CN107359989A - Data ciphering method, safety chip and computer-readable recording medium - Google Patents

Data ciphering method, safety chip and computer-readable recording medium Download PDF

Info

Publication number
CN107359989A
CN107359989A CN201710655216.5A CN201710655216A CN107359989A CN 107359989 A CN107359989 A CN 107359989A CN 201710655216 A CN201710655216 A CN 201710655216A CN 107359989 A CN107359989 A CN 107359989A
Authority
CN
China
Prior art keywords
data
user key
embedded
user
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710655216.5A
Other languages
Chinese (zh)
Inventor
毕晓猛
冯宇翔
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
GD Midea Air Conditioning Equipment Co Ltd
Original Assignee
Guangdong Midea Refrigeration Equipment Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong Midea Refrigeration Equipment Co Ltd filed Critical Guangdong Midea Refrigeration Equipment Co Ltd
Priority to CN201710655216.5A priority Critical patent/CN107359989A/en
Publication of CN107359989A publication Critical patent/CN107359989A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/088Usage controlling of secret information, e.g. techniques for restricting cryptographic keys to pre-authorized uses, different access levels, validity of crypto-period, different key- or password length, or different strong and weak cryptographic algorithms

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a kind of data ciphering method, methods described includes:When detecting be-encrypted data, user key preset in safety chip is obtained, and obtain the valid data position in the user key;According to the structure attribute of the user key or the custom instruction of reception, determine that the valid data position is embedded in the embedding method of the be-encrypted data;According to the embedding method, by the data bit sequence correspondence position of the valid data position insertion be-encrypted data;Using the embedded location of valid data position as verification data, the verification data is carried in the data sequence of embedded effective data bit, generates encryption data.The invention also discloses a kind of safety chip and computer-readable recording medium.The present invention can increase encryption data and crack difficulty.

Description

Data ciphering method, safety chip and computer-readable recording medium
Technical field
The present invention relates to field of information security technology, more particularly to a kind of data ciphering method, safety chip and computer Readable storage medium storing program for executing.
Background technology
With the development of wireless communication technology, information security is also increasingly paid attention to by people.Data are encrypted with place Reason is the Main Means to ensure information safety, at present for most of wifi communication equipments frequently with WPA (Wi-Fi Protected Access) it is encrypted, and apply commonplace AES (Advanced Encryption Standard) AES.
But these algorithms are all that such as 128,192,256 data of fixed block length are encrypted, it adds Close processing data position is widely known by the people, if the scrambled data frame that the invader such as hacker is collected into enough data, equipment is sent, right Scrambled data frame is analyzed, and finally can also draw encryption rule, cracks the login password of wifi equipment, and invasion wifi communications are set It is standby, threat information safety.
The content of the invention
It is a primary object of the present invention to provide a kind of data ciphering method, it is intended to solve in the prior art because of block length Fixed, encryption data bit is widely known by the people, and causes encryption data to be easy to the technical problem cracked.
To achieve the above object, the present invention provides a kind of data ciphering method, and methods described includes:
When detecting be-encrypted data, user key preset in safety chip is obtained, and obtain the user key In valid data position;
According to the structure attribute of the user key or the custom instruction of reception, the valid data position insertion institute is determined State the embedding method of be-encrypted data;
According to the embedding method, the data bit sequence that the valid data position is embedded in the be-encrypted data corresponds to position Put;
Using the embedded location of valid data position as verification data, the verification data is carried in embedded effective data bit Data sequence on, generate encryption data.
It is described when detecting be-encrypted data in a kind of possible design, obtain user preset in safety chip Include before the step of key:
When detecting CIPHERING REQUEST, primary encryption is carried out to initial data corresponding to CIPHERING REQUEST, it is to be encrypted to obtain Data.
It is described to obtain user key preset in safety chip in a kind of possible design, and it is close to obtain the user The step of valid data position in key, includes:
User key preset in safety chip is obtained, identifies the key data position of the user key;
Judge whether to receive the selection instruction for selecting valid data position;
If receiving selection instruction, corresponding data position is selected as effective from the key data position according to selection instruction Data bit;
If being not received by selection instruction, using the key data position of preset ratio as valid data position.
It is described according to the structure attribute of the user key or the custom instruction of reception in a kind of possible design, Determine that the step of valid data position is embedded in the embedding method of the be-encrypted data includes:
Judge whether to receive custom instruction;
If receiving custom instruction, treated according to the custom instruction of reception determines the valid data position insertion The embedding method of encryption data;
If not receiving custom instruction, determine that the valid data position is embedding according to the structure attribute of the user key Enter the embedding method of the be-encrypted data.
In a kind of possible design, the structure attribute according to the user key determines that the valid data position is embedding The step of embedding method for entering the be-encrypted data, includes:
The length of the user key is obtained, block length is determined according to the length of the user key;
The be-encrypted data is divided into by corresponding packet according to block length, the valid data position is embedded in Into each packet.
In a kind of possible design, the step bag valid data position being embedded into each packet Include:
Random number is obtained, embedded location of the valid data position in corresponding data packet is determined according to the random number, The valid data position is embedded into the embedded location in corresponding data packet.
In a kind of possible design, the embedded location valid data position being embedded into corresponding data packet The step of include:
Each binary digit of the valid data position is respectively embedded in the embedded location in corresponding data packet.
It is described when detecting be-encrypted data in a kind of possible design, obtain user preset in safety chip Include before the step of key:
When receiving user cipher, user key is generated according to the user cipher of reception;
The user key is stored in safety chip as preset user key.
To achieve the above object, the present invention also provides a kind of safety chip, and the safety chip includes:Processor module, Data monitoring module, memory module and the data encryption that is stored in the memory module and can be run in the processor module Program, the step as described in above-mentioned data ciphering method is realized when the data encryption program is performed by processor module.
In addition, to achieve the above object, the present invention also provides a kind of computer-readable recording medium, described computer-readable Data encryption program is stored with storage medium, such as above-mentioned data are realized when the data encryption program is performed by processor module Step described in encryption method.
The embodiment of the present invention by obtaining valid data positions according to user key, i.e., the encryption of embedded be-encrypted data because Son, and the custom instruction inputted according to user key or user determines the embedding method of embedded be-encrypted data, according to described Valid data position is embedded in be-encrypted data by embedding method, because the user cipher that user key is grasped according to user generates, and User cipher sets different and different with user, and subjectivity is larger, and embedding method is different and different with user cipher so that There is uncertainty encryption position, and encryption position is difficult to be known by the external world, improves the difficulty that cracks of encryption data, ensures Information security;In addition, embedding method can also be set according to user defined commands, because user's request is different, may set not Same embedding method so that embedding method has uncertainty, and the external world is also difficult to obtain encryption position so that encryption data is more Add and be difficult to crack;Meanwhile the number of embedded effective data bit is carried in using the positional information of valid data position as verification data According in sequence, encryption data is generated, validated user can be facilitated to decrypt.
Brief description of the drawings
Fig. 1 is the safety chip comprising modules schematic diagram for the hardware running environment that scheme of the embodiment of the present invention is related to;
Fig. 2 is the schematic flow sheet of data ciphering method first embodiment of the present invention;
Fig. 3 is the schematic diagram of the embodiment of data ciphering method one of the present invention;
Fig. 4 is the schematic flow sheet of data ciphering method 3rd embodiment of the present invention;
Fig. 5 is the schematic flow sheet of the embodiment of data ciphering method the 5th of the present invention;
Fig. 6 is by the flow chart after step S233 refinements in Fig. 5;
Fig. 7 is by the flow chart after step S235 refinements in Fig. 6.
The realization, functional characteristics and advantage of the object of the invention will be described further referring to the drawings in conjunction with the embodiments.
Embodiment
It should be appreciated that specific embodiment described herein is only used for explaining the present invention, it is not intended to limit the present invention.
As shown in figure 1, the safety chip comprising modules that Fig. 1 is the hardware running environment that scheme of the embodiment of the present invention is related to show It is intended to.
The safety chip can include:Processor module 1001, such as CPU, memory module 1002, data monitoring module 1003.Wherein, data monitoring module 1003 is used for the situation that monitoring data is sent, and data transmission situation is fed back into processor Module 1001, and trigger processor module 1001 and make command adapted thereto, data monitoring module 1003 can also call memory module 1002 are called or/and store operation, and data monitoring module 1003 can include counter, or other can realize it is above-mentioned The element of function.Memory module 1002 includes secure storage areas 1004, data buffer area 1005, and data buffer area 1005 is mainly used The data to be sent come after the interim operation of storage processor module 1001 encryption or the data to be decrypted received.Memory module 1002 can be high-speed RAM memory or stable memory (non-volatile memory), such as disk is deposited Reservoir.Memory 1002 optionally can also be the storage device independently of aforementioned processor module 1001.
It will be understood by those skilled in the art that the safety chip comprising modules shown in Fig. 1 are not formed to safety chip Restriction, can include than illustrating more or less parts or module, either combine some component models or different moulds Block is arranged.
As shown in figure 1, as data encryption journey can also be included in a kind of memory module 1002 of computer-readable storage medium Sequence.
In the safety chip shown in Fig. 1, processor module 1001 can be used for calling what is stored in memory module 1002 Data encryption program, and perform following operate:
When detecting be-encrypted data, user key preset in safety chip is obtained, and obtain the user key In valid data position;
According to the structure attribute of the user key or the custom instruction of reception, the valid data position insertion institute is determined State the embedding method of be-encrypted data;
According to the embedding method, the data bit sequence that the valid data position is embedded in the be-encrypted data corresponds to position Put;
Using the embedded location of valid data position as verification data, the verification data is carried in embedded effective data bit Data sequence on, generate encryption data.
Further, processor module 1001 can be used for calling the data encryption program stored in memory module 1002, Also perform following operate:
It is described when detecting be-encrypted data, include before the step of obtaining preset user key in safety chip:
When detecting CIPHERING REQUEST, primary encryption is carried out to initial data corresponding to CIPHERING REQUEST, it is to be encrypted to obtain Data.
Further, processor module 1001 can be used for calling the data encryption program stored in memory module 1002, Also perform following operate:
Preset user key in the acquisition safety chip, and obtain the step of the valid data position in the user key Suddenly include:
User key preset in safety chip is obtained, identifies the key data position of the user key;
Judge whether to receive the selection instruction for selecting valid data position;
If receiving selection instruction, corresponding data position is selected as effective from the key data position according to selection instruction Data bit;
If being not received by selection instruction, using the key data position of preset ratio as valid data position.
It is described according to the structure attribute of the user key or the custom instruction of reception, determine that the valid data position is embedding The step of embedding method for entering the be-encrypted data, includes:
Judge whether to receive custom instruction;
If receiving custom instruction, treated according to the custom instruction of reception determines the valid data position insertion The embedding method of encryption data;
If not receiving custom instruction, determine that the valid data position is embedding according to the structure attribute of the user key Enter the embedding method of the be-encrypted data.
The structure attribute according to the user key determines that the valid data position is embedded in the be-encrypted data The step of embedding method, includes:
The length of the user key is obtained, block length is determined according to the length of the user key;
The be-encrypted data is divided into by corresponding packet according to block length, the valid data position is embedded in Into each packet.
It is described the valid data position is embedded into the step in each packet to include:
Random number is obtained, embedded location of the valid data position in corresponding data packet is determined according to the random number, The valid data position is embedded into the embedded location in corresponding data packet.
It is described by the valid data position be embedded into corresponding data packet in embedded location the step of include:
Each binary digit of the valid data position is respectively embedded in the embedded location in corresponding data packet.
It is described when detecting be-encrypted data, include before the step of obtaining preset user key in safety chip:
When receiving user cipher, user key is generated according to the user cipher of reception;
The user key is stored in safety chip as preset user key.
Reference picture 2, in data ciphering method first embodiment of the present invention, the data ciphering method includes:
Step S10, when detecting be-encrypted data, user key preset in safety chip is obtained, and described in acquisition Valid data position in user key;
In the present embodiment, be-encrypted data can refer to the clear data completely without any encryption, can also refer to and add Close ciphertext data, as long as the data for being transmitted by safety chip or being received or storing, can turn into be added in the present embodiment Ciphertext data.Be-encrypted data, and the be-encrypted data relevant information that will be detected can be detected by data monitoring module, such as counter It is sent to processor module.
In the present embodiment, preset user key can be according to the user cipher (hereinafter referred of user's input in safety chip User cipher) generated according to the first preset rules, it is both existing when detecting be-encrypted data.For example, the first preset rules To add a generating random number user key after user cipher, user cipher 1234abcd, random number then by figuring at random Method generates, and random number is 8 here, then the key generated is 1234abcd8.
Specifically, include before step S10:
Step S50, when receiving user cipher, user key is generated according to the user cipher of reception;
Step S51, the user key is stored in safety chip as preset user key.
Safety chip is close according to the first preset rules generation user according to the user cipher after user cipher is received Key.First preset rules can be included but is not limited to by safety chip Default Value:User cipher is user key;User The combination producing user key of password and random number;The corresponding table of user cipher and user key be present, can be directly right according to this Table is answered to generate user key.
After user key generation, treated in the user key deposit safety chip of generation as preset user key Subsequent calls.
The present embodiment determines the source of user key in safety chip, i.e., is generated according to user cipher so that Yong Humi Code determines user key, and then determines the data bit of embedded be-encrypted data, and the data bit of embedded be-encrypted data is close with user Code changes and changed so that the external world is difficult to the data bit for obtaining the insertion be-encrypted data determined, and then increases data and crack Difficulty, information security are further ensured.
Valid data position in the present embodiment refers in follow-up embedding operation, the data bit being embedded into be-encrypted data, For ease of explaining, wherein single valid data position is named as encryption factor.
The valid data position in user key is obtained according to the second preset rules.Second preset rules can be by user certainly Definition is set, can also be by safety chip Default Value, and second preset rules include but is not limited to:Some spies of user key It is valid data position to determine field;All fields of user key are valid data position;Effective data bit is included in user key Selection instruction, the selection instruction determines which data are valid data positions in user key.
Step S20, according to the structure attribute of the user key or the custom instruction of reception, determine the valid data The embedding method of the embedded be-encrypted data in position;
Determined according to user key after being embedded into the valid data position of be-encrypted data, embedded rule need to be further determined that Then.Difficulty is cracked for further increase encryption data, the determination of specific embedding method also needs to be determined according to user input data, Because the uncertainty of user's input, it is ensured that the uncertainty of embedding method, and then realize that encryption data cracks carrying for difficulty It is high.
In the present embodiment, embedding method determines according to the structure attribute of user key or the custom instruction of reception, because User key is generated according to user cipher, so user key inherits the uncertainty of user cipher so that embedding method Do not know yet.Custom instruction refers to user and sets embedding method manually, includes determination, the same position insertion digit of embedded location Determination etc..The structure attribute and custom instruction of user key can determine embedding method, so all existing at the two In the case of, it is thus necessary to determine that the priority of the two so that encryption is smoothed out.
In general, the priority of custom instruction be higher than user key structure attribute, but it is some in particular cases, The structure attribute of user key can be prior to custom instruction, as custom instruction is wrong or custom instruction is unreasonable When.This priority can be by safety chip Default Value.
If currently determine that the valid data position is embedded in the embedded of be-encrypted data and advised according to the structure attribute of user key Then, then it is what to need the structure attribute for first judging currently to determine foregoing embedding method, and the structure attribute includes but is not limited to user The length of key, user key type etc..The determination of the structure attribute can be set manually by user, can also be dispatched from the factory by safety chip Set, can also be determined by safety chip built-in algorithms, the structure attribute is also changeable.
When it is determined that the structure attribute of the embedding method is the length of user key, determined according to the length of user key Embedding method include but is not limited to:Using the length of user key as block length, according to the block length by number to be encrypted According to several packets are divided into, the packet is data encryption unit, and single encryption factor is embedded in into each data point Group, and a position in be-encrypted data is only capable of an embedded encryption factor;Or packet is used as using the length of user key Number, such as the length of user key is M, be-encrypted data is m binary digit, then be-encrypted data is divided into M etc. Long group, each length of organizing is m/M, or be-encrypted data is divided into M Length discrepancy group, and block length is determined by random number, preceding It is data encryption unit to state packet, and a position in be-encrypted data can be embedded in multiple encryption factors or with user Input parameter of the length (X) of key as embedded location algorithm, the first embedded location data are obtained, then by the first embedded location Input parameter of the data as embedded location algorithm, calculate and obtain the so circulation of the second embedded location data ..., drawing X Stop embedded location algorithm when embedded location data or X*n (n=1,3,5,7 ...) individual embedded location data, it is embedding to stop acquisition Enter position data, wherein, a position is only capable of an embedded encryption factor in be-encrypted data.Wherein, the length of user key, The byte length of key can be referred to, can also refer to the bit length of key.
User key index of type word, letter, spcial character, user key may be all numeral, letter, special letter three One of person, it is also possible to the combination of the three.When it is determined that the structure attribute of the embedding method is user key type, according to The embedding method that user key type determines includes but is not limited to:If user key be all numeral, letter, spcial character three it One, then embedded location is random determination (random number), and a position of be-encrypted data is only capable of an embedded encryption factor;If with Family key is numeral, alphabetical, spcial character three combination, then embedded location is by digit, alphabetical digit, spcial character digit Three parameters determine that embedded location can be proportional to three parameters, if user key is 1234abcd*, digit 4, Alphabetical digit is 4, and spcial character digit is 1, and be-encrypted data is 1,111 1,111 1,111 1,111 1,111 1111, by insertion Station location marker is #, obtains 1111#1111#1#111 1#111 1#1#11 11#11.A position can be embedded in more in be-encrypted data Individual encryption factor.
Step S30, according to the embedding method, by the data bit sequence of the valid data position insertion be-encrypted data Row correspondence position;
It is determined that after embedding method, it is single as encryption that packet may be divided be-encrypted data according to the embedding method Position, now, the data bit sequence correspondence position that valid data position is embedded in be-encrypted data in the present embodiment is i.e. by significant figure The correspondence position of each packet is embedded according to position.Be-encrypted data may also be grouped, directly to whole be-encrypted data Sequence is encrypted.
According to the embedding method, a position in possible be-encrypted data is only capable of an embedded encryption factor (such as Fig. 3), Position that may also be in be-encrypted data can be embedded in multiple encryption factors, it is also possible to which some positions in be-encrypted data can With the multiple encryption factors of insertion, some positions are only capable of an embedded encryption factor.
According to the embedding method, the data bit sequence correspondence position of be-encrypted data may be given birth at random by random number algorithm Into may have corresponding relation between valid data position and the data bit sequence of be-encrypted data, the corresponding relation can be with By being realized to data packet sequencing.
Step S40, using the embedded location of valid data position as verification data, the verification data is carried in and is embedded with In the data sequence for imitating data bit, encryption data is generated.
, may be according to the different and different of user cipher because the determination of embedded location has very big randomness, it is also possible to It is to randomly generate.So can smoothly be decrypted after receiving the data after the encryption for validated user, the present embodiment is by significant figure According to the embedded position information of position as check information, it is loaded into the data sequence of embedded effective data bit, sends together.
The present embodiment generates user key by the user cipher grasped by user, according to the user key select encryption because The embedded be-encrypted data of son, embedding method is may further determine that according to the user key, because user key is generated by user cipher, and User cipher sets different and different with user, and subjectivity is larger, and embedding method is different and different with user cipher so that There is uncertainty encryption position, and encryption position is difficult to be known by the external world, improves the difficulty that cracks of encryption data, ensures Information security;In addition, embedding method can also be set according to user defined commands, because user's request is different, may set not Same embedding method so that embedding method has uncertainty, and the external world is also difficult to obtain encryption position so that encryption data is more Add and be difficult to crack.
Further, in data ciphering method second embodiment of the present invention, include before step S10:
Step S60, when detecting CIPHERING REQUEST, primary encryption is carried out to initial data corresponding to CIPHERING REQUEST, with To be-encrypted data.
CIPHERING REQUEST in the present embodiment can refer to WPA (Wi-Fi protections access) encryption, using AES (Advanced Encryption Standard Advanced Encryption Standards) algorithm for encryption, it can also refer to using DES (Data Encryption Standard data encryption standards) algorithm for encryption other encryption methods.
First encryption is not necessarily referring to encrypt for the first time in the present embodiment, and initial data can refer to completely without any encryption Clear data, can also refer to the ciphertext data encrypted.
In safety chip, there may be multiple encryption algorithms, multi-enciphering can be performed to data.It is of the present invention performing Before encryption method, be-encrypted data may have been carried out other cryptographic operations, and other cryptographic operations may include to use WPA (Wi-Fi protections access) encryption, i.e., encrypt using aes algorithm, it is also possible to using DES algorithms, RSA Algorithm, hash algorithm etc. It is encrypted.User can set multi-enciphering manually according to the significance level of information and determine encryption order.Also can be by default rule Surely the order of multi-enciphering is determined.
The present embodiment realizes the multi-enciphering of data, can improve number by carrying out data insertion again to encrypted data According to secret grade, improve the safe class of information.Secondly, by carrying out data according to user key preset in safety chip Insertion, the data bit of encryption is not known by stranger, greatly increases the difficulty that data are cracked.
Further, such as Fig. 4, in data ciphering method 3rd embodiment of the present invention, the acquisition safety chip in step S10 In preset user key, and include the step for obtain the valid data position in user key:
Step S11, user key preset in safety chip is obtained, identify the key data position of the user key;
Step S12, judge whether to receive the selection instruction of selection valid data position;
Step S13, if receiving selection instruction, corresponding data position is selected from the key data position according to selection instruction As valid data position;
Step S14, if being not received by selection instruction, using the key data position of preset ratio as valid data Position.
In the present embodiment, the key data position of user key refers to the binary form data bit of user key.Selection instruction The data that some certain bits are in user key can be referred to, some key data positions that can select user key are valid data Position, it is valid data position that can also select whole key data positions in user key.As selection instruction is located at the head of user key Position, user key are:871233456, then User Defined selection instruction can be obtained by parsing the user cipher, have selected behind 8 Eight-digit number word as valid data position.Selection instruction can also be set in addition by user, and the selection instruction can load close by user After the user key of code generation, such as except input user cipher, an also defeated in addition numeral, it is alternatively that have in user key Imitate the instruction of data bit.
After getting user key preset in safety chip, identification determines the key data position of the user key.Judge Whether the selection instruction that determines valid data position is received., can be directly according to the selection instruction if having received selection instruction Valid data position corresponding to selection.If being not received by selection instruction, can using the key data position of preset ratio as Valid data position.Preset ratio in the present embodiment can be set by User Defined, also can be by safety chip Default Value.In advance If the key data position of ratio refers to one times (i.e. all key data positions) or other integral multiples of all key data positions, also may be used To be non-integral multiple.
The present embodiment receives selection instruction by judging whether, true according to selection instruction if receiving selection instruction Determine valid data position so that the determination of valid data position can be determined by user, increase the uncertainty of valid data position;If do not connect Selection instruction is received, then determines valid data position by the key data position of preset ratio so that valid data position can smoothly determine, Follow-up cryptographic operation is facilitated to be smoothed out.
Further, in data ciphering method fourth embodiment of the present invention, step S20 includes:
Step S21, judge whether to receive custom instruction;
Step S22, if receiving custom instruction, determine that the valid data position is embedding according to the custom instruction of reception Enter the embedding method of the be-encrypted data;
Step S23, if not receiving custom instruction, determined according to the structure attribute of the user key described effective Data bit is embedded in the embedding method of the be-encrypted data.
Embedding method can according to the determination of custom instruction or the structure attribute of user key, the determination of embedding method according to According to necessarily there is a priority.In the present embodiment, structure attribute of the custom instruction prior to user key.The knot of user key Structure attribute certainly exists, so, when safety chip receives the custom instruction that user assigns, it should according to self-defined Instruction determines embedding method.Custom instruction includes and whether is grouped insertion, how embedded position determines, the insertion of same position The embedding method such as encryption factor number., can be directly according to user key if safety chip does not receive custom instruction Structure attribute determines the embedding method of the valid data position insertion be-encrypted data.
The present embodiment is defined it is determined that during embedding method, and custom instruction priority is higher than the structure category of user key Property so that user can directly assign custom instruction, make safety chip according to oneself when needing oneself to determine embedding method Data are encrypted the rule of definition;So that encryption rule retains certain flexibility, user's request is more bonded, can be carried Consumer's Experience is risen, meanwhile, because embedding method can be by User Defined so that embedding method retains a certain degree of uncertain Property, the external world can not obtain embedding method easily, increase and crack difficulty.
Further, such as Fig. 5, in the embodiment of data ciphering method the 5th of the present invention, according to user key in step S23 Structure attribute determines that the step for embedding method of the valid data position insertion be-encrypted data includes:
Step S231, the length of the user key is obtained, block length is determined according to the length of the user key;
Step S232, the be-encrypted data is divided into by corresponding packet according to block length;
Step S233, the valid data position is embedded into each packet.
When determining that the valid data position is embedded in the embedding method of be-encrypted data according to the structure attribute of user key, First to obtain the structure attribute for determining the embedding method.In the present embodiment, the structure attribute for determining the embedding method is use The length of family key.The length of the user key can refer to the byte length of user key, can also refer to the bit length of user key Degree.The length of the user key is obtained, block length is determined according to the length of the user key.Block length, which refers to, will subsequently treat Block length when encryption data is grouped, if block length is N, then be-encrypted data is divided according to every N bits Group.The 3rd preset rules are followed when determining block length according to the length of user key, the 3rd preset rules can be by safe core Piece Default Value, include but is not limited to following rule:Can be that the length of user key is equal to block length or user The length of key is proportional to block length.
After block length is determined, be-encrypted data is divided into by corresponding packet according to block length.
The present embodiment can be easier to determine data insertion position by the way that be-encrypted data is divided into corresponding packet Put, save memory source, improve encryption efficiency.
Specifically, as Fig. 6, step S233 include:
Step S234, random number is obtained, determine the valid data position in corresponding data packet according to the random number Embedded location;
Step S235, the valid data position is embedded into the embedded location in corresponding data packet.
It is determined that during the specific embedded location of be-encrypted data, embedded location can be determined at random by random number.It can be directed to The whole data bit sequence generation random number of be-encrypted data, also can by after packet, for each packet generation with Machine number, and then determine embedded location.In the present embodiment, after be-encrypted data is carried out into packet according to block length, enter One step determines embedded location.In each packet, obtain according to random number algorithm or at other generating random numbers with Machine number, determine the embedded location of each packet.The embedded location of each packet can be one or more, i.e., each Packet can obtain one or more random numbers.
For example, the block length of all packets is 6, embedded position is determined for first packet (such as 101010) Put, first packet shares 5 positions and can be inserted into data, obtains random number 2, then it is embedding to correspond to effective data bit (such as 1) Enter the 2nd position of first packet, obtain the data (1011010) after insertion.
The present embodiment is determined the embedded location in each packet by random number, i.e. embedded location determines at random so that In the case where embedding method determines, embedded location is still that random determination is i.e. uncertain so that the external world can not obtain easily to be added Close processing data position, and then lifted and crack difficulty;In addition, random number is for the packet generation random number after packet, phase Random number is generated compared with the whole data bit sequence for be-encrypted data, it is clear that the former operand is smaller, can lift data and add Close efficiency and data transmission efficiency.
Specifically, such as Fig. 7, in the present embodiment, step S235 includes:
Step S236, each binary digit of the valid data position is respectively embedded in embedding in corresponding data packet Enter position.
Before valid data position is embedded into be-encrypted data, it is thus necessary to determine that be that embedded same position is valid data One or numerical digit in position, or can.In the present embodiment, each binary system of valid data position is respectively embedded in Every binary system of each packet, i.e. valid data position corresponds to different pieces of information packet, every time an embedded binary data Position.
The present embodiment determines that each binary system is respectively embedded into diverse location, further determines that embedding method.So that data Encryption efficiency is higher.
To cause the present embodiment to be more readily understood, now give an actual example explanation, proposes sixth embodiment.
In the sixth embodiment, user key is equal to user cipher;Determine the length for user key of embedding method; All binary digit data of user key are all valid data position;One position is only capable of inserting an encryption factor.
Before the progress of all encrypting steps, safety chip receives user cipher, and the user cipher is stored in into safe core As preset user key in the secure storage areas of piece, AES is also stored with the secure storage areas.User key Byte length is N (N is probably the numerals of 6-18 positions, letter, spcial character, or the combination of three types), then user key by N*8 positions binary system composition.
Step S71, when counter (data monitoring module example) detects that data are ready for sending, trigger signal gives CPU (places Manage device module example) prepare encryption;
Step S72, CPU obtain user key preset in safety chip, and all binary digits of the user key are to have Imitate data bit;
The byte length N of user key, is sent to by the AES in step S73, CPU calling secure storage areas first Counter, be-encrypted data deposit data buffer area;
Step S74, counter are successively divided the be-encrypted data in data buffer area according to every N bits Group, then these packets are sorted successively according to from 1 to N*8, if aforementioned groupings more than N*8, from (N*8+1) individual packet Start, sorted successively from 1 to N*8 again, if aforementioned groupings more than 2*N*8, repeat the foregoing behaviour that sorted successively from 1 to N*8 Make, until packet has all been sorted;
Step S75, each binary system of the binary payload data position of N*8 positions is given into previous step successively and corresponds to sequence Number packet, the packet of serial number 1, the data point of the serial number 1 are given in such as first binary payload data position Group may be one or more, and the packet of serial number 2, the number of the serial number 2 are given in second binary payload data position May be one or more according to packet;
Step S76, insertion position of each binary digit in corresponding data packet are calculated by being encrypted in secure storage areas Random number production position in method is obtained, and caused positional information is returned into secure storage areas storage by counter;
Data sequence by data insertion is stored in data buffer area, and the position that will insert data by step S77, CPU Confidence ceases to be carried in data as the verification data of the data sequence, is generated encryption data, is sent.
Step S78, receiving device after encryption data is received, if according to the length of user key, and combining encryption The verification data of data, data can be decrypted, reduce effective information.
In addition, the embodiment of the present invention also proposes a kind of computer-readable recording medium, the computer-readable recording medium On be stored with data encryption program, the data encryption program realizes step described in above-described embodiment when being performed by processor module Suddenly.
It should be noted that herein, term " comprising ", "comprising" or its any other variant are intended to non-row His property includes, so that process, method, article or system including a series of elements not only include those key elements, and And also include the other element being not expressly set out, or also include for this process, method, article or system institute inherently Key element.In the absence of more restrictions, the key element limited by sentence "including a ...", it is not excluded that including this Other identical element also be present in the process of key element, method, article or system.
The embodiments of the present invention are for illustration only, do not represent the quality of embodiment.
Through the above description of the embodiments, those skilled in the art can be understood that above-described embodiment side Method can add the mode of required general hardware platform to realize by software, naturally it is also possible to by hardware, but in many cases The former is more preferably embodiment.Based on such understanding, technical scheme is substantially done to prior art in other words Going out the part of contribution can be embodied in the form of software product, and the computer software product is stored in one as described above In storage medium (such as ROM/RAM, magnetic disc, CD), including some instructions to cause a station terminal equipment (can be mobile phone, Computer, server, air conditioner, or network equipment etc.) perform method described in each embodiment of the present invention.
The preferred embodiments of the present invention are these are only, are not intended to limit the scope of the invention, it is every to utilize this hair The equivalent structure or equivalent flow conversion that bright specification and accompanying drawing content are made, or directly or indirectly it is used in other related skills Art field, is included within the scope of the present invention.

Claims (10)

1. a kind of data ciphering method, it is characterised in that the data ciphering method includes:
When detecting be-encrypted data, user key preset in safety chip is obtained, and obtain in the user key Valid data position;
According to the structure attribute of the user key or the custom instruction of reception, determine to treat described in the valid data position insertion The embedding method of encryption data;
According to the embedding method, by the data bit sequence correspondence position of the valid data position insertion be-encrypted data;
Using the embedded location of valid data position as verification data, the verification data is carried in the number for being embedded in effective data bit According in sequence, encryption data is generated.
2. data ciphering method as claimed in claim 1, it is characterised in that it is described when detecting be-encrypted data, obtain Include before the step of preset user key in safety chip:
When detecting CIPHERING REQUEST, primary encryption is carried out to initial data corresponding to CIPHERING REQUEST, to obtain be-encrypted data.
3. data ciphering method as claimed in claim 1, it is characterised in that preset user is close in the acquisition safety chip Key, and include the step of obtain the valid data position in the user key:
User key preset in safety chip is obtained, identifies the key data position of the user key;
Judge whether to receive the selection instruction for selecting valid data position;
If receiving selection instruction, corresponding data position is selected as valid data from the key data position according to selection instruction Position;
If being not received by selection instruction, using the key data position of preset ratio as valid data position.
4. data ciphering method as claimed in claim 1, it is characterised in that the structure attribute according to the user key Or the custom instruction received, determine that the step of valid data position is embedded in the embedding method of the be-encrypted data includes:
Judge whether to receive custom instruction;
If receiving custom instruction, determine that the valid data position insertion is described to be encrypted according to the custom instruction of reception The embedding method of data;
If not receiving custom instruction, determine that the valid data position is embedded in institute according to the structure attribute of the user key State the embedding method of be-encrypted data.
5. data ciphering method as claimed in claim 4, it is characterised in that the structure attribute according to the user key Determine that the step of valid data position is embedded in the embedding method of the be-encrypted data includes:
The length of the user key is obtained, block length is determined according to the length of the user key;
The be-encrypted data is divided into by corresponding packet according to block length, the valid data position is embedded into respectively In individual packet.
6. data ciphering method as claimed in claim 5, it is characterised in that it is described the valid data position is embedded into it is each Step in packet includes:
Random number is obtained, embedded location of the valid data position in corresponding data packet is determined according to the random number, by institute State the embedded location that valid data position is embedded into corresponding data packet.
7. data ciphering method as claimed in claim 6, it is characterised in that described to be embedded into the valid data position correspondingly The step of embedded location in packet, includes:
Each binary digit of the valid data position is respectively embedded in the embedded location in corresponding data packet.
8. data ciphering method as claimed in claim 1, it is characterised in that it is described when detecting be-encrypted data, obtain Include before the step of preset user key in safety chip:
When receiving user cipher, user key is generated according to the user cipher of reception;
The user key is stored in safety chip as preset user key.
9. a kind of safety chip, it is characterised in that the safety chip includes:Processor module, data monitoring module, storage mould Block and the data encryption program that is stored in the memory module and can be run in the processor module, the data encryption journey The step of data ciphering method as any one of claim 1 to 8 is realized when sequence is performed by processor module.
10. a kind of computer-readable recording medium, it is characterised in that be stored with data on the computer-readable recording medium and add Close program, the data encryption as any one of claim 1 to 8 is realized when the data encryption program is executed by processor The step of method.
CN201710655216.5A 2017-08-03 2017-08-03 Data ciphering method, safety chip and computer-readable recording medium Pending CN107359989A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710655216.5A CN107359989A (en) 2017-08-03 2017-08-03 Data ciphering method, safety chip and computer-readable recording medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710655216.5A CN107359989A (en) 2017-08-03 2017-08-03 Data ciphering method, safety chip and computer-readable recording medium

Publications (1)

Publication Number Publication Date
CN107359989A true CN107359989A (en) 2017-11-17

Family

ID=60287400

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710655216.5A Pending CN107359989A (en) 2017-08-03 2017-08-03 Data ciphering method, safety chip and computer-readable recording medium

Country Status (1)

Country Link
CN (1) CN107359989A (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109450642A (en) * 2018-11-05 2019-03-08 郑州云海信息技术有限公司 The treating method and apparatus of network ciphertext data
CN110401941A (en) * 2019-07-16 2019-11-01 恒宝股份有限公司 Data cached method for managing security in a kind of esim card
CN111883108A (en) * 2020-07-06 2020-11-03 珠海格力电器股份有限公司 Password embedding method and device, password matching method and device and control system
CN113886863A (en) * 2021-12-07 2022-01-04 成都中科合迅科技有限公司 Data encryption method and data encryption device
CN114553552A (en) * 2022-02-24 2022-05-27 北京小米移动软件有限公司 Data encryption method and device, data decryption method and device and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140229731A1 (en) * 2013-02-13 2014-08-14 Security First Corp. Systems and methods for a cryptographic file system layer
CN105184179A (en) * 2015-11-05 2015-12-23 深圳市凯祥源科技有限公司 Embedded encrypted mobile storage device and operation method thereof
CN106301759A (en) * 2015-06-25 2017-01-04 中兴通讯股份有限公司 A kind of method of data encryption, the method and device of deciphering
CN106506487A (en) * 2016-11-03 2017-03-15 武汉斗鱼网络科技有限公司 A kind of information Encrypt and Decrypt method and device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140229731A1 (en) * 2013-02-13 2014-08-14 Security First Corp. Systems and methods for a cryptographic file system layer
CN106301759A (en) * 2015-06-25 2017-01-04 中兴通讯股份有限公司 A kind of method of data encryption, the method and device of deciphering
CN105184179A (en) * 2015-11-05 2015-12-23 深圳市凯祥源科技有限公司 Embedded encrypted mobile storage device and operation method thereof
CN106506487A (en) * 2016-11-03 2017-03-15 武汉斗鱼网络科技有限公司 A kind of information Encrypt and Decrypt method and device

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109450642A (en) * 2018-11-05 2019-03-08 郑州云海信息技术有限公司 The treating method and apparatus of network ciphertext data
CN110401941A (en) * 2019-07-16 2019-11-01 恒宝股份有限公司 Data cached method for managing security in a kind of esim card
CN110401941B (en) * 2019-07-16 2021-12-21 恒宝股份有限公司 Cache data security management method in esim card
CN111883108A (en) * 2020-07-06 2020-11-03 珠海格力电器股份有限公司 Password embedding method and device, password matching method and device and control system
CN113886863A (en) * 2021-12-07 2022-01-04 成都中科合迅科技有限公司 Data encryption method and data encryption device
CN114553552A (en) * 2022-02-24 2022-05-27 北京小米移动软件有限公司 Data encryption method and device, data decryption method and device and storage medium

Similar Documents

Publication Publication Date Title
CN107359989A (en) Data ciphering method, safety chip and computer-readable recording medium
CN104917766B (en) A kind of two-dimension code safe authentication method
CN110266682B (en) Data encryption method and device, mobile terminal and decryption method
US20170302646A1 (en) Identity authentication method and apparatus
CN104484596B (en) The method and terminal of password are created in multiple operating system
CN109150835A (en) Method, apparatus, equipment and the computer readable storage medium of cloud data access
CN105101183B (en) The method and system that privacy content on mobile terminal is protected
CN102682506A (en) Intelligent Bluetooth door access control method and device based on symmetric cryptographic technique
CN112580072B (en) Data set intersection method and device
CN106817358A (en) The encryption and decryption method and equipment of a kind of user resources
CN106911712B (en) Encryption method and system applied to distributed system
CN110061967A (en) Business datum providing method, device, equipment and computer readable storage medium
CN106453321A (en) Authentication server, system and method, and to-be-authenticated terminal
CN105187382A (en) Multi-factor identity authentication method for preventing library collision attacks
CN107196919A (en) A kind of method and apparatus of matched data
CN107493171A (en) Wireless radios, certificate server and authentication method
CN1910531A (en) Method and system used for key control of data resource, related network and computer program product
CN115883052A (en) Data encryption method, data decryption method, device and storage medium
CN106685644A (en) Communication encryption method, apparatus, gateway, server, intelligent terminal and system
CN107872315B (en) Data processing method and intelligent terminal
CN105306200B (en) The encryption method and device of network account password
KR101246339B1 (en) System and method using qr code for security authentication
CN109218251A (en) A kind of authentication method and system of anti-replay
CN104883341A (en) Application management device, terminal and application management method
CN113794702A (en) Communication high-level encryption method in intelligent household system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20171117