CN110995433A

CN110995433A - Data encryption method and device, electronic equipment and computer readable storage medium

Info

Publication number: CN110995433A
Application number: CN201911032679.1A
Authority: CN
Inventors: 张晓栋; 蒋国宝; 张博军
Original assignee: Beijing Sankuai Online Technology Co Ltd
Current assignee: Beijing Sankuai Online Technology Co Ltd
Priority date: 2019-10-28
Filing date: 2019-10-28
Publication date: 2020-04-10

Abstract

The embodiment of the disclosure provides a data encryption method and device, electronic equipment and a computer-readable storage medium. The method comprises the following steps: carrying out first encryption processing on the identity identification number of the integer type by adopting a symmetric encryption algorithm to obtain an encrypted ciphertext of the integer type, wherein the encrypted ciphertext has a first digit; and performing second encryption processing on the encrypted ciphertext by adopting a partially reversible encryption algorithm to generate a universal unique identification code of a character string type, wherein the universal unique identification code has a second digit. According to the method and the device, the problem that data are stolen due to the fact that a secret key of one encryption algorithm is leaked can be solved by adopting a secondary encryption mode, and the risk that the data are stolen in batches can be avoided even if two encryption algorithms are leaked through a part of reversible encryption algorithms, so that the data safety is improved.

Description

Data encryption method and device, electronic equipment and computer readable storage medium

Technical Field

Embodiments of the present disclosure relate to the field of data encryption processing technologies, and in particular, to a data encryption method and apparatus, an electronic device, and a computer-readable storage medium.

Background

With the generation of a plurality of self-increment continuous int (Integer) type ID (identity identification number) on each platform, the external connection can easily crawl important data property on each platform in batch through the self-increment ID, and therefore the self-increment ID needs to be modified into an irregular character string in an encryption mode.

Currently, common ID Encryption and decryption algorithms are classified into a symmetric Encryption algorithm and an asymmetric Encryption algorithm, and the most widely used algorithms are the AES (Advanced Encryption Standard) algorithm and the rsa (rsa algorithm). The AES algorithm is a symmetric encryption algorithm, and a set of secret keys are shared by encryption and decryption of the symmetric encryption algorithm. The RSA algorithm is an asymmetric encryption algorithm, different secret keys are adopted for encryption and decryption of the asymmetric encryption algorithm, a ciphertext encrypted by a private key can be decrypted by a bow public key, and the security is higher than that of a symmetric encryption algorithm.

The encryption algorithm ensures the ID security on the premise that the secret key cannot be leaked, and once the secret key is leaked, the security of the encryption algorithm is not guaranteed.

Disclosure of Invention

Embodiments of the present disclosure provide a data encryption method, an apparatus, an electronic device, and a computer-readable storage medium, so as to solve the problem that security of a key exposure omission method is not guaranteed by using a double-layer encryption method, and have higher security.

According to a first aspect of embodiments of the present disclosure, there is provided a data encryption method, including:

carrying out first encryption processing on the identity identification number of the integer type by adopting a symmetric encryption algorithm to obtain an encrypted ciphertext of the integer type, wherein the encrypted ciphertext has a first digit;

and performing second encryption processing on the encrypted ciphertext by adopting a partially reversible encryption algorithm to generate a universal unique identification code of a character string type, wherein the universal unique identification code has a second digit.

Optionally, the performing, by using a partially reversible encryption algorithm, a second encryption process on the encrypted ciphertext to generate a universal unique identifier of a string type includes:

adding a marking character string for marking the encrypted ciphertext before a ciphertext number corresponding to the encrypted ciphertext;

adding a randomly generated complement string after the ciphertext number;

and generating a universal unique identification code of the character string type based on the ciphertext number, the marked character string and the padding character string.

Optionally, adding a tag character string for tagging the encrypted ciphertext before the ciphertext number corresponding to the encrypted ciphertext, where the adding includes:

adding a first marking character and a second marking character before a ciphertext number corresponding to the encrypted ciphertext; the first marking character is used for marking the positive value and the negative value of the encrypted ciphertext, and the second marking character is used for marking the number of the ciphertext digits.

adding a randomly generated complement string after the ciphertext number;

performing replacement operation on the ciphertext number to obtain a replacement ciphertext number;

and generating a universal unique identification code of the character string type based on the marking character string, the replacing ciphertext number and the padding character string.

adding a randomly generated complement string after the ciphertext number;

performing replacement operation on the bit complementing character string to obtain a replacement bit complementing character string;

and generating a universal unique identification code of the character string type based on the ciphertext number, the marked character string and the replacement padding character string.

adding a randomly generated complement string after the ciphertext number;

and generating a universal unique identification code of the character string type based on the marking character string, the replacing ciphertext number and the replacing padding character string.

adding a first marking character and a second marking character before a ciphertext number corresponding to the encrypted ciphertext; the first marking character is used for marking the positive value and the negative value of the encrypted ciphertext, and the second marking character is used for marking the number of the ciphertext digits;

the replacement operation is performed based on at least one set of mapping substitution tables associated with the second designator character.

Optionally, the mapping replacement table includes a first mapping replacement table and a second mapping replacement table related to parity of the second indicator character, and character strings in the first mapping replacement table and the second mapping replacement table are not repeated;

wherein, when the number of the cipher text numbers is odd, a first mapping substitution table is adopted to execute substitution operation;

and when the number of the ciphertext digits is an even number, executing the replacement operation by adopting a second mapping replacement table.

Optionally, the mapping replacement table includes a first mapping replacement table, a second mapping replacement table, and a third mapping replacement table, where character strings in the first mapping replacement table, the second mapping replacement table, and the third mapping replacement table are not repeated;

when the number of the ciphertext numbers and the remainder of 3 are 0, a first mapping substitution table pair is adopted to execute substitution operation;

when the number of the ciphertext numbers and the remainder of 3 are 1, executing replacement operation by adopting a second mapping substitution table;

and when the number of the ciphertext digits and the remainder of 3 are 2, adopting a third mapping substitution table to execute the substitution operation.

According to a second aspect of embodiments of the present disclosure, there is provided a data encryption apparatus including:

the encrypted ciphertext acquisition module is used for performing first encryption processing on the identity identification number of the integer type by adopting a symmetric encryption algorithm to obtain an encrypted ciphertext of the integer type, wherein the encrypted ciphertext has a first digit;

and the identity identification generation module is used for performing second encryption processing on the encrypted ciphertext by adopting a part of reversible encryption algorithm to generate a universal unique identification code of the character string type, wherein the universal unique identification code has a second digit.

Optionally, the identity generating module includes:

the first marking character adding sub-module is used for adding a marking character string for marking the encrypted ciphertext before the ciphertext number corresponding to the encrypted ciphertext;

the first complement character adding submodule is used for adding a randomly generated complement character string after the ciphertext number;

and the first identification code generation submodule is used for generating a universal unique identification code of the character string type based on the ciphertext number, the marking character string and the padding character string.

Optionally, the indicating character string includes a first indicating character and a second indicating character, where the first indicating character is used to indicate a positive value and a negative value of the encrypted ciphertext, and the second indicating character is used to indicate the number of the ciphertext digits.

Optionally, the identity generating module includes:

the second marking character adding submodule is used for adding a marking character string for marking the encrypted ciphertext before the ciphertext number corresponding to the encrypted ciphertext;

the second complement character adding submodule is used for adding a randomly generated complement character string after the ciphertext number;

the first replacement ciphertext acquisition sub-module is used for performing replacement operation on the ciphertext number to obtain a replacement ciphertext number;

and the second identification code generation submodule is used for generating a universal unique identification code of the character string type based on the marking character string, the replacing ciphertext number and the padding character string.

Optionally, the identity generating module includes:

a third marking character adding sub-module, configured to add a marking character string for marking the encrypted ciphertext before a ciphertext number corresponding to the encrypted ciphertext;

a third complement character adding submodule, configured to add a randomly generated complement character string after the ciphertext number;

the first replacement bit complement acquisition submodule is used for executing replacement operation on the bit complement string to obtain a replacement bit complement string;

and the third identification code generation submodule is used for generating a universal unique identification code of the character string type based on the ciphertext number, the marked character string and the replacement padding character string.

Optionally, the identity generating module includes:

a fourth marking character adding sub-module, configured to add a marking character string for marking the encrypted ciphertext before a ciphertext number corresponding to the encrypted ciphertext;

a fourth complement character adding submodule, configured to add a randomly generated complement character string after the ciphertext number;

the second replacement ciphertext acquisition sub-module is used for performing replacement operation on the ciphertext number to obtain a replacement ciphertext number;

the second replacement bit complement acquisition submodule is used for executing replacement operation on the bit complement string to obtain a replacement bit complement string;

and the fourth identification code generation submodule is used for generating a universal unique identification code of the character string type based on the marking character string, the replacing ciphertext number and the replacing padding character string.

Optionally, the indicator character string includes a first indicator character and a second indicator character; the first marking character is used for marking the positive value and the negative value of the encrypted ciphertext, and the second marking character is used for marking the number of the ciphertext digits;

According to a third aspect of embodiments of the present disclosure, there is provided an electronic apparatus including:

a processor, a memory, and a computer program stored on the memory and executable on the processor, the processor implementing the data encryption method of any one of the above when executing the program.

According to a fourth aspect of embodiments of the present disclosure, there is provided a computer-readable storage medium storing computer instructions that, when executed by a processor of an electronic device, enable the electronic device to perform any one of the data encryption methods described above.

The embodiment of the disclosure provides a data encryption scheme, which includes that a symmetric encryption algorithm is adopted to perform first encryption processing on an identification number of an integer type to obtain an encrypted ciphertext of the integer type with a first digit, and a partially reversible encryption algorithm is adopted to perform second encryption processing on the encrypted ciphertext to generate a universal unique identification code of a character string type with a second digit. The embodiment of the disclosure can avoid the problem that data is stolen due to the leakage of the key of one encryption algorithm by adopting a secondary encryption mode, and can also avoid the risk that data is stolen in batches even if two encryption algorithms are leaked by adopting a part of reversible encryption algorithms, thereby improving the safety of data.

Drawings

In order to more clearly illustrate the technical solutions of the embodiments of the present disclosure, the drawings needed to be used in the description of the embodiments of the present disclosure will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present disclosure, and it is obvious for those skilled in the art that other drawings can be obtained according to the drawings without inventive exercise.

Fig. 1 is a flowchart illustrating steps of a data encryption method according to an embodiment of the present disclosure;

fig. 2 is a flowchart illustrating steps of a data encryption method according to a second embodiment of the disclosure;

fig. 3 is a flowchart illustrating steps of a data encryption method according to a third embodiment of the present disclosure;

fig. 4 is a flowchart illustrating steps of a data encryption method according to a fourth embodiment of the present disclosure;

fig. 5 is a flowchart illustrating steps of a data encryption method according to a fifth embodiment of the present disclosure;

fig. 5a is a schematic diagram of an encryption/decryption mapping scheme provided by an embodiment of the present disclosure;

FIG. 5b is a schematic diagram of a partially reversible algorithm provided by an embodiment of the present disclosure;

fig. 6 is a schematic structural diagram of a data encryption device according to a sixth embodiment of the present disclosure;

fig. 7 is a schematic structural diagram of an identity generating module provided in the embodiment of the present disclosure;

fig. 8 is a schematic structural diagram of another identity generation module provided in the embodiment of the present disclosure;

fig. 9 is a schematic structural diagram of another identity generation module provided in the embodiment of the present disclosure;

fig. 10 is a schematic structural diagram of another identity generation module provided in the embodiment of the present disclosure.

Detailed Description

Technical solutions in the embodiments of the present disclosure will be clearly and completely described below with reference to the drawings in the embodiments of the present disclosure, and it is apparent that the described embodiments are some, but not all, of the embodiments of the present disclosure. All other embodiments, which can be obtained by a person skilled in the art without making creative efforts based on the embodiments of the present disclosure, belong to the protection scope of the embodiments of the present disclosure.

Referring to fig. 1, a flowchart illustrating steps of a data encryption method according to a first embodiment of the present disclosure is shown. As shown in fig. 1, the data encryption method may specifically include the following steps:

step 101: and carrying out first encryption processing on the identity identification number of the integer type by adopting a symmetric encryption algorithm to obtain an encrypted ciphertext of the integer type, wherein the encrypted ciphertext has a first digit.

The embodiment of the present disclosure may be applied to a scenario in which an identification number of an integer type (i.e., Int type) is encrypted.

An Identity Document (ID) is also called a serial number or an account number, and is a relatively unique code in a certain system. The uniqueness of different data is identified, and different IDs, such as 1001, 1002, …, 10000 … and the like, can be set for different data in a certain website.

A symmetric encryption algorithm (also referred to as a private key encryption algorithm) refers to an encryption algorithm using the same key for encryption and decryption, and requires a key to be set before a sender and a receiver perform secure communication. The symmetric encryption algorithm has the characteristics of open algorithm, small calculated amount, high encryption speed and high encryption efficiency.

The process of the symmetric encryption algorithm is that a data sender processes original data and an encryption key together through a special encryption algorithm, and then the original data and the encryption key are changed into a complex encryption ciphertext to be sent out. After receiving the encrypted ciphertext, if the receiver wants to decode the original data, the receiver needs to decrypt the encrypted ciphertext by using the key used for encryption and the inverse algorithm of the same algorithm, so that the encrypted ciphertext can be restored into readable original data. In the symmetric encryption algorithm, only one key is used, and both the transmitter and the receiver use the key to encrypt and decrypt data.

The symmetric encryption algorithm employed in the present disclosure may be: any one of a DES (Data Encryption Standard) Algorithm, a 3DES (Triple DES) Algorithm, a TDEA (Triple Data Encryption Algorithm), and the like, specifically, may be determined according to a service requirement, and the embodiment of the present disclosure does not limit which symmetric Encryption Algorithm is selected.

The first encryption processing is processing for encrypting an identification number of an integer type by using a symmetric encryption algorithm.

The encrypted ciphertext refers to an integer type ciphertext obtained by encrypting the integer type identification number by using a symmetric encryption algorithm.

The first digit is the length of the encrypted ciphertext, the first digit is a positive integer, and the specific numerical value of the first digit may be 10 digits, 11 digits, and the like, and specifically may be determined according to actual situations.

After the symmetric encryption algorithm is used to encrypt the identification number of the integer type, the encrypted ciphertext of the integer type with the first digit can be obtained, that is, after a string of digital encryption is processed, the encrypted ciphertext of the integer type with the first digit, that is, the ciphertext formed by a string of digital numbers, such as 0937843, can be obtained.

After the symmetric encryption algorithm is used to perform the first encryption processing on the identification number of the integer type to obtain the encrypted ciphertext of the integer type, step 102 is performed.

Step 102: and performing second encryption processing on the encrypted ciphertext by adopting a partially reversible encryption algorithm to generate a universal unique identification code of a character string type, wherein the universal unique identification code has a second digit.

A Universally Unique Identifier (UUID) may be used to identify the uniqueness of different id numbers, the UUID being composed of a set of numbers, capital letters, and/or lowercase letters.

The second encryption processing is processing for performing secondary encryption on the encrypted ciphertext by using a partially reversible encryption algorithm.

The reversible encryption algorithm may include: any one of the symmetric encryption algorithm and the asymmetric encryption algorithm has already been described in the above process, and the details of the disclosure are not repeated herein.

Asymmetric Cryptographic Algorithm (Asymmetric Cryptographic Algorithm) refers to an encryption Algorithm that uses different keys for encryption and decryption, and is also called a public-private key encryption Algorithm.

Asymmetric encryption algorithms require two keys: public key (public key) and private key (private key), public key and private key exist in pairs, if the public key is used to encrypt data, only the corresponding private key can be used to decrypt.

The asymmetric encryption algorithm comprises the following processes: 1. a sender and a receiver both need to generate a pair of public key and private key for encryption and decryption; 2. the private key of the sender is kept secret, and the public key is sent to the receiver; the private key of the receiver is kept secret, and the public key is sent to the sender; 3. when a sender sends information to a receiver, the sender encrypts the information by using a public key of the receiver and sends the encrypted information to the receiver; 4. after receiving the encrypted message, the receiving party can decrypt the encrypted message by adopting the private key of the receiving party.

The asymmetric encryption algorithm has the characteristics of complex algorithm strength and high encryption safety, and in the disclosure, the asymmetric encryption algorithm may be any one of encryption algorithms such as RSA (RSA algorithm ), Elgamal algorithm, and which asymmetric encryption algorithm to select may be determined according to actual situations, which is not limited in the embodiment of the disclosure.

The part of reversible encryption algorithm can also be called as one-way reversible encryption algorithm, the one-way reversible encryption algorithm is that reversible encryption algorithm is adopted in UUID generated by encrypting encrypted ciphertext for the second time, and the padding character string generated randomly is carried, ciphertext digit generated by adopting the reversible encryption algorithm is reversible, and the padding character string generated randomly is irreversible, so the algorithm of the second encryption processing provided in the embodiment of the disclosure is one-way reversible encryption algorithm, that is, part of reversible encryption algorithm.

A string (Character string) is a string of characters consisting of letters, numbers and underlines. The String type, is a String consisting of a series of upper and/or lower case letters, and/or numbers, and/or underlines.

The second digit refers to the length of the UUID, the second digit is a positive integer, and the specific value of the second digit may be 15 bits, 16 bits, and the like, and of course, the second digit is not less than 14 bits in the present disclosure.

In the present disclosure, since the randomly generated padding string is added to the ciphertext in the partially reversible encryption algorithm, the number of strings in the obtained UUID is necessarily greater than the number of ciphertext digits in the encrypted ciphertext, that is, the second number of digits is greater than the first number of digits.

After the integer type of encrypted ciphertext is obtained, a second encryption process can be performed on the encrypted ciphertext by adopting a partial reversible encryption algorithm, so that a universal unique identification code with a second digit number of a character string type is generated, specifically, a marking character string can be added before the ciphertext number of the encrypted ciphertext, and a padding character string can be added after the ciphertext number, so that the UUID is obtained. Of course, in this process, character replacement may also be performed on the ciphertext digit and/or the padding string, so that the obtained replaced string is used as the UUID.

For the above processes, detailed descriptions will be given in the following embodiments, which are not repeated herein.

For the above process, the following detailed description can be made in conjunction with fig. 5 a.

As shown in fig. 5a, after the ID of the int type is obtained, an encryption process may be performed, and first, a skip32 algorithm (i.e., a symmetric encryption algorithm) is used to perform a first encryption process on the ID of the int type to obtain an encrypted ciphertext of the int type, and then, a partial reversible algorithm is used to perform a second encryption process (i.e., a second encryption process) on the encrypted ciphertext to obtain a UUID. When the UUID needs to be decrypted, the inverse algorithm of the partial reversible algorithm may be used to decrypt the UUID for the first time to obtain the int-type encrypted ciphertext, and then the inverse algorithm of the skip32 algorithm may be used to decrypt the encrypted ciphertext for the second time to obtain the int-type ID.

It is to be understood that the above-mentioned encryption and decryption schemes are only for better understanding of the technical solutions of the embodiments of the present disclosure, and the description scheme of an encryption and decryption process is listed and not to be taken as the only limitation on the embodiments of the present disclosure.

The embodiment of the disclosure can avoid the problem that data is stolen due to the leakage of a secret key of an encryption algorithm by adopting a secondary encryption processing mode, and improves the security of the data.

The data encryption method provided by the embodiment of the disclosure performs first encryption processing on the identification number of the integer type by adopting a symmetric encryption algorithm to obtain the encrypted ciphertext of the integer type with the first digit, and performs second encryption processing on the encrypted ciphertext by adopting a partially reversible encryption algorithm to generate the universal unique identification code of the character string type with the second digit. The embodiment of the disclosure can avoid the problem that data is stolen due to the leakage of the key of one encryption algorithm by adopting a secondary encryption mode, and can also avoid the risk that data is stolen in batches even if two encryption algorithms are leaked by adopting a part of reversible encryption algorithms, thereby improving the safety of data.

Referring to fig. 2, a flowchart illustrating steps of a data encryption method provided in the second embodiment of the present disclosure is shown. As shown in fig. 2, the data encryption method may specifically include the following steps:

step 201: and carrying out first encryption processing on the identity identification number of the integer type by adopting a symmetric encryption algorithm to obtain an encrypted ciphertext of the integer type, wherein the encrypted ciphertext has a first digit.

After the symmetric encryption algorithm is used to perform the first encryption processing on the identification number of the integer type to obtain the encrypted ciphertext of the integer type, step 202 is performed.

Step 202: and adding a marking character string for marking the encrypted ciphertext before the ciphertext number corresponding to the encrypted ciphertext.

The ciphertext number refers to the number that constitutes the encrypted ciphertext.

The marking character string is added before the ciphertext number and is used for marking the number of the ciphertext numbers and the positive and negative values of the encrypted ciphertext.

In this disclosure, the indicating character string may include a first indicating character and a second indicating character, where the first indicating character may be used to indicate a positive value and a negative value of the encrypted ciphertext, and the second indicating character may be used to indicate the number of ciphertext digits of the encrypted ciphertext.

After the encrypted ciphertext is obtained, the tag character string may be added before the ciphertext number of the encrypted ciphertext, that is, the first tag character and the second tag character are added before the ciphertext number.

After adding the marking string for marking the encrypted ciphertext before encrypting the ciphertext number corresponding to the ciphertext, step 203 is executed.

Step 203: and adding a randomly generated complementary bit string after the ciphertext number.

The padding character string is a character string for supplementing the number of cipher text numbers added after the cipher text numbers when the number of cipher text numbers and marker character strings does not reach the set number, for example, if the set number is 16 and the number of cipher text numbers and marker character strings is 12, 4 padding characters need to be supplemented after the cipher text numbers, and the 4 padding characters constitute the padding character string.

It is to be understood that the above examples are only examples set forth for a better understanding of the technical solutions of the embodiments of the present disclosure, and are not to be taken as the only limitations on the embodiments of the present disclosure.

After the marking character string is added before the ciphertext number, the total number of the marking character string and the ciphertext number can be counted, when the total number does not reach the set number, the difference number between the set number and the total number can be calculated, the complementary characters of the difference number are randomly generated, the complementary characters are added after the ciphertext number, and the complementary character string is added after the ciphertext number.

After the randomly generated complement string is added after the ciphertext number, step 204 is performed.

Step 204: and generating a universal unique identification code of the character string type based on the ciphertext number, the marking character string and the padding character string, wherein the universal unique identification code has a second digit.

And after the sign character string is added before the ciphertext number and the complement character string is added after the ciphertext number, the sign character string, the ciphertext number and the complement character string jointly form the UUID with the second digit.

In the embodiment of the disclosure, by adding the randomly generated complementary characters, the number of the marked ciphertext digits and the marked characters of the positive and negative values of the encrypted ciphertext, a partially reversible thought can be formed, and the data security can be improved to a great extent.

Referring to fig. 3, a flowchart illustrating steps of a data encryption method provided in the second embodiment of the present disclosure is shown. As shown in fig. 3, the data encryption method may specifically include the following steps:

step 301: and carrying out first encryption processing on the identity identification number of the integer type by adopting a symmetric encryption algorithm to obtain an encrypted ciphertext of the integer type, wherein the encrypted ciphertext has a first digit.

After the symmetric encryption algorithm is used to perform the first encryption process on the identification number of the integer type to obtain the encrypted ciphertext of the integer type, step 302 is executed

Step 302: and adding a marking character string for marking the encrypted ciphertext before the ciphertext number corresponding to the encrypted ciphertext.

The ciphertext digit may be a string of characters that form an encrypted ciphertext.

After adding a marker string for marking the encrypted ciphertext before encrypting the ciphertext number corresponding to the ciphertext, step 303 is performed.

Step 303: and adding a randomly generated complementary bit string after the ciphertext number.

After the random generated complement string is added after the ciphertext number, step 304 is performed.

Step 304: and performing replacement operation on the ciphertext number to obtain a replacement ciphertext number.

In the embodiment of the present disclosure, replacing ciphertext numbers means that after each ciphertext character in the ciphertext numbers is replaced, corresponding replacement ciphertext characters can be obtained, and the replacement ciphertext characters jointly form replacement ciphertext numbers.

After the marked character string, the ciphertext number and the padding character string are obtained, a replacing operation can be performed on the ciphertext number, namely, each character of the ciphertext number is subjected to character replacement, specifically, a mapping replacing table corresponding to the ciphertext number can be set on a terminal side in advance, when the replacing operation needs to be performed on the ciphertext number, characters matched with each ciphertext character in the ciphertext number can be searched from the mapping replacing table, and each ciphertext character in the ciphertext number is replaced according to the replacing character corresponding to the character matched with each ciphertext character in the mapping replacing table.

After performing the replacing operation on the ciphertext number to obtain a replaced ciphertext number, step 305 is performed.

Step 305: and generating a universal unique identification code of the character string type based on the marking character string, the replacing ciphertext number and the padding character string, wherein the universal unique identification code has a second digit.

And after the replaced ciphertext number is obtained, the marking character string, the replaced ciphertext number and the complement character string jointly form a UUID with a second digit.

In the embodiment of the disclosure, by adding the randomly generated complementary characters, and the marking characters for marking the number of cipher text numbers and the positive and negative values of the encrypted cipher text, a partially reversible thought can be formed, and the data security can be improved to a great extent. In addition, the preset mapping substitution table is adopted to perform substitution operation on the ciphertext number, and under the condition, even if the ciphertext number is acquired by others, the corresponding data is difficult to decrypt, so that the safety of the data can be further ensured.

Referring to fig. 4, a flowchart illustrating steps of a data encryption method according to a fourth embodiment of the present disclosure is shown. As shown in fig. 4, the data encryption method may specifically include the following steps:

step 401: and carrying out first encryption processing on the identity identification number of the integer type by adopting a symmetric encryption algorithm to obtain an encrypted ciphertext of the integer type, wherein the encrypted ciphertext has a first digit.

After the symmetric encryption algorithm is used to perform the first encryption process on the identification number of the integer type to obtain the encrypted ciphertext of the integer type, step 402 is performed.

Step 402: and adding a marking character string for marking the encrypted ciphertext before the ciphertext number corresponding to the encrypted ciphertext.

After adding a tag character string for tagging the encrypted ciphertext before encrypting the ciphertext number corresponding to the ciphertext, step 403 is performed.

Step 403: and adding a randomly generated complementary bit string after the ciphertext number.

After the randomly generated complement string is added after the ciphertext number, step 404 is performed.

Step 404: and performing replacement operation on the bit complementing character string to obtain a replacement bit complementing character string.

In the embodiment of the present disclosure, replacing the complement bit string means that after each complement bit character in the complement bit string is replaced, a corresponding replacement complement bit character can be obtained, and the replacement complement bit characters jointly form the replacement complement bit string.

After the marked character string, the ciphertext number and the complement character string are obtained, a replacement operation can be performed on the complement character string, that is, each character of the complement character string is subjected to character replacement, specifically, a mapping replacement table corresponding to the complement character string can be set at a terminal side in advance, when the replacement operation needs to be performed on the complement character string, characters matched with each complement character in the complement character string can be searched from the mapping replacement table, and each complement character in the complement character string is replaced according to the replacement character corresponding to the character matched with each complement character in the mapping replacement table.

After performing the replacement operation on the complement string to obtain a replacement complement string, step 405 is performed.

Step 405: and generating a universal unique identification code of the character string type based on the ciphertext number, the marking character string and the replacement padding character string, wherein the universal unique identification code has a second digit number.

And after the replacement padding character string is obtained, the marking character string, the ciphertext number and the replacement padding character string jointly form a UUID with a second digit in the character string type.

In the embodiment of the disclosure, by adding the randomly generated complementary characters, the number of the marked ciphertext digits and the marked characters of the positive and negative values of the encrypted ciphertext, a partially reversible thought can be formed, and the data security can be improved to a great extent. In addition, the preset mapping replacement table is adopted to perform replacement operation on the bit complementing character string, and under the condition, even if the bit complementing character string is acquired by others, the corresponding data is difficult to decrypt, and the safety of the data can be further ensured.

Referring to fig. 5, a flowchart illustrating steps of a data encryption method according to a fifth embodiment of the present disclosure is shown. As shown in fig. 5, the data encryption method may specifically include the following steps:

step 501: and carrying out first encryption processing on the identity identification number of the integer type by adopting a symmetric encryption algorithm to obtain an encrypted ciphertext of the integer type, wherein the encrypted ciphertext has a first digit.

After the symmetric encryption algorithm is used to perform the first encryption processing on the integer type id number to obtain the integer type encrypted ciphertext, step 502 is performed.

Step 502: and adding a marking character string for marking the encrypted ciphertext before the ciphertext number corresponding to the encrypted ciphertext.

After adding the indicating character string for indicating the encrypted ciphertext before encrypting the ciphertext number corresponding to the ciphertext, step 503 is executed.

Step 503: and adding a randomly generated complementary bit string after the ciphertext number.

After the randomly generated complement string is added after the ciphertext number, step 504 is performed.

Step 504: and performing replacement operation on the ciphertext number to obtain a replacement ciphertext number.

Step 505: and performing replacement operation on the bit complementing character string to obtain a replacement bit complementing character string.

The replacement of the complement bit string means that after each complement bit character in the complement bit string is replaced, corresponding replacement complement bit characters can be obtained, and the replacement complement bit characters jointly form the replacement complement bit string.

It is to be understood that, the execution order of the step 504 and the step 505 is not sequential, and the step 504 may be executed first, and then the step 505 is executed; step 505 may be performed first, and then step 504 may be performed, which may be determined according to actual situations.

After the replacement operation is performed on both the ciphertext digit and the complement string, and a replacement ciphertext digit and a replacement complement string are obtained, step 506 is performed.

Step 506: and generating a universal unique identification code of the character string type based on the marking character string, the replacing ciphertext number and the replacing padding character string, wherein the universal unique identification code has a second digit.

And after the replaced ciphertext number and the replacement complement character string are obtained, the marking character string, the replaced ciphertext number and the replacement complement character string jointly form a UUID with a second digit.

In the embodiment of the disclosure, by adding the randomly generated complementary characters, and the marking characters for marking the number of cipher text numbers and the positive and negative values of the encrypted cipher text, a partially reversible thought can be formed, and the data security can be improved to a great extent. In addition, the preset mapping substitution table is adopted to perform substitution operation on the ciphertext numbers and the complement bit character strings, and under the condition, even if the ciphertext numbers and/or the complement bit character strings are acquired by others, the corresponding data are difficult to decrypt, and the safety of the data can be further ensured.

The second encryption process in the present disclosure is described in detail below with reference to fig. 5 b.

As shown in fig. 5b, after the integer type ID is encrypted, an integer type encrypted ciphertext, that is, an int type ciphertext, may be obtained, first, a flag bit (that is, a flag string) may be added before the ciphertext, and when the flag string is added, the corresponding flag bit may be added in combination with the length of the ciphertext and the positive or negative value of the ciphertext; after the mark bit is added, the mark bit and the ciphertext can be complemented (for example, complementing the bit to 16 bits and the like), complementary bit characters with corresponding bits can be randomly generated according to the missing bit, and the complementary bit characters are added to the ciphertext, so that the adding operation of the complementary bit character string is completed.

So far, the UUID may be obtained by combining the indication bit, the ciphertext, and the complement bit, but in order to further ensure the security of the data, a replacement operation may be performed on the ciphertext and/or the complement bit, and the replacement manner may include three cases: 1. only ciphertext is replaced; 2. only the complement bit is replaced; 3. the ciphertext and the complementary bit are replaced, the specific selection of the replacement mode can be determined according to the service requirement, and the disclosure does not limit the method in real time. After the ciphertext and/or the complementary bit are replaced, the UUID may be obtained by combining the character strings, and specifically, the following three cases may be distinguished:

1. when only the ciphertext is replaced, the marking bit, the replacement ciphertext and the complementary bit jointly form a UUID;

2. when only the complement bit is replaced, the mark bit, the ciphertext and the replacement complement bit jointly form a UUID;

3. when the ciphertext and the complement bit are replaced, the mark bit, the replacement ciphertext and the replacement complement bit jointly form the UUID.

As shown in fig. 5b, after the encryption processing is performed, when decryption is required, the UUID may be decrypted by using an inverse algorithm corresponding to a part of the reversible encryption algorithm, so that a string-type encrypted ciphertext may be obtained.

The above replacement operation may be implemented based on at least one set of mapping substitution tables, and what kind of mapping substitution tables is specifically used may be related according to the parity of the second indicator character, and specifically, the following detailed description is provided in conjunction with the following specific implementation manner.

In one specific implementation of the present disclosure, the mapping replacement table may include a first mapping replacement table and a second mapping replacement table related to parity of the second indicator character, and character strings in the first mapping replacement table and the second mapping replacement table are not repeated.

Wherein, when the number of cipher text numbers is odd, a first mapping substitution table is adopted to execute substitution operation; and when the number of the ciphertext digits is an even number, executing the replacement operation by adopting a second mapping substitution table.

The above described modes of the replacement operation are divided into three types, and when the terminal side is provided with the first mapping replacement table and the second mapping replacement table, the following detailed description is made in combination with the above three replacement modes.

1. Performing substitution operations only on ciphertext numbers

When only the ciphertext number is replaced, the number of the ciphertext number can be determined according to the second character string.

When the number of the ciphertext digits is odd (such as 11, 9, and the like), the first mapping substitution table may be used to perform a substitution operation on the ciphertext digits.

When the number of the ciphertext digits is even (such as 12, 10, etc.), a second mapping substitution table may be used to perform a substitution operation on the ciphertext digits.

2. Performing replacement operations only on complement strings

When only the complement string is replaced, the number of ciphertext digits can be determined according to the second string.

When the number of ciphertext digits is odd (such as 11, 9, and the like), the first mapping substitution table may be used to perform a substitution operation on the complement string.

When the number of the ciphertext digits is even (such as 12, 10, etc.), a second mapping substitution table may be used to perform a substitution operation on the complement string.

3. Performing a replacement operation on both ciphertext digit and complement strings

When the replacement operation is performed on both the ciphertext number and the complement string, the number of the ciphertext number may be determined according to the second string.

When the number of the ciphertext digits is odd (such as 11, 9, and the like), the first mapping substitution table may be used to perform a substitution operation on the ciphertext digits and the complement string.

When the number of the ciphertext digits is even (such as 12, 10, etc.), a second mapping substitution table may be used to perform a substitution operation on the ciphertext digits and the complement string.

Of course, which mapping substitution table is specifically used may also be related to the remainder of 3 according to the number of ciphertext digits, and specifically, the following specific implementation manner is described in detail.

In another specific implementation of the present disclosure, three sets of mapping substitution tables, that is, a first mapping substitution table, a second mapping substitution table, and a third mapping substitution table, are provided on the terminal side, and when the number of ciphertext digits and the remainder of 3 are 0, the first mapping substitution table is used to perform the substitution operation. And when the number of the ciphertext digits and the remainder of 3 are 1, adopting a second mapping substitution table to execute the substitution operation. And when the number of the ciphertext digits and the remainder of 3 are 2, adopting a third mapping substitution table to execute the substitution operation.

The above-mentioned three alternative modes are divided into three, and when the terminal side is provided with the first mapping alternative table, the second mapping alternative table and the third mapping alternative table, the following detailed description is made in combination with the above-mentioned three alternative modes.

1. Performing substitution operations only on ciphertext numbers

When only the replacement operation is performed on the ciphertext number, the number of the ciphertext number may be determined according to the second marker character, and then, the remainder obtained by dividing the number by 3 may be determined.

And when the number of the ciphertext numbers and the remainder of 3 are 0, performing substitution operation on the ciphertext numbers by adopting the first mapping substitution table.

And when the number of the ciphertext numbers and the remainder of 3 are 1, performing substitution operation on the ciphertext numbers by adopting a second mapping substitution table.

And when the number of the ciphertext numbers and the remainder of 3 are 2, performing substitution operation on the ciphertext numbers by adopting a third mapping substitution table.

2. Performing replacement operations only on complement strings

When only the replacement operation is performed on the complement character string, the number of ciphertext digits can be determined according to the second marker character, and then, the remainder obtained by dividing the number by 3 can be determined.

And when the number of the ciphertext digits and the remainder of 3 are 0, performing replacement operation on the complement character string by adopting the first mapping replacement table.

And when the number of the ciphertext digits and the remainder of 3 are 1, performing replacement operation on the complement character string by adopting a second mapping replacement table.

And when the number of the ciphertext digits and the remainder of 3 are 2, performing replacement operation on the complement character string by adopting a third mapping replacement table.

3. Performing a replacement operation on both the ciphertext digit and the complement string

When the replacement operation is performed on the ciphertext number and the complement character string, the number of the ciphertext number can be determined according to the second marker character, and then the remainder can be determined by dividing the number by 3.

And when the number of the ciphertext numbers and the remainder of 3 are 0, performing replacement operation on the ciphertext numbers and the complement character strings by adopting the first mapping replacement table.

And when the remainder of the number of the ciphertext digits and 3 is 1, performing replacement operation on the ciphertext digits and the complement character string by adopting a second mapping replacement table.

And when the number of the ciphertext numbers and the remainder of 3 are 2, performing replacement operation on the ciphertext numbers and the complement character strings by adopting a third mapping replacement table.

It should be understood that the two specific implementation manners are only for better understanding of the technical solutions of the embodiments of the present disclosure, and two manners of how to select the mapping substitution table to perform the character string substitution are listed, and are not to be taken as the only limitation on the embodiments of the present disclosure.

In the embodiment of the disclosure, the preset mapping substitution table is adopted to perform the substitution operation on the ciphertext number and/or the complement bit string, and in this case, even if others acquire the substituted ciphertext number and/or the complement bit string, the corresponding data is difficult to decrypt, so that the security of the data can be further improved.

The data encryption method provided by the embodiment of the disclosure, in addition to having the beneficial effects of the data encryption method provided by the first embodiment, can also perform a replacement operation on ciphertext numbers and/or complement character strings by using a preset mapping replacement table, so as to further improve the security of data.

Referring to fig. 6, a schematic structural diagram of a data encryption apparatus according to a sixth embodiment of the present disclosure is shown. As shown in fig. 6, the data encryption apparatus 300 may include: an encrypted ciphertext obtaining module 310 and an id generating module 320, wherein,

the encrypted ciphertext obtaining module 310 may be configured to perform a first encryption process on the integer type id number by using a symmetric encryption algorithm to obtain an integer type encrypted ciphertext, where the encrypted ciphertext has a first number of bits.

After the encrypted ciphertext obtaining module 310 performs encryption processing on the id number of the integer type by using a symmetric encryption algorithm, an encrypted ciphertext of the integer type with the first digit may be obtained, that is, after a string of digital encryption is processed, an encrypted ciphertext of the integer type with the first digit, that is, a ciphertext composed of a string of digital numbers, such as "0937843", may be obtained.

After the encrypted ciphertext obtaining module 310 performs the first encryption processing on the integer type id number by using the symmetric encryption algorithm to obtain the integer type encrypted ciphertext, the id generating module 320 is executed.

The id generation module 320 may be configured to perform a second encryption process on the encrypted ciphertext by using a partially reversible encryption algorithm to generate a universal unique identifier of a character string type, where the universal unique identifier has a second number of bits.

After the integer type of encrypted ciphertext is obtained, the identity generation module 320 may perform a second encryption process on the encrypted ciphertext by using a partial reversible encryption algorithm, so as to generate a universal unique identifier of a string type with a second digit number, specifically, a mark string may be added before the ciphertext number of the encrypted ciphertext, and a complement string may be added after the ciphertext number, so as to obtain a UUID. Of course, in this process, character replacement may also be performed on the ciphertext digit and/or the padding string, so that the obtained replaced string is used as the UUID.

For the above processes, detailed descriptions will be given in the following implementation processes, and the embodiments of the present disclosure will not be described herein again.

As shown in fig. 5a, after the ID of the int type is obtained, an encryption processing process may be entered, first, the encrypted ciphertext obtaining module 210 performs a first encryption process on the ID of the int type by using skip32 algorithm (i.e., symmetric encryption algorithm) to obtain an encrypted ciphertext of an integer type, and then, the identity generating module 320 performs a second encryption process (i.e., a second encryption process) on the encrypted ciphertext by using a partially reversible algorithm to obtain a UUID. When the UUID needs to be decrypted, the inverse algorithm of the partial reversible algorithm may be used to decrypt the UUID for the first time to obtain an integer type encrypted ciphertext, and then the inverse algorithm of the skip32 algorithm may be used to decrypt the encrypted ciphertext for the second time to obtain an int type ID.

In one specific implementation of the present disclosure, as shown in fig. 7, the identity generation module 320 may include: a first tag character adding sub-module 3201, a first complement character adding sub-module 3202, and a first identification code generating sub-module 3203, wherein,

the first tag character adding sub-module 3201 may be configured to add a tag character string for tagging the encrypted ciphertext before a ciphertext number corresponding to the encrypted ciphertext.

After the encrypted ciphertext is obtained, the first flag character adding sub-module 3201 may add a flag character string before the ciphertext number of the encrypted ciphertext, i.e., add the first flag character and the second flag character before the ciphertext number. In particular, it may be described in connection with the following specific implementations.

In another specific implementation manner of the present disclosure, the first marker character adding sub-module 3201 may add a marker character string for marking the encrypted ciphertext before the ciphertext number corresponding to the encrypted ciphertext, where the marker character string includes a first marker character and a second marker character; the first marking character is used for marking the positive value and the negative value of the encrypted ciphertext, and the second marking character is used for marking the number of the ciphertext digits.

In the embodiment of the present disclosure, the first flag character adding sub-module 3201 may add a first flag character and a second flag character before encrypting the ciphertext number corresponding to the ciphertext, and the first flag character and the second flag character together form a flag character string.

The first marking character is used for marking the positive value and the negative value of the encrypted ciphertext, and the second marking character is used for marking the number of ciphertext numbers of the encrypted ciphertext.

The first marker character adding sub-module 3201 adds a marker character string for marking an encrypted ciphertext before encrypting a ciphertext number corresponding to the ciphertext, and then executes the first complementary character adding sub-module 3202.

The first padding character adding sub-module 3202 may be used to add a randomly generated padding string after the ciphertext number.

After the mark character string is added before the ciphertext number, the total number of the mark character string and the ciphertext number may be counted, when the total number does not reach the set number, the difference number between the set number and the total number may be calculated, the complementary characters of the difference number may be randomly generated, and the first complementary character adding sub-module 3202 adds the complementary characters after the ciphertext number, that is, the addition of the complementary character string after the ciphertext number is completed.

The first complementary character adding submodule 3202 executes the first identification code generating submodule 3203 after adding the randomly generated complementary character string after the ciphertext digit.

The first identification code generation sub-module 3203 may be configured to generate a universally unique identification code of a character string type based on the ciphertext number, the flag character string, and the padding character string, where the universally unique identification code has a second number of bits.

After the flag string is added before the ciphertext number and the padding string is added after the ciphertext number, the UUID with the second digit number may be composed by the first identifier generating sub-module 3203 according to the flag string, the ciphertext number and the padding string.

Of course, in the present disclosure, a replacement operation may be performed on ciphertext digits, and UUID may be obtained by combining the ciphertext digits with the replacement, specifically, the following specific implementation manner is described in detail.

In another specific implementation manner of the present disclosure, as shown in fig. 8, the identity generation module 320 may include: a second tagged character adding sub-module 3204, a second padding character adding sub-module 3205, a first replacement ciphertext obtaining sub-module 3206, and a second identification code generating sub-module 3207, wherein,

the second tag character adding sub-module 3204 may be configured to add a tag character string for tagging the encrypted ciphertext before a ciphertext number corresponding to the encrypted ciphertext.

After the encrypted ciphertext is obtained, the second tag character adding sub-module 3204 may add a tag character string before the ciphertext number of the encrypted ciphertext, i.e., add the first tag character and the second tag character before the ciphertext number.

The second sign character adding sub-module 3204 adds a sign character string for marking the encrypted ciphertext before encrypting the ciphertext number corresponding to the ciphertext, and then executes the second complement character adding sub-module 3205.

A second complementary character adding sub-module 3205 may be used to add a randomly generated complementary character string after the ciphertext number.

After the mark character string is added before the ciphertext number, the total number of the mark character string and the ciphertext number may be counted, when the total number does not reach the set number, the difference number between the set number and the total number may be calculated, the complementary characters of the difference number may be randomly generated, and the second complementary character adding sub-module 3205 adds the complementary characters after the ciphertext number, that is, the addition of the complementary character string after the ciphertext number is completed.

The first replacement ciphertext acquisition sub-module 3206 is executed by the second complement character addition sub-module 3205 after the ciphertext number is followed by the randomly generated complement string.

The first replacement ciphertext acquisition sub-module 3206 may be configured to perform a replacement operation on the ciphertext number, resulting in a replacement ciphertext number.

After the marked character string, the ciphertext number and the padding character string are obtained, the first replacement ciphertext acquisition sub-module 3206 may perform a replacement operation on the ciphertext number, that is, perform character replacement on each character of the ciphertext number, specifically, a mapping replacement table corresponding to the ciphertext number may be set at the terminal side in advance, and when the replacement operation needs to be performed on the ciphertext number, the first replacement ciphertext acquisition sub-module 3206 may search a character matching each ciphertext character in the ciphertext number from the mapping replacement table, and replace each ciphertext character in the ciphertext number according to a replacement character corresponding to a character matching each ciphertext character in the mapping replacement table.

After the first replacement ciphertext digit is replaced by the first replacement ciphertext obtaining sub-module 3206, the second identity code generating sub-module 3207 is executed.

The second identification code generation sub-module 3207 may be configured to generate a universally unique identification code of the character string type based on the flag character string, the replacement ciphertext digit, and the padding character string, where the universally unique identification code has a second digit number.

After the replacing ciphertext number is obtained by adding the mark character string before the ciphertext number and adding the complement character string after the ciphertext number and performing replacing operation on the ciphertext number, the UUID with the second digit number can be formed by the second identification code generating sub-module 3207 according to the mark character string, the replacing ciphertext number and the complement character string.

In the present disclosure, the replacement operation may also be performed only on the complement string, and the UUID may be obtained by combining the replacement of the complement string, specifically, the following detailed description is described in combination with the following specific implementation manner.

In another specific implementation of the present disclosure, as shown in fig. 9, the identity generation module 320 may include: a third tag character adding sub-module 3208, a third complement character adding sub-module 3209, a first replacement complement obtaining sub-module 3210, and a third identification code generating sub-module 3211, wherein,

the third tag character adding sub-module 3208 may be configured to add a tag character string for tagging the encrypted ciphertext before a ciphertext number corresponding to the encrypted ciphertext.

After the encrypted ciphertext is obtained, the third tag character adding sub-module 3208 may add a tag character string before the ciphertext number of the encrypted ciphertext, i.e., the first tag character and the second tag character before the ciphertext number.

The third sign character adding sub-module 3208 adds a sign character string for marking the encrypted ciphertext before encrypting the ciphertext number corresponding to the ciphertext, and then executes the third complement character adding sub-module 3209.

A third complementary character adding sub-module 3209 may be used to add a randomly generated complementary character string after the ciphertext number.

After the mark character string is added before the ciphertext number, the total number of the mark character string and the ciphertext number can be counted, when the total number does not reach the set number, the difference number between the set number and the total number can be calculated, the complementary characters of the difference number are randomly generated, the complementary characters are added by the third complementary character adding sub-module 3209 after the ciphertext number, and the complementary character string is added after the ciphertext number.

The first replacement complement obtaining sub-module 3210 is executed after the cipher text number is added with a randomly generated complement string by the third complement character adding sub-module 3209.

The first replacement padding obtaining sub-module 3210 may be configured to perform a replacement operation on the padding string to obtain a replacement padding string.

After the marked character string, the ciphertext number, and the complement character string are obtained, the first replacement complement obtaining sub-module 3210 may perform a replacement operation on the complement character string, that is, perform character replacement on each character of the complement character string, specifically, a mapping replacement table corresponding to the complement character string may be set at the terminal side in advance, when the replacement operation needs to be performed on the complement character string, a character matched with each complement character in the complement character string may be searched from the mapping replacement table, and the first replacement complement obtaining sub-module 3210 replaces each complement character in the complement character string according to a replacement character corresponding to a character matched with each complement character in the mapping replacement table.

After the first replacement padding obtaining submodule 3210 performs a replacement operation on the padding string to obtain a replacement padding string, the third identifier generating submodule 3211 is executed.

The third identifier generating sub-module 3211 may be configured to generate a universally unique identifier of a string type based on the ciphertext number, the flag string, and the replacement padding string, where the universally unique identifier has the second digit number.

After the replacing complement string is obtained by adding the mark string before the ciphertext number and adding the complement string after the ciphertext number and performing a replacing operation on the complement string, the UUID with the second digit number in the string type can be formed by the third identifier generation submodule 3211 according to the mark string, the ciphertext number and the replacing complement string.

In the present disclosure, both the ciphertext number and the complement bit string may be replaced, and a UUID may be obtained by combining the replacement ciphertext number and the replacement complement bit string, specifically, the following specific implementation manner is described in detail.

In another specific implementation manner of the present disclosure, as shown in fig. 10, the identity generation module 320 may include: a fourth marker character adding sub-module 3212, a fourth complementary character adding sub-module 3213, a second replaced ciphertext obtaining sub-module 3214, a second replaced complementary obtaining sub-module 3215, and a fourth ID generating sub-module 3216,

the fourth marker character adding sub-module 3212 may be configured to add a marker character string for marking the encrypted ciphertext before the ciphertext number corresponding to the encrypted ciphertext.

After the encrypted ciphertext is obtained, the fourth flag character adding sub-module 3212 may add a flag character string before the ciphertext number of the encrypted ciphertext, that is, add the first flag character and the second flag character before the ciphertext number.

After the fourth marker character adding sub-module 3212 adds a marker character string for marking the encrypted ciphertext before encrypting the ciphertext number corresponding to the ciphertext, the fourth complementary character adding sub-module 3213 is executed.

The fourth complementary character adding sub-module 3213 may be configured to add a randomly generated complementary character string after the ciphertext digit.

After the tag character string is added before the ciphertext number, the total number of the tag character string and the ciphertext number may be counted, and when the total number does not reach the set number, the difference number between the set number and the total number may be calculated, and the complementary characters of the difference number may be randomly generated, and the fourth complementary character adding sub-module 3213 adds the complementary characters after the ciphertext number, that is, the addition of the complementary character string after the ciphertext number is completed.

After a randomly generated complement character string is added after a cipher text number by the fourth complement character adding sub-module 3213, a second replacement cipher text obtaining sub-module 3214 is performed.

The second replacement ciphertext obtaining sub-module 3214 may be configured to perform a replacement operation on the ciphertext number to obtain a replacement ciphertext number.

After the marked character string, the ciphertext number and the padding character string are obtained, the second replacement ciphertext obtaining sub-module 3214 may perform a replacement operation on the ciphertext number, that is, perform character replacement on each character of the ciphertext number, specifically, a mapping replacement table corresponding to the ciphertext number may be set at the terminal side in advance, and when the replacement operation needs to be performed on the ciphertext number, the second replacement ciphertext obtaining sub-module 3214 may search a character matching each ciphertext character in the ciphertext number from the mapping replacement table, and replace each ciphertext character in the ciphertext number according to a replacement character corresponding to a character matching each ciphertext character in the mapping replacement table.

The second replacement padding obtaining sub-module 3215 may be configured to perform a replacement operation on the padding string, so as to obtain a replacement padding string.

After the marked character string, the ciphertext number, and the complement character string are obtained, the second replacement complement obtaining sub-module 3215 may perform a replacement operation on the complement character string, that is, perform character replacement on each character of the complement character string, specifically, a mapping replacement table corresponding to the complement character string may be set at the terminal side in advance, and when the replacement operation needs to be performed on the complement character string, the second replacement complement obtaining sub-module 3215 may search, from the mapping replacement table, for a character matching each complement character in the complement character string, and replace each complement character in the complement character string according to a replacement character corresponding to a character matching each complement character in the mapping replacement table.

It can be understood that, the execution order of the second replacement ciphertext obtaining sub-module 3214 and the second replacement complement obtaining sub-module 3215 is not consecutive, the second replacement ciphertext obtaining sub-module 3214 may be executed first, and then the second replacement complement obtaining sub-module 3215 may be executed; the second replacement complement obtaining submodule 3215 may be executed first, and then the second replacement ciphertext obtaining submodule 3214 may be executed, which may be determined according to an actual situation.

After the replacement operation is performed on both the ciphertext number and the complement string and the replacement ciphertext number and the replacement complement string are obtained, the fourth identifier generation sub-module 3216 is performed.

The fourth identification code generating sub-module 3216 may be configured to generate a universally unique identification code of a string type based on the flag string, the replacement ciphertext digit, and the replacement padding string, where the universally unique identification code has the second digit number.

After the replacing ciphertext number and the replacing complement string are obtained by adding the mark character string before the ciphertext number and adding the complement string after the ciphertext number and performing replacing operation on the ciphertext number and the complement string, the UUID with the second number of bits can be formed by the fourth identifier generation submodule 3216 according to the mark character string, the replacing ciphertext number and the replacing complement string.

Of course, in the sub-modules for adding the marker character string, the second marker character adding sub-module 3201, the third marker character adding sub-module 3208 and the fourth marker character adding sub-module 3212 are used to add the marker character string for marking the encrypted ciphertext before the ciphertext number corresponding to the encrypted ciphertext, where the marker character string includes a first marker character and a second marker character; the first marking character is used for marking the positive value and the negative value of the encrypted ciphertext, and the second marking character is used for marking the number of the ciphertext digits.

In the embodiment of the present disclosure, the second tag character adding sub-module 3201, the third tag character adding sub-module 3208, and the fourth tag character adding sub-module 3212 may add the first tag character and the second tag character before encrypting the ciphertext number corresponding to the ciphertext, and the first tag character and the second tag character together form a tag character string.

The above replacement operation is implemented based on at least one set of mapping substitution tables, and the at least one set of mapping substitution tables may be associated with the second indicator character.

In order to further ensure the security of data, a replacement operation may be further performed on the ciphertext and/or the complement, and the replacement manner may include three cases: 1. only ciphertext is replaced; 2. only the complement bit is replaced; 3. the ciphertext and the complementary bit are replaced, the specific selection of the replacement mode can be determined according to the service requirement, and the disclosure does not limit the method in real time. After the ciphertext and/or the complementary bit are replaced, the UUID may be obtained by combining the character strings, and specifically, the following three cases may be distinguished:

1. Performing substitution operations only on ciphertext numbers

2. Performing replacement operations only on complement strings

1. Performing substitution operations only on ciphertext numbers

2. Performing replacement operations only on complement strings

1. Performing substitution operations only on ciphertext numbers

2. Performing replacement operations only on complement strings

1. Performing substitution operations only on ciphertext numbers

2. Performing replacement operations only on complement strings

The data encryption device provided by the embodiment of the disclosure performs first encryption processing on the identification number of the integer type by adopting a symmetric encryption algorithm to obtain the encrypted ciphertext of the integer type with the first digit, and performs second encryption processing on the encrypted ciphertext by adopting a partially reversible encryption algorithm to generate the universal unique identification code of the character string type with the second digit. The embodiment of the disclosure can avoid the problem that data is stolen due to the leakage of the key of one encryption algorithm by adopting a secondary encryption mode, and can also avoid the risk that data is stolen in batches even if two encryption algorithms are leaked by adopting a part of reversible encryption algorithms, thereby improving the safety of data.

An embodiment of the present disclosure also provides an electronic device, including: a processor, a memory and a computer program stored on the memory and executable on the processor, the processor implementing the data encryption method of the foregoing embodiments when executing the program.

Embodiments of the present disclosure also provide a computer-readable storage medium, in which instructions, when executed by a processor of an electronic device, enable the electronic device to perform the data encryption method of the foregoing embodiments.

For the device embodiment, since it is basically similar to the method embodiment, the description is simple, and for the relevant points, refer to the partial description of the method embodiment.

The algorithms and displays presented herein are not inherently related to any particular computer, virtual machine, or other apparatus. Various general purpose systems may also be used with the teachings herein. The required structure for constructing such a system will be apparent from the description above. In addition, embodiments of the present disclosure are not directed to any particular programming language. It is appreciated that a variety of programming languages may be used to implement the teachings of the embodiments of the present disclosure as described herein, and any descriptions of specific languages are provided above to disclose the best modes of the embodiments of the present disclosure.

In the description provided herein, numerous specific details are set forth. However, it is understood that embodiments of the disclosure may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.

Similarly, it should be appreciated that in the foregoing description of exemplary embodiments of the disclosure, various features of the embodiments of the disclosure are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure and aiding in the understanding of one or more of the various inventive aspects. However, the disclosed method should not be interpreted as reflecting an intention that: that is, claimed embodiments of the disclosure require more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the detailed description are hereby expressly incorporated into this detailed description, with each claim standing on its own as a separate embodiment of an embodiment of this disclosure.

Those skilled in the art will appreciate that the modules in the device in an embodiment may be adaptively changed and disposed in one or more devices different from the embodiment. The modules or units or components of the embodiments may be combined into one module or unit or component, and furthermore they may be divided into a plurality of sub-modules or sub-units or sub-components. All of the features disclosed in this specification (including any accompanying claims, abstract and drawings), and all of the processes or elements of any method or apparatus so disclosed, may be combined in any combination, except combinations where at least some of such features and/or processes or elements are mutually exclusive. Each feature disclosed in this specification (including any accompanying claims, abstract and drawings) may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.

The various component embodiments of the disclosure may be implemented in hardware, or in software modules running on one or more processors, or in a combination thereof. It will be understood by those skilled in the art that a microprocessor or Digital Signal Processor (DSP) may be used in practice to implement some or all of the functions of some or all of the components in a motion picture generating device according to an embodiment of the present disclosure. Embodiments of the present disclosure may also be implemented as an apparatus or device program for performing a portion or all of the methods described herein. Such programs implementing embodiments of the present disclosure may be stored on a computer readable medium or may be in the form of one or more signals. Such a signal may be downloaded from an internet website or provided on a carrier signal or in any other form.

It should be noted that the above-mentioned embodiments illustrate rather than limit embodiments of the disclosure, and that those skilled in the art will be able to design alternative embodiments without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. Embodiments of the disclosure may be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In the unit claims enumerating several means, several of these means may be embodied by one and the same item of hardware. The usage of the words first, second and third, etcetera do not indicate any ordering. These words may be interpreted as names.

It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.

The above description is only for the purpose of illustrating the preferred embodiments of the present disclosure and is not to be construed as limiting the embodiments of the present disclosure, and any modifications, equivalents, improvements and the like that are made within the spirit and principle of the embodiments of the present disclosure are intended to be included within the scope of the embodiments of the present disclosure.

The above description is only a specific implementation of the embodiments of the present disclosure, but the scope of the embodiments of the present disclosure is not limited thereto, and any person skilled in the art can easily conceive of changes or substitutions within the technical scope of the embodiments of the present disclosure, and all the changes or substitutions should be covered by the scope of the embodiments of the present disclosure. Therefore, the protection scope of the embodiments of the present disclosure shall be subject to the protection scope of the claims.

Claims

1. A method for data encryption, comprising:

2. The data encryption method according to claim 1, wherein the second encryption processing on the encrypted ciphertext by using the partially reversible encryption algorithm to generate the universally unique identifier of the character string type includes:

adding a randomly generated complement string after the ciphertext number;

3. The data encryption method of claim 2, wherein the marker string comprises a first marker character and a second marker character; the first marking character is used for marking the positive value and the negative value of the encrypted ciphertext, and the second marking character is used for marking the number of the ciphertext digits.

4. The data encryption method according to claim 1, wherein the second encryption processing on the encrypted ciphertext by using the partially reversible encryption algorithm to generate the universally unique identifier of the character string type includes:

adding a randomly generated complement string after the ciphertext number;

5. The data encryption method according to claim 1, wherein the second encryption processing on the encrypted ciphertext by using the partially reversible encryption algorithm to generate the universally unique identifier of the character string type includes:

adding a randomly generated complement string after the ciphertext number;

6. The data encryption method according to claim 1, wherein the second encryption processing on the encrypted ciphertext by using the partially reversible encryption algorithm to generate the universally unique identifier of the character string type includes:

adding a randomly generated complement string after the ciphertext number;

7. The data encryption method according to any one of claims 4 to 6, wherein the adding of a marker string for marking the encrypted ciphertext before the ciphertext number corresponding to the encrypted ciphertext comprises:

8. The data encryption method according to claim 7, wherein the mapping substitution table includes a first mapping substitution table and a second mapping substitution table related to parity of the second indicator character, and character strings in the first mapping substitution table and the second mapping substitution table are not repeated;

9. The data encryption method according to claim 7, wherein the mapping substitution table includes a first mapping substitution table, a second mapping substitution table, and a third mapping substitution table, and character strings in the first mapping substitution table, the second mapping substitution table, and the third mapping substitution table are not repeated;

10. A data encryption apparatus, comprising:

11. An electronic device, comprising:

a processor, a memory and a computer program stored on the memory and executable on the processor, the processor implementing the data encryption method of any one of claims 1 to 9 when executing the program.

12. A computer-readable storage medium having stored thereon computer instructions which, when executed by a processor of an electronic device, enable the electronic device to perform the data encryption method of any one of claims 1 to 9.