CN110149311B - Data processing method, device, server and readable storage medium - Google Patents
Data processing method, device, server and readable storage medium Download PDFInfo
- Publication number
- CN110149311B CN110149311B CN201910281419.1A CN201910281419A CN110149311B CN 110149311 B CN110149311 B CN 110149311B CN 201910281419 A CN201910281419 A CN 201910281419A CN 110149311 B CN110149311 B CN 110149311B
- Authority
- CN
- China
- Prior art keywords
- client
- data
- preset
- algorithm
- white
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/062—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/16—Obfuscation or hiding, e.g. involving white box
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/34—Encoding or coding, e.g. Huffman coding or error correction
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer And Data Communications (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a data processing method, a data processing device, a server and a readable storage medium, wherein the method comprises the following steps: generating a first client white-box algorithm, and storing a target random number corresponding to a target data table, wherein the first client white-box algorithm comprises a preset code and at least two data tables subjected to internal confusion, and the target data table is a data table which is arranged adjacent to the preset code in the at least two data tables; receiving a data request, wherein the data request comprises client ID information; generating an external confusion code according to the ID information of the client, the target data table and the target random number; replacing a preset code in the first client white-box algorithm with an external confusion code to generate a second client white-box algorithm confused with client ID information; and sending a second client white-box algorithm in response to the data request. The invention saves the time for generating the white-box algorithm of the client and reduces the response time and signaling overhead of the server to the data request.
Description
Technical Field
The present invention relates to the field of internet technologies, and in particular, to a data processing method, an apparatus, a server, and a readable storage medium.
Background
At present, in order to ensure the safe use of data, data needs to be encrypted and decrypted.
The server may distribute the device key to the terminal so that the terminal can perform an encryption or decryption operation on data using the device key. Due to the particularity of the terminal use scene and the open source operating system, the secret key stored in the terminal side in a plaintext form generally has potential safety hazards, so that a scheme of distributing the secret key and an encryption or decryption algorithm in a white box form is provided in the related art, and the safety problem caused by the clear storage of the secret key at the terminal side is avoided.
In the related art, when the server distributes the white boxes to the terminals, the white boxes need to be bound with the terminals in order to ensure the safe use of the white boxes, that is, each terminal can only use the white boxes bound with the white boxes to perform data encryption or decryption operations. Specifically, when a terminal requests a server for a white box, it is necessary to transmit identification information of the terminal to the server, and the server generates the white box in real time using the identification information and distributes the white box to the requesting terminal. However, a white box may include many look-up tables, for example, look-up tables with a size of at least 700K, so that if each terminal requests the white box, the server generates the white box in real time, which may cause the overhead of the server to be too large, and the terminal side may have a longer waiting response time when requesting the white box, so that the terminal side may have a lower efficiency in acquiring the white box.
Disclosure of Invention
The invention provides a data processing method, a data processing device, a server and a readable storage medium, which are used for solving the problems of overlarge server overhead and overlong terminal waiting response time when the server distributes a white box bound with a terminal to a terminal side in the related art.
In order to solve the above problem, according to a first aspect of the present invention, the present invention discloses a data processing method applied to a server, the method comprising:
generating a first client white-box algorithm, and storing a target random number corresponding to a target data table, wherein the first client white-box algorithm comprises a preset code and at least two data tables subjected to internal confusion, and the target data table is a data table which is arranged adjacent to the preset code in the at least two data tables;
the method further comprises the following steps:
receiving a data request, wherein the data request comprises client ID information;
generating an external confusion code according to the client ID information, the target data table and the target random number;
replacing the preset code in the first client white-box algorithm with the external obfuscation code to generate a second client white-box algorithm obfuscated with the client ID information;
sending the second client white-box algorithm in response to the data request.
According to a second aspect of the present invention, the present invention discloses a data processing apparatus applied to a server, the apparatus comprising:
the system comprises a first generation module, a second generation module and a third generation module, wherein the first generation module is used for generating a first client white-box algorithm and storing a target random number corresponding to a target data table, the first client white-box algorithm comprises a preset code and at least two data tables subjected to internal confusion, and the target data table is a data table which is arranged adjacent to the preset code in the at least two data tables;
a receiving module, configured to receive a data request, where the data request includes client ID information;
a second generating module, configured to generate an external obfuscated code according to the client ID information, the target data table, and the target random number;
a replacement module, configured to replace the preset code in the first client white-box algorithm with the external obfuscated code, so as to generate a second client white-box algorithm obfuscated with the client ID information;
a response module for sending the second client white-box algorithm in response to the data request.
According to a third aspect of the invention, there is disclosed a server comprising: memory, a processor and a data processing program stored on the memory and executable on the processor, the data processing program, when executed by the processor, implementing the steps of the data processing method as applied to a server as described above.
According to a fourth aspect of the present invention, there is disclosed a computer-readable storage medium having stored thereon a data processing program which, when executed by a processor, implements the steps of the data processing method as described above as applied to a server.
Compared with the prior art, the invention has the following advantages:
by means of the technical solution of the above embodiment of the present invention, the embodiment of the present invention generates a first client white-box algorithm including a preset code and at least two internally obfuscated data tables before receiving a data request of a client for requesting a white-box algorithm, and stores a target random number corresponding to a target data table, wherein the target data table is a data table of the at least two data tables that is disposed adjacent to the preset code, generates an external obfuscating code by using client ID information, the target data table of the first client white-box algorithm, and the target random number corresponding to the target data table after receiving the data request of the client, and finally replaces the preset code of the first client white-box algorithm with the external obfuscating code, so that a portion of the white-box algorithm that does not need external obfuscation can be completed before receiving the client ID information, the time for generating the second client white-box algorithm is saved, the binding of the client ID and the second client white-box algorithm is realized, the signaling overhead of the server side in responding to the data request is greatly reduced, and the response time of the client side to the data request is further reduced.
Drawings
FIG. 1 is a flow chart of the steps of one data processing method embodiment of the present invention;
FIG. 2 is a flow chart of steps in another data processing method embodiment of the present invention;
FIG. 3 is a schematic diagram of a client white-box algorithm according to an embodiment of the present invention;
FIG. 4 is a schematic diagram of another client white-box algorithm of an embodiment of the present invention;
FIG. 5 is a flow chart of the steps of yet another data processing method embodiment of the present invention;
FIG. 6 is a block diagram of an embodiment of a data processing apparatus according to the present invention;
FIG. 7 is a block diagram of another data processing apparatus embodiment of the present invention.
Detailed Description
In order to make the aforementioned objects, features and advantages of the present invention comprehensible, embodiments accompanied with figures are described in further detail below.
In order to save the time for the server to generate the white box bound with the client, the invention provides a data processing method, which aims to divide the steps of generating the white box into two steps, wherein the first step is to generate a part of the white box which is not bound with the client in advance, and the second step is to generate another part of the white box which is bound with the client in real time. Therefore, the generation of the partial white box can be completed before responding to the white box generation request of the client, after the white box generation request is received, another partial white box bound with the client is generated in real time, and the another partial white box is combined with the pre-generated partial white box to obtain the white box algorithm bound with the client. The data processing method according to the embodiment of the present invention will be described in detail below with reference to the accompanying drawings.
Referring to fig. 1, a flowchart illustrating steps of an embodiment of a data processing method according to the present invention is shown, and the method is applied to a server, and specifically may include the following steps:
the first client-side white-box algorithm comprises a preset code and at least two data tables subjected to internal confusion, wherein the target data table is a data table which is arranged adjacent to the preset code in the at least two data tables;
in the embodiment of the present invention, the server first executes step 100 to generate a portion of white-boxes that are not bound to the client (i.e., here, the first client white-box algorithm) before receiving a data request from the client.
the server may receive a data request of the client, where the data request may be a white-box request.
The client can request the server for the encryption or decryption key of the data so as to encrypt or decrypt the data, and in order to avoid the data security problem caused by the clear storage of the key at the client side, the server distributes the key and the encryption or decryption algorithm in a white box manner when distributing the key, so that the complete key and algorithm do not appear in a clear text manner, but are confused in a plurality of tables, and the client can perform the encryption or decryption operation of the data in a table look-up manner. Whereas, to ensure binding of the white-box to the client, i.e., that only the client having the client ID can use the white-box, the data request sent by the client to the server may include client ID information.
Alternatively, when the step of generating the first client white-box algorithm in step 100 is executed, referring to fig. 2, the method according to the embodiment of the present invention may be implemented by steps 201 to 203, and when the step of saving the target random number corresponding to the target data table in step 100 is executed, the method may be implemented by steps 204 to 205:
specifically, since generating the white box requires using a random number to obfuscate the key and the algorithm, the random number may be generated and used to generate a random matrix; and generating an internally obfuscated white-box table (the white-box table comprises at least two data tables) according to the preset secret key, the preset processing algorithm and the random matrix, wherein the white-box table is obfuscated by a random number without any rule, and the secret key is prevented from being cracked. Any data table in the white box table is subjected to internal confusion during generation, and therefore each data table in the white box table corresponds to one group of random numbers.
The preset processing algorithm may be any symmetric algorithm, such as AES (Advanced Encryption Standard), DES (Data Encryption Standard), and the like.
Additionally, when the data request is a request to encrypt a white-box, an encryption algorithm is used to generate an internally obfuscated white-box table; when the data request is a request to decrypt a white-box, an internally obfuscated white-box table is generated using a decryption algorithm.
In one example, fig. 3 illustrates a table structure of a first client white-box algorithm generated by an embodiment of the present invention. As shown in fig. 3, the first client white-box algorithm includes a preset code (table a and table B) and a plurality of data tables (including tables 1 to 8 shown in the figure and each data table not listed in the figure) distributed between table a and table B and subjected to internal obfuscation.
wherein, in order to generate the second client white-box algorithm with external confusion using the received client ID information based on the first client white-box algorithm, the preset code may be further generated according to the identity matrix when generating the first client white-box algorithm. In other words, one or two data tables, which correspond to table a and table B, respectively, in fig. 3, may be generated using the identity matrix. The purpose of generating tables a and B is to reserve a position for another partial white box generated in real time among the partial white boxes generated in advance as shown in fig. 3. The positions of the tables a and B are reserved positions of the other part of the white boxes, that is, positions of the other part of the white boxes generated in real time (that is, external obfuscation codes described later) in the second client white box algorithm.
The principle of the method for generating the data table by using the identity matrix is similar to that of the method for generating the data table without external confusion by using the random matrix in the conventional white-box encryption and decryption technology, and is not repeated here. Further, the order of the unit matrix used for generating the preset code is the same as the order of the random matrix used for generating the external confusion code.
It should be noted that, in the present embodiment, the generation manner of the preset code is described by taking an identity matrix as an example, but in other embodiments, the type of the matrix for generating the preset code in the present invention is not limited to the identity matrix, and may be any random matrix generated by using a random number. Since the purpose of generating the preset code is to reserve a position for another partial white box (i.e. the outer confusion code) generated in real time in the pre-generated partial white box shown in fig. 3, no matter what kind of matrix the generated preset code is replaced by the outer confusion code, the present invention is not limited to the type of matrix for generating the preset code. The advantage of using the identity matrix to generate the preset code is that no random matrix needs to be generated, the operation steps are reduced, and the response speed of the server is improved.
The execution sequence of step 201 and step 202 is not limited in the present invention.
as shown in fig. 3, table a and table B may be respectively disposed at two sides of the internally obfuscated white-box table, such that table a is disposed adjacent to tables 1 to 4, and table B is disposed adjacent to tables 5 to 8, wherein the table shown in fig. 3, i.e., the first client white-box algorithm, constitutes a complete lookup table. In this example, as shown in fig. 3, table a is disposed adjacent to the side of the white box table for input data, and table B is disposed adjacent to the side of the white box table for output data.
as shown in fig. 3, target data tables (including table 1, table 2, table 3, and table 4) adjacent to table a, and target data tables (including table 5, table 6, table 7, and table 8) adjacent to table B may be identified.
The target random numbers (i.e., 8 sets of random numbers) used in generating tables 1 to 8 may be recorded in the database, and the 8 sets of random numbers may correspond to the 8 target data tables, respectively.
Furthermore, since the second client white-box algorithm may include one outer obfuscated portion or two outer obfuscated portions, in the example shown in fig. 3, tables a and B are shown for forming the next two outer obfuscated portions; when only one external obfuscated portion is generated by using the client ID information, the pre-generated first client white-box algorithm may include table a or table B, but not both, and the principle of specifically generating the second client white-box algorithm is similar, and the two external obfuscated portions are illustrated herein, but those skilled in the art should understand that the execution principle of one external obfuscated portion is similar to that of the two external obfuscated portions, and therefore, the detailed description thereof is omitted here.
Thus, before receiving a data request of a client, the server of the embodiment of the present invention generates an internally obfuscated white-box table (including at least two data tables) in advance, and sets a preset code generated by using an identity matrix on at least one of two sides of the white-box table to generate a first client white-box algorithm that is not obfuscated externally but is only obfuscated internally; target random numbers used when a target data table adjacent to a preset code is generated are stored in advance; after receiving the data request of the client, the external confusion code confused with the client ID can be generated in real time only by using the client ID, the target data table and the target random number, so that the preset code is replaced by the external confusion code to generate a second client white box algorithm, the binding of the client white box and the client ID is realized, a large amount of time for generating the white box is saved, the response to the client can be quickly carried out, the second client white box algorithm is returned to the client, and the overhead of the server in the process of responding the data request of the client is reduced.
Optionally, before step 101 and step 201, the method according to the embodiment of the present invention may further include: firstly, acquiring a data ID of data stored in the server; and then, acquiring a preset secret key and a preset processing algorithm matched with the data ID according to the preset corresponding relation between the data ID and the secret key and the processing algorithm.
Specifically, the method of the embodiment of the present invention may configure a key and a processing algorithm (including an encryption or decryption algorithm) for each data stored on the server side, respectively.
The present invention does not limit the type of data stored on the server side, such as video data, audio data, document data, and the like. The data is data that the server can distribute to the client, and the client side can encrypt or decrypt the data received from the server. In most scenarios, the data sent by the server to the client is a data ciphertext, and the client side needs to use the second client white-box algorithm sent by the server in the method of the embodiment of the present invention to decrypt the data ciphertext.
Taking video data as an example, the server side may assign a fixed key and a processing algorithm to each video, so that a certain video may only be encrypted or decrypted by using the key corresponding to the video and a white-box algorithm generated by the algorithm.
After the video data storage at the server side is completed, the method of the embodiment of the invention can set a key and a processing algorithm corresponding to each video ID, so as to generate a preset corresponding relationship between the video ID and the key and the processing algorithm. For example, video 1 corresponds to key 1 and the AES encryption algorithm; video 2 corresponds to key 2 and the DES decryption algorithm.
Then, when the first client white-box algorithm is generated in advance, the method of the embodiment of the present invention may obtain the key and the processing algorithm corresponding to each video ID according to the correspondence.
Then in executing step 201, at least two data tables corresponding to the data ID may be generated by internal obfuscation according to a random number, a preset key matching the data ID, and a preset processing algorithm.
Here, in generating the at least two data tables subjected to the internal obfuscation for the video 1, the at least two data tables subjected to the internal obfuscation are generated using the random number generated at random, and the key 1 corresponding to the video 1 and the AES encryption algorithm. When at least two data tables subjected to internal obfuscation are generated for the video 2, the at least two data tables subjected to internal obfuscation are generated using a randomly generated random number, and the key 1 and the DES decryption algorithm corresponding to the video 2.
Based on different algorithms used when generating the white box table, the purpose of the finally generated second client white box algorithm is different, for example, the second client white box algorithm 2 generated corresponding to the video 1 is specially provided for the client with the client ID to encrypt the video data with the video ID of the video 1; for another example, the second client white-box algorithm 2 generated corresponding to the video 2 is specially provided for the client with the client ID to perform decryption processing on the video data with the video ID of the video 2.
Further, after step 203, the method according to an embodiment of the present invention may further include: generating a correspondence between the data ID and the first client white-box algorithm.
Since each video stored on the server side corresponds to a respective key and algorithm, the pre-generated first client white-box algorithm also needs to be bound with the ID of the corresponding video. For example, video 1 corresponds to a first client white-box algorithm 1, and video 2 corresponds to a first client white-box algorithm 2.
In this way, in the embodiment of the present invention, the correspondence between the data ID of the data stored in the server and the key and the processing algorithm is preset, and the key and the processing algorithm corresponding to each video ID are obtained by using the correspondence, so that the first client white-box algorithm generated based on the key and the processing algorithm can establish an association relationship with the video ID, and thus the first client white-box algorithm bound to each data can be generated in advance on the server side for each stored data. And the white-box algorithm corresponding to each stored data is convenient to classify and store. And independent encryption and decryption of different data are realized. And the finally generated second client white-box algorithm can be bound with the client ID and the video ID, so that when the client encrypts or decrypts the data from the server side, the client can only use the second client white-box algorithm bound with the client ID and the data to encrypt or decrypt, and the data security is improved.
102, generating an external confusion code according to the client ID information, the target data table and the target random number;
the first client white-box algorithm generated before the data request is received is only subjected to internal obfuscation and is not bound with the client ID, so that the step can generate the external obfuscated code by using the client ID information, the target data table in the first client white-box algorithm and the target random number corresponding to the target data table.
Wherein the number of the outer obfuscated codes is the same as the number of the preset codes in step 202.
That is, in the first client white-box algorithm, if table a as shown in fig. 3 is set, table a' needs to be generated here; if table B is set as shown in FIG. 3, table B' needs to be generated here. Wherein, the table a 'and the table B' are respectively located before and after a preset processing algorithm (encryption algorithm or decryption algorithm) in the second client white-box algorithm.
For the use of the second client white-box algorithm, a brief description is made here:
if the second client white-box algorithm shown in fig. 4 is subject to external obfuscation, including table a ' and table B ', the data to be decrypted is 7, the client may change 7 to 6 by the inverse of table a ', and then the client inputs 6 to the second client white-box algorithm. The second client side white-box algorithm firstly utilizes the table A 'to counteract the inverse confusion operation of the table A', namely 6 is reduced to 7, and then utilizes the white-box table in the second client side white-box algorithm to decrypt 7 to generate 12; then obfuscate 12 into 15 outputs using table B'; finally, the client then uses the inverse of table B 'to cancel the obfuscation operation of table B', that is, 15 is reduced to 12, so that the finally generated decrypted data 12 is the result of the decryption operation performed only using the predetermined key and the predetermined decryption algorithm.
Alternatively, the first client white-box algorithm may be the first client white-box algorithm generated in the embodiment shown in fig. 2, that is, the first client white-box algorithm includes at least two data tables subjected to internal obfuscation and the preset encoding disposed adjacent to the at least two data tables.
Optionally, when step 102 is executed, a confusion algorithm may be generated by using a preset confusion policy according to the client ID information; then, an outer obfuscated code is generated according to the obfuscation algorithm, the target data table, and the target random number.
Wherein, the structure of the obfuscation algorithm may be a matrix queue.
The preset obfuscation policy may be to obtain a hash value, and when the server generates an obfuscation algorithm by using the preset obfuscation policy according to the client ID, the server may perform a hash operation on the client ID to obtain a hash value of the client ID, and then use the hash value of the client ID as the obfuscation algorithm (e.g., obfuscation matrix C1);
alternatively, the preset obfuscation policy may be to generate a random number using a seed of a random function, and when the server generates an obfuscation algorithm using the preset obfuscation policy according to the client ID, the server may generate a random number a using the seed as the seed of the random function for the client ID, and then use the generated random number a as the obfuscation algorithm (e.g., obfuscation matrix C2).
When generating the outer obfuscated code, the obfuscating matrix, and tables 1-4 adjacent to table a in fig. 3, may be used to generate an outer obfuscated code 1, i.e., table a'; and generating an outer obfuscated code 2, i.e., table B', using the matrix queue and tables 5-8 of fig. 3 adjacent to table B.
In this way, when generating the external confusion code in the second client white-box algorithm, the embodiment of the present invention generates the confusion algorithm (i.e. the matrix queue) by using the client ID information and the preset confusion policy, so that the matrix queue covers the client ID information; and then, generating an external confusion code by utilizing the target data table adjacent to the preset code in the matrix queue and the first client white-box algorithm and a target random number corresponding to the target data table, so that the generated external confusion code is bound with the client ID, and a finally generated second client white-box algorithm is also bound with the client ID, so that only a client with the client ID can use the second client white-box algorithm to encrypt or decrypt data, and the safety of the data is ensured.
Optionally, when the step of generating an external obfuscated code according to the obfuscation algorithm, the target data table and the target random number is executed, a matrix multiplication operation may be performed on the obfuscation algorithm and the target data table first; finally, the result generated by the matrix multiplication operation and the target random number are subjected to exclusive-or operation to generate an external confusion code.
Referring to fig. 3 and 4, for example, table 1 corresponds to random number 1, table 2 corresponds to random number 2, table 3 corresponds to random number 3, and table 4 corresponds to random number 4, where the confusion matrix C and table 1 may be subjected to matrix multiplication, and the result of the matrix multiplication and random number 1 may be subjected to exclusive or operation to generate table 1'; performing matrix multiplication on the confusion matrix C and the table 2, and performing exclusive-or operation on the result of the matrix multiplication and the random number 2 to generate a table 2'; performing matrix multiplication on the confusion matrix C and the table 3, and performing exclusive-or operation on the result of the matrix multiplication and the random number 3 to generate a table 3'; performing matrix multiplication on the confusion matrix C and the table 4, and performing exclusive-or operation on the result of the matrix multiplication and the random number 4 to generate a table 4'; finally, table 1 ', table 2 ', table 3 ' and table 4 ' are arranged in the order of table 1, table 2, table 3 and table 4 to generate the outer obfuscated code, table a ', as shown in fig. 4. The general table B 'of fig. 4 is generated in a manner similar to that of table a', except that tables 1 to 4 are used, and tables 5 to 8 are replaced.
Then, in the embodiment of the present invention, referring to the first client white-box algorithm shown in fig. 3, the preset codes (table a and table B) and the multiple data tables located between table a and table B are all generated in advance; after receiving the data request of the client, the server generates a table a 'and a table B' shown in fig. 4 by combining the client ID, replaces the table a in the first client white-box algorithm with the table a 'generated in real time, replaces the table B with the table B' generated in real time, thereby generating a second client white-box algorithm shown in fig. 4, compared with the technical scheme that in the related art, no white-box pre-generation step is performed before the data request is received, and the client ID, the key and the processing algorithm are used to directly generate the second client white-box algorithm after the data request of the client is received, the technical scheme of the embodiment of the invention can generate at least two data tables without external confusion in advance, and after the data request of the client is received, the partial tables subjected to external confusion are regenerated, thereby greatly reducing the generation time of the client white-box, the overhead of the server in responding to the data request of the client is reduced, and the response time of the server to the client is reduced.
Thus, in the embodiment of the present invention, when generating the external obfuscation code, the obfuscation algorithm obfuscated with the client ID information, the data of each target white box table adjacent to the position of the preset code in the first client white box algorithm, and the random number corresponding to each target white box table are used, and because the external obfuscation code is generated by using the boundary table (i.e., the target white box table) adjacent to the preset code in the first client white box algorithm and subjected to internal obfuscation, the external obfuscation code generated in this way can be combined with the first client white box algorithm generated in advance to obtain the second client white box algorithm obfuscated with the client ID information.
103, replacing the preset code in the first client white-box algorithm with the external confusion code to generate a second client white-box algorithm confused with the client ID information;
as shown in fig. 3 and 4, table a in the first client white-box algorithm shown in fig. 3 may be replaced with table a 'and table B shown in fig. 3 may be replaced with table B', via step 103, to generate the second client white-box algorithm shown in fig. 4 obfuscated with client ID information.
In this way, the embodiment of the present invention generates the external obfuscating code by using the client ID information and the target data tables on both sides of the data input position and the data output position in the white box table in the first client white box algorithm, so that the generated external obfuscating code and the data of the target data table adjacent to the generated external obfuscating code can be fused with each other.
And 104, responding to the data request, and sending the second client white-box algorithm.
After generating the second client white-box algorithm, the server side may send the second client white-box algorithm, for example, as shown in fig. 4, to the client in response to a data request of the client. So that the client can perform operations such as signing, encrypting or decrypting on the data downloaded from the server.
By means of the technical solution of the above embodiment of the present invention, the embodiment of the present invention generates a first client white-box algorithm including a preset code and at least two internally obfuscated data tables before receiving a data request of a client for requesting a white-box algorithm, and stores a target random number corresponding to a target data table, wherein the target data table is a data table of the at least two data tables that is disposed adjacent to the preset code, generates an external obfuscating code by using client ID information, the target data table of the first client white-box algorithm, and the target random number corresponding to the target data table after receiving the data request of the client, and finally replaces the preset code of the first client white-box algorithm with the external obfuscating code, so that a portion of the white-box algorithm that does not need external obfuscation can be completed before receiving the client ID information, the time for generating the second client white-box algorithm is saved, the binding of the client ID and the second client white-box algorithm is realized, the signaling overhead of the server side in responding to the data request is greatly reduced, and the response time of the client side to the data request is further reduced.
Optionally, the data request further includes a data ID, and then in step 103, a target first client white-box algorithm corresponding to the data ID in the data request may be first obtained according to a preset correspondence between the data ID and the first client white-box algorithm; then, the preset code in the target first client white-box algorithm is replaced by the external obfuscated code to generate a second client white-box algorithm corresponding to the data ID in the data processing request.
When the data request includes a data ID of data to be encrypted/decrypted/signed, the server side may obtain, in a targeted manner, only a target first client white-box algorithm corresponding to the data ID in the data request according to a preset correspondence between the data ID and the first client white-box algorithm, and replace the preset code in the target first client white-box algorithm with the external obfuscation code, so as to generate a second client white-box algorithm corresponding to the data ID in the data processing request.
In this way, the server according to the embodiment of the present invention may generate the corresponding first client white-box algorithms that are not subjected to external obfuscation respectively for different data, and when the client requests a client white-box algorithm used for encrypting or decrypting a certain target data, the server further uses the client ID of the client and the target first client white-box algorithm corresponding to the target data to perform external obfuscation on the target first client white-box algorithm, so that the client ID information is obfuscated. Only the client with the client ID can use the second client white-box algorithm to perform encryption/decryption/signature operations on the target data, so that the one-to-one correspondence among the client, the data and the encryption/decryption/signature of the data is ensured, and the data security is improved.
Optionally, the data request further includes an obtaining manner of the client ID information, and before step 102, it may be determined whether the obtaining manner of the client ID information is a preset obtaining manner; if the obtaining mode of the client ID information is a preset obtaining mode, execute step 102.
Before the client sends the data request to the server, the client can identify the obtaining mode of the client ID information, for example, which function the client ID information is transferred from, so that when the data request is sent, the data request can carry not only the client ID information but also the obtaining mode of the client ID information (for example, the function name of the function transferring the client ID information).
Then the server side may set in advance which are legal client ID obtaining manners, for example, the functions 1 and 2 are legal, and other functions are not illegal. After receiving a data request of a client, a server side can analyze the data request to obtain an obtaining mode of client ID information and judge whether the obtaining mode is a preset obtaining mode, wherein the function name is judged whether to be a preset function name, if so, the client is the client with the client ID information, and step 102 is executed to execute the subsequent step of generating a second client white-box algorithm bound to the client; on the contrary, if no, it indicates that the client ID information sent by the client may not be the actual client ID information of the client, and may be the ID information stolen from other authorized clients, then step 102 may not be executed in order to ensure the security of the key, or a false key is used to generate the second client white-box algorithm, so that the client cannot perform accurate operations such as encryption/decryption/signature on data even if receiving the second client white-box algorithm.
Referring to fig. 5, a flowchart illustrating steps of an embodiment of a data processing method according to the present invention is shown, and the method is applied to a client, and specifically may include the following steps:
The client side of the embodiment of the invention can send the data request to the server, and the server can generate the first client side white box algorithm in advance before receiving the data request of the client side for requesting the white box algorithm, so that after the data request of the client side is received, the client side ID information and the first client side white box algorithm are used for generating the second client side white box algorithm mixed with the client side ID information and returning the second client side white box algorithm to the client side. The white-box algorithm part without external confusion can be completed before the client sends the data request carrying the client ID information, so that the time for generating the second client white-box algorithm is saved, the binding of the client ID and the second client white-box algorithm is realized, the signaling overhead of the server side in response to the data request is greatly reduced, and the waiting response time of the client side to the data request is further reduced.
For the generation and processing of the first client white-box algorithm and the second client white-box algorithm, reference may be made to the embodiments in fig. 1 to 4, which are not described in detail here.
It should be noted that, for simplicity of description, the method embodiments are described as a series of acts or combination of acts, but those skilled in the art will recognize that the present invention is not limited by the illustrated order of acts, as some steps may occur in other orders or concurrently in accordance with the embodiments of the present invention. Further, those skilled in the art will appreciate that the embodiments described in the specification are presently preferred and that no particular act is required to implement the invention. The various alternative embodiments described above can be combined arbitrarily to form new embodiments, which are not described here again.
Corresponding to the data processing method applied to the server provided by the embodiment of the present invention, referring to fig. 6, a block diagram of a data processing apparatus embodiment of the present invention is shown, which is applied to the server, and specifically includes the following modules:
a first generating module 601, configured to generate a first client white-box algorithm, and store a target random number corresponding to a target data table, where the first client white-box algorithm includes a preset code and at least two data tables subjected to internal obfuscation, and the target data table is a data table that is set adjacent to the preset code in the at least two data tables;
a receiving module 602, configured to receive a data request, where the data request includes client ID information;
a second generating module 603, configured to generate an external obfuscated code according to the client ID information, the target data table, and the target random number;
a replacing module 604, configured to replace the preset code in the first client white-box algorithm with the external obfuscating code, so as to generate a second client white-box algorithm obfuscated with the client ID information;
a response module 605, configured to send the second client white-box algorithm in response to the data request.
Optionally, as shown in fig. 7, the second generating module 603 includes:
the first generating submodule 631 is configured to generate a confusion algorithm by using a preset confusion strategy according to the client ID information;
a second generating submodule 632 is configured to generate an external obfuscated code according to the obfuscation algorithm, the target data table, and the target random number.
Optionally, as shown in fig. 7, the second generation submodule 632 includes:
a first operation unit 6321, configured to perform a matrix multiplication operation on the obfuscation algorithm and the target data table;
a second operation unit 6322 is configured to perform an exclusive or operation on the result generated by the matrix multiplication operation and the target random number to generate an outer confusion code.
Optionally, as shown in fig. 7, the first generating module 601 includes:
a third generation submodule 611, configured to generate at least two internally obfuscated data tables according to a preset key, a preset processing algorithm, and a random number;
a fourth generating submodule 612, configured to generate a preset code according to the preset matrix;
a fifth generating submodule 613, configured to set the preset code adjacent to the at least two data tables, and generate a first client white-box algorithm;
an identifying submodule 614, configured to identify a target data table, which is adjacent to the preset code, in the at least two data tables;
the saving sub-module 615 is configured to save the target random number used in generating the target data table.
Optionally, as shown in fig. 7, the apparatus further includes:
a first obtaining module 606, configured to obtain a data ID of the data stored in the server;
a second obtaining module 607, configured to obtain a preset key and a preset processing algorithm that are matched with the data ID according to a preset correspondence between the data ID and the key and the processing algorithm;
the third generating sub-module 611 is further configured to generate at least two internally obfuscated data tables corresponding to the data ID according to a random number, a preset key matched with the data ID, and a preset processing algorithm;
a third generating module 608, configured to generate a correspondence between the data ID and the first client white-box algorithm.
Optionally, as shown in fig. 7, the replacing module 604 includes:
the obtaining sub-module 641 is configured to, when the data request further includes a data ID, obtain a target first client white-box algorithm corresponding to the data ID in the data request according to a preset correspondence between the data ID and the first client white-box algorithm;
a replacing submodule 642, configured to replace the preset code in the target first client white-box algorithm with the external obfuscated code, so as to generate a second client white-box algorithm corresponding to the data ID in the data processing request.
Optionally, as shown in fig. 7, the apparatus further includes:
a determining module 609, configured to determine whether the obtaining manner of the client ID information is a preset obtaining manner when the data request further includes the obtaining manner of the client ID information;
the second generating module 603 is further configured to generate an external confusion code according to the client ID information, the target data table, and the target random number if the obtaining manner of the client ID information is a preset obtaining manner.
For the device embodiment, since it is basically similar to the method embodiment, the description is simple, and for the relevant points, refer to the partial description of the method embodiment.
According to still another embodiment of the present invention, there is also provided a server including: a memory, a processor and a data processing program stored on the memory and executable on the processor, the data processing program, when executed by the processor, implementing the steps of the data processing method as described in any of the embodiments as applied to the server.
According to another embodiment of the present invention, the present invention further provides a client, including: a memory, a processor and a data processing program stored on the memory and executable on the processor, the data processing program, when executed by the processor, implementing the steps of the data processing method as described in any of the above embodiments applied to a client.
According to still another embodiment of the present invention, there is also provided a computer-readable storage medium having stored thereon a data processing program which, when executed by a processor, implements the steps in the data processing method according to any one of the above-mentioned embodiments.
The embodiments in the present specification are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, apparatus, or computer program product. Accordingly, embodiments of the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, embodiments of the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
Embodiments of the present invention are described with reference to flowchart illustrations and/or block diagrams of methods, terminal devices (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing terminal to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing terminal, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing terminal to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing terminal to cause a series of operational steps to be performed on the computer or other programmable terminal to produce a computer implemented process such that the instructions which execute on the computer or other programmable terminal provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present invention have been described, additional variations and modifications of these embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all such alterations and modifications as fall within the scope of the embodiments of the invention.
Finally, it should also be noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or terminal that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or terminal. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or terminal that comprises the element.
The data processing method, the data processing apparatus, the client, the server, and the computer-readable storage medium provided by the present invention are described in detail above, and specific examples are applied herein to explain the principles and embodiments of the present invention, and the descriptions of the above embodiments are only used to help understand the method and the core ideas of the present invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present invention.
Claims (16)
1. A data processing method is applied to a server, and the method comprises the following steps: generating a first client white-box algorithm, and storing a target random number corresponding to a target data table, wherein the first client white-box algorithm comprises a preset code and at least two data tables subjected to internal confusion, and the target data table is a data table which is arranged adjacent to the preset code in the at least two data tables;
the method further comprises the following steps:
receiving a data request, wherein the data request comprises client ID information;
generating an external confusion code according to the client ID information, the target data table and the target random number;
replacing the preset code in the first client white-box algorithm with the external obfuscation code to generate a second client white-box algorithm obfuscated with the client ID information;
sending the second client white-box algorithm in response to the data request.
2. The method of claim 1, wherein generating an outer obfuscated encoding from the client ID information, the target data table, and the target nonce comprises:
generating a confusion algorithm by utilizing a preset confusion strategy according to the ID information of the client;
and generating an external confusion code according to the confusion algorithm, the target data table and the target random number.
3. The method of claim 2, wherein generating an outer obfuscated code from the obfuscation algorithm, the target data table, and the target random number comprises:
performing matrix multiplication operation on the confusion algorithm and the target data table;
and carrying out exclusive OR operation on the result generated by the matrix multiplication operation and the target random number to generate an external confusion code.
4. The method of claim 1,
the generating a first client white-box algorithm comprises:
generating at least two data tables subjected to internal confusion according to a preset secret key, a preset processing algorithm and a random number;
generating a preset code according to a preset matrix;
setting the preset codes and the at least two data tables adjacently to generate a first client white box algorithm;
the storing of the target random number corresponding to the target data table includes:
identifying a target data table adjacent to the preset code in the at least two data tables;
and storing the target random number used when the target data table is generated.
5. The method of claim 4,
before generating at least two internally obfuscated data tables according to a preset key, a preset processing algorithm, and a random number, the method further includes:
acquiring a data ID of the data stored in the server;
acquiring a preset secret key and a preset processing algorithm matched with a data ID according to a preset corresponding relation between the data ID and the secret key and the processing algorithm;
the generating at least two data tables subjected to internal confusion according to the preset secret key, the preset processing algorithm and the random number comprises the following steps: generating at least two data tables which correspond to the data ID and are subjected to internal confusion according to the random number, a preset secret key matched with the data ID and a preset processing algorithm;
after the preset codes are arranged adjacent to the at least two data tables and a first client white-box algorithm is generated, the method further includes: generating a correspondence between the data ID and the first client white-box algorithm.
6. The method of claim 1 or 5, wherein the data request further comprises a data ID;
replacing the preset code in the first client white-box algorithm with the external obfuscated code to generate a second client white-box algorithm obfuscated with the client ID information, including:
acquiring a target first client white-box algorithm corresponding to the data ID in the data request according to a preset corresponding relation between the data ID and the first client white-box algorithm;
replacing the preset code in the target first client white-box algorithm with the external obfuscation code to generate a second client white-box algorithm corresponding to the data ID in the data processing request.
7. The method according to claim 1, wherein the data request further includes a client ID information acquisition mode, and before generating the outer obfuscating code according to the client ID information, the target data table, and the target random number, the method further includes:
judging whether the acquisition mode of the ID information of the client is a preset acquisition mode or not;
and if the acquisition mode of the client ID information is a preset acquisition mode, executing a step of generating an external confusion code according to the client ID information, the target data table and the target random number.
8. A data processing apparatus, applied to a server, the apparatus comprising:
the system comprises a first generation module, a second generation module and a third generation module, wherein the first generation module is used for generating a first client white-box algorithm and storing a target random number corresponding to a target data table, the first client white-box algorithm comprises a preset code and at least two data tables subjected to internal confusion, and the target data table is a data table which is arranged adjacent to the preset code in the at least two data tables;
a receiving module, configured to receive a data request, where the data request includes client ID information;
a second generating module, configured to generate an external obfuscated code according to the client ID information, the target data table, and the target random number;
a replacement module, configured to replace the preset code in the first client white-box algorithm with the external obfuscated code, so as to generate a second client white-box algorithm obfuscated with the client ID information;
a response module for sending the second client white-box algorithm in response to the data request.
9. The apparatus of claim 8, wherein the second generating module comprises:
the first generation submodule is used for generating a confusion algorithm by utilizing a preset confusion strategy according to the ID information of the client;
and the second generation submodule is used for generating an external confusion code according to the confusion algorithm, the target data table and the target random number.
10. The apparatus of claim 9, wherein the second generation submodule comprises:
the first operation unit is used for carrying out matrix multiplication operation on the confusion algorithm and the target data table;
and the second operation unit is used for carrying out exclusive OR operation on the result generated by the matrix multiplication operation and the target random number so as to generate the external confusion code.
11. The apparatus of claim 8, wherein the first generating module comprises:
the third generation submodule is used for generating at least two data tables subjected to internal confusion according to a preset secret key, a preset processing algorithm and a random number;
the fourth generation submodule is used for generating a preset code according to the preset matrix;
a fifth generation submodule, configured to set the preset code adjacent to the at least two data tables, and generate a first client white-box algorithm;
the identification submodule is used for identifying a target data table adjacent to the preset code in the at least two data tables;
and the storage submodule is used for storing the target random number used when the target data table is generated.
12. The apparatus of claim 11, further comprising:
the first acquisition module is used for acquiring the data ID of the data stored in the server;
the second acquisition module is used for acquiring a preset secret key and a preset processing algorithm which are matched with the data ID according to the preset corresponding relation between the data ID and the secret key and the processing algorithm;
the third generation submodule is further configured to generate at least two internally obfuscated data tables corresponding to the data ID according to a random number, a preset key matched with the data ID, and a preset processing algorithm;
and the third generation module is used for generating a corresponding relation between the data ID and the first client white box algorithm.
13. The apparatus of claim 8 or 12,
the replacement module includes:
the obtaining submodule is used for obtaining a target first client side white box algorithm corresponding to the data ID in the data request according to the preset corresponding relation between the data ID and the first client side white box algorithm when the data request also comprises the data ID;
and the replacing submodule is used for replacing the preset code in the target first client white-box algorithm with the external obfuscated code so as to generate a second client white-box algorithm corresponding to the data ID in the data processing request.
14. The apparatus of claim 8, further comprising:
the judging module is used for judging whether the obtaining mode of the ID information of the client is a preset obtaining mode or not when the data request further comprises the obtaining mode of the ID information of the client;
the second generating module is further configured to generate an external confusion code according to the client ID information, the target data table, and the target random number if the obtaining manner of the client ID information is a preset obtaining manner.
15. A server, comprising: memory, processor and data processing program stored on the memory and executable on the processor, which when executed by the processor implements the steps of the data processing method according to any one of claims 1 to 7.
16. A computer-readable storage medium, on which a data processing program is stored, which when executed by a processor implements the steps in the data processing method according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910281419.1A CN110149311B (en) | 2019-04-09 | 2019-04-09 | Data processing method, device, server and readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910281419.1A CN110149311B (en) | 2019-04-09 | 2019-04-09 | Data processing method, device, server and readable storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110149311A CN110149311A (en) | 2019-08-20 |
| CN110149311B true CN110149311B (en) | 2021-05-25 |
Family
ID=67588332
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910281419.1A Active CN110149311B (en) | 2019-04-09 | 2019-04-09 | Data processing method, device, server and readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110149311B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110611830A (en) * | 2019-09-29 | 2019-12-24 | 腾讯科技(深圳)有限公司 | Video processing method, device, equipment and medium |
| CN111343421B (en) * | 2020-02-19 | 2020-12-29 | 成都三零凯天通信实业有限公司 | Video sharing method and system based on white-box encryption |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP2940917A1 (en) * | 2014-04-28 | 2015-11-04 | Nxp B.V. | Behavioral fingerprint in a white-box implementation |
| CN105681025A (en) * | 2016-01-29 | 2016-06-15 | 中国科学院信息工程研究所 | Security white box realizing method and device for national cipher standard algorithm SM4 |
| CN107947917A (en) * | 2017-12-29 | 2018-04-20 | 北京梆梆安全科技有限公司 | A kind of method and device for generating whitepack key |
| CN108123794A (en) * | 2017-12-20 | 2018-06-05 | 上海众人网络安全技术有限公司 | The generation method and encryption method of whitepack key, apparatus and system |
| CN108183796A (en) * | 2017-12-29 | 2018-06-19 | 北京梆梆安全科技有限公司 | The method and device of encryption and decryption is carried out using whitepack library file and whitepack key file |
| CN108494546A (en) * | 2018-02-13 | 2018-09-04 | 北京梆梆安全科技有限公司 | A kind of whitepack encryption method, device and storage medium |
-
2019
- 2019-04-09 CN CN201910281419.1A patent/CN110149311B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP2940917A1 (en) * | 2014-04-28 | 2015-11-04 | Nxp B.V. | Behavioral fingerprint in a white-box implementation |
| CN105681025A (en) * | 2016-01-29 | 2016-06-15 | 中国科学院信息工程研究所 | Security white box realizing method and device for national cipher standard algorithm SM4 |
| CN108123794A (en) * | 2017-12-20 | 2018-06-05 | 上海众人网络安全技术有限公司 | The generation method and encryption method of whitepack key, apparatus and system |
| CN107947917A (en) * | 2017-12-29 | 2018-04-20 | 北京梆梆安全科技有限公司 | A kind of method and device for generating whitepack key |
| CN108183796A (en) * | 2017-12-29 | 2018-06-19 | 北京梆梆安全科技有限公司 | The method and device of encryption and decryption is carried out using whitepack library file and whitepack key file |
| CN108494546A (en) * | 2018-02-13 | 2018-09-04 | 北京梆梆安全科技有限公司 | A kind of whitepack encryption method, device and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110149311A (en) | 2019-08-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110855671B (en) | Trusted computing method and system | |
| CN109728914B (en) | Digital signature verification method, system, device and computer readable storage medium | |
| Shankar et al. | An efficient image encryption technique based on optimized key generation in ECC using genetic algorithm | |
| EP3476078B1 (en) | Systems and methods for authenticating communications using a single message exchange and symmetric key | |
| CN112948784B (en) | Internet of things terminal identity authentication method, computer storage medium and electronic equipment | |
| CN110177073B (en) | Data processing method, device, system and computer readable storage medium | |
| CN107317677B (en) | Secret key storage and equipment identity authentication method and device | |
| US20170085543A1 (en) | Apparatus and method for exchanging encryption key | |
| CN108632296B (en) | Dynamic encryption and decryption method for network communication | |
| CN106650482A (en) | Electronic file encryption method and device, electronic file decryption method and device and electronic file encryption and decryption system | |
| CN113497709A (en) | Trusted data source management method based on block chain, signature device and verification device | |
| CN113128999B (en) | Block chain privacy protection method and device | |
| RU2019117050A (en) | ENCRYPTED DATA CONTROL THROUGH MULTIPLE CONTROLS | |
| CN104221023A (en) | Digital rights management | |
| CN109005184A (en) | File encrypting method and device, storage medium, terminal | |
| CN104243439A (en) | File transfer processing method and system and terminals | |
| CN110049032A (en) | A kind of the data content encryption method and device of two-way authentication | |
| CN110149312B (en) | Data processing method, device, system and computer readable storage medium | |
| CN110149311B (en) | Data processing method, device, server and readable storage medium | |
| CN111262852A (en) | Business card signing and issuing method and system based on block chain | |
| CN115150821A (en) | Offline package transmission and storage method and device | |
| CN106789963B (en) | Asymmetric white-box password encryption method, device and equipment | |
| CN107425959A (en) | A kind of method for realizing encryption, system, client and service end | |
| CN110166425B (en) | Data processing method, device, system and computer readable storage medium | |
| CN112528309A (en) | Data storage encryption and decryption method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |