CN114282254A - Encryption and decryption method and device, and electronic equipment - Google Patents
Encryption and decryption method and device, and electronic equipment Download PDFInfo
- Publication number
- CN114282254A CN114282254A CN202111647903.5A CN202111647903A CN114282254A CN 114282254 A CN114282254 A CN 114282254A CN 202111647903 A CN202111647903 A CN 202111647903A CN 114282254 A CN114282254 A CN 114282254A
- Authority
- CN
- China
- Prior art keywords
- key
- target
- data
- feature data
- types
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The embodiment of the application discloses an encryption method, a decryption method, an encryption device, a decryption device and electronic equipment, wherein the encryption method comprises the following steps: acquiring at least two types of feature data and encryption algorithms corresponding to the at least two types of feature data respectively; the encryption algorithms corresponding to different types of feature data are different; encrypting the corresponding characteristic data according to the obtained encryption algorithm to obtain key components corresponding to the characteristic data of at least two types; generating a first target key according to key components corresponding to at least two types of feature data respectively; and encrypting the data to be encrypted according to the first target key to obtain encrypted data. The technical scheme of the embodiment of the application can improve the difficulty of being cracked.
Description
Technical Field
The application relates to the technical field of information security, in particular to an encryption method, a decryption method, an encryption device, a decryption device and electronic equipment.
Background
In the traditional key multi-terminal cooperative computing protection, a key is generated by combining multiple parties, each party generates respective key components and independently stores the key components, the multiple parties use the respective key components to cooperatively complete cryptographic computation during use, and any party cannot obtain a complete key at any time, so that the risk of leakage of the key during storage of the party is reduced. However, each party adopts a uniform key encryption mode when generating the key components, and such an encryption mode is easy to find out the rule, thereby facing the risk of gradually cracking the password.
Disclosure of Invention
In order to solve the above technical problems, embodiments of the present application provide an encryption method and apparatus, a decryption method and apparatus, and an electronic device, and aim to solve the technical problem that an existing encryption method is easy to be cracked.
Other features and advantages of the present application will be apparent from the following detailed description, or may be learned by practice of the application.
According to an aspect of an embodiment of the present application, there is provided an encryption method, including:
acquiring at least two types of feature data and encryption algorithms corresponding to the at least two types of feature data respectively; the encryption algorithms corresponding to different types of feature data are different;
encrypting the corresponding characteristic data according to the obtained encryption algorithm to obtain key components corresponding to the at least two types of characteristic data respectively;
generating a first target key according to the key components corresponding to the at least two types of feature data;
and encrypting data to be encrypted according to the first target key to obtain encrypted data.
According to an aspect of an embodiment of the present application, there is provided a decryption method including:
acquiring at least two types of feature data and encryption algorithms corresponding to the at least two types of feature data respectively; the encryption algorithms corresponding to different types of feature data are different;
encrypting the corresponding characteristic data according to the obtained encryption algorithm to obtain key components corresponding to the at least two types of characteristic data respectively;
generating a second target key according to the key components corresponding to the at least two types of feature data;
and decrypting the encrypted data according to the second target key to obtain decrypted data.
According to an aspect of an embodiment of the present application, there is provided an encryption apparatus including:
the first acquisition module is configured to acquire at least two types of feature data and encryption algorithms corresponding to the at least two types of feature data; the encryption algorithms corresponding to different types of feature data are different;
the first encryption module is configured to encrypt the corresponding feature data according to the obtained encryption algorithm to obtain key components corresponding to the at least two types of feature data;
the first generation module is configured to generate a first target key according to the key components corresponding to the at least two types of feature data;
and the second encryption module is configured to encrypt the data to be encrypted according to the first target key.
Further, the key component includes a public key component and a private key component; the first generation module includes:
the first obtaining submodule is configured to obtain a public key component and a private key component contained in each secret key component;
the first generation submodule is configured to generate a first target public key according to each public key component and generate a first target private key according to each private key component;
and the second generation submodule is configured to generate the first target secret key according to the first target public key and the first target private key.
Further, the first target secret key comprises a first target public key corresponding to the first target private key; the second encryption module comprises:
and the first encryption submodule is configured to encrypt data to be encrypted according to the first target public key to obtain the encrypted data.
Further, the at least two types of feature data include: feature data of the instruction type, feature data of the biometric type, and feature data of the storage medium type; the first encryption module comprises:
the second encryption submodule is configured to encrypt the characteristic data of the instruction type according to an encryption algorithm corresponding to the characteristic data of the instruction type to obtain a key component corresponding to the characteristic data of the instruction type; and the number of the first and second groups,
the third encryption submodule is configured to encrypt the feature data of the biological feature type according to an encryption algorithm corresponding to the feature data of the biological feature type to obtain a key component corresponding to the feature data of the biological feature type; and the number of the first and second groups,
and the fourth encryption submodule is configured to encrypt the characteristic data of the storage medium type according to an encryption algorithm corresponding to the characteristic data of the storage medium type to obtain a key component corresponding to the characteristic data of the storage medium type.
According to an aspect of an embodiment of the present application, there is provided a decryption apparatus including:
the second acquisition module is configured to acquire at least two types of feature data and encryption algorithms corresponding to the at least two types of feature data; the encryption algorithms corresponding to different types of feature data are different;
the third encryption module is configured to encrypt the corresponding feature data according to the obtained encryption algorithm to obtain key components corresponding to the at least two types of feature data;
the second generation module is configured to generate a second target key according to the key components corresponding to the at least two types of feature data;
and the decryption module is configured to decrypt the encrypted data according to the second target key to obtain decrypted data.
Further, the key component includes a public key component and a private key component; the second generation module includes:
the second obtaining submodule is configured to obtain a public key component and a private key component contained in each secret key component;
the third generation submodule is configured to generate a second target public key according to each public key component and generate a second target private key according to each private key component;
and the fourth generation submodule is configured to generate the second target secret key according to the second target public key and the second target private key.
Further, the second target secret key comprises a second target private key corresponding to the second target public key; the decryption module includes:
and the decryption submodule is configured to decrypt the encrypted data according to the second target private key to obtain the decrypted data.
According to an aspect of an embodiment of the present application, there is provided an electronic device including: one or more processors; storage means for storing one or more programs that, when executed by the one or more processors, cause the electronic device to implement the encryption method and the decryption method as described above.
According to an aspect of embodiments of the present application, there is provided a computer-readable storage medium having stored thereon computer-readable instructions which, when executed by a processor of a computer, cause the computer to execute an encryption method and a decryption method as described above.
According to an aspect of embodiments herein, there is provided a computer program product or computer program comprising computer instructions stored in a computer readable storage medium. The processor of the computer device reads the computer instructions from the computer-readable storage medium, and the processor executes the computer instructions to cause the computer device to perform the encryption method and the decryption method provided in the various alternative embodiments described above.
In the technical scheme of the encryption method provided by the embodiment of the application, in the process of generating the first target key, the first target key is generated according to a plurality of key components of various feature data, each key component has a critical influence on the final first target key, and the cryptographic algorithm for realizing the final first target key is diversified in a multi-key component multi-level joint cooperation mode without rules and circulation, so that the difficulty of being cracked is improved. Meanwhile, in the decryption method, the first target key obtained by the encryption mode is encrypted, and the second target key can be obtained for decryption only after the corresponding key component is required to be obtained.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the application.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present application and together with the description, serve to explain the principles of the application. It is obvious that the drawings in the following description are only some embodiments of the application, and that for a person skilled in the art, other drawings can be derived from them without inventive effort. In the drawings:
FIG. 1 is a schematic illustration of an implementation environment to which the present application relates;
FIG. 2 is a flow chart of an encryption method to which the present application relates;
FIG. 3 is a flow chart of a decryption method to which the present application relates;
FIG. 4 is a block diagram of an encryption apparatus to which the present application relates;
fig. 5 is a block diagram of a decryption apparatus to which the present application relates;
FIG. 6 is a schematic block diagram of a computer system suitable for use in implementing an electronic device according to embodiments of the present application.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present application. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present application, as detailed in the appended claims.
The block diagrams shown in the figures are functional entities only and do not necessarily correspond to physically separate entities. I.e. these functional entities may be implemented in the form of software, or in one or more hardware modules or integrated circuits, or in different networks and/or processor means and/or microcontroller means.
The flow charts shown in the drawings are merely illustrative and do not necessarily include all of the contents and operations/steps, nor do they necessarily have to be performed in the order described. For example, some operations/steps may be decomposed, and some operations/steps may be combined or partially combined, so that the actual execution sequence may be changed according to the actual situation.
It should also be noted that: reference to "a plurality" in this application means two or more. "and/or" describe the association relationship of the associated objects, meaning that there may be three relationships, e.g., A and/or B may mean: a exists alone, A and B exist simultaneously, and B exists alone. The character "/" generally indicates that the former and latter associated objects are in an "or" relationship.
Referring to fig. 1, fig. 1 is a schematic diagram of an implementation environment related to the present application. Fig. 1 includes a Mobile intelligent Terminal password component (MST-CC) and a Server Side encryption component (SS-CC), where information can be exchanged between the Mobile intelligent Terminal password component and the Server Side password component in a Mobile communication process; the Mobile application of the Mobile intelligent Terminal calls a Software interface of a Mobile intelligent Terminal password component through a Mobile intelligent Terminal password component Software Development Kit (MST-CC SDK); the mobile intelligent terminal password component runs in an independent process space of an operating system, and the mobile application exchanges information with the mobile intelligent terminal password component through an inter-process communication mechanism of the operating system. And the mobile intelligent terminal password component obtains corresponding key data by processing between the password following function and the security chip. The safety chip is a device which can independently generate a secret key, encrypt and decrypt, is internally provided with an independent processor and a storage unit, can store the secret key and characteristic data, and provides encryption and safety authentication services for a computer. The encryption is carried out by a security chip, the key is stored in hardware, and stolen data cannot be decrypted, so that the business privacy and the data security are protected.
In fig. 1, a mobile intelligent terminal password component sends a key generation request to a server side encryption component, the key generation request includes various feature data, the server side encryption component receives the key generation request, analyzes the feature data therein, processes the feature data through an encryption method to generate a first target key, sends a first target public key in the first target key to the mobile intelligent terminal password component after the generation, the mobile intelligent terminal password component also generates the first target key through the encryption method, and after the generation, the mobile intelligent terminal and the server side can perform encryption transmission of data with each other. At the mobile intelligent terminal, a mobile intelligent terminal password component software development kit sends a key pair generation request to a password function, the password function generates a trusted user page to acquire feature data input by a user, after the feature data are acquired, the password function generates a key pair generation instruction and sends the key pair generation instruction to a security chip, the security chip generates a first target key according to the key pair generation instruction and encrypts and stores the first target key, meanwhile, a first target public key in the first target key is sent to the password function, and the password function sends the first target public key to the mobile intelligent terminal password component software development kit.
The above is a description of the mobile intelligent terminal password component located in the mobile intelligent terminal and the server side password component located in the server side in the mobile communication process.
Fig. 2 is a flow chart illustrating an encryption method according to an example embodiment. The method can be applied to the implementation environment shown in fig. 1, and is specifically executed by the security chip and the cryptographic function in the embodiment environment shown in fig. 1.
As shown in fig. 2, in an exemplary embodiment, the encryption method may include steps S210 to S240, which are described in detail as follows:
step S210, acquiring at least two types of feature data and encryption algorithms corresponding to the at least two types of feature data respectively; the encryption algorithms corresponding to different types of feature data are different;
step S220, encrypting the corresponding characteristic data according to the obtained encryption algorithm to obtain key components corresponding to at least two types of characteristic data;
step S230, generating a first target key according to the key components corresponding to the at least two types of feature data;
step S240, encrypting the data to be encrypted according to the first target key to obtain encrypted data.
In this embodiment, as in step S210, at least two kinds of feature data are obtained, where each kind of feature data corresponds to one encryption algorithm, such as encryption algorithms of domestic cryptographic algorithms SM1, SM2, SM3, and SM4, which are identified by the national crypto authority, and may also be other encryption algorithms. Among the above encryption algorithms, the SM1 algorithm is symmetric encryption; the SM2 algorithm is asymmetric encryption; the SM3 algorithm is a message digest; the SM4 algorithm is a packet data algorithm of the wireless local area network standard.
As the step S220, each feature data is processed by the encryption algorithm corresponding to each feature data to obtain the corresponding key component, and one feature data obtains one key component.
As the step S230, the obtained at least two key components are further processed by an encryption algorithm to obtain the first target key, specifically, any one of the encryption algorithms such as SM1, SM2, SM3, and SM4 may be used for processing. Further, in the encryption algorithm for processing the multiple key components in this embodiment, one encryption algorithm may be fixed to process the multiple key components to obtain the first target key, for example, the SM2 algorithm is used for processing, the encryption strength is 256 bits, and in the obtained first target key, the first target public key is 64 bytes, and the first target private key is 32 bytes; and a corresponding encryption algorithm can be dynamically determined according to the specific type of the private key component for processing.
As the above step S240, the data to be encrypted is encrypted according to the obtained first target key, so as to obtain corresponding encrypted data.
In this embodiment, in the process of generating the first target key, the first target key is generated according to a plurality of key components of a plurality of feature data, each key component has a critical influence on the final first target key, and the cryptographic algorithm for realizing the final first target key is diversified and has no regularity in a multi-key component multi-level joint cooperation manner, so that the difficulty of being cracked is improved.
In an exemplary embodiment, the key component includes a public key component and a private key component; generating a first target key according to key components corresponding to at least two types of feature data respectively, wherein the key components comprise:
acquiring a public key component and a private key component contained in each secret key component;
generating a first target public key according to each public key component, and generating a first target private key according to each private key component;
and generating a first target secret key according to the first target public key and the first target private key.
In this embodiment, each key component includes a corresponding public key component and a corresponding private key component, all the public key components are processed to obtain a first target public key, and all the private key components are processed to obtain a first target private key. In the same key component, the public key component and the private key component are presented in different forms, for example, when the public key component is a character, the private key component can be data or a fingerprint, and by using the public key component and the private key component in different forms, no rule can be followed between the public key component and the private key component, so that the cracking difficulty is improved, and meanwhile, the first target public key and the first target private key in the finally generated first target key are presented in different forms.
In an exemplary embodiment, the first target key comprises a first target public key corresponding to the first target private key; encrypting data to be encrypted according to the first target key to obtain encrypted data, wherein the encrypting process comprises the following steps:
and encrypting the data to be encrypted according to the first target public key to obtain encrypted data.
In this embodiment, after the first target key is obtained, the data to be encrypted is encrypted by the first target public key of the first target key to obtain encrypted data, and subsequently, the encrypted data is decrypted by the first target private key to obtain the data to be encrypted.
In an exemplary embodiment, the at least two types of feature data include: feature data of the instruction type, feature data of the biometric type, and feature data of the storage medium type; encrypting the corresponding feature data according to the obtained encryption algorithm to obtain the key components corresponding to the feature data of at least two types respectively, comprising:
encrypting the characteristic data of the instruction type according to an encryption algorithm corresponding to the characteristic data of the instruction type to obtain a key component corresponding to the characteristic data of the instruction type; and the number of the first and second groups,
encrypting the characteristic data of the biological characteristic type according to an encryption algorithm corresponding to the characteristic data of the biological characteristic type to obtain a key component corresponding to the characteristic data of the biological characteristic type; and the number of the first and second groups,
and encrypting the characteristic data of the storage medium type according to an encryption algorithm corresponding to the characteristic data of the storage medium type to obtain a key component corresponding to the characteristic data of the storage medium type.
In this embodiment, the feature data of the instruction type is set mobile phone passwords, the feature data of the biometric type includes feature data related to human biometric features such as fingerprints, human faces, irises, palmprints, hand shapes, veins, or human ears, the feature data of the storage medium type may include physical storage media such as a U shield, and different types of feature data are processed by selecting different encryption algorithms. When generating each key component, each feature data may be processed simultaneously, or may be processed in a predetermined order.
In an embodiment, at least two kinds of feature data are obtained, each kind of feature data may include one or more feature data, for example, a mobile phone instruction password in the feature data of the instruction type is obtained, and then a fingerprint and a human face in the feature data of the biometric type are obtained, where two kinds of feature data are obtained, but three feature data are involved, the three feature data are processed through a corresponding encryption algorithm to obtain corresponding key components, and the plurality of key components may be stored in different places during storage, or may be stored in the same place, and during storage, both are encrypted for storage.
Fig. 3 is a flow chart illustrating a decryption method according to an example embodiment. The method can be applied to the implementation environment shown in fig. 1, and is specifically executed by the security chip and the cryptographic function in the embodiment environment shown in fig. 1.
Referring to fig. 3, an exemplary embodiment of the present application provides a decryption method, including:
step S310, acquiring at least two types of feature data and encryption algorithms corresponding to the at least two types of feature data respectively; the encryption algorithms corresponding to different types of feature data are different;
step S320, encrypting the corresponding characteristic data according to the obtained encryption algorithm to obtain key components corresponding to the characteristic data of at least two types;
step S330, generating a second target key according to the key components corresponding to the at least two types of feature data;
step S340, decrypting the encrypted data according to the second target key to obtain decrypted data.
In this embodiment, feature data input by a user is obtained, and similarly, each feature data may include one or more feature data. And processing each characteristic data by a corresponding encryption method in the same way as in the encryption method, processing each characteristic data by a corresponding encryption algorithm in the same way as in the encryption method, and obtaining a corresponding key component by processing each characteristic data by the corresponding encryption algorithm. And processing all the key components through an encryption algorithm to obtain a second target key, wherein the encryption method and the decryption method are mutually corresponding, and what encryption algorithm is adopted in the encryption algorithm to process the key components, and what encryption algorithm is also adopted in the decryption method to process the key components. After the second target key is obtained, the encrypted data can be decrypted to obtain decrypted data, and the decrypted data is the same as the data to be encrypted in the encryption method. In the decryption process, a second target key is also required to be generated according to a plurality of key components of various characteristic data, each key component has a critical influence on the final second target key, and the cryptographic algorithm for realizing the final second target key is diversified in a multi-key component multi-level combined cooperation mode, so that no rule can be followed, and the difficulty of being cracked is improved.
In an exemplary embodiment, the key component includes a public key component and a private key component; generating a second target key according to the key components corresponding to the at least two types of feature data, including:
acquiring a public key component and a private key component contained in each secret key component;
generating a second target public key according to each public key component, and generating a second target private key according to each private key component;
and generating a second target secret key according to the second target public key and the second target private key.
In this embodiment, after obtaining the key component formed by the feature data input by the user, the second target public key and the second target private key in the second target key need to be obtained, and the second target public key and the second target private key are obtained by respectively calculating the public key component and the private key component of each key component. Further, when decryption is performed, the second target private key can be directly obtained without calculating the second target public key. In the same key component, the public key component and the private key component are presented in different forms, for example, when the public key component is a character, the private key component can be data or a fingerprint, and by using the public key component and the private key component in different forms, no rule can be followed between the public key component and the private key component, so that the cracking difficulty is improved, and meanwhile, a second target public key and a second target private key in a finally generated second target key are presented in different forms.
In an exemplary embodiment, the second target key comprises a second target private key corresponding to the second target public key; decrypting the encrypted data according to the second target key to obtain decrypted data, comprising:
and decrypting the encrypted data according to the second target private key to obtain decrypted data.
In this embodiment, the second target private key is obtained through the private key components of each key component input by the user, the private key components are different types of feature data, and decryption is performed through the second target private key, so that decryption is not easy to crack in the decryption process.
In an embodiment, the above decryption method may be applied to a mobile application, and the mobile application sequentially initiates a request for generating a key pair to a cryptographic function for each key component separately through a cryptographic component client software development kit (MST-CC SDK) of the mobile intelligent terminal. The method comprises the steps that a password function generates credible user pages step by step according to the output of key components, each generated page needs user authorization to confirm current operation, namely decryption operation is carried out on each key component, specifically, after characteristic data is input into one credible user page, the characteristic data can pass through the credible user page to regenerate a next credible user page, a key pair generation request initiated to the password function can sequentially pass through the previous credible user page, then a key pair generation request is initiated to the password function according to the next key component, then the credible user page is generated according to the key pair generation request, all the key pair generation requests can be sent to the password function, and after the password function passes through one credible user page, the next credible user page is directly generated according to the request. And after each key component is authorized by the user, the password function sends an operation instruction and a confirmation instruction to the security chip in sequence according to the received different key pair instructions. And after the security chip receives each key component to confirm the authorization, processing each key component through an encryption algorithm to obtain a second target key, and analyzing the second target key to determine whether decryption is passed.
In an embodiment, the encryption and decryption method is applied to a mobile application terminal of a mobile phone for digital signature, the mobile application initiates a request for digital signature of a user to a cryptographic function, and in the sent request, the transmitted content includes a key identifier, a fingerprint, data information to be signed, and the like. The system generates a credible user interface through a password function according to a user request, requests an administrator to recheck a request page initiated by the user, simultaneously rechecks data information to be signed by the user, and authorizes the administrator to execute a signature function of the request after the user passes the verification. After the user side receives an authorization passing instruction of an administrator, the password function generates a credible page, and the user is required to input biological characteristics such as PIN codes, fingerprints and face recognition corresponding to the corresponding key components. After the user inputs the key and successfully unlocks, the password function sends an authentication instruction of the user to the security chip. The safety chip verifies the authentication information of the user and returns the verification result to the requesting user. If the authentication is successful, then the cryptographic function sends a signature command to the security chip to reconfirm the command. The security chip carries out digital signature on the data information to be signed by requesting a user to carry out digital signature on a first target private key of a specified first target secret key. And storing the signature result into a key generation page system. And finally, the user enters the system operation flow by confirming the passed signature data. In the digital signature process, each key component may be uniform data, or may be a uniform character or fingerprint, and may be randomly set by a requesting user.
In an embodiment, fingerprint feature data, face feature data and a Personal Identification Number (PIN) code of a Subscriber Identity Module (SIM) card are obtained, the fingerprint feature data are processed through an SM1 encryption algorithm to obtain a first key component, the face feature data are processed through an SM2 encryption algorithm to obtain a second key component, the PIN code is processed through an SM3 encryption algorithm to obtain a third key component, the first key component, the second key component and the third key component are processed through an SM2 algorithm to obtain a first target key, and the data to be encrypted are encrypted by using the first target key. The key components are obtained by using different characteristic data and different encryption algorithms, and the first target key is obtained according to the key components, so that no rule exists among the key components, and the cracking difficulty is improved.
Referring to fig. 4, an exemplary embodiment of the present application provides an encryption apparatus, including:
a first obtaining module 410 configured to obtain at least two types of feature data and encryption algorithms corresponding to the at least two types of feature data; the encryption algorithms corresponding to different types of feature data are different;
the first encryption module 420 is configured to encrypt the corresponding feature data according to the obtained encryption algorithm to obtain key components corresponding to at least two types of feature data;
a first generating module 430, configured to generate a first target key according to the key components corresponding to the at least two types of feature data;
the second encryption module 440 is configured to encrypt the data to be encrypted according to the first target key.
In an exemplary embodiment, the key component includes a public key component and a private key component; a first generation module 430, comprising:
the first obtaining submodule is configured to obtain a public key component and a private key component contained in each secret key component;
the first generation submodule is configured to generate a first target public key according to each public key component and generate a first target private key according to each private key component;
and the second generation submodule is configured to generate a first target secret key according to the first target public key and the first target private key.
In an exemplary embodiment, the first target key comprises a first target public key corresponding to the first target private key; a second encryption module 440, comprising:
and the first encryption submodule is configured to encrypt the data to be encrypted according to the first target public key to obtain encrypted data.
In an exemplary embodiment, the at least two types of feature data include: feature data of the instruction type, feature data of the biometric type, and feature data of the storage medium type; a first encryption module 420 comprising:
the second encryption submodule is configured to encrypt the characteristic data of the instruction type according to an encryption algorithm corresponding to the characteristic data of the instruction type to obtain a key component corresponding to the characteristic data of the instruction type; and the number of the first and second groups,
the third encryption submodule is configured to encrypt the characteristic data of the biological characteristic type according to an encryption algorithm corresponding to the characteristic data of the biological characteristic type to obtain a key component corresponding to the characteristic data of the biological characteristic type; and the number of the first and second groups,
and the fourth encryption submodule is configured to encrypt the characteristic data of the storage medium type according to an encryption algorithm corresponding to the characteristic data of the storage medium type to obtain a key component corresponding to the characteristic data of the storage medium type.
It should be noted that the encryption apparatus provided in the foregoing embodiment and the encryption method provided in the foregoing embodiment belong to the same concept, and the specific manner in which each module and sub-module perform operations has been described in detail in the method embodiment, and is not described herein again.
Referring to fig. 5, an exemplary embodiment of the present application provides a decryption apparatus, including:
a second obtaining module 510, configured to obtain at least two types of feature data, and an encryption algorithm corresponding to each of the at least two types of feature data; the encryption algorithms corresponding to different types of feature data are different;
a third encryption module 520, configured to encrypt the corresponding feature data according to the obtained encryption algorithm, so as to obtain key components corresponding to at least two types of feature data;
a second generating module 530 configured to generate a second target key according to the key components corresponding to the at least two types of feature data;
and the decryption module 540 is configured to decrypt the encrypted data according to the second target key to obtain decrypted data.
In an exemplary embodiment, the key component includes a public key component and a private key component; a second generating module 530 comprising:
the second obtaining submodule is configured to obtain a public key component and a private key component contained in each secret key component;
the third generation submodule is configured to generate a second target public key according to each public key component and generate a second target private key according to each private key component;
and the fourth generation submodule is configured to generate a second target secret key according to the second target public key and the second target private key.
In an exemplary embodiment, the second target key comprises a second target private key corresponding to the second target public key; a decryption module 540, comprising:
and the decryption submodule is configured to decrypt the encrypted data according to the second target private key to obtain decrypted data.
It should be noted that the decryption apparatus provided in the foregoing embodiment and the decryption method provided in the foregoing embodiment belong to the same concept, and the specific manner in which each module and sub-module performs operations has been described in detail in the method embodiment, and is not described herein again.
An embodiment of the present application further provides an electronic device, including: one or more processors; a storage device for storing one or more programs, which when executed by the one or more processors, cause the electronic device to implement the encryption or decryption method provided in the above-described embodiments.
FIG. 6 illustrates a schematic structural diagram of a computer system suitable for use in implementing the electronic device of an embodiment of the present application.
It should be noted that the computer system 600 of the electronic device shown in fig. 6 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present application.
As shown in fig. 6, the computer system 600 includes a Central Processing Unit (CPU)601, which can perform various appropriate actions and processes, such as executing the methods described in the above embodiments, according to a program stored in a Read-Only Memory (ROM) 602 or a program loaded from a storage section 608 into a Random Access Memory (RAM) 603. In the RAM 603, various programs and data necessary for system operation are also stored. The CPU 601, ROM 602, and RAM 603 are connected to each other via a bus 604. An Input/Output (I/O) interface 605 is also connected to bus 604.
The following components are connected to the I/O interface 605: an input portion 606 including a keyboard, a mouse, and the like; an output section 607 including a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, a speaker, and the like; a storage section 608 including a hard disk and the like; and a communication section 609 including a Network interface card such as a LAN (Local Area Network) card, a modem, or the like. The communication section 609 performs communication processing via a network such as the internet. The driver 610 is also connected to the I/O interface 605 as needed. A removable medium 611 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 610 as necessary, so that a computer program read out therefrom is mounted in the storage section 608 as necessary.
In particular, according to embodiments of the application, the processes described above with reference to the flow diagrams may be implemented as computer software programs. For example, embodiments of the present application include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising a computer program for performing the method illustrated by the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network through the communication section 609, and/or installed from the removable medium 611. When the computer program is executed by a Central Processing Unit (CPU)601, various functions defined in the system of the present application are executed.
It should be noted that the computer readable medium shown in the embodiments of the present application may be a computer readable signal medium or a computer readable storage medium or any combination of the two. The computer readable storage medium may be, for example, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a Read-Only Memory (ROM), an Erasable Programmable Read-Only Memory (EPROM), a flash Memory, an optical fiber, a portable Compact Disc Read-Only Memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present application, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In this application, however, a computer readable signal medium may include a propagated data signal with a computer program embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. The computer program embodied on the computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wired, etc., or any suitable combination of the foregoing.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present application. Each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The units described in the embodiments of the present application may be implemented by software, or may be implemented by hardware, and the described units may also be disposed in a processor. Wherein the names of the elements do not in some way constitute a limitation on the elements themselves.
Yet another aspect of the present application provides a computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements a method as described above. The computer-readable storage medium may be included in the electronic device described in the above embodiment, or may exist separately without being incorporated in the electronic device.
Another aspect of the application also provides a computer program product or computer program comprising computer instructions stored in a computer readable storage medium. The processor of the computer device reads the computer instructions from the computer-readable storage medium, and the processor executes the computer instructions to cause the computer device to perform the methods provided in the various embodiments described above.
The above description is only a preferred exemplary embodiment of the present application, and is not intended to limit the embodiments of the present application, and those skilled in the art can easily make various changes and modifications according to the main concept and spirit of the present application, so that the protection scope of the present application shall be subject to the protection scope of the claims.
Claims (10)
1. A method of encryption, the method comprising:
acquiring at least two types of feature data and encryption algorithms corresponding to the at least two types of feature data respectively; the encryption algorithms corresponding to different types of feature data are different;
encrypting the corresponding characteristic data according to the obtained encryption algorithm to obtain key components corresponding to the at least two types of characteristic data respectively;
generating a first target key according to the key components corresponding to the at least two types of feature data;
and encrypting data to be encrypted according to the first target key to obtain encrypted data.
2. The method of claim 1, wherein the key component comprises a public key component and a private key component; generating a first target key according to the key components corresponding to the at least two types of feature data, including:
acquiring a public key component and a private key component contained in each secret key component;
generating a first target public key according to each public key component, and generating a first target private key according to each private key component;
and generating the first target secret key according to the first target public key and the first target private key.
3. The method of claim 1, wherein the first target key comprises a first target public key corresponding to a first target private key; the encrypting the data to be encrypted according to the first target key to obtain encrypted data includes:
and encrypting data to be encrypted according to the first target public key to obtain the encrypted data.
4. The method of claim 1, wherein the at least two types of feature data comprise: feature data of the instruction type, feature data of the biometric type, and feature data of the storage medium type; the encrypting the corresponding feature data according to the obtained encryption algorithm to obtain the key components corresponding to the at least two types of feature data respectively comprises:
encrypting the characteristic data of the instruction type according to an encryption algorithm corresponding to the characteristic data of the instruction type to obtain a key component corresponding to the characteristic data of the instruction type; and the number of the first and second groups,
encrypting the feature data of the biological feature type according to an encryption algorithm corresponding to the feature data of the biological feature type to obtain a key component corresponding to the feature data of the biological feature type; and the number of the first and second groups,
and encrypting the characteristic data of the storage medium type according to an encryption algorithm corresponding to the characteristic data of the storage medium type to obtain a key component corresponding to the characteristic data of the storage medium type.
5. A method of decryption, the method comprising:
acquiring at least two types of feature data and encryption algorithms corresponding to the at least two types of feature data respectively; the encryption algorithms corresponding to different types of feature data are different;
encrypting the corresponding characteristic data according to the obtained encryption algorithm to obtain key components corresponding to the at least two types of characteristic data respectively;
generating a second target key according to the key components corresponding to the at least two types of feature data;
and decrypting the encrypted data according to the second target key to obtain decrypted data.
6. The method of claim 5, wherein the key component comprises a public key component and a private key component; generating a second target key according to the key components corresponding to the at least two types of feature data, including:
acquiring a public key component and a private key component contained in each secret key component;
generating a second target public key according to each public key component, and generating a second target private key according to each private key component;
and generating the second target secret key according to the second target public key and the second target private key.
7. The method of claim 5, wherein the second target key comprises a second target private key corresponding to a second target public key; the decrypting the encrypted data according to the second target key to obtain decrypted data includes:
and decrypting the encrypted data according to the second target private key to obtain the decrypted data.
8. An encryption apparatus, comprising:
the first acquisition module is configured to acquire at least two types of feature data and encryption algorithms corresponding to the at least two types of feature data; the encryption algorithms corresponding to different types of feature data are different;
the first encryption module is configured to encrypt the corresponding feature data according to the obtained encryption algorithm to obtain key components corresponding to the at least two types of feature data;
the first generation module is configured to generate a first target key according to the key components corresponding to the at least two types of feature data;
and the second encryption module is configured to encrypt the data to be encrypted according to the first target key.
9. A decryption apparatus, comprising:
the second acquisition module is configured to acquire at least two types of feature data and encryption algorithms corresponding to the at least two types of feature data; the encryption algorithms corresponding to different types of feature data are different;
the third encryption module is configured to encrypt the corresponding feature data according to the obtained encryption algorithm to obtain key components corresponding to the at least two types of feature data;
the second generation module is configured to generate a second target key according to the key components corresponding to the at least two types of feature data;
and the decryption module is configured to decrypt the encrypted data according to the second target key to obtain decrypted data.
10. An electronic device, comprising:
one or more processors;
storage means for storing one or more programs that, when executed by the one or more processors, cause the electronic device to implement the encryption method of any one of claims 1 to 4 and the decryption method of any one of claims 5 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111647903.5A CN114282254A (en) | 2021-12-29 | 2021-12-29 | Encryption and decryption method and device, and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111647903.5A CN114282254A (en) | 2021-12-29 | 2021-12-29 | Encryption and decryption method and device, and electronic equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114282254A true CN114282254A (en) | 2022-04-05 |
Family
ID=80878560
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111647903.5A Pending CN114282254A (en) | 2021-12-29 | 2021-12-29 | Encryption and decryption method and device, and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114282254A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116132035A (en) * | 2023-02-03 | 2023-05-16 | 广州万协通信息技术有限公司 | High-performance password operation method and device based on multi-parameter dynamic adjustment |
-
2021
- 2021-12-29 CN CN202111647903.5A patent/CN114282254A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116132035A (en) * | 2023-02-03 | 2023-05-16 | 广州万协通信息技术有限公司 | High-performance password operation method and device based on multi-parameter dynamic adjustment |
| CN116132035B (en) * | 2023-02-03 | 2024-04-12 | 广州万协通信息技术有限公司 | High-performance password operation method and device based on multi-parameter dynamic adjustment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108810029B (en) | Authentication system and optimization method between micro-service architecture services | |
| CN107079034B (en) | Identity authentication method, terminal equipment, authentication server and electronic equipment | |
| EP4016920A1 (en) | Confidential authentication and provisioning | |
| CN111431719A (en) | Mobile terminal password protection module, mobile terminal and password protection method | |
| CN109981562B (en) | Software development kit authorization method and device | |
| US20200021448A1 (en) | Public-private key pair account login and key manager | |
| CN104660412A (en) | Password-less security authentication method and system for mobile equipment | |
| CN110505055B (en) | External network access identity authentication method and system based on asymmetric key pool pair and key fob | |
| CN110138548B (en) | Quantum communication service station key negotiation method and system based on asymmetric key pool pair and DH protocol | |
| CN112232814A (en) | Encryption and decryption method of payment key, payment authentication method and terminal equipment | |
| CN112766962A (en) | Method for receiving and sending certificate, transaction system, storage medium and electronic device | |
| DK2414983T3 (en) | Secure computer system | |
| CN110519222B (en) | External network access identity authentication method and system based on disposable asymmetric key pair and key fob | |
| CN110572392A (en) | Identity authentication method based on HyperLegger network | |
| CN111241492A (en) | Product multi-tenant secure credit granting method, system and electronic equipment | |
| CN114501431A (en) | Message transmission method and device, storage medium and electronic equipment | |
| CN112039857B (en) | Calling method and device of public basic module | |
| KR20200016506A (en) | Method for Establishing Anonymous Digital Identity | |
| CN114282254A (en) | Encryption and decryption method and device, and electronic equipment | |
| Sarkar et al. | A multi-instance cancelable fingerprint biometric based secure session key agreement protocol employing elliptic curve cryptography and a double hash function | |
| CN117081736A (en) | Key distribution method, key distribution device, communication method, and communication device | |
| CN115442037A (en) | Account management method, device, equipment and storage medium | |
| CN114036546A (en) | Identity verification method and device based on mobile phone number, computer equipment and medium | |
| CN110113152B (en) | Quantum communication service station key negotiation method and system based on asymmetric key pool pair and digital signature | |
| CN110176997B (en) | Quantum communication service station AKA key negotiation method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |