CN106407127A - Data encryption method and apparatus - Google Patents

Data encryption method and apparatus Download PDF

Info

Publication number
CN106407127A
CN106407127A CN201510465717.8A CN201510465717A CN106407127A CN 106407127 A CN106407127 A CN 106407127A CN 201510465717 A CN201510465717 A CN 201510465717A CN 106407127 A CN106407127 A CN 106407127A
Authority
CN
China
Prior art keywords
data
area
ciphertext
internal memory
write
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201510465717.8A
Other languages
Chinese (zh)
Other versions
CN106407127B (en
Inventor
王炼
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tencent Technology Shenzhen Co Ltd
Tencent Cloud Computing Beijing Co Ltd
Original Assignee
Tencent Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology Shenzhen Co Ltd filed Critical Tencent Technology Shenzhen Co Ltd
Priority to CN201510465717.8A priority Critical patent/CN106407127B/en
Publication of CN106407127A publication Critical patent/CN106407127A/en
Application granted granted Critical
Publication of CN106407127B publication Critical patent/CN106407127B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Abstract

The invention discloses a data encryption method and apparatus, and belongs to the technical field of encryption. The data encryption method comprises the steps of applying for a section of memory for plaintext data needed to be encrypted in a predetermined mode, wherein the size of the memory is equal to the size of ciphertext data obtained after the plaintext data is encrypted; writing the plaintext data into a second region; sequentially reading plaintext data blocks of predetermined sizes from unread plaintext data in the second region, and performing encryption on the read plaintext data blocks according to a predetermined encryption algorithm; and writing the ciphertext data into a first region. According to the method and the apparatus, the memory overhead is reduced and low-power embedded equipment with a relatively small memory is ensured to perform encrypted storage.

Description

Data ciphering method and device
Technical field
The present invention relates to encryption technology field, particularly to a kind of data ciphering method and device.
Background technology
In order to ensure the security of data, it usually needs data is encrypted.
A kind of common cipher mode is:First, two sections of internal memories of application in the internal memory of equipment, wherein one section Internal memory is used for storage in plain text, and this section of internal memory is designated as the first internal memory, and a wherein another section internal memory is used for storing ciphertext, This section of internal memory is designated as the second internal memory;Then, read clear data from the first internal memory, according to predetermined encryption Mode is encrypted to the clear data reading, and the data ciphertext after encryption is stored to the second internal memory.
During realizing the present invention, inventor finds that correlation technique at least has problems with:Due to upper State and need in cipher mode to apply for two sections of internal memories, be therefore not particularly suited for the smaller equipment of internal memory, such as interior Hold the embedded device of the low-power consumption being typically only 256 bytes.
Content of the invention
In order to solve in correlation technique because needing to apply for two sections of internal memories in encryption, it is not particularly suited for internal memory and compares The problem of little equipment, embodiments provides a kind of data ciphering method and device.Described technical side Case is as follows:
A kind of first aspect, there is provided data ciphering method, methods described includes:
It is the one section of internal memory of clear data application needing encryption according to predetermined way, described internal memory is included positioned at institute State the first area of internal memory head and the second area being located at described internal memory afterbody, the size of described internal memory is equal to Size to the ciphertext data obtaining after the encryption of described clear data;
Described clear data is write described second area;
The clear data of predefined size is read in the clear data not sequentially being read from described second area Block, is encrypted to the described block of plaintext data reading according to predetermined cryptographic algorithm, obtains ciphertext block data;
Described ciphertext block data is write described first area, and after described first area is write completely, continues to write Enter to described second area.
The beneficial effect that technique scheme is brought is:It is less than clear data and bright to this by only applying for one section Civilian data be encrypted after the ciphertext data sum obtaining internal memory, and first clear data is write this internal memory, Then sequentially read block of plaintext data, the block of plaintext data reading is encrypted, the ciphertext after being encrypted Data block, the ciphertext block data obtaining is write this internal memory, due to before encryption, can be by clear data Store to internal memory, and the clear data storing has no effect on the storage of ciphertext data, therefore decreases internal memory and opens Pin is it is ensured that the smaller low-power-consumption embedded equipment of internal memory is encrypted storage.
Optionally, described is the one section of internal memory of clear data application needing encryption according to predetermined way, including:
The ciphertext data obtaining after being expected according to described predetermined cryptographic algorithm, described clear data to be encrypted Size, described ciphertext data includes data corresponding with described clear data and predetermined description information;
Application size is equal to the internal memory of the size of described ciphertext data.
The beneficial effect that technique scheme is brought is:Calculated to bright by calculating previously according to predetermined encryption The size of the ciphertext data that civilian data obtains after being encrypted, determines the size of internal memory, namely this internal memory only needs The size that ciphertext data can be deposited is set, thus clear data can be encrypted in guarantee Meanwhile, reduce the space of the internal memory of application as far as possible.
Optionally, described by described ciphertext block data write described first area, including:
It is not written into the original position of data from described first area, the ciphertext number that sequentially write encryption obtains According to block.
The beneficial effect that technique scheme is brought is:By being not written into the initial of data in the first region Position, sequentially the write ciphertext block data that obtains of encryption is it is ensured that being sequentially written in of ciphertext data, it is to avoid Cover the situation of the ciphertext data having been written into and still not encrypted clear data so as to plaintext number According to encryption and the correct reading to ciphertext data provide possibility.
Optionally, described described ciphertext block data is write described first area, and write in described first area Man Hou, continues to write to described second area, including:
Detect whether described first area is fully written;
If described first area is fully written, from the original position of described second area, cover write successively and add The close ciphertext block data obtaining;
If described first area is not written full, described ciphertext block data is write described first area.
The beneficial effect that technique scheme is brought is:By after first area is fully written, from second area Original position, cover the write ciphertext block data that obtains of encryption successively;Original position due to second area The clear data being stored has been read and encrypted mistake, and therefore these clear datas are nonsensical, Now then can be by these clear datas of ciphertext data cover, so, early stage is used for storing the of clear data Two regions are eventually covered by ciphertext data, so that second area is by clear data and ciphertext data Recycling, therefore provides possibility for reducing data as far as possible to the occupancy of internal memory.
Optionally, methods described also includes:
When all clear datas are all encrypted, and all ciphertext data that encryption obtains all are written into described internal memory Afterwards, then in described second area not by the region of ciphertext data cover, cover write and be used for described description information.
The beneficial effect that technique scheme is brought is:After clear data is all encrypted, store in internal memory Clear data then there is no the meaning of presence, now description information can be covered write currently used for storage The region of clear data, now, for storing the region of ciphertext data and the area for storing description information Domain is the internal memory of whole application, and being stored in of description information can ensure that ciphertext data is read out carrying out correlation Operation.
Optionally, methods described also includes:
When described clear data is all encrypted complete, and encrypt after all ciphertext data be all read after, then The described internal memory of release application.
The beneficial effect that technique scheme is brought is:By all encrypted complete in clear data, and encrypt After all ciphertext data afterwards are all read, this internal memory of release application, can effectively reduce and internal memory is accounted for With duration, these internal memories can be continuing with order to other business in equipment, improve the work of equipment Efficiency.
A kind of second aspect, there is provided data encryption device, described device includes:
Internal memory application module, for being the one section of internal memory of clear data application needing encryption according to predetermined way, The second area that described internal memory includes positioned at the first area of described internal memory head and is located at described internal memory afterbody, The size of described internal memory is equal to the size to the ciphertext data obtaining after the encryption of described clear data;
First writing module, for writing described second area by described clear data;
Data encryption module, pre- for reading in the clear data that is not sequentially read from described second area The block of plaintext data of sizing, is encrypted to the described block of plaintext data reading according to predetermined cryptographic algorithm, Obtain ciphertext block data;
Second writing module, for the described ciphertext block data write obtaining the encryption of described data encryption module Described first area, and after described first area is write completely, continue to write to described second area.
The beneficial effect that technique scheme is brought is:It is less than clear data and bright to this by only applying for one section Civilian data be encrypted after the ciphertext data sum obtaining internal memory, and first clear data is write this internal memory, Then sequentially read block of plaintext data, the block of plaintext data reading is encrypted, the ciphertext after being encrypted Data block, the ciphertext block data obtaining is write this internal memory, due to before encryption, can be by clear data Store to internal memory, and the clear data storing has no effect on the storage of ciphertext data, therefore decreases internal memory and opens Pin is it is ensured that the smaller low-power-consumption embedded equipment of internal memory is encrypted storage.
Optionally, described internal memory application module, including:
Size expected cell, is encrypted to described clear data according to described predetermined cryptographic algorithm for estimated The size of the ciphertext data obtaining afterwards, described ciphertext data includes data corresponding with described clear data and pre- Fixed description information;
Internal memory application unit, for applying for that size is equal to the described ciphertext number that described size expected cell predicts According to size internal memory.
The beneficial effect that technique scheme is brought is:Calculated to bright by calculating previously according to predetermined encryption The size of the ciphertext data that civilian data obtains after being encrypted, determines the size of internal memory, namely this internal memory only needs Arrange and can deposit ciphertext data and be used for describing the former or whole in the description information of ciphertext data Two kinds of size, thus while ensureing clear data can be encrypted, reduce as far as possible The space of the internal memory of application.
Optionally, described second writing module, is additionally operable to:
It is not written into the original position of data from described first area, the ciphertext number that sequentially write encryption obtains According to block.
The beneficial effect that technique scheme is brought is:By being not written into the initial of data in the first region Position, sequentially the write ciphertext block data that obtains of encryption is it is ensured that being sequentially written in of ciphertext data, it is to avoid Cover the situation of the ciphertext data having been written into and still not encrypted clear data so as to plaintext number According to encryption and the correct reading to ciphertext data provide possibility.
Optionally, described second writing module, including:
Detector unit, for detecting whether described first area is fully written;
First writing unit, for when described detector unit detects described first area and is fully written, from institute State the original position of second area, cover the ciphertext block data that write encryption obtains successively;
Second writing unit, be additionally operable to described detector unit detect described first area not written full when, Described ciphertext block data is write described first area.
The beneficial effect that technique scheme is brought is:By after first area is fully written, from second area Original position, cover the write ciphertext block data that obtains of encryption successively;Original position due to second area The clear data being stored has been read and encrypted mistake, and therefore these clear datas are nonsensical, Now then can be by these clear datas of ciphertext data cover, so, early stage is used for storing the of clear data Two regions are eventually covered by ciphertext data, so that second area is by clear data and ciphertext data Recycling, therefore provides possibility for reducing data as far as possible to the occupancy of internal memory.
Optionally, described device also includes:
Description information writing module, for when all clear datas all encrypted, and encrypt obtain all close After civilian data is all written into described internal memory, then in described second area not by the region of ciphertext data cover, cover Overwrite enters the description information for describing described ciphertext data.
The beneficial effect that technique scheme is brought is:After clear data is all encrypted, store in internal memory Clear data then there is no the meaning of presence, now description information can be covered write currently used for storage The region of clear data, now, for storing the region of ciphertext data and the area for storing description information Domain is the internal memory of whole application, and being stored in of description information can ensure that ciphertext data is read out carrying out correlation Operation.
Optionally, described device also includes:
Internal memory release module, for when described clear data all encrypted complete, and encrypt after all ciphertexts After data is all read, then discharge the described internal memory of application.
The beneficial effect that technique scheme is brought is:By all encrypted complete in clear data, and encrypt After all ciphertext data afterwards are all read, this internal memory of release application, can effectively reduce and internal memory is accounted for With duration, these internal memories can be continuing with order to other business in equipment, improve the work of equipment Efficiency.
Brief description
For the technical scheme being illustrated more clearly that in the embodiment of the present invention, below will be to institute in embodiment description Need use accompanying drawing be briefly described it should be apparent that, drawings in the following description are only the present invention Some embodiments, for those of ordinary skill in the art, on the premise of not paying creative work, Other accompanying drawings can also be obtained according to these accompanying drawings.
Fig. 1 is the method flow diagram of the data ciphering method providing in one embodiment of the invention;
Fig. 2A is the method flow diagram of the data ciphering method providing in another embodiment of the present invention;
Fig. 2 B is the clear data Shen being needs encryption according to predetermined way providing in one embodiment of the invention Please one section of internal memory flow chart;
Fig. 2 C is the interior presence storage clear data and ciphertext number that the application providing in one embodiment of the invention is arrived According to when region distribution schematic diagram;
Fig. 2 D is the schematic diagram writing ciphertext block data to first area providing in one embodiment of the invention;
Fig. 2 E is the schematic diagram writing ciphertext block data to second area providing in one embodiment of the invention;
Fig. 3 is the structural representation of the data encryption device providing in one embodiment of the invention;
Fig. 4 is the structural representation of the data encryption device providing in another embodiment of the present invention.
Specific embodiment
For making the object, technical solutions and advantages of the present invention clearer, below in conjunction with accompanying drawing to the present invention Embodiment is described in further detail.
Fig. 1 is the method flow diagram of the data ciphering method providing in one embodiment of the invention.This data adds The low-power-consumption embedded equipment that decryption method can apply to, in the embedded device of low-power consumption, be said here is interior Deposit very little, the equipment very high to the use requirement of internal memory.This data ciphering method can include:
Step 101, is the one section of internal memory of clear data application needing encryption according to predetermined way, and this internal memory includes Second area positioned at the first area of this internal memory head with positioned at this internal memory afterbody, the size of this internal memory is equal to Size to the ciphertext data obtaining after the encryption of this clear data.
Step 102, this clear data is write this second area.
Step 103, reads the plaintext of predefined size in the clear data not sequentially being read from this second area Data block, is encrypted to this block of plaintext data reading according to predetermined cryptographic algorithm, obtains ciphertext block data.
Step 104, this ciphertext block data is write this first area, and after this first area is write completely, continues Write to this second area.
In sum, the data ciphering method providing in the embodiment of the present invention, by only applying for one section less than bright Civilian data and the internal memory of the ciphertext data sum obtaining after this clear data is encrypted, and first will be in plain text Data writes this internal memory, then sequentially reads block of plaintext data, the block of plaintext data reading is encrypted, Ciphertext block data after being encrypted, the ciphertext block data obtaining is write this internal memory, due to before encryption, Clear data can be stored to internal memory, and the clear data storing has no effect on the storage of ciphertext data, because This decreases memory cost it is ensured that the smaller low-power-consumption embedded equipment of internal memory is encrypted storage.
Fig. 2A is the method flow diagram of the data ciphering method providing in another embodiment of the present invention.This data The low power consuming devices that encryption method can apply to, in low power consuming devices, be said here are that internal memory is very little, right The very high equipment of the use requirement of internal memory, the embedded device of such as low-power consumption.This data ciphering method can To include:
Step 201, is the one section of internal memory of clear data application needing encryption according to predetermined way, and this internal memory includes Second area positioned at the first area of this internal memory head with positioned at this internal memory afterbody, the size of this internal memory is equal to Size to the ciphertext data obtaining after the encryption of this clear data.
In actual applications, low-power-consumption embedded equipment is often encrypted for one section of clear data, all can basis The byte number of this section of clear data, applies for one section of internal memory.
In general, the internal memory of low power consuming devices generally very little, such as only 256 bytes, therefore for Reduce the occupancy to internal memory during encryption as far as possible, the present invention each embodiment is in the plaintext for needing encryption When data is encrypted, only apply for an end memory, and the size of the internal memory applied for is equal to and this clear data is added The size of the ciphertext data obtaining after close.
Compared in correlation technique, needing to apply for two sections of internal memories, wherein one section internal memory needs to encrypt for storage Clear data, another section of internal memory be used for the ciphertext data after storage is encrypted to this clear data, here Memory size show less than this two sections of internal memory sums in correlation technique, therefore save the occupancy to internal memory.
For the ease of the ciphertext data of write clear data orderly in the internal memory of application and generation, generally Memory setting can be two regions, namely the content of application can include positioned at this internal memory head first Region and the second area being located at this internal memory afterbody.
Optionally, the next position of the end position of first area is the original position of second area.
In a kind of possible implementation, can under first budget internal memory size, then big according to budget Little application internal memory, specifically may refer to shown in Fig. 2 B, and it is to provide in one embodiment of the invention according to pre- Determine the flow chart that mode is the one section of internal memory of clear data application needing encryption.In fig. 2b, low power consuming devices It is being the one section of internal memory of clear data application needing encryption according to predetermined way, may include steps of:
Step 201a is it is contemplated that the ciphertext number that obtains after this clear data being encrypted according to predetermined cryptographic algorithm According to size, this ciphertext data includes data corresponding with clear data and predetermined description information.
Here predetermined cryptographic algorithm is the algorithm that low power consuming devices are encrypted to clear data, and this makes a reservation for add Close algorithm generally to be determined by the security requirements of clear data, the present embodiment not side to predetermined cryptographic algorithm Formula is defined.
In general, to the ciphertext data obtaining after clear data encryption, the byte that it takies is typically larger than right The byte shared by clear data answered, therefore, when for application internal memory, can first Budget Service ciphertext data Shared byte, then to be determined with the byte shared by ciphertext data needs the internal memory of application.
Generally, in order to the receiving terminal ensureing ciphertext data can learn the cipher mode of ciphertext data, so that right The ciphertext data receiving is decrypted, and low power consuming devices generally also can be calculated in the internal memory of application in write encryption The description informations such as method, in order to send the description information reading in internal memory to the receiving terminal of ciphertext data.This In the description information said can be the description letter to the cipher mode that ciphertext data is encrypted for description Cease or for describing information of byte etc. shared by all ciphertext data, the present embodiment is not to description The particular content of information is defined.
In general, the part all as ciphertext data such as these description informations, namely ciphertext data except Including the data after clear data is encrypted, also include other description informations.
Therefore when applying for internal memory, generally also need in view of for describing the description information institute of this ciphertext data The size taking, description information here is usually 8bit-10bit.
Step 201b, application size is equal to the internal memory of the size of this ciphertext data.
In order to reduce the occupancy to internal memory as far as possible, and can be sequentially according to clear data in view of ciphertext data It is encrypted, therefore in initial phase, ciphertext data can be not take up internal memory, with the life of ciphertext data Become, ciphertext data starts progressively committed memory.Therefore, when applying for internal memory, application size is equal to this ciphertext The internal memory of the size of data.
General, the second area in internal memory is traditionally arranged to be the size of clear data.Optionally, from internal memory Tail position shift forward predefined size, point to the original position of second area, that is said here is predetermined big The little size being clear data.
Optionally, refer to shown in Fig. 2 C, it is to be arrived according to the application providing in one embodiment of the invention The interior region distribution schematic diagram existing when storage clear data and ciphertext data, in fig. 2 c, the internal memory of application Including first area 22 and second area 24, the wherein size of second area 24 is equal to shared by clear data Byte.
General, this clear data is typically greater than to the ciphertext data obtaining after clear data encryption, because During the internal memory of this size being equal to ciphertext data in application size, second area shows and can be used for storing all Clear data.
Step 202, this clear data is write this second area.
When this clear data is write this second area, can successively will from the original position of second area Clear data writes second area.
Optionally, when clear data is write this second area, the first write pointer can be set, this The original position of one write pointer is the original position of second area, during write clear data, Often write a byte, the position that this first write pointer is given instruction adds 1, until this first write pointer points to The end position of second area, completes the write of clear data.
Step 203, reads the plaintext of predefined size in the clear data not sequentially being read from this second area Data block, is encrypted to this block of plaintext data reading according to predetermined cryptographic algorithm, obtains ciphertext block data.
After clear data all writes second area, start clear data is encrypted, now can be from The original position of second area sequentially reads clear data, general, when reading clear data, can be by Read clear data according to predefined size, the clear data with predefined size is designated as block of plaintext data.
Often read out block of plaintext data, then according to predetermined cryptographic algorithm, the block of plaintext data reading be encrypted, Ciphertext data after being encrypted, the ciphertext data after the clear data encryption of a predefined size is designated as close Civilian data block.
Optionally, when reading block of plaintext data from this second area, the first reading pointer can be set, The original position of this first reading pointer is the original position of second area, during reading clear data, In one byte of every reading, the position that this first reading pointer is given instruction adds 1, until this first reading pointer moves Move the byte of predefined size, complete the reading to a block of plaintext data.
In order to read clear data in order, it is to avoid omit clear data, can sequentially from this second area not The block of plaintext data of predefined size is read, according to predetermined cryptographic algorithm to reading in the clear data being read This block of plaintext data is encrypted, and obtains ciphertext block data.
Step 204, detects whether this first area is fully written.
After obtaining ciphertext block data, need for ciphertext block data to write first area, but because internal memory is According to the internal memory application shared by all ciphertext data, and clear data has occupied in internal memory second Region, therefore, after write part ciphertext data, first area may be fully written.Therefore, exist After obtaining ciphertext block data, need first to detect whether this first area has been fully written.
Obviously, in every write one of ciphertext block data byte, all can detect this first area whether by Write full.
Step 205, if this first area is not written full, this ciphertext block data is write this first area.
If this first area is not written full, the ciphertext block data obtaining can be write this first area, low Power consuming device when ciphertext block data is write this first area, in order to avoid after the ciphertext block data that obtains Cover the ciphertext block data in front write, then need to be not written into the start bit of data from this first area Put, the ciphertext block data that sequentially write encryption obtains.
Optionally, when ciphertext data is write this first area, the second write pointer can be set, this The original position of two write pointers is the original position of first area, during write ciphertext data, Often write a byte, the position that this second write pointer is given instruction adds 1.
When detecting whether this first area is fully written, can detect whether this second write pointer points to first The end position in region, if the end position of the second write pointer positive sense first area, shows the firstth area Domain is fully written, when the second write pointer points to the position before the end position of first area, then shows first Region is not yet fully written.
Refer to shown in Fig. 2 D, it is to provide in one embodiment of the invention to first area write ciphertext number According to the schematic diagram of block, the second area 24 from Fig. 2 D reads out predefined size using the first reading pointer P1 Block of plaintext data 26, the block of plaintext data 26 reading out is encrypted, obtains ciphertext block data 28, Using the second write pointer P2, the ciphertext block data obtaining 28 is write in first area 22, in write first During region 22, be not written into the original position 29 of data from this first area 22 at (i.e. write ciphertext Before data block 28, second writes the position pointed by pointer P2) write this ciphertext block data 28, often write One of ciphertext block data 28 byte, the second write pointer P2 is then moved rearwards by one, until this ciphertext number All write according to block 28.
Step 206, if this first area is fully written, from the original position of this second area, covers successively and writes Enter the ciphertext block data that encryption obtains.
Because clear data is sequentially to be written of from the original position of second area, and it is written into second area Clear data be also sequentially from the original position of second area start read, therefore, second area start bit The clear data put is already encrypted and writes to first area, namely the plaintext of second area original position Data no longer has meaning, now then can be initial from this second area after first area is fully written Position starts, and covers the ciphertext block data that write encryption obtains successively.
Refer to shown in Fig. 2 E, it is to provide in one embodiment of the invention to second area write ciphertext number According to the schematic diagram of block, the second area 24 from Fig. 2 E reads out predefined size using the first reading pointer P1 Block of plaintext data 26 ', the block of plaintext data 26 ' reading out is encrypted, obtains ciphertext block data 28 ', Using the second write pointer P2, the ciphertext block data 28 ' obtaining is write in second area 24, in write second Region 24, often one of write ciphertext block data 28 ' byte, the second write pointer P2 is then moved rearwards by one, Until this ciphertext block data 28 ' is all write.
Step 207, when all clear datas are all encrypted, and all ciphertext data that encryption obtains all are written into After this internal memory, then in this second area not by the region of ciphertext data cover, cover write be used for describing this close The description information of civilian data.
According to step 201a and step 201b, the size of the internal memory of application can accommodate all ciphertext numbers According to (i.e. data corresponding with clear data) and for describing the description information of ciphertext data, therefore from After the original position of internal memory has write all of ciphertext data, in internal memory, also have remainder content, this portion Point content can be used for writing description information.Obviously, if internal memory is only the size of ciphertext data, close After civilian data is all write, then this second area is not in not by the region of ciphertext data cover, therefore Without write for describing the description information of this ciphertext data.
Therefore, when all clear datas are all encrypted, and all ciphertext data that encryption obtains all are written into this After internal memory, then in this second area not by the region of ciphertext data cover, cover write and be used for describing this ciphertext The description information of data.
Step 208, when this clear data is all encrypted complete, and all ciphertext data after encryption are all read Afterwards, then discharge this internal memory of application.
When this clear data is all encrypted complete, and encrypt after all ciphertext data be all read after, in order to So that the content being applied is recycled, then can discharge the internal memory of application.
In sum, the data ciphering method providing in the embodiment of the present invention, by only applying for one section less than bright Civilian data and the internal memory of the ciphertext data sum obtaining after this clear data is encrypted, and first will be in plain text Data writes this internal memory, then sequentially reads block of plaintext data, the block of plaintext data reading is encrypted, Ciphertext block data after being encrypted, the ciphertext block data obtaining is write this internal memory, due to before encryption, Clear data can be stored to internal memory, and the clear data storing has no effect on the storage of ciphertext data, because This decreases memory cost it is ensured that the smaller low-power-consumption embedded equipment of internal memory is encrypted storage.
In addition, calculated by calculating previously according to predetermined encryption clear data is encrypted after obtain close The size of civilian data, determines the size of internal memory, namely this internal memory only need to setting can be used for ciphertext data with And for describing the size of the description information of ciphertext data, thus ensureing clear data can be carried out While encryption, reduce the space of the internal memory of application as far as possible.
By being not written into the original position of data in the first region, the ciphertext number that sequentially write encryption obtains According to block it is ensured that being sequentially written in of ciphertext data, it is to avoid cover the ciphertext data having been written into and still The situation of not encrypted clear data is so that the encryption to clear data and the correct reading to ciphertext data Provide possibility.
By after first area is fully written, from the original position of second area, cover write successively and encrypt The ciphertext block data arriving;Because the clear data that the original position of second area is stored has been read and quilt Encrypted, therefore these clear datas are nonsensical, now then can these are bright by ciphertext data cover Civilian data, so, the second area that early stage is used for storing clear data is eventually covered by ciphertext data, So that second area is utilized by clear data and ciphertext Data duplication, therefore for reducing data as far as possible Possibility is provided to the occupancy of internal memory.
After clear data is all encrypted, in internal memory, the clear data of storage does not then have the meaning of presence, Now description information can be covered the region currently used for storage clear data for the write, now, for storing The region of ciphertext data and the internal memory being whole application for storing the region of description information, description information Be stored in the operation that can ensure that ciphertext data is read out carrying out correlation.
By all encrypted complete in clear data, and after all ciphertext data after encrypting all are read, release Put this internal memory of application, can effectively reduce the occupancy duration to internal memory, in order to other business in equipment These internal memories can be continuing with, improve the operating efficiency of equipment.
Fig. 3 is the structural representation of the data encryption device providing in one embodiment of the invention.This data adds The low-power-consumption embedded equipment that close device can apply to, in the embedded device of low-power consumption, be said here is interior Deposit very little, the equipment very high to the use requirement of internal memory.This data encryption device can include:Internal memory Application module 310, the first writing module 320, data encryption module 330 and the second writing module 340.
Internal memory application module 310, for being in one section of clear data application need encryption according to predetermined way Deposit, the second area that this internal memory includes positioned at the first area of this internal memory head and is located at this internal memory afterbody, should The size that the size of internal memory is less than this clear data adds to the ciphertext data obtaining after the encryption of this clear data Size sum;
First writing module 320, for writing this second area by this clear data;
Data encryption module 330, pre- for reading in the clear data that is not sequentially read from this second area The block of plaintext data of sizing, is encrypted to this block of plaintext data reading according to predetermined cryptographic algorithm, obtains To ciphertext block data;
Second writing module 340, this ciphertext block data for obtaining the encryption of this data encryption module 330 is write Enter this first area, and after this first area is write completely, continue to write to this second area.
In sum, the data encryption device providing in the embodiment of the present invention, by only applying for one section less than bright Civilian data and the internal memory of the ciphertext data sum obtaining after this clear data is encrypted, and first will be in plain text Data writes this internal memory, then sequentially reads block of plaintext data, the block of plaintext data reading is encrypted, Ciphertext block data after being encrypted, the ciphertext block data obtaining is write this internal memory, due to before encryption, Clear data can be stored to internal memory, and the clear data storing has no effect on the storage of ciphertext data, because This decreases memory cost it is ensured that the smaller low-power-consumption embedded equipment of internal memory is encrypted storage.
Fig. 4 is the structural representation of the data encryption device providing in another embodiment of the present invention.This data The low-power-consumption embedded equipment that encryption device can apply to, in the embedded device of low-power consumption, be said here is Internal memory is very little, the equipment very high to the use requirement of internal memory.This data encryption device can include:Interior Deposit application module 410, the first writing module 420, data encryption module 430 and the second writing module 440.
Internal memory application module 410, for being in one section of clear data application need encryption according to predetermined way Deposit, the second area that this internal memory includes positioned at the first area of this internal memory head and is located at this internal memory afterbody, should The size that the size of internal memory is less than this clear data adds to the ciphertext data obtaining after the encryption of this clear data Size sum;
First writing module 420, for writing this second area by this clear data;
Data encryption module 430, pre- for reading in the clear data that is not sequentially read from this second area The block of plaintext data of sizing, is encrypted to this block of plaintext data reading according to predetermined cryptographic algorithm, obtains To ciphertext block data;
Second writing module 440, this ciphertext block data for obtaining the encryption of this data encryption module 430 is write Enter this first area, and after this first area is write completely, continue to write to this second area.
In a kind of possible implementation, this internal memory application module 410, including:Size expected cell 411 With internal memory application unit 412.
Size expected cell 411, after being expected according to this predetermined cryptographic algorithm, this clear data to be encrypted The size of the ciphertext data obtaining, this ciphertext data includes data corresponding with clear data and predetermined description Information;
Internal memory application unit 412, for applying for that size is equal to the ciphertext data that size expected cell 411 predicts Size internal memory.
In a kind of possible implementation, this second writing module 440 can be also used for:
It is not written into the original position of data from this first area, the ciphertext data that sequentially write encryption obtains Block.
In a kind of possible implementation, this second writing module 440 can include:Detector unit 441, First writing unit 442 and the 3rd writing unit 443.
Detector unit 441, for detecting whether this first area is fully written;
First writing unit 442, for when this detector unit 441 detects this first area and is fully written, from The original position of this second area, covers the ciphertext block data that write encryption obtains successively;
Second writing unit 443, be additionally operable to this detector unit 441 detect this first area not written full when, This ciphertext block data is write this first area.
In a kind of possible implementation, this data encryption device can also include:Description information writes mould Block 450.
Description information writing module 450, for when all clear datas all encrypted, and encrypt obtain all After ciphertext data is all written into this internal memory, then in this second area not by the region of ciphertext data cover, cover Write the description information for describing this ciphertext data.
In a kind of possible implementation, this data encryption device can also include:Internal memory release module 460.
Internal memory release module 460, for when this clear data all encrypted complete, and encrypt after all ciphertexts After data is all read, then discharge this internal memory of application.
In sum, the data encryption device providing in the embodiment of the present invention, by only applying for one section less than bright Civilian data and the internal memory of the ciphertext data sum obtaining after this clear data is encrypted, and first will be in plain text Data writes this internal memory, then sequentially reads block of plaintext data, the block of plaintext data reading is encrypted, Ciphertext block data after being encrypted, the ciphertext block data obtaining is write this internal memory, due to before encryption, Clear data can be stored to internal memory, and the clear data storing has no effect on the storage of ciphertext data, because This decreases memory cost it is ensured that the smaller low-power-consumption embedded equipment of internal memory is encrypted storage.
In addition, calculated by calculating previously according to predetermined encryption clear data is encrypted after obtain close The size of civilian data, determines the size of internal memory, namely this internal memory only need to setting can be used for ciphertext data with And for describing the size of the description information of ciphertext data, thus ensureing clear data can be carried out While encryption, reduce the space of the internal memory of application as far as possible.
By being not written into the original position of data in the first region, the ciphertext number that sequentially write encryption obtains According to block it is ensured that being sequentially written in of ciphertext data, it is to avoid cover the ciphertext data having been written into and still The situation of not encrypted clear data is so that the encryption to clear data and the correct reading to ciphertext data Provide possibility.
By after first area is fully written, from the original position of second area, cover write successively and encrypt The ciphertext block data arriving;Because the clear data that the original position of second area is stored has been read and quilt Encrypted, therefore these clear datas are nonsensical, now then can these are bright by ciphertext data cover Civilian data, so, the second area that early stage is used for storing clear data is eventually covered by ciphertext data, So that second area is utilized by clear data and ciphertext Data duplication, therefore for reducing data as far as possible Possibility is provided to the occupancy of internal memory.
After clear data is all encrypted, in internal memory, the clear data of storage does not then have the meaning of presence, Now description information can be covered the region currently used for storage clear data for the write, now, for storing The region of ciphertext data and the internal memory being whole application for storing the region of description information, description information Be stored in the operation that can ensure that ciphertext data is read out carrying out correlation.
By all encrypted complete in clear data, and after all ciphertext data after encrypting all are read, release Put this internal memory of application, can effectively reduce the occupancy duration to internal memory, in order to other business in equipment These internal memories can be continuing with, improve the operating efficiency of equipment.
It should be noted that:In above-described embodiment provide data encryption device when being encrypted to data, Only it is illustrated with the division of above-mentioned each functional module, in practical application, can as desired will be upper State function distribution to be completed by different functional modules, will low power consuming devices internal structure be divided into different Functional module, to complete all or part of function described above.In addition, the number that above-described embodiment provides Belong to same design according to encryption device and data ciphering method embodiment, it implements process and refers to method in fact Apply example, repeat no more here.
The embodiments of the present invention are for illustration only, do not represent the quality of embodiment.
One of ordinary skill in the art will appreciate that all or part of step realizing above-described embodiment can be passed through Hardware come to complete it is also possible to instructed by program correlation hardware complete, described program can be stored in In a kind of computer-readable recording medium, storage medium mentioned above can be read-only storage, disk or CD etc..
The foregoing is only presently preferred embodiments of the present invention, not in order to limit the present invention, all the present invention's Within spirit and principle, any modification, equivalent substitution and improvement made etc., should be included in the present invention's Within protection domain.

Claims (12)

1. a kind of data ciphering method is it is characterised in that methods described includes:
It is the one section of internal memory of clear data application needing encryption according to predetermined way, described internal memory is included positioned at institute State the first area of internal memory head and the second area being located at described internal memory afterbody, the size of described internal memory is equal to Size to the ciphertext data obtaining after the encryption of described clear data;
Described clear data is write described second area;
The clear data of predefined size is read in the clear data not sequentially being read from described second area Block, is encrypted to the described block of plaintext data reading according to predetermined cryptographic algorithm, obtains ciphertext block data;
Described ciphertext block data is write described first area, and after described first area is write completely, continues to write Enter to described second area.
2. method according to claim 1 is it is characterised in that described is to need to add according to predetermined way One section of internal memory of close clear data application, including:
The ciphertext data obtaining after being expected according to described predetermined cryptographic algorithm, described clear data to be encrypted Size, described ciphertext data includes data corresponding with described clear data and predetermined description information;
Application size is equal to the internal memory of the size of described ciphertext data.
3. method according to claim 1 is it is characterised in that described write described ciphertext block data Described first area, including:
It is not written into the original position of data from described first area, the ciphertext number that sequentially write encryption obtains According to block.
4. method according to claim 1 is it is characterised in that described write described ciphertext block data Described first area, and described first area write full after, continue to write to described second area, including:
Detect whether described first area is fully written;
If described first area is fully written, from the original position of described second area, cover write successively and add The close ciphertext block data obtaining;
If described first area is not written full, described ciphertext block data is write described first area.
5. method according to claim 2 is it is characterised in that methods described also includes:
When all clear datas are all encrypted, and all ciphertext data that encryption obtains all are written into described internal memory Afterwards, then in described second area not by the region of ciphertext data cover, cover write and be used for described description information.
6. according to described method arbitrary in claim 1 to 5 it is characterised in that methods described also includes:
When described clear data is all encrypted complete, and encrypt after all ciphertext data be all read after, then The described internal memory of release application.
7. a kind of data encryption device is it is characterised in that described device includes:
Internal memory application module, for being the one section of internal memory of clear data application needing encryption according to predetermined way, The second area that described internal memory includes positioned at the first area of described internal memory head and is located at described internal memory afterbody, The size of described internal memory is equal to the size to the ciphertext data obtaining after the encryption of described clear data;
First writing module, for writing described second area by described clear data;
Data encryption module, pre- for reading in the clear data that is not sequentially read from described second area The block of plaintext data of sizing, is encrypted to the described block of plaintext data reading according to predetermined cryptographic algorithm, Obtain ciphertext block data;
Second writing module, for the described ciphertext block data write obtaining the encryption of described data encryption module Described first area, and after described first area is write completely, continue to write to described second area.
8. device according to claim 7 is it is characterised in that described internal memory application module, including:
Size expected cell, is encrypted to described clear data according to described predetermined cryptographic algorithm for estimated The size of the ciphertext data obtaining afterwards, described ciphertext data includes data corresponding with described clear data and pre- Fixed description information;
Internal memory application unit, for applying for that size is equal to the described ciphertext number that described size expected cell predicts According to size internal memory.
9. device according to claim 7, it is characterised in that described second writing module, is additionally operable to:
It is not written into the original position of data from described first area, the ciphertext number that sequentially write encryption obtains According to block.
10. device according to claim 7 is it is characterised in that described second writing module, including:
Detector unit, for detecting whether described first area is fully written;
First writing unit, for when described detector unit detects described first area and is fully written, from institute State the original position of second area, cover the ciphertext block data that write encryption obtains successively;
Second writing unit, be additionally operable to described detector unit detect described first area not written full when, Described ciphertext block data is write described first area.
11. devices according to claim 8 are it is characterised in that described device also includes:
Description information writing module, for when all clear datas all encrypted, and encrypt obtain all close After civilian data is all written into described internal memory, then in described second area not by the region of ciphertext data cover, cover Overwrite enters described description information.
12. according to described device arbitrary in claim 7 to 11 it is characterised in that described device is also wrapped Include:
Internal memory release module, for when described clear data all encrypted complete, and encrypt after all ciphertexts After data is all read, then discharge the described internal memory of application.
CN201510465717.8A 2015-07-31 2015-07-31 Data encryption method and device Active CN106407127B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510465717.8A CN106407127B (en) 2015-07-31 2015-07-31 Data encryption method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510465717.8A CN106407127B (en) 2015-07-31 2015-07-31 Data encryption method and device

Publications (2)

Publication Number Publication Date
CN106407127A true CN106407127A (en) 2017-02-15
CN106407127B CN106407127B (en) 2019-12-10

Family

ID=58007941

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510465717.8A Active CN106407127B (en) 2015-07-31 2015-07-31 Data encryption method and device

Country Status (1)

Country Link
CN (1) CN106407127B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109462468A (en) * 2017-09-06 2019-03-12 深圳光启智能光子技术有限公司 Data processing method and device

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1957336A (en) * 2004-06-15 2007-05-02 索尼株式会社 Information management device and information management method
US8036377B1 (en) * 2006-12-12 2011-10-11 Marvell International Ltd. Method and apparatus of high speed encryption and decryption
CN102254127A (en) * 2011-08-11 2011-11-23 华为技术有限公司 Method, device and system for encrypting and decrypting files

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1957336A (en) * 2004-06-15 2007-05-02 索尼株式会社 Information management device and information management method
US8036377B1 (en) * 2006-12-12 2011-10-11 Marvell International Ltd. Method and apparatus of high speed encryption and decryption
CN102254127A (en) * 2011-08-11 2011-11-23 华为技术有限公司 Method, device and system for encrypting and decrypting files

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109462468A (en) * 2017-09-06 2019-03-12 深圳光启智能光子技术有限公司 Data processing method and device

Also Published As

Publication number Publication date
CN106407127B (en) 2019-12-10

Similar Documents

Publication Publication Date Title
US8555088B2 (en) Method and apparatus for implementing secure and selectively deniable file storage
US20170046281A1 (en) Address dependent data encryption
CN107609418A (en) Desensitization method, device, storage device and the computer equipment of text data
US8996933B2 (en) Memory management method, controller, and storage system
CN104424016B (en) Virtual tape concentration for self-encrypting drives
CN103294961A (en) Method and device for file encrypting/decrypting
EP1662356A3 (en) Information leakage prevention method and apparatus and program for the same
CN110059455A (en) Code encryption method, apparatus, electronic equipment and computer readable storage medium
JP2010517447A (en) File encryption while maintaining file size
CN108197504A (en) A kind of controlled data encrypting and deciphering system and method
CN106960156A (en) Data encryption and access method based on application program, device
US20090016532A1 (en) Portable data carrier featuring secure data processing
CN103823726A (en) SIM (subscriber identity module) card data backup method and terminal
US20200065639A1 (en) Smart card
CN107609428A (en) Date safety storing system and method
CN103390139A (en) Data storage device and data protection method thereof
CN104298926A (en) Method and device for running encrypted file
CN107885864A (en) A kind of encryption data querying method, system, device and readable storage medium storing program for executing
CN108763401A (en) A kind of reading/writing method and equipment of file
CN105989304A (en) File storage method, file reading method, file storage apparatus and file reading apparatus
CN108171067A (en) A kind of hard disk encryption method and device
CN106816175A (en) The control method and device of memory
CN106407127A (en) Data encryption method and apparatus
CN112214784A (en) Resource processing method, device, electronic equipment and medium
CN102301369B (en) Data storage device access method and device

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20240103

Address after: 518057 Tencent Building, No. 1 High-tech Zone, Nanshan District, Shenzhen City, Guangdong Province, 35 floors

Patentee after: TENCENT TECHNOLOGY (SHENZHEN) Co.,Ltd.

Patentee after: TENCENT CLOUD COMPUTING (BEIJING) Co.,Ltd.

Address before: 2, 518000, East 403 room, SEG science and Technology Park, Zhenxing Road, Shenzhen, Guangdong, Futian District

Patentee before: TENCENT TECHNOLOGY (SHENZHEN) Co.,Ltd.