CN118051924A - Full-flow encrypted certificate information access method, device, terminal and medium - Google Patents

Full-flow encrypted certificate information access method, device, terminal and medium Download PDF

Info

Publication number
CN118051924A
CN118051924A CN202410028315.0A CN202410028315A CN118051924A CN 118051924 A CN118051924 A CN 118051924A CN 202410028315 A CN202410028315 A CN 202410028315A CN 118051924 A CN118051924 A CN 118051924A
Authority
CN
China
Prior art keywords
file
key
encrypted
picture
certificate
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202410028315.0A
Other languages
Chinese (zh)
Inventor
谭卫忠
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Coocaa Network Technology Co Ltd
Original Assignee
Shenzhen Coocaa Network Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Coocaa Network Technology Co Ltd filed Critical Shenzhen Coocaa Network Technology Co Ltd
Priority to CN202410028315.0A priority Critical patent/CN118051924A/en
Publication of CN118051924A publication Critical patent/CN118051924A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V30/00Character recognition; Recognising digital ink; Document-oriented image-based pattern recognition
    • G06V30/40Document-oriented image-based pattern recognition
    • G06V30/41Analysis of document content

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Multimedia (AREA)
  • Artificial Intelligence (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a full-flow encrypted certificate information access method, a device, a terminal and a medium, comprising the following steps: when the picture is a picture with certificate information, encrypting the picture and the certificate information on the picture by using a file key to obtain an encrypted certificate data file; encrypting the file key through a user private key to obtain an encrypted file key; when receiving an instruction for reading the certificate data file, acquiring user information corresponding to the instruction for reading the certificate data file; and obtaining the encrypted certificate data file according to the user information signed by the user private key, decrypting the encrypted file key through the user private key of the user information, and decrypting the encrypted certificate data file through the decrypted file key to realize stream decryption and rendering display. The certificate data of the invention exist in the form of encrypted data from uploading to downloading, displaying and other links, thereby improving the security of certificate information self-access and providing convenience for users.

Description

Full-flow encrypted certificate information access method, device, terminal and medium
Technical Field
The invention relates to the technical field of intelligent terminals, in particular to a full-flow encrypted certificate information access method and device, an intelligent terminal and a storage medium.
Background
Along with the development of technology and the continuous improvement of living standard of people, the mobile terminal mobile phone is increasingly popular, and users often use the mobile phone to upload certificate information.
In the prior art, certificates such as identity cards, drivers' licenses and the like are commonly stored in mobile phones and computers in the form of pictures, once the mobile phones and television equipment are lost or invaded by hackers, data leakage is easily caused, the risks that the certificates are falsely used and applied exist, and economic losses and unnecessary troubles are brought to people.
Accordingly, there is a need for improvement and development in the art.
Disclosure of Invention
Aiming at the defects of the prior art, the invention provides a full-flow encrypted certificate information access method, a full-flow encrypted certificate information access device, an intelligent terminal and a storage medium.
The technical scheme adopted by the invention for solving the problems is as follows:
a full-flow encrypted certificate information access method comprises the following steps:
acquiring a picture, identifying metadata on the picture, and determining whether the picture is a picture with certificate information;
When the picture is a picture with certificate information, generating a file key, and encrypting the picture and the certificate information on the picture by using the file key to obtain an encrypted certificate data file; encrypting the file key through a user private key to obtain an encrypted file key, and packaging and uploading the encrypted certificate data file and the encrypted file key together;
when receiving a certificate data file reading instruction, acquiring user information corresponding to the certificate data file reading instruction, and acquiring user information signed by a user private key according to the user information;
and obtaining an encrypted certificate data file according to the user information signed by the user private key, decrypting the encrypted file key through the user private key of the user information, and decrypting the encrypted certificate data file through the decrypted file key to realize stream decryption and rendering display.
The method for accessing the full-flow encrypted certificate information, wherein the steps of acquiring the picture, identifying metadata on the picture and determining whether the picture is the picture with the certificate information comprise the following steps:
Presetting a file key according to each picture with certificate information, wherein the file key is used for encrypting and decrypting picture files, and each file can generate one copy;
A user password pair is preset for each user, and comprises a user public key and a user private key. The user private key is used for signing or decrypting the file key; the user public key is used for verifying a signature or encrypting a file key; one user generates only one share.
The method for accessing the full-flow encrypted certificate information, wherein the steps of acquiring the picture, identifying metadata on the picture and determining whether the picture is the picture with the certificate information comprise the following steps:
Acquiring a picture, and extracting text information in the picture through optical character recognition;
And determining whether the picture is a picture with certificate information or not according to the text information on the picture.
The whole-flow encrypted certificate information access method comprises the steps that when a picture is a picture with certificate information, a file key is generated, and the picture and the certificate information on the picture are encrypted by the file key to obtain an encrypted certificate data file; encrypting the file key through a user private key to obtain an encrypted file key, and packaging and uploading the encrypted certificate data file and the encrypted file key together, wherein the step of packaging and uploading comprises the following steps:
When the picture is a picture with certificate information, the certificate information on the picture and the picture is packed to generate a certificate data file, and an encryption algorithm is called to generate a pair of asymmetric encryption algorithm keys as a user key pair, wherein the user key pair comprises: a user public key and a user private key;
Randomly generating a symmetric encryption algorithm key as a file key, and encrypting the certificate data file by using the file key to obtain an encrypted certificate data file; and encrypting the file key through the user private key to obtain an encrypted file key, and packaging and uploading the encrypted certificate data file and the encrypted file key together.
The whole-flow encrypted certificate information access method comprises the steps that when a picture is a picture with certificate information, a file key is generated, and the picture and the certificate information on the picture are encrypted by the file key to obtain an encrypted certificate data file; and encrypting the file key through the user private key to obtain an encrypted file key, and packaging and uploading the encrypted certificate data file and the encrypted file key together, wherein the method further comprises the steps of:
receiving the encrypted certificate data file and the encrypted file key which are packed and uploaded, and decrypting the file key by using the user private key;
When decryption is successful, judging that the current uploaded encrypted certificate data file and the encrypted file key are legal requests of a user, otherwise, considering illegal data to be directly discarded;
When the decryption is successful, decrypting the encrypted certificate data file by using the decrypted file key, extracting metadata and storing the metadata into a database;
Regenerating a plurality of file keys and encrypting the decrypted certificate data files by using the generated file keys to generate a plurality of encrypted certificate data files respectively;
and storing the generated multiple encrypted certificate data files into multiple data storage nodes, and simultaneously storing the position indexes of the files in the data nodes into a database cluster.
The method for accessing the full-flow encrypted certificate information, wherein when receiving a certificate data file reading instruction, the method obtains user information corresponding to the certificate data file reading instruction, and obtains user information signed by a user private key according to the user information, comprises the following steps:
when a certificate data file reading instruction is received, user information corresponding to the certificate data file reading instruction is obtained, the user information is signed through a user private key, and the user information is submitted to a cloud server to initiate a certificate data file reading request;
And calling an authentication module to check the certificate data file reading request by using a user public key according to the certificate data file reading request, and considering the certificate data file reading request as a legal request when the check passes, or else, not responding.
The method for accessing the full-flow encrypted certificate information, wherein the steps of obtaining the encrypted certificate data file according to the user information signed by the user private key, decrypting the encrypted file key through the user private key of the user information, decrypting the encrypted certificate data file through the decrypted file key, and realizing stream decryption and rendering display comprise the following steps:
Inquiring the position index of the encrypted certificate data file in the data storage node according to the user information corresponding to the certificate data file reading instruction, and returning the position index of the encrypted certificate data file and the file key to the request end;
Acquiring the encrypted certificate data file and acquiring a file key according to the position index of the encrypted certificate data file;
decrypting the obtained file key through a user private key of the user information to obtain a decrypted file key;
And decrypting the acquired encrypted certificate data file through the decrypted file key to obtain a decrypted file stream, inputting the decrypted file stream into a rendering display module for analysis and rendering, and displaying a picture with certificate information.
The full-flow encrypted certificate information access system comprises an equipment end with interactive application and a cloud service end in communication connection with the equipment end: wherein, the equipment end includes: the system comprises a certificate data generation module, an encryption and decryption module, an uploading and downloading module and a rendering and displaying module; the cloud service end comprises: the device comprises an authentication module, a data processing module and a storage module;
The certificate data generation module is used for acquiring a picture in a photographing or scanning mode, supporting the extraction of text information from the picture as certificate metadata to determine whether the picture is a picture with certificate information, and packaging the picture to generate a certificate data file;
The encryption and decryption module is provided with asymmetric encryption key distribution, asymmetric encryption and decryption and symmetric encryption and decryption capability, and is used for generating a file key when the picture is a picture with certificate information, and encrypting the picture and the certificate information on the picture by using the file key to obtain an encrypted certificate data file; encrypting the file key through a user private key to obtain an encrypted file key; the method comprises the steps of obtaining an encrypted certificate data file according to user information signed by a user private key, decrypting the encrypted file key through the user private key of the user information, and decrypting the encrypted certificate data file through the decrypted file key;
The uploading and downloading module is used for packaging and uploading the encrypted certificate data file and the encrypted file key to a cloud server, acquiring the encryption of the cloud server through account information and downloading the certificate data file from the cloud server in an https mode; and the user information is also used for acquiring the user information corresponding to the certificate data file reading instruction when the certificate data file reading instruction is received, and obtaining the user information signed by the user private key according to the user information;
the rendering display module is used for displaying the decrypted data stream in the form of pictures or texts by calling the encryption and decryption module;
the authentication module is used for carrying out identity authentication on the request information sent by the equipment end so as to determine legal user operation;
The data processing module is used for encrypting, decrypting, transferring and analyzing and extracting certificate data files, and generating a plurality of certificate data files encrypted by different keys and extracting certificate metadata for the storage module to use;
The storage module is used for accessing data such as certificate data files, certificate metadata, user account numbers and the like in a database and file object storage mode.
A smart terminal comprising a memory and one or more programs, wherein the one or more programs are stored in the memory and configured to be executed by one or more processors, the one or more programs comprising means for performing any of the methods.
A non-transitory computer readable storage medium, wherein instructions in the storage medium, when executed by a processor of an electronic device, enable the electronic device to perform any one of the methods.
The invention has the beneficial effects that: compared with the prior art, the invention provides a certificate data access method for the whole process encryption from a device end (a mobile phone or a computer) to a cloud service end, wherein the certificate data of a user is uploaded to the cloud service end through a network based on the whole process encryption process, and the cloud service end stores the encrypted certificate data on a magnetic disk; the security of certificate information self-access is improved, and convenience is provided for users.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings that are required to be used in the embodiments or the description of the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments described in the present invention, and other drawings may be obtained according to the drawings without inventive effort to those skilled in the art.
FIG. 1 is a schematic functional block diagram of a full-flow encrypted certificate information access system according to an embodiment of the present invention.
Fig. 2 is a schematic diagram of a credential uploading process of a credential information access system with full-process encryption according to an embodiment of the present invention.
Fig. 3 is a schematic diagram of a certificate download viewing flow of the whole-flow encrypted certificate information access system according to an embodiment of the present invention.
Fig. 4 is a flow chart of a method for accessing full-flow encrypted certificate information according to an embodiment of the present invention.
Fig. 5 is a schematic block diagram of an internal structure of an intelligent terminal according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more clear and clear, the present invention will be further described in detail below with reference to the accompanying drawings and examples. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.
It should be noted that, if directional indications (such as up, down, left, right, front, and rear … …) are included in the embodiments of the present invention, the directional indications are merely used to explain the relative positional relationship, movement conditions, etc. between the components in a specific posture (as shown in the drawings), and if the specific posture is changed, the directional indications are correspondingly changed.
Aiming at the problems that in the prior art, certificates such as identity cards, drivers' licenses and the like are generally stored in mobile phones and computers in the form of pictures, once the mobile phones and television equipment are lost or hacked, data leakage is easily caused, the risks that the certificates are falsely used and applied exist, and economic losses and unnecessary troubles are brought to people.
In order to solve the technical problems, the embodiment of the invention provides a full-process encrypted certificate information access method, which is characterized in that the whole-process encrypted certificate data access method from a device end (a mobile phone or a computer) to a cloud server is provided, the user's certificate data is uploaded to the cloud server through a network based on the whole-process encryption process, and the cloud server stores the encrypted certificate data on a disk.
The embodiment of the invention provides a full-flow encrypted certificate information access system, as shown in fig. 1, comprising: the device end with interactive application and the cloud service end which is in communication connection with the device end;
In this embodiment, the device side may be a device side with an application installed, and may specifically be operated on a mobile phone, a tablet or a computer of a user in a form of a mobile phone or a television application program, so that the user may upload and view credential data, where the credential data includes (credential images, credential metadata, etc.).
The equipment end provided with the application mainly comprises a certificate data generation module, an encryption and decryption module, an uploading and downloading module and a rendering and displaying module.
The certificate data generation module is used for acquiring a picture in a photographing or scanning mode, supporting the extraction of text information from the picture as certificate metadata to determine whether the picture is a picture with certificate information or not, and packaging the picture to generate a certificate data file;
The encryption and decryption module has asymmetric encryption key distribution, asymmetric encryption and decryption and symmetric encryption and decryption capability, and is used for encrypting and decrypting the certificate data file, and particularly used for generating a file key when the picture is a picture with certificate information, and encrypting the picture and the certificate information on the picture by using the file key to obtain an encrypted certificate data file; encrypting the file key through a user private key to obtain an encrypted file key; the method comprises the steps of obtaining an encrypted certificate data file according to user information signed by a user private key, decrypting the encrypted file key through the user private key of the user information, and decrypting the encrypted certificate data file through the decrypted file key;
The uploading and downloading module is used for packaging and uploading the encrypted certificate data file and the encrypted file key to a cloud server, acquiring the encryption of the cloud server through account information and downloading the certificate data file from the cloud server in an https mode; and the user information is also used for acquiring the user information corresponding to the certificate data file reading instruction when the certificate data file reading instruction is received, and obtaining the user information signed by the user private key according to the user information;
And the rendering display module displays the decrypted data stream in the form of pictures or texts by calling the encryption and decryption module.
In the embodiment of the present invention, as shown in fig. 1, the cloud server runs on an entity server or a cloud server in the form of a server program, and is used for processing and storing certificate data files, and performing data interaction with the device side through https protocol. The cloud server mainly comprises an authentication module, a data processing module and a storage module. The authentication module is used for carrying out identity authentication on the request information sent by the equipment end so as to determine legal user operation; the data processing module has encryption, decryption, transfer and certificate data file analysis and extraction capabilities, and can generate a plurality of certificate data files encrypted by different keys and extract certificate metadata for the storage module to use; the storage module accesses the data such as the certificate data file, the certificate metadata, the user account and the like in a database and file object storage mode.
The embodiment of the invention provides a full-flow encrypted certificate information access system, the working principle of which is shown in fig. 2 and 3, comprising: the main flow is: certificate data file generation and upload steps (as shown in fig. 2) and a main stream Cheng Er: downloading and displaying the certificate data file from the cloud (as shown in fig. 3);
the embodiment of the invention is implemented in a specific way:
Presetting a file key according to each picture with certificate information, wherein the file key is used for encrypting and decrypting picture files, and each file can generate one copy;
and presetting a user password pair for each user, wherein the user password pair comprises a user public key and a user private key. The user private key is used for signing or decrypting the file key; the user public key is used for verifying a signature or encrypting a file key; one user generates only one share.
Wherein, mainstream Cheng Yi: the steps of generating and uploading the certificate data file, as shown in fig. 2, include the following refinement steps:
Step 1, in the embodiment of the invention, the equipment end can call the shooting capability of the system, shoot and generate the pictures on the front and back sides of the certificates, then extract the text information in the pictures through an OCR (optical character recognition) recognition library (comprising a recognition library carried by the system or a third party open source recognition library), store metadata. Xml files in the extracted text information, and package the extracted text information together with the certificate pictures through a zip format to generate a certificate data file card.
And 2, the equipment end calls the encryption and decryption module to generate a pair of asymmetric encryption algorithm keys (such as RSA or SM2 algorithm) as a user key pair, wherein the pair of asymmetric encryption algorithm keys comprises a user public key pubKey and a user private key privKey. Uploading a user public key to a cloud server in an https mode to serve as a global key of the user; and storing the private key of the user in a safe position of the equipment. Randomly generating a symmetric encryption algorithm key (such as AES or SM 4) as a file key; symmetrically encrypting the certificate data file card.zip generated in the step 1 by the file key to generate an encrypted certificate data file encrypt_card.zip; and encrypting the file key by adding a user private key to an asymmetric encryption algorithm to generate an encrypted file key encrypt_key.
And 3, the control equipment side calls an uploading and downloading module, and the encrypted certificate data file encrypter_card.zip and the encrypted file key generated in the step 2 are uploaded to the cloud service side in an https mode.
And 4, the cloud service end calls an authentication module to receive the encrypted certificate data file encrypter_card. Zip and the encrypted file key encrypter_key, decrypts the encrypted file key encrypter_key through the user private key submitted in the step 2, judges that the user requests legal if the decryption is successful, and otherwise, judges that the illegal data is directly discarded.
Step 5, the cloud service end calls a data processing module, decrypts the encrypted certificate data file encryption_card.zip through the file key decrypted in the step 4, extracts metadata (namely text data with certificate information) and stores the metadata in a database; and regenerating a plurality of file keys and encrypting the certificate data files by using the file keys respectively to generate a plurality of encrypted certificate data files.
And 6, the cloud service end calls a storage module to store the encrypted certificate data files generated in the step 5 into a plurality of data storage nodes so as to prevent data loss caused by single data node faults, and simultaneously, the position indexes of the files in the data nodes are stored into a database cluster.
Up to this point, certificate data (including pictures with certificate information) has been stored in the cloud server. Because the certificate data files of all links exist in an encrypted form, outsiders cannot check plaintext data under the conditions of equipment loss, hacking of a server-side data storage node and the like, the data security guarantee from data generation to uploading links is realized, the security is improved, and convenience is provided for users.
And a main flow II: downloading and displaying a certificate data file from a cloud service end, as shown in fig. 3;
Step S21, the equipment side signs the user identity information (comprising the user id) through the user private key and submits the user identity information to the cloud service side to initiate a data request.
Step S22, after receiving the data request, the cloud service end performs signature verification on the request data (including user id) by calling an authentication module and utilizing a user public key, if the signature verification is passed, the request is considered as legal, access is allowed, and otherwise, no response is made.
And S23, the cloud service end inquires the position index of the certificate data file in the data storage node from the database according to the user information extracted in the step S22, and returns the position index to the equipment end in an https mode together with the encrypted file key encrypter_key.
And S24, after the equipment end receives the certificate data, decrypting the file key by using a user private key of the equipment end to obtain a decrypted file key so as to obtain a real file key, then inputting the decrypted file key and the encrypted certificate data file into an encryption and decryption module to obtain a decrypted file stream (data is in a memory), inputting the decrypted file stream into a rendering display module, and after analysis and rendering, a user can check the certificate picture and the metadata information.
Thus, the certificate data always exists in the encryption state during downloading and analyzing. The encrypted data cannot be analyzed and checked even if other people leak the encrypted data, so that the data security in the downloading and displaying links is ensured.
Exemplary method
As shown in fig. 4, a full-flow encrypted certificate information access method according to an embodiment of the present invention includes the following steps:
Step S100, acquiring a shot or scanned picture, identifying metadata on the picture, and determining whether the picture is a picture with certificate information;
In the embodiment of the present invention, an example is taken as an example of a picture stored in an intelligent terminal, for example, a mobile phone or a computer, where the picture may be a picture obtained by photographing or scanning, or may be a picture that is forwarded or transferred.
Of course, before the implementation of the invention, a file key can be preset according to each picture with certificate information, and the file key is used for encrypting and decrypting picture files, and each file can generate one copy;
and presetting a user password pair for each user, wherein the user password pair comprises a user public key and a user private key. The user private key is used for signing or decrypting the file key; the user public key is used for verifying a signature or encrypting a file key; one user generates only one share.
The step S100 specifically includes:
s101, acquiring a shot or scanned picture, and extracting text information in the picture through optical character recognition;
s102, determining whether the picture is a picture with certificate information or not according to the text information on the picture.
For example, the photographing capability of the system can be called, a picture on the front side and the back side of the certificate can be photographed and generated, then the photographed or scanned picture is obtained, text information in the picture is extracted through an OCR recognition library (comprising a recognition library carried by the system or a third party open source recognition library), for example, whether name information, identification card number information, passport information and the like are included in the extracted text information is recognized, a metadata. Xml file is stored in the text information, and the document picture is packaged together with the document picture through a zip format to generate a document data file card.
Step 200, when the picture is a picture with certificate information, generating a file key, and encrypting the picture and the certificate information on the picture by using the file key to obtain an encrypted certificate data file; encrypting the file key through a user private key to obtain an encrypted file key, and packaging and uploading the encrypted certificate data file and the encrypted file key together;
in this step, the method is used for encrypting the picture with the certificate information and uploading the picture to the cloud server through the network. When the picture is a picture with certificate information, the method and the device operate on the picture with the certificate information.
In this step, a file key for encrypting the picture and the certificate information on the picture is generated in the present invention. This file key may be a key in a symmetric encryption algorithm for encrypting and decrypting data.
Encrypting the picture and the certificate information on the picture by using the file key to obtain an encrypted certificate data file; in this embodiment, the system encrypts the picture and the certificate information on the picture by using the file key generated in the previous step, and generates an encrypted certificate data file.
The file key is encrypted by the private key of the user to obtain an encrypted file key, which is used for protecting the security of the file key. In this embodiment, the user's private key is used to asymmetrically encrypt the file key, and an encrypted file key is generated.
Regarding the packing and uploading of the encrypted document data file and the encrypted file key together, that is, in the embodiment of the present invention, the encrypted document data file and the encrypted file key are packed together and then uploaded to the server. Thus, even if intercepted in the transmission process, the true certificate information cannot be leaked.
In general, this procedure is to perform secure encryption processing on a picture with certificate information, so as to ensure that the certificate information is not revealed during uploading to a server.
The step S200 specifically includes:
S201, when the picture is a picture with certificate information, packaging the picture and the certificate information on the picture to generate a certificate data file, and calling an encryption algorithm to generate a pair of asymmetric encryption algorithm keys as a user key pair, wherein the user key pair comprises: a user public key and a user private key;
In the embodiment of the invention, the picture and the certificate information on the picture are packaged to generate a certificate data file, wherein the certificate information on the picture is text information on the picture through OCR (optical character recognition), the text information is stored as a metadata. Xml file, and the certificate picture and the picture are packaged together through a zip format to generate a certificate data file card.
S202, randomly generating a symmetric encryption algorithm key as a file key, and encrypting the certificate data file by using the file key to obtain an encrypted certificate data file; and encrypting the file key through the user private key to obtain an encrypted file key, and packaging and uploading the encrypted certificate data file and the encrypted file key together.
In this step, referring to fig. 2, the encryption/decryption module is called to generate a pair of asymmetric encryption algorithm keys (such as RSA or SM2 algorithm) as a user key pair, where the pair includes a public user key pubKey and a private user key privKey. Uploading a user public key to a cloud server in an https mode to serve as a global key of the user; the private key is stored in a secure location of the device. Randomly generating a symmetric encryption algorithm key (such as AES or SM 4) as a file key; symmetrically encrypting the card.zip file generated in the step S201 by the key to generate an encrypted certificate data file encrypt_card.zip; the file key is encrypted by an asymmetric encryption algorithm plus a user private key to generate an encrypted file key encrypt_key.
Then, the uploading and downloading module is called again, and the generated encrypted certificate data file encrypt_card. Zip and the encrypted file key are uploaded to the cloud server in an https mode
Further, the step S200 further includes:
s203, receiving the encrypted certificate data file and the encrypted file key which are packaged and uploaded, and decrypting the file key by using the user private key;
S204, when decryption is successful, judging that the current uploaded encrypted certificate data file and the encrypted file key are legal requests of a user, otherwise, considering illegal data to be directly discarded;
in the embodiment of the present invention, the step S203 and the step S204 may call the authentication module to receive the certificate data file and the file key, decrypt the file key with the submitted user private key, and if the decryption is successful, determine that the user requests legal, otherwise consider that the illegal data is directly discarded.
S205, decrypting the encrypted certificate data file when the decrypted file key is successfully decrypted, extracting metadata and storing the metadata into a database;
s206, regenerating a plurality of file keys and respectively encrypting the decrypted certificate data files by using the generated file keys to generate a plurality of encrypted certificate data files;
S207, storing the generated multiple encrypted certificate data files into multiple data storage nodes, and simultaneously storing the position indexes of the files in the data nodes into a database cluster.
In the embodiment of the invention, the step S205-207 can call the data processing module through the cloud server, decrypt the encrypted certificate data file through the decrypted file key to obtain the decrypted certificate data file, and extract the metadata to store in the database; and regenerating a plurality of file keys and encrypting the certificate data files by the file keys to generate a plurality of encrypted certificate data files.
The cloud server can call the storage module to store the generated multiple encrypted certificate data files into multiple data storage nodes so as to prevent data loss caused by single data node faults, and meanwhile, the position indexes of the files in the data nodes are stored into the database cluster.
Through the above steps, the certificate data is stored in the cloud. Because the certificate data files of all links exist in an encrypted form, outsiders cannot check plaintext data under the conditions of equipment loss, hacking of a server-side data storage node and the like, and the data security assurance from data generation to uploading links is realized.
Step S300, when receiving a certificate data file reading instruction, acquiring user information corresponding to the certificate data file reading instruction, and acquiring user information signed by a user private key according to the user information;
in this step, the operational flow after the system receives an instruction to read a credential data file is described. When receiving an instruction for reading the document data file, the system receives an instruction to request to read the document data file. The user information corresponding to the instruction for reading the certificate data file is obtained, that is, the system can obtain the user information corresponding to the instruction, that is, the related information of the user who sends the instruction, such as a user name, an ID, and the like. And then obtaining user information signed by the user private key according to the user information, and then, the system signs the information by using the private key of the user according to the user information obtained in the last step to generate the user information signed by the user private key.
Therefore, after receiving the instruction of reading the certificate data file, the step is to sign by using the private key according to the user information so as to ensure the legality and the security of the operation. This can verify that the sender of the instruction is a legitimate user and secure the user information.
The step S300 specifically includes:
S301, when a certificate data file reading instruction is received, user information corresponding to the certificate data file reading instruction is obtained, the user information is signed through a user private key, and the user information is submitted to a cloud server to initiate a certificate data file reading request;
s302, according to the request for reading the certificate data file, an authentication module is called to check the request for reading the certificate data file by using a public key of a user, and if the check passes, the request is considered as a legal request, otherwise, the request is not responded.
The steps S301-S302 may be performed by the device end signing the user identity information (including the user id) with the user private key, and submitting the signed user identity information to the cloud service end to initiate the data request. After receiving the data request, the cloud service end performs signature verification on the request data (including user id) by calling an authentication module and utilizing a user public key, if the signature verification is passed, the request is considered as legal request, otherwise, the request is not responded.
Step 400, according to the user information signed by the user private key, obtaining an encrypted certificate data file, decrypting the encrypted file key through the user private key of the user information, and decrypting the encrypted certificate data file through the decrypted file key to realize stream decryption and rendering display.
In this step, a process is described for decrypting a document data file based on user information signed by a user's private key. The system uses the user information signed by the user private key to verify the identity of the user and obtain the encrypted certificate data file.
Decrypting the encrypted file key with a user private key of the user information; specifically, the system decrypts the encrypted file key by using the private key of the user to obtain the decrypted file key. The encrypted credential data file is then decrypted by the decrypted file key. The encrypted credential data file is then decrypted using the decrypted file key. The method and the device realize stream decryption and rendering display, namely in the embodiment of the invention, the decrypted data is subjected to stream decryption and rendering display, so that a user can view certificate data.
Therefore, the step is to perform decryption operation according to the user information signed by the private key of the user, so as to ensure that only legal users can decrypt and view the certificate data, and simultaneously protect the security of the certificate data in the decryption process.
The step S400 specifically includes:
S401, inquiring the position index of the encrypted certificate data file in the data storage node according to the user information corresponding to the certificate data file reading instruction, and returning the position index of the encrypted certificate data file and the file key to the request end;
In the embodiment of the invention, referring to fig. 3, the cloud server can query the position index of the certificate data file in the data storage node from the database according to the extracted user information, and return the position index and the file key to the equipment end in an https mode.
S402, acquiring an encrypted certificate data file and a file key according to the position index of the encrypted certificate data file;
s403, decrypting the obtained file key through a user private key of the user information to obtain a decrypted file key;
S404, decrypting the acquired encrypted certificate data file through the decrypted file key to obtain a decrypted file stream, inputting the file decrypted stream into a rendering display module for analysis and rendering, and displaying a picture with certificate information.
In the embodiment of the invention, after the equipment receives the encrypted certificate data file, the file key is decrypted by using the private key of the user to obtain the real file key, the decrypted file key and the encrypted certificate data file are input into the encryption and decryption module to obtain a decrypted file stream (data is in the memory), the decrypted file stream is input into the rendering display module, and after analysis and rendering, the user can check the certificate picture and the metadata information.
Therefore, the invention always stores the certificate data in the encryption state in the downloading and analyzing process. The encrypted data cannot be analyzed and checked even if other people leak the encrypted data, so that the data security in the downloading and displaying links is ensured. The invention has the following advantages:
1) The invention protects the certificate data by utilizing an asymmetric encryption and symmetric encryption combination mode, and has high symmetric encryption and decryption speed and high file encryption efficiency; the asymmetric encryption and decryption is very suitable for encrypting and decrypting the file key because the public and private keys are stored in different places and the private keys are not needed to be transmitted locally.
2) According to the method and the device, multiple copies of the data file encrypted by different keys can be generated at the cloud server, so that the influence of decrypted data is reduced.
3) According to the method, the cloud server side stores multiple copies of the certificate data in multiple nodes, and the risk of data loss is reduced.
4) After the encrypted certificate data file is downloaded by the equipment end, the invention does not need to have a plaintext file on a disk in a streaming decryption rendering mode, thereby preventing data loss
Based on the above embodiment, the present invention further provides an intelligent terminal, and a functional block diagram thereof may be shown in fig. 5. The intelligent terminal can be a device end or a server and comprises a processor, a memory, a network interface, a display screen and a database which are connected through a system bus. The processor of the intelligent terminal is used for providing computing and control capabilities. The memory of the intelligent terminal comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The network interface of the intelligent terminal is used for communicating with an external terminal through network connection. The computer program, when executed by a processor, implements a full-flow encrypted credential information access method. The database of the intelligent terminal is used for storing the encrypted pictures.
It will be appreciated by those skilled in the art that the schematic block diagram shown in fig. 5 is merely a block diagram of a portion of the structure associated with the present inventive arrangements and is not limiting of the smart terminal to which the present inventive arrangements are applied, and that a particular smart terminal may include more or fewer components than shown, or may combine some of the components, or have a different arrangement of components.
In one embodiment, a smart terminal is provided that includes a memory, and one or more programs, wherein the one or more programs are stored in the memory and configured to be executed by one or more processors, the one or more programs comprising instructions for:
acquiring a picture, identifying metadata on the picture, and determining whether the picture is a picture with certificate information;
When the picture is a picture with certificate information, generating a file key, and encrypting the picture and the certificate information on the picture by using the file key to obtain an encrypted certificate data file; encrypting the file key through a user private key to obtain an encrypted file key, and packaging and uploading the encrypted certificate data file and the encrypted file key together;
when receiving a certificate data file reading instruction, acquiring user information corresponding to the certificate data file reading instruction, and acquiring user information signed by a user private key according to the user information;
and obtaining an encrypted certificate data file according to the user information signed by the user private key, decrypting the encrypted file key through the user private key of the user information, and decrypting the encrypted certificate data file through the decrypted file key to realize stream decryption and rendering display, wherein the method is specifically described above.
Those skilled in the art will appreciate that implementing all or part of the above described methods may be accomplished by way of a computer program stored on a non-transitory computer readable storage medium, which when executed, may comprise the steps of the embodiments of the methods described above. Any reference to memory, storage, database, or other medium used in embodiments provided herein may include non-volatile and/or volatile memory. The nonvolatile memory can include Read Only Memory (ROM), programmable ROM (PROM), electrically Programmable ROM (EPROM), electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double Data Rate SDRAM (DDRSDRAM), enhanced SDRAM (ESDRAM), synchronous link (SYNCHLINK) DRAM (SLDRAM), memory bus (Rambus) direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM), among others.
In summary, the invention provides a whole-process encrypted certificate information access method, a device, an intelligent terminal and a storage medium, compared with the prior art, the invention provides a whole-process encrypted certificate data access method from a device end (a mobile phone or a computer) to a cloud service end, wherein the user's certificate data is uploaded to the cloud service end through a network based on whole-process encryption processing, and the cloud service end stores the encrypted certificate data on a disk; the security of certificate information self-access is improved, and convenience is provided for users.
It is to be understood that the invention is not limited in its application to the examples described above, but is capable of modification and variation in light of the above teachings by those skilled in the art, and that all such modifications and variations are intended to be included within the scope of the appended claims.

Claims (10)

1. A full-flow encrypted certificate information access method, comprising:
acquiring a picture, identifying metadata on the picture, and determining whether the picture is a picture with certificate information;
When the picture is a picture with certificate information, generating a file key, and encrypting the picture and the certificate information on the picture by using the file key to obtain an encrypted certificate data file; encrypting the file key through a user private key to obtain an encrypted file key, and packaging and uploading the encrypted certificate data file and the encrypted file key together;
when receiving a certificate data file reading instruction, acquiring user information corresponding to the certificate data file reading instruction, and acquiring user information signed by a user private key according to the user information;
and obtaining an encrypted certificate data file according to the user information signed by the user private key, decrypting the encrypted file key through the user private key of the user information, and decrypting the encrypted certificate data file through the decrypted file key to realize stream decryption and rendering display.
2. The method for accessing full-process encrypted certificate information according to claim 1, wherein the steps of obtaining a picture, identifying metadata on the picture, and determining whether the picture is a picture with certificate information, comprise:
Presetting a file key according to each picture with certificate information, wherein the file key is used for encrypting and decrypting picture files, and each file can generate one copy;
Presetting a user password pair for each user, wherein the user password pair comprises a user public key and a user private key; the user private key is used for signing or decrypting the file key; the user public key is used for verifying a signature or encrypting a file key; one user generates only one share.
3. The method for accessing full-process encrypted certificate information according to claim 1, wherein the steps of obtaining a picture, identifying metadata on the picture, and determining whether the picture is a picture with certificate information comprise:
Acquiring a picture, and extracting text information in the picture through optical character recognition;
And determining whether the picture is a picture with certificate information or not according to the text information on the picture.
4. The method for accessing full-process encrypted certificate information according to claim 1, wherein when the picture is a picture with certificate information, a file key is generated, and the file key is used for encrypting the picture and the certificate information on the picture to obtain an encrypted certificate data file; encrypting the file key through a user private key to obtain an encrypted file key, and packaging and uploading the encrypted certificate data file and the encrypted file key together, wherein the step of packaging and uploading comprises the following steps:
When the picture is a picture with certificate information, the certificate information on the picture and the picture is packed to generate a certificate data file, and an encryption algorithm is called to generate a pair of asymmetric encryption algorithm keys as a user key pair, wherein the user key pair comprises: a user public key and a user private key;
Randomly generating a symmetric encryption algorithm key as a file key, and encrypting the certificate data file by using the file key to obtain an encrypted certificate data file; and encrypting the file key through the user private key to obtain an encrypted file key, and packaging and uploading the encrypted certificate data file and the encrypted file key together.
5. The method for accessing full-process encrypted certificate information according to claim 4, wherein when the picture is a picture with certificate information, a file key is generated, and the file key is used to encrypt the picture and the certificate information on the picture to obtain an encrypted certificate data file; and encrypting the file key through the user private key to obtain an encrypted file key, and packaging and uploading the encrypted certificate data file and the encrypted file key together, wherein the method further comprises the steps of:
receiving the encrypted certificate data file and the encrypted file key which are packed and uploaded, and decrypting the file key by using the user private key;
When decryption is successful, judging that the current uploaded encrypted certificate data file and the encrypted file key are legal requests of a user, otherwise, considering illegal data to be directly discarded;
When the decryption is successful, decrypting the encrypted certificate data file by using the decrypted file key, extracting metadata and storing the metadata into a database;
Regenerating a plurality of file keys and encrypting the decrypted certificate data files by using the generated file keys to generate a plurality of encrypted certificate data files respectively;
and storing the generated multiple encrypted certificate data files into multiple data storage nodes, and simultaneously storing the position indexes of the files in the data nodes into a database cluster.
6. The method for accessing full-process encrypted certificate information according to claim 1, wherein when receiving a certificate data file reading instruction, the step of obtaining user information corresponding to the certificate data file reading instruction, and obtaining user information signed by a user private key according to the user information comprises:
when a certificate data file reading instruction is received, user information corresponding to the certificate data file reading instruction is obtained, the user information is signed through a user private key, and the user information is submitted to a cloud server to initiate a certificate data file reading request;
And calling an authentication module to check the certificate data file reading request by using a user public key according to the certificate data file reading request, and considering the certificate data file reading request as a legal request when the check passes, or else, not responding.
7. The method for accessing full-process encrypted document information according to claim 1, wherein the steps of obtaining an encrypted document data file according to user information signed by a user private key, decrypting the encrypted document key by the user private key of the user information, decrypting the encrypted document data file by the decrypted document key, and implementing stream decryption and rendering display include:
Inquiring the position index of the encrypted certificate data file in the data storage node according to the user information corresponding to the certificate data file reading instruction, and returning the position index of the encrypted certificate data file and the file key to the request end;
Acquiring the encrypted certificate data file and acquiring a file key according to the position index of the encrypted certificate data file;
decrypting the obtained file key through a user private key of the user information to obtain a decrypted file key;
And decrypting the acquired encrypted certificate data file through the decrypted file key to obtain a decrypted file stream, inputting the decrypted file stream into a rendering display module for analysis and rendering, and displaying a picture with certificate information.
8. The full-flow encrypted certificate information access system is characterized by comprising an equipment end with interactive application and a cloud service end in communication connection with the equipment end: wherein, the equipment end includes: the system comprises a certificate data generation module, an encryption and decryption module, an uploading and downloading module and a rendering and displaying module; the cloud service end comprises: the device comprises an authentication module, a data processing module and a storage module;
The certificate data generation module is used for acquiring a picture in a photographing or scanning mode, supporting the extraction of text information from the picture as certificate metadata to determine whether the picture is a picture with certificate information, and packaging the picture to generate a certificate data file;
The encryption and decryption module is provided with asymmetric encryption key distribution, asymmetric encryption and decryption and symmetric encryption and decryption capability, and is used for generating a file key when the picture is a picture with certificate information, and encrypting the picture and the certificate information on the picture by using the file key to obtain an encrypted certificate data file; encrypting the file key through a user private key to obtain an encrypted file key; the method comprises the steps of obtaining an encrypted certificate data file according to user information signed by a user private key, decrypting the encrypted file key through the user private key of the user information, and decrypting the encrypted certificate data file through the decrypted file key;
The uploading and downloading module is used for packaging and uploading the encrypted certificate data file and the encrypted file key to a cloud server, acquiring the encryption of the cloud server through account information and downloading the certificate data file from the cloud server in an https mode; and the user information is also used for acquiring the user information corresponding to the certificate data file reading instruction when the certificate data file reading instruction is received, and obtaining the user information signed by the user private key according to the user information;
the rendering display module is used for displaying the decrypted data stream in the form of pictures or texts by calling the encryption and decryption module;
the authentication module is used for carrying out identity authentication on the request information sent by the equipment end so as to determine legal user operation;
The data processing module is used for encrypting, decrypting, transferring and analyzing and extracting certificate data files, and generating a plurality of certificate data files encrypted by different keys and extracting certificate metadata for the storage module to use;
The storage module is used for accessing the certificate data file, the certificate metadata and the user account data in a database and file object storage mode.
9. An intelligent terminal comprising a memory, and one or more programs, wherein the one or more programs are stored in the memory and configured to be executed by one or more processors, the one or more programs comprising instructions for performing the method of any of claims 1-7.
10. A non-transitory computer readable storage medium, wherein instructions in the storage medium, when executed by a processor of an electronic device, enable the electronic device to perform the method of any one of claims 1-7.
CN202410028315.0A 2024-01-05 2024-01-05 Full-flow encrypted certificate information access method, device, terminal and medium Pending CN118051924A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202410028315.0A CN118051924A (en) 2024-01-05 2024-01-05 Full-flow encrypted certificate information access method, device, terminal and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202410028315.0A CN118051924A (en) 2024-01-05 2024-01-05 Full-flow encrypted certificate information access method, device, terminal and medium

Publications (1)

Publication Number Publication Date
CN118051924A true CN118051924A (en) 2024-05-17

Family

ID=91049495

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202410028315.0A Pending CN118051924A (en) 2024-01-05 2024-01-05 Full-flow encrypted certificate information access method, device, terminal and medium

Country Status (1)

Country Link
CN (1) CN118051924A (en)

Similar Documents

Publication Publication Date Title
EP3685334B1 (en) Improving integrity of communications between blockchain networks and external data sources
KR101641809B1 (en) Method and system for distributed off-line logon using one-time passwords
US11757640B2 (en) Non-fungible token authentication
CN109829269A (en) Method, apparatus and system based on E-seal authenticating electronic documents
CN110462658A (en) For providing system and method for the digital identity record to verify the identity of user
CN111431719A (en) Mobile terminal password protection module, mobile terminal and password protection method
CN112232814B (en) Encryption and decryption methods of payment key, payment authentication method and terminal equipment
CN112632581A (en) User data processing method and device, computer equipment and storage medium
WO2021190197A1 (en) Method and apparatus for authenticating biometric payment device, computer device and storage medium
CN111787530A (en) Block chain digital identity management method based on SIM card
CN110942382A (en) Electronic contract generating method and device, computer equipment and storage medium
WO2023142440A1 (en) Image encryption method and apparatus, image processing method and apparatus, and device and medium
GB2582113A (en) Secure electronic payment
CN115037552B (en) Authentication method, device, equipment and storage medium
CN104125064A (en) Dynamic password authentication method, client and authentication system
CN113301036A (en) Communication encryption method and device, equipment and storage medium
CN116662941A (en) Information encryption method, device, computer equipment and storage medium
KR20130021126A (en) Image-based user authentication method, and computer readable recording medium storing program for the same
CN113918970A (en) Data processing method, communication device and storage medium
CN111541708B (en) Identity authentication method based on power distribution
CN118051924A (en) Full-flow encrypted certificate information access method, device, terminal and medium
CN113111360A (en) File processing method
CN115114648A (en) Data processing method and device and electronic equipment
CN112182628B (en) Privacy information security access method and device
CN115174260B (en) Data verification method, device, computer, storage medium and program product

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination