CN114124469B - Data processing method, device and equipment - Google Patents

Data processing method, device and equipment Download PDF

Info

Publication number
CN114124469B
CN114124469B CN202111272782.0A CN202111272782A CN114124469B CN 114124469 B CN114124469 B CN 114124469B CN 202111272782 A CN202111272782 A CN 202111272782A CN 114124469 B CN114124469 B CN 114124469B
Authority
CN
China
Prior art keywords
data
indication information
encrypted data
salt value
extracted
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202111272782.0A
Other languages
Chinese (zh)
Other versions
CN114124469A (en
Inventor
吕亚明
赵发
武江涛
刘运
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Sankuai Online Technology Co Ltd
Original Assignee
Beijing Sankuai Online Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Sankuai Online Technology Co Ltd filed Critical Beijing Sankuai Online Technology Co Ltd
Priority to CN202111272782.0A priority Critical patent/CN114124469B/en
Publication of CN114124469A publication Critical patent/CN114124469A/en
Application granted granted Critical
Publication of CN114124469B publication Critical patent/CN114124469B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0457Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply dynamic encryption, e.g. stream encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0471Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying encryption by an intermediary, e.g. receiving clear information at the intermediary and encrypting the received information at the intermediary before forwarding

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The application discloses a data processing method, device and equipment, and belongs to the field of information security. The method comprises the following steps: acquiring target data to be encrypted and a current dynamic key; encrypting the target data based on the dynamic key and the encryption algorithm to obtain intermediate encrypted data; and inserting indication information into the intermediate state encrypted data based on an insertion rule to obtain the finished state encrypted data, wherein the indication information is used for indicating the dynamic key. By adopting the application, the computer processing resources in the data processing process can be saved, and the data processing efficiency can be improved.

Description

Data processing method, device and equipment
Technical Field
The present application relates to the field of information security, and in particular, to a method, an apparatus, and a device for data processing.
Background
With the development of computer technology, computer devices are widely used to store data, and large amounts of sensitive information such as private documents, business secrets, transaction records, etc. are often stored in computer devices. To ensure the privacy of these sensitive information, encryption processing using data encryption techniques is required. The dynamic key data encryption technology is one of the data encryption technologies
Currently, a dynamic key data encryption technology generally encrypts original text data by using a dynamic key and an encryption algorithm to obtain encrypted data for storage. When the original text data is to be used, the dynamic key and the decryption algorithm can be used for decrypting the encrypted data and restoring the encrypted data into the original text data. Wherein the dynamic key is referred to as "dynamic" because it is a key that is updated on a periodic basis. After the dynamic key is updated, the old dynamic key is deleted. Since the encryption algorithm and the decryption algorithm need to use the same dynamic key, the new dynamic key cannot decrypt the historical encrypted data encrypted using the old dynamic key. Therefore, when the dynamic key is updated, the stored historical encrypted data needs to be decrypted into the original text data by using the old dynamic key, and then the original text data needs to be encrypted into the encrypted data by using the new dynamic key.
Each time the dynamic key is updated, a large amount of historical encrypted data needs to be decrypted and re-encrypted, which occupies a large amount of computer processing resources.
Disclosure of Invention
The embodiment of the application provides a data processing method, device and equipment, which can solve the problem that a large amount of computer processing resources are occupied in the prior art.
In a first aspect, there is provided a method of data processing, the method comprising: acquiring target data to be encrypted and a current dynamic key; encrypting the target data based on the dynamic key and the encryption algorithm to obtain intermediate encrypted data; and inserting indication information into the intermediate state encrypted data based on an insertion rule to obtain the finished state encrypted data, wherein the indication information is used for indicating the dynamic key.
In one possible implementation manner, the encrypting the target data based on the dynamic key and the encryption algorithm to obtain intermediate encrypted data includes: encrypting the target data based on the dynamic key, the salt value and the encryption algorithm to obtain intermediate encrypted data; the inserting the indication information into the intermediate state encrypted data based on the inserting rule to obtain the completion state encrypted data comprises the following steps: and inserting the indication information and the salt value into the intermediate state encrypted data based on an insertion rule to obtain the finished state encrypted data.
In one possible implementation manner, the inserting, based on an insertion rule, the indication information and the salt value into the intermediate encrypted data to obtain the completion encrypted data includes: and respectively inserting the indication information and the salt value into a first appointed position and a second appointed position of the intermediate state encrypted data to obtain the finished state encrypted data.
In one possible implementation manner, the inserting, based on an insertion rule, the indication information and the salt value into the intermediate encrypted data to obtain the completion encrypted data includes: dividing the indication information into a first number of equal-length indication information segments, and dividing the salt value into a second number of equal-length salt value segments; and inserting each indication information segment and each salt value segment into each designated position of the intermediate state encrypted data respectively based on the arrangement sequence of each indication information segment in the indication information, the arrangement sequence of each salt value segment in the salt value and the arrangement sequence of a plurality of designated positions to obtain the completion state encrypted data.
In one possible implementation manner, the inserting, based on an insertion rule, the indication information and the salt value into the intermediate encrypted data to obtain the completion encrypted data includes: based on a fusion rule, fusing the indication information and the salt value to obtain fusion data; and based on an insertion rule, inserting the fusion data into the intermediate state encrypted data to obtain the finished state encrypted data.
In one possible implementation, the indication information is the dynamic key or an identification of the dynamic key.
In a second aspect, there is provided a method of data processing, the method comprising: acquiring completion state encryption data; based on the extraction rule, carrying out data extraction in the finished state encryption data to obtain extracted data and residual data after the data extraction; determining indication information based on the extracted data, and determining intermediate state encryption data based on the data remaining after the data extraction, wherein the indication information is used for indicating the dynamic key; and decrypting the intermediate state encrypted data based on a decryption algorithm and a dynamic key corresponding to the indication information to obtain target data.
In one possible implementation, the method further includes: determining a salt value based on the extracted data; the decrypting the intermediate encrypted data based on the decryption algorithm and the dynamic key corresponding to the indication information to obtain target data comprises the following steps: and decrypting the intermediate state encrypted data based on a decryption algorithm, the salt value and the dynamic key corresponding to the indication information to obtain target data.
In one possible implementation manner, the extracting data in the completion state encrypted data based on the extraction rule includes: based on the extraction rule, extracting data at a third designated position and a fourth designated position in the finished encrypted data; the determining indication information based on the extracted data includes: determining the data extracted from the third designated position as indication information; the determining a salt value based on the extracted data includes: and determining the data extracted from the fourth designated position as a salt value.
In one possible implementation manner, the extracting data in the completion state encrypted data based on the extraction rule includes: based on the extraction rule, extracting data at a plurality of designated positions in the completion state encryption data; the determining indication information based on the extracted data includes: acquiring data extracted from N specified positions in a plurality of specified positions, and combining the data extracted from the N specified positions to obtain indication information; the determining a salt value based on the extracted data includes: and acquiring data extracted from M specified positions except the N specified positions in the specified positions, and combining the data extracted from the M specified positions to obtain a salt value.
In one possible implementation manner, the determining the indication information based on the extracted data and determining the salt value based on the extracted data includes: and separating the extracted data based on a separation rule to obtain indication information and a salt value.
In one possible implementation, the indication information is the dynamic key or an identification of the dynamic key.
In a third aspect, there is provided an apparatus for data processing, the apparatus comprising: the first acquisition module is used for acquiring target data to be encrypted and a current dynamic key; the encryption module is used for encrypting the target data based on the dynamic key and the encryption algorithm to obtain intermediate encrypted data; the inserting module is used for inserting the indicating information into the intermediate state encrypted data based on the inserting rule to obtain the finished state encrypted data, wherein the indicating information is used for indicating the dynamic key.
In one possible implementation manner, the encryption module is configured to: encrypting the target data based on the dynamic key, the salt value and the encryption algorithm to obtain intermediate encrypted data; the insertion module is used for: and inserting the indication information and the salt value into the intermediate state encrypted data based on an insertion rule to obtain the finished state encrypted data.
In one possible implementation manner, the insertion-based module is configured to: and respectively inserting the indication information and the salt value into a first appointed position and a second appointed position of the intermediate state encrypted data to obtain the finished state encrypted data.
In one possible implementation manner, the inserting module is configured to: dividing the indication information into a first number of equal-length indication information segments, and dividing the salt value into a second number of equal-length salt value segments; and inserting each indication information segment and each salt value segment into each designated position of the intermediate state encrypted data respectively based on the arrangement sequence of each indication information segment in the indication information, the arrangement sequence of each salt value segment in the salt value and the arrangement sequence of a plurality of designated positions to obtain the completion state encrypted data.
In one possible implementation manner, the inserting module is configured to: based on a fusion rule, fusing the indication information and the salt value to obtain fusion data; and based on an insertion rule, inserting the fusion data into the intermediate state encrypted data to obtain the finished state encrypted data.
In one possible implementation, the indication information is the dynamic key or an identification of the dynamic key.
In a fourth aspect, there is provided an apparatus for data processing, the apparatus comprising: the second acquisition module is used for acquiring the completion state encryption data; the extraction module is used for extracting data from the completion state encrypted data based on an extraction rule to obtain extracted data and residual data after the data extraction; the determining module is used for determining indication information based on the extracted data and determining intermediate state encryption data based on the data remained after the data extraction, wherein the indication information is used for indicating the dynamic key; and the decryption module is used for decrypting the intermediate state encrypted data based on a decryption algorithm and a dynamic key corresponding to the indication information to obtain target data.
In one possible implementation, the determining module is further configured to: determining a salt value based on the extracted data; the decryption module is used for: and decrypting the intermediate state encrypted data based on a decryption algorithm, the salt value and the dynamic key corresponding to the indication information to obtain target data.
In one possible implementation manner, the extracting module is configured to: based on the extraction rule, extracting data at a third designated position and a fourth designated position in the finished encrypted data; the determining module is used for: determining the data extracted from the third designated position as indication information; and determining the data extracted from the fourth designated position as a salt value.
In one possible implementation manner, the extracting module is configured to: based on the extraction rule, extracting data at a plurality of designated positions in the completion state encryption data; the determining module is used for: acquiring data extracted from N specified positions in a plurality of specified positions, and combining the data extracted from the N specified positions to obtain indication information; and acquiring data extracted from M specified positions except the N specified positions in the specified positions, and combining the data extracted from the M specified positions to obtain a salt value.
In one possible implementation manner, the determining module is configured to: and separating the extracted data based on a separation rule to obtain indication information and a salt value.
In one possible implementation, the indication information is the dynamic key or an identification of the dynamic key.
In a fifth aspect, a computer device is provided, the computer device comprising a processor and a memory having stored therein at least one instruction that is loaded and executed by the processor to perform operations performed by a method of data processing.
In a sixth aspect, a computer readable storage medium having stored therein at least one instruction for loading by a processor and performing operations performed in a method of data processing is provided.
In a seventh aspect, a computer program product is provided, the computer program product comprising computer program code which, when executed by a computer device, performs operations performed in a method of data processing.
In this embodiment, the target data is encrypted based on the dynamic key and the encryption algorithm to obtain intermediate encrypted data, and then the dynamic key is inserted into the intermediate encrypted data to obtain the completed encrypted data. Thus, after the dynamic key is updated, even if the old dynamic key is deleted, the old dynamic key is still carried in the historical encryption data, and the old dynamic key can be extracted from the historical encryption data for decryption. Therefore, the process of decrypting and re-encrypting the historical encrypted data is not needed when the dynamic key is updated every time, and a large amount of computer processing resources can be saved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings required for the description of the embodiments will be briefly described below, and it is apparent that the drawings in the following description are only some embodiments of the present application, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a schematic diagram of a computer device according to an embodiment of the present application;
FIG. 2 is a schematic flow chart of a data processing according to an embodiment of the present application;
FIG. 3 is a schematic diagram of a designated location of intermediate encrypted data according to an embodiment of the present application;
FIG. 4 is a schematic diagram of a process for inserting data according to an embodiment of the present application;
FIG. 5 is a schematic diagram of a process for inserting data according to an embodiment of the present application;
FIG. 6 is a schematic flow chart of a data processing according to an embodiment of the present application;
FIG. 7 is a schematic diagram of a designated location of completion status encrypted data according to an embodiment of the present application;
FIG. 8 is a schematic diagram of a process for extracting data according to an embodiment of the present application;
FIG. 9 is a schematic diagram of a process for extracting data according to an embodiment of the present application;
FIG. 10 is a schematic flow chart of a data processing according to an embodiment of the present application;
FIG. 11 is a schematic diagram of a process for processing data using salt values according to an embodiment of the present application;
FIG. 12 is a schematic diagram of a process for inserting data according to an embodiment of the present application;
FIG. 13 is a schematic diagram of a process for inserting data according to an embodiment of the present application;
FIG. 14 is a schematic flow chart of a data processing according to an embodiment of the present application;
FIG. 15 is a schematic diagram of a process for extracting data according to an embodiment of the present application;
FIG. 16 is a schematic diagram of a process for extracting data according to an embodiment of the present application;
FIG. 17 is a schematic diagram of a process for processing data using salt values according to an embodiment of the present application;
FIG. 18 is a schematic diagram of a data processing apparatus according to an embodiment of the present application;
FIG. 19 is a schematic diagram of a data processing apparatus according to an embodiment of the present application;
fig. 20 is a schematic structural diagram of a computer device according to an embodiment of the present application.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the present application more apparent, the embodiments of the present application will be described in further detail with reference to the accompanying drawings.
The embodiment of the application provides a data processing method which can be realized by computer equipment. The computer device may be a server or a terminal or the like. The terminal may be a desktop computer, notebook computer, tablet computer, cell phone, etc. The server may be a storage server. The server may be a single server or a server group formed by a plurality of servers.
From a hardware composition perspective, the structure of the computer device may be as shown in fig. 1, including a processor 101 and a memory 102.
The processor 101 may be a central processing unit (central processing unit, CPU) or a system on chip (SoC) or the like, and the processor 101 may be configured to execute a program for executing an encryption algorithm, or the like.
The memory 102 may include various volatile memories or non-volatile memories, such as Solid State Disk (SSD), dynamic random access memory (dynamic random access memory, DRAM) memory, and the like. The memory 102 may be used to store target data, dynamic keys, indication information, intermediate state encrypted data, completion state encrypted data, and the like.
In addition to the processor 101, the memory 102, the computer device 10 may also include a communication component 103, a display component 104.
The communication component 103 may be a wired network connector, a wireless fidelity (wireless fidelity, wiFi) module, a bluetooth module, a cellular network communication module, or the like. The communication unit 103 may be used for data transmission with other devices, which may be servers or terminals. For example, the computer device 10 may receive the target data, the completion state encrypted data, and may also send the target data, the completion state encrypted data to a server for storage.
The display section 104 may be a separate screen, a screen integrated with the body of the computer apparatus, a projector, or the like, and is used to display a system interface, an application interface, or the like, and for example, the display section may display target data, also may display finish state encrypted data, or the like.
In the embodiment of the present application, the execution body is a storage server, and other cases are similar, and the embodiment of the present application is not described in detail.
The data processing method provided by the embodiment of the application can be applied to an application scene of data storage of the storage server. The terminal may have service data uploaded to the server for storage during the process of running the application program, or other servers (such as a service server) may have service data sent to the storage server for storage during the process of performing service processing. After receiving the service data sent by the terminal or other servers, the storage server can encrypt the service data and then store the encrypted data. When the subsequent terminal or other server requests to read the data, the encrypted data can be decrypted, and then the decrypted data is sent to the terminal or other server.
Fig. 2 is an encryption flow chart of a method for processing data according to an embodiment of the present application. Referring to fig. 2, the method may include the steps of:
and 201, acquiring target data to be encrypted and a current dynamic key.
The server may be preset with a dynamic key generation algorithm, and each time a key update period is reached, the dynamic key generation algorithm is run to generate an updated dynamic key. The generated dynamic key is then used to replace the currently stored dynamic key. The newly generated dynamic key can use the duration of a key update period, and after the key update period, the dynamic key is updated and replaced.
Optionally, after generating the updated dynamic key, at least one test may be performed on the updated dynamic key. The testing mode may be that the dynamic key is used to encrypt the first sample data according to the data processing method provided by the embodiment of the present application to obtain the test completion state encrypted data, and then decrypt the test completion state encrypted data according to the corresponding data processing method provided by the embodiment of the present application to obtain the second sample data. If the first sample data is consistent with the second sample data, the dynamic key may be deemed to pass the test. After the updated dynamic key passes the test, the currently stored dynamic key can be replaced.
The storage server receives a data storage request sent by the terminal or other servers, and after acquiring the data carried in the data (namely the target data), the storage server needs to encrypt the data and then store the data, namely the data to be encrypted. At this point, the server may obtain the currently stored dynamic key for subsequent encryption processing.
And 202, encrypting the target data based on the dynamic key and the encryption algorithm to obtain intermediate encrypted data.
In practice, the dynamic key and the target data may be input into an encryption algorithm to obtain intermediate state encrypted data. The encryption algorithm may be a Lu Wa counter mode (advanced encryption standard galois/counter mode, AES-GCM) algorithm or the like in advanced encryption standards.
And 203, inserting the indication information into the intermediate state encrypted data based on the insertion rule to obtain the finished state encrypted data.
Wherein the indication information is a dynamic key or an identification of the dynamic key for indicating the dynamic key. That is, a dynamic key can be uniquely determined based on the indication information. For the case that the indication information is an identification of the dynamic key, the data length of the identification may be smaller or even much smaller than the data length of the dynamic key, so that the data storage space may be saved with the identification of the dynamic key compared to with the dynamic key. The identification of the dynamic key may take many possible forms, for example, it may be a sequential number of the dynamic key or a memory address of the dynamic key.
In implementations, the dynamic key may be inserted into the intermediate state encrypted data based on an insertion rule. The dynamic key is stored in the storage medium without being inserted, the sequence number or the storage address of the dynamic key is used as the identification of the dynamic key, and then the identification of the dynamic key is inserted into the intermediate encrypted data based on the insertion rule to obtain the completion encrypted data corresponding to the target data. The storage server can allocate a data identifier for the target data, store the completion state encrypted data corresponding to the data identifier, and feed back the identifier to the terminal or other servers sending the data storage request.
The insertion rules may vary, including:
and inserting the first rule, namely inserting the indication information into the appointed position of the intermediate state encrypted data to obtain the finished state encrypted data.
Wherein the designated location of the intermediate encrypted data is between two adjacent data bits. For example, as shown in fig. 3, the designated position of the intermediate state encrypted data may be between the 1 st bit data and the 2 nd bit data of the intermediate state encrypted data, or between the 2 nd bit data and the 3 rd bit data. The designated location of the intermediate state encrypted data may be pre-stored.
In the implementation, the indication information and the intermediate state encrypted data are acquired first, and the designated position of the pre-stored intermediate state encrypted data is acquired. For example, as shown in fig. 3, the designated position of the intermediate state encrypted data may be between bit 1 data and bit 2 data of the intermediate state encrypted data. Then, as shown in fig. 4, the instruction information is inserted into a specified position of the intermediate state encrypted data, resulting in the completed state encrypted data.
And the second insertion rule is used for dividing the indication information into a first number of indication information segments with equal length, and inserting each indication information segment into each designated position of the intermediate state encrypted data respectively based on the arrangement sequence of each indication information segment in the indication information and the arrangement sequence of a plurality of designated positions of the intermediate state encrypted data to obtain the finished state encrypted data.
The data length of the indication information may be fixed, and the first number may be a preset number, so as to ensure that the indication information is segmented into indication information segments with equal lengths. The number of indication information segments is the same as the number of specified positions. The designated positions of the intermediate state encrypted data may be pre-stored, each designated position may have a corresponding sequence number, and the sequence number of the designated position of the intermediate state encrypted data may indicate the arrangement order of the designated position in the intermediate state encrypted data. For example, the sequence number of the first designated location of the intermediate encrypted data is 1, and the sequence number of the second designated location of the intermediate encrypted data is 2.
In implementation, the indication information and the intermediate encrypted data are acquired first, the indication information is split into a first number of indication information segments with equal length, for example, as shown in fig. 5, the indication information with the data length of 128 bits is split into 2 indication information segments with equal length, and the data length of each indication information segment is 64 bits. Acquiring a plurality of designated positions of the prestored intermediate state encrypted data and sequence numbers corresponding to the designated positions, for example, acquiring the plurality of designated positions of the prestored intermediate state encrypted data, wherein the first designated position is between the 1 st bit data and the 2 nd bit data of the intermediate state encrypted data, and the sequence number is 1; the second designated position is between the 2 nd bit data and the 3 rd bit data, and the sequence number is 2. Then, the sequence number of the indication information segment may be determined according to the arrangement order of the indication information segment in the indication information, and the sequence number of the indication information segment may represent the arrangement order of the indication information segment in the indication information. For example, the sequence number of the first indicator segment is determined to be 1 and the sequence number of the second indicator segment is determined to be 2. And then each indication information segment is respectively inserted into the designated position of the intermediate state encrypted data with the same sequence number, so as to obtain the finished state encrypted data. For example, the indication information segment with the sequence number 1 is inserted into the designated position with the sequence number 1 in the intermediate encrypted data, and so on.
Optionally, after acquiring the sequence number of the designated position of the intermediate encrypted data and determining the sequence number of the instruction information segment, the first correspondence table stored in advance may be acquired and queried to obtain the correspondence between the instruction information segment and the designated position of the intermediate encrypted data. The first correspondence table may record a correspondence between a sequence number indicating the information segment and a sequence number of a designated position of the intermediate encrypted data, and the like. For example, as shown in table 1, the indication information segment with the sequence number 1 corresponds to the designated position with the sequence number 2 in the intermediate encrypted data, the indication information segment with the sequence number 2 corresponds to the designated position with the sequence number 1 in the intermediate encrypted data, and so on. Then, each indication information segment can be respectively inserted into a designated position of the corresponding intermediate state encrypted data, so as to obtain the completion state encrypted data. For example, the instruction information segment with the sequence number of 1 is inserted into the designated position with the sequence number of 2 in the corresponding intermediate state encrypted data, the instruction information segment with the sequence number of 2 is inserted into the designated position with the sequence number of 1 in the corresponding intermediate state encrypted data, and the like, so as to obtain the completion state encrypted data.
Sequence number indicating information segment Sequence number of designated position of intermediate state encrypted data
1 2
2 1
…… ……
TABLE 1
After the completion state encrypted data is obtained, the storage server can allocate a data identifier for the target data, store the completion state encrypted data corresponding to the data identifier, and feed back the identifier to the terminal or other servers sending the data storage request.
Fig. 6 is a decryption flow chart of a data processing method corresponding to the above method. Referring to fig. 6, the method may include the steps of:
601, completion state encrypted data is acquired.
When the terminal or other servers need to read the target data, a data reading request is sent to the storage server, and the data reading request can carry the data identification of the target data. The storage server receives a data reading request sent by the terminal or other servers, acquires a data identifier of target data carried in the data reading request, further acquires the completion state encrypted data corresponding to the locally stored data identifier, and decrypts the completion state encrypted data.
And 602, performing data extraction in the finished encrypted data based on the extraction rule to obtain extracted data and data remained after the data extraction.
Extraction rules can vary, including:
And the first extraction rule corresponds to the first insertion rule, and data extraction is performed at the appointed position of the completion state encryption data.
The designated position of the completion state encryption data is from the first data bit to the second data bit. The number of data bits from the first data bit to the second data bit is equal to the data length of the indication information. The number of the first data bit is equal to the number of the next data bit of two adjacent data bits of the intermediate encrypted data in the insertion rule one. For example, as shown in fig. 7, when the instruction information is inserted, the designated position of the intermediate encrypted data is between the 1 st bit data and the 2 nd bit data of the intermediate encrypted data, and the data length of the instruction information is 128 bits. Then, at the time of extracting the data, the specified position of the completion status encryption data is the 2 nd bit data to 129 th bit data of the completion status encryption data. The designated location of the completion status encryption data may be pre-stored.
In implementation, as shown in fig. 8, a designated location of the completion state encrypted data, for example, bit 2 data to bit 129 data of the completion state encrypted data is first obtained, and then data extraction is performed at the designated location of the completion state encrypted data, so as to obtain data with a data length of 128 bits.
And the extraction rule II corresponds to the insertion rule II, and data extraction is respectively carried out at a plurality of designated positions of the finished encrypted data.
The designated positions of the completion state encrypted data and the designated positions of the intermediate state encrypted data are in one-to-one correspondence, and the sequence numbers of the designated positions of the completion state encrypted data may be the same as the sequence numbers of the designated positions of the corresponding intermediate state encrypted data. For example, when the instruction information is inserted, the first designated position of the intermediate encrypted data is between bit 1 data and bit 2 data of the intermediate encrypted data, and the sequence number is 1. Then, when extracting the data, the first designated location of the corresponding completion status encryption data is the 2 nd bit data to 65 th bit data of the completion status encryption data, and the corresponding sequence number is 1. The sequence number of the specified position of the completion state encrypted data may represent the arrangement order of the specified position in the completion state encrypted data, corresponding to the sequence number of the specified position of the intermediate state encrypted data.
In the implementation, as shown in fig. 9, a plurality of designated locations of the previously stored completion-state encrypted data are first acquired. For example, the plurality of specified positions of the completion status encryption data are 2 nd to 65 th bit data, 67 th to 130 th bit data, and the like of the completion status encryption data. And then respectively extracting the data at a plurality of designated positions of the finished encrypted data to respectively obtain 2 data segments with the data length of 64 bits. Each extracted data segment corresponds to a designated position of the completion state encryption data from which the data segment is extracted one by one.
603, determining indication information based on the extracted data, and determining intermediate state encrypted data based on data remaining after the data extraction is performed.
In practice, there may be various ways of determining the indication information, including:
determining a first mode: corresponding to the insertion rule one and the extraction rule one, extracted data is acquired, for example, as shown in fig. 8, extracted data from the 2 nd bit data to the 129 th bit data of the completed state encrypted data, and the extracted data is determined as the instruction information.
After the indication information is determined, the remaining data after the data extraction can be combined according to the arrangement sequence of the remaining data after the data extraction in the completed state encrypted data to obtain intermediate state encrypted data.
And a second determination mode: and corresponding to the second inserting rule and the second extracting rule, firstly acquiring the extracted data segment and the sequence number of the appointed position of the corresponding finished encrypted data. Then, the sequence number of the designated position of the corresponding completion state encrypted data may be used as the sequence number of the extracted data segment. For example, as shown in fig. 9, for the case where the sequence number of the designated position of the corresponding completion state encrypted data is 1, 1 may be taken as the sequence number of the extracted data segment. The sequence number of the extracted data segment may represent the arrangement order of the extracted data segment in the indication information. Further, the instruction information may be obtained by combining a plurality of extracted data segments according to the sequence numbers of the extracted data segments.
Optionally, after acquiring the sequence number of the extracted data segment and the corresponding designated position of the completion state encrypted data, the second correspondence table may be acquired and queried to obtain the sequence number of the extracted data segment. The second correspondence table may record a correspondence between a sequence number of a designated position of the completion state encrypted data and a sequence number of the extracted data segment, and the like. For example, the designated position of the sequence number 2 in the completed state encrypted data corresponds to the extracted data segment of the sequence number 1, the designated position of the sequence number 1 in the completed state encrypted data corresponds to the extracted data segment of the sequence number 2, and so on. Then, the plurality of extracted data segments may be combined according to the sequence number of the extracted data segments to obtain the indication information.
After the indication information is determined, the remaining data after the data extraction can be combined according to the arrangement sequence of the remaining data after the data extraction in the completed state encrypted data to obtain intermediate state encrypted data.
And 604, decrypting the intermediate state encrypted data based on the decryption algorithm and the dynamic key corresponding to the indication information to obtain the target data.
In implementations, for the case where the indication information is a dynamic key, the indication information may be taken as the dynamic key. For the case where the indication information is an identification of a dynamic key, the dynamic key may be acquired based on the identification of the dynamic key. Then, the dynamic key corresponding to the indication information and the intermediate state encrypted data can be input into a decryption algorithm to obtain target data. The decryption algorithm may be a decryption algorithm corresponding to an encryption algorithm, such as a decryption algorithm corresponding to an AES-GCM algorithm. After decryption is completed, the storage server may feed back the target data obtained by decryption to the terminal or other servers that send the data reading request.
In the encryption process of the data processing, salt values can be added to improve the complexity of the data processing. As shown in fig. 10, the process may include the steps of:
1001, obtaining target data to be encrypted and a current dynamic key, and obtaining a salt value.
The salt value is data for simply encrypting the target data, can be generated randomly, and has a specified data length.
The generation, maintenance, testing, etc. of dynamic keys may be seen at 201. The server may be preset with a salt value generation algorithm, and each time the server receives a data storage request, the salt value generation algorithm is operated to generate an updated salt value to replace the currently stored salt value.
The storage server receives a data storage request sent by the terminal or other servers, and after acquiring the data carried in the data (namely the target data), the storage server needs to encrypt the data and then store the data, namely the data to be encrypted. At this point, the server may obtain the currently stored dynamic key and the newly generated salt value for subsequent encryption processing.
1002, encrypting the target data based on the dynamic key, the salt value and the encryption algorithm to obtain intermediate encrypted data.
In implementation, the target data and the salt value may be first converted into binary data, and then primary encryption is performed based on the binary data of the target data and the binary data of the salt value, to obtain initial encrypted data. The data length of the salt value is smaller and is generally far smaller than the data length of the target data, and correspondingly, the binary data length of the salt value is also generally far smaller than the binary data length of the target data, so that the binary data of the target data can be divided into a plurality of data segments with the data length smaller than or equal to the binary data length of the salt value and the like. For example, the data segments other than the last data segment may all be equal in length to the binary data of the salt value, and the data length of the last data segment may be less than or equal to the data length of the salt value. And in the primary encryption process, performing bit exclusive OR operation on the salt value and the first data segment of the target data to obtain a first initial state encrypted data segment. And then, performing bit exclusive OR operation on the obtained first initial state encrypted data segment and a second data segment of the target data to obtain a second initial state encrypted data segment. And performing bit exclusive OR operation on the obtained second initial state encrypted data segment and a third data segment of the target data to obtain the third initial state encrypted data segment. According to the above, the corresponding process can be seen in fig. 11, until all the data segments of the target data are subjected to exclusive-or operation, and all the obtained initial state encrypted data segments are combined according to the sequence obtained by calculation to obtain the initial state encrypted data. For example, the binary data of the target data is 10000100001, the binary data of the salt value is 0010, and the target data can be regarded as three data segments of "1000", "0100", "001". When encrypting, firstly, carrying out bit exclusive OR operation on binary data of the salt value and a first data segment of binary data of the target data to obtain a first initial state encrypted data segment as 1010. And performing bit exclusive OR operation on the first initial state encrypted data segment and the second data segment of the target data to obtain a second initial state encrypted data segment as '1110'. And then performing bit exclusive OR operation on the second initial state encrypted data segment and a third data segment of the target data to obtain a third initial state encrypted data segment as '110'. After the bit exclusive OR operation is completed on all the data segments of the target data, all the results are arranged according to the operation sequence, and the initial encrypted data can be obtained as 10101110110.
After the initial state encrypted data is obtained, the initial state encrypted data and the dynamic key can be input into an encryption algorithm to obtain intermediate state encrypted data. The encryption algorithm may be an AES-GCM algorithm or the like.
1003, based on the insertion rule, inserting the indication information and the salt value into the intermediate state encrypted data to obtain the completion state encrypted data.
Wherein the description of the indication information may be referred to in step 203.
In implementations, the dynamic key and the salt value may be inserted into the intermediate state encrypted data based on an insertion rule. Or, the dynamic key is not inserted, the dynamic key is stored in a storage medium, the sequence number or the storage address of the dynamic key is used as the identification of the dynamic key, and then the identification of the dynamic key and the salt value are inserted into the intermediate encrypted data based on the insertion rule to obtain the completion encrypted data corresponding to the target data. The storage server can allocate a data identifier for the target data, store the completion state encrypted data corresponding to the data identifier, and feed back the identifier to the terminal or other servers sending the data storage request.
The insertion rules may vary, including:
and (3) inserting a rule III: and respectively inserting the indication information and the salt value into a first appointed position and a second appointed position of the intermediate state encrypted data to obtain the finished state encrypted data.
Wherein the designated location of the intermediate encrypted data is between two adjacent data bits. For example, the first specified position of the intermediate state encrypted data may be between bit 1 data and bit 2 data of the intermediate state encrypted data, and the second specified position of the intermediate state encrypted data may be between bit 7 data and bit 8 data. The designated location of the intermediate state encrypted data may be pre-stored.
In the implementation, as shown in fig. 12, the indication information, the salt value, and the intermediate state encrypted data are first acquired, and the first designated position and the second designated position of the intermediate state encrypted data stored in advance are acquired. For example, the first designated position of the intermediate state encrypted data stored in advance may be between the 1 st bit data and the 2 nd bit data of the intermediate state encrypted data, the second designated position of the intermediate state encrypted data may be between the 2 nd bit data and the 3 rd bit data of the intermediate state encrypted data, then the instruction information is inserted into the first designated position of the intermediate state encrypted data, and the salt value is inserted into the second designated position of the intermediate state encrypted data, to obtain the completed state encrypted data.
And (3) inserting a rule IV: dividing the indication information into a second number of equal-length indication information segments, dividing the salt value into a third number of equal-length salt value segments, and respectively inserting each indication information segment and each salt value segment into each designated position of the intermediate encrypted data based on the arrangement sequence of each indication information segment in the indication information, the arrangement sequence of each salt value segment in the salt value and the arrangement sequence of a plurality of designated positions in the intermediate encrypted data to obtain the finished encrypted data.
The data length of the indication information may be fixed, and the second number may be a preset number, so as to ensure that the indication information is segmented into indication information segments with equal lengths. The data length of the salt value may be fixed and the third number may be a preset number to ensure that the indication is split into indication segments of equal length. The sum of the second number and the third number is the same as the number of the designated positions. The designated location of the intermediate state encrypted data may be pre-stored. Each designated location may have a corresponding sequence number, and the sequence number of the designated location of the intermediate encrypted data may represent the order in which the designated location is arranged for the intermediate encrypted data.
In implementation, as shown in fig. 13, the indication information, the salt value and the intermediate encrypted data are first acquired, and the indication information is split into a second number of indication information segments of equal length. For example, the indication information with the data length of 128 bits is segmented into 2 indication information segments with equal length, and the data length of each indication information segment is 64 bits. And splitting the salt into a third number of equal length salt segments, e.g., splitting a salt having a data length of 128 bits into 2 equal length salt segments, each having a data length of 64 bits.
And then, acquiring a plurality of designated positions of the prestored intermediate state encrypted data and sequence numbers of each designated position. For example, a plurality of designated positions of the intermediate state encrypted data stored in advance are acquired, wherein the first designated position is between bit 1 data and bit 2 data of the intermediate state encrypted data, and the sequence number is 1; the second designated position is between the 2 nd data and the 3 rd data, and the sequence number is 2; the third designated position is between the 3 rd bit data and the 4 th bit data, and the sequence number is 3; the fourth designated position is between the 4 th bit data and the 5 th bit data, and the sequence number is 4.
Then, the sequence number of the indication information segment and the sequence number of the salt value segment can be determined according to the arrangement sequence of the indication information segment in the indication information, the arrangement sequence of the salt value segment in the salt value and the arrangement sequence of the plurality of specified positions in the intermediate state encrypted data. For example, the sequence numbers of the first indication information segment and the second indication information segment are determined to be A1 and A2, respectively, and the sequence numbers of the first salt value segment and the second salt value segment are determined to be B1 and B2, respectively. The sequence number of the indication information segment may represent the arrangement order of the indication information segment in the indication information, and the sequence number of the salt value segment may represent the arrangement order of the salt value segment in the salt value.
Further, a third correspondence table stored in advance may be acquired and queried to obtain a correspondence between each indication information segment and a specified position of the intermediate encrypted data, and a correspondence between each salt value segment and a specified position of the intermediate encrypted data. The third correspondence table may record a correspondence between the sequence number of the instruction information segment and the sequence number of the designated position of the intermediate state encrypted data, a correspondence between the sequence number of the salt segment and the sequence number of the designated position of the intermediate state encrypted data, and the like. For example, the indication information segment with the sequence number A1 corresponds to the designated position with the sequence number 1 in the intermediate encrypted data, the indication information segment with the sequence number A2 corresponds to the designated position with the sequence number 2 in the intermediate encrypted data, the salt value segment with the sequence number B1 corresponds to the designated position with the sequence number 3 in the intermediate encrypted data, the salt value segment with the sequence number B2 corresponds to the designated position with the sequence number 4 in the intermediate encrypted data, and so on.
And finally, each indication information segment and each salt value segment can be respectively inserted into the designated position of the corresponding intermediate state encrypted data to obtain the finished state encrypted data. For example, the indication information segment with the sequence number A1 is inserted into the designated position with the sequence number 1 in the corresponding intermediate encrypted data, the indication information segment with the sequence number A2 is inserted into the designated position with the sequence number 2 in the corresponding intermediate encrypted data, the salt value segment with the sequence number B1 is inserted into the designated position with the sequence number 3 in the corresponding intermediate encrypted data, the salt value segment with the sequence number B2 is inserted into the designated position with the sequence number 4 in the corresponding intermediate encrypted data, and the like, thereby obtaining the completion encrypted data.
Optionally, in the process of inserting data, the indication information and the salt value may be fused based on a fusion rule to obtain fusion data. And then based on the insertion rule, inserting the fusion data into the intermediate state encrypted data to obtain the finished state encrypted data.
Fusion rules can be varied, including:
fusion rule one: and inserting the indication information into the appointed position of the salt value to obtain the fusion data.
Wherein the specified position of the salt value is between two adjacent data bits. For example, the specified position of the salt value may be between the 1 st bit data and the 2 nd bit data of the salt value, or between the 2 nd bit data and the 3 rd bit data. The specified location of the salt value may be pre-stored.
In practice, the indication information and the salt value are first acquired, and the designated position of the salt value set in advance is acquired. For example, the specified position of the salt value may be between bit 1 data and bit 2 data of the salt value. And then inserting the indication information into the appointed position of the salt value to obtain the finished state encrypted data.
Fusion rule II: and splicing the indication information and the salt value to obtain fusion data.
In the implementation, the indication information and the salt value are firstly obtained, and then the indication information and the salt value are spliced to obtain the fusion data. For example, the instruction information with the data length of 128 bits and the salt value with the data length of 128 bits are spliced according to the sequence that the instruction information is before and the salt value is after, so as to obtain the fusion data with the data length of 256 bits.
After the fusion data is obtained, the fusion data can be inserted into the intermediate state encrypted data based on the insertion rule, so that the finished state encrypted data is obtained.
The insertion rules may vary, including:
and fifthly, inserting the fusion data into the appointed position of the intermediate state encrypted data to obtain the finished state encrypted data.
Wherein the designated location of the intermediate encrypted data is between two adjacent data bits. For example, the designated position of the intermediate state encrypted data may be between the 1 st bit data and the 2 nd bit data of the intermediate state encrypted data, or between the 2 nd bit data and the 3 rd bit data. The designated location of the intermediate state encrypted data may be pre-stored.
In the implementation, the fusion data and the intermediate state encryption data are acquired first, and the preset designated position of the intermediate state encryption data is acquired. For example, the specified location of the intermediate state encrypted data may be between bit 1 data and bit 2 data of the intermediate state encrypted data. And then inserting the fusion data into the appointed position of the intermediate state encrypted data to obtain the finished state encrypted data.
And the inserting rule six is used for dividing the fusion data into a fourth number of equal-length fusion data segments, and inserting each fusion data segment into each designated position of the intermediate state encryption data respectively based on the arrangement sequence of each fusion data segment in the fusion data and the arrangement sequence of a plurality of designated positions of the intermediate state encryption data to obtain the finished state encryption data.
The data length of the fused data obtained by fusion can be fixed, and the fourth number can be a preset number so as to ensure that the fused data is segmented into equal-length fused data segments. The number of fused data segments is the same as the number of designated locations. The designated location of the intermediate state encrypted data may be pre-stored. Each designated location may have a corresponding sequence number, and the sequence number of the designated location of the intermediate encrypted data may represent the order in which the designated location is arranged for the intermediate encrypted data.
In the implementation, first, the fusion data and the intermediate encrypted data are acquired, and the fusion data are segmented into a first number of fusion data segments with equal lengths. For example, fused data having a data length of 256 bits is segmented into 2 fused data segments of equal length, each fused data segment having a data length of 128 bits. And acquiring a plurality of designated positions of the prestored intermediate state encrypted data and sequence numbers of each designated position. For example, the first designated position of the intermediate encrypted data is between bit 1 data and bit 2 data of the intermediate encrypted data, and the sequence number is 1; the second designated position is between the 2 nd bit data and the 3 rd bit data of the intermediate state encrypted data, and the sequence number is 2. Then, the sequence number of the fused data segment can be determined according to the arrangement sequence of the fused data segment in the fused data. For example, the sequence number of the first fused data segment is determined to be 1, the sequence number of the second fused data segment is determined to be 2, the sequence number of the first designated location of the intermediate encrypted data is determined to be 1, and the sequence number of the second designated location of the intermediate encrypted data is determined to be 2. And then each fused data segment is respectively inserted into the designated position of the intermediate state encrypted data with the same sequence number as the sequence number of the fused data segment to obtain the finished state encrypted data, for example, the fused data segment with the sequence number of 1 is inserted into the designated position with the sequence number of 1 in the intermediate state encrypted data. The sequence number of the fused data segment may represent the arrangement order of the fused data segment in the fused data, and the sequence number of the designated position of the intermediate encrypted data may represent the arrangement order of the designated position in the intermediate encrypted data.
Optionally, after acquiring the sequence number of the designated position of the intermediate encrypted data and determining the sequence number of the fused data segment, a fourth correspondence table stored in advance may be acquired and queried to obtain the correspondence between the fused data segment and the designated position of the intermediate encrypted data. The fourth correspondence table may record a correspondence between the sequence number of the fused data segment and the sequence number of the designated position of the intermediate encrypted data. For example, the fused data segment with the sequence number of 1 corresponds to the designated position with the sequence number of 2 in the intermediate encrypted data, the fused data segment with the sequence number of 2 corresponds to the designated position with the sequence number of 1 in the intermediate encrypted data, and so on. Then, each fused data segment can be respectively inserted into the designated position of the corresponding intermediate state encrypted data to obtain the completion state encrypted data. For example, the fused data segment with the sequence number of 1 is inserted into the designated position with the sequence number of 2 in the corresponding intermediate state encrypted data, the fused data segment with the sequence number of 2 is inserted into the designated position with the sequence number of 1 in the corresponding intermediate state encrypted data, and the like, so as to obtain the completion state encrypted data.
After the completion state encrypted data is obtained, the storage server can allocate a data identifier for the target data, store the completion state encrypted data corresponding to the data identifier, and feed back the identifier to the terminal or other servers sending the data storage request.
Fig. 14 is a flowchart of a data decryption process corresponding to the above-described salt-added data encryption process. Referring to fig. 14, the method may include the steps of:
1401, the completion status encryption data is acquired.
When the terminal or other servers need to read the target data, a data reading request is sent to the storage server, and the data reading request can carry the data identification of the target data. The storage server receives a data reading request sent by the terminal or other servers, acquires a data identifier of target data carried in the data reading request, and further can acquire the completion state encryption data corresponding to the locally stored data identifier, and decrypt the data completion state encryption.
1402, based on the extraction rule, performing data extraction in the completed state encrypted data, to obtain extracted data and data remaining after the data extraction.
Extraction rules can vary, including:
extraction rule III: and carrying out data extraction at a third designated position and a fourth designated position in the completed state encrypted data corresponding to the three phases of the insertion rule.
The third designated position of the completion state encryption data is the third data bit to the fourth data bit, and the fourth designated position is the fifth data bit to the sixth data bit. The number of data bits of the third to fourth data bits and the number of data bits of the fifth to sixth data bits are equal to the data length of the indication information. The number of the third data bit at the third designated position of the completed state encrypted data is equal to the number of the next data bit of the two adjacent data bits in the first designated position of the intermediate state encrypted data in the insertion rule three. The number of the fifth data bit at the fourth designated position of the completed state encrypted data is equal to the number of the next data bit of the two adjacent data bits in the second designated position of the intermediate state encrypted data in the insertion rule three. For example, when the instruction information is inserted, the first designated position of the intermediate encrypted data is between the 1 st bit data and the 2 nd bit data of the intermediate encrypted data, the data length of the instruction information is 128 bits, the second designated position of the intermediate encrypted data is between the 1 st bit data and the 2 nd bit data of the intermediate encrypted data, and the data length of the salt value is 128 bits. Then, when the data is extracted, the third designated position of the completion state encrypted data is the 2 nd bit data to the 129 th bit data of the completion state encrypted data, and the fourth designated position of the completion state encrypted data is the 8 th bit data to the 135 th bit data of the completion state encrypted data. The designated location of the completion status encryption data may be pre-stored.
In the implementation, as shown in fig. 15, first, the third designated location and the fourth designated location of the previously stored completion-state encrypted data are acquired. For example, the third designated position of the completion status encryption data stored in advance is the 2 nd bit data to the 129 th bit data of the completion status encryption data, and the fourth designated position of the completion status encryption data is the 8 th bit data to the 135 th bit data of the completion status encryption data. And then, extracting data at a third appointed position and a fourth appointed position of the finished encrypted data to respectively obtain two sections of data with the data length of 128 bits.
Extraction rule four: and respectively extracting the data at a plurality of designated positions of the completion state encryption data corresponding to the fourth insertion rule.
The designated positions of the completion state encrypted data and the designated positions of the intermediate state encrypted data are in one-to-one correspondence, and the sequence numbers of the designated positions of the completion state encrypted data may be the same as the sequence numbers of the designated positions of the corresponding intermediate state encrypted data. For example, when the instruction information or the salt value is inserted, the first designated position of the intermediate encrypted data is between the 1 st bit data and the 2 nd bit data of the intermediate encrypted data, and the sequence number is 1. Then, when extracting the data, the first designated location of the corresponding completion status encryption data is the 2 nd bit data to 65 th bit data of the completion status encryption data, and the corresponding sequence number is 1. The sequence number of the specified position of the completion state encrypted data may represent the arrangement order of the specified position in the completion state encrypted data, corresponding to the sequence number of the specified position of the intermediate state encrypted data.
In the implementation, as shown in fig. 16, a plurality of designated positions of the previously stored completion-state encrypted data are first acquired. For example, the plurality of specified positions of the completion status encryption data are 2 nd to 65 th bit data, 67 th to 130 th bit data, 132 th to 195 th bit data, 197 th to 260 th bit data, and the like of the completion status encryption data. And then respectively extracting the data at a plurality of designated positions of the finished encrypted data to respectively obtain 4 data segments with the data length of 64 bits. Each extracted data segment corresponds to a designated position of the completion state encryption data from which the data segment is extracted one by one.
1403, determining indication information and a salt value based on the extracted data, and determining intermediate encrypted data based on data remaining after the data extraction is performed.
The method for determining the indication information, the salt value and the intermediate state encrypted data can be various, and comprises the following steps:
and determining a third mode: corresponding to the third insertion rule and the third extraction rule, the extracted data, that is, the data extracted from the third specified position of the completion state encrypted data (e.g., the 2 nd bit data to the 129 th bit data of the completion state encrypted data) and the data extracted from the fourth specified position of the completion state encrypted data (e.g., the 8 th bit data to the 135 th bit data of the completion state encrypted data) are obtained, and the data extracted from the third specified position of the completion state encrypted data is determined as the indication information, and the data extracted from the fourth specified position of the completion state encrypted data is determined as the salt value, and the corresponding processing can be seen in fig. 15.
After the indication information and the salt value are determined, the remaining data after the data extraction can be combined according to the arrangement sequence of the remaining data after the data extraction in the completed state encrypted data to obtain intermediate state encrypted data.
And determining a fourth mode: and acquiring data extracted from N specified positions in the plurality of specified positions corresponding to the fourth insertion rule and the fourth extraction rule, and combining the data extracted from the N specified positions to obtain the indication information.
In implementation, the fifth correspondence table may be first obtained and queried to obtain the sequence number of the extracted data segment. The fifth correspondence table may record a correspondence between a sequence number of the designated position of the completion state encrypted data and a sequence number of the extracted data segment. The sequence number of the extracted data segment may represent the data type to which the data segment belongs and the order in which the data segment is arranged in the complete data. The data type includes indication information and a salt value. For example, a designated position with a sequence number of 1 in the completed encrypted data corresponds to an extracted data segment with a sequence number of C1, "C" indicates that the segment type to which the data segment belongs is an indication information segment, and "1" indicates that the arrangement order of the data segment in the indication information is a first; the designated position with the sequence number of 3 in the finished encrypted data corresponds to the extracted data segment with the sequence number of D1, wherein D indicates that the segment type to which the data segment belongs is a salt value segment, and 1 indicates that the arrangement sequence of the data segment in the salt value is first. Then, the extracted data segments with the segment types being the indication information segments can be obtained, and the indication information is obtained by combining a plurality of extracted data segments according to the sequence numbers of the extracted data segments.
And obtaining data extracted from M specified positions except N specified positions in the specified positions corresponding to the fourth insertion rule and the fourth extraction rule, and combining the data extracted from the M specified positions to obtain a salt value.
In implementation, the fifth correspondence table may be first obtained and queried to obtain the sequence number of the extracted data segment corresponding to the designated position of the completion state encrypted data. The fifth correspondence table may record a correspondence between a sequence number of the designated position of the completion state encrypted data and a sequence number of the extracted data segment. The sequence number of the extracted data segment may indicate the segment type to which the data segment belongs and the order in which the data segment is arranged in the complete data. For example, a designated position with a sequence number of 1 in the completed encrypted data corresponds to an extracted data segment with a sequence number of C1, "C" indicates that the segment type to which the data segment belongs is an indication information segment, and "1" indicates that the arrangement order of the data segment in the indication information is a first; the designated position with the sequence number of 3 in the finished encrypted data corresponds to the extracted data segment with the sequence number of D1, wherein D indicates that the segment type to which the data segment belongs is a salt value segment, and 1 indicates that the arrangement sequence of the data segment in the salt value is first. Then, extracted data segments belonging to the segment type as salt value segments can be obtained, and a plurality of extracted data segments are combined according to the sequence numbers of the extracted data segments to obtain salt values, and corresponding processing can be seen in fig. 16.
After the indication information and the salt value are determined, the remaining data after the data extraction can be combined according to the arrangement sequence of the remaining data after the data extraction in the completed state encrypted data to obtain intermediate state encrypted data.
Optionally, data extraction may be performed on the completed encrypted data based on the extraction rule, corresponding to the inserted fusion data, to obtain extracted data and data remaining after the data extraction. And then determining fusion data based on the extracted data, and determining intermediate state encryption data based on the data remaining after the data extraction. And then separating the fusion data based on the separation rule to obtain the indication information and the salt value.
Firstly, based on an extraction rule, data extraction is carried out in the finished state encrypted data, and extracted data and data remaining after the data extraction are obtained. Extraction rules can vary, including:
extraction rule five: and carrying out data extraction at the appointed position of the completion state encryption data corresponding to the insertion rule five.
The designated positions of the completion state encryption data are the seventh data bit to the eighth data bit. The number of data bits of the seventh data bit to the eighth data bit is equal to the data length of the fusion data. The number of the seventh data bit is equal to the number of the latter one of the two adjacent data bits of the intermediate encrypted data in the insertion rule five. For example, when inserting the fusion data, the designated position of the intermediate encrypted data is between the 1 st bit data and the 2 nd bit data of the intermediate encrypted data, and the data length of the fusion data is 256 bits. Then, at the time of extracting the data, the specified position of the completion status encryption data is the 2 nd bit data to 257 th bit data of the completion status encryption data. The designated location of the completion status encryption data may be pre-stored.
In implementation, the designated location of the completion state encrypted data, for example, the 2 nd bit data to the 257 th bit data of the completion state encrypted data, is first obtained, and then data extraction is performed at the designated location of the completion state encrypted data, so as to obtain data with a data length of 256 bits.
And extracting the data at a plurality of designated positions of the finished encrypted data, wherein the extraction rule corresponds to the insertion rule.
The designated positions of the completion state encrypted data and the designated positions of the intermediate state encrypted data are in one-to-one correspondence, and the sequence numbers of the designated positions of the completion state encrypted data may be the same as the sequence numbers of the designated positions of the corresponding intermediate state encrypted data. For example, when inserting the fusion data, the first designated position of the intermediate encrypted data is between the 1 st bit data and the 2 nd bit data of the intermediate encrypted data, the sequence number is 1, and the data length of the fusion data segment is 64 bits. Then, when extracting the data, the first designated location of the corresponding completion status encryption data is the 2 nd bit data to 65 th bit data of the completion status encryption data, and the corresponding sequence number is 1. The sequence number of the specified position of the completion state encrypted data may represent the arrangement order of the specified position in the completion state encrypted data, corresponding to the sequence number of the specified position of the intermediate state encrypted data.
In an implementation, a plurality of designated locations of prestored completion state encrypted data are first acquired. For example, the plurality of specified positions of the completion status encryption data are 2 nd to 65 th bit data, 67 th to 130 th bit data, 132 th to 195 th bit data, 197 th to 260 th bit data, and the like of the completion status encryption data. And then respectively extracting the data at a plurality of designated positions of the finished encrypted data to respectively obtain 4 data segments with the data length of 64 bits. Each extracted data segment corresponds to a designated position of the completion state encryption data from which the data segment is extracted one by one.
After the extracted data is obtained, the fusion data can be determined based on the extracted data, and the intermediate encrypted data can be determined based on the data remaining after the data extraction is performed. There are a number of ways to determine the fusion data, including:
determining a fifth mode: corresponding to the insertion rule five and the extraction rule five, extracted data, for example, data extracted from the 2 nd bit data to the 257 th bit data of the completed state encrypted data is acquired, and the extracted data is determined as fusion data.
After the fusion data is determined, the remaining data after the data extraction can be combined according to the arrangement sequence of the remaining data after the data extraction in the completed state encrypted data to obtain intermediate state encrypted data.
Determining a sixth mode: corresponding to the insertion rule six and the extraction rule six, firstly, acquiring the extracted data segment and the sequence number of the appointed position of the corresponding completion state encryption data. Then, the sequence number of the designated position of the corresponding completion state encrypted data may be used as the sequence number of the extracted data segment. For example, in the case where the sequence number of the designated position of the corresponding completion state encrypted data is 1, 1 may be taken as the sequence number of the extracted data segment. The sequence number of the extracted data segment may represent the order of the extracted data segment in the fused data. Furthermore, the plurality of extracted data segments may be combined according to the sequence numbers of the extracted data segments to obtain the fusion data.
Optionally, after acquiring the sequence number of the extracted data segment and the corresponding designated position of the completion state encrypted data, a sixth correspondence table may be acquired and queried to obtain the sequence number of the extracted data segment. The sixth correspondence table may record a correspondence between a sequence number of the designated position of the completion state encrypted data and a sequence number of the extracted data segment. For example, the designated position of the sequence number 2 in the completed state encrypted data corresponds to the extracted data segment of the sequence number 1, the designated position of the sequence number 1 in the completed state encrypted data corresponds to the extracted data segment of the sequence number 2, and so on. Then, the plurality of extracted data segments may be combined according to the sequence numbers of the extracted data segments to obtain the fusion data.
After the fusion data is determined, the remaining data after the data extraction can be combined according to the arrangement sequence of the remaining data after the data extraction in the completed state encrypted data to obtain intermediate state encrypted data.
And then, separating the fusion data based on a separation rule to obtain the indication information and the salt value. The separation rules may be varied, including:
separation rule one: and corresponding to the first fusion rule, extracting the data at the appointed position of the fusion data.
Wherein the designated positions of the fusion data are the ninth data bit to the tenth data bit. The number of data bits of the ninth data bit to the tenth data bit is equal to the data length of the fusion data. The number of the ninth data bit is equal to the number of the next data bit in the two adjacent data bits of the salt value in the fusion rule one. For example, when the instruction information is inserted, the specified position of the salt value is between the 1 st bit data and the 2 nd bit data of the salt value, and the data length of the instruction information is 128 bits. Then, at the time of extracting the data, the designated position of the fusion data is the 2 nd bit data to 129 th bit data of the fusion data. The designated location of the fused data may be pre-stored.
In implementation, first, a designated position of the fusion data, for example, from the 2 nd bit data to the 129 th bit data of the fusion data is acquired, then data extraction is performed at the designated position of the fusion data, data with a data length of 128 bits is obtained, and the extracted data is determined as indication information.
After the indication information is determined, the data remaining after the data extraction is combined according to the arrangement sequence of the data remaining after the data extraction in the fusion data, so as to obtain a salt value.
And the second separation rule is corresponding to the second fusion rule, and the fusion data is segmented at the separation position of the fusion data.
Wherein the separation position of the fusion data is between two adjacent data bits. For example, the separation position of the fusion data may be between the 128 th bit data and the 129 th bit data of the fusion data.
In the implementation, the separation position of the fusion data is firstly obtained, and then the fusion data is segmented at the separation position of the fusion data, so that two segments of segmented data are obtained. For example, the fusion data is 256-bit data, the 128-bit data and the 129-bit data are divided to obtain two pieces of data with 128-bit data length, and then the data after the division with the preceding sequence can be determined as indication information and the data after the division with the following sequence can be determined as salt value according to the sequence of splicing the two pieces of data corresponding to the fusion rule.
1404, decrypting the intermediate encrypted data based on the decryption algorithm, the salt value and the dynamic key corresponding to the indication information to obtain target data.
Wherein, for the case that the indication information is a dynamic key, the indication information may be used as the dynamic key. For the case where the indication information is an identification of a dynamic key, the dynamic key may be acquired based on the identification of the dynamic key.
In implementations, for the case where the indication information is a dynamic key, the indication information may be taken as the dynamic key. For the case where the indication information is an identification of a dynamic key, the dynamic key may be acquired based on the identification of the dynamic key. Then, the dynamic key corresponding to the indication information and the intermediate state encrypted data can be input into a decryption algorithm to obtain the initial state encrypted data. The decryption algorithm may be a decryption algorithm corresponding to an encryption algorithm, such as a decryption algorithm corresponding to an AES-GCM algorithm.
After the initial state encrypted data is obtained, further decryption can be performed based on the initial state encrypted data and binary data of the salt value, so that target data is obtained.
Corresponding to 1002, the binary data length of the salt value is typically much smaller than the length of the original encrypted data, which may be considered as a plurality of data segments of equal length as the binary data of the salt value. And in decryption, performing bit exclusive OR operation on the salt value and a first data segment of the initial state encrypted data to obtain a first target data segment, and then performing bit exclusive OR operation on the first data segment of the initial state encrypted data and a second data segment of the initial state encrypted data to obtain a second target data segment. And performing bit exclusive OR operation on the second data segment of the initial state encrypted data and the third data segment of the initial state encrypted data to obtain a third target data segment. According to the above, the corresponding process can be seen in fig. 17, until all the data segments of the initial encrypted data complete the bit exclusive-or operation, and all the obtained target data segments are combined according to the sequence obtained by calculation to obtain the binary data of the target data. For example, the initial state encrypted data is 10101110110, the binary data of the salt value is 0010, and the initial state encrypted data can be regarded as three data segments "1010", "1110", "110". When further decryption is carried out, firstly, bit exclusive OR operation is carried out on binary data of the salt value and the first data segment of the initial state encrypted data, so that the first target data segment is 1000. And performing bit exclusive OR operation on the first initial state encrypted data segment and the second initial state encrypted data segment to obtain a second target data segment of '0100'. And performing bit exclusive OR operation on the second initial state encrypted data segment and the third initial state encrypted data segment to obtain a third target data segment as '001'. After exclusive-or operation is completed on all data segments of the initial state encrypted data, all results are arranged according to an operation sequence, and binary data of the target data can be obtained to be 10000100001. And converting binary data of the target data to obtain the target data.
After the further decryption is completed, the storage server may feed the obtained target data back to the terminal or other servers that send the data reading request.
Fig. 18 is a schematic structural diagram of an apparatus for data processing according to an embodiment of the present application, where the apparatus may be a computer device in the foregoing embodiment, and the apparatus includes:
a first obtaining module 1801, configured to obtain target data to be encrypted and a current dynamic key; the encryption module 1802 is configured to encrypt the target data based on the dynamic key and an encryption algorithm, to obtain intermediate encrypted data; and an inserting module 1803, configured to insert, based on an inserting rule, instruction information into the intermediate encrypted data, to obtain the completed encrypted data, where the instruction information is used to instruct the dynamic key.
In one possible implementation, the encryption module 1802 is configured to: encrypting the target data based on the dynamic key, the salt value and the encryption algorithm to obtain intermediate encrypted data; the inserting module 1803 is configured to: and inserting the indication information and the salt value into the intermediate state encrypted data based on an insertion rule to obtain the finished state encrypted data.
In one possible implementation manner, the insertion module 1803 is configured to: and respectively inserting the indication information and the salt value into a first appointed position and a second appointed position of the intermediate state encrypted data to obtain the finished state encrypted data.
In one possible implementation, the inserting module 1803 is configured to: dividing the indication information into a first number of equal-length indication information segments, and dividing the salt value into a second number of equal-length salt value segments; and inserting each indication information segment and each salt value segment into each designated position of the intermediate state encrypted data respectively based on the arrangement sequence of each indication information segment in the indication information, the arrangement sequence of each salt value segment in the salt value and the arrangement sequence of a plurality of designated positions to obtain the completion state encrypted data.
In one possible implementation, the inserting module 1803 is configured to: based on a fusion rule, fusing the indication information and the salt value to obtain fusion data; and based on an insertion rule, inserting the fusion data into the intermediate state encrypted data to obtain the finished state encrypted data.
In one possible implementation, the indication information is the dynamic key or an identification of the dynamic key.
Fig. 19 is a schematic structural diagram of an apparatus for data processing according to an embodiment of the present application, where the apparatus may be a computer device in the foregoing embodiment, and the apparatus includes:
a second obtaining module 1901, configured to obtain completion state encrypted data; an extraction module 1902, configured to perform data extraction in the completion state encrypted data based on an extraction rule, to obtain extracted data and data remaining after the data extraction; a determining module 1903, configured to determine indication information based on the extracted data, and determine intermediate encrypted data based on the data remaining after the data extraction, where the indication information is used to indicate the dynamic key; and the decryption module 1904 is configured to decrypt the intermediate encrypted data based on a decryption algorithm and a dynamic key corresponding to the indication information, so as to obtain target data.
In one possible implementation, the determining module 1903 is further configured to: determining a salt value based on the extracted data; the decryption module 1904 is configured to: and decrypting the intermediate state encrypted data based on a decryption algorithm, the salt value and the dynamic key corresponding to the indication information to obtain target data.
In one possible implementation, the extracting module 1902 is configured to: based on the extraction rule, extracting data at a third designated position and a fourth designated position in the finished encrypted data; the determining module 1903 is configured to: determining the data extracted from the third designated position as indication information; and determining the data extracted from the fourth designated position as a salt value.
In one possible implementation, the extracting module 1902 is configured to: based on the extraction rule, extracting data at a plurality of designated positions in the completion state encryption data; the determining module 1903 is configured to: acquiring data extracted from N specified positions in a plurality of specified positions, and combining the data extracted from the N specified positions to obtain indication information; and acquiring data extracted from M specified positions except the N specified positions in the specified positions, and combining the data extracted from the M specified positions to obtain a salt value.
In one possible implementation, the determining module 1903 is configured to: and separating the extracted data based on a separation rule to obtain indication information and a salt value.
In one possible implementation, the indication information is the dynamic key or an identification of the dynamic key.
Fig. 20 is a schematic structural diagram of a computer device according to an embodiment of the present application, where the computer device 200 may have a relatively large difference due to different configurations or performances, and may include one or more processors (central processing units, CPU) 2001 and one or more memories 2002, where the memories 2002 store at least one instruction, and the at least one instruction is loaded and executed by the processors 2001 to implement the methods provided in the foregoing method embodiments. Of course, the computer device may also have a wired or wireless network interface, a keyboard, an input/output interface, and other components for implementing the functions of the device, which are not described herein.
In an exemplary embodiment, a computer readable storage medium, such as a memory comprising instructions executable by a processor in a terminal to perform the method of data processing in the above embodiments is also provided. The computer readable storage medium may be non-transitory. For example, the computer readable storage medium may be a ROM (read-only memory), a RAM (random access memory ), a CD-ROM, a magnetic tape, a floppy disk, an optical data storage device, and the like.
It will be understood by those skilled in the art that all or part of the steps for implementing the above embodiments may be implemented by hardware, or may be implemented by a program for instructing relevant hardware, where the program may be stored in a computer readable storage medium, and the storage medium may be a read-only memory, a magnetic disk or an optical disk, etc.
The foregoing description of the preferred embodiments of the present application is not intended to limit the application, but rather, the application is to be construed as limited to the appended claims.

Claims (8)

1. A method of data processing, the method comprising:
acquiring target data to be encrypted and a current dynamic key;
encrypting the target data based on the dynamic key and the encryption algorithm to obtain intermediate encrypted data;
based on an insertion rule, inserting indication information into the intermediate state encrypted data to obtain complete state encrypted data, wherein the indication information is used for indicating the dynamic key;
encrypting the target data based on the dynamic key and the encryption algorithm to obtain intermediate state encrypted data, wherein the method comprises the following steps:
Encrypting the target data based on the dynamic key, the salt value and the encryption algorithm to obtain intermediate encrypted data;
the inserting the indication information into the intermediate state encrypted data based on the inserting rule to obtain the completion state encrypted data comprises the following steps:
and respectively inserting the indication information and the salt value into a first appointed position and a second appointed position of the intermediate state encrypted data to obtain the finished state encrypted data.
2. The method according to claim 1, wherein the inserting the indication information and the salt value into the intermediate state encrypted data based on the insertion rule to obtain the completion state encrypted data includes:
dividing the indication information into a first number of equal-length indication information segments, and dividing the salt value into a second number of equal-length salt value segments;
and inserting each indication information segment and each salt value segment into each designated position of the intermediate state encrypted data respectively based on the arrangement sequence of each indication information segment in the indication information, the arrangement sequence of each salt value segment in the salt value and the arrangement sequence of a plurality of designated positions to obtain the completion state encrypted data.
3. The method according to claim 1, wherein the inserting the indication information and the salt value into the intermediate state encrypted data based on the insertion rule to obtain the completion state encrypted data includes:
based on a fusion rule, fusing the indication information and the salt value to obtain fusion data;
and based on an insertion rule, inserting the fusion data into the intermediate state encrypted data to obtain the finished state encrypted data.
4. A method according to any of claims 1-3, characterized in that the indication information is the dynamic key or an identification of the dynamic key.
5. A method of data processing, the method comprising:
acquiring completion state encryption data;
based on the extraction rule, carrying out data extraction in the finished state encryption data to obtain extracted data and residual data after the data extraction;
determining indication information based on the extracted data, and determining intermediate state encryption data based on the data remained after the data extraction, wherein the indication information is used for indicating a dynamic key;
decrypting the intermediate state encrypted data based on a decryption algorithm and a dynamic key corresponding to the indication information to obtain target data;
Determining a salt value based on the extracted data;
the decrypting the intermediate encrypted data based on the decryption algorithm and the dynamic key corresponding to the indication information to obtain target data comprises the following steps:
decrypting the intermediate state encrypted data based on a decryption algorithm, the salt value and a dynamic key corresponding to the indication information to obtain target data;
the extracting the data in the completion state encrypted data based on the extraction rule comprises the following steps:
based on the extraction rule, extracting data at a third designated position and a fourth designated position in the finished encrypted data;
the determining indication information based on the extracted data includes:
determining the data extracted from the third designated position as indication information;
the determining a salt value based on the extracted data includes:
and determining the data extracted from the fourth designated position as a salt value.
6. The method of claim 5, wherein the extracting data in the completion state encrypted data based on the extraction rule comprises:
based on the extraction rule, extracting data at a plurality of designated positions in the completion state encryption data;
The determining indication information based on the extracted data includes:
acquiring data extracted from N specified positions in a plurality of specified positions, and combining the data extracted from the N specified positions to obtain indication information;
the determining a salt value based on the extracted data includes:
and acquiring data extracted from M specified positions except the N specified positions in the specified positions, and combining the data extracted from the M specified positions to obtain a salt value.
7. The method of claim 5, wherein determining the indication information based on the extracted data and determining the salt value based on the extracted data comprises:
and separating the extracted data based on a separation rule to obtain indication information and a salt value.
8. The method according to any of claims 5-7, wherein the indication information is the dynamic key or an identification of the dynamic key.
CN202111272782.0A 2021-10-29 2021-10-29 Data processing method, device and equipment Active CN114124469B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111272782.0A CN114124469B (en) 2021-10-29 2021-10-29 Data processing method, device and equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111272782.0A CN114124469B (en) 2021-10-29 2021-10-29 Data processing method, device and equipment

Publications (2)

Publication Number Publication Date
CN114124469A CN114124469A (en) 2022-03-01
CN114124469B true CN114124469B (en) 2023-08-29

Family

ID=80379501

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111272782.0A Active CN114124469B (en) 2021-10-29 2021-10-29 Data processing method, device and equipment

Country Status (1)

Country Link
CN (1) CN114124469B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114978746B (en) * 2022-06-10 2024-06-07 中国电信股份有限公司 Data encryption transmission method and device and electronic equipment

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109428710A (en) * 2017-08-22 2019-03-05 深圳光启智能光子技术有限公司 Data transmission method, device, storage medium and processor
CN112866237A (en) * 2021-01-15 2021-05-28 广州Tcl互联网小额贷款有限公司 Data communication method, device, equipment and storage medium
CN113515752A (en) * 2020-04-09 2021-10-19 腾讯科技(深圳)有限公司 Information encryption method, decryption method, device and electronic equipment

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7539305B2 (en) * 2004-03-05 2009-05-26 International Business Machines Corporation Schryption method and device
FR2892583B1 (en) * 2005-10-21 2008-01-25 Centre Nat Rech Scient SECURE DATA TRANSMISSION METHOD

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109428710A (en) * 2017-08-22 2019-03-05 深圳光启智能光子技术有限公司 Data transmission method, device, storage medium and processor
CN113515752A (en) * 2020-04-09 2021-10-19 腾讯科技(深圳)有限公司 Information encryption method, decryption method, device and electronic equipment
CN112866237A (en) * 2021-01-15 2021-05-28 广州Tcl互联网小额贷款有限公司 Data communication method, device, equipment and storage medium

Also Published As

Publication number Publication date
CN114124469A (en) 2022-03-01

Similar Documents

Publication Publication Date Title
CN110768787B (en) Data encryption and decryption method and device
CN109471844A (en) File sharing method, device, computer equipment and storage medium
CN106817358B (en) Encryption and decryption method and device for user resources
CN105490711A (en) Bluetooth automatic connection method, master device, slave device, and system
CN113032357A (en) File storage method and device and server
CN110929291A (en) Method and device for accessing text file and computer readable storage medium
CN108173885B (en) Data encryption method, data decryption method and related devices
CN114285575B (en) Image encryption and decryption method and device, storage medium and electronic device
CN111404892B (en) Data supervision method and device and server
CN111144872A (en) Transaction code generation method, transaction code based processing method, device and system
CN111228819B (en) Method, device and equipment for protecting Shader
CN114124469B (en) Data processing method, device and equipment
CN115603907A (en) Method, device, equipment and storage medium for encrypting storage data
CN116662941A (en) Information encryption method, device, computer equipment and storage medium
US20200044838A1 (en) Data encryption method and system using device authentication key
CN110545542B (en) Main control key downloading method and device based on asymmetric encryption algorithm and computer equipment
CN108985109B (en) Data storage method and device
CN111931204A (en) Encryption and de-duplication storage method and terminal equipment for distributed system
CN110968885A (en) Model training data storage method and device, electronic equipment and storage medium
CN107172165B (en) Data synchronization method and device
JP6493402B2 (en) Addition device, deletion device, addition request device, data search system, data search method, and computer program
CN112685756B (en) Data writing and reading method, device, medium and equipment
CN114697025B (en) Data encryption and decryption method and related equipment
CN111147481B (en) Data processing system, method, device, medium and equipment
CN116132159B (en) Data encryption method, device, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant