CN115589286A

CN115589286A - Data encryption and decryption method and device, electronic equipment and storage medium

Info

Publication number: CN115589286A
Application number: CN202211124858.XA
Authority: CN
Inventors: 王乾; 孙科; 赵轶新
Original assignee: China Telecom Corp Ltd
Current assignee: China Telecom Corp Ltd
Priority date: 2022-09-15
Filing date: 2022-09-15
Publication date: 2023-01-10
Anticipated expiration: 2042-09-15
Also published as: CN115589286B

Abstract

The embodiment of the invention provides a data encryption and decryption method, a data encryption and decryption device, electronic equipment and a storage medium, wherein the subdata to be encrypted, which is sent by second equipment, is received; extracting subdata to be encrypted from the data to be encrypted according to a preset rule; determining a first target system and a second target system through the subdata to be encrypted; converting data to be encrypted into a first encryption character string through a first target system, and generating a public key through the first encryption character string; converting the data to be encrypted into a second encryption character string through a second target system, and generating a private key through the second encryption character string; the private key is adopted to decrypt the ciphertext and restore the ciphertext into the data to be encrypted, so that the encrypted data is prevented from being encrypted in a symmetric encryption mode, meanwhile, the key is prevented from being displayed in a plaintext, and the safety of the data is improved.

Description

Data encryption and decryption method and device, electronic equipment and storage medium

Technical Field

The present invention relates to the field of data encryption and decryption technologies, and in particular, to a data encryption and decryption method, a data encryption and decryption apparatus, an electronic device, and a computer-readable storage medium.

Background

With the continuous development of network technology, network security is an important part of the network production process, and parameter encryption or data encryption is a common security means in the data transmission process. However, the related art often employs symmetric encryption and displays the key in plain text, which reduces security for data.

Disclosure of Invention

The embodiment of the invention provides a data encryption and decryption method, a data encryption and decryption device, electronic equipment and a computer readable storage medium, and aims to solve the problem of improving the security of data.

The embodiment of the invention discloses a data encryption and decryption method, which is applied to first equipment, wherein the first equipment is provided with corresponding second equipment, the second equipment is used for extracting subdata to be encrypted from data to be encrypted according to a preset rule and sending the subdata to be encrypted to the first equipment, and the method can comprise the following steps:

receiving the subdata to be encrypted, which is sent by the second equipment;

extracting subdata to be encrypted from the data to be encrypted according to a preset rule;

determining a first target system and a second target system according to the to-be-encrypted subdata;

converting the data to be encrypted into a first encryption character string through the first target system, and generating a public key through the first encryption character string;

converting the data to be encrypted into a second encryption character string through the second target system, and generating a private key through the second encryption character string;

sending the public key to the second device; the second device is used for encrypting the data to be encrypted by adopting the public key and generating a ciphertext; the second device is also used for sending the ciphertext to the first device;

and decrypting the ciphertext by adopting the private key, and restoring the ciphertext into the data to be encrypted.

Optionally, before the step of sending the public key to the second device, the method may further include:

generating a decryption identifier for the private key through the to-be-encrypted subdata; the private key and the decryption identification have a first association relation;

and sending the decryption identification to the second equipment.

Optionally, the ciphertext and the decryption identifier have a second association relationship, and the decrypting the ciphertext with the private key and restoring the ciphertext to the data to be encrypted may include:

determining a target private key for the ciphertext according to the first incidence relation and the second incidence relation;

and decrypting the ciphertext by adopting the target private key, and restoring the ciphertext into the data to be encrypted.

Optionally, the step of converting the data to be encrypted into a first encryption string through the first target system, and generating a public key through the first encryption string may include:

generating a first random number;

determining a third target system by using the first random number and the first target system;

and converting the data to be encrypted into a first encryption character string by adopting the third target system, and generating a public key through the first encryption character string.

Optionally, the step of converting the data to be encrypted into a second encrypted string through the second target system, and generating a private key through the second encrypted string may include:

generating a second random number;

determining a fourth target system by using the second random number and the second target system;

and converting the data to be encrypted into a second encryption character string by adopting the fourth target system, and generating a private key through the second encryption character string.

Optionally, the first device is configured with a scale pool for translating scales.

The embodiment of the invention also discloses a data encryption and decryption method, which is applied to a second device, wherein the second device is provided with a corresponding first device, and the method can comprise the following steps:

sending the subdata to be encrypted to the first equipment; the first device is used for receiving the subdata to be encrypted, which is sent by the second device; determining a first target system and a second target system according to the to-be-encrypted subdata; converting the data to be encrypted into a first encryption character string through the first target system, and generating a public key through the first encryption character string; converting the data to be encrypted into a second encryption character string through the second target system, and generating a private key through the second encryption character string; sending the public key to the second device;

encrypting the data to be encrypted by adopting the public key and generating a ciphertext;

sending the ciphertext to a first device; the first device is further configured to decrypt the ciphertext by using the private key, and restore the ciphertext to the data to be encrypted.

Optionally, the first device is configured to generate, by using the to-be-encrypted sub data, a decryption identifier for the private key, and send the decryption identifier to the second device, where the private key and the decryption identifier have a first association relationship, and the method may further include:

receiving a decryption identification transmitted by the first device.

Optionally, the ciphertext and the decryption identifier may have a second association relationship, and the first device is configured to determine a target private key for the ciphertext by using the first association relationship and the second association relationship, decrypt the ciphertext by using the target private key, and restore the ciphertext to the data to be encrypted.

The embodiment of the present invention further discloses a data encryption and decryption apparatus, where the apparatus is applied to a first device, the first device has a corresponding second device, and the second device is configured to extract sub-data to be encrypted from data to be encrypted according to a preset rule, and send the sub-data to be encrypted to the first device, and the apparatus may include:

a request encryption information receiving module, configured to receive the to-be-encrypted sub data sent by the second device;

the encrypted subdata extracting module is used for extracting subdata to be encrypted from the data to be encrypted according to a preset rule;

the first target system determining module is used for determining a first target system and a second target system through the to-be-encrypted subdata;

the public key generation module is used for converting the data to be encrypted into a first encryption character string through the first target system and generating a public key through the first encryption character string;

the private key generation module is used for converting the data to be encrypted into a second encryption character string through the second target system and generating a private key through the second encryption character string;

a public key sending module, configured to send the public key to the second device; the second device is used for encrypting the data to be encrypted by adopting the public key and generating a ciphertext; the second device is also used for sending the ciphertext to the first device;

and the ciphertext decryption module is used for decrypting the ciphertext by adopting the private key and restoring the ciphertext into the data to be encrypted.

Optionally, the method may further include:

a decryption identifier generating module, configured to generate a decryption identifier for the private key through the to-be-encrypted sub data; the private key and the decryption identification have a first association relation;

and the decryption identifier sending module is used for sending the decryption identifier to the second equipment.

Optionally, the ciphertext and the decryption identifier have a second association relationship, and the ciphertext decryption module may include:

a target private key determining submodule, configured to determine a target private key for the ciphertext by using the first association relationship and the second association relationship;

and the ciphertext decryption submodule is used for decrypting the ciphertext by adopting the target private key and restoring the ciphertext into the data to be encrypted.

Optionally, the public key generation module may include:

a first random number generation submodule for generating a first random number;

a third target system determining submodule, configured to determine a third target system by using the first random number and the first target system;

and the public key generation submodule is used for converting the data to be encrypted into a first encryption character string by adopting the third target system and generating a public key through the first encryption character string.

Optionally, the private key generating module may include:

a second random number generation submodule for generating a second random number;

a fourth target system determining submodule, configured to determine a fourth target system by using the second random number and the second target system;

and the private key generation sub-module is used for converting the data to be encrypted into a second encryption character string by adopting the fourth target system and generating a private key through the second encryption character string.

Optionally, the first device may be configured with a scale pool for translating scales.

The embodiment of the invention also discloses a data encryption and decryption device, which is applied to a second device, wherein the second device is provided with a corresponding first device, and the device can comprise:

the request encryption information generation module is used for extracting the subdata to be encrypted from the data to be encrypted according to a preset rule;

the request encryption information sending module is used for sending the subdata to be encrypted to the first equipment; the first device is used for receiving the subdata to be encrypted, which is sent by the second device; determining a first target system and a second target system according to the to-be-encrypted subdata; converting the data to be encrypted into a first encryption character string through the first target system, and generating a public key through the first encryption character string; converting the data to be encrypted into a second encryption character string through the second target system, and generating a private key through the second encryption character string; sending the public key to the second device;

the ciphertext generating module is used for encrypting the data to be encrypted by adopting the public key and generating a ciphertext;

the ciphertext sending module is used for sending the ciphertext to the first equipment; the first device is further configured to decrypt the ciphertext by using the private key, and restore the ciphertext to the data to be encrypted.

Optionally, the first device is configured to generate, by using the to-be-encrypted sub data, a decryption identifier for the private key, and send the decryption identifier to the second device, where the private key and the decryption identifier have a first association relationship, and the apparatus may further include:

and the decryption identifier sending module is used for receiving the decryption identifier sent by the first equipment.

The embodiment of the invention also discloses electronic equipment which comprises a processor, a communication interface, a memory and a communication bus, wherein the processor, the communication interface and the memory finish mutual communication through the communication bus;

the memory is used for storing a computer program;

the processor is configured to implement the method according to the embodiment of the present invention when executing the program stored in the memory.

Also disclosed is a computer-readable storage medium having instructions stored thereon, which, when executed by one or more processors, cause the processors to perform a method according to an embodiment of the invention.

The embodiment of the invention has the following advantages:

in the embodiment of the invention, the subdata to be encrypted sent by the second equipment is received; extracting subdata to be encrypted from the data to be encrypted according to a preset rule; determining a first target system and a second target system through the subdata to be encrypted; converting data to be encrypted into a first encryption character string through a first target system, and generating a public key through the first encryption character string; converting the data to be encrypted into a second encryption character string through a second target system, and generating a private key through the second encryption character string; the private key is adopted to decrypt the ciphertext and restore the ciphertext into the data to be encrypted, so that the encryption of the encrypted data in a symmetric encryption mode is avoided, meanwhile, the key is prevented from being displayed in a plaintext, and the security of the data is improved.

Drawings

Fig. 1 is a schematic structural diagram of a first device and a second device provided in an embodiment of the present invention;

FIG. 2 is a flowchart illustrating steps of a data encryption/decryption method according to an embodiment of the present invention;

FIG. 3 is a flow chart of steps of another data encryption and decryption method provided in an embodiment of the present invention;

FIG. 4 is a flow chart illustrating steps of a further method for encrypting and decrypting data according to an embodiment of the present invention;

FIG. 5 is a flowchart illustrating steps of a data encryption/decryption method according to a second embodiment of the present invention;

fig. 6 is a block diagram of a data encryption and decryption apparatus according to a third embodiment of the present invention;

fig. 7 is a block diagram of a data encryption/decryption apparatus according to a fourth embodiment of the present invention;

fig. 8 is a block diagram of a hardware structure of an electronic device provided in each embodiment of the present invention.

Detailed Description

In order to make the aforementioned objects, features and advantages of the present invention comprehensible, embodiments accompanied with figures are described in further detail below.

In practical applications, with the continuous development of network technologies, network security is an important part of the network production process, and parameter encryption or data encryption is a common security means in the data transmission process. In the traditional telecommunication industry, a mobile phone number is often a carrier of various information of a user, and a large amount of information of the user can be obtained by obtaining the mobile phone number of the user, most of encryption algorithms adopted by related technologies are uniform encryption methods, and encryption keys are almost dynamic and unchangeable, so that the protection of the telecommunication industry on user private data cannot be adapted.

The data encryption and decryption method provided by the embodiment of the invention can be applied to the application environment shown in fig. 1. Wherein the first device 102 communicates with the second device 104 over a network. Specifically, the first device 102 may receive request encryption information sent by the second device 104, and data to be encrypted corresponding to the request encryption information; the first device 102 may extract the sub-data to be encrypted from the data to be encrypted according to a preset rule; the first device 102 may determine a first target system and a second target system through the sub-data to be encrypted; the first device 102 may convert the data to be encrypted into a first encrypted character string through the first target system, and generate a public key through the first encrypted character string; the first device 102 may convert the data to be encrypted into a second encrypted character string through the second target system, and generate a private key through the second encrypted character string; the first device 102 may send the public key to the second device 104; the second device 104 may be configured to encrypt the data to be encrypted by using the public key and generate a ciphertext; the second device 104 may also be configured to send the ciphertext to the first device 102; the first device 102 may decrypt the ciphertext using the private key and restore the ciphertext to the data to be encrypted.

In practical applications, the terminal device 102 may include, but is not limited to, a decryption server, and the second device 104 may be a data encryption device.

Example one

Referring to fig. 2, a flowchart illustrating steps of a data encryption and decryption method provided in a first embodiment of the present invention is shown, which may specifically include the following steps:

step 201, receiving the subdata to be encrypted sent by the second device;

step 202, extracting subdata to be encrypted from the data to be encrypted according to a preset rule;

step 203, determining a first target system and a second target system according to the to-be-encrypted subdata;

step 204, converting the data to be encrypted into a first encryption character string through the first target system, and generating a public key through the first encryption character string;

step 205, converting the data to be encrypted into a second encrypted character string through the second target system, and generating a private key through the second encrypted character string;

step 206, sending the public key to the second device; the second device is used for encrypting the data to be encrypted by adopting the public key and generating a ciphertext; the second device is also used for sending the ciphertext to the first device;

and step 207, decrypting the ciphertext by using the private key, and restoring the ciphertext into the data to be encrypted.

In a specific implementation, the first device of the embodiment of the present invention may be a decryption device, for example, a decryption server, and the second device may be an encryption device.

In the embodiment of the present invention, the second device may generate the request encryption information, where the request encryption information has corresponding data to be encrypted, and the second device may further respond to the request encryption information, extract sub-data to be encrypted from the data to be encrypted according to a preset rule, and then may send the request encryption information and the sub-encryption data to the first device, for example, the second device may obtain a mobile phone number of the user, and when the user has a requirement for encrypting the mobile phone number, the second device may generate the request encryption information corresponding to the mobile phone number, assuming that the mobile phone number of the user is 19110411217, the second device may respond to the request encryption information, extract last four bits "1217" of 19110411217 as sub-data to be encrypted, and send the request encryption information and the sub-data "1217" to be encrypted to the first device.

Of course, the above examples are merely examples, and those skilled in the art may extract any number of digits as the sub data to be encrypted, and the embodiments of the present invention are not limited thereto.

After extracting the sub-data to be encrypted, the first device according to the embodiment of the present invention may generate a key for the data to be encrypted in response to the request encryption information, and specifically, may determine the first target system and the second target system through the sub-data to be encrypted. Optionally, the first target bin and the second target bin are any bins from 2 to 36.

For example, assuming that the mobile phone number of the user is 19110411217, the second device may respond to the request encryption information, extract the last four bits "1217" of 19110411217 as the sub data to be encrypted, and send the sub data to be encrypted to the first device; assuming that the first bit a =1, the second bit B =2, the third bit c =1, and the fourth bit d =7 of the sub-data 1217 ″ to be encrypted, the first device may determine that the first target bin (public key bin) a =1*1+ (1+1) =3, and the second target bin (private key bin) B =2*7+ (2+7) =23.

Of course, the above example is only an example, and a person skilled in the art may implement determining the first target system and the second target system through the sub data to be encrypted by using other algorithms, which is not limited in the embodiment of the present invention.

The symmetric encryption algorithm uses the same secret key in encryption and decryption; the asymmetric encryption algorithm needs two keys, namely, a public key (public key) and a private key (private key) for encryption and decryption.

Unlike symmetric encryption algorithms, asymmetric encryption algorithms require two keys: public key (publickey) and private key (privatekey). The public key and the private key are a pair, and if the public key is used for encrypting data, only the corresponding private key can be used for decrypting the data; if the data is encrypted with a private key, it can only be decrypted with the corresponding public key. This algorithm is called asymmetric encryption algorithm because two different keys are used for encryption and decryption.

The encryption and decryption process of data is controlled by the cryptosystem and the key. The security of the cryptosystem depends on the security of the key, and modern cryptography does not pursue the confidentiality of the encryption algorithm, but rather pursues the completeness of the encryption algorithm, namely: so that an attacker has no way to find a breach from the algorithm without knowing the key. The decryption (encryption) key can be simply obtained based on whether the encryption/decryption algorithm uses the same key or whether the encryption/decryption algorithm uses the same key. Cryptosystems can be divided into symmetric cryptosystems and asymmetric cryptosystems.

The asymmetric cryptosystem is also called as a public key encryption technology, and the technology is proposed aiming at the defects of a private key cryptosystem (a symmetric encryption algorithm). Different from a symmetric cryptosystem, in a public key encryption system, encryption and decryption are relatively independent, two different keys are used for encryption and decryption, an encryption key (a public key) is disclosed to the public, and can be used by anyone, a decryption key (a secret key) is only known by a decryption person, and an illegal user cannot calculate the decryption key according to the disclosed encryption key, so that the information protection strength is greatly enhanced. The public key cryptosystem not only solves the problem of key distribution, but also provides a means for signature and authentication.

After the first target system is determined, the embodiment of the invention can convert the data to be encrypted into the first encryption character string through the first target system, and generate the public key through the first encryption character string.

For example, assuming that the mobile phone number of the user is 19110411217, the second device may respond to the request encryption information, extract the last four bits "1217" of 19110411217 as the sub data to be encrypted, and send the sub data to be encrypted to the first device; assuming that the first bit a =1, the second bit b =2, the third bit c =1, and the fourth bit d =7 of the sub-data 1217 "to be encrypted, the first device may determine that the first target binary (public key binary) a =1*1+ (1+1) =3, and the first device may further perform 3-ary conversion on 19110411217 to generate a character string" 1211022211121110212001 "as the first encrypted character string, and may generate a public key" G1211022211121110212001 "for its configuration identifier" G "in order to distinguish it from the private key.

After the second target system is determined, the embodiment of the invention can convert the data to be encrypted into the second encryption character string through the second target system, and generate the private key through the second encryption character string.

For example, assuming that the mobile phone number of the user is 19110411217, the second device may respond to the request encryption information, extract the last four bits "1217" of 19110411217 as the sub data to be encrypted, and send the sub data to be encrypted to the first device; assuming that the first bit a =1, the second bit B =2, the third bit c =1, and the fourth bit d =7 of the sub-data 1217 "to be encrypted, the first device may determine that the second target binary (private key binary) B =2*7+ (2+7) =23, and at the same time, the first device may perform 23-ary conversion on 19110411217 to generate the character string" 5e235g15 "as the second encrypted character string, and may generate the private key" S5e235g15 "for its configuration identifier" S "in order to distinguish it from the public key.

After the public key and the private key are generated, the embodiment of the invention can send the public key to the second device, the second device can encrypt data to be encrypted by adopting the public key and generate a ciphertext, when the ciphertext needs to be decrypted, the second device can send the ciphertext to the first device, and the first device can decrypt the ciphertext by adopting the private key and restore the ciphertext into the data to be encrypted.

On the basis of the above-described embodiment, a modified embodiment of the above-described embodiment is proposed, and it is to be noted herein that, in order to make the description brief, only the differences from the above-described embodiment are described in the modified embodiment.

In an optional embodiment of the present invention, before the step of sending the public key to the second device, the method further includes:

generating a decryption identifier for the private key through the to-be-encrypted subdata; the private key and the decryption identifier have a first association relation;

sending the decryption identification to the second device;

the ciphertext and the decryption identifier have a second association relationship, and the step of decrypting the ciphertext by using the private key and restoring the ciphertext into the data to be encrypted comprises the following steps of:

In practical application, the first device and the second device encrypt and decrypt more than one piece of data to be encrypted under normal conditions, so that the embodiment of the present invention may first generate, by using the first device, a decryption identifier having a first association relationship with a private key for the private key through the sub-data to be encrypted before sending the public key to the second device, and then the first device may send the decryption identifier to the second device, and the second device may receive the decryption identifier sent by the first device, and after generating a ciphertext having a second association relationship with the decryption identifier, the second device may package the ciphertext and the decryption identifier together and send the ciphertext to the first device, and the first device may determine a target private key from the multiple keys through the second association relationship between the decryption identifier and the ciphertext and the first association relationship between the decryption identifier and the private key, and decrypt the ciphertext through the target private key.

In a specific implementation, the decryption identifier may be a key-value pair, where the key-value is intended to mean a key and a value, and is usually used as a key-value pair in computer applications, and the value may be a value in a key-value pair, so that, in the embodiment of the present invention, a private key may be used as a value, and when a target private key is determined, the target private key may be determined from multiple private keys by using the value as a first association relationship, and the key may be a public key, or may be another value that can be used to establish a second association relationship.

In the embodiment of the present invention, before the step of sending the public key to the second device, a decryption identifier for the private key is generated by the to-be-encrypted sub-data; the private key and the decryption identifier have a first association relation; sending the decryption identification to the second device; the ciphertext and the decryption identifier have a second association relationship, and a target private key for the ciphertext is determined by adopting the first association relationship and the second association relationship; the target private key is adopted to decrypt the ciphertext and restore the ciphertext into the data to be encrypted, so that the private key corresponding to the ciphertext can be ensured to be quickly determined when a plurality of data to be encrypted are encrypted and decrypted, and the efficiency of decrypting the encrypted data is improved.

In an optional embodiment of the present invention, the step of converting the data to be encrypted into a first encryption string through the first target system, and generating a public key through the first encryption string includes:

generating a first random number;

In practical application, the related art encrypts data in a mode of "fixed key", for example, when the same mobile phone number is encrypted each time, the generated keys are the same, that is, a mechanism for updating the keys in the prior art cannot adapt to the security level required by the encryption of the mobile phone number, so that the embodiment of the present invention can generate a first random number, determine a third target system by using the first random number and the first target system, convert the data to be encrypted into a first encrypted character string by using the third target system, and generate a public key by using the first encrypted character string.

For example, assuming that the mobile phone number of the user is 19110411217, the second device may respond to the request encryption information, extract the last four bits "1217" of 19110411217 as the sub data to be encrypted, and send the sub data to be encrypted to the first device; assuming that the first bit a =1, the second bit b =2, the third bit c =1, and the fourth bit d =7 of the sub-data 1217 "to be encrypted, the first device may determine that the first target system (public key system) a =1*1+ (1+1) =3, and then generate the first random number 6,3+6=9, and the first device may further perform 9-ary transformation on 19110411217 to generate the character string" 54284543761 "as the first encryption character string, and may generate the public key" G54284543761 "for its configuration identifier" G "in order to distinguish it from the private key.

Of course, a person skilled in the art may determine the third target system by using the first random number and the first target system based on other algorithms, and the embodiment of the present invention is not limited thereto.

In the embodiment of the invention, a first random number is generated; determining a third target system by using the first random number and the first target system; and converting the data to be encrypted into a first encryption character string by using the third target system, and generating a public key by using the first encryption character string, so that generation of the public key by using a fixed key is avoided, and the security of the data to be encrypted is further improved.

In an optional embodiment of the present invention, the step of converting the data to be encrypted into a second encrypted string by using the second target system, and generating a private key by using the second encrypted string includes:

generating a second random number;

In practical application, the related art encrypts data in a "fixed key" manner, for example, when the same mobile phone number is encrypted each time, the generated keys are the same, that is, the mechanism for updating the keys in the prior art cannot adapt to the security level required by the encryption of the mobile phone number, so that the embodiment of the present invention can generate a second random number, then determine a fourth target system by using the second random number and the second target system, then convert the data to be encrypted into a second encrypted character string by using the fourth target system, and generate a private key by using the second encrypted character string.

For example, assuming that the mobile phone number of the user is 19110411217, the second device may respond to the request encryption information, extract the last four bits "1217" of 19110411217 as the sub data to be encrypted, and send the sub data to be encrypted to the first device; assuming that the first bit a =1, the second bit B =2, the third bit c =1, and the fourth bit d =7 of the sub-data 1217 "to be encrypted, the first device may determine that the second target system (private key system) B =2*7+ (2+7) =23, generate the second random number 2, 23+2=25, and the first device may further perform 25-system conversion on 19110411217 to generate the character string" 336mg7nh "as the second encrypted character string, and in order to distinguish it from the public key, may generate the private key" S336mg7nh "for its configuration identifier" S ".

Of course, a person skilled in the art may determine the fourth target system by using the second random number and the second target system based on other algorithms, and the embodiment of the present invention is not limited thereto.

According to the embodiment of the invention, the second random number is generated, the fourth target system is determined by adopting the second random number and the second target system, the data to be encrypted is converted into the second encryption character string by adopting the fourth target system, and the private key is generated by the second encryption character string, so that the generation of the private key by adopting a fixed key is avoided, and the safety of the data to be encrypted is further improved.

Optionally, in the embodiment of the present invention, after the private key is used to decrypt the encrypted data, the private key and the public key are deleted. The embodiment of the invention can destroy the private key and the public key after the encrypted data is decrypted by adopting the private key, thereby further ensuring the security aiming at the data to be encrypted.

In an optional embodiment of the invention, the first device is configured with a scale pool for translating the scales.

In practical applications, if the binary conversion is performed manually each time, the cost is increased and the efficiency is low, so the embodiment of the present invention may configure the first device with a binary pool for converting the binary, and when the binary conversion is performed on the data, the first encryption string and/or the second encryption string may be automatically generated according to the following formula.

The formula of the system conversion is as follows:

abcd＝a*X ^(n-1) +b*X ^(n-1) +c*X ^(n-1)

wherein X represents a scale and n represents a number of bits.

In order to better understand the embodiments of the present invention, a full example will be described below.

Referring to fig. 3, fig. 3 is a flowchart of another data encryption and decryption method provided in an embodiment of the present invention, a decryption side (a first device) in the embodiment of the present invention may be configured with a data interface for sending a public key to an encryption side (a second device), before data encryption is performed by the encryption side, the data interface may be accessed to obtain a public key and a decryption ID, the encryption side needs to carry the decryption ID when performing encrypted data transmission, and the decryption side obtains a private key through the decryption ID to perform decryption.

Specifically, referring to fig. 4, fig. 4 is a flowchart illustrating steps of another data encryption and decryption method provided in an embodiment of the present invention, where a first device may generate a binary pool; assuming that the mobile phone number of the user is 19110411217, the second device may respond to the request for encryption information, extract the last four bits "1217" of 19110411217 as the sub data to be encrypted, and send the sub data to be encrypted to the first device, assuming that the first bit a =1, the second bit b =2, the third bit c =1, and the fourth bit d =7 of the last four bits "1217", the first device may determine that the first target scale (public key scale) a =1*1+ (1+1) =3, and then generate the first random number 6,3+6=9, and may perform 9-scale conversion on 19110411217 to generate the character string "54284543761" as the first encryption character string, and in order to distinguish it from the private key, may generate the public key "G54284543761" for its configuration identifier "G"; the first device may further determine that a second target system (private key system) B =2*7+ (2+7) =23, generate a second random number 2, 23+2=25, then perform 25 system conversion on 19110411217 to generate a character string "336mg7nh" as a second encrypted character string, and in order to distinguish the second encrypted character string from a public key, may generate a private key "S336mg7nh" for a configuration identifier "S", where the system number is binary at the minimum and thirty-six system at the maximum, and this process may be completed based on a system conversion formula by a system pool set at a decryption side; generating a key-value pair key-value as a decryption ID, wherein the value can be used as a first association relation to determine a target private key from a plurality of private keys, and the key can be a public key or other values which can be used for establishing a second association relation; the decryption party sends the public key and the decryption ID to the encryption party, and the encryption party encrypts the mobile phone number through the public key; when the data transmission party completes encryption, a decryption ID is required to be transmitted to the data receiving party, and the decryption ID is unique and can be used only once; the data receiving party requests the private key obtaining method through the decryption system ID, the decryption system is determined through the system ID, decryption is carried out after the private key is generated, and the public key and the private key are destroyed after decryption is finished.

A binary conversion formula:

abcd＝a*X ^(n-1) +b*X ^(n-1) +c*X ^(n-1)

wherein X represents a scale and n represents a number of bits.

Through the mode, on the premise of avoiding symmetric encryption, plaintext display of the secret key is avoided, one request is distributed to a pair of public keys and private keys, the request can be regenerated every time, the request is destroyed after being used, only data of a single user can be lost even if the secret key is broken or leaked, the safety of user data is better protected, and the security level of mobile phone number encryption is greatly improved.

Example two

Referring to fig. 5, a flowchart illustrating steps of a data encryption and decryption method provided in the second embodiment of the present invention is shown, which may specifically include the following steps:

step 501, extracting subdata to be encrypted from data to be encrypted according to a preset rule;

step 502, sending the subdata to be encrypted to the first device;

step 503, encrypting the data to be encrypted by using the public key, and generating a ciphertext;

step 504, sending the ciphertext to a first device; the first device is further configured to decrypt the ciphertext with the private key and restore the ciphertext to the data to be encrypted.

In a specific implementation, the embodiment of the present invention may be applied to a second device, and specifically, the second device may be an encryption-side device, such as an encryption server, an encryption terminal device, and the like, and the first device may be configured to receive the sub-data to be encrypted, which is sent by the second device; determining a first target system and a second target system according to the to-be-encrypted subdata; converting the data to be encrypted into a first encryption character string through the first target system, and generating a public key through the first encryption character string; converting the data to be encrypted into a second encryption character string through the second target system, and generating a private key through the second encryption character string; sending the public key to the second device.

In an optional embodiment of the present invention, the first device is configured to generate, by using the to-be-encrypted sub data, a decryption identifier for the private key, and send the decryption identifier to the second device, where the private key and the decryption identifier have a first association relationship, and the method further includes:

receiving a decryption identification transmitted by the first device.

In an optional embodiment of the present invention, the ciphertext and the decryption identifier have a second association relationship, and the first device is configured to determine, by using the first association relationship and the second association relationship, a target private key for the ciphertext, decrypt the ciphertext by using the target private key, and restore the ciphertext to the data to be encrypted.

Extracting subdata to be encrypted from data to be encrypted according to a preset rule; sending the subdata to be encrypted to the first equipment; the first device is used for receiving the subdata to be encrypted, which is sent by the second device; determining a first target system and a second target system according to the to-be-encrypted subdata; converting the data to be encrypted into a first encryption character string through the first target system, and generating a public key through the first encryption character string; converting the data to be encrypted into a second encryption character string through the second target system, and generating a private key through the second encryption character string; sending the public key to the second device; encrypting the data to be encrypted by adopting the public key and generating a ciphertext; sending the ciphertext to a first device; the first device is further configured to decrypt the ciphertext by using the private key and restore the ciphertext to the data to be encrypted, so that encryption of encrypted data in a symmetric encryption manner is avoided, display of the key in a plaintext is also avoided, and security of the data is improved.

For the second embodiment, since it is basically similar to the first embodiment on the first device side, the description is simple, and for the relevant points, refer to the partial description of the method embodiment.

It should be noted that, for simplicity of description, the method embodiments are described as a series of acts or combination of acts, but those skilled in the art will recognize that the present invention is not limited by the illustrated order of acts, as some steps may occur in other orders or concurrently in accordance with the embodiments of the present invention. Further, those skilled in the art will appreciate that the embodiments described in the specification are presently preferred and that no particular act is required to implement the invention.

EXAMPLE III

Referring to fig. 6, a block diagram of a data encryption and decryption apparatus provided in the third embodiment of the present invention is shown, which may specifically include the following modules:

a request encryption information receiving module 601, configured to receive the subdata to be encrypted sent by the second device;

an encrypted subdata extracting module 602, configured to extract subdata to be encrypted from the data to be encrypted according to a preset rule;

a first target system determining module 603, configured to determine a first target system and a second target system according to the sub data to be encrypted;

a public key generating module 604, configured to convert the data to be encrypted into a first encrypted character string through the first target system, and generate a public key through the first encrypted character string;

a private key generating module 605, configured to convert the data to be encrypted into a second encrypted character string through the second target system, and generate a private key through the second encrypted character string;

a public key sending module 606, configured to send the public key to the second device; the second device is used for encrypting the data to be encrypted by adopting the public key and generating a ciphertext; the second device is also used for sending the ciphertext to the first device;

and a ciphertext decryption module 607, configured to decrypt the ciphertext with the private key and restore the ciphertext to the data to be encrypted.

Example four

Referring to fig. 7, a block diagram of a data encryption and decryption apparatus provided in the fourth embodiment of the present invention is shown, and specifically, the data encryption and decryption apparatus may include the following modules:

a request encryption information generating module 701, configured to extract sub data to be encrypted from data to be encrypted according to a preset rule;

a request encryption information sending module 702, configured to send the sub data to be encrypted to the first device; the first device is used for receiving the subdata to be encrypted, which is sent by the second device; determining a first target system and a second target system according to the to-be-encrypted subdata; converting the data to be encrypted into a first encryption character string through the first target system, and generating a public key through the first encryption character string; converting the data to be encrypted into a second encryption character string through the second target system, and generating a private key through the second encryption character string; sending the public key to the second device;

a ciphertext generating module 703, configured to encrypt the data to be encrypted by using the public key, and generate a ciphertext;

a ciphertext sending module 704, configured to send the ciphertext to the first device; the first device is further configured to decrypt the ciphertext by using the private key, and restore the ciphertext to the data to be encrypted.

For the device embodiment, since it is basically similar to the method embodiment, the description is simple, and for the relevant points, refer to the partial description of the method embodiment.

In addition, an embodiment of the present invention further provides an electronic device, including: the processor, the memory, and the computer program stored in the memory and capable of running on the processor, when executed by the processor, implement the processes of the above-mentioned data encryption and decryption method embodiments, and can achieve the same technical effects, and are not described herein again to avoid repetition.

The embodiment of the present invention further provides a computer-readable storage medium, where a computer program is stored on the computer-readable storage medium, and when being executed by a processor, the computer program implements each process of the data encryption and decryption method embodiment, and can achieve the same technical effect, and in order to avoid repetition, details are not repeated here. The computer-readable storage medium may be a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk.

Fig. 8 is a schematic diagram of a hardware structure of an electronic device implementing various embodiments of the present invention.

The electronic device 800 includes, but is not limited to: a radio frequency unit 801, a network module 802, an audio output unit 803, an input unit 804, a sensor 805, a display unit 806, a user input unit 807, an interface unit 808, a memory 809, a processor 810, and a power supply 811. Those skilled in the art will appreciate that the electronic device configuration shown in fig. 8 does not constitute a limitation of the electronic device, and that the electronic device may include more or fewer components than shown, or some components may be combined, or a different arrangement of components. In the embodiment of the present invention, the electronic device includes, but is not limited to, a mobile phone, a tablet computer, a notebook computer, a palm computer, a vehicle-mounted terminal, a wearable device, a pedometer, and the like.

It should be understood that, in the embodiment of the present invention, the radio frequency unit 801 may be used for receiving and sending signals during a message sending and receiving process or a call process, and specifically, receives downlink data from a base station and then processes the received downlink data to the processor 810; in addition, uplink data is transmitted to the base station. In general, radio frequency unit 801 includes, but is not limited to, an antenna, at least one amplifier, a transceiver, a coupler, a low noise amplifier, a duplexer, and the like. Further, the radio frequency unit 801 may also communicate with a network and other devices through a wireless communication system.

The electronic device provides wireless broadband internet access to the user via the network module 802, such as to assist the user in sending and receiving e-mails, browsing web pages, and accessing streaming media.

The audio output unit 803 may convert audio data received by the radio frequency unit 801 or the network module 802 or stored in the memory 809 into an audio signal and output as sound. Also, the audio output unit 803 may also provide audio output related to a specific function performed by the electronic apparatus 800 (e.g., a call signal reception sound, a message reception sound, etc.). The audio output unit 803 includes a speaker, a buzzer, a receiver, and the like.

The input unit 804 is used for receiving an audio or video signal. The input Unit 804 may include a Graphics Processing Unit (GPU) 8041 and a microphone 8042, and the Graphics processor 8041 processes image data of still pictures or video obtained by an image capturing device (such as a camera) in a video capture mode or an image capture mode. The processed image frames may be displayed on the display unit 806. The image frames processed by the graphics processor 8041 may be stored in the memory 809 (or other storage medium) or transmitted via the radio frequency unit 801 or the network module 802. The microphone 8042 can receive sound, and can process such sound into audio data. The processed audio data may be converted into a format output transmittable to a mobile communication base station via the radio frequency unit 801 in case of a phone call mode.

The electronic device 800 also includes at least one sensor 805, such as light sensors, motion sensors, and other sensors. Specifically, the light sensor includes an ambient light sensor that can adjust the brightness of the display panel 8061 according to the brightness of ambient light, and a proximity sensor that can turn off the display panel 8061 and/or the backlight when the electronic device 800 moves to the ear. As one type of motion sensor, an accelerometer sensor can detect the magnitude of acceleration in each direction (generally three axes), detect the magnitude and direction of gravity when stationary, and can be used to identify the posture of an electronic device (such as horizontal and vertical screen switching, related games, magnetometer posture calibration), and vibration identification related functions (such as pedometer, tapping); the sensors 805 may also include fingerprint sensors, pressure sensors, iris sensors, molecular sensors, gyroscopes, barometers, hygrometers, thermometers, infrared sensors, etc., which are not described in detail herein.

The display unit 806 is used to display information input by the user or information provided to the user. The Display unit 806 may include a Display panel 8061, and the Display panel 8061 may be configured in the form of a Liquid Crystal Display (LCD), an Organic Light-Emitting Diode (OLED), or the like.

The user input unit 807 may be used to receive input numeric or character information and generate key signal inputs related to user settings and function control of the electronic apparatus. Specifically, the user input unit 807 includes a touch panel 8071 and other input devices 8072. The touch panel 8071, also referred to as a touch screen, may collect touch operations by a user on or near the touch panel 8071 (e.g., operations by a user on or near the touch panel 8071 using a finger, a stylus, or any other suitable object or accessory). The touch panel 8071 may include two portions of a touch detection device and a touch controller. The touch detection device detects the touch direction of a user, detects a signal brought by touch operation and transmits the signal to the touch controller; the touch controller receives touch information from the touch sensing device, converts the touch information into touch point coordinates, sends the touch point coordinates to the processor 810, receives a command from the processor 810, and executes the command. In addition, the touch panel 8071 can be implemented by various types such as a resistive type, a capacitive type, an infrared ray, and a surface acoustic wave. In addition to the touch panel 8071, the user input unit 807 can include other input devices 8072. In particular, other input devices 8072 may include, but are not limited to, a physical keyboard, function keys (e.g., volume control keys, switch keys, etc.), a trackball, a mouse, and a joystick, which are not described in detail herein.

Further, the touch panel 8071 can be overlaid on the display panel 8061, and when the touch panel 8071 detects a touch operation on or near the touch panel 8071, the touch operation is transmitted to the processor 810 to determine the type of the touch event, and then the processor 810 provides a corresponding visual output on the display panel 8061 according to the type of the touch event. Although in fig. 8, the touch panel 8071 and the display panel 8061 are two independent components to implement the input and output functions of the electronic device, in some embodiments, the touch panel 8071 and the display panel 8061 may be integrated to implement the input and output functions of the electronic device, and the implementation is not limited herein.

The interface unit 808 is an interface for connecting an external device to the electronic apparatus 800. For example, the external device may include a wired or wireless headset port, an external power supply (or battery charger) port, a wired or wireless data port, a memory card port, a port for connecting a device having an identification module, an audio input/output (I/O) port, a video I/O port, an earphone port, and the like. The interface unit 808 may be used to receive input (e.g., data information, power, etc.) from external devices and transmit the received input to one or more elements within the electronic device 800 or may be used to transmit data between the electronic device 800 and external devices.

The memory 809 may be used to store software programs as well as various data. The memory 809 may mainly include a program storage area and a data storage area, wherein the program storage area may store an operating system, application programs (such as a sound playing function, an image playing function, etc.) required for at least one function, and the like; the storage data area may store data (such as audio data, a phonebook, etc.) created according to the use of the cellular phone, and the like. Further, the memory 809 can include high speed random access memory, and can also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device.

The processor 810 is a control center of the electronic device, connects various parts of the whole electronic device by using various interfaces and lines, performs various functions of the electronic device and processes data by running or executing software programs and/or modules stored in the memory 809 and calling data stored in the memory 809, thereby monitoring the whole electronic device. Processor 810 may include one or more processing units; preferably, the processor 810 may integrate an application processor, which mainly handles operating systems, user interfaces, application programs, etc., and a modem processor, which mainly handles wireless communications. It will be appreciated that the modem processor described above may not be integrated into processor 810.

The electronic device 800 may also include a power supply 811 (e.g., a battery) for powering the various components, and preferably, the power supply 811 may be logically coupled to the processor 810 via a power management system to manage charging, discharging, and power consumption management functions via the power management system.

In addition, the electronic device 800 includes some functional modules that are not shown, and are not described in detail herein.

It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising a … …" does not exclude the presence of another identical element in a process, method, article, or apparatus that comprises the element.

Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, which is stored in a storage medium (such as ROM/RAM, magnetic disk, optical disk) and includes instructions for enabling a terminal (such as a mobile phone, a computer, a server, an air conditioner, or a network device) to execute the method according to the embodiments of the present invention.

While the present invention has been described with reference to the embodiments shown in the drawings, the present invention is not limited to the embodiments, which are illustrative and not restrictive, and it will be apparent to those skilled in the art that various changes and modifications can be made therein without departing from the spirit and scope of the invention as defined in the appended claims.

Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the technical solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.

It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.

In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.

The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one position, or may be distributed on multiple network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.

In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit.

The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: various media capable of storing program codes, such as a U disk, a removable hard disk, a ROM, a RAM, a magnetic disk, or an optical disk.

The above description is only for the specific embodiments of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present invention, and all the changes or substitutions should be covered within the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.

Claims

1. A data encryption and decryption method is applied to a first device, the first device is provided with a corresponding second device, the second device is used for extracting sub data to be encrypted from data to be encrypted according to a preset rule and sending the sub data to be encrypted to the first device, and the method comprises the following steps:

receiving the subdata to be encrypted, which is sent by the second equipment;

2. The method of claim 1, further comprising, prior to the step of sending the public key to the second device:

and sending the decryption identification to the second equipment.

3. The method according to claim 2, wherein the ciphertext and the decryption identifier have a second association relationship, and the step of decrypting the ciphertext using the private key and restoring the ciphertext to the data to be encrypted comprises:

4. The method according to claim 1, wherein the step of converting the data to be encrypted into a first encryption string through the first target system, and generating a public key through the first encryption string comprises:

generating a first random number;

5. The method according to claim 1, wherein the step of converting the data to be encrypted into a second encryption string through the second target binary system, and generating a private key through the second encryption string comprises:

generating a second random number;

6. The method of any of claims 1-5, wherein the first device is configured with a scale pool for translating scales.

7. A data encryption and decryption method applied to a second device having a corresponding first device, the method comprising:

8. The method of claim 7, wherein the first device is configured to generate a decryption identifier for the private key from the sub-data to be encrypted, and send the decryption identifier to the second device, and the private key and the decryption identifier have a first association relationship, and the method further includes:

receiving a decryption identification transmitted by the first device.

9. The method according to claim 8, wherein the ciphertext and the decryption identifier have a second association, and the first device is configured to determine a target private key for the ciphertext by using the first association and the second association, decrypt the ciphertext by using the target private key, and restore the ciphertext to the data to be encrypted.

10. The device for encrypting and decrypting data is applied to first equipment, the first equipment is provided with corresponding second equipment, the second equipment is used for extracting subdata to be encrypted from data to be encrypted according to a preset rule and sending the subdata to be encrypted to the first equipment, and the device comprises:

11. The apparatus of claim 10, further comprising:

12. The apparatus of claim 11, wherein the ciphertext and the decryption identifier have a second association, and wherein the ciphertext decryption module comprises:

a target private key determining sub-module, configured to determine a target private key for the ciphertext by using the first association relationship and the second association relationship;

and the ciphertext decryption sub-module is used for decrypting the ciphertext by adopting the target private key and restoring the ciphertext into the data to be encrypted.

13. The apparatus of claim 10, wherein the public key generation module comprises:

14. The apparatus of claim 10, wherein the private key generation module comprises:

15. The apparatus of any of claims 10-14, wherein the first device is configured with a scale pool for translating scales.

16. An apparatus for encrypting and decrypting data, the apparatus being applied to a second device having a corresponding first device, the apparatus comprising:

17. The apparatus of claim 16, wherein the first device is configured to generate, by the sub-data to be encrypted, a decryption identifier for the private key, and send the decryption identifier to the second device, and the private key and the decryption identifier have a first association relationship, and the apparatus further comprises:

18. The apparatus according to claim 17, wherein the ciphertext and the decryption identifier have a second association relationship, and the first device is configured to determine a target private key for the ciphertext by using the first association relationship and the second association relationship, decrypt the ciphertext by using the target private key, and restore the ciphertext to the data to be encrypted.

19. An electronic device, comprising a processor, a communication interface, a memory and a communication bus, wherein the processor, the communication interface and the memory communicate with each other via the communication bus;

the memory is used for storing a computer program;

the processor, when executing a program stored on the memory, implementing the method of any of claims 1-6 or 7-9.

20. A computer-readable storage medium having stored thereon instructions, which when executed by one or more processors, cause the processors to perform the method of any one of claims 1-6 or 7-9.