CN115622691A - Serialization method, deserialization method and deserialization device of secret key - Google Patents

Serialization method, deserialization method and deserialization device of secret key Download PDF

Info

Publication number
CN115622691A
CN115622691A CN202211093781.4A CN202211093781A CN115622691A CN 115622691 A CN115622691 A CN 115622691A CN 202211093781 A CN202211093781 A CN 202211093781A CN 115622691 A CN115622691 A CN 115622691A
Authority
CN
China
Prior art keywords
variable
key
field
value
sequence number
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211093781.4A
Other languages
Chinese (zh)
Inventor
王馨艺
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Bank of China Ltd
Original Assignee
Bank of China Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Bank of China Ltd filed Critical Bank of China Ltd
Priority to CN202211093781.4A priority Critical patent/CN115622691A/en
Publication of CN115622691A publication Critical patent/CN115622691A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Input From Keyboards Or The Like (AREA)

Abstract

The invention discloses a key serialization method, a key deserialization method and a key deserialization device, wherein the serialization method comprises the following steps: generating a key structure body according to the key structure body model, wherein the key structure body comprises a plurality of member variables arranged according to a determined sequence number; generating variable values corresponding to a plurality of member variables by using a random number generator; according to the variable type of the member variable, performing corresponding type conversion on the variable value corresponding to the member variable to obtain a key field corresponding to the member variable; desensitizing the literal value of the member variable to obtain a variable field, wherein the literal value of the member variable is used for representing the variable type of the member variable; obfuscating any variable field and a key field corresponding to the variable field to obtain a key-value pair with a specified sequence number, wherein the key corresponds to the variable field, and the value corresponds to the key field; and sequencing all the key value pairs according to the specified sequence numbers to obtain the serialized keys. The invention can improve the security of the secret key.

Description

Serialization method, deserialization method and deserialization device of secret key
Technical Field
The present invention relates to the technical field of key serialization, and in particular, to a key serialization method, a key deserialization method, and an apparatus thereof.
Background
With more and more business activities handled through the network, a large amount of business data is queried and transmitted through the network, the security of the data becomes a vital part in the network security, and the technology of encrypting through a secret key is generated for the security operation of the data in a network scene.
The keys adopted in the existing key-dependent processing scheme are public and universal, most of the keys are only random numbers of some basic data types, and the generated keys are low in security.
Therefore, there is a need for a method for serializing and deserializing a secret key to process the secret key, so as to improve the security of the secret key.
Disclosure of Invention
The embodiment of the invention provides a key serialization method for improving the security of a key, which comprises the following steps:
generating a key structure body according to the key structure body model, wherein the key structure body comprises a plurality of member variables arranged according to a determined sequence number;
generating variable values corresponding to a plurality of member variables by using a random number generator;
according to the variable type of the member variable, performing corresponding type conversion on the variable value corresponding to the member variable to obtain a key field corresponding to the member variable;
desensitizing the literal value of the member variable to obtain a variable field, wherein the literal value of the member variable is used for representing the variable type of the member variable;
obfuscating any variable field and a key field corresponding to the variable field to obtain a key-value pair with a specified sequence number, wherein a key corresponds to the variable field, and a value corresponds to the key field;
and sequencing all the key value pairs according to the specified sequence numbers to obtain the serialized keys.
Preferably, the converting the variable value corresponding to the member variable into a corresponding type according to the variable type of the member variable to obtain the key field corresponding to the member variable further includes:
if the variable type of the member variable is the basic data type, converting the variable value corresponding to the member variable into a character string by using a serialized library function, and taking the character string as a key field corresponding to the member variable;
and if the variable type of the member variable is the pointer type, determining and reading data of a memory area pointed by a pointer according to the variable value corresponding to the member variable, converting the data into a character string by using a serialized library function, and taking the character string as a key field corresponding to the member variable.
Preferably, the desensitizing processing is performed on the literal values of the member variables, and obtaining the variable field further includes:
and determining a comparison value corresponding to the literal value of the member variable by using a pre-established comparison relation table, and taking the comparison value as a variable field.
Preferably, the obfuscating any one of the variable fields and the key field corresponding to the variable field to obtain a key-value pair with a specific sequence number, where the key corresponds to the variable field, and the key-value pair corresponding to the key field further includes:
taking any variable field and a key field corresponding to the variable field as a key value pair;
taking the determined serial number of the member variable corresponding to the variable field when the member variable is arranged according to the determined serial number as the determined serial number of the key value pair;
and determining the assigned serial number corresponding to the key value pair according to the determined serial number of the key value pair and a mapping relation table established in advance.
Preferably, after the sorting all key-value pairs according to the assigned sequence numbers to obtain the serialized keys, the method further includes:
dividing all key value pairs sequenced according to the assigned serial numbers into a set of set numbers;
all sets are stored into multiple servers, where each server stores all sets to ensure load balancing.
Preferably, the plurality of servers includes a master server and a plurality of slave servers;
the storing all sets into a plurality of servers further comprises:
writing all the sets into a main server;
and the master server issues all the sets to the plurality of slave servers and stores all the sets in the plurality of slave servers.
The embodiment of the invention also provides a key deserialization method, which comprises the following steps:
generating an initial key structure body according to the key structure body model;
acquiring all key value pairs ordered according to the appointed sequence number, wherein a key corresponds to a variable field, and a value corresponds to a key field;
s110: performing anti-confusion processing on any key value pair according to the assigned serial number of the key value pair to obtain a variable field arranged according to the determined serial number and a key field corresponding to the variable field;
s120: carrying out inverse desensitization processing on the variable field to obtain a literal value of a member variable;
s130: determining the variable type of the member variable according to the literal value of the member variable;
s140: according to the variable type of the member variable, performing inverse conversion on the corresponding key field to obtain a variable value corresponding to the member variable;
and obtaining a key structure body according to the variable value corresponding to the member variable and the initial key structure body.
Preferably, the performing anti-obfuscation processing on any key-value pair according to the assigned sequence number of the key-value pair to obtain a variable field arranged according to the determined sequence number and a key field corresponding to the variable field further includes:
determining a determined sequence number corresponding to any key-value pair according to the assigned sequence number of the key-value pair and a pre-established mapping relation table;
and taking the determined sequence number as the determined sequence number of the variable field in the key value pair to obtain the variable field arranged according to the determined sequence number and the key field corresponding to the variable field.
Preferably, the performing anti-desensitization processing on the variable field to obtain a literal value of a member variable further includes:
and taking the variable field as a comparison value, determining a value corresponding to the comparison value by utilizing a pre-established comparison relation table, and taking the value as a literal value of the member variable.
Preferably, the inversely converting the corresponding key field according to the variable type of the member variable to obtain the variable value corresponding to the member variable further includes:
if the variable type of the member variable is the basic data type, reversely converting the corresponding key field by using an deserializing library function to obtain a corresponding variable value;
and if the variable type of the member variable is a pointer type, reversely converting the corresponding key field by using an deserializing library function to obtain the variable value stored in the memory area pointed by the pointer.
Preferably, the obtaining all key-value pairs sorted according to the designated sequence number further includes:
selecting a set number of servers from a plurality of servers;
taking a set from the selected servers; any two obtained sets are different, any set comprises at least one key value pair sorted according to a specified sequence number, and all obtained sets comprise all key value pairs sorted according to the specified sequence number in total;
a plurality of sets are processed in parallel by S110 to S140 in the above-described key deserialization method.
Preferably, the plurality of servers includes a master server and a plurality of slave servers;
the selecting a set number of servers from the plurality of servers further comprises:
a set number of servers are selected from a plurality of slave servers.
An embodiment of the present invention further provides a key serialization apparatus, including:
the structure body generation module is used for generating a key structure body according to a key structure body model, wherein the key structure body comprises a plurality of member variables arranged according to a determined sequence number;
the variable value generating module is used for generating variable values corresponding to the plurality of member variables by using a random number generator;
the key field generation module is used for performing corresponding type conversion on a variable value corresponding to the member variable according to the variable type of the member variable to obtain a key field corresponding to the member variable;
the variable field generation module is used for desensitizing the literal values of the member variables to obtain variable fields, wherein the literal values of the member variables are used for representing the variable types of the member variables;
the confusion processing module is used for carrying out confusion processing on any variable field and the key field corresponding to the variable field to obtain a key value pair with a specified sequence number, wherein the key corresponds to the variable field, and the value corresponds to the key field;
and the generating module is used for sequencing all key value pairs according to the specified sequence number to obtain the serialized key.
An embodiment of the present invention further provides an apparatus for deserializing a secret key, including:
the structure body generation module is used for generating an initial key structure body according to the key structure body model;
the key-value pair generating module is used for acquiring all key-value pairs which are ordered according to the appointed sequence number, wherein the key corresponds to a variable field, and the value corresponds to a key field;
the anti-confusion module is used for carrying out anti-confusion processing on any key value pair according to the appointed sequence number of the key value pair to obtain a variable field arranged according to the confirmed sequence number and a key field corresponding to the variable field;
the anti-desensitization module is used for carrying out anti-desensitization treatment on the variable field to obtain a literal value of a member variable;
the type determining module is used for determining the variable type of the member variable according to the literal value of the member variable;
the reverse conversion module is used for performing reverse conversion on the corresponding key field according to the variable type of the member variable to obtain a variable value corresponding to the member variable;
and the key generation module is used for obtaining a key structure body according to the variable value corresponding to the member variable and the initial key structure body.
The embodiment of the present invention further provides a computer device, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor, and the processor implements the method when executing the computer program.
An embodiment of the present invention further provides a computer-readable storage medium, in which a computer program is stored, and the computer program, when executed by a processor, implements the above method.
An embodiment of the present invention further provides a computer program product, where the computer program product includes a computer program, and when the computer program is executed by a processor, the computer program implements the method described above.
In the embodiment of the invention, the variable values corresponding to the member variables in the key structure are generated through the random number generator, the member variables are arranged according to the determined sequence numbers, the determined sequence numbers corresponding to the member variables are the determined sequence numbers corresponding to the variable values, and the whole key is obtained after all the variable values are arranged according to the determined sequence numbers. In order to improve the security of the key, the variable value needs to be converted to obtain a key field, the literal value of the member variable needs to be desensitized to obtain a variable field, the variable field and the corresponding key field are obfuscated to obtain a key pair with a specified serial number, all the key pairs are ordered according to the specified serial number to obtain an ordered key, and the security of the ordered key is high. And obtaining all key value pairs ordered according to the appointed serial numbers, obtaining the variable values corresponding to the member variables after a series of anti-confusion, anti-desensitization and inverse transformation are carried out according to the key value pairs, then writing the corresponding variable values into the initial key structure body to obtain the key structure body, and taking out the variable values corresponding to all the member variables in the key structure body according to the determined serial numbers to obtain the complete key with higher safety.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the embodiments or the prior art descriptions will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and other drawings can be obtained by those skilled in the art without creative efforts. In the drawings:
fig. 1 is a schematic flowchart of a key serialization method provided in an embodiment of the present invention;
fig. 2 is a schematic flow chart illustrating a process of performing type conversion on a variable value corresponding to a member variable according to the variable type of the member variable to obtain a key field corresponding to the member variable according to the embodiment of the present invention;
fig. 3 is a schematic flow chart of a process for obfuscating any variable field and a key field corresponding to the variable field to obtain a key-value pair with a specific sequence number according to an embodiment of the present invention;
fig. 4 is a schematic flow chart of a process after all key-value pairs are sorted according to assigned sequence numbers to obtain serialized keys according to the embodiment of the present invention;
FIG. 5 is a flow chart of storing all collections in multiple servers according to an embodiment of the present invention;
fig. 6 is a schematic flowchart of a key deserialization method provided in an embodiment of the present invention;
fig. 7 is a schematic flowchart of a process for performing anti-obfuscation processing on any key-value pair according to a specified sequence number of the key-value pair to obtain variable fields arranged according to a determined sequence number and key fields corresponding to the variable fields, according to the embodiment of the present invention;
fig. 8 is a schematic flowchart of a process for performing inverse transformation on a corresponding key field according to a variable type of a member variable to obtain a variable value corresponding to the member variable according to the embodiment of the present invention;
fig. 9 is a schematic structural diagram of a key serialization apparatus provided in an embodiment of the present invention;
fig. 10 is a schematic structural diagram of an apparatus for deserializing a secret key provided in an embodiment of the present invention;
fig. 11 is a schematic structural diagram of a computer device provided in an embodiment of the present invention.
Description of the symbols of the drawings:
10. a structure generation module;
11. a variable value generation module;
12. a key field generation module;
13. a variable field generation module;
14. an obfuscation processing module;
15. a generating module;
20. a structure generation module;
21. a key-value pair generating module;
22. an anti-aliasing module;
23. an anti-desensitization module;
24. a type determination module;
25. a reverse conversion module;
26. a key generation module;
1102. a computer device;
1104. a processor;
1106. a memory;
1108. a drive mechanism;
1110. an input/output module;
1112. an input device;
1114. an output device;
1116. a presentation device;
1118. a graphical user interface;
1120. a network interface;
1122. a communication link;
1124. a communication bus.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the embodiments of the present invention are further described in detail below with reference to the accompanying drawings. The exemplary embodiments and descriptions of the present invention are provided to explain the present invention, but not to limit the present invention.
The keys adopted in the existing key-dependent processing scheme are public and universal, most of the keys are only random numbers of some basic data types, and the generated keys are low in security.
In order to solve the above problem, an embodiment of the present invention provides a method for serializing a key. Fig. 1 is a flow chart of a key serialization method provided by an embodiment of the present invention, and the present specification provides the method operation steps as described in the embodiment or the flow chart, but more or less operation steps may be included based on conventional or non-inventive labor. The order of steps recited in the embodiments is merely one manner of performing the steps in a multitude of orders and does not represent the only order of execution. In the actual implementation of the system or the device product, the method according to the embodiments or shown in the drawings can be executed in sequence or in parallel.
It should be noted that the terms "first," "second," and the like in the description and claims of the present invention and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the invention described herein are capable of operation in sequences other than those illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, apparatus, article, or device that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or device.
Referring to fig. 1, the present invention shows a method for serializing a key, comprising:
s101: generating a key structure body according to the key structure body model, wherein the key structure body comprises a plurality of member variables arranged according to a determined sequence number;
s102: generating variable values corresponding to a plurality of member variables by using a random number generator;
s103: according to the variable type of the member variable, performing corresponding type conversion on the variable value corresponding to the member variable to obtain a key field corresponding to the member variable;
s104: desensitizing the literal value of the member variable to obtain a variable field, wherein the literal value of the member variable is used for representing the variable type of the member variable;
s105: obfuscating any variable field and a key field corresponding to the variable field to obtain a key-value pair with a specified sequence number, wherein the key corresponds to the variable field, and the value corresponds to the key field;
s106: and sequencing all the key value pairs according to the specified sequence numbers to obtain the serialized keys.
A structure is a data type that describes the size and interpretation meaning of a block of memory space, and generally consists of different types of member variables. The key structure model is used for generating a key structure, and the arrangement sequence of the member variables in the key structure model is fixed, so the member variables in the key structure generated according to the key structure model are arranged according to the determined sequence numbers.
The random number generator is used for generating variable values corresponding to the plurality of member variables, and the plurality of variable values are arranged according to the determined sequence numbers of the plurality of member variables corresponding to the plurality of member variables to form the key. For example, the key structure includes member variables a, b, and c arranged according to a predetermined sequence number, and a random number generator generates a variable value corresponding to a as 1, a variable value corresponding to b as 3, and a variable value corresponding to c as 5, so that the key is 135. If the member variables in the member variables are arrays, each element in the arrays corresponds to one variable value, for example, the member variable c is a one-dimensional array with a length of 3, and 3 variable values of the member variables generated by the random number generator are 7, 9, and 6.
For example, the member variables may be integer type, character type, floating point type, and pointer type, but the integer type, character type, floating point type, and the like may be unified as the basic data type as a whole, and the types of the member variables may be further classified into the basic data type and the pointer type. And according to different variable types of the member variables, performing corresponding type conversion on the variable values corresponding to the member variables to obtain the key fields corresponding to the member variables.
Further, the literal value of the member variable is used to characterize the variable type of the member variable, such as the integer variable a, where the letter a is the literal value of the integer variable used to characterize the member variable as the integer variable. After desensitization processing is carried out on the literal values of the member variables, variable fields can be obtained, and the purpose of desensitization processing is to hide information of the member variables.
For the member variable, the variable value is corresponded to the key field, and the variable value is converted into the key field, and the variable field is obtained after the member variable is processed, that is, the variable field is corresponded to the key field, and the variable field and the corresponding key field form a key value pair. Since the member variables are arranged according to the determined serial numbers, the key-value pairs are also arranged according to the determined serial numbers, and the purpose of performing the obfuscation processing on the variable fields and the corresponding key fields in the following steps is to obfuscate the arranged serial numbers of the key-value pairs to obtain the key-value pairs arranged with the specified serial numbers, for example, obfuscating the original key-value pair with the serial number of 1 into the key-value pair with the serial number of 5, and sorting all the key-value pairs according to the specified serial numbers to obtain the serialized keys.
In the embodiment of the invention, the variable values corresponding to the member variables in the key structure are generated through the random number generator, the member variables are arranged according to the determined sequence numbers, the determined sequence numbers corresponding to the member variables are the determined sequence numbers corresponding to the variable values, and the whole key is obtained after all the variable values are arranged according to the determined sequence numbers. In order to improve the security of the key, the variable value needs to be converted to obtain a key field, the literal value of the member variable needs to be desensitized to obtain a variable field, the variable field and the corresponding key field are obfuscated to obtain a key value pair with a specified sequence number, all the key value pairs are ordered according to the specified sequence number to obtain an serialized key, and the security of the serialized key is high.
Referring to fig. 2, the converting the variable value corresponding to the member variable into a corresponding type according to the variable type of the member variable to obtain the key field corresponding to the member variable further includes:
s201: if the variable type of the member variable is the basic data type, converting the variable value corresponding to the member variable into a character string by using a serialized library function, and taking the character string as a key field corresponding to the member variable;
s202: and if the variable type of the member variable is the pointer type, determining and reading data of a memory area pointed by a pointer according to the variable value corresponding to the member variable, converting the data into a character string by using a serialized library function, and taking the character string as a key field corresponding to the member variable.
The serialized library function can convert variable values into character strings, but for member variables of pointer types, the variable values corresponding to the pointer types represent memory areas, the variable values corresponding to the pointers are read firstly, namely the memory areas pointed by the pointers are determined, then data in the memory areas are read out, the data are converted into the character strings through the serialized library function, and the character strings are used as key fields. It should be noted that a uniform character suffix may be added at the end of each key field as a key field end identifier.
In this embodiment of the present invention, the desensitizing the literal values of the member variables, and obtaining the variable field further includes:
and determining a contrast value corresponding to the literal value of the member variable by using a pre-established contrast relation table, and taking the contrast value as a variable field.
The corresponding relation among the multiple groups of values is recorded in the comparison relation table, and the corresponding comparison value can be obtained by looking up the table according to the literal value of the member variable, for example, the literal value of the member variable is a, and the corresponding comparison value is m.
Referring to fig. 3, obfuscating any variable field and a key field corresponding to the variable field to obtain a key-value pair with a specific sequence number, where a key corresponds to the variable field, and a value corresponds to the key field, and the obfuscating includes:
s301: taking any variable field and a key field corresponding to the variable field as a key value pair;
s302: taking the determined serial number of the member variable corresponding to the variable field when the member variable is arranged according to the determined serial number as the determined serial number of the key value pair;
s303: and determining the assigned serial number corresponding to the key value pair according to the determined serial number of the key value pair and a mapping relation table established in advance.
A key in a key-value pair corresponds to a variable field and a value corresponds to a key field, such as a key-value pair m-33, where m is the variable field and 33 is the key field. The mapping relation between the determined sequence number and the designated sequence number is recorded in the mapping relation table, and the designated sequence number corresponding to the determined sequence number of the key-value pair can be obtained through table lookup according to the determined sequence number of the key-value pair, for example, the determined sequence number of the key-value pair is 1, and the corresponding designated sequence number is 3.
In the embodiment of the present invention, after the above steps are performed, for example, if a key-value pair m-33 with a designated serial number of 1, a key-value pair c-52 with a designated serial number of 2, and a key-value pair h-67 with a designated serial number of 3 are obtained, the serialized key is 335267.
In this embodiment of the present invention, referring to fig. 4, after the sorting all key-value pairs according to the designated sequence numbers to obtain the serialized keys, the method further includes:
s401: dividing all key value pairs sequenced according to the specified sequence number to form a set with a set number;
s402: all sets are stored into multiple servers, where each server stores all sets to ensure load balancing.
For example, all key value pairs may be divided into 3 sets or 4 sets, and the like, taking the division into 3 sets as an example, the 1 st set includes key value pairs m-33 with an assigned sequence number of 1, the 2 nd set includes key value pairs c-52 with an assigned sequence number of 2, the 3 rd set includes key value pairs h-67 with an assigned sequence number of 3, and 3 sets are stored in multiple servers.
Wherein the plurality of servers comprises a master server and a plurality of slave servers;
referring to fig. 5, said storing all sets into a plurality of servers further comprises:
s501: writing all the sets into a main server;
s502: and the master server issues all the sets to the plurality of slave servers and stores all the sets in the plurality of slave servers.
All the sets are written into the master server, and the master server issues the sets to the plurality of slave servers at proper time so as to ensure the consistency of the data.
To ensure data integrity, check values may also be written in multiple slave servers.
Referring to fig. 6, the present invention further includes a method for deserializing a secret key, including:
s000: generating an initial key structure body according to the key structure body model;
s100: acquiring all key value pairs ordered according to the appointed sequence number, wherein the key corresponds to a variable field, and the value corresponds to a key field;
s110: performing anti-confusion processing on any key value pair according to the assigned serial number of the key value pair to obtain variable fields arranged according to the determined serial number and key fields corresponding to the variable fields;
s120: carrying out anti-desensitization treatment on the variable field to obtain a literal value of a member variable;
s130: determining the variable type of the member variable according to the literal value of the member variable;
s140: according to the variable type of the member variable, performing inverse conversion on the corresponding key field to obtain a variable value corresponding to the member variable;
s150: and obtaining a key structure body according to the variable value corresponding to the member variable and the initial key structure body.
And generating an initial key structure according to the key structure model, wherein the key structure model in the S000 is the same model as the key structure model in the S101, so that the types of member variables in the key structure generated in the S101 and the member variables in the initial key structure generated in the S000 are the same, and the member variables are arranged according to the determined sequence numbers. However, for the key structure in S101, it is necessary to generate variable values for a plurality of member variables by using a random number generator, and for the initial key structure in S000, it is not necessary to generate variable values for a plurality of member variables by using a random number generator, but it is necessary to obtain all key value pairs ordered according to a specified number, obtain variable values corresponding to the member variables after a series of anti-aliasing, anti-desensitization, and inverse transformation is performed according to the key value pairs, and then write the corresponding variable values into the initial key structure, so as to obtain the key structure, and the variable values corresponding to all the member variables in the key structure are taken out according to the specified numbers, so as to obtain the complete key.
Further, referring to fig. 7, performing anti-obfuscation processing on any key-value pair according to the assigned sequence number of the key-value pair to obtain a variable field arranged according to the determined sequence number and a key field corresponding to the variable field further includes:
s200: determining a determined sequence number corresponding to any key-value pair according to the assigned sequence number of the key-value pair and a pre-established mapping relation table;
s210: and taking the determined sequence number as the determined sequence number of the variable field in the key value pair to obtain the variable field arranged according to the determined sequence number and the key field corresponding to the variable field.
The mapping relation between the determined sequence number and the appointed sequence number is recorded in the mapping relation table, the determined sequence number corresponding to the appointed sequence number of the key-value pair can be obtained through table look-up according to the appointed sequence number of the key-value pair, and the determined sequence number of the key-value pair is the determined sequence number of the variable field.
In this embodiment of the present invention, the performing inverse desensitization processing on the variable field to obtain a literal value of a member variable further includes:
and taking the variable field as a comparison value, determining a value corresponding to the comparison value by utilizing a pre-established comparison relation table, and taking the value as a literal value of the member variable.
The comparison relation among the multiple groups of values is recorded in the comparison relation table, and the values corresponding to the variable fields can be determined through table lookup, so that the literal values of the member variables can be obtained.
The variable type of the member variable can be further determined according to the literal value of the member variable, for example, the literal value of the member variable and the corresponding variable type can be recorded by using a preset table, and the variable type of the member variable is determined by looking up the table; it is also possible to directly cross reference to the initial key structure because the literal value and variable type of the member variable in the initial key structure are determined, and the variable type can be determined by cross-referencing the literal value of the member variable to the initial key structure.
Referring to fig. 8, the inversely converting the corresponding key field according to the variable type of the member variable to obtain the variable value corresponding to the member variable further includes:
s300: if the variable type of the member variable is a basic data type, reversely converting the corresponding key field by using a deserializing library function to obtain a corresponding variable value;
s310: and if the variable type of the member variable is a pointer type, reversely converting the corresponding key field by using an deserializing library function to obtain the variable value stored in the memory area pointed by the pointer.
The key fields can be reversely converted by utilizing the deserializing library function to obtain corresponding variable values, and the variable values are written into the initial key structure body, so that the key structure body can be obtained.
In this embodiment of the present invention, the obtaining all key-value pairs sorted according to the specified sequence number further includes:
selecting a set number of servers from a plurality of servers;
taking a set from the selected servers; wherein any two obtained sets are different, any set comprises at least one key value pair ordered according to a specified sequence number, and all the obtained sets comprise all the key value pairs ordered according to the specified sequence number in total;
a plurality of sets are processed in parallel by S110 to S140 in the above-described key deserialization method.
Wherein the plurality of servers includes a master server and a plurality of slave servers;
the selecting a set number of servers from the plurality of servers further comprises:
a set number of servers are selected from a plurality of slave servers.
The main server only writes and does not read, reading is only carried out in the slave servers, when a set number of slave servers are selected, the slave servers can be selected according to the idle degree, and the slave servers which are idle are selected. Reading a set from each slave server, wherein each set comprises at least one key-value pair, and the key-value pairs formed in all the sets are all the key-value pairs. When a plurality of sets are processed, a parallel processing method is adopted, so that the processing speed can be increased, and the processing efficiency can be improved.
Of course, before the set is read from the server, the integrity of the data may be verified by a check value, a Cyclic Redundancy Check (CRC) algorithm is generally used to calculate the check value for verifying the correctness and integrity during the data transmission and storage process, if the calculated check value after reading is inconsistent with the stored check value, it represents that the key value pair or the check value in the set is wrong, and the set is discarded and re-read from other servers.
The embodiment of the present invention further provides a key serialization apparatus, as described in the following embodiments. Because the principle of solving the problem of the device is similar to a key serialization method, the implementation of the device can refer to the implementation of the method, and repeated parts are not described again.
Referring to fig. 9, an apparatus for serializing a key includes:
a structure generation module 10, configured to generate a key structure according to a key structure model, where the key structure includes a plurality of member variables arranged according to a determined sequence number;
a variable value generation module 11, configured to generate variable values corresponding to a plurality of member variables by using a random number generator;
a key field generation module 12, configured to perform type conversion on a variable value corresponding to the member variable according to the variable type of the member variable, to obtain a key field corresponding to the member variable;
a variable field generation module 13, configured to perform desensitization processing on a literal value of a member variable to obtain a variable field, where the literal value of the member variable is used to represent a variable type of the member variable;
an obfuscation processing module 14, configured to obfuscate any variable field and a key field corresponding to the variable field to obtain a key-value pair with a specified sequence number, where a key corresponds to the variable field and a value corresponds to the key field;
and the generating module 15 is configured to sequence all key value pairs according to the specified sequence number to obtain the serialized key.
The embodiment of the present invention further provides a key deserializing device, as described in the following embodiments. Because the principle of solving the problem of the device is similar to a key deserialization method, the implementation of the device can be referred to the implementation of the method, and repeated details are not repeated.
Referring to fig. 10, an apparatus for deserializing a key includes:
a structure generating module 20, configured to generate an initial key structure according to the key structure model;
a key-value pair generating module 21, configured to obtain all key-value pairs ordered according to a specified sequence number, where a key corresponds to a variable field and a value corresponds to a key field;
the anti-confusion module 22 is configured to perform anti-confusion processing on any key-value pair according to the assigned sequence number of the key-value pair to obtain variable fields arranged according to the determined sequence number and key fields corresponding to the variable fields;
the anti-desensitization module 23 is configured to perform anti-desensitization processing on the variable field to obtain a literal value of a member variable;
a type determining module 24, configured to determine a variable type of the member variable according to the literal value of the member variable;
the inverse conversion module 25 is configured to perform inverse conversion on the corresponding key field according to the variable type of the member variable to obtain a variable value corresponding to the member variable;
and a key generation module 26, configured to obtain a key structure according to the variable value corresponding to the member variable and the initial key structure.
The embodiment of the present invention further provides a computer device, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor, and the processor implements the method when executing the computer program.
Referring to FIG. 11, the method described above is shown as operating on a computer device 1102. Computer device 1102 may include one or more processors 1104, such as one or more Central Processing Units (CPUs) or Graphics Processors (GPUs), each of which may implement one or more hardware threads. The computer device 1102 may also include any memory 1106 for storing any kind of information, such as code, settings, data, etc., and in a particular embodiment a computer program that is run on the memory 1106 and on the processor 1104, which computer program, when executed by the processor 1104, may perform instructions according to the above-described method. For example, and without limitation, memory 1106 may include any one or more of the following in combination: any type of RAM, any type of ROM, flash memory devices, hard disks, optical disks, etc. More generally, any memory may use any technology to store information. Further, any memory may provide volatile or non-volatile retention of information. Further, any memory may represent fixed or removable components of computer device 1102. In one case, when the processor 1104 executes the associated instructions, which are stored in any memory or combination of memories, the computer device 1102 can perform any of the operations of the associated instructions. The computer device 1102 also includes one or more drive mechanisms 1108, such as a hard disk drive mechanism, an optical disk drive mechanism, etc., for interacting with any memory.
Computer device 1102 can also include input/output module 1110 (I/O) for receiving various inputs (via input device 1112) and for providing various outputs (via output device 1114). One particular output mechanism may include a presentation device 1116 and an associated graphical user interface 1118 (GUI). In other embodiments, input/output module 1110 (I/O), input device 1112, and output device 1114 may also be excluded, as only one computer device in a network. Computer device 1102 can also include one or more network interfaces 1120 for exchanging data with other devices via one or more communication links 1122. One or more communication buses 1124 couple the above-described components together.
Communication link 1122 may be implemented in any manner, e.g., via a local area network, a wide area network (e.g., the Internet), a point-to-point connection, etc., or any combination thereof. Communications link 1122 may include any combination of hardwired links, wireless links, routers, gateway functions, name servers, etc., governed by any protocol or combination of protocols.
An embodiment of the present invention further provides a computer-readable storage medium, in which a computer program is stored, and the computer program, when executed by a processor, implements the above method.
An embodiment of the present invention further provides a computer program product, where the computer program product includes a computer program, and when the computer program is executed by a processor, the computer program implements the method described above.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
To clearly illustrate this interchangeability of hardware and software, various illustrative components and steps have been described above generally in terms of their functionality. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the technical solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present disclosure.
It can be clearly understood by those skilled in the art that, for convenience and simplicity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
The present invention has been described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In the several embodiments provided herein, it should be understood that the disclosed system, apparatus, and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may also be an electric, mechanical or other form of connection.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one position, or may be distributed on multiple network units. Some or all of the units can be selected according to actual needs to achieve the purposes of the embodiments herein.
In addition, functional units in the embodiments herein may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit may be implemented in the form of hardware, or may also be implemented in the form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium.
The above-mentioned embodiments are provided to further explain the objects, technical solutions and advantages of the present invention in detail, and it should be understood that the above-mentioned embodiments are only examples of the present invention and should not be used to limit the scope of the present invention, and any modifications, equivalents, improvements and the like made within the spirit and principle of the present invention should be included in the scope of the present invention.

Claims (17)

1. A method for serializing a key, comprising:
generating a key structure body according to the key structure body model, wherein the key structure body comprises a plurality of member variables arranged according to a determined sequence number;
generating variable values corresponding to a plurality of member variables by using a random number generator;
according to the variable type of the member variable, performing corresponding type conversion on the variable value corresponding to the member variable to obtain a key field corresponding to the member variable;
desensitizing the literal values of the member variables to obtain variable fields, wherein the literal values of the member variables are used for representing the variable types of the member variables;
obfuscating any variable field and a key field corresponding to the variable field to obtain a key-value pair with a specified sequence number, wherein the key corresponds to the variable field, and the value corresponds to the key field;
and sequencing all key value pairs according to the specified sequence number to obtain the serialized key.
2. The method of claim 1, wherein the converting variable values corresponding to the member variables into corresponding types according to the variable types of the member variables to obtain the key fields corresponding to the member variables further comprises:
if the variable type of the member variable is the basic data type, converting the variable value corresponding to the member variable into a character string by using a serialized library function, and taking the character string as a key field corresponding to the member variable;
if the variable type of the member variable is a pointer type, determining and reading data of a memory area pointed by a pointer according to a variable value corresponding to the member variable, converting the data into a character string by using a serialized library function, and taking the character string as a key field corresponding to the member variable.
3. The method for serializing cryptographic keys as in claim 1, wherein said desensitizing the literal values of the member variables to obtain variable fields further comprises:
and determining a contrast value corresponding to the literal value of the member variable by using a pre-established contrast relation table, and taking the contrast value as a variable field.
4. The method of claim 1, wherein obfuscating any variable field and the key field corresponding to the variable field to obtain a key-value pair with a specific sequence number, wherein the key corresponds to the variable field, and the value corresponds to the key field further comprises:
taking any variable field and a key field corresponding to the variable field as a key value pair;
taking the determined serial number of the member variable corresponding to the variable field when the member variable is arranged according to the determined serial number as the determined serial number of the key-value pair;
and determining the assigned serial number corresponding to the key value pair according to the determined serial number of the key value pair and a mapping relation table established in advance.
5. The method for serializing cryptographic keys as in claim 1, wherein said step of ordering all key-value pairs according to the assigned sequence numbers to obtain the serialized cryptographic keys further comprises:
dividing all key value pairs sequenced according to the specified sequence number to form a set with a set number;
all sets are stored into multiple servers, where each server stores all sets to ensure load balancing.
6. The method for serializing cryptographic keys as in claim 5, wherein said plurality of servers comprises a master server and a plurality of slave servers;
the storing all sets into a plurality of servers further comprises:
writing all the sets into a main server;
and the master server issues all the sets to the plurality of slave servers, and stores all the sets in the plurality of slave servers.
7. A method for deserializing a key, comprising:
generating an initial key structure body according to the key structure body model;
acquiring all key value pairs ordered according to the appointed sequence number, wherein a key corresponds to a variable field, and a value corresponds to a key field;
s110: performing anti-confusion processing on any key value pair according to the assigned serial number of the key value pair to obtain variable fields arranged according to the determined serial number and key fields corresponding to the variable fields;
s120: carrying out inverse desensitization processing on the variable field to obtain a literal value of a member variable;
s130: determining the variable type of the member variable according to the literal value of the member variable;
s140: according to the variable type of the member variable, performing inverse conversion on the corresponding key field to obtain a variable value corresponding to the member variable;
and obtaining a key structure body according to the variable value corresponding to the member variable and the initial key structure body.
8. The method of deserializing keys according to claim 7, wherein the de-obfuscating any key-value pair according to its assigned sequence number to obtain a variable field arranged according to a determined sequence number and a key field corresponding to the variable field further comprises:
determining a determined sequence number corresponding to any key-value pair according to the assigned sequence number of the key-value pair and a pre-established mapping relation table;
and taking the determined sequence number as the determined sequence number of the variable field in the key value pair to obtain the variable field arranged according to the determined sequence number and the key field corresponding to the variable field.
9. The method for deserializing a secret key according to claim 7, wherein the performing an inverse desensitization process on the variable field to obtain a literal value of a member variable further comprises:
and taking the variable field as a comparison value, determining a value corresponding to the comparison value by utilizing a pre-established comparison relation table, and taking the value as a literal value of the member variable.
10. The method of claim 7, wherein the step of performing inverse transformation on the corresponding key field according to the variable type of the member variable to obtain the variable value corresponding to the member variable further comprises:
if the variable type of the member variable is the basic data type, reversely converting the corresponding key field by using an deserializing library function to obtain a corresponding variable value;
and if the variable type of the member variable is a pointer type, reversely converting the corresponding key field by using an deserializing library function to obtain the variable value stored in the memory area pointed by the pointer.
11. The method of deserializing a key of claim 7, wherein the obtaining all key-value pairs ordered by a specified sequence number further comprises:
selecting a set number of servers from a plurality of servers;
taking a set from the selected servers; any two obtained sets are different, any set comprises at least one key value pair sorted according to the appointed sequence number, and all the obtained sets comprise all the key value pairs sorted according to the appointed sequence number in total.
12. The method of deserializing a key of claim 11, wherein the plurality of servers comprises a master server and a plurality of slave servers;
the selecting a set number of servers from the plurality of servers further comprises:
a set number of servers are selected from a plurality of slave servers.
13. An apparatus for serializing a key, comprising:
the structure body generation module is used for generating a key structure body according to the key structure body model, wherein the key structure body comprises a plurality of member variables arranged according to the determined sequence number;
the variable value generation module is used for generating variable values corresponding to the plurality of member variables by utilizing a random number generator;
the key field generation module is used for performing corresponding type conversion on a variable value corresponding to the member variable according to the variable type of the member variable to obtain a key field corresponding to the member variable;
the variable field generation module is used for carrying out desensitization processing on the literal values of the member variables to obtain variable fields, wherein the literal values of the member variables are used for representing the variable types of the member variables;
the confusion processing module is used for carrying out confusion processing on any variable field and the key field corresponding to the variable field to obtain a key value pair with a specified sequence number, wherein the key corresponds to the variable field, and the value corresponds to the key field;
and the generating module is used for sequencing all key value pairs according to the specified sequence number to obtain the serialized key.
14. An apparatus for deserializing a key, comprising:
the structure body generation module is used for generating an initial key structure body according to the key structure body model;
the key-value pair generating module is used for acquiring all key-value pairs which are sequenced according to the appointed sequence numbers, wherein the key corresponds to a variable field, and the value corresponds to a key field;
the anti-confusion module is used for carrying out anti-confusion processing on any key value pair according to the appointed sequence number of the key value pair to obtain a variable field arranged according to the confirmed sequence number and a key field corresponding to the variable field;
the anti-desensitization module is used for carrying out anti-desensitization treatment on the variable field to obtain a literal value of a member variable;
the type determining module is used for determining the variable type of the member variable according to the literal value of the member variable;
the reverse conversion module is used for performing reverse conversion on the corresponding key field according to the variable type of the member variable to obtain a variable value corresponding to the member variable;
and the key generation module is used for obtaining a key structure body according to the variable value corresponding to the member variable and the initial key structure body.
15. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the method of any one of claims 1 to 12 when executing the computer program.
16. A computer-readable storage medium, characterized in that the computer-readable storage medium stores a computer program which, when executed by a processor, implements the method of any of claims 1 to 12.
17. A computer program product, characterized in that the computer program product comprises a computer program which, when being executed by a processor, carries out the method of any one of claims 1 to 12.
CN202211093781.4A 2022-09-08 2022-09-08 Serialization method, deserialization method and deserialization device of secret key Pending CN115622691A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211093781.4A CN115622691A (en) 2022-09-08 2022-09-08 Serialization method, deserialization method and deserialization device of secret key

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211093781.4A CN115622691A (en) 2022-09-08 2022-09-08 Serialization method, deserialization method and deserialization device of secret key

Publications (1)

Publication Number Publication Date
CN115622691A true CN115622691A (en) 2023-01-17

Family

ID=84859025

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211093781.4A Pending CN115622691A (en) 2022-09-08 2022-09-08 Serialization method, deserialization method and deserialization device of secret key

Country Status (1)

Country Link
CN (1) CN115622691A (en)

Similar Documents

Publication Publication Date Title
CN107819569B (en) The encryption method and terminal device of log-on message
EP2701337B1 (en) Secret sharing method and system
CN110262773B (en) Computer data processing method and device
CN100394348C (en) Instructions to assist the processing of a cipher message
CN104255011B (en) Cloud computing secure data stores
CN103049710B (en) Field-programmable gate array (FPGA) chip for SM2 digital signature verification algorithm
CN116527235A (en) Data encryption method and device based on key rotation and electronic equipment
CN116318660B (en) Message expansion and compression method and related device
CN115622691A (en) Serialization method, deserialization method and deserialization device of secret key
CN105556583B (en) Information processing unit, program and recording medium
US8510359B2 (en) Pseudo-random number generation device, pseudo-random number generation program, and medium containing pseudo-random number generation program
JP4863279B2 (en) Memory system and memory access method
Joux A Tutorial on High Performance Computing Applied to Cryptanalysis: (Invited Talk Abstract)
CN114614973A (en) Method, device, equipment and storage medium for obtaining packet cipher discriminator
CN109245884B (en) Data communication method and device of wind generating set
CN103198258B (en) The method of compound system and transmission data
JP4122856B2 (en) Probabilistic simultaneous order inspection method and order inspection program for multiple elements
CN110100409B (en) Method and apparatus for generating secure hash values
CN112241542A (en) Material manufacturing data encryption method and system
CN112487448B (en) Encryption information processing device, method and computer equipment
JP5713828B2 (en) Information processing apparatus, information processing method, and program
CN116484443B (en) Trusted security storage method and device based on hong Monte-go system
CN115879557B (en) Quantum circuit-based data size comparison method and device and quantum computer
WO2024140141A1 (en) Doubled-point quantum computing method in elliptic curve, generic-point-addition quantum computing method in elliptic curve, and decryption method
Chang et al. Binary de Bruijn Sequences via Zech’s Logarithms

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination