in that: in the step 6); Reciever is according to the deciphering template; Ciphertext is deciphered, and the processing order of its data conversion defines in the deciphering template, and its decryption processing order and encryption order are just in time opposite.
12. like claim 6 or 7 described a kind of encrypting and decrypting methods based on template; It is characterized in that: in step 2) and/or step 5) in; Need input password or key like encryption and/or decryption processing, provide by key information or user input in the cryptographic key containers of system configuration, the encrypted template.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2008101120058A CN101282212B (en) | 2008-05-20 | 2008-05-20 | System and method for encipherment and decipherment based on template |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2008101120058A CN101282212B (en) | 2008-05-20 | 2008-05-20 | System and method for encipherment and decipherment based on template |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101282212A CN101282212A (en) | 2008-10-08 |
| CN101282212B true CN101282212B (en) | 2012-04-25 |
Family
ID=40014511
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2008101120058A Expired - Fee Related CN101282212B (en) | 2008-05-20 | 2008-05-20 | System and method for encipherment and decipherment based on template |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101282212B (en) |
Families Citing this family (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104393988B (en) * | 2014-12-03 | 2018-06-22 | 浪潮(北京)电子信息产业有限公司 | A kind of reversible data ciphering method and device |
| CN108334785A (en) * | 2017-01-20 | 2018-07-27 | 华为技术有限公司 | A kind of file encrypting method, decryption method and terminal |
| CN106850220B (en) * | 2017-02-22 | 2021-01-01 | 腾讯科技(深圳)有限公司 | Data encryption method, data decryption method and device |
| CN111339558A (en) * | 2020-02-21 | 2020-06-26 | 深圳壹账通智能科技有限公司 | Data encryption method, data decryption method, computer device and medium |
| CN111711519A (en) * | 2020-08-19 | 2020-09-25 | 杭州海康威视数字技术股份有限公司 | Data processing method, device and equipment based on dynamic white box |
| CN112749402B (en) * | 2021-01-07 | 2024-04-23 | 苍穹数码技术股份有限公司 | Electronic data processing method and device, electronic equipment and storage medium |
| CN117171769A (en) * | 2023-08-18 | 2023-12-05 | 上海数禾信息科技有限公司 | Encryption and decryption method, device, equipment and medium for financial user data |
-
2008
- 2008-05-20 CN CN2008101120058A patent/CN101282212B/en not_active Expired - Fee Related
Also Published As
| Publication number | Publication date |
|---|---|
| CN101282212A (en) | 2008-10-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101282212B (en) | System and method for encipherment and decipherment based on template | |
| US9608822B2 (en) | Method for generating an HTML document that contains encrypted files and the code necessary for decrypting them when a valid passphrase is provided | |
| CN107800537B (en) | Encryption database system and method based on quantum key distribution technology, storage method and query method | |
| CN103457718A (en) | Partial ciphertext update using variable-length segment and fixed grouping | |
| CN102333236A (en) | Video content encryption and decryption system | |
| CN101305542B (en) | Method for downloading digital certificate and cryptographic key | |
| CN105376261B (en) | Encryption method and system for instant messaging message | |
| CN101019370A (en) | Method of providing conditional access | |
| JP2008500589A5 (en) | ||
| CN106301777A (en) | Quick Response Code encrypted transmission method and system | |
| UA89784C2 (en) | Method for encrypting and transferring data between a sender and a receiver using a network | |
| US9202023B2 (en) | Digital rights management method | |
| TW201409990A (en) | Communication method utilizing fingerprint information for authentication | |
| CN102163178A (en) | Secure storage method of data | |
| CN103198264A (en) | Method and device for recovering encrypted file system data | |
| CN109391936A (en) | A kind of method of OTA upgrade package encryption downloading | |
| CN103117850B (en) | A kind of method for building up of the cryptographic system based on random sequence database | |
| CN103942500A (en) | Hash ciphertext re-encryption method based on noise and decryption method after re-encryption | |
| JP2002049310A (en) | Ciphering and deciphering device, authentication device and storage medium | |
| CN109150505A (en) | A kind of information transferring method and device for SAP system | |
| CN104038337A (en) | Data encryption method based on AES128 | |
| CN105915345A (en) | Realization method for authorized production and reform in home gateway device production testing | |
| CN102882675A (en) | Password encryption method for social network sites | |
| CN101399663B (en) | Method, system and device for digital content authentication | |
| CN112528309A (en) | Data storage encryption and decryption method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C17 | Cessation of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20120425 Termination date: 20140520 |