CN113158214A - Intelligent encrypted identification method and device - Google Patents

Intelligent encrypted identification method and device Download PDF

Info

Publication number
CN113158214A
CN113158214A CN202110482615.2A CN202110482615A CN113158214A CN 113158214 A CN113158214 A CN 113158214A CN 202110482615 A CN202110482615 A CN 202110482615A CN 113158214 A CN113158214 A CN 113158214A
Authority
CN
China
Prior art keywords
data
user data
ciphertext
encryption
ciphertext data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110482615.2A
Other languages
Chinese (zh)
Inventor
李增兴
李昀
邓卫兵
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Bank of China Ltd
Original Assignee
Bank of China Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Bank of China Ltd filed Critical Bank of China Ltd
Priority to CN202110482615.2A priority Critical patent/CN113158214A/en
Publication of CN113158214A publication Critical patent/CN113158214A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Abstract

The invention provides an encrypted intelligent identification method and a device, wherein the method comprises the following steps: receiving ciphertext data at least containing user data sent by a data calling party; determining an encryption mode of ciphertext data; according to the encryption mode of the ciphertext data, the ciphertext data is decrypted by combining a target private key corresponding to the target public key to obtain user data; and carrying out intelligent identification on the user data, and feeding back an intelligent identification result to the data calling party. In the scheme, the encrypted intelligent recognition device generates a target public key and a target private key in advance and discloses the target public key to the outside, so that a data encryption party encrypts user data according to the target public key to obtain ciphertext data. The method comprises the steps of receiving ciphertext data sent by a data calling party, decrypting the ciphertext data according to an encryption mode of the ciphertext data and a target private key to obtain user data, and then intelligently identifying the user data to ensure that the user data cannot be leaked in a transmission process and ensure the safety of the user data.

Description

Intelligent encrypted identification method and device
Technical Field
The invention relates to the technical field of data processing, in particular to an encrypted intelligent identification method and device.
Background
With the development of science and technology, the intelligent identification device is more and more widely applied in daily life, and after the intelligent identification device acquires user data, AI identification can be carried out on the user data and an identification result can be fed back.
However, the user data acquired by the intelligent identification device is usually plaintext data, and in the process of transmitting the user data to the intelligent identification device, the user data is easily intercepted, so that the user data is leaked. Therefore, how to ensure the security of the user data when performing AI identification is a problem to be solved urgently.
Disclosure of Invention
In view of this, embodiments of the present invention provide an encrypted intelligent identification method and apparatus, so as to ensure security of user data during transmission.
In order to achieve the above purpose, the embodiments of the present invention provide the following technical solutions:
the first aspect of the embodiment of the invention discloses an encrypted intelligent identification method, which is applied to an encrypted intelligent identification device and comprises the following steps:
receiving ciphertext data at least containing user data sent by a data calling party, wherein the ciphertext data is obtained by encrypting the user data by a specified data encryptor based on a target public key, and the target public key is generated by an encryption intelligent identification device in advance and is disclosed to the data encryptor;
determining an encryption mode of the ciphertext data;
according to the encryption mode of the ciphertext data, combining a target private key corresponding to the target public key, decrypting the ciphertext data to obtain the user data, wherein the target private key is generated by an encrypted intelligent identification device in advance;
and intelligently identifying the user data, and feeding back an intelligent identification result to the data caller.
Preferably, the determining an encryption mode of the ciphertext data includes:
analyzing the ciphertext data to obtain the data length of the ciphertext data;
if the data length is smaller than the length threshold value, determining that the encryption mode of the ciphertext data is a first encryption mode, wherein the first encryption mode is established based on a national password asymmetric encryption algorithm;
and if the data length is greater than or equal to the length threshold value, determining that the encryption mode of the ciphertext data is a second encryption mode, wherein the second encryption mode is established based on a hash algorithm and a symmetric encryption algorithm.
Preferably, if the encryption mode of the ciphertext data is the first encryption mode, the decrypting the ciphertext data to obtain the user data according to the encryption mode of the ciphertext data and by combining a target private key corresponding to the target public key includes:
and decrypting the ciphertext data by using a target private key corresponding to the target public key to obtain the user data.
Preferably, if the encryption mode of the ciphertext data is the second encryption mode, the decrypting the ciphertext data to obtain the user data according to the encryption mode of the ciphertext data and by combining a target private key corresponding to the target public key includes:
analyzing the ciphertext data to obtain an encrypted symmetric key and an encrypted actual ciphertext data, wherein the symmetric key is generated by the data encryptor and is encrypted by using the target public key, the actual ciphertext data is obtained by the data encryptor encrypting the user data and a first hash value by using the symmetric key, and the first hash value is obtained by the data encryptor by using the user data and the hash algorithm;
decrypting the encrypted symmetric key by using a target private key corresponding to the target public key to obtain the symmetric key;
decrypting the actual ciphertext data by using the symmetric key to obtain the user data and the first hash value;
calculating to obtain a second hash value according to the user data and the hash algorithm;
and if the second hash value is equal to the first hash value, determining that the user data is correct user data.
Preferably, after the performing intelligent identification on the user data and feeding back an intelligent identification result to the data caller, the method further includes:
and deleting the user data.
The second aspect of the embodiment of the present invention discloses an encrypted intelligent identification apparatus, which includes:
the receiving unit is used for receiving ciphertext data at least containing user data sent by a data calling party, the ciphertext data is obtained by encrypting the user data by a specified data encryptor based on a target public key, and the target public key is generated by an intelligent encryption identification device in advance and is disclosed to the data encryptor;
a determining unit, configured to determine an encryption mode of the ciphertext data;
the decryption unit is used for decrypting the ciphertext data to obtain the user data by combining a target private key corresponding to the target public key according to the encryption mode of the ciphertext data, and the target private key is generated by an encrypted intelligent identification device in advance;
and the identification unit is used for intelligently identifying the user data and feeding back an intelligent identification result to the data caller.
Preferably, the determining unit is specifically configured to: analyzing the ciphertext data to obtain the data length of the ciphertext data; if the data length is smaller than the length threshold value, determining that the encryption mode of the ciphertext data is a first encryption mode, wherein the first encryption mode is established based on a national password asymmetric encryption algorithm; and if the data length is greater than or equal to the length threshold value, determining that the encryption mode of the ciphertext data is a second encryption mode, wherein the second encryption mode is established based on a hash algorithm and a symmetric encryption algorithm.
Preferably, if the encryption mode of the ciphertext data is the first encryption mode, the decryption unit is specifically configured to: and decrypting the ciphertext data by using a target private key corresponding to the target public key to obtain the user data.
Preferably, if the encryption mode of the ciphertext data is the second encryption mode, the decryption unit includes:
the analysis module is used for analyzing the ciphertext data to obtain an encrypted symmetric key and an encrypted actual ciphertext data, the symmetric key is generated by the data encryption party and is encrypted by using the target public key, the actual ciphertext data is obtained by the data encryption party by encrypting the user data and a first hash value by using the symmetric key, and the first hash value is obtained by the data encryption party by using the user data and the hash algorithm;
the decryption module is used for decrypting the encrypted symmetric key by using a target private key corresponding to the target public key to obtain the symmetric key, and decrypting the actual ciphertext data by using the symmetric key to obtain the user data and the first hash value;
the calculation module is used for calculating to obtain a second hash value according to the user data and the hash algorithm;
a determining module, configured to determine that the user data is correct user data if the second hash value is equal to the first hash value.
Preferably, the apparatus further comprises:
and the deleting unit is used for deleting the user data.
Based on the above method and apparatus for intelligently identifying encryption provided by the embodiments of the present invention, the method is: receiving ciphertext data at least containing user data sent by a data calling party; determining an encryption mode of ciphertext data; according to the encryption mode of the ciphertext data, the ciphertext data is decrypted by combining a target private key corresponding to the target public key to obtain user data; and carrying out intelligent identification on the user data, and feeding back an intelligent identification result to the data calling party. In the scheme, the encrypted intelligent recognition device generates a target public key and a target private key in advance and discloses the target public key to the outside, so that a data encryption party encrypts user data according to the target public key to obtain ciphertext data. The method comprises the steps of receiving ciphertext data sent by a data calling party, decrypting the ciphertext data according to an encryption mode of the ciphertext data and a target private key to obtain user data, and then intelligently identifying the user data to ensure that the user data cannot be leaked in a transmission process and ensure the safety of the user data.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
Fig. 1 is a flowchart of an encrypted intelligent identification method according to an embodiment of the present invention;
fig. 2 is a flowchart of decrypting ciphertext data according to an embodiment of the present invention;
fig. 3 is another flowchart of an encrypted smart identification method according to an embodiment of the present invention;
fig. 4 is a block diagram of an encrypted intelligent identification apparatus according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In this application, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
It can be known from the background art that, in the process of transmitting user data to intelligent equipment for intelligent identification at present, the transmitted user data is plaintext data, and when the user data is intercepted, the user data is leaked, so that the safety of the user data cannot be ensured.
Therefore, the embodiment of the invention provides an encrypted intelligent identification method and device, the encrypted intelligent identification device generates a target public key and a target private key in advance and discloses the target public key to the outside, so that a data encryptor encrypts user data according to the target public key to obtain ciphertext data. And receiving ciphertext data sent by a data calling party, decrypting the ciphertext data according to the encryption mode of the ciphertext data and a target private key to obtain user data, and intelligently identifying the user data to ensure that the user data cannot be leaked in the transmission process so as to ensure the safety of the user data.
It should be noted that the encrypted intelligent identification method provided in the embodiment of the present invention is applied to an encrypted intelligent identification device, where the encrypted intelligent identification device is a device having a data processing function, such as: the chip or processor having a data processing function is not particularly limited to the encrypted smart identification device.
It can be understood that a plurality of encryption algorithms are pre-built in the encrypted smart identification device, such as: the encrypted intelligent recognition device is internally provided with a national password asymmetric encryption algorithm (also called as SM2 algorithm), a hash algorithm (also called as SM3 algorithm) and a symmetric encryption algorithm (also called as SM4 algorithm), a target public key and a target private key are generated in advance in the encrypted intelligent recognition device and are externally disclosed, the target private key is not externally disclosed to ensure safety, and for example, the target public key and the target private key are generated by using the SM2 algorithm in the encrypted intelligent recognition device.
It can be understood that the encrypted intelligent recognition device embeds a simplified version of operating environment (such as Python language, C language, etc.) according to actual requirements, and the encrypted intelligent recognition device can provide measures for preventing electromagnetic attacks, so as to ensure that a target private key in the encrypted intelligent recognition device and user data obtained by decryption cannot be stolen.
It should be noted that, the embodiment of the present invention is not specifically limited with respect to the built-in encryption algorithm in the encrypted smart identification apparatus and the manner of generating the target public key and the target private key.
Referring to fig. 1, a flowchart of an encrypted intelligent recognition method provided by an embodiment of the present invention is shown, where the encrypted intelligent recognition method includes:
step S101: and receiving ciphertext data at least containing user data sent by the data caller.
It should be noted that, as can be seen from the foregoing, the encrypted intelligent identification apparatus generates the corresponding target public key and the target private key in advance according to a preset algorithm, for example, the target public key and the target private key are generated according to the SM2 algorithm.
The intelligent encryption identification device discloses the generated target public key to the outside, namely, the target public key is sent to a designated data encryptor, the designated data encryptor encrypts user data (namely, data required to be intelligently identified) based on the target public key to obtain ciphertext data, the data encryptor sends the ciphertext data to a data caller, and the data caller is an application program required to call a decryption function and an intelligent identification function of the intelligent encryption identification device, such as: the data caller is a designated application system.
It should be noted that, when processing user data, the user data may be compressed into a compressed file.
It can be understood that, when the data encryptor encrypts the user data by using the target public key, the data encryptor encrypts the user data by a corresponding encryption method, where the encryption method is a first encryption method or a second encryption method, and specific contents of the first encryption method (public key encryption method) and the second encryption method (cipher envelope encryption method) are described in detail below.
The first encryption mode is constructed based on a national password asymmetric encryption algorithm, and the second encryption mode is constructed based on a hash algorithm and a symmetric encryption algorithm.
A first encryption mode: and the data encryption party encrypts the user data (the plaintext data at this time) by using the target public key in combination with a preset encryption algorithm (which is consistent with the encryption algorithm for generating the target public key) to obtain ciphertext data. Such as: assuming that the algorithm for generating the target public key is an SM2 algorithm, the data encryptor encrypts the user data by using the target public key in combination with the SM2 algorithm to obtain ciphertext data.
The second encryption mode: the data encryption side calculates the user data by using the SM3 algorithm to obtain a first hash value. And the data encryption party combines the first hash value and the user data to obtain combined data, the data encryption party randomly generates a symmetric key of an SM4 algorithm, and the data encryption party encrypts the combined data by using the symmetric key and the SM4 algorithm to obtain ciphertext data. And the data encryptor encrypts the symmetric key by using the target public key and makes the ciphertext data carry the encrypted symmetric key. That is, the encrypted symmetric key is carried by the ciphertext data sent to the data caller by the data encryptor.
It should be noted that, when the data encryptor encrypts the user data, the data encryptor may select a corresponding encryption method according to actual requirements, for example: and selecting an encryption mode according to the size of the user data, wherein the user data with the size smaller than 256 bytes is encrypted by using a first encryption mode, and the user data with the size larger than 256 bytes is encrypted by using a second encryption mode.
For another example: and for the user data with small data volume and low real-time requirement, encrypting the user data by using a first encryption mode, and for the user data with large data volume and high real-time requirement, encrypting the user data by using a second encryption mode.
In the process of implementing step S101 specifically, ciphertext data at least including user data sent by a data caller is received, and the data caller needs to call an intelligent encryption recognition device to decrypt the ciphertext data and call the intelligent encryption recognition device to intelligently recognize the decrypted user data.
Step S102: and determining the encryption mode of the ciphertext data.
As can be seen from the foregoing, when the data encryptor selects the encryption method of the user data, the data encryptor may select the first encryption method or the second encryption method according to the data length of the user data.
In the process of implementing step S103 specifically, the ciphertext data is analyzed to obtain the data length of the ciphertext data. If the data length is smaller than the length threshold (for example, 256 bytes), the encryption mode of the ciphertext data is determined to be the first encryption mode. And if the data length is greater than or equal to the length threshold value, determining that the encryption mode of the ciphertext data is the second encryption mode.
Preferably, in order to determine the encryption mode according to the data length of the ciphertext data, similarly, the data encryption party may also directly send the instruction for indicating the encryption mode to the intelligent encryption identification device through the data call party, that is, when receiving the ciphertext data, the data encryption party may also receive the instruction for indicating the encryption mode of the ciphertext data at the same time, and the encryption mode of the ciphertext data may be determined by analyzing the instruction.
The method for determining the ciphertext encryption manner is not particularly limited.
Step S103: and according to the encryption mode of the ciphertext data, the ciphertext data is decrypted by combining a target private key corresponding to the target public key to obtain the user data.
In the process of implementing step S103 specifically, if the encryption mode of the ciphertext data is the first encryption mode, the target private key corresponding to the target public key is used to decrypt the ciphertext data to obtain the user data.
If the encryption mode of the ciphertext data is the second encryption mode, the ciphertext data is analyzed to obtain an encrypted symmetric key and actual ciphertext data, the target private key and the encrypted symmetric key are used in combination with a hash algorithm, the actual ciphertext data is decrypted to obtain user data, and the correctness of the user data is verified.
Step S104: and carrying out intelligent identification on the user data, and feeding back an intelligent identification result to the data calling party.
In the process of implementing step S104, after the ciphertext data is decrypted to obtain the user data, the user data is intelligently identified, and a corresponding intelligent identification result is fed back to the data caller.
It can be understood that, if the user data is a compressed file, the user data needs to be decompressed before performing intelligent identification, and then the decompressed data needs to be subjected to intelligent identification.
It should be noted that the intelligent recognition includes, but is not limited to: fingerprint identification, iris identification, voice-print identification and the like, and specific contents of the intelligent identification are not particularly limited.
Such as: and assuming that the user data is a fingerprint picture, decrypting the ciphertext data to obtain the fingerprint picture of the user, and then performing fingerprint identification on the fingerprint picture to obtain an intelligent identification result for indicating whether the fingerprint of the user is matched.
To better explain the contents of the above steps, the following examples are given by way of illustration:
assuming that the data caller is a designated application system and the user data is fingerprint data, in order to ensure the security of the user data, the designated application system is not allowed to acquire the fingerprint data of the unencrypted user.
And the data encryption party encrypts the fingerprint data of the user and the fingerprint data of the public security bureau respectively in a corresponding encryption mode to obtain corresponding ciphertext data, namely the ciphertext data at the moment are two pieces of ciphertext data which are respectively the encrypted fingerprint data of the user and the encrypted fingerprint data of the public security bureau.
And the data encryption party sends the encrypted ciphertext data obtained by encryption to a specified application system, the specified application system sends the ciphertext data to the encrypted intelligent identification device for decryption, and the encrypted intelligent identification device obtains the fingerprint data of the user and the fingerprint data of the public security bureau, wherein the data types of the fingerprint data are plaintext data. The encrypted intelligent identification device carries out fingerprint identification on fingerprint data of a user and fingerprint data of a public security bureau, and feeds back an intelligent identification result indicating whether two groups of fingerprint data are the same person to a specified application system.
Preferably, after the intelligent recognition result is fed back to the data caller, that is, after step S104 is executed, the user data is deleted, so that it is ensured that the user data is not leaked after the intelligent recognition is performed. That is, after the encrypted smart identification device performs smart identification using the user data, the encrypted smart identification device clears the unencrypted user data inside, thereby ensuring that the unencrypted user data is used only inside the encrypted smart identification device, and further ensuring the security of the user data.
In the embodiment of the invention, the encrypted intelligent identification device generates the target public key and the target private key in advance and discloses the target public key to the outside, so that the data encryptor encrypts the user data according to the target public key to obtain the ciphertext data. The method comprises the steps of receiving ciphertext data sent by a data calling party, decrypting the ciphertext data according to an encryption mode of the ciphertext data and a target private key to obtain user data, and then intelligently identifying the user data to ensure that the user data cannot be leaked in a transmission process and ensure the safety of the user data.
In the above process of decrypting ciphertext data in step S103 in fig. 1 according to the embodiment of the present invention, if the encryption mode of the ciphertext data is the second encryption mode, referring to fig. 2, a flowchart of decrypting ciphertext data according to the embodiment of the present invention is shown, and includes:
step S201: and analyzing the ciphertext data to obtain the encrypted symmetric key and the actual ciphertext data.
As can be seen from the content of step S101 in fig. 1 in the embodiment of the present invention, when the data encryptor encrypts the user data in the second encryption manner, the data encryptor encrypts the user data and the first hash value by using the symmetric key, and after encrypting the symmetric key by using the target public key, the data encryptor sends the encrypted user data, the encrypted first hash value, and the encrypted symmetric key to the encrypted intelligent identification device.
In the process of implementing step S201 specifically, the ciphertext data is analyzed to obtain an encrypted symmetric key and actual ciphertext data, where the symmetric key is generated by the data encryptor and is encrypted by using the target public key, and the actual ciphertext data includes: the data encryptor encrypts the user data and the first hash value using the symmetric key.
Step S202: and decrypting the encrypted symmetric key by using a target private key corresponding to the target public key to obtain the symmetric key.
In the process of implementing step S202 specifically, the target private key is used to decrypt the encrypted symmetric key to obtain the symmetric key.
Step S203: and decrypting the actual ciphertext data by using the symmetric key to obtain the user data and the first hash value.
In the process of implementing step S203 specifically, the actual ciphertext data is decrypted by using the symmetric key obtained by decryption, so as to obtain the user data and the first hash value.
Step S204: and calculating to obtain a second hash value according to the user data and the hash algorithm.
In the process of implementing step S204 specifically, the user data obtained by decryption is calculated by using a hash algorithm, so as to obtain a corresponding second hash value.
It is understood that the first hash value is obtained by calculating the user data by using a hash algorithm, and if the second hash value is equal to the first hash value, it indicates that the user data obtained by decryption has not been tampered, and is correct user data.
If the second hash value is not equal to the first hash value, it indicates that the user data obtained by decryption is usurped, that is, the user data obtained by decryption is not the user data encrypted by the data encryption party, and at this time, error reporting processing is performed, and subsequent processing is not performed on the user data.
Step S205: and if the second hash value is equal to the first hash value, determining the user data as correct user data.
Step S206: and if the second hash value is not equal to the first hash value, determining that the user data is tampered.
To better explain the contents of the above steps S201 to S206, the contents shown by the procedures a1 to a12 are exemplified.
A1, the data encryption side calculates the user data1 by using SM3 algorithm to obtain a first hash value check 1.
A2, the data encryptor merges the user data1 and the first hash value check1 to obtain the actual data cdata 1.
A3, the data encryption side randomly generates a symmetric key1 of the SM4 algorithm.
A4, the data encryption party encrypts the actual data cdata1 by using SM4 algorithm and symmetric key1 to obtain actual ciphertext data sdata 1.
A5, the data encryption party encrypts the symmetric key1 by using the target public key to obtain an encrypted symmetric key 2.
A6, the data encryption party sends the encrypted data containing the encrypted symmetric key2 and the actual encrypted data sdata1 to the intelligent encryption identification device through the data calling party.
A7, the intelligent identification device analyzes the ciphertext data to obtain an encrypted symmetric key2 and actual ciphertext data sdata 1.
A8, the encrypted intelligent recognition device decrypts the encrypted symmetric key2 by using the target private key to obtain a symmetric key 1.
A9, the encrypted smart identification device decrypts the actual ciphertext data sdata1 by using the symmetric key1 to obtain actual data cdata1 (which contains the first hash value check1), and at this time, the user data contained in the actual data cdata1 is temporarily called user data to be verified 2.
A10, the intelligent encryption identification device calculates the data2 of the user to be verified by using SM3 algorithm to obtain a second hash value check 2.
A11, if the second hash value check2 is equal to the first hash value check1, it indicates that the user data2 to be verified is the user data1, the intelligent encryption identification device intelligently identifies the user data1 and feeds back an intelligent result to the data caller, and the user data1 is deleted after the intelligent identification result is fed back.
A12, if the second hash value check2 is not equal to the first hash value check1, that is, the user data2 to be verified is not the user data1, indicating that the user data1 is tampered, and performing error reporting processing.
In the embodiment of the present invention, if the encryption mode of the ciphertext data is the second encryption mode, the ciphertext data is decrypted by using the decryption mode corresponding to the second encryption mode to obtain the user data, and whether the obtained user data is tampered is verified. If the user data is not tampered, the user data is intelligently identified, the safety of the user data is guaranteed, meanwhile, the accuracy of the user data for intelligent identification is guaranteed, and the accuracy and the safety of intelligent identification are guaranteed.
To better explain the interaction process of the data encryptor, the data invoker and the encrypted intelligent identification device referred to in fig. 1 of the above embodiment of the present invention, the explanation is made by the contents shown in fig. 3. It should be noted that fig. 3 is only an example.
Referring to fig. 3, another flowchart of an encrypted smart identification method according to an embodiment of the present invention is shown, including the following steps:
step S301: the intelligent encryption recognition device generates a target public key and a target private key by using an SM2 algorithm, and discloses the target public key to the data encryptor.
Step S302: and the data encryption party encrypts the user data by using the target public key to obtain ciphertext data.
Step S303: and the data calling party sends the ciphertext data to the intelligent encryption identification device.
Step S304: the encrypted intelligent identification device decrypts the ciphertext data by using the target private key to obtain the user data.
Step S305: the encrypted intelligent identification device utilizes an intelligent identification algorithm to intelligently identify the user data to obtain an intelligent identification result.
Step S306: and the encrypted intelligent identification device feeds the intelligent identification result back to the data caller.
Corresponding to the above-mentioned encrypted intelligent identification method provided by the embodiment of the present invention, referring to fig. 4, the embodiment of the present invention further provides a structural block diagram of an encrypted intelligent identification apparatus, where the encrypted intelligent identification apparatus includes: a receiving unit 401, a determining unit 402, a decrypting unit 403, and an identifying unit 404;
the receiving unit 401 is configured to receive ciphertext data at least including user data sent by the data caller, where the ciphertext data is obtained by encrypting the user data based on a target public key by a designated data encryptor, and the target public key is generated by the intelligent encryption identification device in advance and is disclosed to the data encryptor.
A determining unit 402, configured to determine an encryption mode of the ciphertext data.
In a specific implementation, the determining unit 402 is specifically configured to: analyzing the ciphertext data to obtain the data length of the ciphertext data; if the data length is smaller than the length threshold value, determining that the encryption mode of the ciphertext data is a first encryption mode, and constructing the first encryption mode based on a national password asymmetric encryption algorithm; and if the data length is greater than or equal to the length threshold value, determining that the encryption mode of the ciphertext data is a second encryption mode, and constructing the second encryption mode based on the hash algorithm and the symmetric encryption algorithm.
And a decryption unit 403, configured to decrypt the ciphertext data according to the encryption manner of the ciphertext data and by combining with a target private key corresponding to the target public key, to obtain user data, where the target private key is generated by the encrypted intelligent identification apparatus in advance.
In a specific implementation, the decryption unit 403 is specifically configured to: if the encryption mode of the ciphertext data is the first encryption mode, the decryption unit is specifically configured to: and decrypting the ciphertext data by using the target private key corresponding to the target public key to obtain the user data.
And the identification unit 404 is configured to perform intelligent identification on the user data, and feed back an intelligent identification result to the data caller.
In the embodiment of the invention, the encrypted intelligent identification device generates the target public key and the target private key in advance and discloses the target public key to the outside, so that the data encryptor encrypts the user data according to the target public key to obtain the ciphertext data. The method comprises the steps of receiving ciphertext data sent by a data calling party, decrypting the ciphertext data according to an encryption mode of the ciphertext data and a target private key to obtain user data, and then intelligently identifying the user data to ensure that the user data cannot be leaked in a transmission process and ensure the safety of the user data.
Preferably, with reference to the contents shown in fig. 4, if the encryption method of the ciphertext data is the second encryption method, the decryption unit 403 includes: the device comprises an analysis module, a decryption module, a calculation module and a determination module, wherein the execution principle of each module is as follows:
the analysis module is used for analyzing the ciphertext data to obtain an encrypted symmetric key and actual ciphertext data, the symmetric key is generated by a data encryption party and is encrypted by using a target public key, the actual ciphertext data is obtained by the data encryption party by encrypting the user data and a first hash value by using the symmetric key, and the first hash value is obtained by the data encryption party by using the user data and a hash algorithm.
And the decryption module is used for decrypting the encrypted symmetric key by using a target private key corresponding to the target public key to obtain a symmetric key, and decrypting the actual ciphertext data by using the symmetric key to obtain the user data and the first hash value.
And the calculating module is used for calculating to obtain a second hash value according to the user data and the hash algorithm.
And the determining module is used for determining the user data to be correct user data if the second hash value is equal to the first hash value.
In the embodiment of the present invention, if the encryption mode of the ciphertext data is the second encryption mode, the ciphertext data is decrypted by using the decryption mode corresponding to the second encryption mode to obtain the user data, and whether the obtained user data is tampered is verified. If the user data is not tampered, the user data is intelligently identified, the safety of the user data is guaranteed, meanwhile, the accuracy of the user data for intelligent identification is guaranteed, and the accuracy and the safety of intelligent identification are guaranteed.
Preferably, in combination with the content shown in fig. 4, the encrypted smart identification apparatus further includes:
and a deleting unit configured to delete the user data.
In summary, the embodiments of the present invention provide an encrypted intelligent identification method and apparatus, where the encrypted intelligent identification apparatus generates a target public key and a target private key in advance and discloses the target public key to the outside, so that a data encryptor encrypts user data according to the target public key to obtain ciphertext data. The method comprises the steps of receiving ciphertext data sent by a data calling party, decrypting the ciphertext data according to an encryption mode of the ciphertext data and a target private key to obtain user data, and then intelligently identifying the user data to ensure that the user data cannot be leaked in a transmission process and ensure the safety of the user data.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, the system or system embodiments are substantially similar to the method embodiments and therefore are described in a relatively simple manner, and reference may be made to some of the descriptions of the method embodiments for related points. The above-described system and system embodiments are only illustrative, wherein the units described as separate parts may or may not be physically separate, and the parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative components and steps have been described above generally in terms of their functionality in order to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims (10)

1. An encrypted intelligent identification method is applied to an encrypted intelligent identification device, and comprises the following steps:
receiving ciphertext data at least containing user data sent by a data calling party, wherein the ciphertext data is obtained by encrypting the user data by a specified data encryptor based on a target public key, and the target public key is generated by an encryption intelligent identification device in advance and is disclosed to the data encryptor;
determining an encryption mode of the ciphertext data;
according to the encryption mode of the ciphertext data, combining a target private key corresponding to the target public key, decrypting the ciphertext data to obtain the user data, wherein the target private key is generated by an encrypted intelligent identification device in advance;
and intelligently identifying the user data, and feeding back an intelligent identification result to the data caller.
2. The method of claim 1, wherein the determining the encryption mode of the ciphertext data comprises:
analyzing the ciphertext data to obtain the data length of the ciphertext data;
if the data length is smaller than the length threshold value, determining that the encryption mode of the ciphertext data is a first encryption mode, wherein the first encryption mode is established based on a national password asymmetric encryption algorithm;
and if the data length is greater than or equal to the length threshold value, determining that the encryption mode of the ciphertext data is a second encryption mode, wherein the second encryption mode is established based on a hash algorithm and a symmetric encryption algorithm.
3. The method according to claim 2, wherein if the encryption mode of the ciphertext data is the first encryption mode, the decrypting the ciphertext data to obtain the user data according to the encryption mode of the ciphertext data and a target private key corresponding to the target public key includes:
and decrypting the ciphertext data by using a target private key corresponding to the target public key to obtain the user data.
4. The method according to claim 2, wherein if the encryption mode of the ciphertext data is the second encryption mode, the decrypting the ciphertext data to obtain the user data according to the encryption mode of the ciphertext data and a target private key corresponding to the target public key includes:
analyzing the ciphertext data to obtain an encrypted symmetric key and an encrypted actual ciphertext data, wherein the symmetric key is generated by the data encryptor and is encrypted by using the target public key, the actual ciphertext data is obtained by the data encryptor encrypting the user data and a first hash value by using the symmetric key, and the first hash value is obtained by the data encryptor by using the user data and the hash algorithm;
decrypting the encrypted symmetric key by using a target private key corresponding to the target public key to obtain the symmetric key;
decrypting the actual ciphertext data by using the symmetric key to obtain the user data and the first hash value;
calculating to obtain a second hash value according to the user data and the hash algorithm;
and if the second hash value is equal to the first hash value, determining that the user data is correct user data.
5. The method according to claim 1, wherein after the intelligently identifying the user data and feeding back the intelligent identification result to the data caller, further comprising:
and deleting the user data.
6. An encrypted smart identification device, the device comprising:
the receiving unit is used for receiving ciphertext data at least containing user data sent by a data calling party, the ciphertext data is obtained by encrypting the user data by a specified data encryptor based on a target public key, and the target public key is generated by an intelligent encryption identification device in advance and is disclosed to the data encryptor;
a determining unit, configured to determine an encryption mode of the ciphertext data;
the decryption unit is used for decrypting the ciphertext data to obtain the user data by combining a target private key corresponding to the target public key according to the encryption mode of the ciphertext data, and the target private key is generated by an encrypted intelligent identification device in advance;
and the identification unit is used for intelligently identifying the user data and feeding back an intelligent identification result to the data caller.
7. The apparatus according to claim 6, wherein the determining unit is specifically configured to: analyzing the ciphertext data to obtain the data length of the ciphertext data; if the data length is smaller than the length threshold value, determining that the encryption mode of the ciphertext data is a first encryption mode, wherein the first encryption mode is established based on a national password asymmetric encryption algorithm; and if the data length is greater than or equal to the length threshold value, determining that the encryption mode of the ciphertext data is a second encryption mode, wherein the second encryption mode is established based on a hash algorithm and a symmetric encryption algorithm.
8. The apparatus of claim 7, wherein if the encryption mode of the ciphertext data is the first encryption mode, the decryption unit is specifically configured to: and decrypting the ciphertext data by using a target private key corresponding to the target public key to obtain the user data.
9. The apparatus according to claim 7, wherein if the encryption scheme of the ciphertext data is the second encryption scheme, the decryption unit comprises:
the analysis module is used for analyzing the ciphertext data to obtain an encrypted symmetric key and an encrypted actual ciphertext data, the symmetric key is generated by the data encryption party and is encrypted by using the target public key, the actual ciphertext data is obtained by the data encryption party by encrypting the user data and a first hash value by using the symmetric key, and the first hash value is obtained by the data encryption party by using the user data and the hash algorithm;
the decryption module is used for decrypting the encrypted symmetric key by using a target private key corresponding to the target public key to obtain the symmetric key, and decrypting the actual ciphertext data by using the symmetric key to obtain the user data and the first hash value;
the calculation module is used for calculating to obtain a second hash value according to the user data and the hash algorithm;
a determining module, configured to determine that the user data is correct user data if the second hash value is equal to the first hash value.
10. The apparatus of claim 7, further comprising:
and the deleting unit is used for deleting the user data.
CN202110482615.2A 2021-04-30 2021-04-30 Intelligent encrypted identification method and device Pending CN113158214A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110482615.2A CN113158214A (en) 2021-04-30 2021-04-30 Intelligent encrypted identification method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110482615.2A CN113158214A (en) 2021-04-30 2021-04-30 Intelligent encrypted identification method and device

Publications (1)

Publication Number Publication Date
CN113158214A true CN113158214A (en) 2021-07-23

Family

ID=76873085

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110482615.2A Pending CN113158214A (en) 2021-04-30 2021-04-30 Intelligent encrypted identification method and device

Country Status (1)

Country Link
CN (1) CN113158214A (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2004105310A1 (en) * 2003-05-19 2004-12-02 Fujitsu Limited Encrypting device, decrypting device, encrypting method, decrypting method, encrypting program, and decrypting program
CN110430571A (en) * 2019-08-10 2019-11-08 广东伟兴电子科技有限公司 A kind of face recognition device and implementation method based on 5G framework
CN111159780A (en) * 2019-12-30 2020-05-15 普联技术有限公司 Hardware encryption method, hardware decryption method and hardware decryption device
CN112235107A (en) * 2020-10-27 2021-01-15 南方电网科学研究院有限责任公司 Data transmission method, device, equipment and storage medium
CN112615660A (en) * 2020-11-27 2021-04-06 北京中电飞华通信有限公司 Data security transmission method and system for satellite short message communication

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2004105310A1 (en) * 2003-05-19 2004-12-02 Fujitsu Limited Encrypting device, decrypting device, encrypting method, decrypting method, encrypting program, and decrypting program
CN110430571A (en) * 2019-08-10 2019-11-08 广东伟兴电子科技有限公司 A kind of face recognition device and implementation method based on 5G framework
CN111159780A (en) * 2019-12-30 2020-05-15 普联技术有限公司 Hardware encryption method, hardware decryption method and hardware decryption device
CN112235107A (en) * 2020-10-27 2021-01-15 南方电网科学研究院有限责任公司 Data transmission method, device, equipment and storage medium
CN112615660A (en) * 2020-11-27 2021-04-06 北京中电飞华通信有限公司 Data security transmission method and system for satellite short message communication

Similar Documents

Publication Publication Date Title
CN110138744B (en) Method, device and system for replacing communication number, computer equipment and storage medium
CN107786331B (en) Data processing method, device, system and computer readable storage medium
EP2743842A1 (en) Secure search processing system and secure search processing method
CN111130803A (en) Method, system and device for digital signature
CN110690956B (en) Bidirectional authentication method and system, server and terminal
CN109145628B (en) Data acquisition method and system based on trusted execution environment
CN114637987B (en) Security chip firmware downloading method and system based on platform verification
CN111294203B (en) Information transmission method
CN112823503B (en) Data access method, data access device and mobile terminal
CN106685897B (en) Safe input method, device and system
CN111970109A (en) Data transmission method and system
CN113301036A (en) Communication encryption method and device, equipment and storage medium
CN112966287B (en) Method, system, device and computer readable medium for acquiring user data
CN114501431A (en) Message transmission method and device, storage medium and electronic equipment
CN114785527B (en) Data transmission method, device, equipment and storage medium
CN108513272B (en) Short message processing method and device
EP4318354A1 (en) Account opening method, system, and apparatus
CN111835519A (en) Covert communication method based on public block chain
CN113158214A (en) Intelligent encrypted identification method and device
CN113946862A (en) Data processing method, device and equipment and readable storage medium
CN110071908B (en) Terminal binding method and device, computer equipment and storage medium
CN114124914A (en) Data security transmission method and device, computer equipment and storage medium
CN111988325A (en) Transaction information processing system, method, apparatus, computer device and storage medium
CN111431846A (en) Data transmission method, device and system
CN114928756B (en) Video data protection, encryption and verification method, system and equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination