CN111654511A - Chained data encryption method, chained data decryption method and corresponding systems - Google Patents

Chained data encryption method, chained data decryption method and corresponding systems Download PDF

Info

Publication number
CN111654511A
CN111654511A CN202010668709.4A CN202010668709A CN111654511A CN 111654511 A CN111654511 A CN 111654511A CN 202010668709 A CN202010668709 A CN 202010668709A CN 111654511 A CN111654511 A CN 111654511A
Authority
CN
China
Prior art keywords
data
packet
plaintext
encryption
encrypted
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010668709.4A
Other languages
Chinese (zh)
Inventor
张牧宇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Bank of China Ltd
Original Assignee
Bank of China Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Bank of China Ltd filed Critical Bank of China Ltd
Priority to CN202010668709.4A priority Critical patent/CN111654511A/en
Publication of CN111654511A publication Critical patent/CN111654511A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/045Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention provides a chain data encryption method, a chain data decryption method and a corresponding system, wherein the chain data encryption method comprises the following steps: acquiring data to be encrypted, and splitting the data to be encrypted into a plurality of data packets; respectively generating an initial random symmetric secret key corresponding to each data packet; respectively encrypting chained data of each data packet by using a public key of a receiver and the initial random symmetric secret key; and combining and sending the digital signature of the sender and each encrypted data packet which is encrypted to a receiver. According to the scheme, the processing efficiency can be greatly improved in the large-scale data encryption and decryption operation; on the premise of not increasing the system processing capacity, the encryption effect is obviously enhanced, meanwhile, the data has tamper resistance under the condition of not increasing the abstract algorithm, the data can be effectively compatible with various different encryption algorithms in the cloud platform, and the modification cost is low.

Description

Chained data encryption method, chained data decryption method and corresponding systems
Technical Field
The present invention relates to the field of information security technology in computer technology, and in particular, to a chained data encryption method, a chained data decryption method, and a corresponding system.
Background
In the prior art, the big data encryption is usually completed by a single host or encrypted by using a digital envelope technology; the way of completing big data encryption by a single host has some obvious disadvantages, for example, the execution efficiency is very low, the efficiency of executing a digest algorithm on big data is very low, and the integrity of data cannot be verified generally.
The digital envelope technology has the characteristics of high symmetric encryption efficiency and strong asymmetric encryption safety, and plays an important role in the current data processing. However, the digital envelope encryption technology is born earlier, and with the development of the technology, especially under the condition of rapid development of big data, the general digital envelope encryption algorithm can not meet the requirements.
When the digital envelope technology is used for encryption, data splitting is firstly carried out, then each host encrypts and splits the data respectively, and a conventional digital envelope is generated. This approach adds a significant amount of overhead if the SM3 digest algorithm is employed. If the SM3 digest algorithm is not adopted, the data integrity cannot be ensured, and no effective method is available for ensuring the data integrity at the splicing part, so that the method has great limitations, for example, in the case of large data volume, the encryption efficiency by using a digital envelope still cannot meet the requirement. When the data amount reaches a few G, the encryption and decryption process of a general system is very long; if the strategy of splitting and parallel processing is adopted for the data, the integrity of the data is difficult to ensure; the SM3 hashing algorithm is adopted to generate the digest, so that the integrity can be ensured, but a larger operation amount is increased; in some important cases, the encryption strength is still insufficient.
In view of the foregoing, there is a need for a data encryption scheme that can overcome the above problems, improve the efficiency of processing large data, enhance the encryption strength, ensure the integrity of data, and reduce the cost.
Disclosure of Invention
In order to overcome the problems, the invention provides a chain data encryption method, a chain data decryption method and a corresponding system, wherein the method and the system adopt a sub-packet encryption and decryption strategy, the whole encryption and decryption work is divided into parts, and encryption algorithms of different levels are supported; a chain type encryption structure is adopted, and all rings in the chain are tightly buckled, so that the encryption effect is obviously improved under the condition of not increasing the calculated amount; meanwhile, any chain is attacked (including addition, deletion and tampering) to cause that the subsequent data chain cannot finish decryption, so that the data is prevented from being maliciously modified; in the scheme, head-to-tail encapsulation operation is added to the data packet, so that malicious attacks (such as adding and deleting data paragraphs, inserting malicious scripts and the like) on a packet splicing position are avoided, and the data tamper resistance is ensured; the whole scheme can improve the big data processing efficiency and obviously enhance the encryption strength in the encryption and decryption operations of large-scale data, and ensure the integrity of the data and lower the modification cost.
In a first aspect of an embodiment of the present invention, a method for encrypting chained data is provided, where the method includes:
acquiring data to be encrypted, and splitting the data to be encrypted into a plurality of data packets;
respectively generating an initial random symmetric secret key corresponding to each data packet;
performing chain data encryption on each data packet by using a public key of a receiving party and the initial random symmetric key respectively, wherein,
s101, adding a packet header to a data packet, wherein the packet header comprises the initial random symmetric key;
s102, the public key of the receiving party is used for carrying out asymmetric encryption on the packet header to generate a packet header ciphertext;
s103, acquiring the initial random symmetric key from the packet header, symmetrically encrypting a first section of plaintext in a data packet to generate a first section of ciphertext, and acquiring a first random symmetric key from the first section of plaintext;
s104, symmetrically encrypting a second section of plaintext by using the first random symmetric secret key to generate a second section of ciphertext, and acquiring a second symmetric random secret key from the second section of plaintext;
s105, repeating the process of symmetric encryption and obtaining random symmetric key, using the previous plaintext Pi-1Random symmetric key K obtained ini-1For the plaintext PiPerforming symmetric encryptionGenerating a ciphertext CiAnd from this paragraph, plaintext PiGet random symmetric key Ki(ii) a Wherein i is 1,2, …, n, i is the segment sequence number corresponding to each segment of plaintext in the data packet, and n is the total number of segments of plaintext;
s106, adding a packet tail after encryption of all plaintext in the data packet is completed;
s107, using the last plaintext PnRandom symmetric key K obtained innSymmetrically encrypting the packet tail to obtain a packet tail ciphertext;
s108, integrating all the ciphertexts to obtain an encrypted data packet;
and combining and sending the digital signature of the sender and each encrypted data packet which is encrypted to a receiver.
In a second aspect of the embodiments of the present invention, a method for decrypting chained data is provided, where the decryption method includes:
acquiring a plurality of encrypted data packets sent by a sender and a sender data signature;
confirming the identity of the sender according to the digital signature of the sender;
after the identity of the sender is confirmed, each encrypted data packet is subjected to chain data decryption by using a private key of the receiver, wherein,
s201, decrypting the packet header ciphertext in the encrypted data packet by using a private key of a receiving party to obtain a packet header of the encrypted data packet, and acquiring an initial symmetric key in the packet header;
s202, decrypting a first section of ciphertext in the encrypted data packet by using the initial symmetric secret key to obtain a first section of plaintext, and obtaining a first symmetric secret key from the first section of plaintext;
s203, decrypting the second section of ciphertext by using the first symmetric key to obtain a second section of plaintext, and obtaining a second symmetric key from the second section of plaintext;
s204, repeatedly executing the decryption process by using the symmetric key and the process of obtaining the symmetric key from the plaintext, using the plaintext P 'from the previous stage'i-1K 'derived from'i-1Book checkingSegment ciphertext C'iDecrypt and generate clear text P'iAnd is clear from this segment of P'iGet symmetric key K'i(ii) a Wherein i is 1,2, …, n, i is the segment sequence number corresponding to each segment of ciphertext in the data packet, and n is the total segment number of the ciphertext;
s205, after the n segments of ciphertext of the encrypted data packet are decrypted, the last segment of plaintext P 'is utilized'nK 'derived from'nDecrypting the packet tail ciphertext in the encrypted data packet to obtain a packet tail plaintext;
s206, integrating all plaintexts to obtain a decrypted data packet;
and after all the encrypted data packets are decrypted, combining and restoring all the decrypted data packets to obtain a big data plaintext.
In a third aspect of the embodiments of the present invention, a chained data encryption system is provided.
In a fourth aspect of the embodiments of the present invention, a chained data decryption system is provided.
In a fifth aspect of embodiments of the present invention, a computer device is presented, comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing a chained data encryption method or a chained data decryption method when executing the computer program.
In a sixth aspect of embodiments of the present invention, a computer-readable storage medium is presented, which stores a computer program that, when executed by a processor, implements a chained data encryption method or a chained data decryption method.
The chain data encryption method, the chain data decryption method and the corresponding system provided by the invention utilize a sub-packet encryption and decryption strategy to break the whole encryption and decryption operation into parts, and simultaneously support encryption algorithms of different levels; moreover, a chain type encryption structure is adopted, and all rings in the chain are tightly buckled, so that the encryption effect is obviously improved under the condition of not increasing the calculated amount; meanwhile, when any chain is attacked, such as addition, deletion and tampering, the subsequent data chain cannot be decrypted, so that the data is prevented from being maliciously modified; and head-to-tail encapsulation operation is added for the data packet, so that malicious attacks on the packet splicing position, such as adding and deleting data paragraphs, inserting malicious scripts and the like, are avoided. On the whole, the scheme can greatly improve the processing efficiency in the large-scale data encryption and decryption operation; on the premise of not increasing the system processing capacity, the encryption effect is obviously enhanced, meanwhile, the data has tamper resistance under the condition of not increasing the abstract algorithm, the data can be effectively compatible with various different encryption algorithms in the cloud platform, and the modification cost is low.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a flowchart illustrating a chained data encryption method according to an embodiment of the present invention.
Fig. 2 is a flowchart illustrating a chained data decryption method according to an embodiment of the present invention.
Fig. 3 is a schematic flow chart of big data text encryption and decryption according to an embodiment of the present invention.
FIG. 4 is a block diagram of a chained data encryption system according to an embodiment of the present invention.
FIG. 5 is a block diagram of a chained data decryption system according to an embodiment of the invention.
Fig. 6 is a schematic structural diagram of a computer device according to an embodiment of the present invention.
Detailed Description
The principles and spirit of the present invention will be described with reference to a number of exemplary embodiments. It is understood that these embodiments are given solely for the purpose of enabling those skilled in the art to better understand and to practice the invention, and are not intended to limit the scope of the invention in any way. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
As will be appreciated by one skilled in the art, embodiments of the present invention may be embodied as a system, apparatus, device, method, or computer program product. Accordingly, the present disclosure may be embodied in the form of: entirely hardware, entirely software (including firmware, resident software, micro-code, etc.), or a combination of hardware and software.
According to the embodiment of the invention, a chained data encryption method, a chained data decryption method and a corresponding system are provided.
In the embodiments of the present invention, terms to be described:
SM2, SM3, SM 4: the encryption key is a national cryptographic algorithm, namely a domestic cryptographic algorithm identified by the national cryptology authority, wherein SM represents a commercial cipher, and SM2 is an asymmetric encryption algorithm, namely an encryption key is different from a decryption key; SM3 is a hash cipher algorithm used to digest a piece of information, typically to prevent tampering with the information; SM4 is a symmetric key, i.e., the encryption and decryption secret key values are identical.
Electronic signature: a piece of information is encrypted using a private key. This information can be decrypted by the public key. Since the public key is available to the public, the encrypted information can be decrypted and read by all people, but cannot be generated by others. This technique is commonly used for authentication in networks.
Digital envelope technology: the technology for transmitting data by using a two-layer encryption system is characterized in that data is encrypted by using a symmetric key at first, and then the symmetric key is encrypted by using an asymmetric key. The technology can simultaneously exert the characteristics of high symmetric encryption efficiency (the asymmetric algorithm has low decryption efficiency and is not suitable for mass data transmission), and good security of the asymmetric algorithm (the asymmetric algorithm has strong security in key exchange and the possibility of leakage in symmetric key exchange).
The principles and spirit of the present invention are explained in detail below with reference to several representative embodiments of the invention.
Fig. 1 is a flowchart illustrating a chained data encryption method according to an embodiment of the present invention. As shown in fig. 1, the method includes:
step S11, acquiring data to be encrypted, and splitting the data to be encrypted into a plurality of data packets; furthermore, each split data packet may be respectively provided with a corresponding packet sequence number.
In step S12, an initial random symmetric key is generated for each data packet.
Step S13, using the public key of the receiving party and the initial random symmetric key to encrypt the chained data of each data packet. The detailed process of chain data encryption is as follows:
step S101, adding a packet header to a data packet, where the packet header includes the initial random symmetric key.
And step S102, performing asymmetric encryption on the packet header by using the public key of the receiving party to generate a packet header ciphertext.
Step S103, obtaining the initial random symmetric key from the packet header, symmetrically encrypting a first plaintext in the data packet to generate a first ciphertext, and obtaining the first random symmetric key from the first plaintext.
Step S104, using the first random symmetric key to symmetrically encrypt a second plaintext, generating a second ciphertext, and obtaining a second symmetric random key from the second plaintext.
Step S105, repeating the process of symmetric encryption and obtaining random symmetric key, using the previous plaintext Pi-1Random symmetric key K obtained ini-1For the plaintext PiSymmetric encryption is carried out to generate a ciphertext CiAnd from this paragraph, plaintext PiGet random symmetric key Ki(ii) a Wherein, i is 1,2, …, n, i is the segment sequence number corresponding to each segment of plaintext in the data packet, and n is the total number of segments of plaintext.
Step S106, adding a packet tail after all plaintexts in the data packet are encrypted; wherein, the packet tail comprises the packet sequence number of the data packet.
Step S107, utilizing the last plaintext PnRandom symmetric key K obtained innAnd symmetrically encrypting the packet tail to obtain a packet tail ciphertext.
And step S108, integrating all the ciphertexts to obtain an encrypted data packet.
And step S14, the digital signature of the sender and each encrypted data packet which is encrypted are combined and sent to the receiver.
In an embodiment of the present invention, the detailed process of chained data encryption further includes:
and step S100, dividing the data in each data packet into n sections, wherein the length of each section is m bytes, and if the length of the last section of plaintext cannot reach m bytes, padding characters are used for completing the data. The padding mode may adopt a certain rule, for example, padding using hexadecimal characters 0x 00.
When the chained data encryption process is carried out, the serial numbers of the data packets can be marked firstly, and then the data packets are distributed to different computers of the distributed cloud platform to carry out chained data encryption, so that the data packets can be encrypted simultaneously. Similarly, in the process of performing chain data decryption, different computers can also perform chain data decryption on each encrypted data packet respectively, so that each encrypted data packet is decrypted simultaneously, and finally, the large data original text is obtained by performing combined reduction according to the packet serial numbers.
Fig. 2 is a flowchart illustrating a chained data decryption method according to an embodiment of the invention. As shown in fig. 2, the method includes:
in step S21, a plurality of encrypted packets and sender data signatures sent by the sender are obtained.
And step S22, confirming the identity of the sender according to the digital signature of the sender.
And step S23, after the identity of the sender is confirmed, each encrypted data packet is subjected to chain data decryption by using a private key of the receiver. Wherein, the detailed process of decryption is as follows:
step S201, decrypting the header ciphertext in the encrypted data packet by using the receiver private key to obtain a header of the encrypted data packet, and obtaining an initial symmetric key in the header.
Step S202, decrypting the first segment of ciphertext in the encrypted data packet by using the initial symmetric key to obtain a first segment of plaintext, and obtaining the first symmetric key from the first segment of plaintext.
In step S203, the first symmetric key is used to decrypt the second segment of ciphertext to obtain a second segment of plaintext, and the second symmetric key is obtained from the second segment of plaintext.
Step S204, repeatedly executing the decryption process using the symmetric key and the process of obtaining the symmetric key from the plaintext, using the plaintext P 'from the previous stage'i-1K 'derived from'i-1To the segment ciphertext C'iDecrypt and generate clear text P'iAnd is clear from this segment of P'iGet symmetric key K'i(ii) a Where i is 1,2, …, and n, i is the segment sequence number corresponding to each segment of ciphertext in the data packet, and n is the total number of segments of ciphertext.
Step S205, after the n segments of ciphertext of the encrypted data packet are decrypted, the last segment of plaintext P 'is utilized'nK 'derived from'nDecrypting the packet tail ciphertext in the encrypted data packet to obtain a packet tail plaintext; wherein, the clear text of the packet tail contains the packet sequence number of the data packet.
Step S206, all the plaintext is integrated to obtain a decrypted data packet.
And step S24, after all the encrypted data packets are decrypted, combining and restoring all the decrypted data packets to obtain a big data plaintext.
Specifically, after all encrypted data packets are decrypted, the encrypted data packets can be combined and restored according to the packet sequence number of each decrypted data packet, so that a complete big data plaintext is obtained.
Because the processing process of the asymmetric encryption algorithm is much slower than that of the symmetric encryption algorithm and occupies more computer resources, in order to ensure the encryption effect and the processing efficiency of data encryption, the encryption and decryption of the invention adopts a mixed encryption algorithm, the asymmetric encryption is only carried out once, the influence on the whole processing process and the computer resources is extremely small, simultaneously, the chain encryption algorithm is combined for a plurality of times, all rings in the chain are tightly buckled with each other, and the encryption effect is obviously improved under the condition of not increasing the calculated amount.
For a clearer explanation of the chain data encryption method and the chain data decryption method, a specific embodiment is described below, but it should be noted that the embodiment is only for better explaining the present invention and is not to be construed as an inappropriate limitation to the present invention.
Taking a big data original as an example, referring to fig. 3, a schematic flow chart of big data original encryption and decryption according to an embodiment of the present invention is shown.
As shown in fig. 3, first, big data is split; the capacity of big data is usually several G, after the big data is split, a plurality of data packets can be obtained, serial numbers of the data packets are marked, and the data packets are distributed to different computers of the cloud platform for encryption.
After the computer receives a single data packet, starting a single machine encryption process:
s301, dividing data in each data packet into n segments, wherein the length of each segment is m bytes. If the length of the last section of plaintext cannot reach m bytes, padding characters are used for completing the process; the pad character may use a rule, such as using the hexadecimal character 0x 00. In other words, if the data length of the packet is not an integer multiple of the number of segments, the data length is padded up to the integer multiple of the segments.
The block length of the SM4 cryptographic symmetric algorithm is 16 bytes; that is, during the encryption process, the computer encrypts each 16 bytes of data one by one using the key. Thus, the segment length of a data segment may be defined to be an integer multiple of block, for example, 160 bytes per segment length.
S302, for a single data packet, generating SM4 initial random symmetric key K0(ii) a For each data packet, the corresponding generated initial random symmetric key is different.
S303, adding a packet header to the data packet, wherein the packet header comprises a random symmetric secret key K0
For example, the added packet header may be<head>K0…</head>Wherein, in the step (A),
K0for the initial random symmetric key, the length of the header is padded to the length of each packet header using padding symbols, such as ellipsesThe segment lengths (e.g., 160 bytes) are equal.
S303, asymmetrically encrypting the packet header by using the public key of the receiving party to generate a ciphertext C0
S304, obtaining the random symmetric secret key K from the packet header0For the first plaintext segment P in the data packet1Symmetric encryption is carried out to generate a ciphertext C1And from said first segment of plaintext P1Get random symmetric key K1
In particular, the first plaintext segment P may be divided into two parts1As a random symmetric key K1By analogy, randomly symmetrical secret key K2May be the second segment plaintext P2The first 16 bytes.
S304, utilizing the random symmetric secret key K1For the second section of plaintext P2Symmetric encryption is carried out to generate a ciphertext C2And from said second segment of plaintext P2Get symmetric random secret key K2
S305, repeating the symmetric encryption and obtaining the random symmetric key, using the previous plaintext Pi-1Random symmetric key K obtained ini-1For the plaintext PiSymmetric encryption is carried out to generate a ciphertext CiAnd from this paragraph, plaintext PiGet random symmetric key Ki(ii) a Wherein, i is 1,2, …, n, i is the segment sequence number corresponding to each segment of plaintext in the data packet, and n is the total number of segments of plaintext.
Since the last plaintext segment PnAnd the ciphertext is filled, so that the corresponding ciphertext can be obtained.
S306, after encrypting all n sections of plaintext, adding a packet tail.
The added trailer may be < tail > N … </tail >, for example, where,
n is a packet sequence number, and the length of the packet end is padded to be equal to each segment length (e.g., 160 bytes) using a padding symbol. The packet sequence number is used for restoring the big data original text in the data decryption process.
S307, using the last section of plaintext PnRandom symmetric key K obtained innAnd symmetrically encrypting the packet tail to obtain a packet tail ciphertext.
S308, all the ciphertexts are integrated to obtain an encrypted data packet.
S309, combining the digital signature of the sender and each encrypted data packet which is encrypted and sending the combined encrypted data packet to the receiver, and finishing the encryption process.
The receiver may also include multiple computers that respectively perform chained data decryption on each encrypted data packet.
After the computer of the receiving party receives the encrypted data packet, starting a single machine decryption process:
s310, firstly, confirming the identity of the sender according to the digital signature of the sender.
S311, after the identity of the sender is confirmed, decrypting the header ciphertext in the encrypted data packet by using a private key of the receiver to obtain the header of the encrypted data packet, and acquiring an initial symmetric secret key K 'in the header'0
S312, utilizing the initial symmetric secret key K'0To the first segment ciphertext C 'in the encrypted data packet'1Decrypting to obtain a first section of plaintext P'1And from said first segment of plaintext P'1Get the first symmetric key K'1
Specifically, the first segment of plaintext P'1Of as a symmetric key K'1By analogy, symmetric key K'2May be a second segment plaintext P'2The first 16 bytes.
S313, using the first symmetric secret key K'1For the second segment ciphertext C'2Decrypting to obtain a second section of plaintext P'2And from said second segment of plaintext P'2Get the second symmetric key K'2
S314, repeatedly executing the decryption process by using the symmetric key and the process of obtaining the symmetric key from the plaintext, using the plaintext P 'from the previous stage'i-1K 'derived from'i-1To the segment ciphertext C'iDecrypt and generate clear text P'iAnd is clear from this segment of P'iGet symmetric key K'i(ii) a Where i is 1,2, …, and n, i is the segment sequence number corresponding to each segment of ciphertext in the data packet, and n is the total number of segments of ciphertext.
S315, after the n sections of cryptographs of the encrypted data packet are decrypted, the last section of plaintext P 'is utilized'nK 'derived from'nAnd decrypting the packet tail ciphertext in the encrypted data packet to obtain a packet tail plaintext. Wherein, the clear text of the packet tail contains the packet sequence number of the data packet.
And, due to the last segment of plaintext P'nThere may be padding characters added during encryption, so the last segment of plaintext P 'is required'nThe padding character at the end is deleted.
S316, all the plaintexts are integrated to obtain a decrypted data packet.
And after all the encrypted data packets are decrypted, summarizing all the decrypted data packets through each computer, and carrying out combined reduction according to the packet sequence number of each decrypted data packet to obtain a big data plaintext.
The chained data encryption and decryption method provided by the invention utilizes a sub-packet encryption and decryption strategy to break the whole encryption and decryption operation into parts and simultaneously support encryption algorithms of different grades; moreover, a chain type encryption structure is adopted, and all rings in the chain are tightly buckled, so that the encryption effect is obviously improved under the condition of not increasing the calculated amount; meanwhile, when any chain is attacked, such as addition, deletion and tampering, the subsequent data chain cannot be decrypted, so that the data is prevented from being maliciously modified; and head-to-tail encapsulation operation is added for the data packet, so that malicious attacks on the packet splicing position, such as adding and deleting data paragraphs, inserting malicious scripts and the like, are avoided. On the whole, the scheme can greatly improve the processing efficiency in the large-scale data encryption and decryption operation; on the premise of not increasing the system processing capacity, the encryption effect is obviously enhanced, meanwhile, the data has tamper resistance under the condition of not increasing the abstract algorithm, the data can be effectively compatible with various different encryption algorithms in the cloud platform, and the modification cost is low.
It should be noted that although the operations of the method of the present invention have been described in the above embodiments and the accompanying drawings in a particular order, this does not require or imply that these operations must be performed in this particular order, or that all of the operations shown must be performed, to achieve the desired results. Additionally or alternatively, certain steps may be omitted, multiple steps combined into one step execution, and/or one step broken down into multiple step executions.
Having described the method of an exemplary embodiment of the present invention, the chained data encryption system and chained data decryption system of an exemplary embodiment of the present invention are described next with reference to fig. 4 to 5.
The implementation of the chain data encryption system and the chain data decryption system can refer to the implementation of the above method, and repeated details are not repeated. The term "module" or "unit" used hereinafter may be a combination of software and/or hardware that implements a predetermined function. Although the means described in the embodiments below are preferably implemented in software, an implementation in hardware, or a combination of software and hardware is also possible and contemplated.
Based on the same inventive concept, the present invention further provides a chain data encryption system, as shown in fig. 4, the system includes:
a data obtaining module 410, configured to obtain data to be encrypted, and split the data to be encrypted into a plurality of data packets;
a random symmetric key generation module 420, configured to generate an initial random symmetric key for each data packet;
the chained data encryption module 430 is configured to encrypt chained data of each data packet by using a public key of the receiving party and the initial random symmetric key, respectively, where the chained data encryption module includes:
a packet header adding unit 431, configured to add a packet header to a data packet, where the packet header includes the initial random symmetric key;
a packet header encryption unit 432, configured to perform asymmetric encryption on the packet header by using the public key of the receiving party, so as to generate a packet header ciphertext;
a data segment encryption unit 433, configured to obtain the initial random symmetric key from the packet header, and symmetrically encrypt a first segment of plaintext in the data packetGenerating a first section of ciphertext, and obtaining a first random symmetric key from the first section of plaintext; symmetrically encrypting a second section of plaintext by using the first random symmetric secret key to generate a second section of ciphertext, and acquiring a second symmetric random secret key from the second section of plaintext; repeating the process of symmetric encryption and obtaining random symmetric key, using the plaintext P from the previous stagei-1Random symmetric key K obtained ini-1For the plaintext PiSymmetric encryption is carried out to generate a ciphertext CiAnd from this paragraph, plaintext PiGet random symmetric key Ki(ii) a Wherein i is 1,2, …, n, i is the segment sequence number corresponding to each segment of plaintext in the data packet, and n is the total number of segments of plaintext;
a packet tail adding unit 434, configured to add a packet tail after all plaintext in the data packet is encrypted;
a tail encryption unit 435 for utilizing the plaintext P from the last stagenRandom symmetric key K obtained innSymmetrically encrypting the packet tail to obtain a packet tail ciphertext;
an integration unit 436, configured to integrate all the ciphertexts to obtain an encrypted data packet;
and an encrypted data packet sending module 440, configured to combine the digital signature of the sender and each encrypted data packet that is completed to be sent to the receiver.
Based on the same inventive concept, the present invention further provides a chained data decryption system, as shown in fig. 5, the system includes:
a data obtaining module 510, configured to obtain multiple encrypted data packets sent by a sender and a sender data signature;
an identity confirmation module 520, configured to confirm the identity of the sender according to the digital signature of the sender;
the decryption module 530 is configured to, after confirming the identity of the sender, perform chain data decryption on each encrypted data packet by using a private key of the receiver, where the decryption module includes:
the packet header decryption unit 531 is configured to decrypt a packet header ciphertext in the encrypted data packet by using a receiving party private key to obtain a packet header of the encrypted data packet, and obtain an initial symmetric key in the packet header;
a data segment decryption unit 532, configured to decrypt a first segment of ciphertext in the encrypted data packet using the initial symmetric key to obtain a first segment of plaintext, and obtain a first symmetric key from the first segment of plaintext; decrypting the second section of ciphertext by using the first symmetric key to obtain a second section of plaintext, and obtaining a second symmetric key from the second section of plaintext; repeatedly executing the decryption process by using the symmetric key and the process of obtaining the symmetric key from the plaintext, using the plaintext P 'from the previous stage'i-1K 'derived from'i-1To the segment ciphertext C'iDecrypt and generate clear text P'iAnd is clear from this segment of P'iGet symmetric key K'i(ii) a Wherein i is 1,2, …, n, i is the segment sequence number corresponding to each segment of ciphertext in the data packet, and n is the total segment number of the ciphertext;
a trailer decryption unit 533 for decrypting the n segments of ciphertext of the encrypted data packet and using the last segment of plaintext P'nK 'derived from'nDecrypting the packet tail ciphertext in the encrypted data packet to obtain a packet tail plaintext;
an integrating unit 534, configured to integrate all plaintext into a decrypted data packet;
and the data packet restoration module 540 is configured to combine and restore all the decrypted data packets to obtain a big data plaintext after all the encrypted data packets are decrypted.
It should be noted that although several modules of a chained data encryption system and a chained data decryption system are mentioned in the above detailed description, such partitioning is merely exemplary and not mandatory. Indeed, the features and functionality of two or more of the modules described above may be embodied in one module according to embodiments of the invention. Conversely, the features and functions of one module described above may be further divided into embodiments by a plurality of modules.
Based on the aforementioned inventive concept, as shown in fig. 6, the present invention further proposes a computer device 600, which comprises a memory 610, a processor 620 and a computer program 630 stored on the memory 610 and operable on the processor 620, wherein the processor 620 implements a chained data encryption method or a chained data decryption method when executing the computer program 630.
Based on the foregoing inventive concept, the present invention also proposes a computer-readable storage medium storing a computer program which, when executed by a processor, implements a chained data encryption method or a chained data decryption method.
In order to realize the chain data encryption method, the chain data decryption method and the corresponding system, a national secret encryption service needs to be established, and a hardware encryption machine and an open source encryption algorithm can be specifically adopted, or a national secret standard self-realization algorithm can be adopted; the cryptographic service supports at least the following service interfaces: SM2 asymmetric encryption and decryption, SM4 symmetric encryption and decryption, and SM4 random key generation.
Furthermore, a control node is required to be designated and a program is required to be developed on the distributed platform, the control node is responsible for splitting or combining the data packets, and the program is developed on other working nodes, so that the encryption and decryption tasks are completed according to requirements. If the data needs to be encrypted in different ways (for example, common data in bank data is encrypted at a low level, customer information is encrypted at a medium level, and customer passwords are encrypted at a high level), the information can be divided into different data packets, and then encrypted and decrypted in different ways.
The chain data encryption method, the chain data decryption method and the corresponding system provided by the invention utilize a sub-packet encryption and decryption strategy to break the whole encryption and decryption operation into parts, and simultaneously support encryption algorithms of different levels; moreover, a chain type encryption structure is adopted, and all rings in the chain are tightly buckled, so that the encryption effect is obviously improved under the condition of not increasing the calculated amount; meanwhile, when any chain is attacked, such as addition, deletion and tampering, the subsequent data chain cannot be decrypted, so that the data is prevented from being maliciously modified; and head-to-tail encapsulation operation is added for the data packet, so that malicious attacks on the packet splicing position, such as adding and deleting data paragraphs, inserting malicious scripts and the like, are avoided. On the whole, the scheme can greatly improve the processing efficiency in the large-scale data encryption and decryption operation; on the premise of not increasing the system processing capacity, the encryption effect is obviously enhanced, meanwhile, the data has tamper resistance under the condition of not increasing the abstract algorithm, the data can be effectively compatible with various different encryption algorithms in the cloud platform, and the modification cost is low.
While the spirit and principles of the invention have been described with reference to several particular embodiments, it is to be understood that the invention is not limited to the disclosed embodiments, nor is the division of aspects, which is for convenience only as the features in such aspects may not be combined to benefit. The invention is intended to cover various modifications and equivalent arrangements included within the spirit and scope of the appended claims.

Claims (15)

1. A method for chained data encryption, the method comprising:
acquiring data to be encrypted, and splitting the data to be encrypted into a plurality of data packets;
respectively generating an initial random symmetric secret key corresponding to each data packet;
performing chain data encryption on each data packet by using a public key of a receiving party and the initial random symmetric key respectively, wherein,
s101, adding a packet header to a data packet, wherein the packet header comprises the initial random symmetric key;
s102, the public key of the receiving party is used for carrying out asymmetric encryption on the packet header to generate a packet header ciphertext;
s103, acquiring the initial random symmetric key from the packet header, symmetrically encrypting a first section of plaintext in a data packet to generate a first section of ciphertext, and acquiring a first random symmetric key from the first section of plaintext;
s104, symmetrically encrypting a second section of plaintext by using the first random symmetric secret key to generate a second section of ciphertext, and acquiring a second symmetric random secret key from the second section of plaintext;
s105, repeating the process of symmetric encryption and obtaining random symmetric key, using the previous plaintext Pi-1Random symmetric key K obtained ini-1For the plaintext PiSymmetric encryption is carried out to generate a ciphertext CiAnd from this paragraph, plaintext PiGet random symmetric key Ki(ii) a Wherein i is 1,2, …, n, i is the segment sequence number corresponding to each segment of plaintext in the data packet, and n is the total number of segments of plaintext;
s106, adding a packet tail after encryption of all plaintext in the data packet is completed;
s107, using the last plaintext PnRandom symmetric key K obtained innSymmetrically encrypting the packet tail to obtain a packet tail ciphertext;
s108, integrating all the ciphertexts to obtain an encrypted data packet;
and combining and sending the digital signature of the sender and each encrypted data packet which is encrypted to a receiver.
2. The chained data encryption method according to claim 1, wherein obtaining data to be encrypted and splitting the data to be encrypted into a plurality of data packets further comprises:
and setting corresponding packet sequence numbers for each data packet.
3. The chained data encryption method of claim 1, wherein each of the data packets is respectively chained data encrypted using a public key of a receiving party and the initial random symmetric key, and further comprising:
and S100, dividing the data in each data packet into n sections.
4. The chained data encryption method according to claim 3, further comprising, in S100:
and dividing the data in each data packet into n sections, wherein the length of each section is m bytes, and if the length of the last section of plaintext cannot reach m bytes, padding characters are used for completing.
5. Chained data add according to claim 4The encryption method is characterized in that in S101, the added packet head is<head>K0…</head>Wherein, in the step (A),
K0for the initial random symmetric key, the length of the packet header is padded to be equal to the length of each segment using padding symbols.
6. The chained data encryption method according to claim 4, wherein in S106, the added packet trailer includes a packet sequence number of the data packet, and the added packet trailer is < tail > N … </tail >, wherein,
and N is a packet sequence number, and the length of the packet tail is filled to be equal to the length of each segment by using a filling symbol.
7. The chained data encryption method of claim 4, wherein the pad character is a hexadecimal character 0x 00.
8. A chained data decryption method, the decryption method comprising:
acquiring a plurality of encrypted data packets sent by a sender and a sender data signature;
confirming the identity of the sender according to the digital signature of the sender;
after the identity of the sender is confirmed, each encrypted data packet is subjected to chain data decryption by using a private key of the receiver, wherein,
s201, decrypting the packet header ciphertext in the encrypted data packet by using a private key of a receiving party to obtain a packet header of the encrypted data packet, and acquiring an initial symmetric key in the packet header;
s202, decrypting a first section of ciphertext in the encrypted data packet by using the initial symmetric secret key to obtain a first section of plaintext, and obtaining a first symmetric secret key from the first section of plaintext;
s203, decrypting the second section of ciphertext by using the first symmetric key to obtain a second section of plaintext, and obtaining a second symmetric key from the second section of plaintext;
s204, repeatedly executing the utilization pairsThe process of decrypting the symmetric key and obtaining the symmetric key from the plaintext utilizes the symmetric key from the previous plaintext P'i-1K 'derived from'i-1To the segment ciphertext C'iDecrypt and generate clear text P'iAnd is clear from this segment of P'iGet symmetric key K'i(ii) a Wherein i is 1,2, …, n, i is the segment sequence number corresponding to each segment of ciphertext in the data packet, and n is the total segment number of the ciphertext;
s205, after the n segments of ciphertext of the encrypted data packet are decrypted, the last segment of plaintext P 'is utilized'nK 'derived from'nDecrypting the packet tail ciphertext in the encrypted data packet to obtain a packet tail plaintext;
s206, integrating all plaintexts to obtain a decrypted data packet;
and after all the encrypted data packets are decrypted, combining and restoring all the decrypted data packets to obtain a big data plaintext.
9. The chained data decryption method of claim 8, wherein the plaintext of the trailer contains the packet sequence number of the data packet.
10. The chained data decryption method of claim 9, wherein after all the encrypted data packets are decrypted, combining and restoring all the decrypted data packets to obtain a big data plaintext, comprising:
and after all the encrypted data packets are decrypted, performing combined reduction according to the packet sequence number of each decrypted data packet to obtain a complete big data plaintext.
11. The chained data decryption method of claim 8, wherein in step S205, the method further comprises:
after the n sections of ciphertext of the encrypted data packet are decrypted, the last section of plaintext P'nThe padding character at the end is deleted.
12. A chained data encryption system, the encryption system comprising:
the data acquisition module is used for acquiring data to be encrypted and splitting the data to be encrypted into a plurality of data packets;
the random symmetric key generation module is used for respectively generating an initial random symmetric key corresponding to each data packet;
the chained data encryption module is configured to encrypt chained data of each data packet by using a public key of a receiving party and the initial random symmetric key, respectively, and includes:
a packet header adding unit, configured to add a packet header to a data packet, where the packet header includes the initial random symmetric key;
the packet header encryption unit is used for carrying out asymmetric encryption on the packet header by utilizing the public key of the receiving party to generate a packet header ciphertext;
the data segment encryption unit is used for acquiring the initial random symmetric key from the packet header, symmetrically encrypting a first segment of plaintext in the data packet to generate a first segment of ciphertext, and acquiring a first random symmetric key from the first segment of plaintext; symmetrically encrypting a second section of plaintext by using the first random symmetric secret key to generate a second section of ciphertext, and acquiring a second symmetric random secret key from the second section of plaintext; repeating the process of symmetric encryption and obtaining random symmetric key, using the plaintext P from the previous stagei-1Random symmetric key K obtained ini-1For the plaintext PiSymmetric encryption is carried out to generate a ciphertext CiAnd from this paragraph, plaintext PiGet random symmetric key Ki(ii) a Wherein i is 1,2, …, n, i is the segment sequence number corresponding to each segment of plaintext in the data packet, and n is the total number of segments of plaintext;
a packet tail adding unit, configured to add a packet tail after encryption of all plaintext in the data packet is completed;
a tail encryption unit for utilizing the plaintext P from the last stagenRandom symmetric key K obtained innSymmetrically encrypting the packet tail to obtain a packet tail ciphertext;
the integration unit is used for integrating all the ciphertexts to obtain an encrypted data packet;
and the encrypted data packet sending module is used for combining and sending the digital signature of the sender and each encrypted data packet which is encrypted to the receiver.
13. A chained data decryption system, the decryption system comprising:
the data acquisition module is used for acquiring a plurality of encrypted data packets sent by a sender and a sender data signature;
the identity confirmation module is used for confirming the identity of the sender according to the digital signature of the sender;
the decryption module is configured to perform chain data decryption on each encrypted data packet by using a private key of a receiver after confirming the identity of a sender, where the decryption module includes:
the packet header decryption unit is used for decrypting the packet header ciphertext in the encrypted data packet by using a private key of a receiving party to obtain a packet header of the encrypted data packet and acquiring an initial symmetric key in the packet header;
the data segment decryption unit is used for decrypting a first segment of ciphertext in the encrypted data packet by using the initial symmetric key to obtain a first segment of plaintext, and acquiring a first symmetric key from the first segment of plaintext; decrypting the second section of ciphertext by using the first symmetric key to obtain a second section of plaintext, and obtaining a second symmetric key from the second section of plaintext; repeatedly executing the decryption process by using the symmetric key and the process of obtaining the symmetric key from the plaintext, using the plaintext P 'from the previous stage'i-1K 'derived from'i-1To the segment ciphertext C'iDecrypt and generate clear text P'iAnd is clear from this segment of P'iGet symmetric key K'i(ii) a Wherein i is 1,2, …, n, i is the segment sequence number corresponding to each segment of ciphertext in the data packet, and n is the total segment number of the ciphertext;
a trailer decryption unit for decrypting the n segments of ciphertext of the encrypted data packet and using the last segment of plaintext P'nK 'derived from'nDecrypting the packet tail ciphertext in the encrypted data packet to obtain a packet tail plaintext;
the integration unit is used for integrating all plaintexts to obtain a decrypted data packet;
and the data packet restoration module is used for combining and restoring all the decrypted data packets to obtain a big data plaintext after all the encrypted data packets are decrypted.
14. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the method of any one of claims 1 to 11 when executing the computer program.
15. A computer-readable storage medium, characterized in that the computer-readable storage medium stores a computer program which, when executed by a processor, implements the method of any one of claims 1 to 11.
CN202010668709.4A 2020-07-13 2020-07-13 Chained data encryption method, chained data decryption method and corresponding systems Pending CN111654511A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010668709.4A CN111654511A (en) 2020-07-13 2020-07-13 Chained data encryption method, chained data decryption method and corresponding systems

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010668709.4A CN111654511A (en) 2020-07-13 2020-07-13 Chained data encryption method, chained data decryption method and corresponding systems

Publications (1)

Publication Number Publication Date
CN111654511A true CN111654511A (en) 2020-09-11

Family

ID=72348791

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010668709.4A Pending CN111654511A (en) 2020-07-13 2020-07-13 Chained data encryption method, chained data decryption method and corresponding systems

Country Status (1)

Country Link
CN (1) CN111654511A (en)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112714120A (en) * 2020-12-24 2021-04-27 四川长虹电器股份有限公司 Chained data encryption and decryption method and separated storage method of encrypted data
CN113378200A (en) * 2021-06-28 2021-09-10 江苏翔晟信息技术股份有限公司 Electronic contract file grouping encryption system and method based on separated storage
CN113645235A (en) * 2021-08-10 2021-11-12 中国银行股份有限公司 Distributed data encryption and decryption system and encryption and decryption method
CN113901503A (en) * 2021-10-26 2022-01-07 北京云迹科技有限公司 Encryption method, encryption device, decryption method and decryption device
CN114003922A (en) * 2021-09-18 2022-02-01 中国电子科技集团公司第二十九研究所 Loaded data encryption and decryption method based on PowerPc and detachable storage equipment
CN114285609A (en) * 2021-12-10 2022-04-05 中国联合网络通信集团有限公司 Encryption method, device, equipment and storage medium
CN114338245A (en) * 2022-03-11 2022-04-12 湖南三湘银行股份有限公司 Data anti-leakage method and system based on artificial intelligence
CN114422230A (en) * 2022-01-17 2022-04-29 广西泛华于成信息科技有限公司 Information transmission system based on data encryption
CN114449349A (en) * 2020-10-30 2022-05-06 深圳Tcl新技术有限公司 Program recording method, device, equipment and computer readable storage medium
CN114785527A (en) * 2022-06-17 2022-07-22 深圳市深圳通有限公司 Data transmission method, device, equipment and storage medium

Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1972184A (en) * 2005-11-21 2007-05-30 国际商业机器公司 Communication device and method
CN101401105A (en) * 2006-04-18 2009-04-01 国际商业机器公司 Encryption apparatus and method for providing an encrypted file system
CN101594227A (en) * 2008-05-30 2009-12-02 华为技术有限公司 The method of data encryption and deciphering, device and communication system
CN101753292A (en) * 2008-12-15 2010-06-23 汤姆森许可贸易公司 Methods and devices for a chained encryption mode
CN101783789A (en) * 2009-01-16 2010-07-21 深圳市维信联合科技有限公司 Method, device and system for transmitting and processing network packet
CN102546152A (en) * 2012-03-22 2012-07-04 山东泰信电子有限公司 Method for achieving multi-stage encryption and decryption of data
CN102594548A (en) * 2012-03-22 2012-07-18 山东泰信电子有限公司 Method capable of achieving data sectional encryption and decryption
CN102594549A (en) * 2012-03-22 2012-07-18 山东泰信电子有限公司 Multistage data encryption and decryption methods
CN105554062A (en) * 2015-11-30 2016-05-04 东莞酷派软件技术有限公司 Method, associated device and system of file transmission
CN105574445A (en) * 2015-12-22 2016-05-11 广州广电运通金融电子股份有限公司 Safety communication method and device for self-service terminal equipment hardware
CN108833343A (en) * 2018-04-28 2018-11-16 南京搜文信息技术有限公司 A kind of parallel encryption method that supporting big data and decryption method
CN111010408A (en) * 2020-01-06 2020-04-14 中国银联股份有限公司 Distributed encryption and decryption method and system

Patent Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1972184A (en) * 2005-11-21 2007-05-30 国际商业机器公司 Communication device and method
CN101401105A (en) * 2006-04-18 2009-04-01 国际商业机器公司 Encryption apparatus and method for providing an encrypted file system
CN101594227A (en) * 2008-05-30 2009-12-02 华为技术有限公司 The method of data encryption and deciphering, device and communication system
CN101753292A (en) * 2008-12-15 2010-06-23 汤姆森许可贸易公司 Methods and devices for a chained encryption mode
CN101783789A (en) * 2009-01-16 2010-07-21 深圳市维信联合科技有限公司 Method, device and system for transmitting and processing network packet
CN102546152A (en) * 2012-03-22 2012-07-04 山东泰信电子有限公司 Method for achieving multi-stage encryption and decryption of data
CN102594548A (en) * 2012-03-22 2012-07-18 山东泰信电子有限公司 Method capable of achieving data sectional encryption and decryption
CN102594549A (en) * 2012-03-22 2012-07-18 山东泰信电子有限公司 Multistage data encryption and decryption methods
CN105554062A (en) * 2015-11-30 2016-05-04 东莞酷派软件技术有限公司 Method, associated device and system of file transmission
CN105574445A (en) * 2015-12-22 2016-05-11 广州广电运通金融电子股份有限公司 Safety communication method and device for self-service terminal equipment hardware
CN108833343A (en) * 2018-04-28 2018-11-16 南京搜文信息技术有限公司 A kind of parallel encryption method that supporting big data and decryption method
CN111010408A (en) * 2020-01-06 2020-04-14 中国银联股份有限公司 Distributed encryption and decryption method and system

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114449349A (en) * 2020-10-30 2022-05-06 深圳Tcl新技术有限公司 Program recording method, device, equipment and computer readable storage medium
CN114449349B (en) * 2020-10-30 2023-07-25 深圳Tcl新技术有限公司 Program recording method, device, equipment and computer readable storage medium
CN112714120B (en) * 2020-12-24 2021-10-29 四川长虹电器股份有限公司 Chained data encryption and decryption method and separated storage method of encrypted data
CN112714120A (en) * 2020-12-24 2021-04-27 四川长虹电器股份有限公司 Chained data encryption and decryption method and separated storage method of encrypted data
CN113378200A (en) * 2021-06-28 2021-09-10 江苏翔晟信息技术股份有限公司 Electronic contract file grouping encryption system and method based on separated storage
CN113645235A (en) * 2021-08-10 2021-11-12 中国银行股份有限公司 Distributed data encryption and decryption system and encryption and decryption method
CN114003922A (en) * 2021-09-18 2022-02-01 中国电子科技集团公司第二十九研究所 Loaded data encryption and decryption method based on PowerPc and detachable storage equipment
CN114003922B (en) * 2021-09-18 2023-03-21 中国电子科技集团公司第二十九研究所 Loaded data encryption and decryption method based on PowerPc and detachable storage equipment
CN113901503A (en) * 2021-10-26 2022-01-07 北京云迹科技有限公司 Encryption method, encryption device, decryption method and decryption device
CN114285609A (en) * 2021-12-10 2022-04-05 中国联合网络通信集团有限公司 Encryption method, device, equipment and storage medium
CN114285609B (en) * 2021-12-10 2024-02-13 中国联合网络通信集团有限公司 Encryption method, device, equipment and storage medium
CN114422230A (en) * 2022-01-17 2022-04-29 广西泛华于成信息科技有限公司 Information transmission system based on data encryption
CN114338245A (en) * 2022-03-11 2022-04-12 湖南三湘银行股份有限公司 Data anti-leakage method and system based on artificial intelligence
CN114338245B (en) * 2022-03-11 2022-05-24 湖南三湘银行股份有限公司 Data anti-leakage method and system based on artificial intelligence
CN114785527A (en) * 2022-06-17 2022-07-22 深圳市深圳通有限公司 Data transmission method, device, equipment and storage medium

Similar Documents

Publication Publication Date Title
CN111654511A (en) Chained data encryption method, chained data decryption method and corresponding systems
US9537657B1 (en) Multipart authenticated encryption
US7634659B2 (en) Roaming hardware paired encryption key generation
US6125185A (en) System and method for encryption key generation
EP0916209B1 (en) Cryptographic key recovery system
US6289451B1 (en) System and method for efficiently implementing an authenticated communications channel that facilitates tamper detection
US20130191639A1 (en) System and method for securing communications between devices
JP2020503564A (en) Increase ambiguity
CN114726546B (en) Digital identity authentication method, device, equipment and storage medium
CN112564906A (en) Block chain-based data security interaction method and system
CN114244508B (en) Data encryption method, device, equipment and storage medium
US20150127950A1 (en) Method of encrypting data
WO2018152618A1 (en) Symmetric cryptographic method and system and applications thereof
CN111049738B (en) E-mail data security protection method based on hybrid encryption
US20070277043A1 (en) Methods for Generating Identification Values for Identifying Electronic Messages
CN115208615A (en) Data encryption transmission method for numerical control system
CN112948867A (en) Method and device for generating and decrypting encrypted message and electronic equipment
CN111131311A (en) Data transmission method based on block chain and block chain link point
CN116248316A (en) File encryption method, file decryption method, device and storage medium
JP2007316108A (en) Encrypting device, decrypting device, encrypting method, decrypting method, program using the methods, and recording medium
CN103634113B (en) Encryption and decryption method and device with user/equipment identity authentication
CN112954388A (en) Data file acquisition method and device, terminal equipment and storage medium
EP2289227B1 (en) Improvements related to the authentication of messages
AU2019381522A1 (en) Encryption system and method employing permutation group-based encryption technology
CN113259093B (en) Hierarchical signature encryption system based on identity-based encryption and construction method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20200911

RJ01 Rejection of invention patent application after publication