CN111259435A - Contract encryption and decryption method and device and computer readable storage medium - Google Patents

Contract encryption and decryption method and device and computer readable storage medium Download PDF

Info

Publication number
CN111259435A
CN111259435A CN202010024090.3A CN202010024090A CN111259435A CN 111259435 A CN111259435 A CN 111259435A CN 202010024090 A CN202010024090 A CN 202010024090A CN 111259435 A CN111259435 A CN 111259435A
Authority
CN
China
Prior art keywords
encryption
contract
key
contract document
decryption
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010024090.3A
Other languages
Chinese (zh)
Inventor
石明川
周琨
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An Technology Shenzhen Co Ltd
Original Assignee
Ping An Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Technology Shenzhen Co Ltd filed Critical Ping An Technology Shenzhen Co Ltd
Priority to CN202010024090.3A priority Critical patent/CN111259435A/en
Priority to PCT/CN2020/093550 priority patent/WO2021139075A1/en
Publication of CN111259435A publication Critical patent/CN111259435A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/008Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0863Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords

Abstract

The invention relates to an information security technology, and discloses a contract encryption and decryption method, which comprises the following steps: receiving a contract document set which passes the verification, carrying out security rating on each contract document in the contract document set according to a preset user viewing authority, and generating encryption level information of each contract document; according to the encryption level information of each contract file in the contract file set, carrying out hierarchical encryption on the contract file set to obtain a target contract file set; receiving a contract document viewing request, wherein the contract document viewing request comprises a user viewing authority, selecting a decryption key corresponding to the user viewing authority from a pre-constructed decryption key set, and decrypting a contract document corresponding to the contract document viewing request in the target contract document set according to the decryption key. The invention also provides a contract encrypting and decrypting device and a computer readable storage medium. The invention realizes the encryption and decryption of the contract.

Description

Contract encryption and decryption method and device and computer readable storage medium
Technical Field
The present invention relates to the field of information security technologies, and in particular, to a method and an apparatus for encrypting and decrypting a contract, and a computer-readable storage medium.
Background
The electronic file refers to information records in different forms such as characters, charts, audio, video and the like formed, handled, transmitted and stored by electronic equipment such as computers in the process of processing public affairs of institutions, groups, enterprises and public institutions and other organizations. With the widespread use of computers and the intensive development of office automation, more and more confidential information exists in the form of electronic documents, such as contracts. Because the electronic file has the characteristics of easy copying, easy modification, easy transfer and the like, the safety and sharing problems of the electronic file are more and more emphasized while the electronic file is more and more widely applied. In the whole life cycle stage of the electronic file, the electronic file can be divided into a generation and circulation stage and an archiving and storing stage of the electronic file. Most of domestic and overseas documents mainly research the security management of the filing and storing stage of electronic files, and even if a small amount of documents talk about the security control problem in the electronic file generating process, the security use problem is not researched in combination with users, and the security use problem of hierarchical encryption multi-level authorization of the users is not deeply researched from the cryptology perspective. Therefore, when the contract is developed or any person can view and check the contract by using the platform, the contract is no longer the template after drafting, and part of the contract should have corresponding security measures, which are not reflected at present, and no measures are taken for the record of the audit change of the contract.
Disclosure of Invention
The invention provides a contract encryption and decryption method, a contract encryption and decryption device and a computer readable storage medium, and mainly aims to provide an efficient contract encryption and decryption method for a user when the user encrypts and decrypts the contract.
In order to achieve the above object, the present invention provides a method for encrypting and decrypting a contract, comprising:
receiving a contract document set which passes the verification, carrying out security rating on each contract document in the contract document set according to a preset user viewing authority, and generating encryption level information of each contract document;
according to the encryption level information of each contract file in the contract file set, carrying out hierarchical encryption on the contract file set to obtain a target contract file set, wherein the target contract file set comprises a plurality of target contract file subsets with different encryption levels, and the encryption levels correspond to the user viewing permission;
receiving a contract document viewing request, wherein the contract document viewing request comprises a user viewing authority, selecting a decryption key corresponding to the user viewing authority from a pre-constructed decryption key set, and decrypting a contract document corresponding to the contract document viewing request in the target contract document set according to the decryption key.
Optionally, the step of performing hierarchical encryption on the contract document set to obtain a target contract document set includes:
acquiring an initial secret key, generating an encryption secret key corresponding to the encryption level information, and combining a plurality of encryption secret keys corresponding to the encryption level information into an encryption secret key set;
and carrying out hierarchical encryption on the contract document set according to the encryption key set to obtain the target contract document set, wherein the target contract document set comprises a confidential contract document subset with sequentially decreasing encryption levels, a core contract document subset and a common contract document subset.
Optionally, the obtaining an initial key, and generating an encryption key corresponding to the encryption level information includes:
obtaining a public key of the initial key, encrypting a one-way encryption function of the initial key through the public key to generate an encryption key corresponding to the encryption level information, wherein the one-way encryption function is a key K0After encryption, sequentially iterating to generate a secret key K from low to high1、K2And K3
Optionally, the encrypting the initial key with a one-way encryption function includes:
encrypting any plaintext M in the initial secret key to obtain:
C=E(M)=Memod N, where E (M) represents the encrypted plaintext M, e represents the infinite noncircular decimal number, and mod N represents the number of encryption times;
any two plaintexts M in the initial keyx,MyCarrying out homomorphic multiplication encryption to obtain:
Figure BDA0002360854180000021
wherein, E (M)x) Representing encrypted plaintext Mx,E(My) Representing encrypted plaintext My
Any plaintext M in the initial key1,M2,…MnCarrying out homomorphic multiplication encryption to obtain:
E(M1)*E(M2)*…E(Mn)=E(M1*M2*…Mn)。
optionally, the selecting, from a pre-established decryption key set, a decryption key corresponding to the user viewing right includes:
acquiring a private key which is distributed in advance and corresponds to the user viewing authority;
and decrypting the corresponding one-way encryption function according to the one-way decryption function in the private key to generate a decryption key corresponding to the user viewing authority, wherein the one-way decryption function sequentially iterates to generate keys of high-to-low levels according to the one-way encryption function.
Further, to achieve the above object, the present invention also provides an apparatus for encrypting and decrypting a contract, the apparatus including a memory and a processor, the memory having stored therein an encrypting and decrypting program for a contract executable on the processor, the encrypting and decrypting program for a contract, when executed by the processor, realizing the steps of:
receiving a contract document set which passes the verification, carrying out security rating on each contract document in the contract document set according to a preset user viewing authority, and generating encryption level information of each contract document;
according to the encryption level information of each contract file in the contract file set, carrying out hierarchical encryption on the contract file set to obtain a target contract file set, wherein the target contract file set comprises a plurality of target contract file subsets with different encryption levels, and the encryption levels correspond to the user viewing permission;
receiving a contract document viewing request, wherein the contract document viewing request comprises a user viewing authority, selecting a decryption key corresponding to the user viewing authority from a pre-constructed decryption key set, and decrypting a contract document corresponding to the contract document viewing request in the target contract document set according to the decryption key.
Optionally, the step of performing hierarchical encryption on the contract document set to obtain a target contract document set includes:
acquiring an initial secret key, generating an encryption secret key corresponding to the encryption level information, and combining a plurality of encryption secret keys corresponding to the encryption level information into an encryption secret key set;
and carrying out hierarchical encryption on the contract document set according to the encryption key set to obtain the target contract document set, wherein the target contract document set comprises a confidential contract document subset with sequentially decreasing encryption levels, a core contract document subset and a common contract document subset.
Optionally, the obtaining an initial key, and generating an encryption key corresponding to the encryption level information includes:
obtaining a public key of the initial key, encrypting a one-way encryption function of the initial key through the public key to generate an encryption key corresponding to the encryption level information, wherein the one-way encryption function is a key K0After encryption, sequentially iterating to generate a secret key K from low to high1、K2And K3
Optionally, the encrypting the initial key with a one-way encryption function includes:
encrypting any plaintext M in the initial secret key to obtain:
C=E(M)=Memod N, where E (M) represents the encrypted plaintext M, e represents the infinite noncircular decimal number, and mod N represents the number of encryption times;
any two plaintexts M in the initial keyx,MyCarrying out homomorphic multiplication encryption to obtain:
Figure BDA0002360854180000041
wherein, E (M)x) Representing encrypted plaintext Mx,E(My) Representing encrypted plaintext My
Any plaintext M in the initial key1,M2,…MnCarrying out homomorphic multiplication encryption to obtain:
E(M1)*E(M2)*…E(Mn)=E(M1*M2*…Mn)。
further, to achieve the above object, the present invention also provides a computer-readable storage medium having stored thereon a contract encryption and decryption program executable by one or more processors to implement the steps of the contract encryption and decryption method as described above.
The method, the device and the computer-readable storage medium for encrypting and decrypting the contract receive the contract document set passing the audit, and carry out security rating on the contract document set according to the preset user viewing authority; according to the confidentiality rating of the contract document set, carrying out hierarchical encryption on the contract document set to obtain a target contract document set; when a user checks the target contract document set, a decryption key corresponding to the checking authority of the user is selected from a pre-constructed decryption key set, and the target contract document set is decrypted according to the decryption key, so that the encrypted and decrypted result of the contract can be presented to the user.
Drawings
FIG. 1 is a flow chart illustrating a method for encrypting and decrypting a contract according to an embodiment of the present invention;
fig. 2 is a schematic diagram of an internal structure of a contract encryption and decryption apparatus according to an embodiment of the present invention;
fig. 3 is a block diagram illustrating procedures for encrypting and decrypting a contract in the contract encrypting and decrypting apparatus according to an embodiment of the present invention.
The implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
The invention provides a contract encryption and decryption method. Referring to fig. 1, a schematic flow chart of a method for encrypting and decrypting a contract according to an embodiment of the present invention is shown. The method may be performed by an apparatus, which may be implemented by software and/or hardware.
In this embodiment, the method for encrypting and decrypting the contract includes:
s1, receiving the contract document set passing the auditing, carrying out security rating on the contract documents in the contract document set according to the preset user viewing authority, and generating the encryption level information of each contract document.
In a preferred embodiment of the invention, the contract document set based on approval is formed by a contract template written by professional legal personnel and approved by high-level personnel of an enterprise. The contract template can be a labor contract template, a buying and selling contract template, a creditor transfer contract template and the like.
Preferably, the preset user viewing authority in the invention is set according to the importance degree of the contract document set. In detail, the preferred embodiment of the present invention divides the contract documents into three levels, L1, L2 and L3, from low to high, to obtain an L1 contract document set, an L2 contract document set and an L3 contract document set, and completes the security rating of the contract document set according to the division of the three levels of contract document sets. Wherein the L1 contract document set is viewable by all employees of the enterprise; the L2 contract document set is visible for part of departments of the enterprise, and the part of departments can be legal departments, wind control departments, human resource departments and the like; the set of L3 contract documents is visible to some employees of the enterprise, which may be the CEO, CFO, COO, etc. of the enterprise.
And S2, according to the encryption level information of each contract file in the contract file set, carrying out hierarchical encryption on the contract file set to obtain a target contract file set.
In a preferred embodiment of the present invention, an encryption key corresponding to the encryption level information is generated by obtaining an initial key, a plurality of encryption keys corresponding to the encryption level information are combined into an encryption key set, and the contract document set is encrypted in a hierarchical manner according to the encryption key set, so as to obtain the target contract document set, where the target contract document set includes a secret contract document subset, a core contract document subset, and a common contract document subset, whose encryption levels are sequentially decreased. In detail, the encryption keys refer to encryption keys K1, K2, and K3 from low to high, wherein the encryption keys K1, K2, and K3 are respectively encrypted corresponding to the L1, L2, and L3 contract document sets, and are divided into a common contract document subset, a core contract document subset, and a secret contract document subset from low to high according to the contract document set level. Wherein the encryption key K1、K2And K3From an initial key K0Generated by public key encryption. Preferably, the public key encryption of the present invention is a semi-homomorphic encryption. Wherein the homomorphic encryption refers to symmetric encryption, comprising: for a given plaintext (x)1,x2,…,xn) Obtaining a ciphertext c after encrypting by using a homomorphic encryption algorithm, allowing anyone to perform any operation f on the ciphertext c in the homomorphic encryption, and decrypting the ciphertext f (c) obtained after the operation and f (x)1,x2,…,xn) The result of (a) is the same and said (x) is in its encryption process1,x2,…,xn)、f(x1,x2,…,xn) And any intermediate plaintext is not revealed, including the input value, the output value, and the intermediate value, all the time in an encrypted state. Said semi-homomorphic additionCipher refers to asymmetric encryption in which the encrypted plaintext is required to satisfy only either additive or multiplicative homologies. Preferably, the present invention encrypts the RSA encryption algorithm as the semi-homomorphic encryption algorithm.
Preferably, in the present invention, the initial key K is encrypted by the RSA encryption algorithm0Encrypting to generate the encryption key K1、K2And K3According to said encryption key K1、K2And K3The encryption applied to the above-described L1, L2, and L3 contract document sets, respectively, results in the common contract document set, the core contract document set, and the confidential contract document set. Wherein the initial key K0And setting an initial password for the user, wherein the initial password comprises numbers, letters, characters and the like, such as 123, abc, 123abc and the like.
Further, the generating of the encryption key K1、K2And K3The method comprises the following steps: obtaining a Public Key (PK) of the initial key; pairing the initial key K with the PK0Generates the encryption keys K1, K2 and K3. Wherein the one-way encryption function (Epk) is coupled to the key K0After encryption, sequentially iterating to generate a secret key K from low to high1、K2And K3The method comprises the following steps: k1=Epk(K0),K2=Epk(K1),K3=Epk(K2). The public key of the RSA encryption algorithm is (E, N), and the encrypting the one-way encryption function (Epk) of the initial key comprises:
encrypting any plaintext M in the initial secret key to obtain:
C=E(M)=Memod N;
any two plaintexts M in the initial keyx,MyCarrying out homomorphic multiplication encryption to obtain:
Figure BDA0002360854180000061
in the same way, any plaintext M in the initial key is used1,M2,…MnCarrying out homomorphic multiplication encryption to obtain:
E(M1)*E(M2)*…E(Mn)=E(M1*M2*…Mn)。
and S3, when the user views the target contract document set, selecting a decryption key corresponding to the viewing authority of the user from a pre-constructed decryption key set, and decrypting the target contract document set according to the decryption key.
In a preferred embodiment of the invention, a private key (SK) is generated at the same time as the Public Key (PK) of the encryption key, and the set of decryption keys is constructed from the SK. When the target contract file set is decrypted, according to the distributed private key SK, a decryption key not higher than the level of the target contract file set is generated through decryption of a one-way decryption function in the private key and the corresponding one-way encryption function, decryption of the target contract file set is completed through the decryption key, and decryption of the encryption contract lower than the level of the target contract file set is completed. Due to the unidirectional nature of the public key system, the unidirectional encryption function (Epk) may encrypt K0Sequentially and iteratively generating a low-to-high grade secret key K1、K2And K3And the one-way decryption function (Dsk) may be from K1、K2Or K3From high to low, in turn. For example, K2=Epk(K1),K2=Dsk(K3),K1=Dsk(K2). When a user checks the target contract document set, a decryption key corresponding to the checking authority of the user is selected from a pre-constructed decryption key set, and the target contract document set is decrypted according to the decryption key. Wherein, for the lower-level user, under the condition that the user does not disclose the secret key PK, the higher-level decryption secret key can not be obtained, so that the higher-level contract document ciphertext can not be decrypted; and only the first-level lower data decryption key can be obtained by calculation according to the private key SK, the first-level lower contract document is decrypted, the target contract document set is decrypted in a grading manner, and the decrypted target contract document set is recoveredAnd (5) assembling.
The invention also provides a contract encryption and decryption device. Referring to fig. 2, there is shown a schematic diagram of an internal structure of a contract encryption and decryption apparatus according to an embodiment of the present invention.
In this embodiment, the contract encryption and decryption apparatus 1 may be a PC (Personal Computer), a terminal device such as a smart phone, a tablet Computer, or a mobile Computer, or may be a server. The contract encryption and decryption apparatus 1 includes at least a memory 11, a processor 12, a communication bus 13, and a network interface 14.
The memory 11 includes at least one type of readable storage medium, which includes a flash memory, a hard disk, a multimedia card, a card type memory (e.g., SD or DX memory, etc.), a magnetic memory, a magnetic disk, an optical disk, and the like. The memory 11 may in some embodiments be an internal storage unit of the encryption and decryption apparatus 1 of the contract, for example a hard disk of the encryption and decryption apparatus 1 of the contract. The memory 11 may be an external storage device of the contract encryption and decryption apparatus 1 in other embodiments, such as a plug-in hard disk provided on the contract encryption and decryption apparatus 1, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), and the like. Further, the memory 11 may also include both an internal storage unit of the contract encryption and decryption apparatus 1 and an external storage device. The memory 11 can be used not only for storing application software installed in the encryption and decryption apparatus 1 of the contract and various types of data, such as the code of the encryption and decryption program 01 of the contract, but also for temporarily storing data that has been output or is to be output.
The processor 12 may be a Central Processing Unit (CPU), controller, microcontroller, microprocessor or other data Processing chip in some embodiments, and is used for running program codes stored in the memory 11 or Processing data, such as executing the encrypted and decrypted program 01.
The communication bus 13 is used to realize connection communication between these components.
The network interface 14 may optionally include a standard wired interface, a wireless interface (e.g., WI-FI interface), typically used to establish a communication link between the apparatus 1 and other electronic devices.
Optionally, the apparatus 1 may further comprise a user interface, which may comprise a Display (Display), an input unit such as a Keyboard (Keyboard), and optionally a standard wired interface, a wireless interface. Alternatively, in some embodiments, the display may be an LED display, a liquid crystal display, a touch-sensitive liquid crystal display, an OLED (Organic Light-Emitting Diode) touch device, or the like. The display, which may also be referred to as a display screen or display unit, is suitable for displaying information processed in the encryption and decryption apparatus 1 of the contract and for displaying a visual user interface.
Fig. 2 shows only the contract encryption and decryption apparatus 1 with the components 11 to 14 and the contract encryption and decryption program 01, and it will be understood by those skilled in the art that the structure shown in fig. 1 does not constitute a limitation of the contract encryption and decryption apparatus 1, and may include fewer or more components than those shown, or some components in combination, or a different arrangement of components.
In the embodiment of the apparatus 1 shown in fig. 2, the memory 11 stores therein the contract encryption and decryption program 01; the processor 12, when executing the contract encryption and decryption program 01 stored in the memory 11, implements the following steps:
receiving a contract document set passing the auditing, carrying out security rating on contract documents in the contract document set according to preset user viewing permission, and generating encryption level information of each contract document.
In a preferred embodiment of the invention, the contract document set based on approval is formed by a contract template written by professional legal personnel and approved by high-level personnel of an enterprise. The contract template can be a labor contract template, a buying and selling contract template, a creditor transfer contract template and the like.
Preferably, the preset user viewing authority in the invention is set according to the importance degree of the contract document set. In detail, the preferred embodiment of the present invention divides the contract documents into three levels, L1, L2 and L3, from low to high, to obtain an L1 contract document set, an L2 contract document set and an L3 contract document set, and completes the security rating of the contract document set according to the division of the three levels of contract document sets. Wherein the L1 contract document set is viewable by all employees of the enterprise; the L2 contract document set is visible for part of departments of the enterprise, and the part of departments can be legal departments, wind control departments, human resource departments and the like; the set of L3 contract documents is visible to some employees of the enterprise, which may be the CEO, CFO, COO, etc. of the enterprise.
And secondly, carrying out hierarchical encryption on the contract document set according to the encryption level information of each contract document in the contract document set to obtain a target contract document set.
In a preferred embodiment of the present invention, an encryption key corresponding to the encryption level information is generated by obtaining an initial key, a plurality of encryption keys corresponding to the encryption level information are combined into an encryption key set, and the contract document set is encrypted in a hierarchical manner according to the encryption key set, so as to obtain the target contract document set, where the target contract document set includes a secret contract document subset, a core contract document subset, and a common contract document subset, whose encryption levels are sequentially decreased. In detail, the encryption keys refer to encryption keys K1, K2, and K3 from low to high, wherein the encryption keys K1, K2, and K3 are respectively encrypted corresponding to the L1, L2, and L3 contract document sets, and are divided into a common contract document subset, a core contract document subset, and a secret contract document subset from low to high according to the contract document set level. Wherein the encryption key K1、K2And K3From an initial key K0Generated by public key encryption. Preferably, the public key encryption of the present invention is a semi-homomorphic encryption. Wherein the homomorphic encryption refers to symmetric encryption, comprising: for a given plaintext (x)1,x2,…,xn) Encrypting by using a homomorphic encryption algorithm to obtain a ciphertext c, and adding in the homomorphic stateAllowing anyone to perform any operation f on the ciphertext c in the encryption, and decrypting the ciphertext f (c) obtained after the operation and f (x)1,x2,…,xn) The result of (a) is the same and said (x) is in its encryption process1,x2,…,xn)、f(x1,x2,…,xn) And any intermediate plaintext is not revealed, including the input value, the output value, and the intermediate value, all the time in an encrypted state. The semi-homomorphic encryption refers to asymmetric encryption, and encryption plaintext is required to only satisfy addition homomorphism or multiplication homomorphism in the semi-homomorphic encryption. Preferably, the present invention encrypts the RSA encryption algorithm as the semi-homomorphic encryption algorithm.
Preferably, in the present invention, the initial key K is encrypted by the RSA encryption algorithm0Encrypting to generate the encryption key K1、K2And K3According to said encryption key K1、K2And K3The encryption applied to the above-described L1, L2, and L3 contract document sets, respectively, results in the common contract document set, the core contract document set, and the confidential contract document set. Wherein the initial key K0And setting an initial password for the user, wherein the initial password comprises numbers, letters, characters and the like, such as 123, abc, 123abc and the like.
Further, the generating of the encryption key K1、K2And K3The method comprises the following steps: obtaining a Public Key (PK) of the initial key; pairing the initial key K with the PK0Generates the encryption keys K1, K2 and K3. Wherein the one-way encryption function (Epk) is coupled to the key K0After encryption, sequentially iterating to generate a secret key K from low to high1、K2And K3The method comprises the following steps: k1=Epk(K0),K2=Epk(K1),K3=Epk(K2). The public key of the RSA encryption algorithm is (E, N), and the encrypting the one-way encryption function (Epk) of the initial key comprises:
encrypting any plaintext M in the initial secret key to obtain:
C=E(M)=Memod N;
any two plaintexts M in the initial keyx,MyCarrying out homomorphic multiplication encryption to obtain:
Figure BDA0002360854180000101
in the same way, any plaintext M in the initial key is used1,M2,…MnCarrying out homomorphic multiplication encryption to obtain:
E(M1)*E(M2)*…E(Mn)=E(M1*M2*…Mn)。
and thirdly, when the user checks the target contract document set, selecting a decryption key corresponding to the checking authority of the user from a pre-constructed decryption key set, and decrypting the target contract document set according to the decryption key.
In a preferred embodiment of the invention, a private key (SK) is generated at the same time as the Public Key (PK) of the encryption key, and the set of decryption keys is constructed from the SK. When the target contract file set is decrypted, according to the distributed private key SK, a decryption key not higher than the level of the target contract file set is generated through decryption of a one-way decryption function in the private key and the corresponding one-way encryption function, decryption of the target contract file set is completed through the decryption key, and decryption of the encryption contract lower than the level of the target contract file set is completed. Due to the unidirectional nature of the public key system, the unidirectional encryption function (Epk) may encrypt K0Sequentially and iteratively generating a low-to-high grade secret key K1、K2And K3And the one-way decryption function (Dsk) may be from K1、K2Or K3From high to low, in turn. For example, K2=Epk(K1),K2=Dsk(K3),K1=Dsk(K2). When a user checks the target contract document set, selecting a decryption key corresponding to the checking authority of the user from a pre-constructed decryption key setAnd decrypting the target contract file set according to the decryption key. Wherein, for the lower-level user, under the condition that the user does not disclose the secret key PK, the higher-level decryption secret key can not be obtained, so that the higher-level contract document ciphertext can not be decrypted; and only the first-level lower data decryption key can be obtained by calculation according to the private key SK, the first-level lower contract document is decrypted, the target contract document set is decrypted in a grading manner, and the decrypted target contract document set is recovered.
Alternatively, in other embodiments, the encryption and decryption program of the contract may be divided into one or more modules, and the one or more modules are stored in the memory 11 and executed by one or more processors (in this embodiment, the processor 12) to implement the present invention, and the module referred to in the present invention refers to a series of computer program instruction segments capable of performing a specific function for describing the execution process of the encryption and decryption program of the contract in the encryption and decryption apparatus of the contract.
For example, referring to fig. 3, a schematic diagram of program modules of an encryption and decryption program of a contract in an embodiment of an encryption and decryption apparatus of a contract according to the present invention is shown, in which the encryption and decryption program of the contract can be divided into a security rating module 10, a hierarchical encryption 20, and a hierarchical decryption module 30, exemplarily:
the privacy rating module 10 is for: and receiving a contract document set passing the verification, carrying out security rating on each contract document in the contract document set according to a preset user viewing authority, and generating encryption level information of each contract document.
The hierarchical encryption module 20 is configured to: and according to the encryption level information of each contract file in the contract file set, carrying out hierarchical encryption on the contract file set to obtain a target contract file set, wherein the target contract file set comprises a plurality of target contract file subsets with different encryption levels, and the encryption levels correspond to the user viewing permission.
The hierarchical decryption module 30 is configured to: receiving a contract document viewing request, wherein the contract document viewing request comprises a user viewing authority, selecting a decryption key corresponding to the user viewing authority from a pre-constructed decryption key set, and decrypting a contract document corresponding to the contract document viewing request in the target contract document set according to the decryption key.
The functions or operation steps of the above-mentioned program modules such as the security rating module 10, the hierarchical encryption module 20, and the hierarchical decryption module 30 are substantially the same as those of the above-mentioned embodiments, and are not described herein again.
Furthermore, an embodiment of the present invention also provides a computer-readable storage medium having stored thereon contract encryption and decryption programs, which are executable by one or more processors to implement the following operations:
receiving a contract document set passing the auditing, carrying out security rating on each contract document in the contract document set according to a preset user viewing authority, and generating encryption level information of each contract document;
according to the encryption level information of each contract file in the contract file set, carrying out hierarchical encryption on the contract file set to obtain a target contract file set, wherein the target contract file set comprises a plurality of target contract file subsets with different encryption levels, and the encryption levels correspond to the user viewing permission;
receiving a contract document viewing request, wherein the contract document viewing request comprises a user viewing authority, selecting a decryption key corresponding to the user viewing authority from a pre-constructed decryption key set, and decrypting a contract document corresponding to the contract document viewing request in the target contract document set according to the decryption key.
The embodiment of the computer-readable storage medium of the present invention is substantially the same as the embodiments of the encryption and decryption apparatus and method of the contract, and will not be described in detail herein.
It should be noted that the above-mentioned numbers of the embodiments of the present invention are merely for description, and do not represent the merits of the embodiments. And the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, apparatus, article, or method that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, apparatus, article, or method. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, apparatus, article, or method that includes the element.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium (e.g., ROM/RAM, magnetic disk, optical disk) as described above and includes instructions for enabling a terminal device (e.g., a mobile phone, a computer, a server, or a network device) to execute the method according to the embodiments of the present invention.
The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.

Claims (10)

1. A method of encrypting and decrypting a contract, the method comprising:
receiving a contract document set which passes the verification, carrying out security rating on each contract document in the contract document set according to a preset user viewing authority, and generating encryption level information of each contract document;
according to the encryption level information of each contract file in the contract file set, carrying out hierarchical encryption on the contract file set to obtain a target contract file set, wherein the target contract file set comprises a plurality of target contract file subsets with different encryption levels, and the encryption levels correspond to the user viewing permission;
receiving a contract document viewing request, wherein the contract document viewing request comprises a user viewing authority, selecting a decryption key corresponding to the user viewing authority from a pre-constructed decryption key set, and decrypting a contract document corresponding to the contract document viewing request in the target contract document set according to the decryption key.
2. The method for contract encryption and decryption of claim 1, wherein the step of hierarchically encrypting the contract document set to obtain the target contract document set comprises:
acquiring an initial secret key, generating an encryption secret key corresponding to the encryption level information, and combining a plurality of encryption secret keys corresponding to the encryption level information into an encryption secret key set;
and carrying out hierarchical encryption on the contract document set according to the encryption key set to obtain the target contract document set, wherein the target contract document set comprises a confidential contract document subset with sequentially decreasing encryption levels, a core contract document subset and a common contract document subset.
3. The method for contract encryption and decryption of claim 2, wherein the obtaining an initial key and generating an encryption key corresponding to the encryption level information comprises:
obtaining a public key of the initial key, encrypting a one-way encryption function of the initial key through the public key to generate an encryption key corresponding to the encryption level information, wherein the one-way encryption function is a key K0After encryption, sequentially iterating to generate a secret key K from low to high1、K2And K3
4. The method of contractual encryption and decryption of claim 3, wherein said encrypting the one-way encryption function of the initial key comprises:
encrypting any plaintext M in the initial secret key to obtain:
C=E(M)=Memod N, where E (M) represents the encrypted plaintext M, e represents the infinite noncircular decimal number, and mod N represents the number of encryption times;
any two plaintexts M in the initial keyx,MyCarrying out homomorphic multiplication encryption to obtain:
Figure FDA0002360854170000021
wherein, E (M)x) Representing encrypted plaintext Mx,E(My) Representing encrypted plaintext My
Any plaintext M in the initial key1,M2,...MnCarrying out homomorphic multiplication encryption to obtain:
E(M1)*E(M2)*...E(Mn)=E(M1*M2*...Mn)。
5. the contract encryption and decryption method according to any one of claims 1 to 4, wherein the selecting a decryption key corresponding to the user viewing right from a pre-constructed decryption key set includes:
acquiring a private key which is distributed in advance and corresponds to the user viewing authority;
and decrypting the corresponding one-way encryption function according to the one-way decryption function in the private key to generate a decryption key corresponding to the user viewing authority, wherein the one-way decryption function sequentially iterates to generate keys of high-to-low levels according to the one-way encryption function.
6. An apparatus for contract encryption and decryption, the apparatus comprising a memory and a processor, the memory having stored thereon contract encryption and decryption programs executable on the processor, the contract encryption and decryption programs when executed by the processor implementing the steps of:
receiving a contract document set which passes the verification, carrying out security rating on each contract document in the contract document set according to a preset user viewing authority, and generating encryption level information of each contract document;
according to the encryption level information of each contract file in the contract file set, carrying out hierarchical encryption on the contract file set to obtain a target contract file set, wherein the target contract file set comprises a plurality of target contract file subsets with different encryption levels, and the encryption levels correspond to the user viewing permission;
receiving a contract document viewing request, wherein the contract document viewing request comprises a user viewing authority, selecting a decryption key corresponding to the user viewing authority from a pre-constructed decryption key set, and decrypting a contract document corresponding to the contract document viewing request in the target contract document set according to the decryption key.
7. The contract encryption and decryption apparatus according to claim 6, wherein said step of hierarchically encrypting the contract document set to obtain the target contract document set comprises:
acquiring an initial secret key, generating an encryption secret key corresponding to the encryption level information, and combining a plurality of encryption secret keys corresponding to the encryption level information into an encryption secret key set;
and carrying out hierarchical encryption on the contract document set according to the encryption key set to obtain the target contract document set, wherein the target contract document set comprises a confidential contract document subset with sequentially decreasing encryption levels, a core contract document subset and a common contract document subset.
8. The contract encryption and decryption apparatus according to claim 7, wherein the obtaining an initial key, and generating an encryption key corresponding to the encryption level information includes:
obtaining a public key of the initial key, and performing encryption on the initial secret key through the public keyEncrypting by a one-way encryption function of a key to generate an encryption key corresponding to the encryption level information, wherein the one-way encryption function is to encrypt a key K0After encryption, sequentially iterating to generate a secret key K from low to high1、K2And K3
9. The contract encryption and decryption apparatus according to claim 8, wherein the one-way encryption function encryption of the initial key comprises:
encrypting any plaintext M in the initial secret key to obtain:
C=E(M)=Memod N, where E (M) represents the encrypted plaintext M, e represents the infinite noncircular decimal number, and mod N represents the number of times of encryption;
any two plaintexts M in the initial keyx,MyCarrying out homomorphic multiplication encryption to obtain:
Figure FDA0002360854170000031
wherein, E (M)x) Representing encrypted plaintext Mx,E(My) Representing encrypted plaintext My
10. A computer-readable storage medium, having stored thereon, contract encryption and decryption programs executable by one or more processors to perform the steps of the contract encryption and decryption method of any one of claims 1 to 5.
CN202010024090.3A 2020-01-09 2020-01-09 Contract encryption and decryption method and device and computer readable storage medium Pending CN111259435A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN202010024090.3A CN111259435A (en) 2020-01-09 2020-01-09 Contract encryption and decryption method and device and computer readable storage medium
PCT/CN2020/093550 WO2021139075A1 (en) 2020-01-09 2020-05-29 Contract encryption and decryption method and apparatus, and device and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010024090.3A CN111259435A (en) 2020-01-09 2020-01-09 Contract encryption and decryption method and device and computer readable storage medium

Publications (1)

Publication Number Publication Date
CN111259435A true CN111259435A (en) 2020-06-09

Family

ID=70950313

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010024090.3A Pending CN111259435A (en) 2020-01-09 2020-01-09 Contract encryption and decryption method and device and computer readable storage medium

Country Status (2)

Country Link
CN (1) CN111259435A (en)
WO (1) WO2021139075A1 (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112769868A (en) * 2021-02-07 2021-05-07 深圳市欧瑞博科技股份有限公司 Communication method, communication device, electronic device and storage medium
CN113792324A (en) * 2021-11-16 2021-12-14 聊城高新生物技术有限公司 Agricultural product data interaction method and device based on federal learning and electronic equipment
CN114239081A (en) * 2022-02-25 2022-03-25 华中科技大学同济医学院附属协和医院 Business certificate processing method, system and electronic equipment
CN116090028A (en) * 2023-04-07 2023-05-09 深圳天谷信息科技有限公司 Electronic contract management method, device, equipment and medium capable of configuring security level
CN116089986A (en) * 2023-04-07 2023-05-09 深圳天谷信息科技有限公司 Electronic document management method, device, equipment and medium capable of configuring security policy
CN117390646A (en) * 2023-10-23 2024-01-12 上海合见工业软件集团有限公司 Integrated circuit source file encryption method, electronic equipment and storage medium

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101938497B (en) * 2010-09-26 2013-01-30 深圳大学 Multistage security file structure as well as file access control and secret key management user terminal, service terminal, system and method thereof
CN109614792B (en) * 2018-11-29 2022-02-08 中国电子科技集团公司第三十研究所 Hierarchical file key management method
CN110502918A (en) * 2019-07-09 2019-11-26 杭州电子科技大学 A kind of electronic document access control method and system based on classification safety encryption

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112769868A (en) * 2021-02-07 2021-05-07 深圳市欧瑞博科技股份有限公司 Communication method, communication device, electronic device and storage medium
CN113792324A (en) * 2021-11-16 2021-12-14 聊城高新生物技术有限公司 Agricultural product data interaction method and device based on federal learning and electronic equipment
CN113792324B (en) * 2021-11-16 2022-04-05 聊城高新生物技术有限公司 Agricultural product data interaction method and device based on federal learning and electronic equipment
CN114239081A (en) * 2022-02-25 2022-03-25 华中科技大学同济医学院附属协和医院 Business certificate processing method, system and electronic equipment
CN116090028A (en) * 2023-04-07 2023-05-09 深圳天谷信息科技有限公司 Electronic contract management method, device, equipment and medium capable of configuring security level
CN116089986A (en) * 2023-04-07 2023-05-09 深圳天谷信息科技有限公司 Electronic document management method, device, equipment and medium capable of configuring security policy
CN116090028B (en) * 2023-04-07 2023-08-04 深圳天谷信息科技有限公司 Electronic contract management method, device, equipment and medium capable of configuring security level
CN116089986B (en) * 2023-04-07 2023-08-25 深圳天谷信息科技有限公司 Electronic document management method, device, equipment and medium capable of configuring security policy
CN117390646A (en) * 2023-10-23 2024-01-12 上海合见工业软件集团有限公司 Integrated circuit source file encryption method, electronic equipment and storage medium

Also Published As

Publication number Publication date
WO2021139075A1 (en) 2021-07-15

Similar Documents

Publication Publication Date Title
US11146541B2 (en) Hierarchical data access techniques using derived cryptographic material
US10425223B2 (en) Multiple authority key derivation
CN111259435A (en) Contract encryption and decryption method and device and computer readable storage medium
US9882883B2 (en) Method and system for securing communication
US9872067B2 (en) Source identification for unauthorized copies of content
EP3229397B1 (en) Method for fulfilling a cryptographic request requiring a value of a private key
US10320765B2 (en) Method and system for securing communication
US8934625B2 (en) Method and system for securing communication
US9596263B1 (en) Obfuscation and de-obfuscation of identifiers
Thilakanathan et al. SafeProtect: Controlled data sharing with user-defined policies in cloud-based collaborative environment
Thilakanathan et al. Secure and controlled sharing of data in distributed computing
Sadikin et al. Implementation of RSA 2048-bit and AES 256-bit with digital signature for secure electronic health record application
CN114780923A (en) Electronic seal management and control method and system
Thilakanathan et al. Secure multiparty data sharing in the cloud using hardware-based TPM devices
CN109005196A (en) Data transmission method, data decryption method, device and electronic equipment
Babel et al. Bringing data minimization to digital wallets at scale with general-purpose zero-knowledge proofs
Setiawan et al. Design of secure electronic disposition applications by applying blowfish, SHA-512, and RSA digital signature algorithms to government institution
WO2019178981A1 (en) Password management method and device employing customized rules, terminal apparatus, and storage medium
CN116074110B (en) Method, system, equipment and medium for realizing encrypted file sharing in cloud environment
CN110263553B (en) Database access control method and device based on public key verification and electronic equipment
Bu-Suhaila et al. A Comprehensive Model Driven ‘Secure Mobile Application for KFU Email System’(SMAKE)
Antenor et al. LAF Chat: A Message Encrypting Application Utilizing RSA Algorithm for Android-Based Mobile Device
Sankari et al. Dynamic access control through cryptography in cloud
Singh et al. Encrypted Healthcare We App
Akogun Enhancing Data Security in Cloud Storage Using Residue Number System and Advanced Encryption Standard

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
REG Reference to a national code

Ref country code: HK

Ref legal event code: DE

Ref document number: 40030786

Country of ref document: HK

SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination