CN105471900A - Method and device for encrypting and decrypting data - Google Patents
Method and device for encrypting and decrypting data Download PDFInfo
- Publication number
- CN105471900A CN105471900A CN201511018609.2A CN201511018609A CN105471900A CN 105471900 A CN105471900 A CN 105471900A CN 201511018609 A CN201511018609 A CN 201511018609A CN 105471900 A CN105471900 A CN 105471900A
- Authority
- CN
- China
- Prior art keywords
- data
- decrypt
- encryption
- cryptographic object
- stored
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a method and a device for encrypting and decrypting data. The method for encrypting and decrypting data comprises the steps of detecting whether any obtain data has an encryption request or a decryption request; when it is detected that any data has the encryption requirement, extracting a pre-stored encryption object, and encrypting the data according to the extracted encryption object; when it is detected that the data has the decryption request, extracting the pre-stored decryption object, and encrypting the data according to the extracted decryption object. According to the method and device for encrypting and decrypting data provided by the invention, when the data has the encryption request or decryption request, the encryption object or decryption object is directly extracted for encryption or decryption, the problems that the whole encryption/decryption process is time-consuming and low in success rate due to the fact that the encryption object and the decryption object need to be created in real time during each time of data encryption and decryption, so that the efficiency and success rate of encryption and decryption of user data are improved while the security of user data is ensured, and thereby the usage experience of the user is enhanced.
Description
Technical field
The present invention relates to technical field of data processing, in particular to a kind of encipher-decipher method of data and a kind of ciphering and deciphering device of data.
Background technology
In the application of the Internet, often will transmit some a large number of users sensitive datas, these data, to the mutual transmission of safety, particularly under high complications, more will rely on the encryption technology of high efficient and reliable.Along with the increase of application to high performance demands, traditional encipherment scheme can not meet these demands, needs the encryption technology of more high efficient and reliable to go to realize above demand.
Along with the high speed development of the Internet, the user of software kit product is also in quick growth, hundreds of thousands is had to rise to millions of even ten million, the user of software kit product is to the Internet future development, this just requires that the authorization of software kit product departs from the authorization of traditional software, and traditional authorization is all independently do not associate, and performance requirement is not high, existing authorization is interconnected network mode, and is authorize under high complications.In the design and development process of correlation technique, due to high and the complexity of the business of giving, the performance of server and code logic, this technology is given efficiency there will be breakover point at ten thousand grade at present, and declining all can appear in encryption and decryption efficiency and success rate.
The contract for fixed output quotas number of users of product of traditional software is fixing substantially, less demanding to user concurrent number, and the number of users of mobile Internet product end is ever-increasing, and the use of user is continual, all likely there is a large amount of user data at any time, the fail safe of user data is most important, owing to being encrypted the sensitive data of user, such user will to feel slowly a lot of when access, particularly under high complications, there will be user and receive information slowly, even occur the situation of mistake, have a strong impact on the experience of user.
Therefore, how while guaranteeing secure user data, improve and technical problem urgently to be resolved hurrily is become to the encryption and decryption efficiency of user data and success rate.
Summary of the invention
The present invention just based on above-mentioned technical problem one of at least, propose a kind of encryption and decryption scheme of new data, can prestore being used for the cryptographic object of data encrypting and deciphering and decrypt objects, and when data have encryption requirements or deciphering demand, extracting directly cryptographic object or decrypt objects are encrypted or decipher, avoid and all need to create in real time cryptographic object and decrypt objects when encryption and decryption data at every turn and make whole encryption process length consuming time and the problem such as success rate is lower, make while guaranteeing secure user data, improve the encryption and decryption efficiency to user data and success rate, thus improve the experience of user.
In view of this, the present invention proposes a kind of encipher-decipher method of data, comprising: whether detect the arbitrary data got has encryption requirements or deciphering demand; When detecting that described arbitrary data have encryption requirements, extracting the cryptographic object of pre-stored, and according to the described cryptographic object extracted, described arbitrary data being encrypted; When detecting that described arbitrary data have deciphering demand, extract the decrypt objects of pre-stored, and according to the described decrypt objects extracted to described arbitrary decrypt data.
In this technical scheme, encryption requirements or deciphering demand whether is had by detecting the arbitrary data got, and when detecting that arbitrary data have encryption requirements, extract the cryptographic object of pre-stored, and according to the cryptographic object extracted, arbitrary data are encrypted, and when detecting that arbitrary data have deciphering demand, extract the decrypt objects of pre-stored, and according to the decrypt objects extracted to arbitrary decrypt data, can prestore being used for the cryptographic object of data encrypting and deciphering and decrypt objects, and when data have encryption requirements or deciphering demand, extracting directly cryptographic object or decrypt objects are encrypted or decipher, avoid and all need to create in real time cryptographic object and decrypt objects when encryption and decryption data at every turn and make whole encryption process length consuming time and the problem such as success rate is lower, make while guaranteeing secure user data, improve the encryption and decryption efficiency to user data and success rate, thus improve the experience of user.In addition, due to cryptographic object and decrypt objects need not be created in real time, greatly save system resource, make system have more idling-resource and process more data simultaneously, thus improve the disposal ability of system under high complications.
In technique scheme, preferably, before detecting arbitrary data of getting and whether having the step of encryption requirements or deciphering demand, also comprise: obtain the encryption key used when described arbitrary data are encrypted, and/or to the decruption key used during described arbitrary decrypt data process; Generate described cryptographic object according to described encryption key, and/or generate described decrypt objects according to described decruption key; Initialization process is carried out to described cryptographic object and/or described decrypt objects; And store the described cryptographic object after initialization process and/or the described decrypt objects after initialization process.
In this technical scheme, the encryption key used during by obtaining and being encrypted arbitrary data, cryptographic object is generated according to encryption key, initialization process is carried out to cryptographic object, and stores the cryptographic object after initialization process, make follow-up when data have encryption requirements, the cryptographic object of extracting directly pre-stored data can be encrypted, substantially increase encryption efficiency, avoiding to picture, encryption being made mistakes because creating encryption in real time simultaneously, improve the success rate to data encryption; And by obtaining the encryption key used during arbitrary decrypt data process, decrypt objects is generated according to decruption key, initialization process is carried out to decrypt objects, and store the decrypt objects after initialization process, make follow-up when data have deciphering demand, can the decrypt objects of extracting directly pre-stored to decrypt data, substantially increase decryption efficiency, avoiding to picture, deciphering being made mistakes because creating deciphering in real time simultaneously, improve the success rate to data deciphering.Wherein, cryptographic object and decrypt objects comprise PKCS8EncodedKeySpec object, KeyFactory object, Key object and Cipher object respectively.
In above-mentioned any one technical scheme, preferably, the described cryptographic object after initialization process and/or the described decrypt objects after initialization process are stored in buffer memory.
In this technical scheme, preferably the cryptographic object after initialization process and/or the decrypt objects after initialization process are stored in buffer memory, due in data processing, processor is all generally that first from buffer memory, extract data carries out relevant treatment, make the processing speed of the data stored in the buffer relatively very fast, improve the disposal ability of system, thus the response speed that improve user, certainly, can also according to the design requirement of reality, cryptographic object and/or decrypt objects are stored to other storage areas of system, extract at any time in order to during needs.
In above-mentioned any one technical scheme, preferably, also comprise: the step extracting the cryptographic object of pre-stored, specifically comprises: from described buffer memory, extract described cryptographic object; And after described arbitrary data are encrypted, the described cryptographic object extracted is stored in described buffer memory again.
In this technical scheme, after arbitrary data are encrypted, by the cryptographic object extracted is stored in buffer memory again, the data extracting directly cryptographic object of encryption requirements is had to provide safeguard for follow-up, certainly, according to the design requirement of reality, cryptographic object can also be stored to other storage areas of system, extract at any time in order to during needs.
In above-mentioned any one technical scheme, preferably, extract the step of the decrypt objects of pre-stored, specifically comprise: from described buffer memory, extract described decrypt objects; And after to described arbitrary decrypt data, the described decrypt objects extracted is stored in described buffer memory again.
In this technical scheme, after to arbitrary decrypt data, by the decrypt objects extracted is stored in buffer memory again, the data extracting directly cryptographic object of deciphering demand is had to provide safeguard for follow-up, certainly, according to the design requirement of reality, decrypt objects can also be stored to other storage areas of system, extract at any time in order to during needs.
According to a second aspect of the invention, also proposed a kind of ciphering and deciphering device of data, comprising: detecting unit, whether having encryption requirements or deciphering demand for detecting the arbitrary data got; Ciphering unit, during for detecting that at described detecting unit described arbitrary data have an encryption requirements, extracting the cryptographic object of pre-stored, and being encrypted described arbitrary data according to the described cryptographic object extracted; Decryption unit, during for detecting that at described detecting unit described arbitrary data have a deciphering demand, extracts the decrypt objects of pre-stored, and according to the described decrypt objects extracted to described arbitrary decrypt data.
In this technical scheme, encryption requirements or deciphering demand whether is had by detecting the arbitrary data got, and when detecting that arbitrary data have encryption requirements, extract the cryptographic object of pre-stored, and according to the cryptographic object extracted, arbitrary data are encrypted, and when detecting that arbitrary data have deciphering demand, extract the decrypt objects of pre-stored, and according to the decrypt objects extracted to arbitrary decrypt data, can prestore being used for the cryptographic object of data encrypting and deciphering and decrypt objects, and when data have encryption requirements or deciphering demand, extracting directly cryptographic object or decrypt objects are encrypted or decipher, avoid and all need to create in real time cryptographic object and decrypt objects when encryption and decryption data at every turn and make whole encryption process length consuming time and the problem such as success rate is lower, make while guaranteeing secure user data, improve the encryption and decryption efficiency to user data and success rate, thus improve the experience of user.In addition, due to cryptographic object and decrypt objects need not be created in real time, greatly save system resource, make system have more idling-resource and process more data simultaneously, thus improve the disposal ability of system under high complications.
In technique scheme, preferably, also comprise: acquiring unit, for detecting before whether the described arbitrary data got have encryption requirements or deciphering demand at described detecting unit, the encryption key used when described arbitrary data are encrypted, and/or to the decruption key used during described arbitrary decrypt data process; Generation unit, for generating described cryptographic object according to described encryption key, and/or generates described decrypt objects according to described decruption key; Processing unit, for carrying out initialization process to described cryptographic object and/or described decrypt objects; Memory cell, for storing the described cryptographic object after initialization process and/or the described decrypt objects after initialization process.
In this technical scheme, the encryption key used during by obtaining and being encrypted arbitrary data, cryptographic object is generated according to encryption key, initialization process is carried out to cryptographic object, and stores the cryptographic object after initialization process, make follow-up when data have encryption requirements, the cryptographic object of extracting directly pre-stored data can be encrypted, substantially increase encryption efficiency, avoiding to picture, encryption being made mistakes because creating encryption in real time simultaneously, improve the success rate to data encryption; And by obtaining the encryption key used during arbitrary decrypt data process, decrypt objects is generated according to decruption key, initialization process is carried out to decrypt objects, and store the decrypt objects after initialization process, make follow-up when data have deciphering demand, can the decrypt objects of extracting directly pre-stored to decrypt data, substantially increase decryption efficiency, avoiding to picture, deciphering being made mistakes because creating deciphering in real time simultaneously, improve the success rate to data deciphering.Wherein, cryptographic object and decrypt objects comprise PKCS8EncodedKeySpec object, KeyFactory object, Key object and Cipher object respectively.
In above-mentioned any one technical scheme, preferably, described memory cell specifically for: the described cryptographic object after initialization process and/or the described decrypt objects after initialization process are stored in buffer memory.
Preferably the cryptographic object after initialization process and/or the decrypt objects after initialization process are stored in buffer memory, due in data processing, processor is all generally that first from buffer memory, extract data carries out relevant treatment, make the processing speed of the data stored in the buffer relatively very fast, improve the disposal ability of system, thus the response speed that improve user, certainly, can also according to the design requirement of reality, cryptographic object and/or decrypt objects are stored to other storage areas of system, extract at any time in order to during needs.
In above-mentioned any one technical scheme, preferably, described ciphering unit, specifically for extracting described cryptographic object from described buffer memory; Described memory cell, also for after described ciphering unit is encrypted described arbitrary data, is stored in described buffer memory again by the described cryptographic object extracted.
In this technical scheme, after arbitrary data are encrypted, by the cryptographic object extracted is stored in buffer memory again, the data extracting directly cryptographic object of encryption requirements is had to provide safeguard for follow-up, certainly, according to the design requirement of reality, cryptographic object can also be stored to other storage areas of system, extract at any time in order to during needs.
In above-mentioned any one technical scheme, preferably, described decryption unit, specifically for extracting described decrypt objects from described buffer memory; Described memory cell, also for after described decryption unit is to described arbitrary decrypt data, is stored in described buffer memory again by the described decrypt objects extracted.
In this technical scheme, after to arbitrary decrypt data, by the decrypt objects extracted is stored in buffer memory again, the data extracting directly cryptographic object of deciphering demand is had to provide safeguard for follow-up, certainly, according to the design requirement of reality, decrypt objects can also be stored to other storage areas of system, extract at any time in order to during needs.
By above technical scheme, can prestore being used for the cryptographic object of data encrypting and deciphering and decrypt objects, and when data have encryption requirements or deciphering demand, extracting directly cryptographic object or decrypt objects are encrypted or decipher, avoid and all need to create in real time cryptographic object and decrypt objects when encryption and decryption data at every turn and make whole encryption process length consuming time and the problem such as success rate is lower, make while guaranteeing secure user data, improve the encryption and decryption efficiency to user data and success rate, thus improve the experience of user, and improve the disposal ability of system under high complications.
Accompanying drawing explanation
Fig. 1 shows the schematic flow diagram of the encipher-decipher method of data according to an embodiment of the invention;
Fig. 2 shows the schematic block diagram of the ciphering and deciphering device of data according to an embodiment of the invention;
Fig. 3 shows the schematic flow diagram of the encryption of data in correlation technique according to an embodiment of the invention;
Fig. 4 shows the schematic flow diagram of the decryption processing of data in correlation technique according to an embodiment of the invention;
Fig. 5 shows the schematic flow diagram of the encipher-decipher method of data according to another embodiment of the invention;
Fig. 6 A shows the surface chart of data encryption pressure testing results according to an embodiment of the invention;
Fig. 6 B shows the surface chart of data deciphering pressure testing results according to an embodiment of the invention.
Embodiment
In order to more clearly understand above-mentioned purpose of the present invention, feature and advantage, below in conjunction with the drawings and specific embodiments, the present invention is further described in detail.It should be noted that, when not conflicting, the feature in the embodiment of the application and embodiment can combine mutually.
Set forth a lot of detail in the following description so that fully understand the present invention; but; the present invention can also adopt other to be different from other modes described here and implement, and therefore, protection scope of the present invention is not by the restriction of following public specific embodiment.
Fig. 1 shows the schematic flow diagram of the encipher-decipher method of data according to an embodiment of the invention.
As shown in Figure 1, the encipher-decipher method of data according to an embodiment of the invention, comprising:
Step 102, whether detect the arbitrary data got has encryption requirements or deciphering demand;
Step 104, when detecting that described arbitrary data have encryption requirements, extracting the cryptographic object of pre-stored, and being encrypted described arbitrary data according to the described cryptographic object extracted;
Step 106, when detecting that described arbitrary data have deciphering demand, extracts the decrypt objects of pre-stored, and according to the described decrypt objects extracted to described arbitrary decrypt data.
In this technical scheme, encryption requirements or deciphering demand whether is had by detecting the arbitrary data got, and when detecting that arbitrary data have encryption requirements, extract the cryptographic object of pre-stored, and according to the cryptographic object extracted, arbitrary data are encrypted, and when detecting that arbitrary data have deciphering demand, extract the decrypt objects of pre-stored, and according to the decrypt objects extracted to arbitrary decrypt data, can prestore being used for the cryptographic object of data encrypting and deciphering and decrypt objects, and when data have encryption requirements or deciphering demand, extracting directly cryptographic object or decrypt objects are encrypted or decipher, avoid and all need to create in real time cryptographic object and decrypt objects when encryption and decryption data at every turn and make whole encryption process length consuming time and the problem such as success rate is lower, make while guaranteeing secure user data, improve the encryption and decryption efficiency to user data and success rate, thus improve the experience of user.In addition, due to cryptographic object and decrypt objects need not be created in real time, greatly save system resource, make system have more idling-resource and process more data simultaneously, thus improve the disposal ability of system under high complications.
In technique scheme, preferably, before detecting arbitrary data of getting and whether having the step of encryption requirements or deciphering demand, also comprise: obtain the encryption key used when described arbitrary data are encrypted, and/or to the decruption key used during described arbitrary decrypt data process; Generate described cryptographic object according to described encryption key, and/or generate described decrypt objects according to described decruption key; Initialization process is carried out to described cryptographic object and/or described decrypt objects; And store the described cryptographic object after initialization process and/or the described decrypt objects after initialization process.
In this technical scheme, the encryption key used during by obtaining and being encrypted arbitrary data, cryptographic object is generated according to encryption key, initialization process is carried out to cryptographic object, and stores the cryptographic object after initialization process, make follow-up when data have encryption requirements, the cryptographic object of extracting directly pre-stored data can be encrypted, substantially increase encryption efficiency, avoiding to picture, encryption being made mistakes because creating encryption in real time simultaneously, improve the success rate to data encryption; And by obtaining the encryption key used during arbitrary decrypt data process, decrypt objects is generated according to decruption key, initialization process is carried out to decrypt objects, and store the decrypt objects after initialization process, make follow-up when data have deciphering demand, can the decrypt objects of extracting directly pre-stored to decrypt data, substantially increase decryption efficiency, avoiding to picture, deciphering being made mistakes because creating deciphering in real time simultaneously, improve the success rate to data deciphering.Wherein, cryptographic object and decrypt objects comprise PKCS8EncodedKeySpec object, KeyFactory object, Key object and Cipher object respectively.
In above-mentioned any one technical scheme, preferably, the described cryptographic object after initialization process and/or the described decrypt objects after initialization process are stored in buffer memory.
In this technical scheme, preferably the cryptographic object after initialization process and/or the decrypt objects after initialization process are stored in buffer memory, due in data processing, processor is all generally that first from buffer memory, extract data carries out relevant treatment, make the processing speed of the data stored in the buffer relatively very fast, improve the disposal ability of system, thus the response speed that improve user, certainly, can also according to the design requirement of reality, cryptographic object and/or decrypt objects are stored to other storage areas of system, extract at any time in order to during needs.
In above-mentioned any one technical scheme, preferably, extract the step of the cryptographic object of pre-stored, specifically comprise: from described buffer memory, extract described cryptographic object; And after described arbitrary data are encrypted, the described cryptographic object extracted is stored in described buffer memory again.
In this technical scheme, after arbitrary data are encrypted, by the cryptographic object extracted is stored in buffer memory again, the data extracting directly cryptographic object of encryption requirements is had to provide safeguard for follow-up, certainly, according to the design requirement of reality, cryptographic object can also be stored to other storage areas of system, extract at any time in order to during needs.
In above-mentioned any one technical scheme, preferably, extract the step of the decrypt objects of pre-stored, specifically comprise: from described buffer memory, extract described decrypt objects; And after to described arbitrary decrypt data, the described decrypt objects extracted is stored in described buffer memory again.
In this technical scheme, after to arbitrary decrypt data, by the decrypt objects extracted is stored in buffer memory again, the data extracting directly cryptographic object of deciphering demand is had to provide safeguard for follow-up, certainly, according to the design requirement of reality, decrypt objects can also be stored to other storage areas of system, extract at any time in order to during needs.
Fig. 2 shows the schematic block diagram of the ciphering and deciphering device of data according to an embodiment of the invention.
As shown in Figure 2, the ciphering and deciphering device 200 of data according to an embodiment of the invention, comprising: detecting unit 202, ciphering unit 204 and decryption unit 206.
Wherein, whether detecting unit 202, have encryption requirements or deciphering demand for detecting the arbitrary data got; Ciphering unit 204, during for detecting that at described detecting unit 202 described arbitrary data have an encryption requirements, extracting the cryptographic object of pre-stored, and being encrypted described arbitrary data according to the described cryptographic object extracted; Decryption unit 206, during for detecting that at described detecting unit 202 described arbitrary data have a deciphering demand, extracts the decrypt objects of pre-stored, and according to the described decrypt objects extracted to described arbitrary decrypt data.
In this technical scheme, encryption requirements or deciphering demand whether is had by detecting the arbitrary data got, and when detecting that arbitrary data have encryption requirements, extract the cryptographic object of pre-stored, and according to the cryptographic object extracted, arbitrary data are encrypted, and when detecting that arbitrary data have deciphering demand, extract the decrypt objects of pre-stored, and according to the decrypt objects extracted to arbitrary decrypt data, can prestore being used for the cryptographic object of data encrypting and deciphering and decrypt objects, and when data have encryption requirements or deciphering demand, extracting directly cryptographic object or decrypt objects are encrypted or decipher, avoid and all need to create in real time cryptographic object and decrypt objects when encryption and decryption data at every turn and make whole encryption process length consuming time and the problem such as success rate is lower, make while guaranteeing secure user data, improve the encryption and decryption efficiency to user data and success rate, thus improve the experience of user.In addition, due to cryptographic object and decrypt objects need not be created in real time, greatly save system resource, make system have more idling-resource and process more data simultaneously, thus improve the disposal ability of system under high complications.
In technique scheme, preferably, also comprise: acquiring unit 208, for detecting before whether the described arbitrary data got have encryption requirements or deciphering demand at described detecting unit 202, the encryption key used when described arbitrary data are encrypted, and/or to the decruption key used during described arbitrary decrypt data process; Generation unit 210, for generating described cryptographic object according to described encryption key, and/or generates described decrypt objects according to described decruption key; Processing unit 212, for carrying out initialization process to described cryptographic object and/or described decrypt objects; Memory cell 214, for storing the described cryptographic object after initialization process and/or the described decrypt objects after initialization process.
In this technical scheme, the encryption key used during by obtaining and being encrypted arbitrary data, cryptographic object is generated according to encryption key, initialization process is carried out to cryptographic object, and stores the cryptographic object after initialization process, make follow-up when data have encryption requirements, the cryptographic object of extracting directly pre-stored data can be encrypted, substantially increase encryption efficiency, avoiding to picture, encryption being made mistakes because creating encryption in real time simultaneously, improve the success rate to data encryption; And by obtaining the encryption key used during arbitrary decrypt data process, decrypt objects is generated according to decruption key, initialization process is carried out to decrypt objects, and store the decrypt objects after initialization process, make follow-up when data have deciphering demand, can the decrypt objects of extracting directly pre-stored to decrypt data, substantially increase decryption efficiency, avoiding to picture, deciphering being made mistakes because creating deciphering in real time simultaneously, improve the success rate to data deciphering.Wherein, cryptographic object and decrypt objects comprise PKCS8EncodedKeySpec object, KeyFactory object, Key object and Cipher object respectively.
In above-mentioned any one technical scheme, preferably, described memory cell 214 specifically for: the described cryptographic object after initialization process and/or the described decrypt objects after initialization process are stored in buffer memory.
Preferably the cryptographic object after initialization process and/or the decrypt objects after initialization process are stored in buffer memory, due in data processing, processor is all generally that first from buffer memory, extract data carries out relevant treatment, make the processing speed of the data stored in the buffer relatively very fast, improve the disposal ability of system, thus the response speed that improve user, certainly, can also according to the design requirement of reality, cryptographic object and/or decrypt objects are stored to other storage areas of system, extract at any time in order to during needs.
In above-mentioned any one technical scheme, preferably, described ciphering unit 204, specifically for extracting described cryptographic object from described buffer memory; Described memory cell 214, also for after described ciphering unit 204 is encrypted described arbitrary data, is stored in described buffer memory again by the described cryptographic object extracted.
In this technical scheme, after arbitrary data are encrypted, by the cryptographic object extracted is stored in buffer memory again, the data extracting directly cryptographic object of encryption requirements is had to provide safeguard for follow-up, certainly, according to the design requirement of reality, cryptographic object can also be stored to other storage areas of system, extract at any time in order to during needs.
In above-mentioned any one technical scheme, preferably, described decryption unit 206, specifically for extracting described decrypt objects from described buffer memory; Described memory cell 214, also for after described decryption unit 206 is to described arbitrary decrypt data, is stored in described buffer memory again by the described decrypt objects extracted.
In this technical scheme, after to arbitrary decrypt data, by the decrypt objects extracted is stored in buffer memory again, the data extracting directly cryptographic object of deciphering demand is had to provide safeguard for follow-up, certainly, according to the design requirement of reality, decrypt objects can also be stored to other storage areas of system, extract at any time in order to during needs.
Below in conjunction with Fig. 3 to Fig. 6 B, technical scheme of the present invention is described further.
In correlation technique, when being encrypted user data or deciphering, all need to create cryptographic object or decrypt objects in real time, particularly, as shown in Figure 3, according to cryptographic object data be encrypted and specifically comprise:
Step 302, gets the data that user needs to encrypt.
Step 304, obtains the key used.
Step 306, obtains PKCS8EncodedKeySpec object according to key.
Step 308, obtains KeyFactory object according to RSA Algorithm.
Step 310, KeyFactory object generates Key object according to PKCS8EncodedKeySpec object.
Step 312, obtains Cipher object.
Step 314, Cipher object uses Key object to carry out the initialization of encryption itself.
Step 316, uses Cipher object to be encrypted user data.
Above step receive at every turn user need encrypt data time carry out successively.
As shown in Figure 4, according to decrypt objects, decrypt data process is specifically comprised:
Step 402, gets the user data encrypted.
Step 404, obtains the key deciphered and use.
Step 406, obtains PKCS8EncodedKeySpec object according to key.
Step 408, obtains KeyFactory object according to RSA Algorithm.
Step 410, KeyFactory object generates Key object according to PKCS8EncodedKeySpec object.
Step 412, obtains Cipher object.
Step 414, Cipher object uses Key object to carry out the initialization of deciphering itself.
Step 416, uses Cipher object to be decrypted user data.
Above step is carried out successively when receiving the user data encrypted at every turn.
Analyze known according to Fig. 3 and Fig. 4, when the data at every turn sent user carry out encryption and decryption, above-mentioned steps all will be carried out once, and centre does not have anything to change, carry out at every turn key obtain and object initialization expend long time, the efficiency of such user data encryption and decryption will be very low, in the present embodiment, by extracting in advance some public information and encapsulate, be put in stack, directly so in use take out from stack, be put back in stack after using, specific implementation process is as follows:
One, the encryption and decryption key that will use and object preheating load
Key and object preheating load, and mainly refer to that the key that will use data encryption and decryption and various key object obtain and object initialization in advance, and be stored in buffer memory, in buffer memory, the data of prestrain have:
(1), the data encrypting and deciphering key that will use;
(2), the data encrypting and deciphering various cryptographic objects that will use;
(3), the initialization of various encryption and decryption object.
Two, the process of various encryption and decryption object
In order to improve concurrent efficiency and the number of concurrent of systems process user data, preferably, stack is adopted to preserve these cryptographic objects, these cryptographic objects are applied in advance, only need during use to take out from stack, put back to after finishing using in stack, eliminate the time re-created when needing these objects, improve the disposal ability of system.As shown in Figure 5, concrete handling process is as follows:
Step 502, the key used when obtaining encryption and decryption, according to the various encryption and decryption object of encryption and decryption secret generating, and carries out initialization to various encryption and decryption object, and the encryption and decryption object after initialization is put into stack.
Step 504, when there being the user data needing encryption, takes out various cryptographic object from stack.
Step 506, utilizes various cryptographic object to be encrypted data.
Step 508, after terminating ciphering user data, puts back to cryptographic object in stack.
Step 510, when there being the user data needing deciphering, takes out various decrypt objects from stack.
Step 512, utilizes various decrypt objects to decrypt data.
Step 514, after terminating user data deciphering, puts back to decrypt objects in stack.
The encryption method in Fig. 5 is adopted to be encrypted user data, and being encrypted pressure test, every test index and result, as shown in 6A, adopt the decryption method in Fig. 5 to be decrypted process to user data, and being decrypted pressure test, every test index and result are as shown in 6B.
In the above-described embodiments, connection pool is utilized to enhance the ability of systems process user data encrypting and deciphering, decrease due to the concurrent connection pool object brought that to block the user data encryption and decryption efficiency caused low, the problem that encryption and decryption is made mistakes etc., not only solve the needs of problems in practical application, and solve the problem of the abnormal connecting object of connection pool object acquisition, and simplified the difficulty of client call, decrease the workload of exploitation.By above-described embodiment, can realize:
(1), when concurrent greatly, can the various encryption and decryption object of quick obtaining;
(2), when obtaining various encryption and decryption object, can not cause obtaining object and block again because of synchrolock;
(3), the prestrain of encryption and decryption object in the buffer, improve the response speed to user;
(4), because various encryption and decryption object and user's encryption and decryption data all complete in internal memory, improve computational efficiency;
(5), the TPS (number of transactions of process per second) of system significantly improves.
More than be described with reference to the accompanying drawings technical scheme of the present invention, propose a kind of encryption and decryption scheme of new data, can prestore being used for the cryptographic object of data encrypting and deciphering and decrypt objects, and when data have encryption requirements or deciphering demand, extracting directly cryptographic object or decrypt objects are encrypted or decipher, avoid and all need to create in real time cryptographic object and decrypt objects when encryption and decryption data at every turn and make whole encryption process length consuming time and the problem such as success rate is lower, make while guaranteeing secure user data, improve the encryption and decryption efficiency to user data and success rate, thus improve the experience of user, and improve the disposal ability of system under high complications.
The foregoing is only the preferred embodiments of the present invention, be not limited to the present invention, for a person skilled in the art, the present invention can have various modifications and variations.Within the spirit and principles in the present invention all, any amendment done, equivalent replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (10)
1. an encipher-decipher method for data, is characterized in that, comprising:
Detect the arbitrary data got and whether have encryption requirements or deciphering demand;
When detecting that described arbitrary data have encryption requirements, extracting the cryptographic object of pre-stored, and according to the described cryptographic object extracted, described arbitrary data being encrypted;
When detecting that described arbitrary data have deciphering demand, extract the decrypt objects of pre-stored, and according to the described decrypt objects extracted to described arbitrary decrypt data.
2. the encipher-decipher method of data according to claim 1, is characterized in that, before detecting arbitrary data of getting and whether having the step of encryption requirements or deciphering demand, also comprises:
Obtain the encryption key used when described arbitrary data are encrypted, and/or to the decruption key used during described arbitrary decrypt data process;
Generate described cryptographic object according to described encryption key, and/or generate described decrypt objects according to described decruption key;
Initialization process is carried out to described cryptographic object and/or described decrypt objects; And
Store the described cryptographic object after initialization process and/or the described decrypt objects after initialization process.
3. the encipher-decipher method of data according to claim 2, is characterized in that,
Described cryptographic object after initialization process and/or the described decrypt objects after initialization process are stored in buffer memory.
4. the encipher-decipher method of data according to claim 3, is characterized in that, extracts the step of the cryptographic object of pre-stored, specifically comprises:
Described cryptographic object is extracted from described buffer memory; And
After described arbitrary data are encrypted, the described cryptographic object extracted is stored in described buffer memory again.
5. the encipher-decipher method of data according to claim 3, is characterized in that, extracts the step of the decrypt objects of pre-stored, specifically comprises:
Described decrypt objects is extracted from described buffer memory; And
After to described arbitrary decrypt data, the described decrypt objects extracted is stored in described buffer memory again.
6. a ciphering and deciphering device for data, is characterized in that, comprising:
Whether detecting unit, have encryption requirements or deciphering demand for detecting the arbitrary data got;
Ciphering unit, during for detecting that at described detecting unit described arbitrary data have an encryption requirements, extracting the cryptographic object of pre-stored, and being encrypted described arbitrary data according to the described cryptographic object extracted;
Decryption unit, during for detecting that at described detecting unit described arbitrary data have a deciphering demand, extracts the decrypt objects of pre-stored, and according to the described decrypt objects extracted to described arbitrary decrypt data.
7. the ciphering and deciphering device of data according to claim 6, is characterized in that, also comprises:
Acquiring unit, for detecting before whether the described arbitrary data got have encryption requirements or deciphering demand at described detecting unit, the encryption key used when described arbitrary data are encrypted, and/or to the decruption key used during described arbitrary decrypt data process;
Generation unit, for generating described cryptographic object according to described encryption key, and/or generates described decrypt objects according to described decruption key;
Processing unit, for carrying out initialization process to described cryptographic object and/or described decrypt objects;
Memory cell, for storing the described cryptographic object after initialization process and/or the described decrypt objects after initialization process.
8. the ciphering and deciphering device of data according to claim 7, is characterized in that, described memory cell specifically for:
Described cryptographic object after initialization process and/or the described decrypt objects after initialization process are stored in buffer memory.
9. the ciphering and deciphering device of data according to claim 8, is characterized in that,
Described ciphering unit, specifically for extracting described cryptographic object from described buffer memory;
Described memory cell, also for after described ciphering unit is encrypted described arbitrary data, is stored in described buffer memory again by the described cryptographic object extracted.
10. the ciphering and deciphering device of data according to claim 8, is characterized in that,
Described decryption unit, specifically for extracting described decrypt objects from described buffer memory;
Described memory cell, also for after described decryption unit is to described arbitrary decrypt data, is stored in described buffer memory again by the described decrypt objects extracted.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201511018609.2A CN105471900A (en) | 2015-12-29 | 2015-12-29 | Method and device for encrypting and decrypting data |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201511018609.2A CN105471900A (en) | 2015-12-29 | 2015-12-29 | Method and device for encrypting and decrypting data |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105471900A true CN105471900A (en) | 2016-04-06 |
Family
ID=55609170
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201511018609.2A Pending CN105471900A (en) | 2015-12-29 | 2015-12-29 | Method and device for encrypting and decrypting data |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105471900A (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100440775C (en) * | 2002-10-31 | 2008-12-03 | 华为技术有限公司 | Encryption communication method and device |
| CN100486157C (en) * | 2002-12-31 | 2009-05-06 | 北京因特时代信息技术有限公司 | Distribution type data encryption method |
| CN101651666A (en) * | 2008-08-14 | 2010-02-17 | 中兴通讯股份有限公司 | Method and device for identity authentication and single sign-on based on virtual private network |
| CN103605741A (en) * | 2013-11-19 | 2014-02-26 | 北京国双科技有限公司 | Object encryption storage method, device and system |
| CN104935429A (en) * | 2014-03-17 | 2015-09-23 | Tcl集团股份有限公司 | Data processing method and system employing multi-encryption technology |
-
2015
- 2015-12-29 CN CN201511018609.2A patent/CN105471900A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100440775C (en) * | 2002-10-31 | 2008-12-03 | 华为技术有限公司 | Encryption communication method and device |
| CN100486157C (en) * | 2002-12-31 | 2009-05-06 | 北京因特时代信息技术有限公司 | Distribution type data encryption method |
| CN101651666A (en) * | 2008-08-14 | 2010-02-17 | 中兴通讯股份有限公司 | Method and device for identity authentication and single sign-on based on virtual private network |
| CN103605741A (en) * | 2013-11-19 | 2014-02-26 | 北京国双科技有限公司 | Object encryption storage method, device and system |
| CN104935429A (en) * | 2014-03-17 | 2015-09-23 | Tcl集团股份有限公司 | Data processing method and system employing multi-encryption technology |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101241527B (en) | System and method for ordinary authentication | |
| CN108345806B (en) | Hardware encryption card and encryption method | |
| CN103457733B (en) | A kind of cloud computing environment data sharing method and system | |
| CN102170357B (en) | Combined secret key dynamic security management system | |
| CN105760764B (en) | Encryption and decryption method and device for embedded storage device file and terminal | |
| CN108154038B (en) | Data processing method and device | |
| CN105812366B (en) | Server, anti-crawler system and anti-crawler verification method | |
| CN109347625B (en) | Password operation method, work key creation method, password service platform and equipment | |
| CN106452770B (en) | Data encryption method, data decryption method, device and system | |
| CN107993073B (en) | Face recognition system and working method thereof | |
| WO2015133990A1 (en) | Methods and apparatus for migrating keys | |
| CN103870525A (en) | Secure search processing system and secure search processing method | |
| US11626976B2 (en) | Information processing system, information processing device, information processing method and information processing program | |
| CN102025503A (en) | Data security implementation method in cluster environment and high-security cluster | |
| CN109274644A (en) | A kind of data processing method, terminal and watermark server | |
| CN103378971A (en) | Data encryption system and method | |
| CN105468940A (en) | Software protection method and apparatus | |
| JP2018197997A5 (en) | ||
| US11288381B2 (en) | Calculation device, calculation method, calculation program and calculation system | |
| CN115276978A (en) | Data processing method and related device | |
| CN105337742A (en) | LFSR (Linear Feedback Shift Register) file encryption and decryption methods based on human face image features and GPS (Global Position System) information | |
| CN111741268B (en) | Video transmission method, device, server, equipment and medium | |
| CN106257859A (en) | A kind of password using method | |
| Hu | Study of file encryption and decryption system using security key | |
| CN110020533A (en) | A kind of method for security protection and terminal of VR resource |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20160406 |
|
| RJ01 | Rejection of invention patent application after publication |