CN118070317B - File encryption and decryption method, system and storage medium based on multi-factor verification - Google Patents

File encryption and decryption method, system and storage medium based on multi-factor verification Download PDF

Info

Publication number
CN118070317B
CN118070317B CN202410471853.7A CN202410471853A CN118070317B CN 118070317 B CN118070317 B CN 118070317B CN 202410471853 A CN202410471853 A CN 202410471853A CN 118070317 B CN118070317 B CN 118070317B
Authority
CN
China
Prior art keywords
decryption
segment
encryption
clue
file
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202410471853.7A
Other languages
Chinese (zh)
Other versions
CN118070317A (en
Inventor
杨岸涛
杨新益
王伟
陈柳
曹文彦
何佳
陈晗
金奕
谢志远
王庆
陈强
刘美意
裘宏庆
郑思佳
吕含誉
傅天奕
吕晓俊
吴浩
陈冰
翁慧颖
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Zhejiang Zhedian Tendering Consulting Co ltd
Materials Branch of State Grid Zhejiang Electric Power Co Ltd
Original Assignee
State Grid Zhejiang Zhedian Tendering Consulting Co ltd
Materials Branch of State Grid Zhejiang Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Zhejiang Zhedian Tendering Consulting Co ltd, Materials Branch of State Grid Zhejiang Electric Power Co Ltd filed Critical State Grid Zhejiang Zhedian Tendering Consulting Co ltd
Priority to CN202410471853.7A priority Critical patent/CN118070317B/en
Publication of CN118070317A publication Critical patent/CN118070317A/en
Application granted granted Critical
Publication of CN118070317B publication Critical patent/CN118070317B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

One or more embodiments of the present disclosure relate to encryption and decryption algorithms, and in particular, to a method, a system, and a storage medium for encrypting and decrypting a file based on multi-factor verification, where the method includes: encryption: segmenting a file to be encrypted; generating a position record of confusion vacancy of each segment, and inserting vacancy in each segment; the sequencing of the segments is disordered and then stored, and decryption clues are generated for each segment; generating a clue encryption and decryption function, and filling the position record and the encrypted decryption clue into a confusion vacancy of the previous segment; decryption: obtaining a position record of the first segment, a decryption cue and a cue encryption and decryption function; obtaining a relative storage address of a first segment; based on the position record, obtaining the position record and decryption clue of the next segment, and obtaining a relative storage address; repeating the previous step until all the segments are read, and splicing to obtain the decrypted file. The technical scheme disclosed in the specification at least improves the security of file encryption and decryption.

Description

File encryption and decryption method, system and storage medium based on multi-factor verification
Technical Field
One or more embodiments of the present disclosure relate to encryption and decryption algorithms, and in particular, to a method, a system, and a storage medium for encrypting and decrypting a file based on multi-factor verification.
Background
Two-factor authentication (Two-factor authentication,2 FA) is an authentication mechanism that uses Two different factors to authenticate the identity of a user. Typically, these two factors include a "know" factor (e.g., a password) and an "own" factor (e.g., a cell phone or hardware security token). The two-factor authentication may increase the security of the account, preventing unauthorized access. However, two-factor authentication itself does not involve a decryption algorithm. But merely to verify the identity of the user and provide access after passing the verification. In the case of two-factor authentication, the decryption algorithm works in the same manner as in the conventional case, and thus there is still room for improvement in the degree of security. Therefore, the multi-factor verification file encryption and decryption technology of multi-factor correlation needs to be further studied.
Disclosure of Invention
One or more embodiments of the present disclosure describe a method, a system, and a storage medium for encrypting and decrypting a file based on multi-factor verification, which improve security of file encryption and compromise encryption and decryption efficiency.
In a first aspect, an embodiment of the present disclosure provides a method for encrypting and decrypting a file based on multi-factor verification, including:
Encryption:
Segmenting the file to be encrypted, and recording sequence numbers of segmentation sequences;
generating a location record of the confusing slots of each segment, inserting slots in each of the segments based on the location record;
the storage is carried out after the sequencing of the segments is disordered, the relative storage address of each segment is recorded, a decryption clue is generated for each segment, and the decryption clue indicates the relative storage address of the corresponding segment;
generating a clue encryption and decryption function, encrypting the decryption clue of each segment based on the clue encryption and decryption function, and filling the position record and the encrypted decryption clue into the confusion space of the previous segment;
decryption:
obtaining a position record of a first segment, a decryption clue of the first segment and a clue encryption and decryption function;
substituting the decryption clue of the first segment into the clue encryption and decryption function to obtain the relative storage address of the first segment, and reading the content of the first segment;
based on the position record, obtaining a position record and a decryption clue of the next segment, and based on the decryption clue, obtaining a relative storage address of the next segment, and reading the content of the segment;
Repeating the previous step until all the segments are read, and splicing all the segments according to the reading sequence to obtain the decrypted file.
In a second aspect, an embodiment of the present disclosure provides a file encryption and decryption system based on multi-factor verification, including:
the encryption component is used for receiving the file to be encrypted and executing an encryption step;
And the decryption component is used for receiving the file to be decrypted, the position record of the first segment, the decryption clue of the first segment and the clue encryption and decryption function and executing the decryption step.
In a third aspect, embodiments of the present disclosure provide a computer system, where the computer system includes a processor and a memory, where the processor is connected to the memory, and the memory is configured to store executable program code, and the processor executes a program corresponding to the executable program code by reading the executable program code stored in the memory, so as to perform a file encrypting and decrypting method based on multi-factor verification as described above.
In a fourth aspect, embodiments of the present disclosure provide a computer readable storage medium, where a computer program is stored, where the computer program when executed by a processor implements a method for encrypting and decrypting a file based on multi-factor authentication as described above.
Advantageous technical effects of one or more embodiments of the present description include: in the encryption process, the addition of the mixed content in the file in a binary form is realized, and when the file cannot be decrypted correctly, the file cannot be restored to any segment, so that the encryption security of the file is improved. After encryption, a plurality of factors for decryption are formed, any factor is wrong, and the file cannot be decrypted correctly, so that the encryption and decryption security of the file is improved. The encryption and decryption process does not need to carry out a large number of numerical operations, and has higher encryption and decryption efficiency.
Additional features and advantages of one or more embodiments of the present disclosure are set forth in the detailed description which follows, and in the accompanying drawings.
Drawings
The description is further described with reference to the accompanying drawings:
Fig. 1 is a panoramic view of an application scene according to an embodiment of the present disclosure.
Fig. 2 is a panoramic view of another application scenario according to the embodiment of the present disclosure.
Fig. 3 is a flow chart illustrating a file encryption method according to an embodiment of the present disclosure.
Fig. 4 is a schematic diagram of a file encryption process according to an embodiment of the present disclosure.
Fig. 5 is a flowchart illustrating a file decryption method according to an embodiment of the present disclosure.
Fig. 6 is a schematic structural diagram of an encryption component according to an embodiment of the present disclosure.
Fig. 7 is a schematic structural diagram of a decryption component according to an embodiment of the present disclosure.
FIG. 8 is a schematic diagram of a computer system according to an embodiment of the present disclosure.
Wherein: 11. encryption party, 12, ciphertext, 21, decryption party, 22, plaintext, 31, identity binding server, 1101, location record, 1102, decryption hint, 1103, hint encryption and decryption function, 2101, starting storage address, 2102, instruction sequence, 31, encryption component, 3101, segmented storage sub-component, 3102, confusion vacancy sub-component, 3103, hint sub-component, 41, decryption component, 4101, hint decryption sub-component, 4102, splice sub-component, 51, electronic device, 5101, processor, 5102, communication bus, 5103, user interface, 5104, network interface, 5105, memory.
Detailed Description
The technical solutions of the embodiments of the present specification are explained and illustrated below with reference to the drawings of the embodiments of the present specification, but the following embodiments are only preferred embodiments of the present specification, and not all the embodiments. Based on the examples in the implementation manner, those skilled in the art may obtain other examples without making any creative effort, which fall within the protection scope of the present specification.
In the following description, directional or positional relationships such as the terms "inner", "outer", "upper", "lower", "left", "right", etc., are presented merely to facilitate describing the embodiments and simplify the description, and do not indicate or imply that the devices or elements referred to must have a particular orientation, be constructed and operate in a particular orientation, and therefore should not be construed as limiting the description.
Before the embodiment scheme of the specification is introduced, application scenes of the embodiment of the specification are introduced.
One or more embodiments of the present disclosure disclose a document encryption and decryption technique with multiple factor verification, and also disclose a corresponding encryption and decryption system. Multi-factor authentication (MFA) is an authentication method that uses two or more different factors to authenticate the identity of a user to determine whether the user has decryption rights. These factors include the following types: knowledge factor (Something you know): this is the most common factor, such as passwords, PIN codes, answers, etc. The user must provide the correct secret information to verify the identity. Possession factor (Something you have): such factors require that the user possess some kind of physical device or object, such as a cell phone, hardware token, smart card, etc. Users need to use these devices to accomplish authentication. Biological characteristic factor (Something you are): such factors are based on the biometric characteristics of the user, such as fingerprint, iris, voice, etc. The identity of the user is verified by biometric techniques. Geographic location factor (Somewhere you are): such factors are based on geographical location information where the user is located, such as IP address, GPS location, etc. Identity verification is performed by verifying the legitimacy of the location where the user is located. Multi-factor authentication provides greater security than single-factor authentication because an attacker needs to acquire multiple factors simultaneously in order to pass authentication. Even if one of the factors is compromised or attacked, the other factors may still provide adequate protection. However, multi-factor authentication itself does not involve a decryption algorithm. But merely to verify the identity of the user and provide access after passing the verification. In the case of using multi-factor authentication, the decryption algorithm works in the same manner as in the conventional case, and thus there is still room for improvement in the degree of security.
One or more embodiments of the present specification provide decryption techniques involving multi-factor verification of the decryption algorithm itself. The multi-factor verified decryption techniques disclosed herein can be applied to online services or applications. Such as bank banking, email services, social media platforms, bidding document delivery, etc.
Referring to fig. 1, an application scene panorama of a technical scheme disclosed in the present specification is shown. After encrypting the file, the encryptor 11 transfers the ciphertext 12 to the decryptor 21, and the decryptor 21 obtains the ciphertext 12. The encryptor 11 encrypts to generate three decryption factors directly related to the decryption algorithm. The encryptor 11 passes the three decryption factors to the decryptor 21 through different paths. The first decryption factor is sent to the decryption party 21, for example by means of an on-line transmission, by providing the second decryption factor to the decryption party 21 according to a contract change law, by specifying that the third decryption factor uses a fixed value. So that the decrypting side 21 can obtain three decryption factors from different approaches. The first decryption factor belongs to the knowledge factor, the second decryption factor belongs to the possession factor, and the third decryption factor belongs to the identity factor. And combining the three factors to decrypt, so as to obtain the original text.
Illustratively, when the method is used for bank online banking, the bank and the user agree that the second decryption factor is obtained by calculation according to a preset function according to the current time, and the granularity of the time is 5 minutes, namely, when the time difference between the user and the bank is not more than 5 minutes, the calculation results are the same, so that the transfer of the second decryption factor is completed. In other embodiments the time may have other values, such as 5 seconds, 2 minutes, 10 minutes, etc. The first decryption factor is delivered using transmission over an encrypted line. The third decryption factor is handled by the user to the bank counter and a fixed value is set. And the user uses the APP provided by the bank to encrypt and decrypt. The user encrypts the information to the bank, the APP generates a first decryption factor, obtains a second decryption factor by calculation, directly uses a stored third decryption factor, and runs an encryption algorithm to achieve that the ciphertext 12 is obtained by explicit encryption. The ciphertext 12 and the first decryption factor may be sent to the bank via an online encrypted communication. After receiving the ciphertext 12 and the first decryption factor, the bank calculates and obtains a second decryption factor within the time granularity through the timestamp, and uses the stored third decryption factor to realize the decryption of the ciphertext 12, so as to obtain the original text. The bank sends the encrypted information to the user's APP, which completes decryption in a similar manner, and will not be described here.
Referring to fig. 2, a panoramic view of another application scenario of the technical solution disclosed in the present specification is shown. In this scenario, where an identity binding server 23 is used, the decrypting party 21 first needs to register with the identity binding server 23, the identity binding server 23 generates a third decryption factor and binds the third decryption factor to the decrypting party 21. When the encryptor 11 encrypts, it first accesses the identity binding server 23 to obtain the third decryption factor bound by the decryptor 21. The third decryption factor bound by the identity binding server 23 for the decryptor 21 may be either fixed or periodically variable, and when the third decryption factor changes, the changed third decryption factor needs to be sent to the decryptor 21. The encryptor 11 sends the first decryption factor to the decryptor 21 by means of an on-line transmission. The encryptor 11 synchronizes the second decryption factor with the decryptor 21 by following the rules of change of the contract. When the encryptor 11 encrypts, the third decryption factor bound by the target decryptor 21 is requested from the identity binding server 23. The encryption party 11 calculates and obtains a second decryption factor according to the agreed change rule, and the encryption party 11 generates a first decryption factor. The encryptor 11 uses the three decryption factors to implement an encryption process of encrypting the plaintext 22 into the ciphertext 12, and the ciphertext 12 and the first decryption factor are transmitted to the decryptor 21 via an on-line encryption transmission. The decryption party 21 obtains the ciphertext 12 and the first decryption factor, and obtains the second decryption factor by calculation of the agreed change law. The third decryption factor is obtained from the identity binding server 23 in advance or from an instant messaging pull. The decryptor 21 decrypts the ciphertext 12 using the three decryption factors to obtain plaintext 22.
Illustratively, when used for bid file transfer in bidding activities. The bidding party knows the bidding matters and decides to participate in the insurance application, and agrees with the bidding party on the change rule of the second decryption factor. Illustratively, the initial value, the change function and the change period of the second decryption factor are agreed, the current value of the second decryption factor is substituted into the change function at the end of each change period, the value of the next change period is obtained, and the cycle is repeated. So that the signer and bidder are synchronized with respect to the second decryption factor. The signer registers with the identity binding server 23, obtaining a third decryption factor of the binding. The third decryption factor may be fixed or may be periodically changed, and the identity binding server 23 may send the new third decryption factor and the timestamp to the signer when the third decryption factor changes. After the bidder prepares the bid material, the bidder prepares to conduct the encryption process. Bidding Fang Shengcheng the first decryption factor, obtaining the second decryption factor by calculation, accessing the identity binding server 23 to obtain the third decryption factor for the bidding party. The bidder encrypts the bid file using the three decryption factors to obtain ciphertext 12. The ciphertext 12 and the first decryption factor may be sent to the signer via an encrypted communication channel. The signer obtains the ciphertext 12 and the first decryption factor and the signer obtains the second decryption factor by calculation. When the third decryption factor is a fixed value, the signer directly obtains the third decryption factor. When the third decryption factor changes periodically, the bidding party obtains the corresponding third decryption factor according to the timestamp of the bid file encryption. And the bidding party decrypts the original text of the obtained bidding document by using the obtained three decryption factors.
Specifically, first, the present specification provides a file encryption and decryption method based on multi-factor verification. Referring to fig. 3, the method includes:
Encryption:
step A02) segmenting the file to be encrypted, and recording sequence numbers of segmentation sequences;
Step a 04) generating a location record 1101 of the confusion slots for each segment, inserting slots in each segment based on the location record 1101;
Step a 06) scrambling the ordered storage of the segments, recording the relative storage address 2101 of each segment, generating a decryption hint 1102 for each segment, the decryption hint 1102 indicating the relative storage address 2101 of the corresponding segment;
Step a 08) generates a cue encryption/decryption function 1103, encrypts the decryption cue 1102 of each segment based on the cue encryption/decryption function 1103, and fills the position record 1101 and the encrypted decryption cue 1102 into the confusion space of the previous segment.
In the encryption step, the file to be encrypted is first segmented, the length of the segments is not fixed, the length of each segment is obtained from the indication sequence 2102 obtained based on the position record 1101, and the position record 1101 is stored in the slot of the last segment. The segment after the insertion of the null is doped with data from the binary level. In the event that the correct indication sequence 2102 is not obtained, the file will assume a scrambled state. Referring to fig. 4, due to the doping of the data performed at the binary level, the inserted gaps can not be removed accurately in the absence of the correct indication sequence 2102, and the encryption and decryption scheme 21 provided in this embodiment has relatively high security. The binary bits occupied by the inserted slots are used to store just the position record 1101 and decryption hint 1102 for the next segment. The location record 1101 is used to extract the location record 1101 and decryption hint 1102 for the next segment from the next segment. The decryption hint 1102 can obtain the relative storage address 2101 of the next segment through the hint encryption/decryption function 1103, so as to locate and read the content of the next segment.
The process of reading the next piece of content involves: from the position record 1101, an indication sequence 2102 of the next segment is obtained, the binary length of the indication sequence 2102 being exactly equal to the length of the next segment after inserting a null. Reading from the relative memory address 2101, reading to the corresponding length, i.e. obtaining the content of the next segment after complete insertion of the slot. If the position record 1101 is absent, the end position of the segment cannot be determined even if the relative storage address 2101 of the next segment is known, and the segment content cannot be obtained correctly. The related information of the next segment cannot be obtained, so that the safety of the segment is ensured. A bit value of 1 in the sequence 2102 indicates that the binary bits of the corresponding order of the segments are null, whereas a bit value of 0 in the sequence 2102 indicates that the binary bits of the corresponding order of the segments are not null. The meaning of the bit value of the sequence 2102 may be reversed, i.e., a bit value of 0 for the sequence 2102 indicates that the corresponding order of the segments is a null bit, and a bit value of 1 for the sequence 2102 indicates that the corresponding order of the segments is not a null bit.
In this embodiment, the relative storage address 2101 is: a relative memory address 2101 referring to the start address of the last segment, or a relative memory address 2101 referring to the end address of the last segment, or a relative memory address 2101 referring to a set reference address. The reference address recommends using the starting address of the whole ciphertext 12, i.e. all fragments are stored in an address subsequent to the starting address of the whole ciphertext 12.
Referring to fig. 5, the corresponding decryption steps include:
step B02) obtaining a location record 1101 of the first segment, a decryption hint 1102 of the first segment, and a hint encryption/decryption function 1103;
Step B04) substituting the decryption cue 1102 of the first segment into the cue encryption and decryption function 1103 to obtain the relative storage address 2101 of the first segment, and reading the content of the first segment;
Step B06) based on the location record 1101, obtaining the location record 1101 and the decryption hint 1102 of the next segment, based on the decryption hint 1102, obtaining the relative storage address 2101 of the next segment, and reading the content of the segment;
Step B08) repeating the previous step until all the segments are read, and splicing all the segments according to the reading sequence to obtain the decrypted file.
After obtaining ciphertext 12, first segment location record 1101, first segment decryption hint 1102, and hint encryption/decryption function 1103, decryptor 21 can perform the decryption step. The decryption hint 1102 of the first segment is substituted into the hint encryption and decryption function 1103 to obtain the relative storage address 2101 of the first segment. The position of the inserted slot in the first segment is obtained by the position record 1101 of the first segment, and the binary length of the first segment after the insertion of the slot can also be obtained. The content of the first segment after the insertion of the slot is read according to the relative memory address 2101 and the binary length of the first segment. The data stored in the slots can thus be extracted from the location record 1101. After the empty bits are extracted, the remainder constitutes the original content of the first segment. The content extracted from the empty space of the first segment includes a position record 1101 and a decryption hint 1102 of the next segment, a relative storage position of the next segment is obtained based on the decryption hint 1102 and the hint encryption/decryption function 1103, and a binary length of the next segment is obtained in combination with the position record 1101 of the next segment, so that the content of the next segment after the empty space is inserted can be read. This is repeated until the last segment is read. The content stored in the slot inserted in the last segment does not contain valid decryption threads 1102, and substitution into the thread encryption and decryption function 1103 will obtain meaningless scrambling-like results. That is, when the decryption hint 1102 is substituted into the result obtained by the hint encryption and decryption function 1103, the result is not the relative storage address 2101, which indicates that the segment is the last segment. The segments after the deletion of the slots are spliced in the order read out to obtain the complete plaintext 22. In the present embodiment, most of the plaintext 22 does not require encryption operation, and only the change of the storage location is involved. Under the binary form, the addition of the gaps can have enough confusion effect, so that the illegal decryptor 21 cannot obtain any effective plaintext 22 fragment, and has higher security. Meanwhile, since most of the plaintext 22 does not need to be operated, the execution efficiency is high.
On the other hand, the present specification embodiment provides an implementation of the position record 1101. In this embodiment, the position record 1101 includes a length instruction value for indicating the segment length after inserting a space, and an interval number, and an instruction sequence 2102 for determining whether a binary bit of a segment belongs to the space is obtained based on the interval number. Illustratively, the length indicator value is 1024 and the number of intervals is 16, i.e., 1024 bits, each 16 bits of which creates a space, representing the length of the segment after insertion of the space. In the first 16 bits, the sequence numbers are represented as 0 to 15, and the bit with the sequence number of 15 is a null bit. Of the bits of sequence numbers 16 to 31, the bit of sequence number 31 is also a null bit, and so on. A complete indication sequence 2102 can be generated for determining whether the segmented binary bits belong to a null.
The position record 1101 includes a cycle number and a screen number, and based on the cycle number and the screen number, an instruction sequence 2102 for determining whether binary bits of a segment belong to a space is obtained, the length of which matches the segment after the space is inserted. The cycle number represents the number of cycles of the filter number, which is a binary sequence containing 0 and 1. If the number of cycles is 64, the number of screens is 0100 0010 0010 0100, the length of the number of screens is 16 bits, and the number of cycles is 64, the length of the obtained indication sequence 2102 is 1024 bits, that is, the length of the segment after inserting the null is 1024 bits. If there are 4 slots 1 in each filtering number, the total number of slots is 256 bits, and 256 bits of information can be recorded.
In another embodiment, the location record 1101 includes a length indication value and a filter number, which is the quotient of the length indication value and the filter number, i.e., the number of cycles. With reference to the aforementioned position record 1101 including the number of loops and the number of screens, a complete indication sequence 2102 for determining whether the segmented binary bit belongs to a null can be obtained.
On the other hand, the embodiment of the present disclosure provides an implementation of the thread 1102 and the thread encryption/decryption function 1103. In this embodiment, when generating the decryption hint 1102 for each segment, the decryption hint 1102 includes the relative storage address 2101 of the segment, and when generating the hint encryption and decryption function 1103, the hint encryption and decryption function 1103 is a unitary primary function. The method of obtaining decryption hint 1102 includes: based on the relative memory address 2101 of the segment and the unitary linear function, a decryption hint 1102 is obtained. The relative memory address 2101 is subjected to a linear operation, such as multiplication by a coefficient and addition by a constant, and the result obtained is used as the decryption hint 1102. In the decryption process, the decryption thread 1102 is decrypted to obtain the relative storage address 2101 by performing the inverse operation of the unitary one-time function.
On the other hand, the embodiment of the present disclosure provides another implementation of the thread 1102 and the thread encryption/decryption function 1103.
When generating a decryption cue 1102 for each segment, the decryption cue 1102 includes at least two integer variables, and when generating a cue encryption and decryption function 1103, the cue encryption and decryption function 1103 is a multi-element polynomial function.
The method of obtaining decryption hint 1102 includes: solving the values of all the integer variables, substituting the values of the integer variables into the cue encryption and decryption function 1103, and obtaining a function value corresponding to the relative storage address 2101; the values of all of the integer variables are used as decryption threads 1102.
Illustratively, the equation is constructed: relative memory address 2101=first coefficient x first integer x 2+second coefficient x second integer. A plurality of combinations of values of the first integer and the second integer can be obtained according to the equation, and optionally one combination of values can be used as decryption hint 1102. When decrypting, substituting the first integer and the second integer to the right of the equation, the relative memory address 2101 can be obtained by calculation. In other embodiments, more integers may be used, with higher numbers to the right of the equation.
On the other hand, the embodiment of the present disclosure provides another implementation of the thread 1102 and the thread encryption/decryption function 1103.
When generating a decryption cue 1102 for each segment, the decryption cue 1102 includes a relative storage address 2101 and a symmetric key, and when generating a cue encryption and decryption function 1103, the cue encryption and decryption function 1103 is a symmetric encryption algorithm. The method of obtaining decryption hint 1102 includes: based on the symmetric key and the symmetric encryption algorithm, the relative storage address 2101 is encrypted, and the obtained ciphertext 12 is used as a decryption hint 1102. In this embodiment, a symmetric encryption algorithm used in the art may be used, for example, 3DES, AES, RC, blowfish, IDEA, and the like. Decryption hint 1102 includes a symmetric key and a corresponding symmetric encryption algorithm, where in the encrypting step, relative memory address 2101 is encrypted using the symmetric key, and in the decrypting step, relative memory address 2101 is obtained using the same key for decryption.
On the other hand, the embodiment of the specification provides a file encryption and decryption system based on multi-factor verification, which comprises the following components:
An encryption component 31 for receiving a file to be encrypted, and performing an encryption step;
the decryption component 41 is configured to receive the file to be decrypted, the location record 1101 of the first segment, the decryption hint 1102 of the first segment, and the hint encryption/decryption function 1103, and perform a decryption step.
On the other hand, the embodiment of the present disclosure provides an implementation of the encryption component 31, referring to fig. 6, the encryption component 31 includes a segment storage sub-component 3101, configured to segment a file to be encrypted, record a sequence number of a segment sequence, scramble the sequence of the segments, store the segments after the sequence of the segments is disordered, and record a relative storage address 2101 of each segment;
A confusion slot sub-component 3102 for generating a position record 1101 of confusion slots for each segment, inserting slots in the segment based on the position record 1101;
the line sub-component 3103 is configured to generate a decryption hint 1102 for each segment, where the decryption hint 1102 indicates a relative storage address 2101 of the corresponding segment, generate a hint encryption and decryption function 1103, obtain the decryption hint 1102 based on the hint encryption and decryption function 1103, and fill the location record 1101 and the decryption hint 1102 into a confusion space of a previous segment.
On the other hand, the embodiment of the present disclosure provides an implementation of the encryption component 31, referring to fig. 7, the decryption component 41 includes:
The cue decryption sub-component 4101 substitutes the decryption cue 1102 of the first segment into the cue encryption and decryption function 1103, obtains the relative storage address 2101 of the first segment, reads the content of the first segment, obtains the location record 1101 of the next segment based on the location record 1101, obtains the relative storage address 2101 of the next segment based on the decryption cue 1102,
The splicing sub-component 4102 receives the content of the first segment read by the cue decryption sub-component 4101, and based on the relative storage address 2101 of the next segment obtained by the cue decryption sub-component 4101, splices the content of the next segment one by one, and splices all segments to obtain the decrypted file.
The encryption component 31 and the decryption component 41 run on the same device, so that the device has the functions of encryption and decryption at the same time. Or the encryption component 31 and the decryption component 41 are run on different devices, so that the device running the encryption component 31 has only encryption function and the device running the decryption component 41 has only decryption function. If the bidding party runs the encryption component 31 during the process of delivering the bidding document, the bidding party only runs the decryption component 41, and the delivering of the bidding document is completed.
Referring to fig. 8, a schematic diagram of a computer system according to an embodiment of the present disclosure is shown.
As shown in fig. 8, the computer system 51 may include at least one processor 5101, at least one network interface 5104, a user interface 5103, a memory 5105, and at least one communication bus 5102. Wherein the communication bus 5102 may be used to enable connected communications of the various components described above. The user interface 5103 may include keys, and the optional user interface may also include a standard wired interface, a wireless interface, among others. The network interface 5104 may include, but is not limited to, a bluetooth module, an NFC module, a Wi-Fi module, and the like. Wherein the processor 5101 may include one or more processing cores. The processor 5101 connects various portions of the overall computer system 51 using various interfaces and lines, executing various functions of the computer system 51 and processing data by executing or executing instructions, programs, code sets, or instruction sets stored in the memory 5105, and invoking data stored in the memory 5105. Alternatively, the processor 5101 may be implemented in at least one hardware form of DSP, FPGA, PLA. The processor 5101 may integrate one or a combination of several of a CPU, GPU, modem, and the like. The CPU mainly processes an operating system, a user interface, an application program and the like; the GPU is used for rendering and drawing the content required to be displayed by the display screen; the modem is used to handle wireless communications.
It will be appreciated that the modem may not be integrated into the processor 5101 and may be implemented as a single chip.
The memory 5105 may include RAM or ROM. Optionally, the memory 5105 includes a non-transitory computer readable medium. The memory 5105 may be used to store instructions, programs, code, sets of codes, or sets of instructions. The memory 5105 may include a stored program area and a stored data area, wherein the stored program area may store instructions for implementing an operating system, instructions for at least one function (e.g., a touch function, a sound playing function, an image playing function, etc.), instructions for implementing the various method embodiments described above, and the like; the storage data area may store data or the like referred to in the above respective method embodiments. The memory 5105 may optionally be at least one storage device located remotely from the processor 5101. The memory 5105, which is one type of computer storage medium, may include an operating system, a network communication module, a user interface module, and application programs. The processor 5101 may be used to invoke applications stored in the memory 5105 and perform the methods of one or more of the embodiments described above.
The present description also provides a computer-readable storage medium having instructions stored therein, which when executed on a computer or processor, cause the computer or processor to perform one or more steps of the above embodiments. The above-described constituent modules of the computer system may be stored in the computer-readable storage medium if implemented in the form of software functional units and sold or used as independent products.
In the above embodiments, it may be implemented in whole or in part by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When loaded and executed on a computer, produces a flow or function in accordance with embodiments of the present description, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a computer network, or other programmable apparatus. The computer instructions may be stored in or transmitted across a computer-readable storage medium. The computer instructions may be transmitted from one website, computer, server, or data center to another website, computer, server, or data center by a wired (e.g., coaxial cable, fiber optic, digital subscriber line (Digital Subscriber Line, DSL)), or wireless (e.g., infrared, wireless, microwave, etc.). The computer readable storage medium may be any available medium that can be accessed by a computer or a data storage device such as a server, data center, etc. that contains an integration of one or more available media. The usable medium may be a magnetic medium (e.g., a floppy disk, a hard disk, a magnetic tape), an optical medium (e.g., a digital versatile disk (DIGITAL VERSATILE DISC, DVD)), or a semiconductor medium (e.g., a Solid state disk (Solid STATE DISK, SSD)), or the like.
Those skilled in the art will appreciate that implementing all or part of the above-described embodiment methods may be accomplished by way of a computer program, which may be stored in a computer-readable storage medium, instructing relevant hardware, and which, when executed, may comprise the embodiment methods as described above. And the aforementioned storage medium includes: various media capable of storing program code, such as ROM, RAM, magnetic or optical disks.
The technical features in the present examples and embodiments may be arbitrarily combined without conflict.
The above-described embodiments are merely preferred embodiments of the present disclosure, and do not limit the scope of the disclosure, and various modifications and improvements made by those skilled in the art to the technical solutions of the disclosure should fall within the protection scope defined by the claims of the disclosure without departing from the design spirit of the disclosure.

Claims (8)

1. The file encryption and decryption method based on multi-factor verification is characterized by comprising the following steps:
Encryption:
Segmenting the file to be encrypted, and recording sequence numbers of segmentation sequences;
generating a location record of the confusing slots of each segment, inserting slots in each of the segments based on the location record;
the storage is carried out after the sequencing of the segments is disordered, the relative storage address of each segment is recorded, a decryption clue is generated for each segment, and the decryption clue indicates the relative storage address of the corresponding segment;
generating a clue encryption and decryption function, encrypting the decryption clue of each segment based on the clue encryption and decryption function, and filling the position record and the encrypted decryption clue into the confusion space of the previous segment;
decryption:
obtaining a position record of a first segment, a decryption clue of the first segment and a clue encryption and decryption function;
substituting the decryption clue of the first segment into the clue encryption and decryption function to obtain the relative storage address of the first segment, and reading the content of the first segment;
based on the position record, obtaining a position record and a decryption clue of the next segment, and based on the decryption clue, obtaining a relative storage address of the next segment, and reading the content of the segment;
Repeating the previous step until all the segments are read, and splicing all the segments according to the reading sequence to obtain the decrypted file.
2. The method for encrypting and decrypting the file based on the multi-factor authentication according to claim 1, wherein,
The position record comprises a length indication value and an interval number, wherein the length indication value is used for indicating the segment length after the insertion of the empty bit, and an indication sequence for determining whether binary bits of the segment belong to the empty bit is obtained based on the interval number;
Or alternatively
The position record comprises a circulation number and a screening number, and an indication sequence which is matched with the segment inserted with the empty space in length and used for determining whether the binary bit of the segment belongs to the empty space is obtained based on the circulation number and the screening number.
3. The method for encrypting and decrypting the file based on multi-factor authentication according to claim 1 or 2, wherein,
Generating a decryption hint for each segment, the decryption hint comprising the relative storage addresses of the segments;
when a clue encryption and decryption function is generated, the clue encryption and decryption function is a unitary primary function;
the method for obtaining decryption clues comprises the following steps:
And obtaining decryption clues based on the relative storage addresses of the segments and the unitary linear function.
4. The method for encrypting and decrypting the file based on multi-factor authentication according to claim 1 or 2, wherein,
Generating a decryption hint for each segment, the decryption hint comprising at least two integer variables;
when generating a clue encryption and decryption function, the clue encryption and decryption function is a multi-element and multi-time polynomial function;
the method for obtaining decryption clues comprises the following steps:
Solving the values of all the integer variables, substituting the values of the integer variables into the cue encryption and decryption functions, and obtaining function values corresponding to the relative storage addresses;
the values of all the integer variables are used as decryption threads.
5. The method for encrypting and decrypting the file based on multi-factor authentication according to claim 1 or 2, wherein,
Generating a decryption hint for each segment, the decryption hint comprising a relative storage address and a symmetric key;
when generating a clue encryption and decryption function, the clue encryption and decryption function is a symmetric encryption algorithm;
the method for obtaining decryption clues comprises the following steps:
and encrypting the relative storage address based on the symmetric key and the symmetric encryption algorithm, wherein the obtained ciphertext is used as a decryption clue.
6. The file encryption and decryption system based on multi-factor verification is characterized by comprising:
the encryption component is used for receiving the file to be encrypted and executing an encryption step;
The decryption component is used for receiving the file to be decrypted, the position record of the first segment, the decryption clue of the first segment and the clue encryption and decryption function and executing the decryption step;
the encryption component includes:
The segmented storage sub-assembly is used for segmenting the file to be encrypted, recording sequence numbers of segmentation sequences, storing the segments after the sequence of the segments is disordered, and recording relative storage addresses of each segment;
a confusion slot subcomponent for generating a position record of confusion slots for each segment, inserting slots in the segment based on the position record;
The cue sub-assembly is used for generating a decryption cue for each segment, the decryption cue indicates the relative storage address of the corresponding segment, a cue encryption and decryption function is generated, the decryption cue is encrypted based on the cue encryption and decryption function to obtain a decryption cue, and the position record and the decryption cue are filled in the confusion space of the previous segment;
The decryption component comprises:
a clue decryption sub-component, substituting the decryption clue of the first segment into the clue encryption and decryption function to obtain the relative storage address of the first segment, reading the content of the first segment, obtaining the position record of the next segment and the decryption clue based on the position record, obtaining the relative storage address of the next segment based on the decryption clue,
And the splicing sub-assembly receives the content of the first segment read by the cue decryption sub-assembly, and splices the content of the next segment one by one based on the relative storage address of the next segment continuously obtained by the cue decryption sub-assembly, and all segments are spliced to obtain a decrypted file.
7. Computer system, characterized in that it comprises a processor and a memory, the processor being connected to the memory, the memory being adapted to store executable program code, the processor being adapted to execute a program corresponding to the executable program code by reading the executable program code stored in the memory, for performing a multi-factor authentication based file encryption and decryption method according to any of claims 1 to 5.
8. A computer readable storage medium, wherein the computer readable storage medium stores a computer program, which when executed by a processor, implements the multi-factor authentication-based file encryption and decryption method according to any one of claims 1 to 5.
CN202410471853.7A 2024-04-19 2024-04-19 File encryption and decryption method, system and storage medium based on multi-factor verification Active CN118070317B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202410471853.7A CN118070317B (en) 2024-04-19 2024-04-19 File encryption and decryption method, system and storage medium based on multi-factor verification

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202410471853.7A CN118070317B (en) 2024-04-19 2024-04-19 File encryption and decryption method, system and storage medium based on multi-factor verification

Publications (2)

Publication Number Publication Date
CN118070317A CN118070317A (en) 2024-05-24
CN118070317B true CN118070317B (en) 2024-09-13

Family

ID=91107985

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202410471853.7A Active CN118070317B (en) 2024-04-19 2024-04-19 File encryption and decryption method, system and storage medium based on multi-factor verification

Country Status (1)

Country Link
CN (1) CN118070317B (en)

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115834201A (en) * 2022-11-23 2023-03-21 梅赛德斯-奔驰集团股份公司 Data encryption method, data decryption method and data processing method for data storage system

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103257934B (en) * 2013-04-12 2016-02-10 广东数字证书认证中心有限公司 The storage of digital certificate, acquisition methods and device
US9990502B2 (en) * 2014-04-28 2018-06-05 Topia Technology, Inc. Systems and methods for security hardening of data in transit and at rest via segmentation, shuffling and multi-key encryption
EP3198512A4 (en) * 2014-09-23 2018-05-09 Fhoosh Inc. Secure high speed data storage, access, recovery, and transmission
EP3605373B1 (en) * 2018-07-30 2023-06-07 Blink.ing doo Authentication method for a client over a network
CN113127891A (en) * 2019-12-31 2021-07-16 天翼智慧家庭科技有限公司 Template file encryption method and device for intelligent media desktop
CN113569269B (en) * 2021-09-23 2022-12-27 苏州浪潮智能科技有限公司 Encryption method, device, equipment and readable medium for code obfuscation

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115834201A (en) * 2022-11-23 2023-03-21 梅赛德斯-奔驰集团股份公司 Data encryption method, data decryption method and data processing method for data storage system

Also Published As

Publication number Publication date
CN118070317A (en) 2024-05-24

Similar Documents

Publication Publication Date Title
US20220191012A1 (en) Methods For Splitting and Recovering Key, Program Product, Storage Medium, and System
CN108809646B (en) Secure shared key sharing system
CN106878245B (en) Graphic code information providing and obtaining method, device and terminal
US8756421B2 (en) Authentication device using true random number generating element or pseudo-random number generating element, authentication apparatus, and authentication method
CN110287654B (en) Media client device authentication using hardware trust root
KR20220117211A (en) Contactless Card Personal Identification System
EP2267628A2 (en) Token passing technique for media playback devices
CN107809436B (en) Authority authentication method, encryption method, device and system for network video access
CN111107066A (en) Sensitive data transmission method and system, electronic equipment and storage medium
CN110868291B (en) Data encryption transmission method, device, system and storage medium
CN108848058A (en) Intelligent contract processing method and block catenary system
CN108199847B (en) Digital security processing method, computer device, and storage medium
CN110958209A (en) Bidirectional authentication method, system and terminal based on shared secret key
CN110224834A (en) Identity identifying method, decryption and ciphering terminal based on dynamic token
CN105721903A (en) Method and system for playing online videos
KR102391952B1 (en) System, device or method for encryption distributed processing
CN111401901A (en) Authentication method and device of biological payment device, computer device and storage medium
CN112784284B (en) Encryption processing system, encryption processing method, and recording medium
FR2699300A1 (en) Authentication of terminal by server - using signature algorithm in terminal to encode random number sent by server and validating returned signature
CN113079002B (en) Data encryption method, data decryption method, key management method, medium, and device
CN113722741A (en) Data encryption method and device and data decryption method and device
JP4776378B2 (en) MULTI-KEY AUTHENTICATION TERMINAL DEVICE, MULTI-KEY AUTHENTICATION MANAGEMENT DEVICE, MULTI-KEY AUTHENTICATION SYSTEM, AND PROGRAM
CN118070317B (en) File encryption and decryption method, system and storage medium based on multi-factor verification
CN109271800A (en) A kind of document handling method and device
CN113114458A (en) Encryption certificate generation method, decryption method, encryption certificate generation device, decryption device and encryption certificate system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant