CN115174758A

CN115174758A - Picture encryption method and device, electronic equipment and storage medium

Info

Publication number: CN115174758A
Application number: CN202210631068.4A
Authority: CN
Inventors: 徐永生
Original assignee: China Telecom Corp Ltd
Current assignee: China Telecom Corp Ltd
Priority date: 2022-06-06
Filing date: 2022-06-06
Publication date: 2022-10-11

Abstract

The embodiment of the invention provides a picture encryption method, a picture encryption device, electronic equipment and a storage medium, and relates to the field of network technology and security technology, wherein the method comprises the following steps: responding to a data encryption instruction, acquiring a target picture and a target IP address corresponding to the data encryption instruction, and converting the picture into a character string; determining a segmentation ratio for the character string, and segmenting the character string into a first data group and a second data group according to the segmentation ratio; and encrypting the first data group and the second data group according to the target IP address to generate a ciphertext corresponding to the target picture.

Description

Picture encryption method and device, electronic equipment and storage medium

Technical Field

The present invention relates to the field of network technologies and security technologies, and in particular, to a picture encryption method, a picture encryption apparatus, an electronic device, and a computer-readable storage medium.

Background

With the development of science and technology, network information technology has been rapidly developed, communication among people is greatly facilitated, and transmission of different types of information such as images, sounds and texts is involved in the communication process, so that a lot of personal privacy information is transmitted in a network, for example, picture information such as face pictures, electronic signatures and identity card pictures of face brushing authentication is easily leaked, so that lawbreakers steal the personal privacy information of users through some illegal means, and the data security is greatly reduced. In the related art, the data encryption of the picture is limited in use and is easy to crack, so that the safety of the private information of the user cannot be guaranteed.

Disclosure of Invention

The embodiment of the invention provides a picture encryption method and device, electronic equipment and a computer readable storage medium, and aims to solve or partially solve the problem that the security of user privacy information cannot be guaranteed due to the fact that the encryption of picture data is easy to crack in the related technology.

The embodiment of the invention discloses a picture encryption method, which comprises the following steps:

responding to a data encryption instruction, acquiring a target picture and a target IP address corresponding to the data encryption instruction, and converting the picture into a character string;

determining a segmentation ratio aiming at the character string, and segmenting the character string into a first data group and a second data group according to the segmentation ratio;

and encrypting the first data group and the second data group according to the target IP address to generate a ciphertext corresponding to the target picture.

Optionally, the dividing ratio at least includes a first ratio value and a second ratio value corresponding to the first ratio value, and the dividing the character string into a first data group and a second data group according to the dividing ratio includes:

acquiring the total number of the characters of the character string;

calculating a first segmentation number by adopting the first proportional value and the total number of the characters;

calculating a second segmentation number by adopting the second proportion value and the total number of the characters;

and extracting the characters with the number corresponding to the first segmentation number from the character string as a first data group according to the sequence of each character in the character string, and taking other characters except the first data group as a second data group corresponding to the second segmentation number.

Optionally, the target IP address includes a plurality of numbers, and the encrypting the first data group and the second data group according to the target IP address to generate a ciphertext corresponding to the target picture includes:

acquiring numerical values corresponding to all the numbers in the target IP address and forward sequence information;

encrypting the first data group and the second data group respectively according to the numerical value corresponding to each digit and forward sequence information to obtain a first encrypted data group corresponding to the first data group and a second encrypted data group corresponding to the second data group;

and exchanging and splicing the first encrypted data group and the second encrypted data group to generate a ciphertext corresponding to the target picture.

Optionally, the encrypting the first data group and the second data group according to the numerical value corresponding to each first number and the forward sequence information to obtain a first encrypted data group corresponding to the first data group and a second encrypted data group corresponding to the second data group respectively includes:

determining a first character according to the sequence of each character in the first data group and the forward sequence information, wherein the first character is determined by the number of bits corresponding to the numerical value corresponding to the first digit in the target IP address in the first data group, and the first digit is added after the first character to generate a current intermediate data group;

determining a second character according to the sequence of each character in the current intermediate data group and the forward sequence information and the number of bits corresponding to the numerical value corresponding to the next number in the target IP address in the current intermediate data group, and adding the next number after the second character to generate a new current intermediate data group;

executing the step of determining a second character according to the sequence of each character in the current intermediate data group and the forward sequence information, determining a digit number corresponding to a numerical value corresponding to a next digit in the target IP address in the current intermediate data group, adding the next digit after the second character, and generating a new current intermediate data group, wherein the execution is stopped until all digits of the target IP address are combined with the first data group, and a first encrypted data group corresponding to the first data group is generated;

determining a third character according to the sequence of each character in the second data group and the forward sequence information, wherein the digit number corresponding to the numerical value corresponding to the first digit in the target IP address in the second data group is added after the third character, and a current intermediate data group is generated;

determining a fourth character according to the sequence of each character in the current intermediate data group and the forward sequence information, wherein the digit number corresponding to the numerical value corresponding to the next digit in the target IP address in the current intermediate data group is determined, and the next digit is added after the fourth character;

and executing the step of determining a fourth character according to the sequence of each character in the current intermediate data group and the forward sequence information, determining a digit number corresponding to a numerical value corresponding to a next digit in the target IP address in the current intermediate data group, adding the next digit after the fourth character to generate a new current intermediate data group, and stopping executing until all digits of the target IP address are combined with the second data group, so as to generate a second encrypted data group corresponding to the second data group.

Optionally, the method further comprises:

and symmetrically encrypting the second division number by taking the first division number as a key to generate decryption information aiming at the ciphertext.

Optionally, the converting the target picture into a character string includes:

and converting the target picture into a file stream array, removing the blank space in the file stream array, and obtaining the character string corresponding to the target picture.

Optionally, the method further comprises:

decrypting the decryption information by adopting the first division number to obtain a second division number corresponding to the first division number;

calculating a second target division number corresponding to the second division number by adopting the total digits corresponding to all the digits in the target IP address and the second division number, dividing the ciphertext by adopting the second target division number to obtain a second encrypted data group, and taking the rest data as a first encrypted data group;

acquiring reverse sequence information corresponding to each number in the target IP address;

encrypting the first encrypted data group and the second encrypted data group respectively according to the numerical value corresponding to each number and the reverse sequence information to obtain a first data group corresponding to the first data group and a second data group corresponding to the second data group;

and combining the first data group and the second data group to obtain the digital string, and restoring the digital string into the target picture.

Optionally, the determining a segmentation ratio for the character string includes:

and acquiring the picture category of the target picture and the segmentation proportion corresponding to the picture category.

The embodiment of the invention also discloses a picture encryption device, which comprises:

the image conversion module is used for responding to a data encryption instruction, acquiring a target image and a target IP address corresponding to the data encryption instruction, and converting the image into a character string;

the character string segmentation module is used for determining the segmentation proportion of the character string and segmenting the character string into a first data group and a second data group according to the segmentation proportion;

and the data encryption module is used for encrypting the first data group and the second data group according to the target IP address to generate a ciphertext corresponding to the target picture.

Optionally, the segmentation scale at least includes a first scale value and a second scale value corresponding to the first scale value, and the string segmentation module is specifically configured to:

acquiring the total number of the characters of the character string;

calculating a first segmentation number by adopting the first proportion value and the total number of the characters;

and extracting characters with the number corresponding to the first segmentation number from the character string as a first data group according to the sequence of each character in the character string, and taking other characters except the first data group as a second data group corresponding to the second segmentation number.

Optionally, the target IP address includes a plurality of numbers, and the data encryption module is specifically configured to:

Optionally, the data encryption module is specifically configured to:

determining a first character according to the sequence of each character in the first data group and the forward sequence information and the number of bits corresponding to the numerical value corresponding to the first number in the target IP address in the first data group, and adding the first number after the first character to generate a current intermediate data group;

determining a second character according to the sequence of each character in the current intermediate data group and the forward sequence information, wherein the number of bits in the current intermediate data group corresponding to the numerical value corresponding to the next number in the target IP address is determined, and the next number is added after the second character to generate a new current intermediate data group;

and executing the step of determining a fourth character according to the sequence of each character in the current intermediate data group and the forward sequence information, and adding the next number after the fourth character to generate a new current intermediate data group, until all the numbers of the target IP address are combined with the second data group, stopping executing, and generating a second encrypted data group corresponding to the second data group.

Optionally, the method further comprises:

and the decryption information generation module is used for symmetrically encrypting the second division number by taking the first division number as a key to generate decryption information aiming at the ciphertext.

Optionally, the picture conversion module is specifically configured to:

Optionally, the method further comprises:

the information decryption module is used for decrypting the decryption information by adopting the first division number to obtain a second division number corresponding to the first division number;

the data segmentation module is used for calculating a second target segmentation number corresponding to the second segmentation number by adopting the total number of digits corresponding to each number in the target IP address and the second segmentation number, segmenting the ciphertext by adopting the second target segmentation number to obtain a second encrypted data group, and taking the rest data as a first encrypted data group;

the information acquisition module is used for acquiring reverse sequence information corresponding to each number in the target IP address;

a data group decryption module, configured to encrypt the first encrypted data group and the second encrypted data group according to the numerical value and the reverse order information corresponding to each of the numbers, respectively, to obtain a first data group corresponding to the first data group and a second data group corresponding to the second data group;

and the picture restoration module is used for combining the first data group and the second data group to obtain the numeric string and restoring the numeric string into the target picture.

Optionally, the character string segmentation module is specifically configured to:

and acquiring the picture category of the target picture and the segmentation ratio corresponding to the picture category.

The embodiment of the invention also discloses electronic equipment which comprises a processor, a communication interface, a memory and a communication bus, wherein the processor, the communication interface and the memory finish mutual communication through the communication bus;

the memory is used for storing a computer program;

the processor is configured to implement the method according to the embodiment of the present invention when executing the program stored in the memory.

Also disclosed is a computer-readable storage medium having instructions stored thereon, which, when executed by one or more processors, cause the processors to perform a method according to an embodiment of the invention.

The embodiment of the invention has the following advantages:

in the embodiment of the invention, a target picture and a target IP address corresponding to a data encryption instruction are obtained by responding to the data encryption instruction, the target picture is converted into a character string, then the division ratio for the character string can be determined, the character string is divided into a first data group and a second data group by the division ratio, then the first data group and the second data group can be respectively encrypted according to the target IP address to generate a ciphertext corresponding to the target picture, so that in the process of encrypting the picture, on one hand, the picture is encrypted after the corresponding data group is obtained by dividing according to the division ratio, and on the other hand, the picture encryption safety is improved, and on the other hand, the divided data groups are encrypted by the IP addresses, so that the same file obtains different encryption results under different IP addresses, the randomness of data encryption is improved, and the picture encryption safety is further improved.

Drawings

Fig. 1 is a flowchart illustrating steps of a method for encrypting a picture according to an embodiment of the present invention;

FIG. 2 is a schematic diagram of encrypted transmission of pictures provided in an embodiment of the present invention;

fig. 3 is a block diagram of an apparatus for encrypting a picture according to an embodiment of the present invention;

fig. 4 is a block diagram of an electronic device provided in an embodiment of the present invention.

Detailed Description

In order to make the aforementioned objects, features and advantages of the present invention comprehensible, embodiments accompanied with figures are described in further detail below.

As an example, with the development of science and technology, more and more personal privacy information is transmitted on the internet, for example, a face picture, an electronic signature, an identity card picture, etc. of face brushing authentication of a user are provided. In the related art, the data encryption of the picture is limited in use and is easy to crack, so that the safety of the user privacy information cannot be guaranteed. Among the disadvantages of the related image encryption techniques:

1. threshold segmentation: the method is sensitive to noise, has no obvious gray difference and no obvious overlapping segmentation of different target gray values, needs to be combined with other methods for use, and is limited in use;

2. edge segmentation: a better region structure cannot be obtained, contradictions exist between noise immunity and detection precision during edge detection, and if the precision is improved, the noise immunity is sacrificed;

3. image segmentation for cluster analysis: the traditional FCM (Fuzzy C-means, fuzzy clustering algorithm) does not consider spatial information, is sensitive to noise and uneven gray scale, and has high calculation cost.

Therefore, in the related art, besides the above disadvantages, the security of the private information of the user cannot be guaranteed due to easy cracking.

In contrast, one of the core invention points of the present invention is that after a picture is converted into a corresponding character string, the character string is divided according to a division ratio corresponding to the picture to obtain a corresponding first data group and a second data group, and the division ratio corresponding to the picture is used for dividing, so that the security of the encryption method can be improved, and the first data group and the second data group can be encrypted according to IP addresses corresponding to a storage or sending destination and the like, so that the same file can obtain different encryption results under different IP addresses, thereby improving the irregularity of data encryption and further improving the security of picture encryption.

Specifically, referring to fig. 1, a flowchart illustrating steps of a picture encryption method provided in an embodiment of the present invention is shown, which may specifically include the following steps:

step 101, responding to a data encryption instruction, acquiring a target picture and a target IP address corresponding to the data encryption instruction, and converting the picture into a character string;

the data encryption command may be an encryption command in a data storage process, or an encryption command in a data transmission process. For data storage, the data can be stored to the corresponding device; for data transmission, the data may be transmitted to a corresponding device, for example, the user terminal may store the data in a corresponding server, or the user terminal may transmit the data to a corresponding server, so that the server stores or processes the data sent by the user terminal, which is not limited by the present invention.

Optionally, the embodiment of the present invention may be applied to a user terminal, where the user terminal may send a corresponding picture to a server to store the picture or process the picture (for example, identify the content of the picture, etc.), before sending, the user terminal may encrypt the picture, and send the encrypted picture and corresponding decryption information to the server, so that after receiving the encrypted picture, the server may decrypt the picture according to the corresponding decryption information, and then perform corresponding processing on the picture.

In specific implementation, after the user terminal obtains a target picture to be encrypted, the target picture may be converted into a file stream array, and the blank space in the file stream array is removed to obtain a character string corresponding to the target picture. For example, the user terminal may convert the target picture into a byte array by Base64, and convert the byte array into a character string without blank spaces, so as to obtain a character string corresponding to the target picture and a total number of characters in the character string, and further convert the picture into the corresponding character string, thereby facilitating subsequent encryption processing corresponding to the character string, and ensuring the security of the picture.

Step 102, determining a segmentation ratio for the character string, and segmenting the character string into a first data group and a second data group according to the segmentation ratio;

after the character string corresponding to the target picture is obtained, a segmentation ratio corresponding to the target picture may be determined, and then the character string is segmented based on the segmentation ratio to obtain a corresponding first data group and a corresponding second data group. The different types of pictures may correspond to different segmentation ratios, specifically, the segmentation ratio for the target picture may be determined by obtaining the picture category of the target picture, for example, the picture category may be divided according to the use scene of the picture, including an authentication category corresponding to the authentication scene, an identification category corresponding to the image identification scene, a search category corresponding to the search scene, and the like, and the different picture categories may set corresponding segmentation ratios, and the authentication category corresponds to 6: 4. identification category correspondence 5: 5. the search category corresponds to 4:6, etc., as the present invention is not limited in this respect.

In a specific implementation, as for the segmentation ratio, the segmentation ratio may include a first ratio value and a corresponding second ratio value, and a sum value between the first ratio value and the second ratio value is 1, in the process of segmenting the character string, the total number of characters of the character string may be obtained first, then the first segmentation number may be calculated by using the first ratio value and the total number of characters, and the second segmentation number may be calculated by using the second ratio value and the total number of characters, then the characters corresponding to the first segmentation number may be extracted from the character string according to a sequence of the characters in the character string as a first data group, and the other characters except the first data group may be used as a second data group corresponding to the second segmentation number.

For example, assume a division ratio of 6: and 4, the corresponding division numbers can be respectively set as x and y, when the total number of the characters in the character string is z, and the character string before encryption is m, the division number x = z 0.6 and y = z-x, before encryption, the character string m can be divided into a group of data from 0 to x bits, and the rest is B group of data, so as to obtain two groups of data A and B. Specifically, assuming that the character string corresponding to the target picture is abcdefghij, the group a data may include abcdef, and the group B data may include ghij, etc., so that after the picture category to which the target picture belongs determines the corresponding division ratio, the character string corresponding to the picture may be divided according to the division ratio, on one hand, the picture category flexibly determines the division ratio, which may improve the security of the encryption method, and on the other hand, by dividing the character string, it is convenient to subsequently encrypt the divided data group, which further improves the security of the encryption method.

103, encrypting the first data group and the second data group according to the target IP address to generate a ciphertext corresponding to the target picture.

As for the target IP address, it may be an IP address of a device that stores or processes the target picture, such as an IP address of a server that receives the target picture. The target IP address may include a plurality of characters, and after the character string corresponding to the target picture is segmented to obtain the first data group and the second data group, the first data group and the second data group may be encrypted respectively according to the content included in the target IP address to obtain the ciphertext corresponding to the target picture.

In specific implementation, a numerical value and forward sequence information corresponding to each number in a target IP address can be obtained first, then a first data group and a second data group can be encrypted respectively according to the numerical value and the forward sequence information corresponding to each number, a first encrypted data group corresponding to the first data group and a second encrypted data group corresponding to the second data group are obtained, then the first encrypted data group and the second encrypted data group are exchanged and spliced, and a ciphertext corresponding to a target picture is generated.

For example, if the target IP address is 192.168.1.1, 4 numbers such as "192", "168", "1", etc. can be obtained according to the forward order information, and represent the numerical values such as 192, 168, 1, etc. respectively.

In the process of encrypting the data set, aiming at the first data set, determining a first character according to the sequence and forward sequence information of each character in the first data set, adding a first digit after the first character to generate a current intermediate data set, then determining a second character according to the sequence and forward sequence information of each character in the current intermediate data set, determining a second character according to the digit corresponding to a numerical value corresponding to a next digit in the target IP address in the current intermediate data set, adding a next digit after the second character to generate a new current intermediate data set, then continuing to execute the step of generating the new current intermediate data set according to the sequence and forward sequence information of each character in the current intermediate data set, determining a second character according to the digit corresponding to the next digit in the target IP address in the current intermediate data set, adding the next digit after the second character, and generating the first data set until all digits of the target IP address are combined with the first data set, and finishing encryption of the first data set; and aiming at the second data group, determining a third character according to the precedence order and the forward order information of each character in the second data group, wherein the digit number of the second data group corresponds to the numerical value corresponding to the first digit in the target IP address, adding the first digit after the third character to generate a current intermediate data group, then determining a fourth character according to the precedence order and the forward order information of each character in the current intermediate data group, wherein the digit number of the current intermediate data group corresponds to the numerical value corresponding to the next digit in the target IP address, adding the next digit after the fourth character, continuing to execute the step of generating a new current intermediate data group according to the precedence order and the forward order information of each character in the current intermediate data group, determining the fourth character according to the digit number of the current intermediate data group corresponding to the numerical value corresponding to the next digit in the target IP address, adding the next digit after the fourth character, and generating a second encrypted data group corresponding to the second data group until all the digits of the target IP address are combined with the second data group completely. After the first encrypted data group and the second encrypted data group are obtained, the positions of the first encrypted data group and the second encrypted data group can be exchanged and spliced to obtain a ciphertext corresponding to the target picture, so that data encryption of the target picture is realized.

It should be noted that, for the data set, it may be composed of different characters such as numbers, letters, chinese characters, symbols, etc., or may be composed of characters such as 0, 1, etc., and each character may be a single digit, for example, in "today's weather 10 cents", each chinese character may be a single digit, and each number is also a single digit, which is not limited by the present invention.

In one example, it is assumed that 192.168.1.1, the a-group data is first encrypted, 192 is spliced after the 192 th bit of the a-group data to generate data A1, 168 is spliced after the 168 th bit of the A1 data to generate data A2, 1 is spliced after the 1 st bit of the A2 data to generate data A3, 1 is spliced after the 1 st bit of the A3 data to obtain A4, A4 is obtained after the a-group data is encrypted, and B4 is obtained after the B-group data is encrypted together with the a-group data. After obtaining the encrypted A4 and B4, the two may be spliced after exchanging positions to obtain B4A4 (i.e., ciphertext), thereby completing the encryption of the target picture.

In the embodiment of the present invention, in addition to the target picture needing to be encrypted, information for decrypting the target picture may also be encrypted. Specifically, the second division number may be symmetrically encrypted using the first division number as a key to generate decryption information for a ciphertext, so that the security of decryption conditions may be improved by symmetrically encrypting the division numbers. After the target picture and the division numbers are encrypted, the encrypted ciphertext, the decryption information (the second division number), the key (the first division number) and the like can be sent to the corresponding server, so that the server decrypts the decryption information according to the key to obtain another division number, then decrypts the ciphertext according to the two different division numbers, and restores the ciphertext to obtain the target picture.

In a specific implementation, after obtaining the encrypted ciphertext, the decryption information, and the key, the server may decrypt the decryption information with the key (the first division number) to obtain a second division number corresponding to the first division number, then may use the total number and the second division number corresponding to each number in the target IP address to calculate a second target division number corresponding to the second division number, and divide the ciphertext with the second target division number to obtain a second encrypted data group, and use the remaining data as the first encrypted data group, then obtain reverse order information corresponding to each character in the target IP address, then may encrypt the first encrypted data group and the second encrypted data group respectively according to the value and the reverse order information corresponding to each character to obtain a first data group corresponding to the first data group and a second data group corresponding to the second data group, then combine the first data group and the second data group to obtain a character string, and restore the character string to the target picture.

It should be noted that, for the bit number calculation of the IP address, each number may be calculated by one bit, for example, assuming that the IP address is 192.168.1.1, the bit number of the IP address is 8; assuming that the IP address is 64.28.101.13, the number of bits of the IP address is 9, etc., which is not limited by the present invention.

Specifically, for the first encrypted data group, according to the sequence of each character in the first encrypted data group and the reverse sequence information of the target IP address, a first character is determined according to the number of bits corresponding to the value corresponding to the last number in the target IP address in the first encrypted data group, the last number is removed after the first character, a current intermediate data group is generated, then according to the sequence of each character in the current intermediate data group and the reverse sequence information, a second character is determined according to the number of bits corresponding to the value corresponding to the last number in the target IP address in the current intermediate data group, the last number is removed after the second character, a new current intermediate data group is generated, the sequence of each character in the current intermediate data group and the reverse sequence information are continuously executed, the number of bits corresponding to the value corresponding to the last number in the target IP address in the current intermediate data group is determined, the second character is removed after the second character, a new current intermediate data group is generated, the sequence of each character in the current intermediate data group and the reverse sequence information of each character are continuously executed, and all steps of the first encrypted data group corresponding to the last number in the target IP address are obtained until all steps of the encrypted data group are completed.

For the second encrypted data set, a third character may be determined according to the sequence of each character in the second encrypted data set and the reverse sequence information of the target IP address, the last digit may be removed after the third character to generate a current intermediate data set, then according to the sequence of each character in the current intermediate data set and the reverse sequence information, a fourth character may be determined according to the number of digits corresponding to the last digit in the target IP address in the current intermediate data set, the last digit may be removed after the fourth character to generate a new current intermediate data set, and the steps of determining the fourth character according to the sequence of each character in the current intermediate data set and the reverse sequence information, determining the fourth character according to the number of digits corresponding to the last digit in the target IP address in the current intermediate data set, removing the last digit after the fourth character to generate a new current intermediate data set may be performed until all digits associated with the target IP address in the second encrypted data set are removed to obtain the second data set.

In one example, assuming that the server obtains the key as a split number x, the ciphertext as C, and the split number and, then, the split number y may be obtained by first symmetrically decrypting the split number y with x as the key. Then, the local IP of the server can be obtained, and the division number y and the IP address before encryption can be obtained. The division numbers can then be added according to the number of IP bits, when the sum of the number of IP address bits is 10 bits, that is, when the division number becomes y1= y +10, then the encrypted data C is divided according to y1, because the decryption process is completely opposite to the encryption process, and C is formed by exchanging and splicing the two groups of data a and B after encryption, so that the division is A4= (C from 0 to y 1), and B4= (all characters from y1 to the end) two groups of data. After the encrypted A group data and B group data are obtained, decryption can be further carried out according to the IP address, the decryption process is completely opposite to the encryption process, starting from the last group data of the IP address, A3 is obtained by removing '1' after the 1 st bit of A4, A2 is obtained by removing '1' after the 1 st bit of A3, A1 is obtained by removing '168' after the 168 th bit of A2, A is obtained by removing 192 after the 192 th bit of A1, and the B group data are decrypted with the A group to obtain A. And then, the two groups of data A and B are spliced in an exchange manner to obtain encrypted data C, and the decrypted data C is converted into a picture to be output, so that the target picture is decrypted.

It should be noted that the embodiment of the present invention includes but is not limited to the above examples, and it is understood that, under the guidance of the idea of the embodiment of the present invention, a person skilled in the art may also set the method according to actual requirements, and the present invention is not limited to this.

In order to make the technical solutions of the embodiments of the present invention better understood by those skilled in the art, the following is an exemplary illustration by an example:

referring to fig. 2, which is a schematic diagram illustrating encrypted transmission of a picture provided in an embodiment of the present invention, a user terminal may encrypt a picture that needs to be encrypted and then send the encrypted picture to a server, so that the server stores the decrypted picture, and the like. Specifically, for the encryption process, it may be:

1: assuming that one picture is converted into a character array and then is abcdefghij, and the total number of the characters is 10;

2: two groups of data are divided into abcdef (A) and ghij (B) through a golden ratio (64 in the embodiment);

3: obtaining that the IP of a server to be uploaded is 3.2.1.4 (convenience for exposition test), segmenting into 3, 2, 1 and 4, adding 3- > to obtain new data abc3def after the third bit of the data A, and adding 2- > to obtain new data ab2c3def after the second bit of the new data abc 3def; then 1- > is added after the first bit of the new data ab2c3def to obtain new data a1b2c3def; then 4- > is added after the fourth bit of the new data a1b2c3def resulting in the new data being a1b24c3def. For the group B data, the encryption process can be the same as that of the group A to obtain g1h24i3j;

4: exchanging and splicing the two groups of AB data to generate a ciphertext g1h24i3ja1b24c3def;

5: the division number 4 is AES-encrypted with 6 as a key to obtain m.

For the decryption process, the server may receive the ciphertext g1h24i3ja1b24c3def sent by the user terminal, the split number m, and the key is 6, and then may perform the following process:

1: performing AES decryption on m by taking 6 as a secret key to obtain a division number before encryption and obtain a local IP address of the server;

2: at this time, the number of IP bits is 4 (see the rule for calculating IP bits in fig. 3), so the division number is 4+4=8. Dividing the ciphertext into two groups of data, g1h24i3j (A) and a1B24c3def (B);

3: the decryption process is completely opposite to the encryption process, and the ip is 4, 1, 2 and 3 in an opposite way;

subtracting 4 < - > from the fourth bit of the data A to obtain new data g1h2i3j; then subtracting 1- > from the first bit of the new data g1h2i3j to obtain a new data gh2i3j; then 2-is subtracted after the second bit of the new data gh2i3j to obtain a new data ghi3j; subtracting 3- > from the third bit of the new data ghi3j to obtain a new data ghij; finally, decrypted data A = ghij is obtained, and the data of the B group is obtained abcdef in the same way;

4: the AB two groups of data are spliced in an exchange manner to form abcdefghij;

5: and converting the decrypted data into pictures for outputting.

Through the process, in the process of encrypting the picture, on one hand, the picture is divided according to the division ratio to obtain the corresponding data set and then encrypted, so that the encryption safety of the picture is improved, on the other hand, the divided data set is encrypted through the IP address, so that the same file obtains different encryption results under different IP addresses, the irregularity of data encryption is improved, and the encryption safety of the picture is further improved.

It should be noted that, for simplicity of description, the method embodiments are described as a series of acts or combination of acts, but those skilled in the art will recognize that the present invention is not limited by the illustrated order of acts, as some steps may occur in other orders or concurrently in accordance with the embodiments of the present invention. Further, those of skill in the art will appreciate that the embodiments described in the specification are presently preferred and that no particular act is required to implement the embodiments of the invention.

Referring to fig. 3, a block diagram of a structure of an encryption apparatus for pictures provided in the embodiment of the present invention is shown, which specifically includes the following modules:

the picture conversion module 301 is configured to, in response to a data encryption instruction, obtain a target picture and a target IP address that correspond to the data encryption instruction, and convert the picture into a character string;

a character string segmentation module 302, configured to determine a segmentation ratio for the character string, and segment the character string into a first data group and a second data group according to the segmentation ratio;

a data encryption module 303, configured to encrypt the first data group and the second data group according to the target IP address, and generate a ciphertext corresponding to the target picture.

In an optional embodiment, the segmentation scale at least includes a first scale value and a second scale value corresponding to the first scale value, and the string segmentation module 302 is specifically configured to:

acquiring the total number of the characters of the character string;

In an optional embodiment, the destination IP address includes a plurality of numbers, and the data encryption module 303 is specifically configured to:

acquiring numerical values and forward sequence information corresponding to all the numbers in the target IP address;

In an optional embodiment, the data encryption module 303 is specifically configured to:

executing the step of determining a second character according to the sequence of each character in the current intermediate data group and the forward sequence information, and adding the next number after the second character to generate a new current intermediate data group, wherein the execution is stopped until all numbers of the target IP address are combined with the first data group, and a first encrypted data group corresponding to the first data group is generated;

determining a fourth character according to the sequence of each character in the current intermediate data group and the forward sequence information, wherein the fourth character is determined by the number of bits corresponding to the numerical value corresponding to the next number in the target IP address in the current intermediate data group, and the next number is added after the fourth character;

In an optional embodiment, further comprising:

In an optional embodiment, the picture conversion module 301 is specifically configured to:

In an alternative embodiment, further comprising:

the data group decryption module is used for respectively encrypting the first encrypted data group and the second encrypted data group according to the numerical value corresponding to each digit and the reverse sequence information to obtain a first data group corresponding to the first data group and a second data group corresponding to the second data group;

In an optional embodiment, the character string segmentation module 302 is specifically configured to:

For the device embodiment, since it is basically similar to the method embodiment, the description is simple, and for the relevant points, refer to the partial description of the method embodiment.

In addition, an embodiment of the present invention further provides an electronic device, including: the processor, the memory, and the computer program stored in the memory and capable of running on the processor, when executed by the processor, implement each process of the above-mentioned image encryption method embodiment, and can achieve the same technical effect, and in order to avoid repetition, details are not repeated here.

The embodiment of the present invention further provides a computer-readable storage medium, where a computer program is stored on the computer-readable storage medium, and when the computer program is executed by a processor, the computer program implements each process of the above-mentioned embodiment of the image encryption method, and can achieve the same technical effect, and in order to avoid repetition, details are not repeated here. The computer-readable storage medium may be a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk.

Fig. 4 is a schematic diagram of a hardware structure of an electronic device for implementing various embodiments of the present invention.

The electronic device 400 includes, but is not limited to: radio frequency unit 401, network module 402, audio output unit 403, input unit 404, sensor 405, display unit 406, user input unit 407, interface unit 408, memory 409, processor 410, and power supply 411. Those skilled in the art will appreciate that the electronic device configuration shown in fig. 4 does not constitute a limitation of the electronic device, and that the electronic device may include more or fewer components than shown, or some components may be combined, or a different arrangement of components. In the embodiment of the present invention, the electronic device includes, but is not limited to, a mobile phone, a tablet computer, a notebook computer, a palm computer, a vehicle-mounted terminal, a wearable device, a pedometer, and the like.

It should be understood that, in the embodiment of the present invention, the radio frequency unit 401 may be used for receiving and sending signals during a message sending and receiving process or a call process, and specifically, receives downlink data from a base station and then processes the received downlink data to the processor 410; in addition, the uplink data is transmitted to the base station. Typically, radio unit 401 includes, but is not limited to, an antenna, at least one amplifier, a transceiver, a coupler, a low noise amplifier, a duplexer, and the like. Further, the radio unit 401 can also communicate with a network and other devices through a wireless communication system.

The electronic device provides wireless broadband internet access to the user via the network module 402, such as assisting the user in sending and receiving e-mails, browsing web pages, and accessing streaming media.

The audio output unit 403 may convert audio data received by the radio frequency unit 401 or the network module 402 or stored in the memory 409 into an audio signal and output as sound. Also, the audio output unit 403 may also provide audio output related to a specific function performed by the electronic apparatus 400 (e.g., a call signal reception sound, a message reception sound, etc.). The audio output unit 403 includes a speaker, a buzzer, a receiver, and the like.

The input unit 404 is used to receive audio or video signals. The input Unit 404 may include a Graphics Processing Unit (GPU) 4041 and a microphone 4042, and the Graphics processor 4041 processes image data of a still picture or video obtained by an image capturing apparatus (such as a camera) in a video capture mode or an image capture mode. The processed image frames may be displayed on the display unit 406. The image frames processed by the graphic processor 4041 may be stored in the memory 409 (or other storage medium) or transmitted via the radio frequency unit 401 or the network module 402. The microphone 4042 may receive sound, and may be capable of processing such sound into audio data. The processed audio data may be converted into a format output transmittable to a mobile communication base station via the radio frequency unit 401 in case of the phone call mode.

The electronic device 400 also includes at least one sensor 405, such as light sensors, motion sensors, and other sensors. Specifically, the light sensor includes an ambient light sensor that can adjust the brightness of the display panel 4061 according to the brightness of ambient light, and a proximity sensor that can turn off the display panel 4061 and/or the backlight when the electronic device 400 is moved to the ear. As one type of motion sensor, an accelerometer sensor can detect the magnitude of acceleration in each direction (generally three axes), detect the magnitude and direction of gravity when stationary, and can be used to identify the posture of an electronic device (such as horizontal and vertical screen switching, related games, magnetometer posture calibration), and vibration identification related functions (such as pedometer, tapping); the sensors 405 may also include a fingerprint sensor, a pressure sensor, an iris sensor, a molecular sensor, a gyroscope, a barometer, a hygrometer, a thermometer, an infrared sensor, etc., which will not be described in detail herein.

The display unit 406 is used to display information input by the user or information provided to the user. The Display unit 406 may include a Display panel 4061, and the Display panel 4061 may be configured in the form of a Liquid Crystal Display (LCD), an Organic Light-Emitting Diode (OLED), or the like.

The user input unit 407 may be used to receive input numeric or character information and generate key signal inputs related to user settings and function control of the electronic device. Specifically, the user input unit 407 includes a touch panel 4071 and other input devices 4072. Touch panel 4071, also referred to as a touch screen, may collect touch operations by a user on or near it (e.g., operations by a user on or near touch panel 4071 using a finger, a stylus, or any suitable object or attachment). The touch panel 4071 may include two parts, a touch detection device and a touch controller. The touch detection device detects the touch direction of a user, detects a signal brought by touch operation and transmits the signal to the touch controller; the touch controller receives touch information from the touch sensing device, converts the touch information into touch point coordinates, sends the touch point coordinates to the processor 410, receives a command from the processor 410, and executes the command. In addition, the touch panel 4071 can be implemented by using various types such as a resistive type, a capacitive type, an infrared ray, and a surface acoustic wave. In addition to the touch panel 4071, the user input unit 407 may include other input devices 4072. Specifically, the other input devices 4072 may include, but are not limited to, a physical keyboard, function keys (such as volume control keys, switch keys, etc.), a trackball, a mouse, and a joystick, which are not described herein again.

Further, the touch panel 4071 can be overlaid on the display panel 4061, and when the touch panel 4071 detects a touch operation thereon or nearby, the touch operation is transmitted to the processor 410 to determine the type of the touch event, and then the processor 410 provides a corresponding visual output on the display panel 4061 according to the type of the touch event. Although in fig. 4, the touch panel 4071 and the display panel 4061 are two independent components to implement the input and output functions of the electronic apparatus, in some embodiments, the touch panel 4071 and the display panel 4061 may be integrated to implement the input and output functions of the electronic apparatus, which is not limited herein.

The interface unit 408 is an interface for connecting an external device to the electronic apparatus 400. For example, the external device may include a wired or wireless headset port, an external power supply (or battery charger) port, a wired or wireless data port, a memory card port, a port for connecting a device having an identification module, an audio input/output (I/O) port, a video I/O port, an earphone port, and the like. The interface unit 408 may be used to receive input (e.g., data information, power, etc.) from an external device and transmit the received input to one or more elements within the electronic apparatus 400 or may be used to transmit data between the electronic apparatus 400 and an external device.

The memory 409 may be used to store software programs as well as various data. The memory 409 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function (such as a sound playing function, an image playing function, etc.), and the like; the storage data area may store data (such as audio data, a phonebook, etc.) created according to the use of the cellular phone, and the like. Further, the memory 409 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device.

The processor 410 is a control center of the electronic device, connects various parts of the entire electronic device using various interfaces and lines, performs various functions of the electronic device and processes data by operating or executing software programs and/or modules stored in the memory 409 and calling data stored in the memory 409, thereby integrally monitoring the electronic device. Processor 410 may include one or more processing units; preferably, the processor 410 may integrate an application processor, which mainly handles operating systems, user interfaces, application programs, etc., and a modem processor, which mainly handles wireless communications. It will be appreciated that the modem processor described above may not be integrated into the processor 410.

The electronic device 400 may further include a power supply 411 (e.g., a battery) for supplying power to various components, and preferably, the power supply 411 may be logically connected to the processor 410 through a power management system, so as to implement functions of managing charging, discharging, and power consumption through the power management system.

In addition, the electronic device 400 includes some functional modules that are not shown, and are not described in detail herein.

It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one of 8230, and" comprising 8230does not exclude the presence of additional like elements in a process, method, article, or apparatus comprising the element.

Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solutions of the present invention or portions thereof contributing to the prior art may be embodied in the form of a software product, which is stored in a storage medium (such as ROM/RAM, magnetic disk, optical disk) and includes instructions for enabling a terminal (such as a mobile phone, a computer, a server, an air conditioner, or a network device) to execute the methods according to the embodiments of the present invention.

While the present invention has been described with reference to the embodiments shown in the drawings, the present invention is not limited to the embodiments, which are illustrative and not restrictive, and it will be apparent to those skilled in the art that various changes and modifications can be made therein without departing from the spirit and scope of the invention as defined in the appended claims.

Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.

It can be clearly understood by those skilled in the art that, for convenience and simplicity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.

In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.

The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.

In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit.

The functions may be stored in a computer-readable storage medium if they are implemented in the form of software functional units and sold or used as separate products. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: various media capable of storing program codes, such as a U disk, a removable hard disk, a ROM, a RAM, a magnetic disk, or an optical disk.

The above description is only for the specific embodiments of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily think of the changes or substitutions within the technical scope of the present invention, and shall cover the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.

Claims

1. A picture encryption method is characterized by comprising the following steps:

determining a segmentation ratio for the character string, and segmenting the character string into a first data group and a second data group according to the segmentation ratio;

2. The method of claim 1, wherein the dividing ratio at least includes a first ratio value and a second ratio value corresponding to the first ratio value, and the dividing the character string into a first data group and a second data group according to the dividing ratio comprises:

acquiring the total number of the characters of the character string;

3. The method according to claim 2, wherein the target IP address includes a plurality of numbers, and the encrypting the first data group and the second data group according to the target IP address to generate a ciphertext corresponding to the target picture comprises:

encrypting the first data group and the second data group according to the numerical values corresponding to the numbers and the forward sequence information respectively to obtain a first encrypted data group corresponding to the first data group and a second encrypted data group corresponding to the second data group;

4. The method according to claim 3, wherein the encrypting the first data set and the second data set according to the numerical value and the forward sequence information corresponding to each first number to obtain a first encrypted data set corresponding to the first data set and a second encrypted data set corresponding to the second data set comprises:

5. The method of claim 3, further comprising:

6. The method according to claim 2, wherein the converting the target picture into a character string comprises:

7. The method of claim 5, further comprising:

calculating a second target division number corresponding to the second division number by adopting the total number of digits corresponding to each number in the target IP address and the second division number, dividing the ciphertext by adopting the second target division number to obtain a second encrypted data group, and taking the rest data as a first encrypted data group;

and combining the first data group and the second data group to obtain the numeric string, and restoring the numeric string into the target picture.

8. The method of claim 1, wherein the determining a segmentation scale for the string comprises:

9. An apparatus for encrypting a picture, comprising:

10. An electronic device, comprising a processor, a communication interface, a memory and a communication bus, wherein the processor, the communication interface and the memory communicate with each other via the communication bus;

the memory is used for storing a computer program;

the processor, when executing a program stored on the memory, implementing the method of any of claims 1-8.

11. A computer-readable storage medium having stored thereon instructions, which when executed by one or more processors, cause the processors to perform the method of any one of claims 1-8.