CN112311740B

CN112311740B - Data encryption method, data decryption method, terminal and storage medium

Info

Publication number: CN112311740B
Application number: CN201910704084.XA
Authority: CN
Inventors: 李亮; 林汉坤; 黄敏强
Original assignee: Shenzhen Yunhai Internet Of Things Co ltd
Current assignee: Shenzhen Yunhai Internet Of Things Co ltd
Priority date: 2019-07-31
Filing date: 2019-07-31
Publication date: 2022-06-21
Anticipated expiration: 2039-07-31
Also published as: CN112311740A

Abstract

The application is applicable to the technical field of data processing, and provides a data encryption method, which comprises the following steps: acquiring data to be encrypted and a random code; mixing and splicing the random code and the data to be encrypted to obtain mixed data; and encrypting the mixed data through a preset encryption algorithm to obtain encrypted data corresponding to the data to be encrypted. The random code and the data to be encrypted are spliced to confuse the data to be encrypted, so that even if the data to be encrypted is intercepted, an intercepting party cannot know that the data to be encrypted is confused, and cannot know which way to confuse, the data security between the user terminal and the gateway or between the gateway and the intelligent home equipment in the data transmission process is improved, and the problem of insufficient data security in the existing data transmission process is solved.

Description

Data encryption method, data decryption method, terminal and storage medium

Technical Field

The present application belongs to the field of data processing technologies, and in particular, to a data encryption method, a data decryption method, a terminal, and a storage medium.

Background

Along with the progress of science and technology, the smart home has advanced into the life of people, and brings convenience to the life of people. People enjoy the convenience of the intelligent household, and meanwhile, the requirement on the intelligent household is higher and higher. In addition to the concern about the quality safety of the intelligent home equipment, the data safety of data transmission of the intelligent home equipment also becomes a new concern for people. Most of the existing data encryption modes are known encryption modes, and are easy to crack, so that the intelligent home equipment is controlled by other people, and potential safety hazards are caused to life of people.

Content of application

The embodiment of the application provides a data encryption method, a data decryption method, a terminal and a storage medium, and can solve the problem of insufficient data security in the existing data transmission process.

In a first aspect, an embodiment of the present application provides a data encryption method, which is applied to a first terminal, and includes:

acquiring data to be encrypted and a random code;

mixing and splicing the random code and the data to be encrypted to obtain mixed data;

and encrypting the mixed data through a preset encryption algorithm to obtain encrypted data corresponding to the data to be encrypted.

Optionally, the random code is generated by taking the timestamp of the encrypted data as a variable and a preset key as a constant according to a preset random code generation rule, where the variable and the constant correspond to each other.

Optionally, the random code is generated according to a preset random code generation algorithm when the first terminal establishes a communication connection with the second terminal.

According to the embodiment of the application, the random code and the data to be encrypted are spliced to confuse the data to be encrypted, so that even if the data to be encrypted is intercepted, an intercepting party cannot know the confused data and cannot know the way of the confused data, the data security between a user terminal and a gateway or between the gateway and intelligent home equipment in the data transmission process is improved, and the problem of insufficient data security in the existing data transmission process is solved; optionally, the data transmission between the terminal and the gateway and the data transmission between the gateway and the terminal are confused by adopting random codes from different sources, so that the data security in the whole process of controlling the intelligent device by the user through the terminal is further improved.

In a second aspect, an embodiment of the present application provides a data decryption method, which is applied to a second terminal, and is characterized by including:

acquiring encrypted data, and decrypting the encrypted data into mixed data through a preset decryption algorithm;

acquiring a random code;

and decomposing the mixed data according to the random code to obtain decrypted data corresponding to the encrypted data.

In a third aspect, an embodiment of the present application provides a first terminal, including a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor implements the data encryption method as described above when executing the computer program.

In a fourth aspect, the present application provides a second terminal, including a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor implements the data decryption method as described above when executing the computer program.

In a fifth aspect, the present application provides a computer-readable storage medium, which stores a computer program, and when the computer program is executed by a processor, the computer program implements the data encryption method.

In a sixth aspect, the present application provides a computer-readable storage medium, where a computer program is stored, and the computer program is executed by a processor to implement the above data decryption method.

In a seventh aspect, an embodiment of the present application provides a computer program product, which, when run on a terminal, causes the terminal to execute the data encryption method described in any one of the above first aspects.

In an eighth aspect, the present application provides a computer program product, which when run on a terminal, causes the terminal to execute the data decryption method according to any one of the above second aspects.

It is understood that the beneficial effects of the second aspect to the eighth aspect can be referred to the related description of the first aspect, and are not described herein again.

Drawings

In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed to be used in the embodiments or the prior art descriptions will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without inventive exercise.

Fig. 1 is a schematic structural diagram of a mobile phone according to an embodiment of the present application;

FIG. 2 is a diagram of a software architecture provided by an embodiment of the present application;

fig. 3 is a schematic flowchart of a data encryption method according to an embodiment of the present application;

FIG. 4 is a flowchart illustrating a data decryption method according to an embodiment of the present application;

FIG. 5 is a schematic diagram of an application scenario provided by an embodiment of the present application;

fig. 6 is a schematic structural diagram of a data encryption device according to an embodiment of the present application;

fig. 7 is a schematic structural diagram of a data decryption apparatus according to an embodiment of the present application;

fig. 8 is a schematic structural diagram of a terminal according to an embodiment of the present application.

Detailed Description

In the following description, for purposes of explanation and not limitation, specific details are set forth, such as particular system structures, techniques, etc. in order to provide a thorough understanding of the embodiments of the present application. It will be apparent, however, to one skilled in the art that the present application may be practiced in other embodiments that depart from these specific details. In other instances, detailed descriptions of well-known systems, devices, circuits, and methods are omitted so as not to obscure the description of the present application with unnecessary detail.

It will be understood that the terms "comprises" and/or "comprising," when used in this specification and the appended claims, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.

It should also be understood that the term "and/or" as used in this specification and the appended claims refers to and includes any and all possible combinations of one or more of the associated listed items.

As used in this specification and the appended claims, the term "if" may be interpreted contextually as "when", "upon" or "in response to" determining "or" in response to detecting ". Similarly, the phrase "if it is determined" or "if a [ described condition or event ] is detected" may be interpreted contextually to mean "upon determining" or "in response to determining" or "upon detecting [ described condition or event ]" or "in response to detecting [ described condition or event ]".

Furthermore, in the description of the present application and the appended claims, the terms "first," "second," "third," and the like are used for distinguishing between descriptions and not necessarily for describing or implying relative importance.

Reference throughout this specification to "one embodiment" or "some embodiments," or the like, means that a particular feature, structure, or characteristic described in connection with the embodiment is included in one or more embodiments of the present application. Thus, appearances of the phrases "in one embodiment," "in some embodiments," "in other embodiments," or the like, in various places throughout this specification are not necessarily all referring to the same embodiment, but rather mean "one or more but not all embodiments" unless specifically stated otherwise. The terms "comprising," "including," "having," and variations thereof mean "including, but not limited to," unless expressly specified otherwise.

The data encryption method provided by the embodiment of the application can be applied to a terminal, and the terminal can be a mobile phone, a tablet computer, a wearable device, a vehicle-mounted device, an Augmented Reality (AR)/Virtual Reality (VR) device, a notebook computer, a super-mobile personal computer (UMPC), a netbook, a Personal Digital Assistant (PDA), an intelligent gateway, an intelligent home device and other terminals.

For example, the terminal may be a Station (ST) in a WLAN, which may be a cellular phone, a cordless phone, a Session Initiation Protocol (SIP) phone, a Wireless Local Loop (WLL) station, a Personal Digital Assistant (PDA) device, a handheld device with Wireless communication capability, a computing device or other processing device connected to a Wireless modem, a vehicle mounted device, a vehicle networking terminal, a computer, a laptop, a handheld communication device, a handheld computing device, a satellite radio, a Wireless modem card, a Set Top Box (STB), a Customer Premises Equipment (CPE), and/or other devices for communicating over a Wireless system and a next generation communication system, such as a Mobile terminal in a 5G Network or a future evolved Public Land Mobile Network (Public Land Mobile Network, PLMN) mobile terminals in the network, etc.

By way of example and not limitation, when the terminal is a wearable device, the wearable device may also be a generic term for intelligently designing daily wearing by applying wearable technology, developing wearable devices, such as glasses, gloves, watches, clothing, shoes, and the like. A wearable device is a portable device that is worn directly on the body or integrated into the clothing or accessories of the user. The wearable device is not only a hardware device, but also realizes powerful functions through software support, data interaction and cloud interaction. The generalized wearable intelligent device has the advantages that the generalized wearable intelligent device is complete in function and large in size, can realize complete or partial functions without depending on a smart phone, such as a smart watch or smart glasses, and only is concentrated on a certain application function, and needs to be matched with other devices such as the smart phone for use, such as various smart bracelets for monitoring physical signs, smart jewelry and the like.

By way of example and not limitation, when the smart device 103 is a smart home device, the smart home device may be a smart security device, such as a surveillance camera, a gas sensor, a fire sensor, etc.; or intelligent lighting equipment such as an intelligent bulb, an intelligent lamp strip and the like; the intelligent household appliance can also be an intelligent household appliance, such as an intelligent television, an intelligent air conditioner, an intelligent humidifier, a projector and the like; the smart home equipment can also be smart office equipment such as a fax machine, a multifunctional printer and the like, and it should be understood that the smart home equipment can also be smart sockets, smart sun-shading equipment, health medical equipment and the like, and the details are not repeated herein.

Take the terminal as a mobile phone as an example. Fig. 1 is a block diagram illustrating a partial structure of a mobile phone according to an embodiment of the present disclosure. Referring to fig. 1, the cellular phone includes: a Radio Frequency (RF) circuit 110, a memory 120, an input unit 130, a display unit 140, a sensor 150, an audio circuit 160, a wireless fidelity (WiFi) module 170, a processor 180, and a power supply 190. Those skilled in the art will appreciate that the handset configuration shown in fig. 1 is not intended to be limiting and may include more or fewer components than those shown, or some components may be combined, or a different arrangement of components.

The following describes each component of the mobile phone in detail with reference to fig. 1:

the RF circuit 110 may be used for receiving and transmitting signals during information transmission and reception or during a call, and in particular, receives downlink information of a base station and then processes the received downlink information to the processor 180; in addition, the data for designing uplink is transmitted to the base station. Typically, the RF circuitry includes, but is not limited to, an antenna, at least one Amplifier, a transceiver, a coupler, a Low Noise Amplifier (LNA), a duplexer, and the like. In addition, the RF circuitry 110 may also communicate with networks and other devices via wireless communications. The wireless communication may use any communication standard or protocol, including but not limited to Global System for Mobile communication (GSM), General Packet Radio Service (GPRS), Code Division Multiple Access (CDMA), Wideband Code Division Multiple Access (WCDMA), Long Term Evolution (LTE)), e-mail, Short Messaging Service (SMS), and the like.

The memory 120 may be used to store software programs and modules, and the processor 180 executes various functional applications and data processing of the mobile phone by operating the software programs and modules stored in the memory 120. The memory 120 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required by at least one function (such as a sound playing function, an image playing function, etc.), and the like; the storage data area may store data (such as audio data, a phonebook, etc.) created according to the use of the cellular phone, and the like. Further, the memory 120 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device.

The input unit 130 may be used to receive input numeric or character information and generate key signal inputs related to user settings and function control of the cellular phone 100. Specifically, the input unit 130 may include a touch panel 131 and other input devices 132. The touch panel 131, also referred to as a touch screen, may collect touch operations of a user on or near the touch panel 131 (e.g., operations of the user on or near the touch panel 131 using any suitable object or accessory such as a finger or a stylus pen), and drive the corresponding connection device according to a preset program. Alternatively, the touch panel 131 may include two parts, i.e., a touch detection device and a touch controller. The touch detection device detects the touch direction of a user, detects a signal brought by touch operation and transmits the signal to the touch controller; the touch controller receives touch information from the touch sensing device, converts the touch information into touch point coordinates, sends the touch point coordinates to the processor 180, and receives and executes commands sent from the processor 180. In addition, the touch panel 131 may be implemented by various types such as a resistive type, a capacitive type, an infrared ray, and a surface acoustic wave. The input unit 130 may include other input devices 132 in addition to the touch panel 131. In particular, other input devices 132 may include, but are not limited to, one or more of a physical keyboard, function keys (such as volume control keys, switch keys, etc.), a trackball, a mouse, a joystick, and the like.

The display unit 140 may be used to display information input by a user or information provided to the user and various menus of the mobile phone. The Display unit 140 may include a Display panel 141, and optionally, the Display panel 141 may be configured in the form of a Liquid Crystal Display (LCD), an Organic Light-Emitting Diode (OLED), or the like. Further, the touch panel 131 can cover the display panel 141, and when the touch panel 131 detects a touch operation on or near the touch panel 131, the touch operation is transmitted to the processor 180 to determine the type of the touch event, and then the processor 180 provides a corresponding visual output on the display panel 141 according to the type of the touch event. Although the touch panel 131 and the display panel 141 are shown as two separate components in fig. 1 to implement the input and output functions of the mobile phone, in some embodiments, the touch panel 131 and the display panel 141 may be integrated to implement the input and output functions of the mobile phone.

The handset 100 may also include at least one sensor 150, such as a light sensor, motion sensor, and other sensors. Specifically, the light sensor may include an ambient light sensor that adjusts the brightness of the display panel 141 according to the brightness of ambient light, and a proximity sensor that turns off the display panel 141 and/or the backlight when the mobile phone is moved to the ear. As one of the motion sensors, the accelerometer sensor can detect the magnitude of acceleration in each direction (generally, three axes), can detect the magnitude and direction of gravity when stationary, and can be used for applications of recognizing the posture of a mobile phone (such as horizontal and vertical screen switching, related games, magnetometer posture calibration), vibration recognition related functions (such as pedometer and tapping), and the like; as for other sensors such as a gyroscope, a barometer, a hygrometer, a thermometer, and an infrared sensor, which can be configured on the mobile phone, further description is omitted here.

Audio circuitry 160, speaker 161, and microphone 162 may provide an audio interface between the user and the handset. The audio circuit 160 may transmit the electrical signal converted from the received audio data to the speaker 161, and convert the electrical signal into a sound signal for output by the speaker 161; on the other hand, the microphone 162 converts the collected sound signal into an electrical signal, which is received by the audio circuit 160 and converted into audio data, which is then processed by the audio data output processor 180 and then transmitted to, for example, another cellular phone via the RF circuit 110, or the audio data is output to the memory 120 for further processing.

WiFi belongs to short-distance wireless transmission technology, and the mobile phone can help a user to receive and send e-mails, browse webpages, access streaming media and the like through the WiFi module 170, and provides wireless broadband Internet access for the user. Although fig. 1 shows the WiFi module 170, it is understood that it does not belong to the essential constitution of the handset 100, and can be omitted entirely as needed within the scope not changing the essence of the application.

The processor 180 is a control center of the mobile phone, connects various parts of the entire mobile phone by using various interfaces and lines, and performs various functions of the mobile phone and processes data by operating or executing software programs and/or modules stored in the memory 120 and calling data stored in the memory 120, thereby integrally monitoring the mobile phone. Alternatively, processor 180 may include one or more processing units; preferably, the processor 180 may integrate an application processor, which mainly handles operating systems, user interfaces, application programs, etc., and a modem processor, which mainly handles wireless communications. It will be appreciated that the modem processor described above may not be integrated into the processor 180.

The handset 100 also includes a power supply 190 (e.g., a battery) for powering the various components, which may preferably be logically connected to the processor 180 via a power management system, such that the power management system may be used to manage charging, discharging, and power consumption.

Although not shown, the handset 100 may also include a camera. Optionally, the position of the camera on the mobile phone 100 may be front-located or rear-located, which is not limited in this embodiment of the application.

Optionally, the mobile phone 100 may include a single camera, a dual camera, or a triple camera, which is not limited in this embodiment of the present application.

For example, the cell phone 100 may include three cameras, one being a main camera, one being a wide camera, and one being a tele camera.

Optionally, when the mobile phone 100 includes a plurality of cameras, the plurality of cameras may be all front-mounted, all rear-mounted, or a part of the cameras front-mounted and another part of the cameras rear-mounted, which is not limited in this embodiment of the present application.

In addition, although not shown, the mobile phone 100 may further include a bluetooth module or the like, which is not described herein.

Fig. 2 is a schematic diagram of a software structure of the mobile phone 100 according to the embodiment of the present application. Taking the operating system of the mobile phone 100 as an Android system as an example, in some embodiments, the Android system is divided into four layers, which are an application layer, an application Framework (FWK) layer, a system layer and a hardware abstraction layer, and the layers communicate with each other through a software interface.

As shown in fig. 2, the application layer may be a series of application packages, which may include short message, calendar, camera, video, navigation, gallery, call, and other applications.

The application framework layer provides an Application Programming Interface (API) and a programming framework for the application programs of the application layer. The application framework layer may include some predefined functions, such as functions for receiving events sent by the application framework layer.

As shown in FIG. 2, the application framework layers may include a window manager, a resource manager, and a notification manager, among others.

The window manager is used for managing window programs. The window manager can obtain the size of the display screen, judge whether a status bar exists, lock the screen, intercept the screen and the like. The content provider is used to store and retrieve data and make it accessible to applications. The data may include video, images, audio, calls made and received, browsing history and bookmarks, phone books, etc.

The resource manager provides various resources for the application, such as localized strings, icons, pictures, layout files, video files, and the like.

The notification manager enables the application to display notification information in the status bar, can be used to convey notification-type messages, can disappear automatically after a short dwell, and does not require user interaction. Such as a notification manager used to inform download completion, message alerts, etc. The notification manager may also be a notification that appears in the form of a chart or scroll bar text at the top status bar of the system, such as a notification of a background running application, or a notification that appears on the screen in the form of a dialog window. For example, prompting text information in the status bar, sounding a prompt tone, vibrating the electronic device, flashing an indicator light, etc.

The application framework layer may further include:

a viewing system that includes visual controls, such as controls to display text, controls to display pictures, and the like. The view system may be used to build applications. The display interface may be composed of one or more views. For example, the display interface including the short message notification icon may include a view for displaying text and a view for displaying pictures.

The phone manager is used to provide the communication functions of the handset 100. Such as management of call status (including connection, hangup, etc.).

The system layer may include a plurality of functional modules. For example: a sensor service module, a physical state identification module, a three-dimensional graphics processing library (such as OpenGL ES), and the like.

The sensor service module is used for monitoring sensor data uploaded by various sensors in a hardware layer and determining the physical state of the mobile phone 100;

the physical state recognition module is used for analyzing and recognizing user gestures, human faces and the like;

the three-dimensional graphic processing library is used for realizing three-dimensional graphic drawing, image rendering, synthesis, layer processing and the like.

The system layer may further include:

the surface manager is used to manage the display subsystem and provide fusion of 2D and 3D layers for multiple applications.

The media library supports a variety of commonly used audio, video format playback and recording, and still image files, among others. The media library may support a variety of audio-video encoding formats, such as MPEG4, h.264, MP3, AAC, AMR, JPG, PNG, and the like.

The hardware abstraction layer is a layer between hardware and software. The hardware abstraction layer may include a display driver, a camera driver, a sensor driver, etc. for driving the relevant hardware of the hardware layer, such as a display screen, a camera, a sensor, etc.

The following embodiments may be implemented on the cellular phone 100 having the above-described hardware structure/software structure. The following embodiment will take the mobile phone 100 as an example to explain the data encryption method provided in the embodiment of the present application.

Fig. 3 shows a schematic flow chart of the data encryption method provided in the present application, and by way of example and not limitation, the method is applied to a first terminal, where the first terminal may be the mobile phone 100, an intelligent gateway, an intelligent home device, and the like.

S301, acquiring data to be encrypted and a random code;

s302, mixing and splicing the random code and the encrypted data to obtain mixed data;

s303, encrypting the mixed data through a preset encryption algorithm to obtain encrypted data corresponding to the data to be encrypted.

In S301, the data to be encrypted may be unencrypted data, for example, short message data sent by the mobile phone to another mobile phone, or data of a control instruction sent by the mobile phone to the smart home device, and the data to be encrypted may also be other data in an interaction process between the first terminal and the second terminal, which is not described herein again.

The random code is generated according to a preset random code generation rule, and may be a random code which is generated when data to be encrypted is acquired and is not a fixed value, or may be a random code which is generated before the data to be encrypted is acquired and is a fixed value, of course, a random code which is generated when the data to be encrypted is acquired and is a fixed value, or a random code which is generated when the data to be encrypted is acquired and is not a fixed value, and a specific numerical value of the random code is related to the preset random code generation rule, which is not described herein again.

The predetermined random code generation rule may be based on a random number generation algorithm, which may include but is not limited to a monte carlo simulation method, a motto rotation algorithm, and the like.

In this embodiment, the data encryption process corresponds to the data decryption process, and since the random code is confused with the data to be encrypted in the data encryption process, it is still necessary to know what the random code is in the data decryption process, so that the timestamp is used as a variable for generating the random code, and the decryption process can also obtain the same random code according to the timestamp as long as the timestamp is guaranteed to be the same. And the random code is generated together with the preset secret key, so that the safety of the random code is improved, even if an intercepting party knows the timestamp, the intercepting party cannot know that the random code is generated together by the timestamp and the preset secret key, and cannot know which generation algorithm is adopted, the data safety in the data transmission process is improved, and the data synchronization between the data encryption and the data decryption is realized.

In this embodiment, the random code generation algorithm may be a random number generation algorithm, which may include, but is not limited to, a monte carlo simulation method, a motte rotation algorithm, or a user-defined algorithm.

And generating a random code when the first terminal and the second terminal are connected, and storing the random code in a memory of the first terminal and the second terminal for the random code for data encryption and data decryption in the subsequent data transmission process. Preferably, the method is applied to data transmission of an internal network (such as a local area network) to reduce the possibility of interception, thereby improving the data security of the data transmission.

The random codes generated when the first terminal establishes connection with different second terminals may be the same numerical value or different numerical values. For example, the random code generated when the mobile phone establishes a connection with the smart television is 123, and the random code generated when the mobile phone establishes a connection with the smart air conditioner may be 123 or other (e.g., 456).

In S302, the random codes may be spliced at different positions of the data to be encrypted according to a preset splicing rule. For example, the random code may be completely spliced in front of or behind the data to be encrypted, or the random code may be completely spliced in any position in the middle of the data to be encrypted, or the random code may be divided into a plurality of parts and spliced in each position in the data to be encrypted.

The random code and the data to be encrypted are mixed and spliced to confuse the data to be encrypted, so that even if the data to be encrypted is intercepted, an intercepting party cannot know that the data to be encrypted is confused and further cannot know which way the data to be encrypted is confused, and the data security of data transmission is further improved.

In a possible implementation manner, the data to be encrypted is 123abc, the random code is 36891423, and then the corresponding splicing position may be obtained according to the value of the first digit of the random code, for example, if the splicing position corresponding to 3 is the front, the mixed data is 36891423123abc, or if the splicing position corresponding to 3 is the rear of the first letter in the data to be encrypted, the mixed data is 123a36891423 bc. It should be understood that the splicing position corresponding to 3 may also be that half of the random codes are spliced in front of the data to be encrypted, and the other half of the random codes are spliced behind the data to be encrypted, and of course, other splicing positions may also be used, which are not described herein again.

In S303, the preset encryption algorithm may be a general encryption algorithm, which includes, but is not limited to, an MD5 algorithm, an encryption algorithm for this (such as DES algorithm, AES algorithm, ECB algorithm, CBC algorithm), an asymmetric encryption algorithm (such as RSA algorithm), and the like. The data to be encrypted is firstly mixed up and then encrypted, so that the data security of data transmission is improved.

On the basis of the embodiment shown in fig. 3, the present application also proposes another embodiment. It should be noted that the steps that are the same as those in the embodiment of fig. 3 are not repeated herein, please refer to the foregoing description.

Optionally, the S301 includes:

s3011, acquiring data to be encrypted, and acquiring a timestamp and a preset key of the data to be encrypted;

s3012, splicing the timestamp and the preset key into a first character array;

s3013, reordering the characters in the first character array to obtain the random code.

In this embodiment, the preset key is a data transmission key that is input and set by a user, and is a fixed value. The timestamp may be a total number of seconds from greenwich time 1970, 01, 00 hours 00 minutes 00 seconds (beijing time 1970, 01, 08 hours 00 seconds) to the current time, such that the timestamp of the next second is different from the timestamp of the previous second. It should be understood that the timestamp may be the total fraction from greenwich mean time to the current time or other timestamps, which are not described herein again.

In a possible implementation, since data transmission is a real-time process, i.e., data is a very short time process from encryption to transmission to decryption. The time difference (the minimum unit is accumulated to the point) between the current time when the data to be encrypted is acquired (or the random code is generated) and the Greenwich mean time is taken as a time stamp, and the time difference (the minimum unit is accumulated to the point) between the current time when the data to be encrypted is acquired and the Greenwich mean time is taken as the time stamp, so that the encryption and the decryption are performed in the same minute, the time stamps of the encryption and the decryption are the same, and the acquired random code is also the same.

The first character array comprises a timestamp and a preset key, and all characters in the first character array are reordered to improve the safety of the random code and further improve the data safety in the data transmission process.

Optionally, the S3013 includes:

arranging and combining the characters in the first character array to obtain a second character array;

obtaining the position character of each character in the second character array according to the position of each character in the second character array in the first character array and the change relation between the positions of each character in the second character array;

and combining the position character corresponding to each character in the second character array with each character in the second character array to obtain the random code.

In this embodiment, for example, if a first character array obtained by concatenating the timestamp and the preset key is 7896, the 7896 is re-randomly sorted to obtain a second character array 7689, and according to the positional relationship of the positions of the characters in 7689 in the 7896, a position character of each character in 7689 is obtained, that is, if the position of the character 7 in 7689 in the 7896 is a first position, the position character corresponding to 7 is 1, similarly, the position character corresponding to 6 is 4, the position character corresponding to 8 is 2, the position character corresponding to 9 is 3, and the position character corresponding to each character in 7689 and each character in 7689 are combined to obtain a random code of 76891423. Further, the random code may also be 7689- & 1423, where "-" is used to distinguish the second character from the location character. It should be understood that "-" is used for illustration only, and other symbols may be used in other embodiments, which are not intended to limit the present application.

Optionally, the S302 includes:

intercepting part of random codes in the random codes through intercepted codes, wherein the intercepted codes are intercepted codes generated through a preset intercepted code algorithm;

and according to a preset splicing rule, performing mixed splicing on the part of random codes and the data to be encrypted to obtain mixed data.

In this embodiment, the truncated code may be a range, for example, [2, 6], which indicates that characters between 2 nd bit and 6 th bit of the truncated random code are truncated, and if the random code is 36891423, the truncated partial random code is 689142. In an embodiment, when the timestamp is the total seconds from greenwich mean time to the current time, the key concatenation and the front of the timestamp are preset, and the generated interception code does not intercept n bits (such as the last 4 bits) behind the random code, so that the situation that decryption cannot be performed due to different timestamps during data decryption is avoided.

The intercept code may be a fixed interval, or may be generated from one or more variables. For example, the capture code may be generated based on the date of the day of data transmission as a variable, such as 3 months and 25 days, the capture code is [3, 25 ]. It should be understood that the interval may also be obtained after operation is performed according to a date or other variables, and details are not described herein.

The preset splicing rule and part of random codes have a corresponding relation. For example, when the partial random code is an odd number, the corresponding splicing rule is to splice the partial random code in front of the data to be encrypted, when the partial random code is an even number, the corresponding splicing rule is to splice the partial random code behind the data to be encrypted, and when the last character of the partial random code is a letter, a is considered as an odd number, b is an even number, c is an odd number, and so on. Or the parity of one character in the partially random code corresponds to a different splicing rule, for example the parity of the first digit in the partially random code corresponds to a different splicing rule. It should be noted that the correspondence between the preset splicing rule and the part of the random codes is only used for illustration, and the details are related to practical applications and are not described herein again.

Fig. 4 shows a schematic flowchart of a data decryption method provided by the present application, which is by way of example and not limitation, a data decryption method corresponding to the data encryption method is applied to a second terminal performing data transmission with a first terminal, where the second terminal may be the mobile phone 100, an intelligent gateway, an intelligent home device, and the like.

S401, acquiring encrypted data, and decrypting the encrypted data into mixed data through a preset decryption algorithm;

s402, acquiring a random code;

and S403, decomposing the mixed data according to the random code to obtain decrypted data corresponding to the encrypted data.

In S401, the encrypted data is data transmitted by the first terminal. The preset decryption algorithm corresponds to the preset encryption algorithm in S303, which can be referred to above specifically.

In S402, the random code is acquired in the same manner as in S301, and the obtained random code is also the same, which can be specifically referred to above.

In S403, the present step is the reverse of S303, and the foregoing may be specifically referred to.

On the basis of the embodiment shown in fig. 4, the present application also proposes another embodiment. It should be noted that the steps that are the same as those in the embodiment of fig. 4 are not repeated herein, please refer to the foregoing description.

Optionally, the S402 includes:

acquiring a timestamp and a preset key of the encrypted data;

splicing the timestamp and the preset key into a first character array;

and reordering the characters in the first character array to obtain the random code.

In this embodiment, the time stamp of the encrypted data is the same as the time stamp of the data to be encrypted, such as the total fraction from greenwich mean time to the current time, and since the data transmission is real-time, the encryption and decryption processes of the data can be completed in the same minute.

Optionally, the reordering of the characters in the first character array to obtain the random code includes:

Optionally, the step S403 includes:

intercepting part of random codes in the random codes through intercepted codes, wherein the intercepted codes are generated through a preset intercepted code algorithm;

and decomposing the mixed data according to a preset splicing rule and the partial random code to obtain decrypted data.

In this embodiment, a preset splicing rule and a part of the random codes have a corresponding relationship, which is specifically referred to above.

The following describes a specific implementation process of the data encryption method and the data decryption method in conjunction with a specific scenario, and it should be noted that this is only for illustration and is not to be taken as a limitation to the specific implementation of the present application.

Fig. 5 shows a multi-party interaction diagram of the smart home in an embodiment. As shown in the figure, the user interacts with the user terminal, the user terminal is in communication connection with the intelligent gateway, and the intelligent gateway is also in communication connection with the intelligent home equipment. The intelligent home equipment comprises a user terminal, an intelligent gateway and intelligent home equipment, wherein the user terminal is a first terminal relative to the intelligent gateway, the intelligent gateway is a second terminal relative to the user terminal, the intelligent gateway is a first terminal relative to the intelligent home equipment, and the intelligent home equipment is a second terminal relative to the intelligent gateway.

When a user controls the intelligent home device through the user terminal, the user terminal obtains an operation instruction of the user, and sends a control instruction abc123 to the intelligent gateway according to the operation instruction. Before the user terminal sends the control command abc123, the control command abc123 is encrypted. Specifically, the user terminal generates a random code 36891423 by using a timestamp as a variable and a preset key as a constant, generates an interception code [3,7] by using an interception code generation algorithm, and intercepts the random code 36891423 by using the interception code [3,7] to obtain a partial random code 89142; splicing the partial random code 89142 with the control instruction abc123 to obtain mixed data abc 12389142; the mixed data abc12389142 is encrypted through an MD5 encryption algorithm to obtain encrypted data fc3ac83bad960235b69da8005ab2299c corresponding to the control command, and the encrypted data are sent to the intelligent gateway. The intelligent gateway receives the encrypted data fc3ac83bad960235b69da8005ab2299c, and decrypts the encrypted data fc3ac83bad960235b69da8005ab2299c through an MD5 decryption algorithm to obtain abc 12389142; generating a random code 36891423 by taking the timestamp as a variable and the preset key as a constant, generating an interception code [3,7] by an interception code generation algorithm, and intercepting the random code 36891423 by the interception code [3,7] to obtain a partial random code 89142; and decomposing the partial random code 89142 in the mixed data abc12389142 to obtain decrypted data abc123 corresponding to the encrypted data, namely the control command.

The intelligent gateway splices the decrypted data abc123 and a random code 451324 to obtain mixed data abc123451324, wherein the random code 451324 is a fixed value generated when the intelligent gateway establishes communication connection with the intelligent home device, the mixed data abc123451324 is encrypted through an MD5 encryption algorithm to obtain encrypted data 9cc03e06504ae5d0c97fab230893a934 corresponding to the decrypted data abc123, and the encrypted data 9cc03e06504ae5d0c97fab230893a934 is transmitted to the intelligent home device. The smart home equipment decrypts the encrypted data 9cc03e06504ae5d0c97fab230893a934 through an MD5 decryption algorithm to obtain mixed data abc 123451324; and acquiring a pre-stored random code 451324, decomposing a random code 451324 in the mixed data abc123451324 to obtain a control instruction abc123, and executing the instruction to adjust the running state of the corresponding intelligent household equipment.

It should be understood that the random code of the user terminal encryption abc123 may also be a random code generated when the user terminal establishes a connection with the intelligent gateway, and the random code of the intelligent gateway encryption abc23 may also be a partial random code generated by taking a timestamp as a variable and taking a preset key as a constant and intercepted by an interception code, which are not described herein again.

It should be understood that, the sequence numbers of the steps in the foregoing embodiments do not imply an execution sequence, and the execution sequence of each process should be determined by its function and inherent logic, and should not constitute any limitation to the implementation process of the embodiments of the present application.

Fig. 6 shows a block diagram of a device provided in the embodiment of the present application, which corresponds to the data encryption method described in the above embodiment, and only the relevant parts to the embodiment of the present application are shown for convenience of description.

Referring to fig. 6, the apparatus includes:

an obtaining module 601, configured to obtain data to be encrypted and a random code;

a splicing module 602, configured to perform hybrid splicing on the random code and the data to be encrypted to obtain hybrid data;

the encryption module 603 is configured to encrypt the mixed data according to a preset encryption algorithm to obtain encrypted data corresponding to the data to be encrypted.

Fig. 7 shows a block diagram of a device provided in the embodiment of the present application, where, for convenience of description, only the parts related to the embodiment of the present application are shown.

Referring to fig. 7, the apparatus 700 includes:

a decryption module 701, configured to obtain encrypted data, and decrypt the encrypted data into mixed data through a preset decryption algorithm;

an obtaining module 702, configured to obtain a random code;

the decomposition module 703 is configured to decompose the mixed data according to the random code to obtain decrypted data corresponding to the encrypted data.

It can be clearly understood by those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described apparatuses, modules and units may refer to the corresponding processes in the foregoing corresponding method embodiments, and are not described herein again.

Fig. 8 is a schematic structural diagram of a terminal according to an embodiment of the present application. The terminal of this embodiment may be the first terminal or the second terminal, and as shown in fig. 8, the terminal 8 of this embodiment includes: at least one processor 80 (only one shown in fig. 8), a memory 81, and a computer program 82 stored in the memory 81 and operable on the at least one processor 80, the processor 80 implementing the steps in any of the various data encryption method or data decryption method embodiments described above when executing the computer program 82.

The terminal 8 may be a desktop computer, a notebook, a palm computer, a cloud server, or other computing devices. The terminal may include, but is not limited to, a processor 80, a memory 81. Those skilled in the art will appreciate that fig. 8 is merely an example of the terminal 8 and does not constitute a limitation of the terminal 8, and may include more or less components than those shown, or combine some components, or different components, such as input and output devices, network access devices, etc.

The Processor 80 may be a Central Processing Unit (CPU), and the Processor 80 may be other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic, discrete hardware components, etc. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.

The memory 81 may in some embodiments be an internal storage unit of the terminal 8, such as a hard disk or a memory of the terminal 8. The memory 81 may also be an external storage device of the terminal 8 in other embodiments, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), etc. provided on the terminal 8. Further, the memory 81 may also include both an internal storage unit and an external storage device of the terminal 8. The memory 81 is used for storing an operating system, an application program, a BootLoader (BootLoader), data, and other programs, such as program codes of the computer program. The memory 81 may also be used to temporarily store data that has been output or is to be output.

It should be noted that, for the information interaction, execution process, and other contents between the above-mentioned devices/units, the specific functions and technical effects thereof are based on the same concept as those of the embodiment of the method of the present application, and specific reference may be made to the part of the embodiment of the method, which is not described herein again.

It will be apparent to those skilled in the art that, for convenience and brevity of description, only the above-mentioned division of the functional units and modules is illustrated, and in practical applications, the above-mentioned function distribution may be performed by different functional units and modules according to needs, that is, the internal structure of the apparatus is divided into different functional units or modules to perform all or part of the above-mentioned functions. Each functional unit and module in the embodiments may be integrated in one processing unit, or each unit may exist alone physically, or two or more units are integrated in one unit, and the integrated unit may be implemented in a form of hardware, or in a form of software functional unit. In addition, specific names of the functional units and modules are only used for distinguishing one functional unit from another, and are not used for limiting the protection scope of the present application. The specific working processes of the units and modules in the system may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.

The embodiments of the present application further provide a computer-readable storage medium, where a computer program is stored, and when the computer program is executed by a processor, the computer program implements the steps in the above-mentioned data encryption method or data decryption method embodiments.

The embodiment of the present application provides a computer program product, which when running on a mobile terminal, enables the mobile terminal to implement the steps in the above-mentioned data encryption method or data decryption method embodiment when executed.

The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, all or part of the processes in the methods of the embodiments described above can be implemented by a computer program, which can be stored in a computer-readable storage medium and can implement the steps of the embodiments of the methods described above when the computer program is executed by a processor. Wherein the computer program comprises computer program code, which may be in the form of source code, object code, an executable file or some intermediate form, etc. The computer readable medium may include at least: any entity or device capable of carrying computer program code to a photographing apparatus/terminal, a recording medium, computer Memory, Read-Only Memory (ROM), Random Access Memory (RAM), an electrical carrier signal, a telecommunications signal, and a software distribution medium. Such as a usb-disk, a removable hard disk, a magnetic or optical disk, etc. In certain jurisdictions, computer-readable media may not be an electrical carrier signal or a telecommunications signal in accordance with legislative and patent practice.

In the above embodiments, the descriptions of the respective embodiments have respective emphasis, and reference may be made to the related descriptions of other embodiments for parts that are not described or illustrated in a certain embodiment.

Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.

In the embodiments provided in the present application, it should be understood that the disclosed apparatus/network device and method may be implemented in other ways. For example, the above-described apparatus/network device embodiments are merely illustrative, and for example, the division of the modules or units is only one logical division, and there may be other divisions when actually implementing, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not implemented. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.

The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one position, or may be distributed on multiple network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.

The above-mentioned embodiments are only used to illustrate the technical solutions of the present application, and not to limit the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; such modifications and substitutions do not substantially depart from the spirit and scope of the embodiments of the present application and are intended to be included within the scope of the present application.

Claims

1. A data encryption method applied to a first terminal is characterized by comprising the following steps:

acquiring data to be encrypted and a random code;

encrypting the mixed data through a preset encryption algorithm to obtain encrypted data corresponding to the data to be encrypted;

wherein the acquiring the random code includes:

acquiring a timestamp and a preset key of the data to be encrypted, wherein the timestamp is a time difference between the current time when the data to be encrypted or the random code is generated and Greenwich mean time;

splicing the timestamp and the preset key into a first character array;

2. The data encryption method of claim 1, wherein said reordering the characters in the first array of characters to obtain the random code comprises:

3. The data encryption method according to claim 1, wherein the hybrid splicing of the random code and the data to be encrypted to obtain hybrid data comprises:

intercepting part of random codes in the random codes through intercepted codes, wherein the intercepted codes are the intercepted codes generated through a preset intercepted code algorithm;

4. The data encryption method according to claim 1, wherein the random code is generated according to a preset random code generation algorithm when the first terminal establishes a communication connection with the second terminal.

5. A data decryption method applied to a second terminal is characterized by comprising the following steps:

acquiring a random code;

decomposing the mixed data according to the random code to obtain decrypted data corresponding to the encrypted data;

wherein the acquiring the random code includes:

acquiring a timestamp and a preset key of the encrypted data, wherein the timestamp is a time difference between current time when the data to be encrypted is acquired or a random code is generated and Greenwich mean time;

splicing the timestamp and the preset key into a first character array;

6. The data decryption method of claim 5, wherein the decomposing the mixed data according to the random code to obtain the decrypted data corresponding to the encrypted data comprises:

7. A terminal comprising a memory, a processor and a computer program stored in the memory and executable on the processor, characterized in that the processor implements the method according to any of claims 1 to 4 or claims 5-6 when executing the computer program.

8. A computer-readable storage medium, in which a computer program is stored which, when being executed by a processor, carries out the method according to any one of claims 1 to 4 or claims 5 to 6.