CN116756761B

CN116756761B - Method and device for encrypting data

Info

Publication number: CN116756761B
Application number: CN202311055055.8A
Authority: CN
Inventors: 于磊; 真华; 张晓峰; 邬建军; 尤星
Original assignee: Guangdong Southern Planning & Designing Institute Of Telecom Consultation Co ltd
Current assignee: Guangdong Southern Planning & Designing Institute Of Telecom Consultation Co ltd
Priority date: 2023-08-22
Filing date: 2023-08-22
Publication date: 2024-01-12
Anticipated expiration: 2043-08-22
Also published as: CN116756761A

Abstract

The invention discloses a method and a device for encrypting data, wherein the method comprises the following steps: determining data to be encrypted, and performing type analysis on the data to obtain a data type; determining a key grade according to the data type and the object parameters; generating a password parameter according to the key grade, the acquisition parameter, the data type and the object parameter; and analyzing and randomly optimizing the password parameters based on the ciphertext random optimization model to obtain a target password, and executing encryption operation on the data by using the target password based on the current time and place information and the encryption equipment identification information. Therefore, the invention can provide a plurality of encryption consideration parameters for obtaining the data encryption result of the target data, improves the diversity, comprehensiveness and pertinence of the encryption consideration parameters, and also improves the rationality, comprehensiveness and intellectualization of the data encryption mode, thereby improving the pertinence and the matching property of the target password, and further improving the safety and the stability of the data encryption result.

Description

Method and device for encrypting data

Technical Field

The present invention relates to the field of encryption technologies, and in particular, to a method and an apparatus for encrypting data.

Background

With the pace of informatization construction and popularization and generalization of network applications, electronic data transmission and storage demands are increasing. In the process of transmitting and storing electronic data, the conventional processing operation is performed by firstly encrypting the electronic data and then performing subsequent steps of transmitting and storing based on the encrypted electronic data.

Currently, the encryption processing method for electronic data mainly sets a password of the electronic data for related personnel and encrypts the electronic data based on the password set by personnel, or generates a series of keys according to some fixed contents and then directly stores the keys into the electronic data to complete the encryption of the electronic data. However, as known from practice, the former encryption processing method relies on manual operation and subjective consciousness, and the efficiency and rationality of data encryption are low; the latter encryption mode is easy to obtain key information from the encrypted data by using a machine and automatically violently crack the encrypted data, so that the safety of the encrypted data is low; furthermore, it has been found in practice that data encryption in other fields than the data in the electronic field also has the similar problems as described above. Therefore, it is important to provide a new data encryption processing method to improve the encryption rationality and encryption security of data.

Disclosure of Invention

The technical problem to be solved by the invention is to provide a method and a device for encrypting data, which can improve the encryption rationality of the data and the security of the encrypted data.

To solve the above technical problem, a first aspect of the present invention discloses a method for encrypting data, the method comprising:

determining target data to be encrypted, and performing type analysis on the target data to obtain a data type of the target data, wherein the data type comprises one or more of an audio type, a video type, an image type, a text type, a symbol type, a numerical value type, a digital type and other data types;

determining the key grade of the target data according to the data type and the object parameters corresponding to the object requiring the target data;

generating a password parameter of the target data according to the key grade, the determined acquisition parameter of the target data, the data type and the object parameter;

analyzing and randomly optimizing the password parameters based on a preset ciphertext random optimization model to obtain a target password of the target data, and executing encryption operation on the target data by using the target password based on current time and place information corresponding to the target data and equipment identification information of encryption equipment.

In an optional implementation manner, in a first aspect of the present invention, the determining, according to the data type and an object parameter corresponding to an object requiring the target data, a key class of the target data includes:

determining an encryption requirement corresponding to the target data according to an object parameter corresponding to an object requiring the target data, wherein the encryption requirement comprises one or more of an encryption urgency requirement, an encryption complexity requirement and an encryption association requirement;

determining a first encryption level of the target data according to the encryption requirement, and analyzing a second encryption level of the target data according to the data content of the target data;

determining a key level of the target data according to the first encryption level, the second encryption level and the data type;

the object parameters corresponding to the object requiring the target data comprise one or more of attribute parameters of the object requiring the target data, encryption destination parameters of the target data, usage destination parameters of the target data, expected encryption requirement parameters of the target data, encryption authority parameters of the target data and related domain parameters of the target data.

In an optional implementation manner, in a first aspect of the present invention, the generating the cryptographic parameter of the target data according to the key level, the determined acquisition parameter of the target data, the data type, and the object parameter includes:

determining an encryption form corresponding to the target data according to the data type of the target data and the data content of the target data, wherein the encryption form comprises a password content form and/or a password format form;

performing encryption division operation on the data content of the target data based on the encryption form to obtain one or more content modules corresponding to the target data;

for each content module, determining an encryption special parameter corresponding to the data content of the content module, wherein the encryption special parameter is used for distinguishing characteristic information corresponding to different content modules; generating sub-password parameters corresponding to the content module according to the key grade and the encryption special parameters;

generating a password parameter of the target data according to all sub-password parameters corresponding to the content modules, the key grade, the determined acquisition parameters of the target data, the data type and the object parameters;

The acquisition parameters of the target data comprise one or more of acquisition time, acquisition mode, acquisition place, information of an acquisition user, acquisition condition authority and other information related to acquiring the target data.

In an optional implementation manner, in a first aspect of the present invention, the analyzing and randomly optimizing the password parameter based on the preset ciphertext random optimization model to obtain the target password of the target data includes:

according to the encryption information of the historical encryption data matched with the target data, analyzing conventional operation information of the historical encryption parameters corresponding to the historical encryption data in a random optimization mode, and determining distinguishing information corresponding to the target data and the historical encryption data;

according to the conventional operation information and the distinguishing information, determining first random optimization information corresponding to the password parameters, and according to the determined application information of the target data, analyzing second random optimization information corresponding to the password parameters, wherein the application information comprises application scene information and/or application field information;

according to the first random optimization information and the second random optimization information, analyzing and randomly optimizing the password parameters based on a preset ciphertext random optimization model to obtain a target password of the target data;

The first random optimization information and the second random optimization information comprise one or more of random optimization step information, random optimization form information, random optimization degree information, target sub-password parameters needing random optimization, original information of the target sub-password parameters and expected information of the target sub-password parameters.

As an optional implementation manner, in the first aspect of the present invention, the performing, using the target password, an encryption operation on the target data based on the current time and place information corresponding to the target data and device identification information of an encryption device includes:

based on the current time and place information corresponding to the target data and the equipment identification information of the encryption equipment, performing a first encryption operation on the target data by using the target password to obtain a first encryption result;

performing a second encryption operation on the data content of the target data based on the hash operation according to the set first digest generation mode to obtain a second encryption result;

and generating a final encryption result of the target data according to the first encryption result and the second encryption result.

As an optional implementation manner, in the first aspect of the present invention, after the performing, by using the target password, an encryption operation on the target data based on the current time and place information corresponding to the target data and device identification information of an encryption device, the method further includes:

Executing decryption operation on the final encryption result of the target data to obtain a decryption result of the target data, and executing abstract generation operation on data content of the decryption result based on hash operation to obtain an abstract generation result corresponding to the decryption result;

analyzing the matching condition and the difference condition corresponding to each data matching factor according to the second encryption result and the abstract generation result, wherein the data matching factors comprise one or more of semantic matching factors, data format matching factors and specific content matching factors;

analyzing the comparison results corresponding to the second encryption result and the summary generation result according to the matching conditions and the difference conditions corresponding to all the data matching factors;

and when the comparison result is used for indicating that the second encryption result is matched with the summary generation result, determining that the data of the decryption result is valid.

As an alternative embodiment, in the first aspect of the present invention, the method further includes:

when the comparison result is used for indicating that the second encryption result is not matched with the summary generation result, analyzing the reason that the second encryption result is not matched with the summary generation result according to the matching conditions and the difference conditions corresponding to all the data matching factors;

According to the reason, determining corresponding response information of the target data;

based on the response information, performing corresponding processing operation on the target data so as to enable the final encryption result of the target data to be matched with the final decryption result of the target data;

wherein the reason is used for indicating that the encryption operation of the target data is wrong and/or the decryption operation of the target data is wrong.

The second aspect of the present invention discloses an apparatus for encrypting data, the apparatus comprising:

the determining module is used for determining target data needing to be encrypted;

the analysis module is used for carrying out type analysis on the target data to obtain the data type of the target data, wherein the data type comprises one or more of an audio type, a video type, an image type, a text type, a symbol type, a numerical value type, a digital type and other data types;

the determining module is further configured to determine a key level of the target data according to the data type and an object parameter corresponding to an object requiring the target data;

the parameter generation module is used for generating a password parameter of the target data according to the key grade, the determined acquisition parameter of the target data, the data type and the object parameter;

The analysis optimization module is used for analyzing and randomly optimizing the password parameters based on a preset ciphertext random optimization model to obtain a target password of the target data;

and the encryption module is used for executing encryption operation on the target data by using the target password based on the current time and place information corresponding to the target data and the equipment identification information of the encryption equipment.

In a second aspect of the present invention, the determining module determines, according to the data type and an object parameter corresponding to an object requiring the target data, a key level of the target data specifically includes:

In a second aspect of the present invention, as an optional implementation manner, the method for generating, by the parameter generating module, a cryptographic parameter of the target data according to the key level, the determined acquisition parameter of the target data, the data type, and the object parameter specifically includes:

In a second aspect of the present invention, the method for obtaining the target password of the target data by the parsing and optimizing module performing parsing and random optimizing operations on the password parameters based on a preset ciphertext random optimizing model specifically includes:

In a second aspect of the present invention, as an optional implementation manner, the encryption module, based on the current time and place information corresponding to the target data and the device identification information of the encryption device, specifically includes:

As an alternative embodiment, in the second aspect of the present invention, the apparatus further includes:

the decryption module is used for executing decryption operation on the final encryption result of the target data after the encryption module executes encryption operation on the target data based on the current time and place information corresponding to the target data and the equipment identification information of the encryption equipment by using the target password to obtain a decryption result of the target data, and executing abstract generation operation on the data content of the decryption result based on the hash operation to obtain an abstract generation result corresponding to the decryption result;

the analysis module is further configured to analyze, according to the second encryption result and the summary generation result, a matching condition and a difference condition corresponding to each data matching factor, where the data matching factors include one or more of a semantic matching factor, a data format matching factor, and a specific content matching factor; analyzing the comparison results corresponding to the second encryption result and the summary generation result according to the matching conditions and the difference conditions corresponding to all the data matching factors;

And the determining module is further configured to determine that the data of the decryption result is valid when the comparison result is used to indicate that the second encryption result matches the digest generation result.

As an optional implementation manner, in the second aspect of the present invention, the analysis module is further configured to, when the comparison result is used to indicate that the second encryption result does not match the summary generation result, analyze, according to matching conditions and difference conditions corresponding to all the data matching factors, a reason why the second encryption result does not match the summary generation result;

the determining module is further configured to determine, according to the reason, response information corresponding to the target data;

and, the apparatus further comprises:

the data processing module is used for executing corresponding processing operation on the target data based on the response information so as to enable the final encryption result of the target data to be matched with the final decryption result of the target data;

Another apparatus for encrypting data is disclosed in a third aspect of the present invention, the apparatus comprising:

A memory storing executable program code;

a processor coupled to the memory;

the processor invokes the executable program code stored in the memory to perform a method of encrypting data as disclosed in the first aspect of the invention.

A fourth aspect of the invention discloses a computer storage medium storing computer instructions which, when invoked, are adapted to carry out a method of encrypting data as disclosed in the first aspect of the invention.

Compared with the prior art, the embodiment of the invention has the following beneficial effects:

in the embodiment of the invention, the target data needing to be encrypted is determined, and the type analysis is carried out on the target data to obtain the data type of the target data, wherein the data type comprises one or more of an audio type, a video type, an image type, a text type, a symbol type, a numerical value type, a digital type and other data types; determining the key grade of the target data according to the data type and the object parameters corresponding to the object requiring the target data; generating a password parameter of the target data according to the key grade, the determined acquisition parameter of the target data, the data type and the object parameter; analyzing and randomly optimizing the password parameters based on a preset ciphertext random optimization model to obtain a target password of the target data, and executing encryption operation on the target data by using the target password based on current time and place information corresponding to the target data and equipment identification information of encryption equipment. Therefore, the invention can execute a series of matched information processing operations based on the data type, the object parameters, the acquisition parameters, the current time and place information and the encryption equipment representation information corresponding to the target data to obtain the target password, and execute encryption operation on the target data based on the target password to obtain the data encryption result of the target data so as to realize the intelligent data encryption function, provide a plurality of encryption consideration parameters for obtaining the data encryption result of the target data, and be beneficial to improving the diversity, the comprehensiveness and the pertinence of the encryption consideration parameters, and the rationality, the comprehensiveness and the intellectualization of the data encryption mode, thereby being beneficial to improving the pertinence and the matchability of the determined target password, and being beneficial to improving the safety and the stability of the obtained data encryption result.

Drawings

In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings required for the description of the embodiments will be briefly described below, and it is apparent that the drawings in the following description are only some embodiments of the present invention, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.

FIG. 1 is a flow chart of a method for encrypting data according to an embodiment of the present invention;

FIG. 2 is a flow chart of another method for encrypting data according to an embodiment of the present invention;

FIG. 3 is a schematic diagram of an apparatus for encrypting data according to an embodiment of the present invention;

FIG. 4 is a schematic diagram of another apparatus for encrypting data according to an embodiment of the present invention;

fig. 5 is a schematic structural diagram of another apparatus for encrypting data according to an embodiment of the present invention.

Detailed Description

In order that those skilled in the art will better understand the present invention, a technical solution in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in which it is apparent that the described embodiments are only some embodiments of the present invention, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.

The terms first, second and the like in the description and in the claims and in the above-described figures are used for distinguishing between different objects and not necessarily for describing a sequential or chronological order. Furthermore, the terms "comprise" and "have," as well as any variations thereof, are intended to cover a non-exclusive inclusion. For example, a process, method, apparatus, article, or article that comprises a list of steps or elements is not limited to only those listed but may optionally include other steps or elements not listed or inherent to such process, method, article, or article.

Reference herein to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment may be included in at least one embodiment of the invention. The appearances of such phrases in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. Those of skill in the art will explicitly and implicitly appreciate that the embodiments described herein may be combined with other embodiments.

The invention discloses a method and a device for encrypting data, which can execute a series of matched information processing operations based on a data type, an object parameter, an acquisition parameter, current time and place information and encryption equipment representation information corresponding to target data to obtain a target password, and execute encryption operation on the target data based on the target password to obtain a data encryption result of the target data so as to realize an intelligent data encryption function, provide a plurality of encryption consideration parameters for obtaining the data encryption result of the target data, and are beneficial to improving the diversity, comprehensiveness and pertinence of the encryption consideration parameters, and further improve the rationality, comprehensiveness and intellectualization of a data encryption mode, thereby being beneficial to improving the pertinence and the matching property of the determined target password, and further being beneficial to improving the safety and the stability of the obtained data encryption result. The following will describe in detail.

Example 1

Referring to fig. 1, fig. 1 is a flow chart of a method for encrypting data according to an embodiment of the invention. The method described in fig. 1 may be applied to an apparatus for encrypting data, where the apparatus may include a server, where the server includes a local server or a cloud server, and embodiments of the present invention are not limited. As shown in fig. 1, the method for encrypting data includes the following operations:

101. and determining target data to be encrypted, and performing type analysis on the target data to obtain the data type of the target data.

Optionally, the data types include one or more of audio type, video type, image type, text type, symbol type, numeric type, and other data types.

Alternatively, the target data may be data of different fields, for example: the data in the electronic domain, the data in the non-electronic domain, etc., and embodiments of the present invention are not limited.

Optionally, the type analysis is performed on the target data to obtain the data type of the target data, which may be directly determined by preset type information matched with the target data, or may be performed on specific content of the target data to determine the data type of the target data, which is not limited in the embodiment of the present invention.

102. And determining the key grade of the target data according to the data type and the object parameters corresponding to the object requiring the target data.

103. And generating the password parameters of the target data according to the key grade, the determined acquisition parameters, the data type and the object parameters of the target data.

104. And analyzing and randomly optimizing the password parameters based on a preset ciphertext random optimization model to obtain a target password of the target data.

105. And executing encryption operation on the target data by using the target password based on the current time and place information corresponding to the target data and the equipment identification information of the encryption equipment.

Alternatively, the current time and place information corresponding to the target data may be understood as time and place information corresponding to the current encryption operation performed on the target data, which is not limited in the embodiment of the present invention.

Therefore, the method for encrypting the data described by the embodiment of the invention can execute a series of matched information processing operations based on the data type, the object parameters, the acquisition parameters, the current time and place information and the encryption equipment representation information corresponding to the target data to obtain the target password, and execute the encryption operation on the target data based on the target password to obtain the data encryption result of the target data so as to realize an intelligent data encryption function, provide a plurality of encryption consideration parameters for obtaining the data encryption result of the target data, and be beneficial to improving the diversity, the comprehensiveness and the pertinence of the encryption consideration parameters, and further be beneficial to improving the rationality, the comprehensiveness and the intellectualization of the data encryption mode, so as to further be beneficial to improving the pertinence and the matching property of the determined target password, thereby being beneficial to improving the safety and the stability of the obtained data encryption result.

In an optional embodiment, determining the key level of the target data according to the data type and the object parameter corresponding to the object requiring the target data may include:

determining a first encryption level of the target data according to encryption requirements, and analyzing a second encryption level of the target data according to the data content of the target data;

the object parameters corresponding to the object of the demand target data include one or more of an attribute parameter of the object of the demand target data, an encryption destination parameter of the target data, a use destination parameter of the target data, an expected encryption demand parameter of the target data, an encryption authority parameter of the target data and a related domain parameter of the target data.

Optionally, the encryption requirement corresponding to the target data may further include one or more of a specific encryption step requirement corresponding to the target data, a requirement for an adopted encryption device, a notice in an encryption process, a reference encryption requirement of historical encryption data matched with the target data, and other requirement information for limiting an encryption operation of the target data, and the embodiment of the invention is not limited.

Optionally, the encryption urgency requirement may be understood as the urgency of the encryption process of the target data and/or the urgency of the encryption required for the target data; further, the encryption urgency requirement can be used for determining encryption starting time and encryption ending time requirements of the target data, encryption process consumption time requirements, front and back compactness requirements of each step in the encryption process, other related encryption operation information influenced by the encryption urgency and the like; further, there may be matching data encryption operation steps for different encryption urgency requirements, which is not limited in the embodiment of the present invention.

Alternatively, the encryption complexity requirement may be understood as the complexity of the encryption result of the target data and/or the complexity of the password used to encrypt the target data; further, the encryption complexity requirement can be used for determining related requirements of encryption operation steps of the target data, requirements of encryption results corresponding to the target data, encryption security requirements corresponding to the target data and the like; further, there may be matching data encryption operation steps for different encryption complexity requirements, and embodiments of the present invention are not limited.

Optionally, the encryption association requirement may be understood as an encryption requirement of other data associated with the target data, and further, the encryption requirement of the target data is determined in combination with the encryption requirement of the other data; further, there may be matching data encryption operation steps for different encryption association requirements, which is not limited in the embodiment of the present invention.

Further optionally, the analyzing the second encryption level of the target data according to the data content of the target data may include:

according to the data content of the target data, analyzing semantic information of the target data, and determining format typesetting information of the target data according to the data content of the target data;

and analyzing the second encryption level of the target data according to the semantic information and the format typesetting information.

Further optionally, determining the key level of the target data according to the first encryption level, the second encryption level and the data type may include:

calculating the average encryption grade corresponding to the first encryption grade and the second encryption grade, and determining the key grade of the target data according to the average encryption grade and the data type; or,

and determining a target encryption grade meeting grade screening conditions in the first encryption grade and the second encryption grade, and determining the key grade of target data according to the target encryption grade and the data type.

Further, the level filtering conditions may include, but are not limited to, one or more of encryption security filtering conditions (such as selecting an encryption level with higher encryption security as a target encryption level, etc.), encryption efficiency filtering conditions (such as selecting an encryption level with higher encryption efficiency as a target encryption level, etc.), encryption duration filtering conditions (such as selecting an encryption level with shorter encryption duration, etc.), encryption brevity filtering conditions (such as selecting an encryption step, selecting an encryption result with more concise as a target encryption level, etc.), encryption basicity filtering conditions (such as selecting an encryption with less encryption requirement as a target encryption level, etc.), and other filtering conditions for determining a target encryption level, etc., and the embodiments of the present invention are not limited.

Therefore, the optional embodiment can determine the first encryption level according to the encryption requirement and determine the second encryption level according to the data content, further determine the key level of the target data based on the first encryption level, the second encryption level and the data type, and is beneficial to improving the rationality and the comprehensiveness of a key level determination mode, and further beneficial to improving the pertinence and the accuracy of a determined encryption level result, so that the accuracy, the matching performance and the reliability of the determined key level are beneficial to improvement.

In another optional embodiment, the generating the password parameter of the target data according to the key level, the determined acquisition parameter of the target data, the data type and the object parameter may include:

Generating a password parameter of the target data according to the sub-password parameters, the key levels, the determined acquisition parameters, the data types and the object parameters of the target data corresponding to all the content modules;

the acquisition parameters of the target data comprise one or more of acquisition time, acquisition mode, acquisition place, information of an acquisition user, acquisition condition authority and other information related to acquisition of the target data.

Optionally, the above-mentioned cryptographic content form and encryption dividing operation may be understood as dividing the target data according to different content meanings and meaning of representations to which different contents belong, and encrypting the divided data content modules, which is not limited in the embodiment of the present invention.

Optionally, the above-mentioned encryption format and encryption dividing operation may be understood as dividing the target data according to different content formats, and encrypting the divided data content modules, which is not limited in the embodiment of the present invention.

Optionally, the data content of the target data includes all content modules, which is not limited by the embodiment of the present invention.

Optionally, the generating the sub-password parameter corresponding to the content module according to the key level and the encryption special parameter may directly combine the key level and the encryption special parameter to generate the sub-password parameter, or may perform a matched data processing operation on the encryption special parameter based on the key level to obtain the sub-password parameter, which is not limited by the embodiment of the present invention.

Optionally, the above-mentioned encrypted special parameters may be understood that each content module may have a matching parameter corresponding to the content module, and similar or dissimilar matching parameter information may exist between different content modules, where dissimilar matching parameter information may be a special parameter of the content module to which the content module belongs, and the embodiment of the present invention is not limited.

Optionally, the above-mentioned password parameter of generating the target data may be a direct combination of related information to generate the password parameter, or may be a password parameter obtained by performing a corresponding data processing operation on the related information.

Therefore, the optional embodiment can determine one or more content modules corresponding to the target data, generate matched sub-password parameters for each content module, further generate the password parameters of the target data, and be beneficial to improving the comprehensiveness and rationality of the password parameter determination mode, and further be beneficial to improving the accuracy, pertinence and reliability of the determined password parameters.

In still another optional embodiment, the analyzing and randomly optimizing the password parameter based on the preset ciphertext random optimization model to obtain the target password of the target data may include:

According to the encryption information of the historical encryption data matched with the target data, analyzing the conventional operation information of the historical password parameters corresponding to the random optimized historical encryption data, and determining the distinguishing information corresponding to the target data and the historical encryption data;

according to the first random optimization information and the second random optimization information, analyzing and randomly optimizing the password parameters based on a preset ciphertext random optimization model to obtain a target password of target data;

Alternatively, the original information of the target sub-password parameter may be understood as information that matches the target sub-password parameter and is not randomly optimized, which is not limited in the embodiment of the present invention.

Alternatively, the expected information of the target subcode parameter may be understood as information that is matched with the target subcode parameter and is expected to be randomly optimized, which is not limited in the embodiment of the present invention.

Optionally, the above-mentioned historical encryption data matched with the target data may include, but is not limited to, one or more of historical encryption data matched with data content of the target data, historical encryption data matched with a requirement object parameter of the target data, historical encryption data matched with a key level of the target data, historical encryption data matched with an acquisition parameter of the target data, historical encryption data matched with a data type of the target data, historical encryption data matched with an attribute parameter of the target data, historical encryption data matched with an application parameter of the target data, and other historical encryption data with associated information of the target data.

Optionally, the encryption information of the historical encrypted data may include, but is not limited to, one or more of a data type, an object parameter, a key level, an acquisition parameter, a password parameter, a target password, encryption time and place information, encryption device identification information, related information for determining the foregoing information, and the like, which correspond to the historical encrypted data.

Further optionally, the determining the first random optimization information corresponding to the password parameter according to the conventional operation information and the distinguishing information may include:

analyzing corresponding distinguishing operation information according to the distinguishing information;

and carrying out information adjustment operation on the conventional operation information based on the distinguishing operation information to obtain first random optimization information.

It can be seen that, this optional embodiment can combine the encryption information of historical encryption data and the application information of target data to confirm corresponding first random optimization information, second random optimization information respectively, further obtain the target password according to random optimization information and the random optimization model of preset ciphertext that confirm, be favorable to improving the rationality and the comprehensiveness of the target password determination mode to and also be favorable to improving the variety and the rationality of the confirmed parameter that is used for confirming the target password, and then be favorable to improving the execution rationality of target password confirm operation, thereby be favorable to improving the accuracy, pertinence and the reliability of the target password that confirm.

In still another optional embodiment, the performing, using the target password, the encryption operation on the target data based on the current time and place information corresponding to the target data and the device identification information of the encryption device may include:

Performing a first encryption operation on the target data by using the target password based on the current time and place information corresponding to the target data and the equipment identification information of the encryption equipment to obtain a first encryption result;

according to the set first abstract generation mode, performing a second encryption operation on the data content of the target data based on hash operation to obtain a second encryption result;

Optionally, the second encryption result may be understood as a summary generation result of the target data, which is not limited by the embodiment of the present invention.

Optionally, an encryption operation is performed on the target data, illustrating: encrypting plaintext data corresponding to the target data into ciphertext data, and performing hash operation on the plaintext data corresponding to the target data to obtain a digest corresponding to the target data, so as to complete encryption of the target data.

Optionally, the generating the final encryption result of the target data according to the first encryption result and the second encryption result may be directly combining the first encryption result and the second encryption result to obtain the final encryption result of the target data, or may be performing corresponding data processing on the first encryption result and the second encryption result to obtain the final encryption result of the target data, which is not limited in the embodiment of the present invention.

Alternatively, not only hash operation may be adopted, but also other manners capable of generating the digest of the plaintext data may be adopted to obtain the digest of the target data, which is not limited by the embodiment of the present invention.

It can be seen that the optional embodiment can further generate the final encryption result of the target data by executing the first encryption operation on the target data by using the target password and executing the second encryption operation on the target data based on the hash operation and the first digest generation mode, which is beneficial to improving the execution rationality of the encryption operation of the target data, and further beneficial to improving the pertinence and the reliability of the determined final encryption result of the target data, thereby being beneficial to improving the security of the target data.

Example two

Referring to fig. 2, fig. 2 is a flow chart of another method for encrypting data according to an embodiment of the present invention. The method described in fig. 2 may be applied to an apparatus for encrypting data, where the apparatus may include a server, where the server includes a local server or a cloud server, and embodiments of the present invention are not limited. As shown in fig. 2, the method for encrypting data includes the following operations:

201. And determining target data to be encrypted, and performing type analysis on the target data to obtain the data type of the target data.

202. And determining the key grade of the target data according to the data type and the object parameters corresponding to the object requiring the target data.

203. And generating the password parameters of the target data according to the key grade, the determined acquisition parameters, the data type and the object parameters of the target data.

204. Analyzing and randomly optimizing the password parameters based on a preset ciphertext random optimization model to obtain a target password of target data, and executing encryption operation on the target data by using the target password based on current time and place information corresponding to the target data and equipment identification information of encryption equipment.

205. And executing decryption operation on the final encryption result of the target data to obtain a decryption result of the target data, and executing abstract generation operation on the data content of the decryption result based on hash operation to obtain an abstract generation result corresponding to the decryption result.

Optionally, the decryption operation and the digest generation operation for the final encryption result are illustrated as follows: the final encryption result of the target data is decrypted into plaintext data (i.e., the decryption result of the target data), and the decrypted plaintext data is subjected to hash operation to obtain a digest corresponding to the decrypted plaintext data (i.e., the digest generation result corresponding to the decryption result), which is not limited in the embodiment of the present invention.

206. And analyzing the matching condition and the difference condition corresponding to each data matching factor according to the second encryption result and the abstract generation result, wherein the data matching factors comprise one or more of semantic matching factors, data format matching factors and specific content matching factors.

Optionally, the specific content matching factor above is exemplified by: the embodiment of the present invention is not limited in the same case where the specific content character corresponding to the second encryption result is the same as the specific content character corresponding to the summary generation result.

Alternatively, the matching conditions may be the same, and may be the matching if the similarity is higher than the similarity threshold, and the embodiment of the present invention is not limited.

Alternatively, the difference may be considered as a difference if the difference is completely different, or may be considered as a difference if the difference rate is higher than the difference rate threshold.

207. And analyzing a comparison result corresponding to the second encryption result and the abstract generation result according to the matching condition and the difference condition corresponding to all the data matching factors.

Optionally, for determining the comparison result according to the matching condition and the difference condition, an example is illustrated: when the matching degree (numerical value) corresponding to the matching condition is higher than the difference degree (numerical value) corresponding to the difference condition, determining that the comparison result is that the second encryption result is matched with the summary generation result, and the other conditions are the same as the other conditions; or when the importance (numerical value) of the matching content corresponding to the matching condition is higher than the influence (numerical value) of the difference content corresponding to the difference condition, determining that the comparison result is that the second encryption result is matched with the summary generation result, and the other conditions are the same, wherein the embodiment of the invention is not limited.

208. When the comparison result is used for indicating that the second encryption result is matched with the digest generation result, the data of the decryption result is determined to be valid.

Optionally, when the second encryption result is matched with the summary generation result, it may be determined that the target data is not tampered in the encryption and/or decryption process, and the encryption result and/or decryption result corresponding to the target data are complete, which is not limited by the embodiment of the present invention.

In the embodiment of the present invention, for other descriptions of step 201 to step 204, please refer to other detailed descriptions of step 101 to step 105 in the first embodiment, and the description of the embodiment of the present invention is omitted.

It can be seen that, according to the embodiment of the invention, a series of matched information processing operations can be performed based on the data type, the object parameters, the acquisition parameters, the current time and place information and the encryption equipment representation information corresponding to the target data to obtain the target password, and the encryption operation is performed on the target data based on the target password to obtain the data encryption result of the target data, so as to realize an intelligent data encryption function, provide a plurality of encryption consideration parameters for obtaining the data encryption result of the target data, and be beneficial to improving the diversity, comprehensiveness and pertinence of the encryption consideration parameters, and further be beneficial to improving the rationality, comprehensiveness and intellectualization of the data encryption mode, so as to be beneficial to improving the pertinence and the matchability of the determined target password, thereby being beneficial to improving the safety and stability of the obtained data encryption result; and a decryption data validity verification mode aiming at a final encryption result of the target data can be provided, decryption operation and abstract generation operation are carried out on the final encryption result, and then a comparison result of the encryption abstract content and the decryption abstract content is determined, so that data validity verification of the decryption result is realized, the comprehensiveness and rationality of a data encryption method are improved, the rationality and the reliability of the data encryption are improved to a certain extent, in addition, the comprehensiveness and the rationality of the decryption data validity verification mode are improved, and the accuracy and the reliability of the determined data validity verification result are improved, so that the application reliability based on the decryption result is improved.

In an alternative embodiment, the method may further comprise the operations of:

determining corresponding response information of the target data according to the reason;

performing a corresponding processing operation on the target data based on the coping information so that a final encryption result of the target data matches a final decryption result of the target data;

Optionally, when the second encryption result is not matched with the summary generation result, it may be determined that the target data is tampered with data in the encryption and/or decryption process, and the encryption result and/or decryption result corresponding to the target data are incomplete, which is not limited by the embodiment of the present invention.

Therefore, the optional embodiment can match the corresponding target data processing mode aiming at the condition that the second encryption result is not matched with the summary generation result, which is beneficial to improving the integrity and rationality of a mode for encrypting the data, and further is beneficial to improving the accuracy and reliability of the final encryption result and the final decryption result of the target data, thereby being beneficial to improving the encryption accuracy, reliability and decryption accuracy and reliability of the target data.

Example III

Referring to fig. 3, fig. 3 is a schematic structural diagram of an apparatus for encrypting data according to an embodiment of the present invention. The apparatus described in fig. 3 may include a server, where the server includes a local server or a cloud server, and embodiments of the present invention are not limited. As shown in fig. 3, the apparatus for encrypting data may include:

a determining module 301, configured to determine target data that needs to be encrypted.

The analysis module 302 is configured to perform type analysis on the target data to obtain a data type of the target data, where the data type includes one or more of an audio type, a video type, an image type, a text type, a symbol type, a numeric type, and other data types.

The determining module 301 is further configured to determine a key level of the target data according to the data type and an object parameter corresponding to an object requiring the target data.

The parameter generating module 303 is configured to generate a password parameter of the target data according to the key level, the determined acquisition parameter, the data type and the object parameter of the target data.

The parsing and optimizing module 304 is configured to parse and randomly optimize the password parameters based on a preset ciphertext random optimizing model, so as to obtain a target password of the target data.

The encryption module 305 is configured to perform an encryption operation on the target data using the target password based on the current time and place information corresponding to the target data and the device identification information of the encryption device.

Therefore, the device for encrypting the data described in fig. 3 can perform a series of matched information processing operations based on the data type, the object parameter, the acquisition parameter, the current time and place information and the encryption equipment representation information corresponding to the target data to obtain the target password, and perform the encryption operation on the target data based on the target password to obtain the data encryption result of the target data, so as to realize an intelligent data encryption function, provide a plurality of encryption consideration parameters for obtaining the data encryption result of the target data, and be beneficial to improving the diversity, the comprehensiveness and the pertinence of the encryption consideration parameters, and further be beneficial to improving the rationality, the comprehensiveness and the intellectualization of the data encryption mode, so as to be beneficial to improving the pertinence and the matching property of the determined target password, thereby being beneficial to improving the safety and the stability of the obtained data encryption result.

In an alternative embodiment, the determining module 301 determines the key level of the target data according to the data type and the object parameter corresponding to the object requiring the target data specifically includes:

It can be seen that the device described in fig. 4 is capable of determining the first encryption level according to the encryption requirement and determining the second encryption level according to the data content, and further determining the key level of the target data based on the first encryption level, the second encryption level and the data type, which is beneficial to improving the rationality and the comprehensiveness of the key level determination mode, and further beneficial to improving the pertinence and the accuracy of the determined encryption level result, thereby being beneficial to improving the accuracy, the matching property and the reliability of the determined key level.

In another alternative embodiment, the method for generating the password parameter of the target data by the parameter generating module 303 according to the key level, the determined acquisition parameter, the data type and the object parameter of the target data specifically includes:

It can be seen that the device described in fig. 4 can also determine one or more content modules corresponding to the target data, and generate matched sub-password parameters for each content module, so as to further generate the password parameters of the target data, thereby being beneficial to improving the comprehensiveness and rationality of the password parameter determination mode, and further being beneficial to improving the accuracy, pertinence and reliability of the determined password parameters.

In yet another alternative embodiment, the parsing and optimizing module 304 performs parsing and random optimizing operations on the password parameters based on a preset ciphertext random optimizing model, and the manner of obtaining the target password of the target data specifically includes:

It can be seen that the device described in fig. 4 can also be implemented to determine the corresponding first random optimization information and the second random optimization information respectively by combining the encryption information of the historical encryption data and the application information of the target data, and further obtain the target password according to the determined random optimization information and the preset ciphertext random optimization model, which is favorable for improving the rationality and the comprehensiveness of the determination mode of the target password, and is favorable for improving the diversity and the rationality of the determination parameters for determining the target password, and further favorable for improving the execution rationality of the determination operation of the target password, thereby being favorable for improving the accuracy, the pertinence and the reliability of the determined target password.

In yet another alternative embodiment, the encryption module 305 specifically performs the encryption operation on the target data using the target password based on the current time and place information corresponding to the target data and the device identification information of the encryption device, where the method specifically includes:

It can be seen that the device described in fig. 4 is further capable of further generating a final encryption result of the target data by performing the first encryption operation on the target data using the target password and performing the second encryption operation on the target data based on the hash operation and the first digest generation manner, which is beneficial to improving the execution rationality of the encryption operation of the target data, and further beneficial to improving the pertinence and reliability of the determined final encryption result of the target data, thereby improving the security of the target data.

In yet another alternative embodiment, as shown in fig. 4, the apparatus may further include:

the decryption module 306 is configured to, after the encryption module 305 performs an encryption operation on the target data using the target password based on the current time and place information corresponding to the target data and the device identification information of the encryption device, perform a decryption operation on a final encryption result of the target data to obtain a decryption result of the target data, and perform a digest generation operation on data content of the decryption result based on the hash operation to obtain a digest generation result corresponding to the decryption result.

The analysis module 302 is further configured to analyze, according to the second encryption result and the summary generation result, a matching condition and a difference condition corresponding to each data matching factor, where the data matching factors include one or more of a semantic matching factor, a data format matching factor, and a specific content matching factor; and analyzing a comparison result corresponding to the second encryption result and the abstract generation result according to the matching condition and the difference condition corresponding to all the data matching factors.

The determining module 301 is further configured to determine that the data of the decryption result is valid when the comparison result is used to indicate that the second encryption result matches the digest generation result.

Therefore, the device described in fig. 4 can also provide a decryption data validity verification mode for the final encryption result of the target data, and perform decryption operation and abstract generation operation on the final encryption result to further determine the comparison result of the encryption abstract content and the decryption abstract content, so as to realize data validity verification of the decryption result, which is beneficial to improving the comprehensiveness and rationality of a method for encrypting the data, and is beneficial to improving the rationality and reliability of data encryption to a certain extent, and is beneficial to improving the comprehensiveness and rationality of the decryption data validity verification mode, and further beneficial to improving the accuracy and reliability of the determined data validity verification result, thereby being beneficial to the reliability of subsequent applications based on the decryption result.

In yet another alternative embodiment, the analysis module 302 is further configured to, when the comparison result is used to indicate that the second encryption result does not match the summary generation result, analyze a reason for the mismatch between the second encryption result and the summary generation result according to the matching condition and the difference condition corresponding to all the data matching factors.

The determining module 301 is further configured to determine, according to the reason, response information corresponding to the target data.

And, as shown in fig. 4, the apparatus may further include:

a data processing module 307 for performing a corresponding processing operation on the target data based on the coping information so as to match the final encryption result of the target data with the final decryption result of the target data;

Therefore, the device described in fig. 4 can also be matched with a corresponding target data processing mode according to the condition that the second encryption result is not matched with the summary generation result, which is favorable for improving the integrity and rationality of a data encryption mode, and further favorable for improving the accuracy and reliability of the final encryption result and the final decryption result of the target data, thereby being favorable for improving the encryption accuracy, reliability and decryption accuracy and reliability of the target data.

Example IV

Referring to fig. 5, fig. 5 is a schematic structural diagram of another apparatus for encrypting data according to an embodiment of the present invention. The apparatus described in fig. 5 may include a server, where the server includes a local server or a cloud server, and embodiments of the present invention are not limited. As shown in fig. 5, the apparatus may include:

A memory 401 storing executable program codes;

a processor 402 coupled with the memory 401;

further, an input interface 403 and an output interface 404 coupled to the processor 402 may be included;

wherein the processor 402 invokes executable program code stored in the memory 401 for performing the steps of a method of encrypting data as described in embodiment one or embodiment two.

Example five

The embodiment of the invention discloses a computer storage medium storing a computer program for electronic data exchange, wherein the computer program causes a computer to execute the steps in a method for encrypting data described in the first or second embodiment.

Example six

Embodiments of the present invention disclose a computer program product comprising a non-transitory computer readable storage medium storing a computer program, and the computer program is operable to cause a computer to perform the steps of a method of encrypting data as described in embodiment one or embodiment two.

The apparatus embodiments described above are merely illustrative, wherein the modules illustrated as separate components may or may not be physically separate, and the components shown as modules may or may not be physical, i.e., may be located in one place, or may be distributed over a plurality of network modules. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment. Those of ordinary skill in the art will understand and implement the present invention without undue burden.

From the above detailed description of the embodiments, it will be apparent to those skilled in the art that the embodiments may be implemented by means of software plus necessary general hardware platforms, or of course by means of hardware. Based on such understanding, the foregoing technical solutions may be embodied essentially or in part in the form of a software product that may be stored in a computer-readable storage medium including Read-Only Memory (ROM), random-access Memory (Random Access Memory, RAM), programmable Read-Only Memory (Programmable Read-Only Memory, PROM), erasable programmable Read-Only Memory (Erasable Programmable Read Only Memory, EPROM), one-time programmable Read-Only Memory (OTPROM), electrically erasable programmable Read-Only Memory (EEPROM), compact disc Read-Only Memory (Compact Disc Read-Only Memory, CD-ROM) or other optical disc Memory, magnetic disc Memory, tape Memory, or any other medium that can be used for computer-readable carrying or storing data.

Finally, it should be noted that: the embodiment of the invention discloses a method and a device for encrypting data, which are disclosed as preferred embodiments of the invention, and are only used for illustrating the technical scheme of the invention, but not limiting the technical scheme; although the invention has been described in detail with reference to the foregoing embodiments, those of ordinary skill in the art will understand that; the technical scheme recorded in the various embodiments can be modified or part of technical features in the technical scheme can be replaced equivalently; such modifications and substitutions do not depart from the spirit and scope of the corresponding technical solutions.

Claims

1. A method of encrypting data, the method comprising:

Generating a password parameter of the target data according to the key grade, the determined acquisition parameter of the target data, the data type and the object parameter; the acquisition parameters of the target data comprise one or more of acquisition time, acquisition mode, acquisition place, information of an acquisition user, acquisition condition authority and other information related to acquisition of the target data;

analyzing and randomly optimizing the password parameters based on a preset ciphertext random optimization model to obtain a target password of the target data, and executing encryption operation on the target data by using the target password based on current time and place information corresponding to the target data and equipment identification information of encryption equipment;

and determining the key level of the target data according to the data type and the object parameters corresponding to the object requiring the target data, including:

determining an encryption requirement corresponding to the target data according to an object parameter corresponding to an object requiring the target data, wherein the encryption requirement comprises one or more of an encryption urgency requirement and an encryption association requirement;

the object parameters corresponding to the object requiring the target data comprise one or more of attribute parameters of the object requiring the target data, encryption destination parameters of the target data, use destination parameters of the target data, expected encryption requirement parameters of the target data, encryption authority parameters of the target data and related domain parameters of the target data;

and analyzing and randomly optimizing the password parameters based on a preset ciphertext random optimization model to obtain a target password of the target data, wherein the method comprises the following steps:

2. A method of encrypting data according to claim 1, wherein said encryption requirement further comprises an encryption complexity requirement.

3. The method according to claim 1, wherein the generating the cryptographic parameters of the target data according to the key level, the determined acquisition parameters of the target data, the data type, and the object parameters comprises:

and generating the password parameters of the target data according to all the sub-password parameters corresponding to the content modules, the key grade, the determined acquisition parameters of the target data, the data type and the object parameters.

4. A method of encrypting data according to any one of claims 1 to 3, wherein said performing an encryption operation on said target data using said target password based on current time-place information corresponding to said target data and device identification information of an encryption device comprises:

5. The method according to claim 4, wherein after the encrypting operation is performed on the target data using the target password based on the current time-place information corresponding to the target data and device identification information of an encrypting device, the method further comprises:

6. A method of encrypting data according to claim 5, further comprising:

7. An apparatus for encrypting data, the apparatus comprising:

the parameter generation module is used for generating a password parameter of the target data according to the key grade, the determined acquisition parameter of the target data, the data type and the object parameter; the acquisition parameters of the target data comprise one or more of acquisition time, acquisition mode, acquisition place, information of an acquisition user, acquisition condition authority and other information related to acquisition of the target data;

The encryption module is used for executing encryption operation on the target data by using the target password based on the current time and place information corresponding to the target data and the equipment identification information of the encryption equipment;

and the determining module determines the key level of the target data according to the data type and the object parameters corresponding to the object requiring the target data, wherein the determining module specifically comprises:

The method for obtaining the target password of the target data by analyzing and randomly optimizing the password parameters based on a preset ciphertext random optimization model by the analyzing and optimizing module specifically comprises the following steps:

8. An apparatus for encrypting data, the apparatus comprising:

a memory storing executable program code;

a processor coupled to the memory;

the processor invokes the executable program code stored in the memory to perform a method of encrypting data as claimed in any one of claims 1 to 6.

9. A computer storage medium storing computer instructions which, when invoked, are adapted to perform a method of encrypting data according to any one of claims 1 to 6.