CN112242970B - Data segmentation encryption security reinforcing method and device - Google Patents
Data segmentation encryption security reinforcing method and device Download PDFInfo
- Publication number
- CN112242970B CN112242970B CN201910638368.3A CN201910638368A CN112242970B CN 112242970 B CN112242970 B CN 112242970B CN 201910638368 A CN201910638368 A CN 201910638368A CN 112242970 B CN112242970 B CN 112242970B
- Authority
- CN
- China
- Prior art keywords
- data
- encryption
- segmented
- algorithm
- decryption key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Abstract
The embodiment of the invention provides a data segmentation encryption security reinforcing method and a data segmentation encryption security reinforcing device, wherein the method comprises the following steps: reading in data, and reading plaintext data PT; secret segmentation; the split output data is encrypted again; and (6) outputting data. The technical scheme has the following beneficial effects by comprehensively using two technologies of data encryption and data segmentation: 1. the complexity of key management in the application process of the data encryption technology is avoided, and the application cost of the data encryption technology is reduced. 2. The complexity of data encryption is effectively improved. 3. The data encryption and the data segmentation are combined, but the data encryption and decryption calculation data amount is minimized, and the coding and decoding speed is effectively improved. 4. In the data encoding and decoding process, the minimum encryption and decryption can be carried out for 0 time theoretically, the data security intensity depends on the security intensity of the segmentation algorithm SS, and under the condition, the data encryption process can be effectively avoided, and the encoding and decoding speed is maximized.
Description
Technical Field
The invention relates to the field of information security, in particular to a data segmentation encryption security reinforcing method and device.
Background
Data encryption technology is the cornerstone of information security technology. Data Encryption (Data Encryption) is a technique in which a piece of information (or called plaintext) is converted into a meaningless ciphertext (ciphertext text) by an Encryption key (Encryption key) and an Encryption function, and the ciphertext is restored to the plaintext by a receiving party through a Decryption function and a Decryption key (Decryption key). The encryption technology realizes information hiding by encrypting information, thereby playing a role in protecting the safety of the information. The data encryption technology has the following problems: firstly, all data must be encrypted, the encryption calculation amount is large, the encryption and decryption time is long, and the data encryption technology cannot be used in the application field sensitive to the calculation time. Secondly, the ciphertext data after data encryption is taken as a whole, the ciphertext contains all information carried before data encryption, and once a decryption key is obtained in a certain mode, the data encryption technical means is invalid. Thirdly, encryption and decryption key management are complex, key management comprises multiple aspects of a management system, a management protocol, generation, distribution, replacement, injection and the like of keys, the management process is complex, and the cost is high.
The existing data leakage-proof encoding and decoding method scheme based on secret segmentation establishes a data storage and exchange leakage-proof technical mechanism with multi-party data storage and secret multi-party common management. In the process of implementing the invention, the inventor finds that at least the following problems exist in the prior art: in the above technical solution, there are the following disadvantages: the information security intensity is not optimized by combining a data encryption technology, the secret splitting (secret splitting) technology is independently used in the technical scheme, the information security intensity depends on the complexity of a secret splitting algorithm, the advantages of the data encryption technology and the secret splitting technology are not combined, the defect of improving the data encryption technology by using the secret splitting technology is avoided, and the information security intensity is improved.
Disclosure of Invention
The embodiment of the invention provides a data segmentation encryption security reinforcement method and a data segmentation encryption security reinforcement device, which are used for achieving the data security reinforcement effect of reducing the calculation time of data encryption and decryption and increasing the complexity of data encryption and decryption.
In one aspect, an embodiment of the present invention provides a data partitioning encryption security reinforcing method, where the method includes:
reading in data, reading plaintext data PT, and taking the plaintext data PT as data CT to be segmented; secret segmentation, namely performing data segmentation coding on the to-be-segmented data CT by adopting a data segmentation algorithm SS, and segmenting the to-be-segmented data CT into n data, wherein n is a natural number greater than or equal to 2; the n divided data are numbered as follows: the data CT to be segmented can be reconstructed only by collecting all elements of an integrated data segmentation output data set SSOC at a later stage, and all the segmented n data form a data segmentation output data set SSOC, namely the data segmentation output data set SSOC is { data PT1, data PT2, … … and data PTn };
and encrypting the segmentation output data again, selecting the element with the minimum data volume in the data segmentation output data set SSOC output by the data segmentation algorithm SS for encryption, and numbering the elements as follows: the data CTO1, the data CTO2, … …, and the data CTOm form a data split encrypted output data set SSEOC, that is, the data split encrypted output data set SSEOC ═ data CTO1, data CTO2, … …, and data CTOm };
and (4) outputting the data, namely, dividing all elements of the data segmentation encryption output data set SSEOC, namely the data CTO1, the data CTO2, … … and the data CTOm, and encoding the data as final output data.
On the other hand, an embodiment of the present invention provides a data partitioning, encrypting and security reinforcing apparatus, where the apparatus includes:
the data reading unit is used for reading plaintext data PT, and taking the plaintext data PT as data CT to be segmented;
the secret segmentation unit is used for carrying out data segmentation coding on the to-be-segmented data CT by adopting a data segmentation algorithm SS, and segmenting the to-be-segmented data CT into n data, wherein n is a natural number which is greater than or equal to 2; the n divided data are numbered as follows: the data CT to be segmented can be reconstructed only by collecting all elements of an integrated data segmentation output data set SSOC at a later stage, and all the segmented n data form a data segmentation output data set SSOC, namely the data segmentation output data set SSOC is { data PT1, data PT2, … … and data PTn };
and the segmentation output data re-encryption unit is used for selecting the element with the minimum data volume in the data segmentation output data set SSOC output by the data segmentation algorithm SS for encryption, and the elements are respectively numbered as: the data CTO1, the data CTO2, … …, and the data CTOm form a data split encrypted output data set SSEOC, that is, the data split encrypted output data set SSEOC ═ data CTO1, data CTO2, … …, and data CTOm };
and the data output unit is used for dividing all elements of the encrypted output data set SSEOC, namely the data CTO1, the data CTO2, … … and the data CTOm, and encoding the elements as final output data.
The technical scheme has the following beneficial effects: 1. the complexity of key management in the application process of the data encryption technology is avoided, and the application cost of the data encryption technology is reduced. 2. The complexity of data encryption is effectively improved. 3. The data encryption and the data segmentation are combined, but the data encryption and decryption calculation data amount is minimized, and the coding and decoding speed is effectively improved. 4. In the data encoding and decoding process, 0 times of encryption and decryption can be performed at minimum theoretically, the data security strength depends on the security strength of the segmentation algorithm SS, in this case, the data encryption process can be effectively avoided, and the encoding and decoding speed is maximized.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
FIG. 1 is a flow chart of a data partitioning, encrypting and security reinforcing method according to an embodiment of the present invention;
FIG. 2 is a decoding flow chart of a data partitioning encryption security reinforcing method according to an embodiment of the present invention;
FIG. 3A is a schematic structural diagram of a data partitioning, encrypting and security enhancing apparatus according to an embodiment of the present invention;
FIG. 3B is a schematic diagram of another data partitioning, encrypting and security enhancing apparatus according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of another data partitioning, encrypting and security reinforcing apparatus according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
As shown in fig. 1, a flow chart of a data partitioning, encrypting and security reinforcing method according to an embodiment of the present invention is shown, where the method includes:
101. reading in data, reading plaintext data PT, and taking the plaintext data PT as data CT to be segmented;
102. secret segmentation, namely performing data segmentation coding on the data to be segmented CT by adopting a data segmentation algorithm SS, and segmenting the data to be segmented CT into n data, wherein n is a natural number greater than or equal to 2; the n pieces of data divided are numbered as: the data CT to be segmented can be reconstructed only by collecting all elements of an integrated data segmentation output data set SSOC at a later stage, and all the segmented n data form a data segmentation output data set SSOC, namely the data segmentation output data set SSOC is { data PT1, data PT2, … … and data PTn };
103. and encrypting the segmentation output data again, selecting the element with the minimum data volume in the data segmentation output data set SSOC output by the data segmentation algorithm SS for encryption, and numbering the elements respectively as follows: the data CTO1, the data CTO2, … …, and the data CTOm form a data split encrypted output data set SSEOC, that is, the data split encrypted output data set SSEOC ═ data CTO1, data CTO2, … …, and data CTOm };
104. and (4) outputting the data, namely, dividing all elements of the data segmentation encryption output data set SSEOC, namely the data CTO1, the data CTO2, … … and the data CTOm, and encoding the data as final output data.
Preferably, after reading the plaintext data PT, the method further comprises:
and full-text encryption, namely encrypting data of the plaintext data PT by adopting an encryption algorithm ET and an encryption key EK to obtain data CT to be segmented, and recording a decryption key EPK of the data CT to be segmented.
Preferably, in the re-encrypting the split output data, all n elements of the data split output data set SSOC are respectively encrypted as required, including:
carrying out data encryption on the data PT1 by adopting an encryption algorithm E1 and an encryption key EK1 to obtain segmented encrypted data CT 1; meanwhile, recording a decryption key EPK1 of the segmented encrypted data CT 1;
carrying out data encryption on the data PT2 by adopting an encryption algorithm E2 and an encryption key EK2 to obtain segmented encrypted data CT 2; meanwhile, recording a decryption key EPK2 of the segmented encrypted data CT 2;
……;
encrypting the data PTn by adopting an encryption algorithm En and an encryption key EKn to obtain segmented encrypted data CTn; meanwhile, recording a decryption key EPKn of the segmented encrypted data CTn;
collecting algorithm parameters, and constructing a coding input data set DOPC, wherein elements of the coding input data set DOPC comprise the following data: the encryption algorithm ET, decryption key EPK, data partitioning algorithm SS, partitioned encrypted data CT1, partitioned encrypted data CT2, … …, partitioned encrypted data CTn, encryption algorithm E1, encryption algorithms E2, … …, encryption algorithm En, decryption key EPK1, decryption keys EPK2, … …, decryption key EPKn, namely: the encoded input data set DOPC ═ encryption algorithm ET, decryption key EPK, data partitioning algorithm SS, partitioned encrypted data CT1, partitioned encrypted data CT2, … …, partitioned encrypted data CTn, encryption algorithm E1, encryption algorithms E2, … …, encryption algorithm En, decryption key EPK1, decryption keys EPK2, … …, decryption key EPKn };
block coding, namely coding all elements of the coding input data set DOPC into m data by adopting a data output coding algorithm DOP, wherein m is a natural number which is more than or equal to 2; numbering the coded m data as: data CTO1, data CTO2, … … and data CTOm, so that the data can be reconstructed only by collecting the data CTO1, the data CTO2, … … and the data CTOm at a later stage, wherein all the m segmented data form a data segmented encrypted output data set SSEOC, namely the data segmented encrypted output data set SSEOC is { data CTO1, data CTO2, … … and data CTOm };
and (4) outputting the data, namely, dividing all elements of the data segmentation encryption output data set SSEOC, namely the data CTO1, the data CTO2, … … and the data CTOm, and encoding the data as final output data.
Preferably, the encryption key EK and the decryption key EPK are the same or different, symmetric encryption or asymmetric encryption; the encryption key EK1 and the decryption key EPK1 are the same or different, and are symmetric encryption or asymmetric encryption; the encryption key EK2 and the decryption key EPK2 are the same or different, and are symmetric encryption or asymmetric encryption; the encryption key EKn and the decryption key EPKn are the same or different, and are symmetric encryption or asymmetric encryption;
in the data reading process, reading plaintext data PT by adopting a segmented reading mode, and reading complete data in a segmented mode according to a set length L; preferably, the length L is one of the following values: 8 kbyte, 16 kbyte, 32 kbyte, 64 kbyte, 128 kbyte, 256 kbyte, 512 kbyte;
the data segmentation algorithm SS is at least one of: an exclusive or threshold scheme, a Shamir threshold scheme, and a chinese remainder theorem threshold scheme. The segmentation is characterized in that the segmentation is secret segmentation, and the particularity is that the segmented data is ciphertext instead of plaintext, which is different from the data segmentation applied to the fields of storage, exchange and communication at present.
The embodiment of the invention realizes data security reinforcement by combining data encryption and data secret segmentation.
Preferably, as shown in fig. 2, a decoding flow chart of a data partitioning encryption security reinforcing method according to an embodiment of the present invention is shown, where the method includes not only an encoding method, but also:
the data input 201 reads data CTO1, data CTO2, … … and data CTOm, and constructs a data segmentation encryption output data set SSEOC ═ data CTO1, data CTO2, … … and data CTOm };
the data decryption 203 for re-encrypting the segmented output data decrypts the data segmented output data set SSOC from the encoded input data set DOPC, comprising:
carrying out data decryption on the segmented encrypted data CT1 by adopting an encryption algorithm E1 and a decryption key EPK1 to obtain data PT 1;
carrying out data decryption on the segmented encrypted data CT2 by adopting an encryption algorithm E2 and a decryption key EPK2 to obtain the data PT 2;
……;
decrypting the segmented encrypted data CTn by adopting an encryption algorithm En and a decryption key EPKn to obtain the data PTn;
the full text decryption 205 is used for decrypting the data CT to be segmented and the decryption key EPK by using the encryption algorithm ET to obtain the plaintext data PT;
and a data output 206 for encoding the plaintext data PT as final output data.
Corresponding to the above method embodiment, as shown in fig. 3A, a schematic structural diagram of a data partitioning, encrypting and security reinforcing apparatus according to an embodiment of the present invention is shown, where the apparatus includes:
a data reading unit 31, configured to read plaintext data PT, and use the plaintext data PT as data to be segmented CT;
the secret dividing unit 33 is configured to perform data division encoding on the to-be-divided data CT by using a data division algorithm SS, and divide the to-be-divided data CT into n pieces of data, where n is a natural number greater than or equal to 2; the n divided data are numbered as follows: the data CT to be segmented can be reconstructed only by collecting all elements of an integrated data segmentation output data set SSOC at a later stage, and all the segmented n data form a data segmentation output data set SSOC, namely the data segmentation output data set SSOC is { data PT1, data PT2, … … and data PTn };
a segmentation output data re-encryption unit 34, configured to select an element with the smallest data size in the data segmentation output data set SSOC output by the data segmentation algorithm SS for encryption, where the elements are numbered as: the data CTO1, the data CTO2, … …, and the data CTOm form a data split encrypted output data set SSEOC, that is, the data split encrypted output data set SSEOC ═ data CTO1, data CTO2, … …, and data CTOm };
a data output unit 37 for encoding all elements of the data split encrypted output data set SSEOC, i.e. data CTO1, data CTO2, … …, data CTOm, as final output data.
Preferably, as shown in fig. 3B, which is a schematic structural diagram of another data partitioning, encrypting and security enhancing apparatus according to an embodiment of the present invention, the apparatus further includes:
and the full-text encryption unit 32 is used for encrypting the plaintext data PT by adopting an encryption algorithm ET and an encryption key EK after the data read-in unit reads the plaintext data PT to obtain the data CT to be segmented, and simultaneously recording a decryption key EPK of the data CT to be segmented.
Preferably, the segmentation output data re-encryption unit 34 is further configured to encrypt all n elements of the data segmentation output data set SSOC as needed, respectively, and includes:
carrying out data encryption on the data PT1 by adopting an encryption algorithm E1 and an encryption key EK1 to obtain segmented encrypted data CT 1; meanwhile, recording a decryption key EPK1 of the segmented encrypted data CT 1;
carrying out data encryption on the data PT2 by adopting an encryption algorithm E2 and an encryption key EK2 to obtain segmented encrypted data CT 2; meanwhile, recording a decryption key EPK2 of the segmented encrypted data CT 2;
……;
encrypting the data PTn by adopting an encryption algorithm En and an encryption key EKn to obtain segmented encrypted data CTn; meanwhile, recording a decryption key EPKn of the segmented encrypted data CTn;
a compiling algorithm parameter unit 35, configured to construct a coded input data set DOPC, where elements of the coded input data set DOPC include the following data: the encryption algorithm ET, decryption key EPK, data partitioning algorithm SS, partitioned encrypted data CT1, partitioned encrypted data CT2, … …, partitioned encrypted data CTn, encryption algorithm E1, encryption algorithms E2, … …, encryption algorithm En, decryption key EPK1, decryption keys EPK2, … …, decryption key EPKn, namely: the encoded input data set DOPC ═ encryption algorithm ET, decryption key EPK, data partitioning algorithm SS, partitioned encrypted data CT1, partitioned encrypted data CT2, … …, partitioned encrypted data CTn, encryption algorithm E1, encryption algorithms E2, … …, encryption algorithm En, decryption key EPK1, decryption keys EPK2, … …, decryption key EPKn };
a block coding unit 36, configured to code all elements of the coded input data set DOPC into m data by using a data output coding algorithm DOP, where m is a natural number greater than or equal to 2; numbering the coded m data as: data CTO1, data CTO2, … … and data CTOm, so that the data can be reconstructed only by collecting the data CTO1, the data CTO2, … … and the data CTOm at a later stage, wherein all the m segmented data form a data segmented encrypted output data set SSEOC, namely the data segmented encrypted output data set SSEOC is { data CTO1, data CTO2, … … and data CTOm };
a data output unit 37 for encoding all elements of the data split encrypted output data set SSEOC, i.e. data CTO1, data CTO2, … …, data CTOm, as final output data.
Preferably, the encryption key EK and the decryption key EPK are the same or different, symmetric encryption or asymmetric encryption; the encryption key EK1 and the decryption key EPK1 are the same or different, and are symmetric encryption or asymmetric encryption; the encryption key EK2 and the decryption key EPK2 are the same or different, and are symmetric encryption or asymmetric encryption; the encryption key EKn and the decryption key EPKn are the same or different, and are symmetric encryption or asymmetric encryption;
in the data reading process, reading plaintext data PT by adopting a segmented reading mode, and reading complete data in a segmented mode according to a set length L; preferably, the length L is one of the following: 8 kbyte, 16 kbyte, 32 kbyte, 64 kbyte, 128 kbyte, 256 kbyte, 512 kbyte;
the data segmentation algorithm SS is at least one of: an exclusive or threshold scheme, a Shamir threshold scheme, and a chinese remainder theorem threshold scheme.
Preferably, as shown in fig. 4, which is a schematic structural diagram of a data partitioning, encrypting and security enhancing apparatus according to another embodiment of the present invention, the apparatus further includes: the device further comprises:
a data input unit 41, configured to read in data CTO1, data CTO2, … …, and data CTOm, and construct a data split encrypted output data set SSEOC ═ data CTO1, data CTO2, … …, and data CTOm };
a block decoding unit 42, configured to input all elements of the data segmented encrypted output data set SSEOC into a data decoding algorithm DOP, to obtain the encoded input data set DOPC ═ { encryption algorithm ET, decryption key EPK, data segmentation algorithm SS, segmented encrypted data CT1, segmented encrypted data CT2, … …, segmented encrypted data CTn, encryption algorithm E1, encryption algorithms E2, … …, encryption algorithm En, decryption key EPK1, decryption keys EPK2, … …, decryption key EPKn };
the data decryption unit 43 for re-encrypting the segmented output data, for decrypting the data segmented output data set SSOC from the encoded input data set DOPC, comprises:
carrying out data decryption on the segmented encrypted data CT1 by adopting an encryption algorithm E1 and a decryption key EPK1 to obtain the data PT 1;
carrying out data decryption on the segmented encrypted data CT2 by adopting an encryption algorithm E2 and a decryption key EPK2 to obtain the data PT 2;
……;
decrypting the segmented encrypted data CTn by adopting an encryption algorithm En and a decryption key EPKn to obtain the data PTn;
a secret synthesis unit 44, configured to reconstruct the data to be segmented CT according to each element of the data segmentation output data set SSOC, that is, using the data PT1, the data PT2, … …, and the data PTn as data inputs, and using a data segmentation algorithm SS to reconstruct the data to be segmented CT;
a full text decryption unit 45, configured to decrypt the to-be-segmented data CT and the decryption key EPK by using the encryption algorithm ET to obtain the plaintext data PT;
a data output unit 46 for encoding the plaintext data PT as final output data.
The technical scheme comprehensively uses two technologies of data encryption and data segmentation, and has the following beneficial effects:
1. the complexity of key management in the application process of the data encryption technology is avoided, and the application cost of the data encryption technology is reduced. In the process of coding and decoding the data, the data decryption key is also coded into the code input data set DOPC, and the key management work comprising a plurality of aspects of management system, management protocol, generation, distribution, replacement, injection and the like of the key is not required to be carried out.
2. In the data encoding and decoding process, the encryption and decryption can be carried out for n +1 times to the maximum extent, and under the condition, the complexity of data encryption is effectively improved. In the data encoding and decoding process, all n elements of the plaintext data PT and the data segmentation output data set SSOC can be encrypted and decrypted by adopting respective data encryption algorithm, data encryption key and data decryption key, and theoretically, n +1 data can be encrypted and decrypted.
3. In the data coding and decoding process, only the element with the minimum data volume in the data segmentation output data set SSOC output by the segmentation algorithm SS can be selected for encryption, so that the combination of data encryption and data segmentation is realized, the data volume calculated by data encryption and decryption is minimized, and the coding and decoding speed is effectively improved.
4. In the data encoding and decoding process, the minimum encryption and decryption can be carried out for 0 time theoretically, the data security intensity depends on the security intensity of the segmentation algorithm SS, and under the condition, the data encryption process can be effectively avoided, and the encoding and decoding speed is maximized.
Preferably, m is 2, and n is 3;
preferably, the data is read in, the plaintext data PT is read in a segmented reading manner, and a complete piece of data is read in a segmented manner according to a set length L. Preferably, the length L takes the values: 8 kbyte, 16 kbyte, 32 kbyte, 64 kbyte, 128 kbyte, 256 kbyte, 512 kbyte.
Preferably, the full-text encryption step skips doing the data CT to be segmented, that is, the plaintext data PT is not encrypted, in which case, the data CT to be segmented is the plaintext data PT;
preferably, the data segmentation algorithm SS includes: an exclusive or threshold scheme, a Shamir threshold scheme, a chinese remainder theorem threshold scheme, etc.; when the value n is 3, the data CT is divided into 3 partial data, and the data division output data set SSOC is { data PT1, data PT2, data PT3 };
preferably, the segmentation output data is encrypted again, the element with the minimum data length in the data segmentation output data set SSOC is selected for encryption, and other elements are not encrypted any more.
The above-described embodiment of the present invention: 1. the complexity of key management in the application process of the data encryption technology is avoided, and the application cost of the data encryption technology is reduced. In the process of data coding and decoding, the data decryption key is also coded into the coded input data set DOPC, and key management work comprising a management system, a management protocol, generation, distribution, replacement, injection and other aspects of keys does not need to be carried out. 2. In the data coding and decoding process, only the element with the minimum data volume in the data segmentation output data set SSOC output by the segmentation algorithm SS is selected for encryption, so that the combination of data encryption and data segmentation is realized, the data volume calculated by data encryption and decryption is minimized, and the coding and decoding speed is effectively improved.
It should be understood that the specific order or hierarchy of steps in the processes disclosed is an example of exemplary approaches. Based upon design preferences, it is understood that the specific order or hierarchy of steps in the processes may be rearranged without departing from the scope of the present disclosure. The accompanying method claims present elements of the various steps in a sample order, and are not intended to be limited to the specific order or hierarchy presented.
In the foregoing detailed description, various features are grouped together in a single embodiment for the purpose of streamlining the disclosure. This method of disclosure is not to be interpreted as reflecting an intention that the claimed embodiments of the subject matter require more features than are expressly recited in each claim. Rather, as the following claims reflect, invention lies in less than all features of a single disclosed embodiment. Thus, the following claims are hereby expressly incorporated into the detailed description, with each claim standing on its own as a separate preferred embodiment of the invention.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. To those skilled in the art; various modifications to these embodiments will be readily apparent, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the disclosure. Thus, the present disclosure is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
What has been described above includes examples of one or more embodiments. It is, of course, not possible to describe every conceivable combination of components or methodologies for purposes of describing the aforementioned embodiments, but one of ordinary skill in the art may recognize that many further combinations and permutations of various embodiments are possible. Accordingly, the embodiments described herein are intended to embrace all such alterations, modifications and variations that fall within the scope of the appended claims. Furthermore, to the extent that the term "includes" is used in either the detailed description or the claims, such term is intended to be inclusive in a manner similar to the term "comprising" as "comprising" is interpreted when employed as a transitional word in a claim. Furthermore, any use of the term "or" in the specification of the claims is intended to mean a "non-exclusive or".
Those of skill in the art will further appreciate that the various illustrative logical blocks, units, and steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both. To clearly illustrate the interchangeability of hardware and software, various illustrative components, elements, and steps have been described above generally in terms of their functionality. Whether such functionality is implemented as hardware or software depends upon the particular application and design requirements of the overall system. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present embodiments.
The various illustrative logical blocks, or elements, described in connection with the embodiments disclosed herein may be implemented or performed with a general purpose processor, a digital signal processor, an Application Specific Integrated Circuit (ASIC), a field programmable gate array or other programmable logic device, discrete gate or transistor logic, discrete hardware components, or any combination thereof designed to perform the functions described herein. A general-purpose processor may be a microprocessor, but, in the alternative, the processor may be any conventional processor, controller, microcontroller, or state machine. A processor may also be implemented as a combination of computing devices, e.g., a digital signal processor and a microprocessor, a plurality of microprocessors, one or more microprocessors in conjunction with a digital signal processor core, or any other similar configuration.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may be stored in RAM memory, flash memory, ROM memory, EPROM memory, EEPROM memory, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art. For example, a storage medium may be coupled to the processor such the processor can read information from, and write information to, the storage medium. In the alternative, the storage medium may be integral to the processor. The processor and the storage medium may reside in an ASIC, which may be located in a user terminal. In the alternative, the processor and the storage medium may reside in different components in a user terminal.
In one or more exemplary designs, the functions described above in connection with the embodiments of the invention may be implemented in hardware, software, firmware, or any combination of the three. If implemented in software, the functions may be stored on or transmitted over as one or more instructions or code on a computer-readable medium. Computer-readable media includes both computer storage media and communication media that facilitate transfer of a computer program from one place to another. Storage media may be any available media that can be accessed by a general purpose or special purpose computer. For example, such computer-readable media can include, but is not limited to, RAM, ROM, EEPROM, CD-ROM or other optical disk storage, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to carry or store program code in the form of instructions or data structures and which can be read by a general-purpose or special-purpose computer, or a general-purpose or special-purpose processor. Additionally, any connection is properly termed a computer-readable medium, and, thus, is included if the software is transmitted from a website, server, or other remote source via a coaxial cable, fiber optic cable, twisted pair, Digital Subscriber Line (DSL), or wirelessly, e.g., infrared, radio, and microwave. Such discs (disk) and disks (disc) include compact disks, laser disks, optical disks, DVDs, floppy disks and blu-ray disks, where magnetic discs generally reproduce data magnetically, while disks generally reproduce data optically with lasers. Combinations of the above may also be included in the computer-readable medium.
The above-mentioned embodiments are intended to illustrate the objects, technical solutions and advantages of the present invention in further detail, and it should be understood that the above-mentioned embodiments are merely exemplary embodiments of the present invention, and are not intended to limit the scope of the present invention, and any modifications, equivalent substitutions, improvements and the like made within the spirit and principle of the present invention should be included in the scope of the present invention.
Claims (6)
1. A data partitioning encryption security reinforcing method is characterized by comprising the following steps:
reading in data, reading plaintext data PT;
after reading the plaintext data PT, the method further comprises:
encrypting the full text, namely encrypting data of the plaintext data PT by adopting an encryption algorithm ET and an encryption key EK to obtain data CT to be segmented, and recording a decryption key EPK of the data CT to be segmented;
secret segmentation, namely performing data segmentation coding on the to-be-segmented data CT by adopting a data segmentation algorithm SS, and segmenting the to-be-segmented data CT into n data, wherein n is a natural number greater than or equal to 2; the n divided data are numbered as follows: the data CT to be segmented can be reconstructed only by collecting all elements of an integrated data segmentation output data set SSOC at a later stage, and all the segmented n data form a data segmentation output data set SSOC, namely the data segmentation output data set SSOC is { data PT1, data PT2, … … and data PTn };
in the re-encryption of the segmentation output data, all n elements of the data segmentation output data set SSOC are respectively encrypted according to needs, and the method comprises the following steps:
carrying out data encryption on the data PT1 by adopting an encryption algorithm E1 and an encryption key EK1 to obtain segmented encrypted data CT 1; meanwhile, recording a decryption key EPK1 of the segmented encrypted data CT 1;
carrying out data encryption on the data PT2 by adopting an encryption algorithm E2 and an encryption key EK2 to obtain segmented encrypted data CT 2; meanwhile, recording a decryption key EPK2 of the segmented encrypted data CT 2;
……;
encrypting the data PTn by adopting an encryption algorithm En and an encryption key EKn to obtain segmented encrypted data CTn; meanwhile, recording a decryption key EPKn of the segmented encrypted data CTn;
collecting algorithm parameters, and constructing a coding input data set DOPC, wherein elements of the coding input data set DOPC comprise the following data: the encryption algorithm ET, decryption key EPK, data partitioning algorithm SS, partitioned encrypted data CT1, partitioned encrypted data CT2, … …, partitioned encrypted data CTn, encryption algorithm E1, encryption algorithms E2, … …, encryption algorithm En, decryption key EPK1, decryption keys EPK2, … …, decryption key EPKn, namely: the encoded input data set DOPC ═ encryption algorithm ET, decryption key EPK, data partitioning algorithm SS, partitioned encrypted data CT1, partitioned encrypted data CT2, … …, partitioned encrypted data CTn, encryption algorithm E1, encryption algorithms E2, … …, encryption algorithm En, decryption key EPK1, decryption keys EPK2, … …, decryption key EPKn };
block coding, namely coding all elements of the coding input data set DOPC into m data by adopting a data output coding algorithm DOP, wherein m is a natural number which is more than or equal to 2; numbering the coded m data as: data CTO1, data CTO2, … … and data CTOm, so that the data can be reconstructed only by collecting the data CTO1, the data CTO2, … … and the data CTOm at a later stage, wherein all the m segmented data form a data segmented encrypted output data set SSEOC, namely the data segmented encrypted output data set SSEOC is { data CTO1, data CTO2, … … and data CTOm };
the on-demand encryption further comprises: selecting the element with the minimum data size in the data segmentation output data set SSOC output by the data segmentation algorithm SS for encryption;
and (4) outputting the data, namely, dividing all elements of the data segmentation encryption output data set SSEOC, namely the data CTO1, the data CTO2, … … and the data CTOm, and encoding the data as final output data.
2. The data partitioning encryption security reinforcing method according to claim 1, wherein the encryption key EK and the decryption key EPK are the same or different, and are symmetric encryption or asymmetric encryption; the encryption key EK1 and the decryption key EPK1 are the same or different, and are symmetric encryption or asymmetric encryption; the encryption key EK2 and the decryption key EPK2 are the same or different, and are symmetric encryption or asymmetric encryption; the encryption key EKn and the decryption key EPKn are the same or different, and are symmetric encryption or asymmetric encryption;
in the data reading process, reading plaintext data PT by adopting a segmented reading mode, and reading complete data in a segmented mode according to a set length L; preferably, the length L is one of the following values: 8 kbyte, 16 kbyte, 32 kbyte, 64 kbyte, 128 kbyte, 256 kbyte, 512 kbyte;
the data segmentation algorithm SS is at least one of: an exclusive or threshold scheme, a Shamir threshold scheme, and a chinese remainder theorem threshold scheme.
3. The data partitioning encryption security hardening method of claim 1, further comprising:
data input, namely reading in data CTO1, data CTO2, … … and data CTOm, and constructing a data segmentation encryption output data set SSEOC ═ data CTO1, data CTO2, … … and data CTOm };
grouping and decoding, inputting all elements of the data partitioning and encrypting output data set SSEOC into a data decoding algorithm DOP to obtain a coding input data set DOPC ═ { encryption algorithm ET, decryption key EPK, data partitioning algorithm SS, partitioning and encrypting data CT1, partitioning and encrypting data CT2, … …, partitioning and encrypting data CTn, encryption algorithm E1, encryption algorithms E2, … …, encryption algorithm En, decryption key EPK1, decryption keys EPK2, … … and decryption key EPKn };
decrypting the data re-encrypted by the segmented output data to obtain a data segmented output data set SSOC from the encoded input data set DOPC, comprising:
carrying out data decryption on the segmented encrypted data CT1 by adopting an encryption algorithm E1 and a decryption key EPK1 to obtain the data PT 1;
carrying out data decryption on the segmented encrypted data CT2 by adopting an encryption algorithm E2 and a decryption key EPK2 to obtain the data PT 2;
……;
decrypting the segmented encrypted data CTn by adopting an encryption algorithm En and a decryption key EPKn to obtain the data PTn;
secret synthesis, namely reconstructing the data CT to be segmented according to each element of the data segmentation output data set SSOC, namely, taking the data PT1, the data PT2, … … and the data PTn as data input, and reconstructing the data CT to be segmented by using a data segmentation algorithm SS;
decrypting the full text, namely decrypting the data CT to be segmented and the decryption key EPK by utilizing the encryption algorithm ET to obtain the plaintext data PT;
and outputting data, namely encoding the plaintext data PT as final output data.
4. A data partitioning encryption security enhancing apparatus, the apparatus comprising:
a data read-in unit for reading plaintext data PT;
the full-text encryption unit is used for encrypting the plaintext data PT by adopting an encryption algorithm ET and an encryption key EK after the data read-in unit reads the plaintext data PT to obtain data CT to be segmented and recording a decryption key EPK of the data CT to be segmented;
the secret segmentation unit is used for carrying out data segmentation coding on the to-be-segmented data CT by adopting a data segmentation algorithm SS, and segmenting the to-be-segmented data CT into n data, wherein n is a natural number which is greater than or equal to 2; the n divided data are numbered as follows: the data CT to be segmented can be reconstructed only by collecting all elements of an integrated data segmentation output data set SSOC at a later stage, and all the segmented n data form a data segmentation output data set SSOC, namely the data segmentation output data set SSOC is { data PT1, data PT2, … … and data PTn };
the segmentation output data re-encryption unit is used for encrypting all n elements of the data segmentation output data set SSOC respectively according to needs, and comprises the following steps:
carrying out data encryption on the data PT1 by adopting an encryption algorithm E1 and an encryption key EK1 to obtain segmented encrypted data CT 1; meanwhile, recording a decryption key EPK1 of the segmented encrypted data CT 1;
carrying out data encryption on the data PT2 by adopting an encryption algorithm E2 and an encryption key EK2 to obtain segmented encrypted data CT 2; meanwhile, recording a decryption key EPK2 of the segmented encrypted data CT 2;
……;
encrypting the data PTn by adopting an encryption algorithm En and an encryption key EKn to obtain segmented encrypted data CTn; meanwhile, recording a decryption key EPKn of the segmented encrypted data CTn;
a collection algorithm parameter unit, configured to construct a coded input data set DOPC, where elements of the coded input data set DOPC include the following data: the encryption algorithm ET, decryption key EPK, data partitioning algorithm SS, partitioned encrypted data CT1, partitioned encrypted data CT2, … …, partitioned encrypted data CTn, encryption algorithm E1, encryption algorithms E2, … …, encryption algorithm En, decryption key EPK1, decryption keys EPK2, … …, decryption key EPKn, namely: the encoded input data set DOPC ═ encryption algorithm ET, decryption key EPK, data partitioning algorithm SS, partitioned encrypted data CT1, partitioned encrypted data CT2, … …, partitioned encrypted data CTn, encryption algorithm E1, encryption algorithms E2, … …, encryption algorithm En, decryption key EPK1, decryption keys EPK2, … …, decryption key EPKn };
the block coding unit is used for coding all elements of the coding input data set DOPC into m data by adopting a data output coding algorithm DOP, wherein m is a natural number which is greater than or equal to 2; numbering the coded m data as: data CTO1, data CTO2, … … and data CTOm, so that the data can be reconstructed only by collecting the data CTO1, the data CTO2, … … and the data CTOm at a later stage, wherein all the m segmented data form a data segmented encrypted output data set SSEOC, namely the data segmented encrypted output data set SSEOC is { data CTO1, data CTO2, … … and data CTOm };
the on-demand encryption further comprises: selecting the element with the minimum data size in the data segmentation output data set SSOC output by the data segmentation algorithm SS for encryption;
and the data output unit is used for dividing all elements of the encrypted output data set SSEOC, namely the data CTO1, the data CTO2, … … and the data CTOm, and encoding the elements as final output data.
5. The data partitioning encryption security enhancing apparatus of claim 4, wherein the encryption key EK and the decryption key EPK are the same or different, symmetric encryption or asymmetric encryption; the encryption key EK1 and the decryption key EPK1 are the same or different, and are symmetric encryption or asymmetric encryption; the encryption key EK2 and the decryption key EPK2 are the same or different, and are symmetric encryption or asymmetric encryption; the encryption key EKn and the decryption key EPKn are the same or different, and are symmetric encryption or asymmetric encryption;
in the data reading process, reading plaintext data PT by adopting a segmented reading mode, and reading complete data in a segmented mode according to a set length L; preferably, the length L is one of the following values: 8 kbyte, 16 kbyte, 32 kbyte, 64 kbyte, 128 kbyte, 256 kbyte, 512 kbyte;
the data segmentation algorithm SS is at least one of: an exclusive or threshold scheme, a Shamir threshold scheme, and a chinese remainder theorem threshold scheme.
6. The data partitioning encryption security hardened device of claim 4, said device further comprising:
the data input unit is used for reading in data CTO1, data CTO2, … … and data CTOm and constructing a data segmentation encryption output data set SSEOC ═ data CTO1, data CTO2, … … and data CTOm };
a block decoding unit, configured to input all elements of the data partitioning and encrypting output data set SSEOC into a data decoding algorithm DOP, to obtain the encoded input data set DOPC ═ { encryption algorithm ET, decryption key EPK, data partitioning algorithm SS, partitioning encrypted data CT1, partitioning encrypted data CT2, … …, partitioning encrypted data CTn, encryption algorithm E1, encryption algorithms E2, … …, encryption algorithm En, decryption key EPK1, decryption keys EPK2, … …, decryption key EPKn };
a data decryption unit for re-encrypting the segmented output data, for decrypting a data segmented output data set SSOC from the encoded input data set DOPC, comprising:
carrying out data decryption on the segmented encrypted data CT1 by adopting an encryption algorithm E1 and a decryption key EPK1 to obtain the data PT 1;
carrying out data decryption on the segmented encrypted data CT2 by adopting an encryption algorithm E2 and a decryption key EPK2 to obtain data PT 2;
……;
decrypting the segmented encrypted data CTn by adopting an encryption algorithm En and a decryption key EPKn to obtain the data PTn;
the secret synthesis unit is used for reconstructing data CT to be segmented according to each element of the data segmentation output data set SSOC, namely, the data PT1, the data PT2, … … and the data PTn are used as data input, and a data segmentation algorithm SS is used for reconstructing the data CT to be segmented;
the full-text decryption unit is used for decrypting the data CT to be segmented and the decryption key EPK by using the encryption algorithm ET to obtain the plaintext data PT;
and the data output unit is used for encoding the plaintext data PT as final output data.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910638368.3A CN112242970B (en) | 2019-07-16 | 2019-07-16 | Data segmentation encryption security reinforcing method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910638368.3A CN112242970B (en) | 2019-07-16 | 2019-07-16 | Data segmentation encryption security reinforcing method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112242970A CN112242970A (en) | 2021-01-19 |
| CN112242970B true CN112242970B (en) | 2022-09-02 |
Family
ID=74166512
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910638368.3A Active CN112242970B (en) | 2019-07-16 | 2019-07-16 | Data segmentation encryption security reinforcing method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112242970B (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20070086509A (en) * | 2004-12-09 | 2007-08-27 | 인텔 코오퍼레이션 | Method and apparatus for increasing the speed of cryptographic processing |
| CN101236590A (en) * | 2008-03-07 | 2008-08-06 | 北京邮电大学 | Threshold password system based software division protection accomplishing method |
| JP2009124456A (en) * | 2007-11-15 | 2009-06-04 | Ricoh Co Ltd | Information processor, information processing method, information processing program, and information recording medium |
| JP2009288616A (en) * | 2008-05-30 | 2009-12-10 | Hitachi Ltd | Secret sharing method, program and device |
| CN102693398A (en) * | 2012-05-09 | 2012-09-26 | 深圳大学 | Data encryption method and system |
| CN107241188A (en) * | 2017-06-02 | 2017-10-10 | 丁爱民 | A kind of quantum data storage decoding method, apparatus and system |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP6703706B2 (en) * | 2016-01-18 | 2020-06-03 | リアル・テクノロジー株式会社 | Ciphertext management method, ciphertext management device and program |
-
2019
- 2019-07-16 CN CN201910638368.3A patent/CN112242970B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20070086509A (en) * | 2004-12-09 | 2007-08-27 | 인텔 코오퍼레이션 | Method and apparatus for increasing the speed of cryptographic processing |
| JP2009124456A (en) * | 2007-11-15 | 2009-06-04 | Ricoh Co Ltd | Information processor, information processing method, information processing program, and information recording medium |
| CN101236590A (en) * | 2008-03-07 | 2008-08-06 | 北京邮电大学 | Threshold password system based software division protection accomplishing method |
| JP2009288616A (en) * | 2008-05-30 | 2009-12-10 | Hitachi Ltd | Secret sharing method, program and device |
| CN102693398A (en) * | 2012-05-09 | 2012-09-26 | 深圳大学 | Data encryption method and system |
| CN107241188A (en) * | 2017-06-02 | 2017-10-10 | 丁爱民 | A kind of quantum data storage decoding method, apparatus and system |
Non-Patent Citations (3)
| Title |
|---|
| 图像加密技术综述;李昌刚等;《计算机研究与发展》;20021015(第10期);全文 * |
| 基于秘密共享的多云存储模型研究;范泉龙;《中国优秀硕士学位论文全文数据库(电子期刊) 信息科技辑》;20140615;全文 * |
| 面向移动云的属性基密文访问控制优化方法;刘建等;《通信学报》;20180725(第07期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112242970A (en) | 2021-01-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109040090B (en) | A kind of data ciphering method and device | |
| CN100379194C (en) | Memory encryption | |
| CN102224704A (en) | Content decoding apparatus, content decoding method and integrated circuit | |
| CN103345609B (en) | A kind of text encipher-decipher method and encryption and decryption equipment | |
| CN107241188B (en) | Quantum storage data encoding and decoding method, device and system | |
| US20040177257A1 (en) | Data processing device and data processing method | |
| JP2001274786A (en) | Contents information transmission method, contents information recording method, contents information transmitter, contents information recorder, transmission medium and recording medium | |
| US20100232604A1 (en) | Controlling access to content using multiple encryptions | |
| JP6608436B2 (en) | Encoder, decoder and method using partial data encryption | |
| CA2452419A1 (en) | Method for an integrated protection system of data distributed processing in computer networks and system for carrying out said method | |
| US20100054477A1 (en) | Accelerated cryptography with an encryption attribute | |
| CN101969545A (en) | Encryption method and device of multimedia file | |
| JP5198539B2 (en) | Storage device, access device and program | |
| CN105871549A (en) | Digital signal encryption processing method | |
| CN112199699A (en) | Character string encryption and decryption method and device, storage medium and processor | |
| KR100458339B1 (en) | Decryption method and electronic device | |
| KR0137709B1 (en) | Method for protecting an enciphered computer object code against cryptanalysis | |
| CN102142072A (en) | Encryption processing and decryption processing method and device of electronic files | |
| CN112242970B (en) | Data segmentation encryption security reinforcing method and device | |
| CN104077541A (en) | Selective encryption method and device based on multimedia data | |
| CN114640443B (en) | Online engineering quotation safety interaction method and system | |
| KR20060116336A (en) | Method and apparatus for encrypting/decrypting efficiently according to broadcast encryption scheme | |
| CN108038383A (en) | File encrypting method, file decryption method and device | |
| US8929547B2 (en) | Content data reproduction system and collection system of use history thereof | |
| KR101625018B1 (en) | Data encryption apparatus and method, computing device and communication device employing the same |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |