CN115664858A - Authentication data encryption and decryption system for network security - Google Patents

Authentication data encryption and decryption system for network security Download PDF

Info

Publication number
CN115664858A
CN115664858A CN202211671762.5A CN202211671762A CN115664858A CN 115664858 A CN115664858 A CN 115664858A CN 202211671762 A CN202211671762 A CN 202211671762A CN 115664858 A CN115664858 A CN 115664858A
Authority
CN
China
Prior art keywords
sequence
square matrix
authentication
authentication data
level
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202211671762.5A
Other languages
Chinese (zh)
Other versions
CN115664858B (en
Inventor
蔡斌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Li Zhuang Information Technology Suzhou Co ltd
Original Assignee
Li Zhuang Information Technology Suzhou Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Li Zhuang Information Technology Suzhou Co ltd filed Critical Li Zhuang Information Technology Suzhou Co ltd
Priority to CN202211671762.5A priority Critical patent/CN115664858B/en
Publication of CN115664858A publication Critical patent/CN115664858A/en
Application granted granted Critical
Publication of CN115664858B publication Critical patent/CN115664858B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

The invention relates to the technical field of verifying user identity based on authentication data encryption, in particular to an authentication data encryption and decryption system for network security, which comprises: the authentication system comprises an authentication data acquisition module, a verification information embedding module, a key storage module, an encryption module, an authentication data sending module and an authentication data verification module, wherein a verification information sequence is embedded into an authentication data sequence according to a position sequence to obtain an authentication square matrix, and a ciphertext square matrix of the authentication square matrix is obtained according to a grade square matrix of a key; and the authentication server decrypts the ciphertext matrix according to the basic key to obtain a security verification sequence and an identity authentication sequence, and verifies the network security and the user identity authenticity according to the security verification sequence and the identity authentication sequence. The invention ensures the security of user authentication data by embedding the verification information sequence and encrypting, and decrypts the received ciphertext matrix to realize the verification of network security and user identity authenticity.

Description

Authentication data encryption and decryption system for network security
Technical Field
The invention relates to the technical field of user identity verification based on authentication data encryption, in particular to an authentication data encryption and decryption system for network security.
Background
The existing network security authentication and authorization system generally verifies the validity of the user identity through an authentication system, and the user identity authentication and login authorization are completed in an external network environment, so that the user identity authentication and login authorization are easily attacked maliciously in the external network environment, the user authentication data is tampered and even leaked, the identity information of the user is further leaked, and the accuracy of a verification result cannot be ensured.
In order to ensure the security of the identity information of the user and the accuracy of the verification result, the security of the network environment where the user is located and the authenticity of the identity of the user need to be verified; therefore, an authentication server in an authentication data encryption and decryption system for network security is required to be able to verify the security of the network environment where the user is located and the authenticity of the user identity by receiving authentication data from the user terminal.
Based on the authentication data encryption and decryption system, the security of the network environment where the user is located is verified through the verification information embedded in the authentication data, the security of the user identity information is ensured through encryption of the authentication data, and the accuracy of verification of the authenticity of the user identity is further ensured.
Disclosure of Invention
In order to solve the above problems, the present invention provides an authentication data encryption and decryption system for network security, the system comprising:
the authentication data acquisition module is used for acquiring an authentication data sequence of a user when the user logs in at a user terminal and recording the length of the authentication data sequence as a first length;
the verification information acquisition module is used for constructing and storing a verification information sequence and a position sequence;
the verification information embedding module is used for translating the verification information sequence according to the position in the position sequence to obtain a vacancy, filling corresponding verification information in the verification information sequence into the vacancy to obtain a new verification information sequence, dividing the new verification information sequence into a plurality of verification information subsequences, and obtaining an authentication square matrix according to the plurality of verification information subsequences;
the key storage module is used for constructing and storing a basic key;
the encryption module encrypts the authentication square matrix according to the basic key to obtain a ciphertext square matrix, and comprises: taking any element in the authentication matrix as an element object, recording an element with a sequence number equal to the sequence number minus 1 in the authentication matrix as a front element of the element object, obtaining an authentication data subsequence corresponding to the front element of the element object, dividing the authentication data subsequence into two binary numbers, and obtaining a row translation amount and a column translation amount of the element object according to the two binary numbers; translating the basic key according to the row translation amount and the column offset of the element object, and taking a square matrix obtained after translation as a key of the element object; dividing the key of the element object into a plurality of grades of square matrixes, and marking the grade square matrix of each grade; obtaining ciphertext elements of the element objects according to the hierarchical square matrix of the multiple levels of the element objects; a square matrix formed by ciphertext elements of all elements in the authentication square matrix is marked as a ciphertext square matrix;
the authentication data sending module sends a ciphertext square matrix to the authentication server through the user terminal;
and the authentication data verification module receives the ciphertext square matrix, decrypts the ciphertext square matrix according to the basic key to obtain a security verification sequence and an identity authentication sequence, and verifies the network security and the user identity authenticity according to the security verification sequence and the identity authentication sequence.
Preferably, the constructing of the verification information sequence and the position sequence includes the following specific steps:
constructing a fixed-length sequence with the length of K, wherein the sequence consists of 0 and 1, the frequency of 0 and 1 in the sequence is equal, and K =
Figure 595263DEST_PATH_IMAGE001
Figure 100194DEST_PATH_IMAGE002
Indicating rounding down, L indicates a first length; randomly selecting a fixed-length sequence from all fixed-length sequences meeting the conditions as an authentication information sequence, and storing the authentication information sequence in an authentication information storage module;
randomly selecting non-repeating K integers from all integers between [1, K + L ], and arranging the K integers from small to large to obtain a position sequence.
Preferably, the obtaining the authentication matrix according to the plurality of verification information subsequences includes the following specific steps:
converting each authentication data subsequence into decimal numbers, and recording a square array with the size of N multiplied by N formed by all the decimal numbers according to the sequence of the prior decimal numbers as an authentication square array, wherein,
Figure 460768DEST_PATH_IMAGE003
Figure 316728DEST_PATH_IMAGE002
indicating a rounding down and L indicates the first length.
Preferably, the constructing the basic key includes the following specific steps:
constructing a square matrix with the size of 16 multiplied by 16, randomly filling integers between 0 and 255 in the square matrix, and enabling each integer to appear in the square matrix only once; one square matrix is randomly selected from all the square matrices satisfying the condition as a basic key.
Preferably, the dividing of the key of the element object into a hierarchical matrix of a plurality of levels includes the following specific steps:
dividing the key of the element object into 4 square matrixes with the size of 8 multiplied by 8, and recording each square matrix with the size of 8 multiplied by 8 as a first-level square matrix; dividing each first-level square matrix into 4 square matrices with the size of 4 multiplied by 4, and marking each square matrix with the size of 4 multiplied by 4 as a second-level square matrix; dividing each second-level square matrix into 4 square matrices with the size of 2 x 2, and recording each square matrix with the size of 2 x 2 as a third-level square matrix; dividing each third-level square matrix into 4 square matrices with the size of 1 × 1, and recording each square matrix with the size of 1 × 1 as a fourth-level square matrix; to this end, the keys of the element objects are divided into 4 levels of square matrices, and 1 level of each level contains 4 levels of square matrices of the next level.
Preferably, the step of marking the rank square matrix of each rank comprises the following specific steps:
for the next level 4 level squares included in the 1 level squares of each level, the next level 4 level squares are labeled as 00, 01, 10, and 11, respectively, in the clockwise direction.
Preferably, the obtaining of the ciphertext element of the element object according to the hierarchical square matrix of multiple levels of the element object includes the following specific steps:
obtaining corresponding authentication data subsequence of element object in authentication data sequence, dividing the authentication data subsequence into 4 binary numbers with length of 2, and respectively recording the binary numbers as
Figure 155371DEST_PATH_IMAGE004
(ii) a Obtaining a tag in a key of an element object equal to
Figure 780388DEST_PATH_IMAGE005
The first-level square matrix A1 is obtained, the first-level square matrix A1 comprises 4 second-level square matrixes with the marks equal to
Figure 311863DEST_PATH_IMAGE006
Obtaining a second hierarchical square matrix A2 comprising 4 third hierarchical square matrices marked with a number equal to
Figure 389541DEST_PATH_IMAGE007
Obtaining a third-level square matrix A3, the third-level square matrix A3 comprising 4 fourth-level square matrices with the marks equal to
Figure 31875DEST_PATH_IMAGE008
The fourth-level square matrix A4, the elements in the obtained fourth-level square matrix A4 are used as ciphertext elements of the element object.
Preferably, the verifying the network security and the user identity authenticity according to the security verification sequence and the identity authentication sequence includes the following specific steps:
calculating the Hamming distance between the security verification sequence and the verification information sequence: if the Hamming distance is larger than 0.9K, the network environment where the user is located is safe; otherwise, the network environment where the user is located is unsafe, the user is required to check the network environment, and after potential safety hazards are eliminated, login operation is carried out again on the user terminal, wherein K represents the length of the verification information sequence;
when the network environment where the user is located is safe, user identity authenticity verification needs to be performed, specifically: converting the identity authentication sequence into authentication data, judging whether user data with the same authentication data exist in a user database, and if so, passing the identity authentication of the user and successfully logging in the user terminal; otherwise, sending alarm information to a user terminal where the user is located, locking the account of the user for 24 hours after sending the alarm information to the user for three times, wherein the user cannot log in during the account locking period.
The embodiment of the invention at least has the following beneficial effects:
1. according to the method, the verification information sequence is embedded into the authentication data sequence at the user terminal according to the position sequence, the safety verification sequence is extracted from the received ciphertext square matrix at the authentication data verification module according to the position sequence, and the safety of the network environment where the user is located is verified according to the Hamming distance between the safety verification sequence and the verification information sequence.
2. The method divides the key of the element object into the hierarchical matrixes with various grades, encrypts the element object through the hierarchical matrixes with various grades, wherein the key of the element object is obtained by translating the basic key according to the authentication data subsequence corresponding to the front element of the element object, so that the corresponding keys are possibly different even if the same element object exists, and the encrypted ciphertext elements are different, therefore, the encryption method can ensure that the finally obtained ciphertext matrixes are completely different in statistical property and the statistical property of the authentication matrixes, and ensure that the authentication matrixes can resist the statistical analysis attack in the transmission process; for any ciphertext element of the ciphertext square matrix, an attacker needs to obtain a key of the ciphertext element first when the attacker wants to crack the ciphertext element, the key is obtained by translating a basic key based on a front element of the ciphertext element, and the key space of the basic key is large enough, so that the encryption method can resist brute force cracking attack in the transmission process; meanwhile, the front element of the ciphertext element is the decryption result of the previous ciphertext element, that is, when an attacker tries to decrypt the ciphertext square matrix forcibly, the previous ciphertext element needs to be decrypted first, and the final decryption result can be indiscriminately changed due to slight change caused by wrong decryption result of any ciphertext element when the attacker forcedly decrypts the ciphertext square matrix, so that the ciphertext square matrix obtained by the encryption method has a strong avalanche effect; in conclusion, the encryption method can well resist statistical analysis attacks and brute force cracking attacks in the transmission process, and meanwhile has a strong avalanche effect, so that the security of authentication data in the transmission process is high, the security of user identity information is guaranteed, and the accuracy of verifying the authenticity of the user identity is further guaranteed.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions and advantages of the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and other drawings can be obtained by those skilled in the art without creative efforts.
Fig. 1 is a system block diagram of an authentication data encryption and decryption system for network security according to an embodiment of the present invention;
FIG. 2 is a basic key provided by one embodiment of the present invention;
FIG. 3 is a block diagram of a matrix after translation of a basic key according to an embodiment of the present invention;
FIG. 4 is a key of an element object provided by one embodiment of the present invention;
FIG. 5 is a schematic diagram of dividing keys into different hierarchical matrices according to an embodiment of the present invention;
FIG. 6 is a schematic diagram of different levels of matrix marking provided by one embodiment of the present invention;
FIG. 7 is a hierarchical matrix of multiple levels of element objects provided by one embodiment of the present invention.
Detailed Description
To further illustrate the technical means and effects of the present invention for achieving the predetermined objects, the following detailed description of the authentication data encryption and decryption system for network security according to the present invention with reference to the accompanying drawings and preferred embodiments shows the following detailed descriptions of the specific implementation, structure, features and effects thereof. In the following description, the different references to "one embodiment" or "another embodiment" do not necessarily refer to the same embodiment. Furthermore, the particular features, structures, or characteristics may be combined in any suitable manner in one or more embodiments.
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs.
The following describes a specific scheme of the authentication data encryption and decryption system for network security in detail with reference to the accompanying drawings.
Referring to fig. 1, an authentication data encryption and decryption system for network security according to an embodiment of the present invention is shown, and the system includes the following modules:
the authentication data acquisition module is used for acquiring the authentication data sequence.
Specifically, the authentication data of the user when the user logs in at the user terminal is obtained, and the authentication data includes user login data, biometric data, user access right data and the like, wherein the user login data includes a user name, an account number, a password, a verification code and the like, and the biometric data includes iris information data, fingerprint information data, face feature data and the like.
And converting all the authentication data into binary data, recording a sequence formed by all the binary data as an authentication data sequence, and recording the length of the authentication data sequence as a first length L. For example, the authentication data of the text class is coded into binary data by using a GB2312 coding mode; and converting the gray value of each pixel point in the authentication data of the image class into 8-bit binary number.
For example, if the user name of the user is "three-fold", and the password is "a176", the authentication data sequence is "1101010111000101110010001110101100001001100010011011100110110", and the length of the authentication data sequence is 64.
The verification information acquisition module is used for constructing and storing a verification information sequence.
The method specifically comprises the following steps:
1. constructing a verification information sequence, specifically: constructing a fixed-length sequence with the length of K, wherein the sequence consists of 0 and 1, and the frequency of 0 and 1 in the sequence is equal, and K =
Figure 776977DEST_PATH_IMAGE001
And L represents a first length of the first layer,
Figure 213774DEST_PATH_IMAGE002
indicating a rounding down.
Randomly selecting a fixed-length sequence from all fixed-length sequences meeting the conditions as an authentication information sequence, and storing the authentication information sequence in an authentication information storage module.
2. Constructing a position sequence, specifically: randomly selecting K non-repeated integers from all integers between [1, K + L ], arranging the K integers from small to large to obtain a position sequence, and storing the position sequence in a verification information storage module.
For example, if the authentication data sequence has a length of L =64, the verification information sequence has a length of K =8, a verification information sequence of {0,1, 0} is constructed, and a position sequence of {7,23,40,51,57,60,64,70} is constructed.
And the verification information embedding module is used for embedding the verification information sequence into the authentication data sequence to obtain an authentication matrix.
The method comprises the following specific steps: sequentially embedding each piece of verification information in the verification information sequence into the authentication data sequence according to the sequence, specifically: for the ith verification information in the verification information sequence, acquiring the ith position in the position sequence
Figure 44327DEST_PATH_IMAGE009
Will authenticate the first in the data sequence
Figure 224773DEST_PATH_IMAGE010
All the authentication data after the authentication data are sequentially shifted backward by one bit to identify the first authentication data in the data sequence
Figure 824381DEST_PATH_IMAGE009
Leaving the position free, and filling the ith verification information into the second part of the authentication data sequence
Figure 697659DEST_PATH_IMAGE009
At each location.
For example, a sequence of authentication information {0,1, 0} is embedded in the sequence of authentication data according to the sequence of positions {7,23,40,51,57,60,64,70}, the authentication data sequence after embedding the verification information sequence is "110101001110001011100110001110111101100000110001100110011110001101010".
Dividing the authentication data sequence into authentication data subsequences of length 8, converting each authentication data subsequence into decimal numbers, and recording a square array of size N × N composed of all decimal numbers as an authentication square array, wherein,
Figure 749929DEST_PATH_IMAGE003
(ii) a One authentication data subsequence in the authentication data sequence corresponds to one element in the authentication matrix, and conversely, one element in the authentication matrix corresponds to one authentication data subsequence in the authentication data sequence.
For example, the authentication data sequence with length 72 after embedding the verification information sequence is divided into 9 authentication data subsequences with length 8, and each authentication data group sequence is converted into decimal numbers, which respectively are: 212,226,230,63,88,38,51,54,106, square matrix composed of all decimal numbers
Figure 734066DEST_PATH_IMAGE011
And recording as an authentication matrix.
It should be noted that, in this embodiment, the verification information sequence is embedded into the authentication data sequence at the user terminal according to the position sequence, and the security verification sequence is extracted from the received ciphertext square matrix at the authentication data verification module according to the position sequence, so as to implement the verification of the security of the network environment where the user is located according to the hamming distance between the security verification sequence and the verification information sequence.
The key storage module is used for constructing and storing a basic key.
Specifically, a square matrix of size 16 × 16 is constructed, integers between [0,255] are randomly filled in the square matrix, and each integer appears only once in the square matrix.
Randomly selecting one square matrix from all the square matrices meeting the conditions as a basic key, and storing the basic key in a key storage module, wherein the basic key sequentially comprises a1 st row to an Nth row from top to bottom and sequentially comprises a1 st column to an Nth column from left to right.
For example, a square matrix of size 16 × 16 shown in fig. 2 is the basic key provided in the present embodiment.
And the encryption module is used for encrypting the authentication square matrix according to the basic key to obtain a ciphertext square matrix.
It should be noted that, in this embodiment, the steps of encrypting each element in the authentication matrix are the same, so taking the element in the x-th row and the y-th column in the authentication matrix as an example, the element is denoted as an element object, and the specific steps of encrypting the element object are as follows:
1. the sequence number and the front element of the element object are obtained.
For an element object positioned on the x-th row and the y-th column in the authentication matrix, the serial number of the element object is h = (x-1) × N + y; the element with the sequence number h-1 in the authentication matrix is marked as the front element of the element object with the sequence number h, and the element with the sequence number 1 in the authentication matrix has no front element.
For example, if the element in the 3 rd row and 2 nd column in the authentication matrix is taken as the element object 54, the serial number h =8 of the element object, and the front element of the element object is the element 51 with the serial number 7 in the authentication matrix.
2. The row and column translation amounts of the element object are obtained from the front element of the element object.
Obtaining an authentication data subsequence corresponding to a front element of the element object in the authentication data sequence, dividing the authentication data subsequence into two binary numbers with the length of 4, respectively converting the two binary numbers into two decimal numbers a and b, taking a as a row translation amount of the element object, and taking b as a column translation amount of the element object.
For example, if the corresponding authentication data sub-sequence of the front element 51 of the element object in the authentication data sequence is 00110011, the row shift amount a =3 and the column shift amount b =3 of the element object.
3. And obtaining the key of the element object according to the row translation amount, the column translation amount and the basic key of the element object.
Firstly, the basic key is translated according to the translation amount of the element object, specifically: all elements from the line 1 to the line N-a in the basic key are translated downwards by the line a according to the line translation amount a, and all elements from the line N-a +1 to the line N in the basic key are translated upwards by the line N-a according to the subtraction of the line translation amount a from N; and then performing column translation on the square matrix obtained after the row translation according to the column translation amount of the element object, specifically: shifting all elements from the 1 st column to the N-b th column in the square array to the right by b columns according to the column shift amount b, and shifting all elements from the N-b +1 th column to the N column in the square array to the left by subtracting the column shift amount by N, namely shifting b to the N-b columns; and the square matrix obtained after the column translation is used as the key of the element object.
For example, for the basic key shown in fig. 2, first, the basic key is line-translated according to the line translation amount a =3 of the element object to obtain a line-translated square matrix as shown in fig. 3, and then, the line-translated square matrix of fig. 3 is line-translated according to the column translation amount b =3 of the element object to obtain a line-translated square matrix as shown in fig. 4, and the square matrix shown in fig. 4 is used as the key of the element object.
4. And dividing the keys of the element objects into a plurality of grades of square matrixes, and marking the square matrixes of each grade of the square matrixes.
Dividing the key into 4 square matrixes with the size of 8 multiplied by 8, and recording each square matrix with the size of 8 multiplied by 8 as a first-level square matrix; dividing each first-level square array into 4 square arrays with the size of 4 multiplied by 4, and marking each square array with the size of 4 multiplied by 4 as a second-level square array; dividing each second-level square matrix into 4 square matrices with the size of 2 multiplied by 2, and marking each square matrix with the size of 2 multiplied by 2 as a third-level square matrix; dividing each third-level square matrix into 4 square matrices with the size of 1 × 1, and recording each square matrix with the size of 1 × 1 as a fourth-level square matrix; the keys of the element objects are divided into a hierarchical matrix of 4 levels.
The 1-level square matrix for each level contains 4-level squares for the next level. For example, the key of the element object is divided into 4 first-level square matrices of a first level, and thus, the key of the element object contains 4 first-level square matrices of the first level; the 1 first-level square arrays of the first level are divided into 4 second-level square arrays of the second level, and thus, the 1 first-level square arrays of the first level include the 4 second-level square arrays of the second level. As shown in fig. 5, the keys of the element objects are divided into a plurality of different hierarchical squares.
The 1 rank square for each rank contains the 4 rank squares for the next rank, and the 4 rank squares for the next rank are labeled 00, 01, 10, 11, respectively.
As shown in fig. 6, the 4 first-level matrixes of the first level included in the key of the element object are respectively marked as 00, 01, 10 and 11; dividing a first-level square matrix marked with 01 in 4 first-level square matrixes of a first level into 4 second-level square matrixes of a second level, and respectively marking the 4 second-level square matrixes contained in the first-level square matrixes marked with 01 as 00, 01, 10 and 11; dividing a second-level square matrix marked with 01 in 4 second-level square matrixes of a second level into 4 third-level square matrixes, and marking 4 third-level square matrixes in the second-level square matrixes marked with 01 as 00, 01, 10 and 11 respectively; and dividing a third-level square matrix marked as 01 in the 4 second-level square matrixes of the second level into 4 fourth-level square matrixes, wherein the third-level square matrix marked as 01 comprises 4 fourth-level square matrixes marked as 00, 01, 10 and 11 respectively.
5. And obtaining the ciphertext elements of the element objects according to the hierarchical square matrix of the multiple levels of the element objects.
Obtaining corresponding authentication data subsequence of element object in authentication data sequence, dividing the authentication data subsequence into 4 binary numbers with length of 2, and respectively recording the binary numbers as
Figure 453760DEST_PATH_IMAGE004
(ii) a Obtaining a token equal to in a key of an element object
Figure 232360DEST_PATH_IMAGE005
The first-level square matrix A1 is obtained, the first-level square matrix A1 comprises 4 second-level square matrixes with the marks equal to
Figure 37505DEST_PATH_IMAGE006
Obtaining a second hierarchical square matrix A2 comprising 4 third hierarchical square matrices marked with a number equal to
Figure 559753DEST_PATH_IMAGE007
Obtaining a third-level square matrix A3, the third-level square matrix A3 comprises 4 fourth-level square matrices with the mark equal to
Figure 133954DEST_PATH_IMAGE008
The fourth-level square matrix A4 takes the obtained elements in the fourth-level square matrix A4 as ciphertext elements of the element object, where the ciphertext elements are the encryption result of the element object.
For example, for the element object 54, the corresponding authentication data subsequence of the element object in the authentication data sequence is obtained as 00111100, and the authentication data subsequence is divided into 4 binary numbers with the length of 2, which are respectively recorded as 4 binary numbers
Figure 83455DEST_PATH_IMAGE005
=00,
Figure 110317DEST_PATH_IMAGE006
=11,
Figure 436256DEST_PATH_IMAGE007
=11,
Figure 864964DEST_PATH_IMAGE008
=00, obtaining flags equal to those shown in fig. 7 from a hierarchical square matrix of a plurality of levels of an element object as shown in fig. 5, respectively
Figure 985366DEST_PATH_IMAGE012
Of the first order square matrix A1, marked equal to
Figure 765104DEST_PATH_IMAGE006
Of a second hierarchical square matrix A2, marked equal to
Figure 894734DEST_PATH_IMAGE007
And the third-level square matrix A3 and the label equals
Figure 912368DEST_PATH_IMAGE008
The fourth-level square matrix A4 has the element 35 of the fourth-level square matrix A4 as the ciphertext element of the element object.
6. And according to the steps 1-5, taking each element in the authentication square matrix as an element object, encrypting to obtain a ciphertext element of each element, and taking the square matrix formed by the ciphertext elements of all the elements as a ciphertext square matrix which is an encryption result of the authentication square matrix.
It should be noted that, in this embodiment, the key of the element object is divided into a hierarchical square matrix of multiple levels, and the element object is encrypted by the hierarchical square matrix of multiple levels, where the key of the element object is obtained by translating the basic key according to the authentication data subsequence corresponding to the front element of the element object, and therefore, even if the same element object is used, the corresponding keys may be different, and ciphertext elements obtained after encryption are different, and therefore, the encryption method of this embodiment can make the statistical properties of the finally obtained ciphertext square matrix and the statistical properties of the authentication square matrix completely different, and ensure that the authentication square matrix can resist statistical analysis attacks during transmission.
It should be further noted that, for any ciphertext element in the ciphertext matrix, an attacker needs to obtain a key of the ciphertext element first when the attacker wants to crack, and the key is obtained by translating a basic key based on a front element of the ciphertext element, and the key space of the basic key is large enough, so that the encryption method of the embodiment can resist brute force cracking attack in the transmission process; meanwhile, the front element of the ciphertext element, that is, the decryption result of the previous ciphertext element, that is, to decrypt the current ciphertext element, the previous ciphertext element needs to be decrypted first, and when all attackers forcedly decrypt the ciphertext square matrix, the indiscriminate change of the final decryption result is caused by the slight change caused by the wrong decryption result of any ciphertext element, so that the ciphertext square matrix obtained by the encryption method according to the embodiment has a strong avalanche effect.
In summary, the encryption method of the embodiment can well resist statistical analysis attacks and brute force cracking attacks in the transmission process, and meanwhile has a strong avalanche effect, so that the security of authentication data in the transmission process is high, the security of user identity information is guaranteed, and the accuracy of verifying the authenticity of the user identity is further guaranteed.
The authentication data sending module is used for sending the encryption result of the authentication data.
Specifically, the user sends an encryption result of authentication data representing user identity information, that is, a ciphertext matrix, to the authentication server through the user terminal.
And the authentication data verification module is used for receiving the encryption result of the authentication data, decrypting the ciphertext matrix according to the basic key and verifying the authenticity of the user identity and the network security.
It should be noted that, in this embodiment, when decrypting the encrypted result of the authentication data received by the authentication data receiving module, that is, the ciphertext square matrix, the steps of decrypting each ciphertext element in the ciphertext square matrix are the same, and when decrypting the ciphertext element, the decryption result of the front ciphertext element of the ciphertext element needs to be used, so that, when decrypting the ciphertext square matrix, the present invention needs to decrypt all the ciphertext elements from small to large according to the sequence numbers of all the ciphertext elements, taking the ciphertext element of the xth row and the yth column in the ciphertext square matrix as an example, the ciphertext element is marked as a ciphertext element object, and the specific steps of decrypting the ciphertext element object are as follows:
1. for ciphertext element objects positioned on the x-th row and the y-th column in the ciphertext square matrix, the sequence number of the ciphertext element object is h = (x-1) × N + y; and recording the ciphertext element with the sequence number h-1 in the ciphertext square matrix as the front ciphertext element of the ciphertext element object with the sequence number h, wherein the ciphertext element with the sequence number 1 in the ciphertext square matrix has no front ciphertext element. And taking the decryption result of the front ciphertext element of the ciphertext element object as the front element of the ciphertext element object. It should be noted that, in this embodiment, all ciphertext elements are decrypted in order from small to large sequence numbers, so when decrypting a ciphertext element object with a sequence number h, a decryption result of a front ciphertext element with a sequence number h-1 is already obtained.
2. Converting the front element of the ciphertext element object into an 8-bit binary number, dividing the 8-bit binary number into two binary numbers with the length of 4, respectively converting the two binary numbers into two decimal numbers, and respectively taking the two decimal numbers as the row translation amount and the column translation amount of the ciphertext element object.
3. Firstly, the basic key is translated in a row mode according to the row translation amount of the ciphertext element object, then the square matrix obtained after the translation in the row mode is translated in a column mode according to the column translation amount of the ciphertext element object, and finally the obtained square matrix is used as the key of the ciphertext element object.
4. The cipher key of the cipher text element object is divided into 4 levels of level matrixes, and the level matrixes of each level are marked by 00, 01, 10 and 11 respectively.
5. Converting the ciphertext element object into 8-bit binary number, dividing the 8-bit binary number into 4 binary numbers with the length of 2, and respectively marking as
Figure 734831DEST_PATH_IMAGE013
Obtaining the mark equal to in the key of the ciphertext element object
Figure 470706DEST_PATH_IMAGE014
Obtaining a first rank square B1 comprising 4 second rank squares with a sign equal to
Figure 138447DEST_PATH_IMAGE015
Obtaining a second-level square matrix B2, the second-level square matrix B2 comprises 4 third-level square matrices marked to be equal to
Figure 541747DEST_PATH_IMAGE016
Obtaining a third hierarchical square matrix B3 comprising 4 fourth hierarchical squares with a label equal to
Figure 269531DEST_PATH_IMAGE017
The fourth-level square matrix B4 takes the obtained elements in the fourth-level square matrix B4 as plaintext elements of the ciphertext element object, and the plaintext elements are decryption results of the ciphertext element object.
6. And according to the steps 1-5, sequentially taking each ciphertext element in the ciphertext square matrix as a ciphertext element object according to the sequence number from small to large, decrypting to obtain a plaintext element of each ciphertext element, taking the square matrix formed by the plaintext elements of all the ciphertext elements as a plaintext square matrix, and taking the plaintext square matrix as a decryption result of the ciphertext square matrix.
7. Converting all plaintext elements in a plaintext square matrix into 8-bit binary numbers, and arranging the 8-bit binary numbers after conversion of all the plaintext elements from left to right and from top to bottom to serve as an authentication information sequence; acquiring all authentication information corresponding to all positions in the authentication information sequence according to all positions in the position sequence, and recording a sequence formed by all the authentication information as a safety verification sequence; and recording a sequence consisting of all the remaining authentication information in the authentication information sequence as an identity authentication sequence.
8. Calculating the Hamming distance between the security verification sequence and the verification information sequence: if the Hamming distance is larger than 0.9K, the network environment where the user is located is safe; otherwise, the network environment where the user is located is unsafe, the user is required to check the network environment, and after the potential safety hazard is eliminated, login operation is carried out again on the user terminal, wherein K represents the length of the verification information sequence. When the network environment where the user is located is safe, user identity authenticity verification needs to be performed, which specifically comprises the following steps: converting the identity authentication sequence into authentication data, judging whether user data with the same authentication data exist in a user database, and if so, enabling the user to pass identity authentication and successfully log in; otherwise, sending alarm information to a user terminal where the user is located, locking the account of the user for 24 hours after sending the alarm information to the user for three times, wherein the user cannot log in during the account locking period.
In summary, the system of the present invention includes an authentication data acquisition module, a verification information embedding module, a key storage module, an encryption module, an authentication data transmission module, and an authentication data verification module; according to the method, the verification information sequence is embedded into the authentication data sequence at the user terminal according to the position sequence, the safety verification sequence is extracted from the received ciphertext square matrix at the authentication data verification module according to the position sequence, and the safety of the network environment where the user is located is verified according to the Hamming distance between the safety verification sequence and the verification information sequence. The encryption method divides the key of the element object into the hierarchical matrixes with various levels, and encrypts the element object through the hierarchical matrixes with various levels, wherein the key of the element object is obtained by translating the basic key according to the authentication data subsequence corresponding to the front element of the element object, so that even if the same element object exists, the corresponding keys are possibly different, and the encrypted ciphertext elements are different, therefore, the encryption method can ensure that the statistical property of the finally obtained ciphertext matrixes is completely different from the statistical property of the authentication matrixes, and the authentication matrixes can resist the statistical analysis attack in the transmission process; for any ciphertext element of the ciphertext matrix, an attacker needs to obtain a key of the ciphertext element first when the attacker wants to crack the ciphertext element, the key is obtained by translating a basic key based on a front element of the ciphertext element, and the key space of the basic key is large enough, so that the encryption method can resist brute force cracking attack in the transmission process; meanwhile, the front element of the ciphertext element is the decryption result of the previous ciphertext element, that is, when an attacker tries to decrypt the ciphertext square matrix forcibly, the previous ciphertext element needs to be decrypted first, and the final decryption result can be indiscriminately changed due to slight change caused by wrong decryption result of any ciphertext element when the attacker forcedly decrypts the ciphertext square matrix, so that the ciphertext square matrix obtained by the encryption method has a strong avalanche effect; in conclusion, the encryption method can well resist statistical analysis attacks and brute force cracking attacks in the transmission process, and meanwhile has a strong avalanche effect, so that the security of authentication data in the transmission process is high, the security of user identity information is guaranteed, and the accuracy of verifying the authenticity of the user identity is further guaranteed.
It should be noted that: the sequence of the above embodiments of the present invention is only for description, and does not represent the advantages or disadvantages of the embodiments. And specific embodiments thereof have been described above. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments.
The above embodiments are only used to illustrate the technical solutions of the present application, and not to limit the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; the modifications or substitutions do not make the essence of the corresponding technical solutions deviate from the technical solutions of the embodiments of the present application, and are included in the protection scope of the present application.

Claims (8)

1. An authentication data encryption and decryption system for network security, the system comprising:
the authentication data acquisition module is used for acquiring an authentication data sequence of a user when the user logs in at a user terminal and recording the length of the authentication data sequence as a first length;
the verification information acquisition module is used for constructing and storing a verification information sequence and a position sequence;
the verification information embedding module is used for translating the verification information sequence according to the position in the position sequence to obtain a vacancy, filling corresponding verification information in the verification information sequence into the vacancy to obtain a new verification information sequence, dividing the new verification information sequence into a plurality of verification information subsequences, and obtaining an authentication square matrix according to the plurality of verification information subsequences;
the key storage module is used for constructing and storing a basic key;
the encryption module encrypts the authentication matrix according to the basic key to obtain a ciphertext matrix, and comprises the following steps: taking any element in the authentication matrix as an element object, recording an element with a sequence number equal to the sequence number minus 1 in the authentication matrix as a front element of the element object, obtaining an authentication data subsequence corresponding to the front element of the element object, dividing the authentication data subsequence into two binary numbers, and obtaining a row translation amount and a column translation amount of the element object according to the two binary numbers; translating the basic key according to the row translation amount and the column offset of the element object, and taking a square matrix obtained after translation as a key of the element object; dividing the key of the element object into a plurality of grades of square matrixes, and marking the grade square matrixes of each grade; obtaining ciphertext elements of the element objects according to the hierarchical square matrix of the element objects in various levels; a square matrix formed by ciphertext elements of all elements in the authentication square matrix is marked as a ciphertext square matrix;
the authentication data sending module sends a ciphertext square matrix to the authentication server through the user terminal;
and the authentication data verification module receives the ciphertext square matrix, decrypts the ciphertext square matrix according to the basic key to obtain a security verification sequence and an identity authentication sequence, and verifies the network security and the user identity authenticity according to the security verification sequence and the identity authentication sequence.
2. The system for encrypting and decrypting the authentication data for network security according to claim 1, wherein the step of constructing the verification information sequence and the location sequence comprises the following steps:
constructing a fixed-length sequence with the length of K, wherein the sequence consists of 0 and 1, and the frequency of 0 and 1 in the sequence is equal, and K =
Figure DEST_PATH_IMAGE001
Figure DEST_PATH_IMAGE002
Indicating rounding down, L indicates a first length; randomly selecting a fixed-length sequence from all fixed-length sequences meeting the conditions as an authentication information sequence, and storing the authentication information sequence in an authentication information storage module;
randomly selecting non-repeating K integers from all integers between [1, K + L ], and arranging the K integers from small to large to obtain a position sequence.
3. The system for encrypting and decrypting the authentication data for network security according to claim 1, wherein the obtaining of the authentication matrix based on the plurality of sub-sequences of the verification information includes the following specific steps:
converting each authentication data subsequence into decimal numbers, and recording a square matrix with the size of N multiplied by N formed by all the decimal numbers according to the sequence of the antecedent and the postcedent as an authentication square matrix, wherein,
Figure DEST_PATH_IMAGE003
Figure 495831DEST_PATH_IMAGE002
indicating a rounding down and L indicates the first length.
4. The system for encrypting and decrypting the authentication data for network security according to claim 1, wherein the step of constructing the basic key comprises the following specific steps:
constructing a square matrix with the size of 16 multiplied by 16, randomly filling integers between 0 and 255 in the square matrix, and enabling each integer to appear in the square matrix only once; one square matrix is randomly selected from all the square matrices satisfying the condition as a basic key.
5. The system for encrypting and decrypting the authentication data for network security according to claim 1, wherein the dividing of the keys of the element objects into a hierarchical square matrix of a plurality of levels comprises the following specific steps:
dividing a key of an element object into 4 square matrixes with the size of 8 multiplied by 8, and recording each square matrix with the size of 8 multiplied by 8 as a first-level square matrix; dividing each first-level square matrix into 4 square matrices with the size of 4 multiplied by 4, and marking each square matrix with the size of 4 multiplied by 4 as a second-level square matrix; dividing each second-level square matrix into 4 square matrices with the size of 2 x 2, and recording each square matrix with the size of 2 x 2 as a third-level square matrix; dividing each third-level square matrix into 4 square matrices with the size of 1 × 1, and recording each square matrix with the size of 1 × 1 as a fourth-level square matrix; to this end, the keys of the element objects are divided into 4 levels of square matrices, and 1 level of each level contains 4 levels of square matrices of the next level.
6. The system for encrypting and decrypting the authentication data for network security according to claim 1, wherein the step of marking the square matrix of the levels of each level comprises the following specific steps:
for the next level 4 level squares included in the 1 level squares of each level, the next level 4 level squares are labeled as 00, 01, 10, and 11, respectively, in the clockwise direction.
7. The system for encrypting and decrypting the authentication data for network security according to claim 3, wherein the obtaining of the ciphertext element of the element object according to the hierarchical matrix of the plurality of levels of the element object comprises the following specific steps:
obtaining element pairsLike the corresponding authentication data sub-sequence in the authentication data sequence, the authentication data sub-sequence is divided into 4 binary numbers with a length of 2, which are respectively marked as
Figure DEST_PATH_IMAGE004
(ii) a Obtaining a tag in a key of an element object equal to
Figure DEST_PATH_IMAGE005
Obtaining a first hierarchical square matrix A1 comprising 4 second hierarchical square matrices marked with a number equal to
Figure DEST_PATH_IMAGE006
The second level square matrix A2 is obtained, the second level square matrix A2 contains 4 third level square matrixes with the marks equal to
Figure DEST_PATH_IMAGE007
Obtaining a third-level square matrix A3, the third-level square matrix A3 comprises 4 fourth-level square matrices with the mark equal to
Figure DEST_PATH_IMAGE008
The fourth-level square matrix A4, the elements in the obtained fourth-level square matrix A4 are used as ciphertext elements of the element object.
8. The system for encrypting and decrypting the authentication data for the network security according to claim 1, wherein the verification of the network security and the authenticity of the user identity according to the security verification sequence and the identity authentication sequence comprises the following specific steps:
calculating the Hamming distance between the security verification sequence and the verification information sequence: if the Hamming distance is greater than 0.9K, the network environment where the user is located is safe; otherwise, the network environment where the user is located is unsafe, the user is required to check the network environment, and after potential safety hazards are eliminated, login operation is carried out again on the user terminal, wherein K represents the length of the verification information sequence;
when the network environment where the user is located is safe, user identity authentication is required, which specifically includes: converting the identity authentication sequence into authentication data, judging whether user data with the same authentication data exist in a user database, and if so, passing the identity authentication of the user and successfully logging in the user terminal; otherwise, sending alarm information to a user terminal where the user is located, locking the account of the user for 24 hours after sending the alarm information to the user for three times, wherein the user cannot log in during the account locking period.
CN202211671762.5A 2022-12-26 2022-12-26 Authentication data encryption and decryption system for network security Active CN115664858B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211671762.5A CN115664858B (en) 2022-12-26 2022-12-26 Authentication data encryption and decryption system for network security

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211671762.5A CN115664858B (en) 2022-12-26 2022-12-26 Authentication data encryption and decryption system for network security

Publications (2)

Publication Number Publication Date
CN115664858A true CN115664858A (en) 2023-01-31
CN115664858B CN115664858B (en) 2023-03-28

Family

ID=85022775

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211671762.5A Active CN115664858B (en) 2022-12-26 2022-12-26 Authentication data encryption and decryption system for network security

Country Status (1)

Country Link
CN (1) CN115664858B (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115842682A (en) * 2023-02-17 2023-03-24 杭银消费金融股份有限公司 Authority risk analysis method and system for network protection
CN115865527A (en) * 2023-02-20 2023-03-28 深圳鼎智通讯有限公司 Anti-attack method and system for POS machine
CN115859366A (en) * 2023-02-06 2023-03-28 青岛新比特电子科技有限公司 Intelligent planning method of multi-source cloud computing cluster data based on urban brain
CN115859338A (en) * 2023-02-15 2023-03-28 毛茸茸(西安)智能科技有限公司 Chip data security protection method based on multi-stage key dynamic verification
CN116056073A (en) * 2023-03-31 2023-05-02 山东伟创达实业发展有限公司 Multipurpose medical instrument detection data processing system
CN116132977A (en) * 2023-04-19 2023-05-16 深圳锐爱电子有限公司 Mouse safety encryption authentication method

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CA1133086A (en) * 1978-09-07 1982-10-05 Anthony R. Walker Cipher system
CN101394268A (en) * 2008-09-12 2009-03-25 华南理工大学 Advanced ciphering system and method based on broad sense information field
CN106027475A (en) * 2016-01-21 2016-10-12 李明 Secret key obtaining method and identity card information transmission method and system
CN111628858A (en) * 2020-05-29 2020-09-04 厘壮信息科技(苏州)有限公司 Encryption and decryption system and encryption and decryption method of network security algorithm

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CA1133086A (en) * 1978-09-07 1982-10-05 Anthony R. Walker Cipher system
CN101394268A (en) * 2008-09-12 2009-03-25 华南理工大学 Advanced ciphering system and method based on broad sense information field
CN106027475A (en) * 2016-01-21 2016-10-12 李明 Secret key obtaining method and identity card information transmission method and system
CN111628858A (en) * 2020-05-29 2020-09-04 厘壮信息科技(苏州)有限公司 Encryption and decryption system and encryption and decryption method of network security algorithm

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115859366A (en) * 2023-02-06 2023-03-28 青岛新比特电子科技有限公司 Intelligent planning method of multi-source cloud computing cluster data based on urban brain
CN115859338A (en) * 2023-02-15 2023-03-28 毛茸茸(西安)智能科技有限公司 Chip data security protection method based on multi-stage key dynamic verification
CN115842682A (en) * 2023-02-17 2023-03-24 杭银消费金融股份有限公司 Authority risk analysis method and system for network protection
CN115865527A (en) * 2023-02-20 2023-03-28 深圳鼎智通讯有限公司 Anti-attack method and system for POS machine
CN115865527B (en) * 2023-02-20 2023-04-25 深圳鼎智通讯有限公司 Anti-attack method and system for POS machine
CN116056073A (en) * 2023-03-31 2023-05-02 山东伟创达实业发展有限公司 Multipurpose medical instrument detection data processing system
CN116056073B (en) * 2023-03-31 2023-06-27 山东伟创达实业发展有限公司 Multipurpose medical instrument detection data processing system
CN116132977A (en) * 2023-04-19 2023-05-16 深圳锐爱电子有限公司 Mouse safety encryption authentication method

Also Published As

Publication number Publication date
CN115664858B (en) 2023-03-28

Similar Documents

Publication Publication Date Title
CN115664858B (en) Authentication data encryption and decryption system for network security
Uludag et al. Fuzzy vault for fingerprints
EP2987267B1 (en) System and methods for encrypting data
KR101267109B1 (en) Cryptographic primitives, error coding, and pseudo-random number improvement methods using quasigroups
CN103778590B (en) Using digital picture storage and the method and apparatus of transmission information
CN116032474B (en) Safety protection system based on big data computer network
US20040101142A1 (en) Method and system for an integrated protection system of data distributed processing in computer networks and system for carrying out said method
US7017182B2 (en) Method of securely transmitting information
CN105825257A (en) Information hiding and hidden information extraction method based on two-dimensional barcode and information hiding and hidden information extraction system thereof
KR920704477A (en) Method and system for identity verification using legal certificate
US8297510B1 (en) Mathematical method of 2D barcode authentication and protection for embedded processing
CN110543778A (en) linear random encryption and decryption algorithm for character data
CN111882719A (en) Password anti-theft method and device based on dynamic password and intelligent lockset
Iftikhar et al. A survey on reversible watermarking techniques for relational databases
WO2009073144A2 (en) Bio-cryptography: secure cryptographic protocols with bipartite biotokens
Ziauddin et al. Robust iris verification for key management
CN116132977B (en) Mouse safety encryption authentication method
US20020017781A1 (en) Seat belt guide
CN115865527A (en) Anti-attack method and system for POS machine
Maji et al. A novel biometric template encryption scheme using sudoku puzzle
CN115842682B (en) Authority risk analysis method and system for network protection
RU2183051C2 (en) Process of formation of encryption/decryption key
US20060095764A1 (en) Method, system and computerized medium for making secure message transmission
Kamal Securing the smart card authentications process by embedment random number of data bits into each pixel
CN113162764B (en) Encrypted network handshake method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant