CN111259435A - Contract encryption and decryption method and device and computer readable storage medium - Google Patents
Contract encryption and decryption method and device and computer readable storage medium Download PDFInfo
- Publication number
- CN111259435A CN111259435A CN202010024090.3A CN202010024090A CN111259435A CN 111259435 A CN111259435 A CN 111259435A CN 202010024090 A CN202010024090 A CN 202010024090A CN 111259435 A CN111259435 A CN 111259435A
- Authority
- CN
- China
- Prior art keywords
- encryption
- contract
- key
- contract document
- decryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6209—Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/008—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0863—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
Abstract
The invention relates to an information security technology, and discloses a contract encryption and decryption method, which comprises the following steps: receiving a contract document set which passes the verification, carrying out security rating on each contract document in the contract document set according to a preset user viewing authority, and generating encryption level information of each contract document; according to the encryption level information of each contract file in the contract file set, carrying out hierarchical encryption on the contract file set to obtain a target contract file set; receiving a contract document viewing request, wherein the contract document viewing request comprises a user viewing authority, selecting a decryption key corresponding to the user viewing authority from a pre-constructed decryption key set, and decrypting a contract document corresponding to the contract document viewing request in the target contract document set according to the decryption key. The invention also provides a contract encrypting and decrypting device and a computer readable storage medium. The invention realizes the encryption and decryption of the contract.
Description
Technical Field
The present invention relates to the field of information security technologies, and in particular, to a method and an apparatus for encrypting and decrypting a contract, and a computer-readable storage medium.
Background
The electronic file refers to information records in different forms such as characters, charts, audio, video and the like formed, handled, transmitted and stored by electronic equipment such as computers in the process of processing public affairs of institutions, groups, enterprises and public institutions and other organizations. With the widespread use of computers and the intensive development of office automation, more and more confidential information exists in the form of electronic documents, such as contracts. Because the electronic file has the characteristics of easy copying, easy modification, easy transfer and the like, the safety and sharing problems of the electronic file are more and more emphasized while the electronic file is more and more widely applied. In the whole life cycle stage of the electronic file, the electronic file can be divided into a generation and circulation stage and an archiving and storing stage of the electronic file. Most of domestic and overseas documents mainly research the security management of the filing and storing stage of electronic files, and even if a small amount of documents talk about the security control problem in the electronic file generating process, the security use problem is not researched in combination with users, and the security use problem of hierarchical encryption multi-level authorization of the users is not deeply researched from the cryptology perspective. Therefore, when the contract is developed or any person can view and check the contract by using the platform, the contract is no longer the template after drafting, and part of the contract should have corresponding security measures, which are not reflected at present, and no measures are taken for the record of the audit change of the contract.
Disclosure of Invention
The invention provides a contract encryption and decryption method, a contract encryption and decryption device and a computer readable storage medium, and mainly aims to provide an efficient contract encryption and decryption method for a user when the user encrypts and decrypts the contract.
In order to achieve the above object, the present invention provides a method for encrypting and decrypting a contract, comprising:
receiving a contract document set which passes the verification, carrying out security rating on each contract document in the contract document set according to a preset user viewing authority, and generating encryption level information of each contract document;
according to the encryption level information of each contract file in the contract file set, carrying out hierarchical encryption on the contract file set to obtain a target contract file set, wherein the target contract file set comprises a plurality of target contract file subsets with different encryption levels, and the encryption levels correspond to the user viewing permission;
receiving a contract document viewing request, wherein the contract document viewing request comprises a user viewing authority, selecting a decryption key corresponding to the user viewing authority from a pre-constructed decryption key set, and decrypting a contract document corresponding to the contract document viewing request in the target contract document set according to the decryption key.
Optionally, the step of performing hierarchical encryption on the contract document set to obtain a target contract document set includes:
acquiring an initial secret key, generating an encryption secret key corresponding to the encryption level information, and combining a plurality of encryption secret keys corresponding to the encryption level information into an encryption secret key set;
and carrying out hierarchical encryption on the contract document set according to the encryption key set to obtain the target contract document set, wherein the target contract document set comprises a confidential contract document subset with sequentially decreasing encryption levels, a core contract document subset and a common contract document subset.
Optionally, the obtaining an initial key, and generating an encryption key corresponding to the encryption level information includes:
obtaining a public key of the initial key, encrypting a one-way encryption function of the initial key through the public key to generate an encryption key corresponding to the encryption level information, wherein the one-way encryption function is a key K0After encryption, sequentially iterating to generate a secret key K from low to high1、K2And K3。
Optionally, the encrypting the initial key with a one-way encryption function includes:
encrypting any plaintext M in the initial secret key to obtain:
C=E(M)=Memod N, where E (M) represents the encrypted plaintext M, e represents the infinite noncircular decimal number, and mod N represents the number of encryption times;
any two plaintexts M in the initial keyx,MyCarrying out homomorphic multiplication encryption to obtain:wherein, E (M)x) Representing encrypted plaintext Mx,E(My) Representing encrypted plaintext My;
Any plaintext M in the initial key1,M2,…MnCarrying out homomorphic multiplication encryption to obtain:
E(M1)*E(M2)*…E(Mn)=E(M1*M2*…Mn)。
optionally, the selecting, from a pre-established decryption key set, a decryption key corresponding to the user viewing right includes:
acquiring a private key which is distributed in advance and corresponds to the user viewing authority;
and decrypting the corresponding one-way encryption function according to the one-way decryption function in the private key to generate a decryption key corresponding to the user viewing authority, wherein the one-way decryption function sequentially iterates to generate keys of high-to-low levels according to the one-way encryption function.
Further, to achieve the above object, the present invention also provides an apparatus for encrypting and decrypting a contract, the apparatus including a memory and a processor, the memory having stored therein an encrypting and decrypting program for a contract executable on the processor, the encrypting and decrypting program for a contract, when executed by the processor, realizing the steps of:
receiving a contract document set which passes the verification, carrying out security rating on each contract document in the contract document set according to a preset user viewing authority, and generating encryption level information of each contract document;
according to the encryption level information of each contract file in the contract file set, carrying out hierarchical encryption on the contract file set to obtain a target contract file set, wherein the target contract file set comprises a plurality of target contract file subsets with different encryption levels, and the encryption levels correspond to the user viewing permission;
receiving a contract document viewing request, wherein the contract document viewing request comprises a user viewing authority, selecting a decryption key corresponding to the user viewing authority from a pre-constructed decryption key set, and decrypting a contract document corresponding to the contract document viewing request in the target contract document set according to the decryption key.
Optionally, the step of performing hierarchical encryption on the contract document set to obtain a target contract document set includes:
acquiring an initial secret key, generating an encryption secret key corresponding to the encryption level information, and combining a plurality of encryption secret keys corresponding to the encryption level information into an encryption secret key set;
and carrying out hierarchical encryption on the contract document set according to the encryption key set to obtain the target contract document set, wherein the target contract document set comprises a confidential contract document subset with sequentially decreasing encryption levels, a core contract document subset and a common contract document subset.
Optionally, the obtaining an initial key, and generating an encryption key corresponding to the encryption level information includes:
obtaining a public key of the initial key, encrypting a one-way encryption function of the initial key through the public key to generate an encryption key corresponding to the encryption level information, wherein the one-way encryption function is a key K0After encryption, sequentially iterating to generate a secret key K from low to high1、K2And K3。
Optionally, the encrypting the initial key with a one-way encryption function includes:
encrypting any plaintext M in the initial secret key to obtain:
C=E(M)=Memod N, where E (M) represents the encrypted plaintext M, e represents the infinite noncircular decimal number, and mod N represents the number of encryption times;
any two plaintexts M in the initial keyx,MyCarrying out homomorphic multiplication encryption to obtain:
Any plaintext M in the initial key1,M2,…MnCarrying out homomorphic multiplication encryption to obtain:
E(M1)*E(M2)*…E(Mn)=E(M1*M2*…Mn)。
further, to achieve the above object, the present invention also provides a computer-readable storage medium having stored thereon a contract encryption and decryption program executable by one or more processors to implement the steps of the contract encryption and decryption method as described above.
The method, the device and the computer-readable storage medium for encrypting and decrypting the contract receive the contract document set passing the audit, and carry out security rating on the contract document set according to the preset user viewing authority; according to the confidentiality rating of the contract document set, carrying out hierarchical encryption on the contract document set to obtain a target contract document set; when a user checks the target contract document set, a decryption key corresponding to the checking authority of the user is selected from a pre-constructed decryption key set, and the target contract document set is decrypted according to the decryption key, so that the encrypted and decrypted result of the contract can be presented to the user.
Drawings
FIG. 1 is a flow chart illustrating a method for encrypting and decrypting a contract according to an embodiment of the present invention;
fig. 2 is a schematic diagram of an internal structure of a contract encryption and decryption apparatus according to an embodiment of the present invention;
fig. 3 is a block diagram illustrating procedures for encrypting and decrypting a contract in the contract encrypting and decrypting apparatus according to an embodiment of the present invention.
The implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
The invention provides a contract encryption and decryption method. Referring to fig. 1, a schematic flow chart of a method for encrypting and decrypting a contract according to an embodiment of the present invention is shown. The method may be performed by an apparatus, which may be implemented by software and/or hardware.
In this embodiment, the method for encrypting and decrypting the contract includes:
s1, receiving the contract document set passing the auditing, carrying out security rating on the contract documents in the contract document set according to the preset user viewing authority, and generating the encryption level information of each contract document.
In a preferred embodiment of the invention, the contract document set based on approval is formed by a contract template written by professional legal personnel and approved by high-level personnel of an enterprise. The contract template can be a labor contract template, a buying and selling contract template, a creditor transfer contract template and the like.
Preferably, the preset user viewing authority in the invention is set according to the importance degree of the contract document set. In detail, the preferred embodiment of the present invention divides the contract documents into three levels, L1, L2 and L3, from low to high, to obtain an L1 contract document set, an L2 contract document set and an L3 contract document set, and completes the security rating of the contract document set according to the division of the three levels of contract document sets. Wherein the L1 contract document set is viewable by all employees of the enterprise; the L2 contract document set is visible for part of departments of the enterprise, and the part of departments can be legal departments, wind control departments, human resource departments and the like; the set of L3 contract documents is visible to some employees of the enterprise, which may be the CEO, CFO, COO, etc. of the enterprise.
And S2, according to the encryption level information of each contract file in the contract file set, carrying out hierarchical encryption on the contract file set to obtain a target contract file set.
In a preferred embodiment of the present invention, an encryption key corresponding to the encryption level information is generated by obtaining an initial key, a plurality of encryption keys corresponding to the encryption level information are combined into an encryption key set, and the contract document set is encrypted in a hierarchical manner according to the encryption key set, so as to obtain the target contract document set, where the target contract document set includes a secret contract document subset, a core contract document subset, and a common contract document subset, whose encryption levels are sequentially decreased. In detail, the encryption keys refer to encryption keys K1, K2, and K3 from low to high, wherein the encryption keys K1, K2, and K3 are respectively encrypted corresponding to the L1, L2, and L3 contract document sets, and are divided into a common contract document subset, a core contract document subset, and a secret contract document subset from low to high according to the contract document set level. Wherein the encryption key K1、K2And K3From an initial key K0Generated by public key encryption. Preferably, the public key encryption of the present invention is a semi-homomorphic encryption. Wherein the homomorphic encryption refers to symmetric encryption, comprising: for a given plaintext (x)1,x2,…,xn) Obtaining a ciphertext c after encrypting by using a homomorphic encryption algorithm, allowing anyone to perform any operation f on the ciphertext c in the homomorphic encryption, and decrypting the ciphertext f (c) obtained after the operation and f (x)1,x2,…,xn) The result of (a) is the same and said (x) is in its encryption process1,x2,…,xn)、f(x1,x2,…,xn) And any intermediate plaintext is not revealed, including the input value, the output value, and the intermediate value, all the time in an encrypted state. Said semi-homomorphic additionCipher refers to asymmetric encryption in which the encrypted plaintext is required to satisfy only either additive or multiplicative homologies. Preferably, the present invention encrypts the RSA encryption algorithm as the semi-homomorphic encryption algorithm.
Preferably, in the present invention, the initial key K is encrypted by the RSA encryption algorithm0Encrypting to generate the encryption key K1、K2And K3According to said encryption key K1、K2And K3The encryption applied to the above-described L1, L2, and L3 contract document sets, respectively, results in the common contract document set, the core contract document set, and the confidential contract document set. Wherein the initial key K0And setting an initial password for the user, wherein the initial password comprises numbers, letters, characters and the like, such as 123, abc, 123abc and the like.
Further, the generating of the encryption key K1、K2And K3The method comprises the following steps: obtaining a Public Key (PK) of the initial key; pairing the initial key K with the PK0Generates the encryption keys K1, K2 and K3. Wherein the one-way encryption function (Epk) is coupled to the key K0After encryption, sequentially iterating to generate a secret key K from low to high1、K2And K3The method comprises the following steps: k1=Epk(K0),K2=Epk(K1),K3=Epk(K2). The public key of the RSA encryption algorithm is (E, N), and the encrypting the one-way encryption function (Epk) of the initial key comprises:
encrypting any plaintext M in the initial secret key to obtain:
C=E(M)=Memod N;
any two plaintexts M in the initial keyx,MyCarrying out homomorphic multiplication encryption to obtain:
in the same way, any plaintext M in the initial key is used1,M2,…MnCarrying out homomorphic multiplication encryption to obtain:
E(M1)*E(M2)*…E(Mn)=E(M1*M2*…Mn)。
and S3, when the user views the target contract document set, selecting a decryption key corresponding to the viewing authority of the user from a pre-constructed decryption key set, and decrypting the target contract document set according to the decryption key.
In a preferred embodiment of the invention, a private key (SK) is generated at the same time as the Public Key (PK) of the encryption key, and the set of decryption keys is constructed from the SK. When the target contract file set is decrypted, according to the distributed private key SK, a decryption key not higher than the level of the target contract file set is generated through decryption of a one-way decryption function in the private key and the corresponding one-way encryption function, decryption of the target contract file set is completed through the decryption key, and decryption of the encryption contract lower than the level of the target contract file set is completed. Due to the unidirectional nature of the public key system, the unidirectional encryption function (Epk) may encrypt K0Sequentially and iteratively generating a low-to-high grade secret key K1、K2And K3And the one-way decryption function (Dsk) may be from K1、K2Or K3From high to low, in turn. For example, K2=Epk(K1),K2=Dsk(K3),K1=Dsk(K2). When a user checks the target contract document set, a decryption key corresponding to the checking authority of the user is selected from a pre-constructed decryption key set, and the target contract document set is decrypted according to the decryption key. Wherein, for the lower-level user, under the condition that the user does not disclose the secret key PK, the higher-level decryption secret key can not be obtained, so that the higher-level contract document ciphertext can not be decrypted; and only the first-level lower data decryption key can be obtained by calculation according to the private key SK, the first-level lower contract document is decrypted, the target contract document set is decrypted in a grading manner, and the decrypted target contract document set is recoveredAnd (5) assembling.
The invention also provides a contract encryption and decryption device. Referring to fig. 2, there is shown a schematic diagram of an internal structure of a contract encryption and decryption apparatus according to an embodiment of the present invention.
In this embodiment, the contract encryption and decryption apparatus 1 may be a PC (Personal Computer), a terminal device such as a smart phone, a tablet Computer, or a mobile Computer, or may be a server. The contract encryption and decryption apparatus 1 includes at least a memory 11, a processor 12, a communication bus 13, and a network interface 14.
The memory 11 includes at least one type of readable storage medium, which includes a flash memory, a hard disk, a multimedia card, a card type memory (e.g., SD or DX memory, etc.), a magnetic memory, a magnetic disk, an optical disk, and the like. The memory 11 may in some embodiments be an internal storage unit of the encryption and decryption apparatus 1 of the contract, for example a hard disk of the encryption and decryption apparatus 1 of the contract. The memory 11 may be an external storage device of the contract encryption and decryption apparatus 1 in other embodiments, such as a plug-in hard disk provided on the contract encryption and decryption apparatus 1, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), and the like. Further, the memory 11 may also include both an internal storage unit of the contract encryption and decryption apparatus 1 and an external storage device. The memory 11 can be used not only for storing application software installed in the encryption and decryption apparatus 1 of the contract and various types of data, such as the code of the encryption and decryption program 01 of the contract, but also for temporarily storing data that has been output or is to be output.
The processor 12 may be a Central Processing Unit (CPU), controller, microcontroller, microprocessor or other data Processing chip in some embodiments, and is used for running program codes stored in the memory 11 or Processing data, such as executing the encrypted and decrypted program 01.
The communication bus 13 is used to realize connection communication between these components.
The network interface 14 may optionally include a standard wired interface, a wireless interface (e.g., WI-FI interface), typically used to establish a communication link between the apparatus 1 and other electronic devices.
Optionally, the apparatus 1 may further comprise a user interface, which may comprise a Display (Display), an input unit such as a Keyboard (Keyboard), and optionally a standard wired interface, a wireless interface. Alternatively, in some embodiments, the display may be an LED display, a liquid crystal display, a touch-sensitive liquid crystal display, an OLED (Organic Light-Emitting Diode) touch device, or the like. The display, which may also be referred to as a display screen or display unit, is suitable for displaying information processed in the encryption and decryption apparatus 1 of the contract and for displaying a visual user interface.
Fig. 2 shows only the contract encryption and decryption apparatus 1 with the components 11 to 14 and the contract encryption and decryption program 01, and it will be understood by those skilled in the art that the structure shown in fig. 1 does not constitute a limitation of the contract encryption and decryption apparatus 1, and may include fewer or more components than those shown, or some components in combination, or a different arrangement of components.
In the embodiment of the apparatus 1 shown in fig. 2, the memory 11 stores therein the contract encryption and decryption program 01; the processor 12, when executing the contract encryption and decryption program 01 stored in the memory 11, implements the following steps:
receiving a contract document set passing the auditing, carrying out security rating on contract documents in the contract document set according to preset user viewing permission, and generating encryption level information of each contract document.
In a preferred embodiment of the invention, the contract document set based on approval is formed by a contract template written by professional legal personnel and approved by high-level personnel of an enterprise. The contract template can be a labor contract template, a buying and selling contract template, a creditor transfer contract template and the like.
Preferably, the preset user viewing authority in the invention is set according to the importance degree of the contract document set. In detail, the preferred embodiment of the present invention divides the contract documents into three levels, L1, L2 and L3, from low to high, to obtain an L1 contract document set, an L2 contract document set and an L3 contract document set, and completes the security rating of the contract document set according to the division of the three levels of contract document sets. Wherein the L1 contract document set is viewable by all employees of the enterprise; the L2 contract document set is visible for part of departments of the enterprise, and the part of departments can be legal departments, wind control departments, human resource departments and the like; the set of L3 contract documents is visible to some employees of the enterprise, which may be the CEO, CFO, COO, etc. of the enterprise.
And secondly, carrying out hierarchical encryption on the contract document set according to the encryption level information of each contract document in the contract document set to obtain a target contract document set.
In a preferred embodiment of the present invention, an encryption key corresponding to the encryption level information is generated by obtaining an initial key, a plurality of encryption keys corresponding to the encryption level information are combined into an encryption key set, and the contract document set is encrypted in a hierarchical manner according to the encryption key set, so as to obtain the target contract document set, where the target contract document set includes a secret contract document subset, a core contract document subset, and a common contract document subset, whose encryption levels are sequentially decreased. In detail, the encryption keys refer to encryption keys K1, K2, and K3 from low to high, wherein the encryption keys K1, K2, and K3 are respectively encrypted corresponding to the L1, L2, and L3 contract document sets, and are divided into a common contract document subset, a core contract document subset, and a secret contract document subset from low to high according to the contract document set level. Wherein the encryption key K1、K2And K3From an initial key K0Generated by public key encryption. Preferably, the public key encryption of the present invention is a semi-homomorphic encryption. Wherein the homomorphic encryption refers to symmetric encryption, comprising: for a given plaintext (x)1,x2,…,xn) Encrypting by using a homomorphic encryption algorithm to obtain a ciphertext c, and adding in the homomorphic stateAllowing anyone to perform any operation f on the ciphertext c in the encryption, and decrypting the ciphertext f (c) obtained after the operation and f (x)1,x2,…,xn) The result of (a) is the same and said (x) is in its encryption process1,x2,…,xn)、f(x1,x2,…,xn) And any intermediate plaintext is not revealed, including the input value, the output value, and the intermediate value, all the time in an encrypted state. The semi-homomorphic encryption refers to asymmetric encryption, and encryption plaintext is required to only satisfy addition homomorphism or multiplication homomorphism in the semi-homomorphic encryption. Preferably, the present invention encrypts the RSA encryption algorithm as the semi-homomorphic encryption algorithm.
Preferably, in the present invention, the initial key K is encrypted by the RSA encryption algorithm0Encrypting to generate the encryption key K1、K2And K3According to said encryption key K1、K2And K3The encryption applied to the above-described L1, L2, and L3 contract document sets, respectively, results in the common contract document set, the core contract document set, and the confidential contract document set. Wherein the initial key K0And setting an initial password for the user, wherein the initial password comprises numbers, letters, characters and the like, such as 123, abc, 123abc and the like.
Further, the generating of the encryption key K1、K2And K3The method comprises the following steps: obtaining a Public Key (PK) of the initial key; pairing the initial key K with the PK0Generates the encryption keys K1, K2 and K3. Wherein the one-way encryption function (Epk) is coupled to the key K0After encryption, sequentially iterating to generate a secret key K from low to high1、K2And K3The method comprises the following steps: k1=Epk(K0),K2=Epk(K1),K3=Epk(K2). The public key of the RSA encryption algorithm is (E, N), and the encrypting the one-way encryption function (Epk) of the initial key comprises:
encrypting any plaintext M in the initial secret key to obtain:
C=E(M)=Memod N;
any two plaintexts M in the initial keyx,MyCarrying out homomorphic multiplication encryption to obtain:
in the same way, any plaintext M in the initial key is used1,M2,…MnCarrying out homomorphic multiplication encryption to obtain:
E(M1)*E(M2)*…E(Mn)=E(M1*M2*…Mn)。
and thirdly, when the user checks the target contract document set, selecting a decryption key corresponding to the checking authority of the user from a pre-constructed decryption key set, and decrypting the target contract document set according to the decryption key.
In a preferred embodiment of the invention, a private key (SK) is generated at the same time as the Public Key (PK) of the encryption key, and the set of decryption keys is constructed from the SK. When the target contract file set is decrypted, according to the distributed private key SK, a decryption key not higher than the level of the target contract file set is generated through decryption of a one-way decryption function in the private key and the corresponding one-way encryption function, decryption of the target contract file set is completed through the decryption key, and decryption of the encryption contract lower than the level of the target contract file set is completed. Due to the unidirectional nature of the public key system, the unidirectional encryption function (Epk) may encrypt K0Sequentially and iteratively generating a low-to-high grade secret key K1、K2And K3And the one-way decryption function (Dsk) may be from K1、K2Or K3From high to low, in turn. For example, K2=Epk(K1),K2=Dsk(K3),K1=Dsk(K2). When a user checks the target contract document set, selecting a decryption key corresponding to the checking authority of the user from a pre-constructed decryption key setAnd decrypting the target contract file set according to the decryption key. Wherein, for the lower-level user, under the condition that the user does not disclose the secret key PK, the higher-level decryption secret key can not be obtained, so that the higher-level contract document ciphertext can not be decrypted; and only the first-level lower data decryption key can be obtained by calculation according to the private key SK, the first-level lower contract document is decrypted, the target contract document set is decrypted in a grading manner, and the decrypted target contract document set is recovered.
Alternatively, in other embodiments, the encryption and decryption program of the contract may be divided into one or more modules, and the one or more modules are stored in the memory 11 and executed by one or more processors (in this embodiment, the processor 12) to implement the present invention, and the module referred to in the present invention refers to a series of computer program instruction segments capable of performing a specific function for describing the execution process of the encryption and decryption program of the contract in the encryption and decryption apparatus of the contract.
For example, referring to fig. 3, a schematic diagram of program modules of an encryption and decryption program of a contract in an embodiment of an encryption and decryption apparatus of a contract according to the present invention is shown, in which the encryption and decryption program of the contract can be divided into a security rating module 10, a hierarchical encryption 20, and a hierarchical decryption module 30, exemplarily:
the privacy rating module 10 is for: and receiving a contract document set passing the verification, carrying out security rating on each contract document in the contract document set according to a preset user viewing authority, and generating encryption level information of each contract document.
The hierarchical encryption module 20 is configured to: and according to the encryption level information of each contract file in the contract file set, carrying out hierarchical encryption on the contract file set to obtain a target contract file set, wherein the target contract file set comprises a plurality of target contract file subsets with different encryption levels, and the encryption levels correspond to the user viewing permission.
The hierarchical decryption module 30 is configured to: receiving a contract document viewing request, wherein the contract document viewing request comprises a user viewing authority, selecting a decryption key corresponding to the user viewing authority from a pre-constructed decryption key set, and decrypting a contract document corresponding to the contract document viewing request in the target contract document set according to the decryption key.
The functions or operation steps of the above-mentioned program modules such as the security rating module 10, the hierarchical encryption module 20, and the hierarchical decryption module 30 are substantially the same as those of the above-mentioned embodiments, and are not described herein again.
Furthermore, an embodiment of the present invention also provides a computer-readable storage medium having stored thereon contract encryption and decryption programs, which are executable by one or more processors to implement the following operations:
receiving a contract document set passing the auditing, carrying out security rating on each contract document in the contract document set according to a preset user viewing authority, and generating encryption level information of each contract document;
according to the encryption level information of each contract file in the contract file set, carrying out hierarchical encryption on the contract file set to obtain a target contract file set, wherein the target contract file set comprises a plurality of target contract file subsets with different encryption levels, and the encryption levels correspond to the user viewing permission;
receiving a contract document viewing request, wherein the contract document viewing request comprises a user viewing authority, selecting a decryption key corresponding to the user viewing authority from a pre-constructed decryption key set, and decrypting a contract document corresponding to the contract document viewing request in the target contract document set according to the decryption key.
The embodiment of the computer-readable storage medium of the present invention is substantially the same as the embodiments of the encryption and decryption apparatus and method of the contract, and will not be described in detail herein.
It should be noted that the above-mentioned numbers of the embodiments of the present invention are merely for description, and do not represent the merits of the embodiments. And the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, apparatus, article, or method that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, apparatus, article, or method. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, apparatus, article, or method that includes the element.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium (e.g., ROM/RAM, magnetic disk, optical disk) as described above and includes instructions for enabling a terminal device (e.g., a mobile phone, a computer, a server, or a network device) to execute the method according to the embodiments of the present invention.
The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.
Claims (10)
1. A method of encrypting and decrypting a contract, the method comprising:
receiving a contract document set which passes the verification, carrying out security rating on each contract document in the contract document set according to a preset user viewing authority, and generating encryption level information of each contract document;
according to the encryption level information of each contract file in the contract file set, carrying out hierarchical encryption on the contract file set to obtain a target contract file set, wherein the target contract file set comprises a plurality of target contract file subsets with different encryption levels, and the encryption levels correspond to the user viewing permission;
receiving a contract document viewing request, wherein the contract document viewing request comprises a user viewing authority, selecting a decryption key corresponding to the user viewing authority from a pre-constructed decryption key set, and decrypting a contract document corresponding to the contract document viewing request in the target contract document set according to the decryption key.
2. The method for contract encryption and decryption of claim 1, wherein the step of hierarchically encrypting the contract document set to obtain the target contract document set comprises:
acquiring an initial secret key, generating an encryption secret key corresponding to the encryption level information, and combining a plurality of encryption secret keys corresponding to the encryption level information into an encryption secret key set;
and carrying out hierarchical encryption on the contract document set according to the encryption key set to obtain the target contract document set, wherein the target contract document set comprises a confidential contract document subset with sequentially decreasing encryption levels, a core contract document subset and a common contract document subset.
3. The method for contract encryption and decryption of claim 2, wherein the obtaining an initial key and generating an encryption key corresponding to the encryption level information comprises:
obtaining a public key of the initial key, encrypting a one-way encryption function of the initial key through the public key to generate an encryption key corresponding to the encryption level information, wherein the one-way encryption function is a key K0After encryption, sequentially iterating to generate a secret key K from low to high1、K2And K3。
4. The method of contractual encryption and decryption of claim 3, wherein said encrypting the one-way encryption function of the initial key comprises:
encrypting any plaintext M in the initial secret key to obtain:
C=E(M)=Memod N, where E (M) represents the encrypted plaintext M, e represents the infinite noncircular decimal number, and mod N represents the number of encryption times;
any two plaintexts M in the initial keyx,MyCarrying out homomorphic multiplication encryption to obtain:
wherein, E (M)x) Representing encrypted plaintext Mx,E(My) Representing encrypted plaintext My;
Any plaintext M in the initial key1,M2,...MnCarrying out homomorphic multiplication encryption to obtain:
E(M1)*E(M2)*...E(Mn)=E(M1*M2*...Mn)。
5. the contract encryption and decryption method according to any one of claims 1 to 4, wherein the selecting a decryption key corresponding to the user viewing right from a pre-constructed decryption key set includes:
acquiring a private key which is distributed in advance and corresponds to the user viewing authority;
and decrypting the corresponding one-way encryption function according to the one-way decryption function in the private key to generate a decryption key corresponding to the user viewing authority, wherein the one-way decryption function sequentially iterates to generate keys of high-to-low levels according to the one-way encryption function.
6. An apparatus for contract encryption and decryption, the apparatus comprising a memory and a processor, the memory having stored thereon contract encryption and decryption programs executable on the processor, the contract encryption and decryption programs when executed by the processor implementing the steps of:
receiving a contract document set which passes the verification, carrying out security rating on each contract document in the contract document set according to a preset user viewing authority, and generating encryption level information of each contract document;
according to the encryption level information of each contract file in the contract file set, carrying out hierarchical encryption on the contract file set to obtain a target contract file set, wherein the target contract file set comprises a plurality of target contract file subsets with different encryption levels, and the encryption levels correspond to the user viewing permission;
receiving a contract document viewing request, wherein the contract document viewing request comprises a user viewing authority, selecting a decryption key corresponding to the user viewing authority from a pre-constructed decryption key set, and decrypting a contract document corresponding to the contract document viewing request in the target contract document set according to the decryption key.
7. The contract encryption and decryption apparatus according to claim 6, wherein said step of hierarchically encrypting the contract document set to obtain the target contract document set comprises:
acquiring an initial secret key, generating an encryption secret key corresponding to the encryption level information, and combining a plurality of encryption secret keys corresponding to the encryption level information into an encryption secret key set;
and carrying out hierarchical encryption on the contract document set according to the encryption key set to obtain the target contract document set, wherein the target contract document set comprises a confidential contract document subset with sequentially decreasing encryption levels, a core contract document subset and a common contract document subset.
8. The contract encryption and decryption apparatus according to claim 7, wherein the obtaining an initial key, and generating an encryption key corresponding to the encryption level information includes:
obtaining a public key of the initial key, and performing encryption on the initial secret key through the public keyEncrypting by a one-way encryption function of a key to generate an encryption key corresponding to the encryption level information, wherein the one-way encryption function is to encrypt a key K0After encryption, sequentially iterating to generate a secret key K from low to high1、K2And K3。
9. The contract encryption and decryption apparatus according to claim 8, wherein the one-way encryption function encryption of the initial key comprises:
encrypting any plaintext M in the initial secret key to obtain:
C=E(M)=Memod N, where E (M) represents the encrypted plaintext M, e represents the infinite noncircular decimal number, and mod N represents the number of times of encryption;
any two plaintexts M in the initial keyx,MyCarrying out homomorphic multiplication encryption to obtain:
wherein, E (M)x) Representing encrypted plaintext Mx,E(My) Representing encrypted plaintext My。
10. A computer-readable storage medium, having stored thereon, contract encryption and decryption programs executable by one or more processors to perform the steps of the contract encryption and decryption method of any one of claims 1 to 5.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010024090.3A CN111259435A (en) | 2020-01-09 | 2020-01-09 | Contract encryption and decryption method and device and computer readable storage medium |
PCT/CN2020/093550 WO2021139075A1 (en) | 2020-01-09 | 2020-05-29 | Contract encryption and decryption method and apparatus, and device and storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010024090.3A CN111259435A (en) | 2020-01-09 | 2020-01-09 | Contract encryption and decryption method and device and computer readable storage medium |
Publications (1)
Publication Number | Publication Date |
---|---|
CN111259435A true CN111259435A (en) | 2020-06-09 |
Family
ID=70950313
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010024090.3A Pending CN111259435A (en) | 2020-01-09 | 2020-01-09 | Contract encryption and decryption method and device and computer readable storage medium |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN111259435A (en) |
WO (1) | WO2021139075A1 (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112769868A (en) * | 2021-02-07 | 2021-05-07 | 深圳市欧瑞博科技股份有限公司 | Communication method, communication device, electronic device and storage medium |
CN113792324A (en) * | 2021-11-16 | 2021-12-14 | 聊城高新生物技术有限公司 | Agricultural product data interaction method and device based on federal learning and electronic equipment |
CN114239081A (en) * | 2022-02-25 | 2022-03-25 | 华中科技大学同济医学院附属协和医院 | Business certificate processing method, system and electronic equipment |
CN116090028A (en) * | 2023-04-07 | 2023-05-09 | 深圳天谷信息科技有限公司 | Electronic contract management method, device, equipment and medium capable of configuring security level |
CN116089986A (en) * | 2023-04-07 | 2023-05-09 | 深圳天谷信息科技有限公司 | Electronic document management method, device, equipment and medium capable of configuring security policy |
CN117390646A (en) * | 2023-10-23 | 2024-01-12 | 上海合见工业软件集团有限公司 | Integrated circuit source file encryption method, electronic equipment and storage medium |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101938497B (en) * | 2010-09-26 | 2013-01-30 | 深圳大学 | Multistage security file structure as well as file access control and secret key management user terminal, service terminal, system and method thereof |
CN109614792B (en) * | 2018-11-29 | 2022-02-08 | 中国电子科技集团公司第三十研究所 | Hierarchical file key management method |
CN110502918A (en) * | 2019-07-09 | 2019-11-26 | 杭州电子科技大学 | A kind of electronic document access control method and system based on classification safety encryption |
-
2020
- 2020-01-09 CN CN202010024090.3A patent/CN111259435A/en active Pending
- 2020-05-29 WO PCT/CN2020/093550 patent/WO2021139075A1/en active Application Filing
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112769868A (en) * | 2021-02-07 | 2021-05-07 | 深圳市欧瑞博科技股份有限公司 | Communication method, communication device, electronic device and storage medium |
CN113792324A (en) * | 2021-11-16 | 2021-12-14 | 聊城高新生物技术有限公司 | Agricultural product data interaction method and device based on federal learning and electronic equipment |
CN113792324B (en) * | 2021-11-16 | 2022-04-05 | 聊城高新生物技术有限公司 | Agricultural product data interaction method and device based on federal learning and electronic equipment |
CN114239081A (en) * | 2022-02-25 | 2022-03-25 | 华中科技大学同济医学院附属协和医院 | Business certificate processing method, system and electronic equipment |
CN116090028A (en) * | 2023-04-07 | 2023-05-09 | 深圳天谷信息科技有限公司 | Electronic contract management method, device, equipment and medium capable of configuring security level |
CN116089986A (en) * | 2023-04-07 | 2023-05-09 | 深圳天谷信息科技有限公司 | Electronic document management method, device, equipment and medium capable of configuring security policy |
CN116090028B (en) * | 2023-04-07 | 2023-08-04 | 深圳天谷信息科技有限公司 | Electronic contract management method, device, equipment and medium capable of configuring security level |
CN116089986B (en) * | 2023-04-07 | 2023-08-25 | 深圳天谷信息科技有限公司 | Electronic document management method, device, equipment and medium capable of configuring security policy |
CN117390646A (en) * | 2023-10-23 | 2024-01-12 | 上海合见工业软件集团有限公司 | Integrated circuit source file encryption method, electronic equipment and storage medium |
Also Published As
Publication number | Publication date |
---|---|
WO2021139075A1 (en) | 2021-07-15 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11146541B2 (en) | Hierarchical data access techniques using derived cryptographic material | |
US10425223B2 (en) | Multiple authority key derivation | |
CN111259435A (en) | Contract encryption and decryption method and device and computer readable storage medium | |
US9882883B2 (en) | Method and system for securing communication | |
US9872067B2 (en) | Source identification for unauthorized copies of content | |
EP3229397B1 (en) | Method for fulfilling a cryptographic request requiring a value of a private key | |
US10320765B2 (en) | Method and system for securing communication | |
US8934625B2 (en) | Method and system for securing communication | |
US9596263B1 (en) | Obfuscation and de-obfuscation of identifiers | |
Thilakanathan et al. | SafeProtect: Controlled data sharing with user-defined policies in cloud-based collaborative environment | |
Thilakanathan et al. | Secure and controlled sharing of data in distributed computing | |
Sadikin et al. | Implementation of RSA 2048-bit and AES 256-bit with digital signature for secure electronic health record application | |
CN114780923A (en) | Electronic seal management and control method and system | |
Thilakanathan et al. | Secure multiparty data sharing in the cloud using hardware-based TPM devices | |
CN109005196A (en) | Data transmission method, data decryption method, device and electronic equipment | |
Babel et al. | Bringing data minimization to digital wallets at scale with general-purpose zero-knowledge proofs | |
Setiawan et al. | Design of secure electronic disposition applications by applying blowfish, SHA-512, and RSA digital signature algorithms to government institution | |
WO2019178981A1 (en) | Password management method and device employing customized rules, terminal apparatus, and storage medium | |
CN116074110B (en) | Method, system, equipment and medium for realizing encrypted file sharing in cloud environment | |
CN110263553B (en) | Database access control method and device based on public key verification and electronic equipment | |
Bu-Suhaila et al. | A Comprehensive Model Driven ‘Secure Mobile Application for KFU Email System’(SMAKE) | |
Antenor et al. | LAF Chat: A Message Encrypting Application Utilizing RSA Algorithm for Android-Based Mobile Device | |
Sankari et al. | Dynamic access control through cryptography in cloud | |
Singh et al. | Encrypted Healthcare We App | |
Akogun | Enhancing Data Security in Cloud Storage Using Residue Number System and Advanced Encryption Standard |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
REG | Reference to a national code |
Ref country code: HK Ref legal event code: DE Ref document number: 40030786 Country of ref document: HK |
|
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |