CN114531284A - Data encryption method and device, electronic equipment and storage medium - Google Patents
Data encryption method and device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN114531284A CN114531284A CN202210115092.2A CN202210115092A CN114531284A CN 114531284 A CN114531284 A CN 114531284A CN 202210115092 A CN202210115092 A CN 202210115092A CN 114531284 A CN114531284 A CN 114531284A
- Authority
- CN
- China
- Prior art keywords
- encryption
- target
- ciphertext
- original
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 86
- 238000004422 calculation algorithm Methods 0.000 claims abstract description 95
- 238000012545 processing Methods 0.000 claims abstract description 60
- 230000006870 function Effects 0.000 claims description 24
- 230000004044 response Effects 0.000 claims description 7
- 238000004590 computer program Methods 0.000 claims description 4
- 238000010586 diagram Methods 0.000 description 7
- 230000008569 process Effects 0.000 description 6
- 238000012795 verification Methods 0.000 description 4
- 238000004364 calculation method Methods 0.000 description 3
- 238000005336 cracking Methods 0.000 description 3
- 230000009193 crawling Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 150000003839 salts Chemical class 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 125000004122 cyclic group Chemical group 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000014509 gene expression Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0478—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/951—Indexing; Web crawling techniques
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Databases & Information Systems (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- Physics & Mathematics (AREA)
- Software Systems (AREA)
- Medical Informatics (AREA)
- Data Mining & Analysis (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the application provides a data encryption method, a data encryption device, electronic equipment and a storage medium, wherein the method comprises the following steps: acquiring original data to be encrypted; encrypting the original data based on a target encryption algorithm to obtain a plurality of intermediate ciphertexts, wherein the target encryption algorithm is obtained by carrying out user-defined processing on an encryption logic of the original encryption algorithm; and obtaining a target ciphertext according to the plurality of intermediate ciphertexts. The method can solve the problem that ciphertext generation rules are easy to reversely analyze when data are encrypted based on a single encryption algorithm in the prior art, and the problems that the network crawler causes pressure on a server and possible user privacy data leakage is effectively reduced by generating encryption parameters based on the data encryption algorithm to perform anti-crawler processing.
Description
Technical Field
The embodiment of the disclosure relates to the technical field of information security, and more particularly, to a data encryption method, device, electronic device and computer-readable storage medium.
Background
With the continuous development of internet technology, in order to obtain data conveniently, a web crawler (webcrawler) is widely applied by people, and although circulation and propagation of internet information can be accelerated to a certain degree, the web crawler can also cause too much pressure on a server because of a large amount of accesses to the server when crawling data, and meanwhile, private data leakage is easily caused by the excessive use of the web crawler.
In order to ensure the security of data, the anti-crawler method commonly used at present is an encryption parameter verification method, that is, an encryption parameter is added to a data request sent to a server by a terminal device, the server verifies the encryption parameter after receiving the data request, and the server normally responds only when the verification is passed.
However, in the above method, a specific content is generally encrypted based on a single encryption algorithm to obtain an encryption parameter, so that an encrypted value obtained by encryption, that is, a ciphertext is generally fixed, the algorithm characteristic is obvious, and a crawler engineer can easily analyze a generation rule of the encryption parameter through reverse analysis, so that a reverse crawling limitation is broken through, and risks are brought to server pressure and user privacy data.
Disclosure of Invention
An object of the present disclosure is to provide a new technical solution for data encryption, so as to solve the problem that a ciphertext generation rule is easily analyzed reversely when data is encrypted based on a single encryption algorithm, thereby reducing the pressure of a web crawler on a server and the problem of user privacy data leakage which may be caused.
In a first aspect of the present disclosure, a data encryption method is provided, where the method includes:
acquiring original data to be encrypted;
encrypting the original data based on a target encryption algorithm to obtain a plurality of intermediate ciphertexts, wherein the target encryption algorithm is obtained by carrying out user-defined processing on an encryption logic of the original encryption algorithm;
and obtaining a target ciphertext according to the plurality of intermediate ciphertexts.
In a second aspect of the present disclosure, there is provided an anti-crawler method applied to a terminal device, including:
acquiring an original request to be sent, wherein the original request comprises at least one original request parameter;
generating first data to be encrypted according to a request address corresponding to the original request and the at least one original request parameter;
encrypting the first data to be encrypted based on the method of the first aspect of the disclosure, and taking the obtained ciphertext as a target encryption parameter;
obtaining a target request according to the original request and the target encryption parameter;
and sending the target request to a server.
In a third aspect of the present disclosure, there is provided another anti-crawler method applied to a server, including:
receiving a target request sent by terminal equipment, wherein the target request comprises at least one original request parameter and a target encryption parameter;
generating second data to be encrypted according to a request address corresponding to the target request and the at least one original request parameter;
encrypting the second data to be encrypted based on the method of the second aspect of the present disclosure, and taking the obtained ciphertext as a check ciphertext;
and checking whether the target encryption parameter is consistent with the check ciphertext, acquiring a response message corresponding to the target request under the condition of consistent check, and sending the response message to the terminal equipment.
In a fourth aspect of the present disclosure, there is provided a data encryption apparatus, the apparatus including:
the original data acquisition module is used for acquiring original data to be encrypted;
the intermediate ciphertext obtaining module is used for encrypting the original data based on a target encryption algorithm to obtain a plurality of intermediate ciphertexts, wherein the target encryption algorithm is obtained by performing user-defined processing on an encryption logic of the original encryption algorithm;
and the target ciphertext obtaining module is used for obtaining the target ciphertext according to the plurality of intermediate ciphertexts.
In a fifth aspect of the present disclosure, there is also provided an electronic device, including:
a memory for storing executable instructions;
a processor configured to execute the electronic device according to the control of the instruction to perform the method of the first, second, or third aspect of the disclosure.
In a sixth aspect of the present disclosure, there is also provided a computer-readable storage medium storing a computer program readable and executable by a computer, the computer program being configured to, when read and executed by the computer, perform the method according to the first, second or third aspect of the present disclosure.
One beneficial effect of the embodiment of the present disclosure is that, according to the embodiment of the present disclosure, for original data to be encrypted, firstly, the original data is encrypted by a target encryption algorithm obtained after user-defined processing is performed on the basis of an encryption logic of the original encryption algorithm, so as to obtain a plurality of intermediate ciphertexts; and then, acquiring a final target ciphertext based on the plurality of intermediate ciphertexts. The method is different from a method for encrypting data based on a single encryption algorithm in the prior art, and the method carries out user-defined processing on the encryption logic of an original encryption algorithm, so that on one hand, the complexity of intermediate ciphertexts obtained by encryption can be improved, on the other hand, a target cipher text is generated according to a plurality of obtained intermediate ciphertexts, the problem that the cipher texts obtained by the existing encryption algorithm during encryption processing are relatively fixed can be avoided, the problem that the cipher texts are reversely analyzed to obtain a generation rule can be avoided, the encryption parameters are generated based on the data encryption algorithm to carry out anti-crawler processing, and the pressure of a network crawler on a server and the problem of possible leakage of user privacy data can be effectively reduced.
Other features of the present description and advantages thereof will become apparent from the following detailed description of exemplary embodiments thereof, which proceeds with reference to the accompanying drawings.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments of the specification and together with the description, serve to explain the principles of the specification.
Fig. 1 is a schematic flow chart of a data encryption method according to an embodiment of the present disclosure.
Fig. 2 is a schematic diagram of a single encryption logic process of an encryption algorithm provided by an embodiment of the present disclosure.
Fig. 3 is a schematic flow chart of an anti-crawler method according to an embodiment of the present disclosure.
FIG. 4 is a schematic flow chart of another anti-crawler method provided by the embodiments of the present disclosure
Fig. 5 is a schematic block diagram of a data encryption apparatus provided in an embodiment of the present disclosure.
Fig. 6 is a schematic diagram of a hardware structure of an electronic device provided in an embodiment of the present disclosure.
Detailed Description
Various exemplary embodiments of the present disclosure will now be described in detail with reference to the accompanying drawings. It should be noted that: the relative arrangement of the components and steps, the numerical expressions and numerical values set forth in these embodiments do not limit the scope of the present invention unless specifically stated otherwise.
The following description of at least one exemplary embodiment is merely illustrative in nature and is in no way intended to limit the invention, its application, or uses.
Techniques, methods, and apparatus known to those of ordinary skill in the relevant art may not be discussed in detail but are intended to be part of the specification where appropriate.
In all examples shown and discussed herein, any particular value should be construed as merely illustrative, and not limiting. Thus, other examples of the exemplary embodiments may have different values.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, further discussion thereof is not required in subsequent figures.
< method embodiment I >
Please refer to fig. 1, which is a flowchart illustrating a data encryption method according to an embodiment of the disclosure. The method may be implemented by an electronic device, which may be a terminal device or a server, and is not particularly limited herein.
As shown in fig. 1, the method of the present embodiment may include the following steps S1100-S1300, which are described in detail below.
Step S1100, original data to be encrypted is acquired.
The original data may be any data to be encrypted.
Specifically, the original data may be user password, text, video, and other data when the user logs in the network platform, and is not particularly limited herein.
In one embodiment, in an anti-crawler scenario, the raw data may be data content for generating an encryption parameter, and in this scenario, the raw data may be generated according to a request address, that is, a URL, and content such as a request parameter, corresponding to a data request to be sent by a terminal device. For example, the URL corresponding to the data request to be sent by the terminal device is "https:// www.xxx.com/api/", and the original request parameter in the data request is: if param1 is val1 and param2 is val2, the original data may be obtained by concatenating the request address and the original request parameter, i.e. the original data may be in the form of "https:// www.xxx.com/api/param1 ═ val1param2 ═ val 2".
Step S1200, encrypting the original data based on a target encryption algorithm to obtain a plurality of intermediate ciphertexts, wherein the target encryption algorithm is obtained by performing user-defined processing on the encryption logic of the original encryption algorithm; and executing step S1300 to obtain a target ciphertext according to the plurality of intermediate ciphertexts.
The original encryption algorithm may be an existing algorithm for encrypting data, for example, an information digest algorithm, such as MD5 algorithm, or an algorithm such as a symmetric encryption algorithm or an asymmetric encryption algorithm; in the embodiments of the present disclosure, the original encryption algorithm is exemplified as the MD5 algorithm in the message digest algorithm, unless otherwise specified.
Specifically, in the existing anti-crawler method, the terminal device may encrypt data based on the MD5 algorithm to generate encryption parameters. However, due to the popularization of the MD5 algorithm and the free property of the MD5 algorithm, various programming languages encapsulate the data well, so that when a user encrypts the data based on the MD5 algorithm, the user usually does not pay attention to the bottom implementation of the data but directly uses the interface encapsulated based on each programming language, which is convenient for the user to use, but because the length of a ciphertext obtained by encrypting the data by using the MD5 algorithm is usually fixed, that is, 128 bits, the data length of an encryption parameter in a data request is easy to cause a crawler engineer to easily separate the data obtained by encrypting the data based on the MD5 algorithm, thereby breaking through the limitation of anti-crawler measures; especially, under the condition that the ciphertext after the first MD5 calculation, the ciphertext after the second MD5 calculation, and even the ciphertext after 3 times of MD5 calculation of the existing common password are all calculated and arranged in a rainbow table (RainbowTable), the anti-crawler method which takes the ciphertext obtained by the encryption based on the existing MD5 algorithm as the encryption parameter is easier to crack by a crawler engineer.
For this reason, in the embodiments of the present disclosure, in order to increase the difficulty of breaking the ciphertext to ensure the security of the data, in one embodiment, the target encryption algorithm may be obtained by performing at least one of the following user-defined processes on the encryption logic of the MD5 algorithm: the first item: performing self-defining processing on at least one of an initial value of a link variable of the MD5 algorithm, a plaintext block, a constant block and a shift number used in each encryption circulating logic processing; the second term is: the method comprises the steps of obtaining a target encryption function, and adding processing of circularly encrypting data based on the target encryption function to encryption circular logic processing by modifying the circular times of an original encryption function under the condition that the total circular times of the encryption circular logic processing of the MD5 algorithm is not changed, wherein the target encryption function is a nonlinear function different from the original encryption function.
The principle of the MD5 algorithm is specifically: the MD5 code processes the input data in 512-bit packets and cycles through each 512-bit packet for processing, and when processing each 512-bit packet, further divides it into 16 32-bit sub-packets, and after a series of encryption cycle logic processing, splices the output four 32-bit packets into a 128-bit hash value as the ciphertext of the input data.
Generally, the MD5 algorithm can be divided into four steps: the four steps are briefly described below, namely, processing the original text, setting an initial value, and circularly processing and splicing the results.
Processing the original text, namely performing filling processing on the input data so that the input data meets the processing rule of the MD5 algorithm, specifically, taking a bit as a unit, performing remainder on the binary length of the input data and 512, and determining whether the request result is equal to 448, if so, indicating that the input data meets the processing rule; otherwise, the input data needs to be filled to satisfy the processing rule.
Setting an initial value refers to setting an initial value of a link variable of the MD5 encryption loop logic process, and typically, the initial values of the link variables of the MD5 algorithm are a ═ 0x67452301, B ═ 0 xefctab 89, C ═ 0x98BADCFE, and D ═ 0x10325476, respectively.
Referring to fig. 2, the round processing refers to dividing input data into 512 bits as a packet, and performing encryption round logic processing for each packet a preset number of times, i.e., 64 times, respectively, in the single encryption logic processing shown in fig. 2, performing encryption operation based on initialized four linked variables, 4 original encryption functions F (), a plaintext block M, a constant block K, and different shift numbers, performing a next round of operation by taking a value of A, B, C, D obtained in the current round as an initial value of 4 linked variables in a next round, and adding A, B, C, D obtained after all rounds and the initial value A, B, C, D to obtain a final encrypted value.
In the loop processing step, the 4 original encryption functions are FF (X, Y, Z) ═ X & Y ((-X) & Z), GG (X, Y, Z) | (X & Z) | (Y & (— -Z)), HH (X, Y, Z) ═ X ^ Y ^ Z, and II (X, Y, Z) ═ Y ^ (X ^ Z)), and each loop of the function is executed 16 times.
The concatenation result is a ciphertext obtained by adding the result obtained by performing encryption cyclic logic processing on the last 512 packets and the value of the initial link variable of the result and then performing concatenation on the result to obtain the input data.
The above is a simple description of the principle of the conventional MD5 algorithm, and the detailed processing procedure thereof is not described herein again. In the embodiment of the present disclosure, in order to improve the difficulty of ciphertext cracking, the target encryption algorithm may be obtained by customizing a link variable in the existing MD5 algorithm, that is, an initial value of the most initial A, B, C, D, and performing user-defined processing on a plaintext block, a constant block, a shift number, and the like used in each encryption loop logic processing, and may also be obtained by customizing a target encryption function JJ (X, Y, Z) ═((Y ^ Z) & X) ^ Z), and adding the user-defined target encryption function to the encryption loop logic processing by modifying the cycle number of the original encryption function under the condition that the total cycle number of the original encryption loop logic processing is ensured to be unchanged, that is, still 64, so as to obtain the target encryption algorithm.
For example, in the original MD5 algorithm, 4 original encryption functions FF (), GG (), HH (), II () each loop 16 times, and for this purpose, data can be subjected to encryption processing based on the target encryption function JJ () in the last four loops by changing the loop times of the 4 original encryption functions to the respective loops 15 times to obtain the target encryption algorithm.
After the user-defined processing is performed on the encryption logic of the original encryption algorithm according to any one of the above methods to obtain the target encryption algorithm, in specific implementation, the original data can be directly encrypted once or multiple times based on the target encryption algorithm, and the obtained ciphertext is used as the target ciphertext. For example, the original data may be encrypted once based on the target encryption algorithm to obtain ciphertext 1, the ciphertext 1 may be encrypted again, and the process may be repeated for a plurality of times, and the ciphertext obtained by the repeated encryption may be used as the final target ciphertext. However, although the difficulty of breaking the ciphertext can be improved to a certain extent, the length of the ciphertext obtained by the method is still relatively fixed, namely, 128 is still obtained, and the possibility of breaking the ciphertext still exists.
To solve this problem, in one embodiment, before the encrypting the original data based on the target encryption algorithm, the method further includes: acquiring a random character string, and splicing the random character string and the original data based on a third preset rule to obtain updated original data, wherein the random character string comprises a millisecond-level time stamp representing the current time; in this embodiment, the encrypting the original data based on the target encryption algorithm to obtain a plurality of intermediate ciphertexts includes: and carrying out encryption processing on the updated original data based on a target encryption algorithm to obtain a plurality of intermediate ciphertexts.
That is, in order to increase the randomness of the encrypted content, after the original data is obtained, a random character string may be obtained before the encryption processing, and the random character string may be concatenated with the original data, for example, the random character string may be concatenated after the original data to increase the randomness of the encrypted content, so that the ciphertext obtained after each encryption processing may be different even for the same original data.
For example, in an anti-crawler scenario, after the original data is obtained by splicing the request address and all original request parameters corresponding to the data request, the current timestamp may be spliced after the original data to update the original data and increase the randomness of the original data, that is, in the case that the original data is "https:// www.xxx.com/api/param1 ═ val1param2 ═ val 2", the original data may be updated to https:// www.xxx.com/api/param1 ═ val1param2 ═ val2timestamp 1642570636000 by splicing the timestamp at the current time.
The above describes how to update the original data by taking a millisecond-level timestamp representing the current time as an example, so as to increase the randomness of the original data; in a specific implementation, the random character string may also be generated based on other random algorithms, and is not particularly limited herein.
In one embodiment, the encrypting the original data based on the target encryption algorithm to obtain a plurality of intermediate ciphertexts includes: encrypting the original data based on a target encryption algorithm to obtain a first ciphertext; splicing the first ciphertext and the preset ciphertext according to a first preset rule to obtain first data to be encrypted; encrypting the first data based on a target encryption algorithm to obtain a second ciphertext; and obtaining a target ciphertext according to the first ciphertext, the second ciphertext and a preset ciphertext.
Specifically, in order to further improve the difficulty of cracking the obtained target ciphertext and ensure the security of the user data, in specific implementation, the original data may be encrypted for one time based on a target encryption algorithm to obtain a first ciphertext, that is, hash1, and then, when performing secondary encryption, a preset character string may be spliced on the first ciphertext, that is, "salt" is added as first data to be encrypted, and then, the first data to which the "salt" is added is encrypted continuously to obtain a second ciphertext, that is, hash 2. In this embodiment, the splicing processing is performed on the first ciphertext and the preset ciphertext according to the first preset rule, which may be to splice the preset ciphertext before, after, or in the middle of the first ciphertext, and this is not particularly limited; in addition, the preset cipher text may be a character string composed of both large and small letters, numerals, english symbols, and chinese symbols, and may be in the form of "td 9# Kn _ p7 vUw", for example.
After the first ciphertext and the second ciphertext are obtained through the processing, the target ciphertext is obtained according to the first ciphertext, the second ciphertext and the preset ciphertext, and the first ciphertext, the second ciphertext and the preset ciphertext may be spliced according to a second preset rule to obtain the target ciphertext.
Specifically, the first ciphertext hash1, the second ciphertext hash2 and the preset ciphertext may be spliced together in sequence, so that the target ciphertext is hash1+ hash2+ preset ciphertext. Of course, in specific implementation, the first ciphertext, the second ciphertext, and the preset ciphertext may be spliced based on other manners, for example, in a case that the length of the preset ciphertext is short, the hash1 and the hash2 may be alternatively spliced after the preset ciphertext is spliced, where the splicing manner is not particularly limited.
As can be seen from the above description, the length of the target ciphertext obtained by the method according to this embodiment is the length of hash1+ the length of hash2+ the length of the preset ciphertext, that is, the length of 128 bits + the length of the preset ciphertext, which can hide the feature that the length of the ciphertext obtained by encrypting based on the existing MD5 algorithm is fixed to 128 bits, thereby further improving the difficulty in cracking the target ciphertext.
The data encryption method provided in the embodiment of the present disclosure is described in detail above, and in specific implementation, the data encryption method may be applied to a crawler-resistant scenario, specifically, when a terminal device sends an original request for requesting data to a server, the original request to be sent is obtained, first data to be encrypted is generated according to a request address corresponding to the original request and at least one original looper request parameter included in the original request, and then, the first data to be encrypted is encrypted based on the data encryption method provided in the embodiment of the present disclosure, and an obtained ciphertext is used as a target encryption parameter; the target request may then be generated by adding the target encryption parameter to the original request, and by sending the target request to the server.
In this scenario, after receiving the target request sent by the terminal device, the server may first generate second encrypted data based on a request address corresponding to the target request and other original request parameters in the target request except for the target encryption parameter, encrypt the second encrypted data based on the data encryption method provided by the embodiment of the present disclosure, and use the obtained packet as a verification ciphertext; then, whether the data request sent by the terminal equipment is a normal request or a request sent by a web crawler can be determined by checking whether the target encryption parameter is consistent with the check ciphertext, if the data request sent by the terminal equipment is consistent with the request sent by the web crawler, the data request is not sent by the web crawler, and at the moment, the server can normally respond to the target request and send the obtained response message to the terminal equipment; if the two are not consistent, it indicates that the target request may be a data request sent by the web crawler, and the server may not respond to the target request at this time.
It should be noted that, in specific implementation, if a random character string is spliced in original data, for example, a millisecond-level character string representing current time is spliced, in the process of obtaining a target encryption parameter and generating a target request, the terminal device needs to use the random character string as a request parameter at the same time, so that after obtaining the target request, a server can obtain a check ciphertext based on the same data to check the target request, and a detailed processing procedure of the random character string is not described herein again.
It should be noted that, how to apply the data encryption method is described above by taking the application of the data encryption method to a crawler-resistant scene as an example, when the data encryption method is specifically implemented, the data encryption method may also be applied to other scenes, for example, to a verification scene of a file and a video transmitted through a network, so as to ensure that the file and the video are completely transmitted.
In summary, in the data encryption method provided in the embodiments of the present disclosure, for original data to be encrypted, firstly, the original data is encrypted through a target encryption algorithm obtained after performing user-defined processing on an encryption logic of the original encryption algorithm, so as to obtain a plurality of intermediate ciphertexts; and then, acquiring a final target ciphertext based on the plurality of intermediate ciphertexts. The method is different from a method for encrypting data based on a single encryption algorithm in the prior art, and the method carries out user-defined processing on the encryption logic of an original encryption algorithm, so that on one hand, the complexity of intermediate ciphertexts obtained by encryption can be improved, on the other hand, a target cipher text is generated according to a plurality of obtained intermediate ciphertexts, the problem that the cipher texts obtained by the existing encryption algorithm during encryption processing are relatively fixed can be avoided, the problem that the cipher texts are reversely analyzed to obtain a generation rule can be avoided, the encryption parameters are generated based on the data encryption algorithm to carry out anti-crawler processing, and the pressure of a network crawler on a server and the problem of possible leakage of user privacy data can be effectively reduced.
< method example two >
Please refer to fig. 3, which is a flowchart illustrating a method for anti-crawler according to an embodiment of the present disclosure, where the method may be applied to a terminal device, for example, a mobile phone, a tablet computer, a personal computer, and other devices.
As shown in fig. 3, the method comprises steps S3100-S3500:
step S3100, acquiring an original request to be sent, where the original request includes at least one original request parameter.
Step S3200, generating first data to be encrypted according to the request address corresponding to the original request and the at least one original request parameter.
Step S3300, perform encryption processing on the first data to be encrypted based on any one of the methods in the method embodiments, and use the obtained ciphertext as a target encryption parameter.
And step S3400, obtaining a target request according to the original request and the target encryption parameter.
Step S3500, sending the target request to a server.
< method example III >
Please refer to fig. 4, which is a flowchart illustrating another anti-crawler method according to an embodiment of the disclosure, and the method can be applied to a server.
As shown in fig. 4, the method includes steps S4100-S4400:
step S4100, receiving a target request sent by a terminal device, where the target request includes at least one original request parameter and a target encryption parameter.
Step S4200, generating second data to be encrypted according to the request address corresponding to the target request and the at least one original request parameter.
Step S4300, based on any one of the method embodiments, encrypts the second data to be encrypted, and uses the obtained ciphertext as a check ciphertext.
Step S4400 checks whether the target encryption parameter and the check ciphertext are consistent, and obtains a response message corresponding to the target request when the check ciphertext is consistent, and sends the response message to the terminal device.
< apparatus embodiment >
Corresponding to the first method embodiment, in this embodiment, a data encryption apparatus is further provided, and as shown in fig. 5, the apparatus 500 may include an original data obtaining module 510, an intermediate ciphertext obtaining module 520, and a target ciphertext obtaining module 530.
The original data obtaining module 510 is configured to obtain original data to be encrypted; the intermediate ciphertext obtaining module 520 is configured to perform encryption processing on the original data based on a target encryption algorithm to obtain a plurality of intermediate ciphertexts, where the target encryption algorithm is obtained by performing user-defined processing on an encryption logic of an original encryption algorithm; the target ciphertext obtaining module 530 is configured to obtain a target ciphertext according to the plurality of intermediate ciphertexts.
< apparatus embodiment >
In this embodiment, there is also provided an electronic device, as shown in fig. 6, the electronic device 600 may include a processor 620 and a memory 610, the memory 610 being configured to store executable instructions; the processor 620 is configured to operate the electronic device to perform a method according to any of the embodiments of the present disclosure, according to the control of the instructions.
< computer-readable storage Medium embodiment >
The present embodiments provide a computer-readable storage medium having stored therein an executable command, which when executed by a processor, performs the method described in any of the method embodiments of the present specification.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present description. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of instructions, which comprises one or more executable instructions for implementing the specified logical function(s). In some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions. It is well known to those skilled in the art that implementation by hardware, implementation by software, and implementation by a combination of software and hardware are equivalent.
The foregoing description of the embodiments of the present specification has been presented for purposes of illustration and description, but is not intended to be exhaustive or limited to the embodiments disclosed. Many modifications and variations will be apparent to those of ordinary skill in the art without departing from the scope and spirit of the described embodiments. The terminology used herein is chosen in order to best explain the principles of the embodiments, the practical application, or improvements made to the technology in the marketplace, or to enable others of ordinary skill in the art to understand the embodiments disclosed herein. The scope of the application is defined by the appended claims.
Claims (10)
1. A method for data encryption, comprising:
acquiring original data to be encrypted;
encrypting the original data based on a target encryption algorithm to obtain a plurality of intermediate ciphertexts, wherein the target encryption algorithm is obtained by carrying out user-defined processing on an encryption logic of the original encryption algorithm;
and obtaining a target ciphertext according to the plurality of intermediate ciphertexts.
2. The method of claim 1, wherein the encrypting the original data based on the target encryption algorithm to obtain a plurality of intermediate ciphertexts comprises:
encrypting the original data based on the target encryption algorithm to obtain a first ciphertext;
splicing the first ciphertext and a preset ciphertext according to a first preset rule to obtain first data to be encrypted;
encrypting the first data based on the target encryption algorithm to obtain a second ciphertext;
and obtaining the target ciphertext according to the first ciphertext, the second ciphertext and the preset ciphertext.
3. The method of claim 2, wherein obtaining the target ciphertext according to the first ciphertext, the second ciphertext, and the predetermined ciphertext comprises:
and splicing the first ciphertext, the second ciphertext and the preset ciphertext according to a second preset rule to obtain the target ciphertext.
4. The method of claim 1, wherein the original encryption algorithm comprises the MD5 algorithm; the target encryption algorithm is obtained by performing at least one of the following user-defined processing on the encryption logic of the MD5 algorithm:
performing self-defining processing on at least one of an initial value of a link variable of the MD5 algorithm, a plaintext block, a constant block and a shift number used in each encryption circulating logic processing;
the method comprises the steps of obtaining a target encryption function, and adding processing of circularly encrypting data based on the target encryption function to encryption circular logic processing by modifying the circulation times of an original encryption function under the condition that the total circulation times of the encryption circular logic processing of the MD5 algorithm are ensured to be unchanged, wherein the target encryption function is a nonlinear function different from the original encryption function.
5. The method of claim 1, wherein before the step of encrypting the original data based on the target encryption algorithm to obtain a plurality of intermediate ciphertexts, the method further comprises:
acquiring a random character string, and splicing the random character string and the original data based on a third preset rule to obtain updated original data, wherein the random character string comprises a millisecond-level timestamp representing the current time;
the encrypting the original data based on the target encryption algorithm to obtain a plurality of intermediate ciphertexts comprises:
and carrying out encryption processing on the updated original data based on a target encryption algorithm to obtain a plurality of intermediate ciphertexts.
6. The anti-crawler method is applied to terminal equipment and comprises the following steps:
acquiring an original request to be sent, wherein the original request comprises at least one original request parameter;
generating first data to be encrypted according to a request address corresponding to the original request and the at least one original request parameter;
carrying out encryption processing on the first data to be encrypted based on the method of any one of claims 1 to 5, and taking the obtained ciphertext as a target encryption parameter;
obtaining a target request according to the original request and the target encryption parameter;
and sending the target request to a server.
7. An anti-crawler method is applied to a server and comprises the following steps:
receiving a target request sent by terminal equipment, wherein the target request comprises at least one original request parameter and a target encryption parameter;
generating second data to be encrypted according to a request address corresponding to the target request and the at least one original request parameter;
carrying out encryption processing on the second data to be encrypted based on the method of any one of claims 1 to 5, and taking the obtained ciphertext as a check ciphertext;
and checking whether the target encryption parameter is consistent with the check ciphertext, acquiring a response message corresponding to the target request under the condition of consistent check, and sending the response message to the terminal equipment.
8. A data encryption apparatus, comprising:
the original data acquisition module is used for acquiring original data to be encrypted;
the intermediate ciphertext obtaining module is used for encrypting the original data based on a target encryption algorithm to obtain a plurality of intermediate ciphertexts, wherein the target encryption algorithm is obtained by performing user-defined processing on an encryption logic of the original encryption algorithm;
and the target ciphertext obtaining module is used for obtaining the target ciphertext according to the plurality of intermediate ciphertexts.
9. An electronic device, comprising:
a memory for storing executable instructions;
a processor configured to execute the electronic device to perform the method according to the control of the instruction, wherein the method is as claimed in any one of claims 1 to 7.
10. A computer-readable storage medium, in which a computer program is stored which is readable and executable by a computer, and which, when read by the computer, is adapted to perform the method according to any one of claims 1 to 7.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210115092.2A CN114531284B (en) | 2022-02-03 | 2022-02-03 | Data encryption method, device, electronic equipment and storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210115092.2A CN114531284B (en) | 2022-02-03 | 2022-02-03 | Data encryption method, device, electronic equipment and storage medium |
Publications (2)
Publication Number | Publication Date |
---|---|
CN114531284A true CN114531284A (en) | 2022-05-24 |
CN114531284B CN114531284B (en) | 2024-02-09 |
Family
ID=81622699
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202210115092.2A Active CN114531284B (en) | 2022-02-03 | 2022-02-03 | Data encryption method, device, electronic equipment and storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN114531284B (en) |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6141421A (en) * | 1996-12-10 | 2000-10-31 | Hitachi, Ltd. | Method and apparatus for generating hash value |
CN106911712A (en) * | 2017-03-31 | 2017-06-30 | 杭州翼兔网络科技有限公司 | A kind of encryption method and system for being applied to distributed system |
CN110995415A (en) * | 2019-12-31 | 2020-04-10 | 浪潮云信息技术有限公司 | Encryption algorithm based on MD5 algorithm |
CN111865909A (en) * | 2020-06-08 | 2020-10-30 | 西安电子科技大学 | SGX side channel attack defense method, system, medium, program and application |
-
2022
- 2022-02-03 CN CN202210115092.2A patent/CN114531284B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6141421A (en) * | 1996-12-10 | 2000-10-31 | Hitachi, Ltd. | Method and apparatus for generating hash value |
CN106911712A (en) * | 2017-03-31 | 2017-06-30 | 杭州翼兔网络科技有限公司 | A kind of encryption method and system for being applied to distributed system |
CN110995415A (en) * | 2019-12-31 | 2020-04-10 | 浪潮云信息技术有限公司 | Encryption algorithm based on MD5 algorithm |
CN111865909A (en) * | 2020-06-08 | 2020-10-30 | 西安电子科技大学 | SGX side channel attack defense method, system, medium, program and application |
Non-Patent Citations (2)
Title |
---|
朱芳;章坚武;: "基于网络处理器的VoIP网关设计", 杭州电子科技大学学报 * |
许颖;: "智能卡加密应用", 硅谷 * |
Also Published As
Publication number | Publication date |
---|---|
CN114531284B (en) | 2024-02-09 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107689869B (en) | User password management method and server | |
US10103888B2 (en) | Method of performing keyed-hash message authentication code (HMAC) using multi-party computation without Boolean gates | |
US10904231B2 (en) | Encryption using multi-level encryption key derivation | |
CN112788036B (en) | Identity verification method and device | |
CN114124480A (en) | Communication authentication method, server, client, electronic device and storage medium | |
CN112035827B (en) | Cipher data processing method, device, equipment and readable storage medium | |
WO2021137769A1 (en) | Method and apparatus for sending and verifying request, and device thereof | |
CN112272314B (en) | Method, device, equipment and medium for safely transmitting video in video network | |
CN115883052A (en) | Data encryption method, data decryption method, device and storage medium | |
CN115603907A (en) | Method, device, equipment and storage medium for encrypting storage data | |
CN111859435B (en) | Data security processing method and device | |
CN113572743A (en) | Data encryption and decryption method and device, computer equipment and storage medium | |
KR102421567B1 (en) | Internet access management service server capable of providing internet access management service based on terminal grouping and operating method thereof | |
CN114785524A (en) | Electronic seal generation method, device, equipment and medium | |
CN113114646B (en) | Risk parameter determination method and device, electronic equipment and storage medium | |
CN104901951A (en) | Mobile terminal based cipher data processing and interaction method in Web application | |
CN118282665A (en) | Quantum algorithm-based JWT signature generation method and related products | |
CN117632099A (en) | Multi-language calling method, device, equipment and medium based on application program interface | |
US8832450B2 (en) | Methods and apparatus for data hashing based on non-linear operations | |
Somaiya et al. | Implementation and evaluation of EMAES–A hybrid encryption algorithm for sharing multimedia files with more security and speed | |
CN117040750A (en) | Certificate request file generation method and device, electronic equipment and storage medium | |
CN114531284B (en) | Data encryption method, device, electronic equipment and storage medium | |
CN109995534B (en) | Method and device for carrying out security authentication on application program | |
CN112565156A (en) | Information registration method, device and system | |
CN113612799A (en) | Block chain hash encryption method and device based on SM2 algorithm |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |