CN109800588B - Dynamic bar code encryption method and device and dynamic bar code decryption method and device - Google Patents

Dynamic bar code encryption method and device and dynamic bar code decryption method and device Download PDF

Info

Publication number
CN109800588B
CN109800588B CN201910067682.0A CN201910067682A CN109800588B CN 109800588 B CN109800588 B CN 109800588B CN 201910067682 A CN201910067682 A CN 201910067682A CN 109800588 B CN109800588 B CN 109800588B
Authority
CN
China
Prior art keywords
encryption
decryption
algorithm
key
dictionary
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910067682.0A
Other languages
Chinese (zh)
Other versions
CN109800588A (en
Inventor
瞿国春
李富强
郑贺悦
彭海丽
邱彬
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ministry Of Industry And Information Technology Equipment Industry Development Center
Original Assignee
Ministry Of Industry And Information Technology Equipment Industry Development Center
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ministry Of Industry And Information Technology Equipment Industry Development Center filed Critical Ministry Of Industry And Information Technology Equipment Industry Development Center
Priority to CN201910067682.0A priority Critical patent/CN109800588B/en
Publication of CN109800588A publication Critical patent/CN109800588A/en
Application granted granted Critical
Publication of CN109800588B publication Critical patent/CN109800588B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Abstract

The invention relates to a dynamic bar code encryption method and device and a dynamic bar code decryption method and device. The encryption method comprises the following steps: acquiring digital information to be encrypted; acquiring a key required by encryption dynamically generated by an encryption and decryption dictionary, and dynamically generating an encryption algorithm generator required by the encryption; and encrypting the digital information by using the encryption algorithm generator to obtain a ciphertext corresponding to the digital information. The bar code dynamic encryption method and device, and the bar code dynamic decryption method and device adopt a centralized private network or VPN shared encryption and decryption algorithm and key mode to perform dynamic management of encryption and decryption modes, and further enhance the security, integrity and reliability of data transmission.

Description

Dynamic bar code encryption method and device and dynamic bar code decryption method and device
Technical Field
The invention relates to the technical field of information security, in particular to a dynamic bar code encryption method and device and a dynamic bar code decryption method and device.
Background
With the rapid development of national economy, automobiles gradually become necessities of people's lives, and the automobile industry rapidly develops to become an important support for national economy. The data shows that by 2017, the quantity of motor vehicles in China is up to 3.10 hundred million, wherein 2.17 hundred million vehicles are kept, the number of motor vehicle drivers is up to 3.85 hundred million people, and the number of motor vehicle drivers is 3.42 hundred million people. In recent years, under the background of internet + and big data, the digitization, networking and intellectualization of automobile industry management in each link are continuously promoted, and data security becomes one of important tasks of the internet security guarantee of the automobile industry.
Taking handling of automobile tax payment and registration as an example, after an automobile is produced and is off-line and is qualified through inspection, an automobile enterprise needs to transmit vehicle data to a competent department and issues paper certificates (including bar code information) such as a motor vehicle delivery certificate, a vehicle production consistency certificate, an environment-friendly vehicle-mounted list book and the like, wherein the bar code information of the motor vehicle delivery certificate is encrypted information and needs to be identified and read by using specific software, and the discussion is carried out based on the data encryption and interaction mode of the certificate. The administrative department and the administrative department or other related users finish electronic data exchange, and the users read the electronic data of the vehicle by scanning the two-dimensional bar code of the certificate, check the legality of the data of the vehicle and transact related follow-up procedures for the vehicle owners. Information encryption technology in data transmission is an important guarantee for data security. Currently, with the development and progress of information technology, the risk of cracking the data encryption method is increased sharply, so as to further enhance the security, integrity and reliability of data transmission.
Disclosure of Invention
The technical problem to be solved by the invention is to provide a method and a device for dynamically encrypting a bar code and a method and a device for dynamically decrypting the bar code, wherein a centralized private network or VPN (virtual private network) sharing encryption and decryption algorithm and a secret key mode are adopted to carry out dynamic management on an encryption and decryption mode, so that the safety, the integrity and the reliability of data transmission are further enhanced.
In order to solve the technical problem, the invention provides a dynamic bar code encryption method, which comprises the following steps: acquiring digital information to be encrypted; acquiring a key required by encryption dynamically generated by an encryption and decryption dictionary, and dynamically generating an encryption algorithm generator required by the encryption; and encrypting the digital information by using the encryption algorithm generator to obtain a ciphertext corresponding to the digital information.
As an improvement of the technical scheme of the invention, unique algorithm serial numbers are given to encryption and decryption processes of different algorithms, a corresponding relation is established, and the encryption and decryption dictionary is formed, comprises encryption and decryption rules, and is called in three modes of private network sharing, offline copying, non-network mode and common server use.
As an improvement of the technical solution of the present invention, after dynamically generating an encryption algorithm generator to be used for encryption, before encrypting the digital information by using the encryption algorithm generator to obtain a ciphertext corresponding to the digital information, the method further includes: carrying out Hash operation on the digital information to obtain an information abstract; and encrypting the message digest using the key to obtain a digital signature and attaching the digital signature to the digital message.
As an improvement of the technical solution of the present invention, after acquiring digital information to be encrypted, before acquiring a key required for encryption generated by an encryption dictionary, the method further includes: determining a type of an encryption algorithm, wherein the type of the encryption algorithm comprises: a symmetric encryption algorithm and an asymmetric encryption algorithm; if the type of the encryption algorithm is an asymmetric encryption algorithm, acquiring a key required by encryption generated by an encryption and decryption dictionary and generating an encryption algorithm generator required by the encryption, wherein the encryption algorithm generator comprises: acquiring a private key and a public key generated by the encryption and decryption dictionary, and generating an encryption algorithm generator required to be used for encryption according to the type and the public key of the asymmetric encryption algorithm; if the type of the encryption algorithm is a symmetric encryption algorithm, acquiring a key required by encryption generated by an encryption and decryption dictionary and generating an encryption algorithm generator required by the encryption, wherein the encryption algorithm generator comprises: acquiring a symmetric key generated by the encryption and decryption dictionary, and generating an encryption algorithm generator required to be used for encryption according to the type of the symmetric encryption algorithm and the symmetric key; if the type of encryption algorithm is an asymmetric encryption algorithm, encrypting the message digest with the key to obtain a digital signature, and appending the digital signature to the digital message, including: encrypting the information digest by using the public key to obtain a digital signature, and attaching the digital signature to the digital information; if the type of encryption algorithm is a symmetric encryption algorithm, encrypting the message digest with the key to obtain a digital signature, and attaching the digital signature to the digital message, comprising: the message digest is encrypted using a symmetric key to obtain a digital signature, and the digital signature is appended to the digital message.
In addition, the invention also provides a dynamic bar code decryption method, which comprises the following steps: obtaining a ciphertext to be decrypted; acquiring a key which is generated by the encryption and decryption dictionary and is needed for decrypting the ciphertext; and acquiring a decryption algorithm generator required to be used for decryption according to the secret key, and decrypting the ciphertext through the decryption algorithm generator.
As an improvement of the technical scheme of the invention, unique algorithm serial numbers are given to encryption and decryption processes of different algorithms, a corresponding relation is established, and the encryption and decryption dictionary is formed and comprises encryption and decryption rules, and the encryption and decryption dictionary is called by three modes, namely a dedicated network sharing mode, an off-line copying non-network mode and a common server.
As an improvement of the technical solution of the present invention, after obtaining a decryption algorithm generator to be used for decryption according to the secret key and decrypting the ciphertext by the decryption algorithm generator, the method further includes: decrypting the digital signature to obtain an information abstract; carrying out Hash operation on the digital information to obtain a reference information abstract; and comparing the information digest with the reference information digest to judge whether the ciphertext is tampered.
As an improvement of the technical solution of the present invention, after obtaining a ciphertext to be decrypted, before obtaining a key generated by the encryption dictionary and required for decrypting the ciphertext, the method further includes: judging the type of a decryption algorithm, wherein the decryption algorithm comprises the following steps: a symmetric decryption algorithm and an asymmetric decryption algorithm; if the decryption algorithm is an asymmetric decryption algorithm, acquiring a key which is generated by the encryption dictionary and is needed for decrypting the ciphertext, wherein the key comprises the following steps: obtaining a private key which is generated by the encryption dictionary and is needed for decrypting the ciphertext; if the decryption algorithm is a symmetric decryption algorithm, acquiring a key generated by the encryption dictionary and needed for decrypting the ciphertext, comprising: acquiring a symmetric key which is generated by the encryption dictionary and is needed for decrypting the ciphertext; if the decryption algorithm is an asymmetric decryption algorithm, a decryption algorithm generator which is needed to be used for decryption is obtained according to the secret key, and the ciphertext is decrypted through the decryption algorithm generator to obtain the digital information with the digital signature, wherein the decryption algorithm generator comprises the following steps: acquiring a decryption algorithm generator required to be used for decryption according to the private key, and decrypting the ciphertext through the decryption algorithm generator to obtain digital information with a digital signature; if the decryption algorithm is a symmetric decryption algorithm, a decryption algorithm generator which is needed to be used for decryption is obtained according to the secret key, and the ciphertext is decrypted through the decryption algorithm generator to obtain digital information with an attached digital signature, wherein the decryption algorithm generator comprises the following steps: and acquiring a decryption algorithm generator required to be used for decryption according to the symmetric key, and decrypting the ciphertext through the decryption algorithm generator to obtain the digital information attached with the digital signature.
In addition, the invention also provides a bar code dynamic encryption device, which comprises: one or more processors; a storage device for storing one or more programs which, when executed by the one or more processors, cause the one or more processors to implement the barcode dynamic encryption method as described above.
In addition, the invention also provides a bar code dynamic decryption device, which comprises: one or more processors: a storage device for storing one or more programs, which when executed by the one or more processors, cause the one or more processors to implement the barcode dynamic decryption method as described above.
After adopting such design, the invention has at least the following advantages:
the encryption and decryption mode is dynamically managed by adopting a centralized private network or VPN shared encryption and decryption algorithm and key, so that the security, integrity and reliability of data transmission are further enhanced.
Drawings
The foregoing is only an overview of the technical solutions of the present invention, and in order to make the technical solutions of the present invention more clearly understood, the present invention is further described in detail below with reference to the accompanying drawings and the detailed description.
FIG. 1 is a network architecture diagram of a network sharing an encryption/decryption dictionary through a private network according to the present invention;
FIG. 2 is a flow chart of the digital signature process of the present invention;
FIG. 3 is a flow chart of the dynamic encryption scheme of the present invention based on a private network;
FIG. 4 is a system architecture diagram of an application system of the present invention based on a dynamic encryption scheme for private networks;
FIG. 5 is a block diagram of a dynamic barcode encryption device and a dynamic barcode decryption device according to the present invention.
Detailed Description
The preferred embodiments of the present invention will be described in conjunction with the accompanying drawings, and it will be understood that they are described herein for the purpose of illustration and explanation and not limitation.
The information encryption technology is a technology for protecting electronic information during transmission and in a storage body by using mathematical or physical means so as to prevent leakage. Key management is the most troublesome problem when using encryption algorithms in information encryption technology, and it not only relates to how to securely distribute key values to all parties, but also relates to the problems of management of the life cycle of keys, what measures should be taken when keys are broken, and the like. According to the internationally prevailing practice, the two key receiving and sending standards are divided into two main categories: one is a symmetric encryption algorithm, which is characterized in that the recipient and the sender use the same key, i.e. the encryption key and the decryption key are the same or equivalent. Typical symmetric Encryption algorithms include a DES (Data Encryption Standard) algorithm and a Triple DES (Triple DES) and a GDES (generalized DES); IDEA in Europe; FEAL N, RC5, etc. in japan, among which the most influential is the DES cipher. Symmetric encryption algorithms have the advantage of strong security strength and withstand time-consuming verifications and attacks, but the keys must be transmitted through a secure way. Therefore, key management thereof becomes an important factor for system security. The other is a public key encryption algorithm (also called asymmetric encryption algorithm). It is characterized in that the keys used by the recipient and the sender are different from each other and it is almost impossible to derive the decryption key from the encryption key. The well-known public key cryptographic algorithms RSA, the knapsack cipher, the McElience cipher, Diffie-Hellman, Rabin, Ong Fiat Shamir, the zero proof of knowledge algorithm, elliptic curve, EIGamal algorithm, etc. The most influential public key cryptographic algorithm is RSA, which is resistant to all cryptographic attacks known so far. The public key cryptography has the advantages of being capable of adapting to the openness requirement of a network, simple in key management problem and particularly capable of conveniently realizing digital signature and verification. But the algorithm is complex and the rate of encrypting data is low.
In the two-dimensional barcode encryption technology used in various fields, the encryption and decryption process is usually implemented based on one of the above encryption algorithms. One of the cores of the high security of the encryption method designed herein is to establish a dynamic cryptosystem in a private network environment, i.e., a plurality of encryption algorithms are incorporated in the system, including symmetric encryption algorithms such as DES, IDEA, and the like, and may also include asymmetric encryption algorithms such as RSA, ECC, Diffie-Hellman, ElGamal, and the like. The system endows the encryption and decryption processes of different algorithms with unique algorithm serial numbers and establishes a corresponding relation to form an encryption and decryption dictionary, the unique encryption algorithm is randomly called by the system to encrypt the information encryption process of the sender, and the encryption and decryption dictionary is called by the receiver in a special network sharing, off-line copying non-network mode and a common server, so that the encryption and decryption processes of the dynamic password are realized. The structure in which the encryption and decryption dictionaries are shared via a private network is shown in fig. 1.
The encryption and decryption dictionary is a precondition for realizing dynamic password management, and has information of all encryption servers and decryption servers. If an encryption server (or decryption server) is newly added, the encryption/decryption dictionary must be updated. If an encryption server (or decryption server) is abandoned, the encryption and decryption dictionary is updated, but the abandoned server information cannot be deleted, which aims to be compatible with the generated encrypted data.
Meanwhile, the encryption and decryption dictionary must contain encryption and decryption rules. The encryption server may request the encryption/decryption dictionary to generate a new encrypted record containing the key required for encryption and the public key of the encryption server. The decryption server may query the encryption and decryption dictionary to obtain the key required for decryption and the public key of the encryption server.
In order to further improve the data security performance while establishing a dynamic encryption system for carrying out security protection scheme on important data, a digital signature technology of one-way authentication based on an asymmetric encryption algorithm is adopted in the dynamic encryption scheme for verifying whether message information sent between a sender and a receiver is tampered.
The digital signature technique is to encrypt the digest information with the sender's private key and transmit it to the receiver together with the original text. The receiver can decrypt the encrypted digest information only by using the public key of the sender, and then generates a digest information for the received original text by using the HASH function, and compares the digest information with the decrypted digest information. If the two information are the same, the received information is complete and is not modified in the transmission process, otherwise, the information is modified, and therefore the digital signature can verify the integrity of the information. Digital signature is an encryption process and digital signature verification is a decryption process. The process of digital signature is shown in fig. 2:
the system usage flow of the dynamic encryption scheme based on the private network is shown in fig. 3:
when the communication is carried out between the industry administration and other users, the data information encryption process is as follows:
the encryption engine (decryption engine) has own private key and public key, and can access the public key of the encryption and decryption dictionary and the encryption and decryption rules of the encryption and decryption dictionary.
The encryption engine (decryption engine) has a plurality of encryption algorithm generators (decryption algorithm generators).
The encryption and decryption are carried out according to the following steps:
01. the encryption engine obtains the digital information (plaintext) to be encrypted.
02. The encryption engine accesses the encryption and decryption dictionary and determines which encryption scheme to use, and if so, the asymmetric encryption scheme. Jump to step 03, otherwise jump to step 12.
03. The encryption and decryption dictionary generates a Public Key (PK) and a private key (SK) required by the encryption and decryption, and the encryption engine generates an encryption algorithm generator used for encryption according to the type and PK of the encryption algorithm.
04. The encryption engine performs hash operation on the digital information to obtain an information abstract.
05. The encryption engine encrypts the message digest by using its own private key to obtain a digital signature of the encryption engine, and attaches the digital signature to the digital message.
06. And the encryption engine encrypts the digital information by using the encryption algorithm generator to obtain an encrypted ciphertext. The cipher text is added with the number of the encryption and decryption rule of this time (the encryption and decryption dictionary understands the meaning of the number), and the final encrypted data is obtained.
07. After the decryption engine obtains the encrypted data, the encryption and decryption dictionary is accessed, and the decryption mode (now determined to be the asymmetric encryption and decryption mode), the SK for decryption and the encryption engine public key are determined according to the encryption and decryption rule number attached to the encrypted data.
08. The decryption engine generates a decryption algorithm generator to be used for decryption based on the type of decryption algorithm and the SK. And the ciphertext is decrypted to obtain the plaintext.
09. The decryption engine decrypts the digital signature of the encryption engine by using the public key of the encryption engine to obtain the message digest.
10. And the decryption engine performs hash operation on the obtained plaintext again by using the same hash algorithm to obtain a new information abstract.
11. The decryption engine compares the obtained message digest with the newly generated message digest and, if they are consistent, indicates that the received message has not been modified.
12. The encryption and decryption dictionary generates a key CK required by the encryption and decryption, and the encryption engine generates an encryption algorithm generator used for encryption according to the type of the encryption algorithm and the CK.
13. The encryption engine performs hash operation on the digital information to obtain an information abstract.
14. The encryption engine encrypts the message digest by using its own private key to obtain a digital signature of the encryption engine, and attaches the digital signature to the digital message.
15. And the encryption engine encrypts the digital information by using the encryption algorithm generator to obtain an encrypted ciphertext. The cipher text is added with the number of the encryption and decryption rule of this time (the encryption and decryption dictionary understands the meaning of the number), and the final encrypted data is obtained.
16. After the decryption engine obtains the encrypted data, the encryption and decryption dictionary is accessed, and the decryption mode (which is determined to be the symmetric encryption and decryption mode at present) used, the CK for decryption and the encryption engine public key are determined according to the encryption and decryption rule number attached to the encrypted data.
17. The decryption engine generates a decryption algorithm generator to be used for decryption based on the type of decryption algorithm and the CK. And the ciphertext is decrypted to obtain the plaintext.
18. The decryption engine decrypts the digital signature of the encryption engine by using the public key of the encryption engine to obtain the message digest.
19. And the decryption engine performs hash operation on the obtained plaintext again by using the same hash algorithm to obtain a new information abstract.
20. The decryption engine compares the obtained message digest with the newly generated message digest and, if they are consistent, indicates that the received message has not been modified.
21. And comparing the decrypted data with the electronic information after data exchange according to a rule, and determining whether the decrypted data passes the system verification of a user or not according to the rule.
The dynamic encryption scheme based on the special network is not limited to the management application of the automobile industry, and is also suitable for the scene that data encryption bar code information exists in a paper certificate, and the encrypted two-dimensional bar code needs to be checked and compared with the paper information in the using link. The basic application scenario is shown in fig. 4, and the application process is as follows:
1. and the enterprise user uploads the data through the certificate distribution computer.
2. And the encryption server selects an encryption method and necessary factors required by the encryption method, such as vectors, Key fingers and the like, from the encryption dictionary according to rules.
3. The encrypted data is transmitted back to the distributing computer in a conventional manner.
4. And the distribution computer prints the related information to the paper voucher according to the convention.
5. In the verification and comparison link, a user sends a request to a decryption server through a terminal from a management mechanism.
6. And transmitting the decrypted data to the application server in an agreed manner, transmitting the decrypted data to the application client in an agreed manner, and displaying the decrypted data to terminal office staff and consumers or using users.
The dynamic encryption scheme established based on the private network is different from the decentralized thought of various distributed systems which are popular at present. Aiming at the data application characteristics and security level requirements in industrial management, a strong central node is required to be formed through a private network, because the core of the whole system is well controlled, the system is basically closed, external interfaces cannot access internal data, and internal structures cannot be seen, so that the confidentiality is greatly improved. Because the interface exposed to the outside is very limited, the outside is difficult to invade the inside of the system, and even if data is cracked, the influence is also very limited. Meanwhile, the implementation mode has the advantages of strong expansibility, easy adjustment, compatibility with old data and the like.
In addition, in the scheme, digital signatures are adopted for both symmetric encryption algorithm and asymmetric encryption algorithm, so that the integrity of data information transmission is ensured, the identity authentication of a data information sender is realized, the non-repudiation of data information is ensured, and the development of industry supervision work by an industry administrative department and related users is facilitated.
The encryption server generally has only one encryption and decryption dictionaries, and the encryption and decryption dictionaries generally have two types: one is used for encrypting and decrypting the dictionary of the data, one is the encryption and decryption dictionary of the management encryption and decryption server, wherein the encryption and decryption dictionary of the management encryption and decryption server must be the asymmetric encryption mode, the encryption and decryption dictionary used for encrypting and decrypting the data can be symmetric or asymmetric encryption; but to verify the data, the data is readable so both encryption modes must be reversible; the encryption server typically keeps a private key of an encryption/decryption dictionary for encrypting/decrypting data, and the public key is installed on the decryption server. Once the encryption server is switched, a new public key of the encryption and decryption dictionary needs to be issued again, the original private key encryption of the encryption and decryption dictionary is stopped, and the decryption function of the encryption and decryption dictionary of the divulgence server is reserved.
FIG. 5 is a block diagram of a dynamic bar code encryption device according to the present invention. Referring to fig. 5, the barcode dynamic encryption apparatus includes: a Central Processing Unit (CPU)501 that can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM) or a program loaded from a storage section 508 into a Random Access Memory (RAM) 503. In the RAM 503, various programs and data necessary for system operation are also stored. The CPU 501, ROM 502, and RAM 503 are connected to each other via a bus 504. An input/output (I/O) interface 505 is also connected to bus 504.
The following components are connected to the I/O interface 505: an input portion 506 including a keyboard, a mouse, and the like; an output portion 507 including a display such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, and a speaker; a storage portion 508 including a hard disk and the like; and a communication section 509 including a network interface card such as a LAN card, a modem, or the like. The communication section 509 performs communication processing via a network such as the internet. The driver 510 is also connected to the I/O interface 505 as necessary. A removable medium 511 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 510 as necessary, so that a computer program read out therefrom is mounted into the storage section 508 as necessary.
In particular, according to an embodiment of the present invention, the processes described above with reference to the flowcharts may be implemented as computer software programs. For example, embodiments of the invention include a computer program product comprising a computer program embodied on a computer-readable medium, the computer program comprising program code for performing the method illustrated in the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network through the communication section 509, and/or installed from the removable medium 511. The computer program performs the above-described functions defined in the method of the present invention when executed by a Central Processing Unit (CPU) 501. Note that the computer-readable medium of the present invention can be a computer-readable signal medium or a computer-readable storage medium or any combination of the two. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present invention, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In the present invention, however, a computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wire, fiber optic cable, RF, etc., or any suitable combination of the foregoing.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The units described in the embodiments of the present invention may be implemented by software or hardware.
It should be noted that the barcode dynamic decryption apparatus provided in the embodiment of the present invention may also have a structure as shown in fig. 5. The functions and functions of the components are similar to those of the bar code dynamic encryption device given above, and are not described in detail here.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the present invention in any way, and it will be apparent to those skilled in the art that the above description of the present invention can be applied to various modifications, equivalent variations or modifications without departing from the spirit and scope of the present invention.

Claims (8)

1. A dynamic bar code encryption method is characterized by comprising the following steps:
acquiring digital information to be encrypted;
acquiring a key required by encryption dynamically generated by an encryption and decryption dictionary, and dynamically generating an encryption algorithm generator required by the encryption; and
encrypting the digital information by using the encryption algorithm generator to obtain a ciphertext corresponding to the digital information;
wherein, the cipher text is added with the current encryption and decryption rule number;
after acquiring the digital information needing to be encrypted, before acquiring the key required by encryption generated by the encryption and decryption dictionary, the method further comprises the following steps:
determining a type of an encryption algorithm, wherein the type of the encryption algorithm comprises: a symmetric encryption algorithm and an asymmetric encryption algorithm;
if the type of the encryption algorithm is an asymmetric encryption algorithm, acquiring a key required by encryption generated by an encryption and decryption dictionary and generating an encryption algorithm generator required by the encryption, wherein the encryption algorithm generator comprises:
acquiring a private key and a public key generated by the encryption and decryption dictionary, and generating an encryption algorithm generator required to be used for encryption according to the type and the public key of the asymmetric encryption algorithm;
if the type of the encryption algorithm is a symmetric encryption algorithm, acquiring a key required by encryption generated by an encryption and decryption dictionary and generating an encryption algorithm generator required by the encryption, wherein the encryption algorithm generator comprises:
acquiring a symmetric key generated by the encryption and decryption dictionary, and generating an encryption algorithm generator required to be used for encryption according to the type of the symmetric encryption algorithm and the symmetric key;
if the type of encryption algorithm is an asymmetric encryption algorithm, encrypting the message digest with the key to obtain a digital signature, and appending the digital signature to the digital message, including:
encrypting the information digest by using the public key to obtain a digital signature, and attaching the digital signature to the digital information;
if the type of encryption algorithm is a symmetric encryption algorithm, encrypting the message digest with the key to obtain a digital signature, and attaching the digital signature to the digital message, comprising:
the message digest is encrypted using a symmetric key to obtain a digital signature, and the digital signature is appended to the digital message.
2. The dynamic barcode encryption method of claim 1, wherein unique algorithm serial numbers are assigned to encryption and decryption processes of different algorithms and a corresponding relationship is established to form the encryption and decryption dictionary, the encryption and decryption dictionary comprises encryption and decryption rules, and the encryption and decryption dictionary is invoked in three ways, namely, a dedicated network sharing mode, an off-line copying non-network mode and a common server mode.
3. The dynamic barcode encryption method of claim 1, wherein after dynamically generating an encryption algorithm generator to be used for encryption, the method further comprises, before encrypting the digital information by using the encryption algorithm generator to obtain a ciphertext corresponding to the digital information:
carrying out Hash operation on the digital information to obtain an information abstract; and
encrypting the message digest using the key to obtain a digital signature, and appending the digital signature to the digital message.
4. A dynamic bar code decryption method is characterized by comprising the following steps:
obtaining a ciphertext to be decrypted;
acquiring a key which is generated by an encryption and decryption dictionary and is needed for decrypting the ciphertext;
accessing an encryption and decryption dictionary, determining a decryption algorithm and a key required for decryption according to an encryption and decryption rule number attached to encrypted data, generating a decryption algorithm generator according to the decryption algorithm and the key, and decrypting the ciphertext through the decryption algorithm generator;
after the ciphertext to be decrypted is obtained, before the key generated by the encryption and decryption dictionary and needed for decrypting the ciphertext is obtained, the method further includes:
judging the type of a decryption algorithm, wherein the decryption algorithm comprises the following steps: a symmetric decryption algorithm and an asymmetric decryption algorithm;
if the decryption algorithm is an asymmetric decryption algorithm, acquiring a key which is generated by the encryption and decryption dictionary and is needed for decrypting the ciphertext, wherein the key comprises the following steps:
acquiring a private key which is generated by the encryption and decryption dictionary and is needed for decrypting the ciphertext;
if the decryption algorithm is a symmetric decryption algorithm, acquiring a key which is generated by the encryption and decryption dictionary and is needed for decrypting the ciphertext, wherein the key comprises the following steps:
acquiring a symmetric key which is generated by the encryption and decryption dictionary and is needed for decrypting the ciphertext;
if the decryption algorithm is an asymmetric decryption algorithm, a decryption algorithm generator which is needed to be used for decryption is obtained according to the secret key, and the ciphertext is decrypted through the decryption algorithm generator to obtain the digital information with the digital signature, wherein the decryption algorithm generator comprises the following steps:
acquiring a decryption algorithm generator required to be used for decryption according to the private key, and decrypting the ciphertext through the decryption algorithm generator to obtain digital information with a digital signature;
if the decryption algorithm is a symmetric decryption algorithm, a decryption algorithm generator which is needed to be used for decryption is obtained according to the secret key, and the ciphertext is decrypted through the decryption algorithm generator to obtain digital information with an attached digital signature, wherein the decryption algorithm generator comprises the following steps:
and acquiring a decryption algorithm generator required to be used for decryption according to the symmetric key, and decrypting the ciphertext through the decryption algorithm generator to obtain the digital information attached with the digital signature.
5. The dynamic barcode decryption method of claim 4, wherein unique algorithm serial numbers are assigned to encryption and decryption processes of different algorithms and a corresponding relationship is established to form the encryption and decryption dictionary, the encryption and decryption dictionary comprises encryption and decryption rules, and the encryption and decryption dictionary is invoked in three ways, namely, a dedicated network sharing mode, an off-line copying non-network mode and a common server mode.
6. The barcode dynamic decryption method of claim 4, wherein after the decryption algorithm generator required to be used for decryption is obtained according to the secret key and the ciphertext is decrypted by the decryption algorithm generator, the method further comprises:
decrypting the digital signature to obtain an information abstract;
carrying out Hash operation on the digital information to obtain a reference information abstract; and
and comparing the information abstract with the reference information abstract to judge whether the ciphertext is tampered.
7. A dynamic bar code encryption device is characterized by comprising:
one or more processors;
a storage device for storing one or more programs,
the one or more programs, when executed by the one or more processors, cause the one or more processors to implement the dynamic encryption method for barcodes of any of claims 1 to 3.
8. A dynamic bar code decryption device is characterized by comprising:
one or more processors;
a storage device for storing one or more programs,
when executed by the one or more processors, cause the one or more processors to implement the method of dynamic barcode decryption of any of claims 4 to 6.
CN201910067682.0A 2019-01-24 2019-01-24 Dynamic bar code encryption method and device and dynamic bar code decryption method and device Active CN109800588B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910067682.0A CN109800588B (en) 2019-01-24 2019-01-24 Dynamic bar code encryption method and device and dynamic bar code decryption method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910067682.0A CN109800588B (en) 2019-01-24 2019-01-24 Dynamic bar code encryption method and device and dynamic bar code decryption method and device

Publications (2)

Publication Number Publication Date
CN109800588A CN109800588A (en) 2019-05-24
CN109800588B true CN109800588B (en) 2021-07-16

Family

ID=66560280

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910067682.0A Active CN109800588B (en) 2019-01-24 2019-01-24 Dynamic bar code encryption method and device and dynamic bar code decryption method and device

Country Status (1)

Country Link
CN (1) CN109800588B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110176986A (en) * 2019-05-30 2019-08-27 杭州奇治信息技术股份有限公司 A kind of data ciphering method of multi-enciphering, device and mobile terminal
CN110740128B (en) * 2019-09-27 2022-08-23 武汉虹识技术有限公司 Offline data encryption method and device
CN112769764A (en) * 2020-12-23 2021-05-07 南方电网电力科技股份有限公司 Metering data transmission key storage method of instrument and transmission method and device thereof

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103036853B (en) * 2011-09-30 2016-01-27 中国移动通信集团公司 Business datum sending method and device, method for processing business and device
CN105447407A (en) * 2015-11-11 2016-03-30 中国建设银行股份有限公司 Off-line data encryption method and decryption method and corresponding apparatus and system
CN105554031B (en) * 2016-01-29 2019-01-15 宇龙计算机通信科技(深圳)有限公司 encryption method, encryption device, decryption method, decryption device and terminal
CN105760765B (en) * 2016-02-04 2019-03-26 北京致远互联软件股份有限公司 Data ciphering method, device and data decryption method, device
CN106850220B (en) * 2017-02-22 2021-01-01 腾讯科技(深圳)有限公司 Data encryption method, data decryption method and device
CN107104969B (en) * 2017-04-27 2020-12-25 山西大学 Method for protecting personal privacy information in express by applying dynamic encryption mechanism
US10171435B1 (en) * 2017-06-12 2019-01-01 Ironclad Encryption Corporation Devices that utilize random tokens which direct dynamic random access

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
《Round-Efficient and Sender-Unrestricted Dynamic Group Key Agreement Protocol for Secure Group Communications》;Lei Zhang等;《IEEE Transactions on Information Forensics and Security》;20150619;第157-166页 *
《基于动态密钥分发机制的xml电子病历共享方案研究与设计》;吴玥等;《中国数字医学》;20171031;第30-32页 *

Also Published As

Publication number Publication date
CN109800588A (en) 2019-05-24

Similar Documents

Publication Publication Date Title
EP3642997B1 (en) Secure communications providing forward secrecy
CN107483212B (en) Method for generating digital signature by cooperation of two parties
US8660266B2 (en) Method of delivering direct proof private keys to devices using an on-line service
CN109800588B (en) Dynamic bar code encryption method and device and dynamic bar code decryption method and device
CN108566381A (en) A kind of security upgrading method, device, server, equipment and medium
JP2019533384A (en) Data transmission method, apparatus and system
US7120797B2 (en) Methods for authenticating potential members invited to join a group
CN109274503A (en) Distributed collaboration endorsement method and distributed collaboration signature apparatus, soft shield system
US20220038263A1 (en) Method, User Device, Management Device, Storage Medium and Computer Program Product For Key Management
CN107317677B (en) Secret key storage and equipment identity authentication method and device
CN108964922A (en) mobile terminal token activation method, terminal device and server
CN108199847B (en) Digital security processing method, computer device, and storage medium
CN106789963B (en) Asymmetric white-box password encryption method, device and equipment
JP2020532177A (en) Computer-implemented systems and methods for advanced data security, high-speed encryption, and transmission
CN109005184A (en) File encrypting method and device, storage medium, terminal
CN111914291A (en) Message processing method, device, equipment and storage medium
CN111130777B (en) Issuing management method and system for short-lived certificate
CN108809633B (en) Identity authentication method, device and system
CN111953479B (en) Data processing method and device
JP2022521525A (en) Cryptographic method for validating data
CN111901335B (en) Block chain data transmission management method and system based on middle station
CN113067823B (en) Mail user identity authentication and key distribution method, system, device and medium
NL1043779B1 (en) Method for electronic signing and authenticaton strongly linked to the authenticator factors possession and knowledge
CN114244502A (en) Signature key generation method and device based on SM9 algorithm and computer equipment
CN113806772A (en) Information encryption transmission method and device based on block chain

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant