WO2023061455A1 - 一种大文件加解密系统、方法、存储介质和设备 - Google Patents
一种大文件加解密系统、方法、存储介质和设备 Download PDFInfo
- Publication number
- WO2023061455A1 WO2023061455A1 PCT/CN2022/125189 CN2022125189W WO2023061455A1 WO 2023061455 A1 WO2023061455 A1 WO 2023061455A1 CN 2022125189 W CN2022125189 W CN 2022125189W WO 2023061455 A1 WO2023061455 A1 WO 2023061455A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- key
- sender
- receiver
- encryption
- ciphertext
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims abstract description 32
- 238000005516 engineering process Methods 0.000 claims description 17
- 238000004422 calculation algorithm Methods 0.000 claims description 14
- 238000012795 verification Methods 0.000 claims description 14
- 230000005540 biological transmission Effects 0.000 claims description 7
- 230000007246 mechanism Effects 0.000 abstract description 4
- 238000004891 communication Methods 0.000 description 5
- 230000008569 process Effects 0.000 description 5
- 230000000977 initiatory effect Effects 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 2
- 238000010801 machine learning Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000008859 change Effects 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 239000010977 jade Substances 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 239000000126 substance Substances 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/045—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Definitions
- the disclosure belongs to the technical field of data protection, and in particular relates to a large file encryption and decryption system, method, storage medium and equipment.
- Blockchain is a term in the field of information technology.
- a blockchain is a decentralized or at least partially decentralized data structure for storing transactions, and a blockchain network manages, updates and maintains one or more blockchains by broadcasting, verifying and confirming transactions, etc.
- Blockchain networks can be provided as public blockchain networks, private blockchain networks, or consortium blockchain networks. In essence, it is a shared database, and the hash value or information stored in it has the characteristics of "unforgeable”, “retaining traces throughout the process”, “traceable”, “open and transparent”, and “collective maintenance". It is a new type of computer technology such as distributed data storage, point-to-point transmission, consensus mechanism, and encryption algorithm.
- federated learning multi-party secure computing is a machine learning framework that can effectively help multiple organizations to perform data usage and machine learning modeling while meeting the requirements of user privacy protection, data security and government regulations.
- This application technology can be used in a wide range of life scenarios such as financial institutions, public services, and data authentication.
- patent document CN202110277377.1 discloses a block chain encrypted communication method and system, which combines the block chain system with encrypted communication for secure encrypted communication and transactions on the chain; the method includes: response encryption For a communication session request, the initiating node receives the first public key and the second public key of the session node, and verifies the second public key; after the verification is passed, the initiating node generates a third key pair, and invokes an encrypted communication protocol to obtain the session root key; Perform KDF calculation on the session root key to obtain the first encryption result, use part of the first encryption result to update the session root key, and perform KDF calculation on the other part of the sending key to obtain the second encryption result, and use part of the second encryption result Update the sending key, and the other part is used as the message key to encrypt the sending message to generate message ciphertext; package the first and third public keys of the initiating node, the second public key of the receiving node and the message ciphertext into encrypted data for transmission; The receiving node receives encrypted data
- this scheme only encrypts and decrypts transaction information, that is, it only encrypts transaction information of blockchain technology, and there is no encryption and decryption scheme for large files, so the security of the overall file content is not high.
- the purpose of the present disclosure is to provide a large file encryption and decryption system, method, storage medium and device based on blockchain technology, which can solve the above-mentioned problems.
- a large file encryption and decryption system based on blockchain technology includes a sender blockchain node, a receiver blockchain node, an encryption module, a decryption module, the sender's public key, the sender's private key, the receiver's The public key of the recipient, the private key of the recipient and the symmetric key; wherein, the encryption module encrypts plaintext into data ciphertext by applying a symmetric encryption algorithm to the block chain node of the sender through the symmetric key, and uses the public key of the recipient and The sender's private key encrypts the symmetric key twice to generate an asymmetric key ciphertext; wherein, the decryption module uses the sender's public key and the receiver's private key to encrypt the asymmetric key ciphertext at the receiver's blockchain node The second decryption generates a symmetric key, and the data ciphertext is decrypted to generate plaintext through the decrypted symmetric key.
- the system also includes a key verification module, which performs key identity verification when each node receives the public key, and then transmits the public key to the corresponding encryption module or decryption module after passing the public key verification.
- a key verification module which performs key identity verification when each node receives the public key, and then transmits the public key to the corresponding encryption module or decryption module after passing the public key verification.
- the present disclosure also provides a large file encryption and decryption method based on blockchain technology, the method comprising:
- the sender encrypts the plaintext.
- the sender encrypts the plaintext into data ciphertext through the symmetric key at the sender’s blockchain node, and reads the receiver’s public key combined with the sender’s private key to encrypt the symmetric key twice to generate an asymmetric key ciphertext;
- the recipient's ciphertext is decrypted.
- the recipient uses the sender's public key and the receiver's private key to decrypt the asymmetric key ciphertext twice to generate a symmetric key at the receiver's blockchain node, and receives the data of the sender's blockchain.
- Ciphertext the data ciphertext is decrypted by a symmetric key generated by secondary decryption in the decryption module to generate plaintext.
- the beneficial effect of the present disclosure is that: the application determines the identity of the file owner by using the blockchain private key, and provides an encryption mechanism with high performance, which improves the encryption performance. Decryption ensures that only designated recipients can decrypt the file, ensuring the security of the file content.
- FIG. 1 is a schematic diagram of a large file encryption and decryption system based on blockchain technology in the present disclosure
- Fig. 2 is a flowchart of the encryption and decryption method.
- a large file encryption and decryption system based on blockchain technology see Figure 1, the system includes the sender’s blockchain node, the receiver’s blockchain node, an encryption module, a decryption module, the sender’s public key, and the sender’s private key. key, the recipient's public key, the recipient's private key, and the symmetric key.
- the encryption module encrypts the plaintext into data ciphertext by applying a symmetric encryption algorithm to the blockchain node of the sender through the symmetric key, and secondly encrypts the symmetric key through the public key of the receiver and the private key of the sender to generate a symmetric Key ciphertext.
- the decryption module decrypts the symmetric key ciphertext twice to generate a symmetric key through the sender’s public key and the receiver’s private key at the blockchain node of the receiver, and decrypts the data ciphertext through the decrypted symmetric key Generate plaintext.
- the system also includes a data transmission module, wherein the data transmission module is used to transmit the sender's public key, the receiver's public key, the asymmetric Key ciphertext and data ciphertext.
- the system also includes a key verification module, which performs key identity verification when each node receives the public key, and then transmits the public key to the corresponding encryption module or decryption module after passing the public key verification.
- a key verification module which performs key identity verification when each node receives the public key, and then transmits the public key to the corresponding encryption module or decryption module after passing the public key verification.
- a large file encryption and decryption method based on blockchain technology see Figure 2, the method includes:
- step S1 includes:
- the sender dynamically generates the symmetric key D1 through the encryption module at the sender blockchain node;
- the sender reads the recipient's public key P2 sent by the recipient's blockchain node, and retrieves the symmetric key D1, the sender's private key S1 and the plaintext F of the large file to be processed;
- the sender uses an asymmetric encryption and decryption algorithm to encrypt the public key P2 and the symmetric key D1 of the receiver to obtain the encrypted key D2;
- the sender uses the asymmetric encryption and decryption algorithm to encrypt the encrypted key D2 twice with the sender's private key S1 to obtain the asymmetric key ciphertext D3;
- the sender uses the symmetric key D1 to symmetrically encrypt the plaintext F of the file to be transmitted to obtain the encrypted data ciphertext R2;
- the sender sends the asymmetric key ciphertext D3, the data ciphertext R2, and the sender's public key P1 to the receiver.
- step S2 includes:
- the receiver receives the sender's public key P1, data ciphertext R2 and asymmetric key ciphertext D3 transmitted by the sender at the receiver's blockchain node, and retrieves the receiver's private key S2;
- the recipient uses an asymmetric encryption and decryption algorithm to decrypt the asymmetric key ciphertext D3 with the sender's public key P1 in the decryption module to obtain the encrypted key D2;
- the receiver uses the asymmetric encryption and decryption algorithm to decrypt the encrypted key D2 twice with the receiver's private key S2 to obtain the symmetric key D1;
- the receiver uses the symmetric encryption and decryption algorithm combined with the symmetric key D1 to decrypt the data ciphertext R2 of the sender, and obtains the decrypted plaintext F of the large file.
- the above encryption and decryption process also includes pre-key verification. After the public key of the other party enters, the key verification is performed before the node or the encryption/decryption module. If the verification is passed, it will enter the next step, and if it is not passed, the process will end.
- a computer storage medium on which computer instructions are stored, is characterized in that: the aforementioned method is executed when the computer instructions are executed.
- the aforementioned method is executed when the computer instructions are executed.
- Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read only memory (ROM), electrically erasable programmable read-only memory (EEPROM), flash memory or other memory technology, compact disc read-only memory (CD ROM), digital versatile disc (DVD) or other optical storage, magnetic A magnetic tape cartridge, tape magnetic disk storage or other magnetic storage device or any other non-transmission medium that can be used to store information that can be accessed by a computing device.
- computer-readable media excludes transitory computer-readable media, such as modulated data signals and carrier waves.
- the computer program codes required for the operation of each part of this application can be written in any one or more programming languages, including object-oriented programming languages such as Java, Scala, Smalltalk, Eiffel, JADE, Emerald, C++, C#, VB.NET, Python etc., conventional procedural programming languages such as C language, VisualBasic, Fortran2003, Perl, COBOL2002, PHP, ABAP, dynamic programming languages such as Python, Ruby and Groovy, or other programming languages.
- the program code may run entirely on the user's computer, or as a stand-alone software package, or run partly on the user's computer and partly on a remote computer, or entirely on the remote computer or processing device.
- the remote computer can be connected to the user computer through any form of network, such as a local area network (LAN) or wide area network (WAN), or to an external computer (such as through the Internet), or in a cloud computing environment, or as a service Use software as a service (SaaS).
- LAN local area network
- WAN wide area network
- SaaS service Use software as a service
- the present disclosure also provides a device, the device includes a memory and a processor, the memory stores computer instructions that can run on the processor, and the processor executes the aforementioned method when running the computer instructions.
- the device includes a memory and a processor
- the memory stores computer instructions that can run on the processor
- the processor executes the aforementioned method when running the computer instructions.
- aspects of the present application may be illustrated and described in several patentable categories or circumstances, including any new and useful process, machine, product or combination of substances, or any combination of them Any new and useful improvements.
- various aspects of the present application may be entirely executed by hardware, may be entirely executed by software (including firmware, resident software, microcode, etc.), or may be executed by a combination of hardware and software.
- the above hardware or software may be referred to as “block”, “module”, “engine”, “unit”, “component” or “system”.
- aspects of the present application may be embodied as a computer product comprising computer readable program code on one or more computer readable media.
- the large file encryption and decryption method provided by this application determines the identity of the file owner by using the blockchain private key, and provides an efficient encryption mechanism, which improves the encryption performance. Through secondary encryption and decryption, only the specified Only the recipient can decrypt the file, which ensures the security of the file content and has strong industrial applicability.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Computing Systems (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Storage Device Security (AREA)
Abstract
本公开提供了一种大文件加解密系统、方法、存储介质和设备,属于数据保护技术领域;系统包括发送方区块链节点、接收方区块链节点、加密模块、解密模块、发送方的公钥、发送方的私钥、接收方的公钥、接收方的私钥和对称密钥;方法包括:发送方明文加密和接收方密文解密;通过使用区块链私钥确定了文件所有者的身份,并提供了一种性能高效的加密机制,提升了加密性能,通过二次加解密,保证只有指定的接收者才能解密文件,确保了文件内容的安全性。
Description
本公开要求于2021年10月13日提交中国专利局、申请号为202111192943.5、发明名称为“一种大文件加解密系统、方法、存储介质和设备”的中国专利申请的优先权,其全部内容通过引用结合在本公开中。
本公开属于数据保护技术领域,具体涉及一种大文件加解密系统、方法、存储介质和设备。
本部分的陈述仅仅是提供了与本公开相关的背景技术信息,不必然构成在先技术或先有技术。
区块链是一个信息技术领域的术语。区块链是用于存储交易的去中心化或至少部分去中心化的数据结构,而区块链网络是通过广播、验证和确认交易等来管理、更新和维护一个或多个区块链的计算节点的网络。区块链网络可作为公有区块链网络、私有区块链网络或联盟区块链网络被提供。从本质上讲,它是一个共享数据库,存储于其中的哈希数值或信息,具有“不可伪造”“全程留痕”“可以追溯”“公开透明”“集体维护”等特征。是一种分布式数据存储,点对点传输,共识机制,加密算法等计算机技术新型使用,在区块链上建立侧链,建立一个联盟的数据共识和认证。结合联邦学习的隐私计算技术,联邦学习多方安全计算是一种机器学习框架,能有效帮助多个机构在满足用户隐私保护,数据安全和政府法规的要求下,进行数据使用和机器学习建模。该应用技术可用于金融机构领域,公共服务领域,数据认证领域等众多广泛应用生活场景。
在实际应用中,如专利文献CN202110277377.1公开了一种区块链加密通讯方法及系统,将区块链体系与加密通讯相结合,用于链上安全加密通讯和交易;方法包括:响应加密通讯会话请求,发起节点接收会话节点的第一公钥和第二公钥,对第二公钥验证;验证通过后,发起节点生成第三密钥对,调用加密通讯协议得到会话根密钥;对会话根密钥执行KDF计算得到第一加密结果,将部分第一加密结果用于更新会话根密钥,另一部分执行发送密钥的KDF计算,得第二加密结果,将部分第二加密结果更新发送密钥,另一部分作为消息密钥对发送消息进行加密生成消息密文;将发起节点的第一、第三公钥、接收节点的第二公钥和消息密文打包成加密数据发送;接收节点接收加密数据并进行对称密钥解密。
然而,该方案只对交易信息加密和解密,即只针对区块链技术的交易信息进行加密,没有针对大文件的加解密方案,整体文件内容的安全性不高。
发明内容
(一)要解决的技术问题
现有技术中只针对区块链技术的交易信息进行加密,没有针对大文件的加解密方案,整体文件内容的安全性不高。
(二)技术方案
为了克服现有技术的不足,本公开的目的在于提供一种基于区块链技术的大文件加解密系统、方法、存储介质和设备,其能解决上述问题。
总体方案:为了解决上述问题,本申请的总体设计方案如下。
一种基于区块链技术的大文件加解密系统,系统包括发送方区块链节点、接收方区块链节点、加密模块、解密模块、发送方的公钥、发送方的私钥、接收方的公钥、接收方的私钥和对称密钥;其中,所述加密模块在发送方区块链节点通过对称密钥应用对称加密算法将明文加密为数据密文,并通过接收方公钥和发送方私钥将对称密钥二次 加密生成非对称密钥密文;其中,所述解密模块在接收方区块链节点通过发送方公钥和接收方私钥将非对称密钥密文二次解密生成对称密钥,并通过解密的对称密钥将数据密文解密生成明文。
进一步的,系统还包括密钥验证模块,所述密钥验证模块在各节点接收到公钥时进行密钥身份验证,公钥的身份验证通过后再传输给对应的加密模块或解密模块。
本公开还提供了一种基于区块链技术的大文件加解密方法,方法包括:
S1、发送方明文加密,发送方在发送方区块链节点通过对称密钥将明文加密为数据密文,并读取接收方公钥结合发送方私钥将对称密钥二次加密生成非对称密钥密文;
S2、接收方密文解密,接收方在接收方区块链节点通过发送方公钥和接收方私钥将非对称密钥密文二次解密生成对称密钥,接收发送方区块链的数据密文,所述数据密文在解密模块通过二次解密生成的对称密钥解密生成明文。
相比现有技术,本公开的有益效果在于:本申请通过使用区块链私钥确定了文件所有者的身份,并提供了一种性能高效的加密机制,提升了加密性能,通过二次加解密,保证只有指定的接收者才能解密文件,确保了文件内容的安全性。
图1为本公开基于区块链技术的大文件加解密系统示意图;
图2为加解密方法流程图。
为使本公开实施例的目的、技术方案和优点更加清楚,下面将结合本公开实施例中的附图,对本公开实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例是本公开的一部分实施例,而不是全部的实施例。基于本公开中的实施例,本领域普通技术人员在没 有做出创造性劳动的前提下所获得的所有其他实施例,都属于本公开保护的范围。
第一实施例
一种基于区块链技术的大文件加解密系统,参见图1,系统包括发送方区块链节点、接收方区块链节点、加密模块、解密模块、发送方的公钥、发送方的私钥、接收方的公钥、接收方的私钥和对称密钥。
加密原理:所述加密模块在发送方区块链节点通过对称密钥应用对称加密算法将明文加密为数据密文,并通过接收方公钥和发送方私钥将对称密钥二次加密生成对称密钥密文。
解密原理:所述解密模块在接收方区块链节点通过发送方公钥和接收方私钥将对称密钥密文二次解密生成对称密钥,并通过解密的对称密钥将数据密文解密生成明文。
进一步的,系统还包括数据传输模块,其中,所述数据传输模块用于在发送方区块链节点和接收方区块链节点之间传输发送方的公钥、接收方的公钥、非对称密钥密文和数据密文。
进一步的,系统还包括密钥验证模块,所述密钥验证模块在各节点接收到公钥时进行密钥身份验证,公钥的身份验证通过后再传输给对应的加密模块或解密模块。通过该模块提高密钥的安全性和系统的运行效率。避免了密钥进入加解密模块后再识别带来的复杂流程。
第二实施例
一种基于区块链技术的大文件加解密方法,参见图2,方法包括:
S1、发送方明文加密,发送方在发送方区块链节点通过对称密钥D1将明文F加密为数据密文R2,并读取接收方公钥P2结合发送方私钥S1将对称密钥D1二次加密生成非对称密钥密文D3。具体的,步骤S1包括:
S11、发送方在发送方区块链节点通过加密模块动态生成对称密钥D1;
S12、发送方读取接收方区块链节点发送的接收方公钥P2,并调取 对称密钥D1、发送方私钥S1以及待处理的大文件的明文F;
S13、发送方使用非对称加解密算法将接收方公钥P2和对称密钥D1进行加密,得到被加密的密钥D2;
S14、发送方使用非对称加解密算法用发送方私钥S1对被加密的密钥D2进行二次加密,获得非对称密钥密文D3;
S15、发送方用对称密钥D1对要传输的文件明文F进行对称加密,得到加密后的数据密文R2;
S16、发送方把非对称密钥密文D3、数据密文R2、发送方公钥P1发送给接收方。
S2、接收方密文解密,接收方在接收方区块链节点通过发送方公钥P1和接收方私钥S2将非对称密钥密文D3二次解密生成对称密钥D1,接收发送方区块链的数据密文R2,所述数据密文R2在解密模块通过二次解密生成的对称密钥D1解密生成明文F。具体的,步骤S2包括:
S21、接收方在接收方区块链节点接收发送方传输的发送方公钥P1、数据密文R2和非对称密钥密文D3,并调取接收方私钥S2;
S22、接收方使用非对称加解密算法在解密模块用发送方公钥P1将非对称密钥密文D3进行解密,得到被加密的密钥D2;
S23、接收方使用非对称加解密算法用接收方私钥S2将被加密的密钥D2进行二次解密,得到对称密钥D1;
S24、接收方使用对称加解密算法结合对称密钥D1对发送方的数据密文R2进行解密,得到大文件解密后的明文F。
在上述加解密过程中还包括前置的密钥验证,对方公钥进入后先在节点或加/解密模块前进行密钥验证,若验证通过则进入下一步,若不通过结束进程。
第三实施例
一种计算机存储介质,其上存储有计算机指令,其特征在于:所述计算机指令运行时执行前述方法。其中,所述方法请参见前述部分 的详细介绍,此处不再赘述。
本领域普通技术人员可以理解上述实施例的各种方法中的全部或部分步骤是可以通过程序来指令相关的硬件来完成,该程序可以存储于计算机可读存储介质中,计算机可读介质包括永久性和非永久性、可移动和非可移动媒体可以由任何方法或技术来实现信息存储。信息可以是计算机可读指令、数据结构、程序的模块或其他数据。计算机的存储介质的例子包括,但不限于相变内存(PRAM)、静态随机存取存储器(SRAM)、动态随机存取存储器(DRAM)、其他类型的随机存取存储器(RAM)、只读存储器(ROM)、电可擦除可编程只读存储器(EEPROM)、快闪记忆体或其他内存技术、只读光盘只读存储器(CD ROM)、数字多功能光盘(DVD)或其他光学存储、磁盒式磁带,磁带磁磁盘存储或其他磁性存储设备或任何其他非传输介质,可用于存储可以被计算设备访问的信息。按照本文中的界定,计算机可读介质不包括暂存电脑可读媒体(transitory media),如调制的数据信号和载波。
本申请各部分操作所需的计算机程序编码可以用任意一种或多种程序语言编写,包括面向对象编程语言如Java、Scala、Smalltalk、Eiffel、JADE、Emerald、C++、C#、VB.NET、Python等,常规程序化编程语言如C语言、VisualBasic、Fortran2003、Perl、COBOL2002、PHP、ABAP,动态编程语言如Python、Ruby和Groovy,或其他编程语言等。该程序编码可以完全在用户计算机上运行、或作为独立的软件包在用户计算机上运行、或部分在用户计算机上运行部分在远程计算机运行、或完全在远程计算机或处理设备上运行。在后种情况下,远程计算机可以通过任何网络形式与用户计算机连接,比如局域网(LAN)或广域网(WAN),或连接至外部计算机(例如通过因特网),或在云计算环境中,或作为服务使用如软件即服务(SaaS)。
第四实施例
本公开还提供了一种设备,设备包括存储器和处理器,存储器上 储存有能够在所述处理器上运行的计算机指令,所述处理器运行所述计算机指令时执行前述的方法。其中,所述方法请参见前述部分的详细介绍,此处不再赘述。
此外,本领域技术人员可以理解,本申请的各方面可以通过若干具有可专利性的种类或情况进行说明和描述,包括任何新的和有用的工序、机器、产品或物质的组合,或对他们的任何新的和有用的改进。相应地,本申请的各个方面可以完全由硬件执行、可以完全由软件(包括固件、常驻软件、微码等)执行、也可以由硬件和软件组合执行。以上硬件或软件均可被称为“数据块”、“模块”、“引擎”、“单元”、“组件”或“系统”。此外,本申请的各方面可能表现为位于一个或多个计算机可读介质中的计算机产品,该产品包括计算机可读程序编码。
最后应说明的是:以上实施例仅用以说明本公开的技术方案,而非对其限制;尽管参照前述实施例对本公开进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本公开各实施例技术方案的精神和范围。
本申请提供的大文件加解密方法,通过使用区块链私钥确定了文件所有者的身份,并提供了一种性能高效的加密机制,提升了加密性能,通过二次加解密,保证只有指定的接收者才能解密文件,确保了文件内容的安全性,具有很强的工业实用性。
Claims (8)
- 一种基于区块链技术的大文件加解密系统,其特征在于:系统包括发送方区块链节点、接收方区块链节点、加密模块、解密模块、发送方的公钥、发送方的私钥、接收方的公钥、接收方的私钥和对称密钥;其中,所述加密模块在发送方区块链节点通过对称密钥应用对称加密算法将明文加密为数据密文,并通过接收方公钥和发送方私钥将对称密钥二次加密生成非对称密钥密文;其中,所述解密模块在接收方区块链节点通过发送方公钥和接收方私钥将非对称密钥密文二次解密生成对称密钥,并通过解密的对称密钥将数据密文解密生成明文。
- 根据权利要求1所述的大文件加解密系统,其特征在于:系统还包括数据传输模块,其中,所述数据传输模块用于在发送方区块链节点和接收方区块链节点之间传输发送方的公钥、接收方的公钥、非对称密钥密文和数据密文。
- 根据权利要求1所述的大文件加解密系统,其特征在于:系统还包括密钥验证模块,所述密钥验证模块在各节点接收到公钥时进行密钥身份验证,公钥的身份验证通过后再传输给对应的加密模块或解密模块。
- 一种基于区块链技术的大文件加解密方法,其特征在于,方法包括:S1、发送方明文加密,发送方在发送方区块链节点通过对称密钥将明文加密为数据密文,并读取接收方公钥结合发送方私钥将对称密钥二次加密生成非对称密钥密文;S2、接收方密文解密,接收方在接收方区块链节点通过发送方公钥和接收方私钥将非对称密钥密文二次解密生成对称密钥,接收发送方区块链的数据密文,所述数据密文在解密模块通过二次解密生成的 对称密钥解密生成明文。
- 根据权利要求4所述的大文件加解密方法,其特征在于,步骤S1包括:S11、发送方在发送方区块链节点通过加密模块动态生成对称密钥;S12、发送方读取接收方区块链节点发送的接收方公钥,并调取对称密钥、发送方私钥以及待处理的大文件的明文;S13、发送方使用非对称加解密算法将接收方公钥和对称密钥进行加密,得到被加密的密钥;S14、发送方使用非对称加解密算法用发送方私钥对被加密的密钥进行二次加密,获得非对称密钥密文;S15、发送方用对称密钥对要传输的文件明文进行对称加密,得对加密后的数据密文;S16、发送方把非对称密钥密文、数据密文、发送方公钥发送给接收方。
- 根据权利要求4或5所述的大文件加解密方法,其特征在于,步骤S2包括:S21、接收方在接收方区块链节点接收发送方传输的发送方公钥、数据密文和非对称密钥密文,并调取接收方私钥;S22、接收方使用非对称加解密算法在解密模块用发送方公钥将非对称密钥密文进行解密,得到被加密的密钥;S23、接收方使用非对称加解密算法用接收方私钥将被加密的密钥进行二次解密,得到对称密钥;S24、接收方使用对称加解密算法结合对称密钥对发送方的数据密文进行解密,得到大文件解密后的明文。
- 一种计算机存储介质,其上存储有计算机指令,其特征在于:所述计算机指令运行时执行权利要求4至6任一项所述的方法。
- 一种设备,所述设备包括存储器和处理器,所述存储器上储存有 能够在所述处理器上运行的计算机指令,其特征在于:所述处理器运行所述计算机指令时执行权利要求4至6任一项所述的方法。
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111192943.5 | 2021-10-13 | ||
CN202111192943.5A CN113949552A (zh) | 2021-10-13 | 2021-10-13 | 一种大文件加解密系统、方法、存储介质和设备 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2023061455A1 true WO2023061455A1 (zh) | 2023-04-20 |
Family
ID=79330308
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2022/125189 WO2023061455A1 (zh) | 2021-10-13 | 2022-10-13 | 一种大文件加解密系统、方法、存储介质和设备 |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN113949552A (zh) |
WO (1) | WO2023061455A1 (zh) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN116644458A (zh) * | 2023-07-26 | 2023-08-25 | 泸州职业技术学院 | 一种电子系统信息安全保护系统 |
CN117201113A (zh) * | 2023-09-07 | 2023-12-08 | 上海雷龙信息科技有限公司 | 一种基于非对称加密的区块链数字签名方法及其系统 |
CN118368153A (zh) * | 2024-06-20 | 2024-07-19 | 杭州靖安防务科技有限公司 | 一种数据安全传输系统和方法 |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113949552A (zh) * | 2021-10-13 | 2022-01-18 | 广州广电运通金融电子股份有限公司 | 一种大文件加解密系统、方法、存储介质和设备 |
CN115001871A (zh) * | 2022-08-02 | 2022-09-02 | 恒银金融科技股份有限公司 | 基于区块链技术的文件加密共享的方法和系统 |
CN115396096A (zh) * | 2022-08-29 | 2022-11-25 | 北京航空航天大学 | 基于国密算法的秘密文件的加、解密方法及保护系统 |
CN116305194B (zh) * | 2023-02-15 | 2023-11-17 | 中国科学院空天信息创新研究院 | 一种可持续信息披露数据非对称加解密方法和系统 |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070050303A1 (en) * | 2005-08-24 | 2007-03-01 | Schroeder Dale W | Biometric identification device |
JP2020202535A (ja) * | 2019-06-13 | 2020-12-17 | 伊格拉斯▲控▼股有限公司 | 安全製造に適用される制御システム及び制御方法 |
CN112532656A (zh) * | 2021-02-07 | 2021-03-19 | 腾讯科技(深圳)有限公司 | 基于区块链的数据加解密方法、装置及相关设备 |
CN112671735A (zh) * | 2020-12-16 | 2021-04-16 | 江苏通付盾区块链科技有限公司 | 一种基于区块链和重加密的数据加密分享系统及方法 |
CN112787976A (zh) * | 2019-11-06 | 2021-05-11 | 阿里巴巴集团控股有限公司 | 数据加密、解密和共享方法、设备、系统及存储介质 |
CN113407954A (zh) * | 2021-05-11 | 2021-09-17 | 支付宝(杭州)信息技术有限公司 | 基于区块链的数据管理方法及装置 |
CN113949552A (zh) * | 2021-10-13 | 2022-01-18 | 广州广电运通金融电子股份有限公司 | 一种大文件加解密系统、方法、存储介质和设备 |
Family Cites Families (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107294709A (zh) * | 2017-06-27 | 2017-10-24 | 阿里巴巴集团控股有限公司 | 一种区块链数据处理方法、装置及系统 |
CN109802825A (zh) * | 2017-11-17 | 2019-05-24 | 深圳市金证科技股份有限公司 | 一种数据加密、解密的方法、系统及终端设备 |
CN109033855B (zh) * | 2018-07-18 | 2020-02-11 | 腾讯科技(深圳)有限公司 | 一种基于区块链的数据传输方法、装置及存储介质 |
CN109120639B (zh) * | 2018-09-26 | 2021-03-16 | 众安信息技术服务有限公司 | 一种基于区块链的数据云存储加密方法及系统 |
CN110061845A (zh) * | 2019-03-14 | 2019-07-26 | 深圳壹账通智能科技有限公司 | 区块链数据加密方法、装置、计算机设备及存储介质 |
CN110493263B (zh) * | 2019-09-17 | 2022-05-24 | 北京元安物联技术有限公司 | 网关离线认证方法、装置、系统及计算机可读存储介质 |
CN111614670A (zh) * | 2020-05-20 | 2020-09-01 | 浙江大华技术股份有限公司 | 加密文件的发送方法及装置、存储介质 |
-
2021
- 2021-10-13 CN CN202111192943.5A patent/CN113949552A/zh active Pending
-
2022
- 2022-10-13 WO PCT/CN2022/125189 patent/WO2023061455A1/zh active Application Filing
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070050303A1 (en) * | 2005-08-24 | 2007-03-01 | Schroeder Dale W | Biometric identification device |
JP2020202535A (ja) * | 2019-06-13 | 2020-12-17 | 伊格拉斯▲控▼股有限公司 | 安全製造に適用される制御システム及び制御方法 |
CN112787976A (zh) * | 2019-11-06 | 2021-05-11 | 阿里巴巴集团控股有限公司 | 数据加密、解密和共享方法、设备、系统及存储介质 |
CN112671735A (zh) * | 2020-12-16 | 2021-04-16 | 江苏通付盾区块链科技有限公司 | 一种基于区块链和重加密的数据加密分享系统及方法 |
CN112532656A (zh) * | 2021-02-07 | 2021-03-19 | 腾讯科技(深圳)有限公司 | 基于区块链的数据加解密方法、装置及相关设备 |
CN113407954A (zh) * | 2021-05-11 | 2021-09-17 | 支付宝(杭州)信息技术有限公司 | 基于区块链的数据管理方法及装置 |
CN113949552A (zh) * | 2021-10-13 | 2022-01-18 | 广州广电运通金融电子股份有限公司 | 一种大文件加解密系统、方法、存储介质和设备 |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN116644458A (zh) * | 2023-07-26 | 2023-08-25 | 泸州职业技术学院 | 一种电子系统信息安全保护系统 |
CN116644458B (zh) * | 2023-07-26 | 2023-11-21 | 泸州职业技术学院 | 一种电子系统信息安全保护系统 |
CN117201113A (zh) * | 2023-09-07 | 2023-12-08 | 上海雷龙信息科技有限公司 | 一种基于非对称加密的区块链数字签名方法及其系统 |
CN117201113B (zh) * | 2023-09-07 | 2024-04-30 | 上海雷龙信息科技有限公司 | 一种基于非对称加密的区块链数字签名方法及其系统 |
CN118368153A (zh) * | 2024-06-20 | 2024-07-19 | 杭州靖安防务科技有限公司 | 一种数据安全传输系统和方法 |
Also Published As
Publication number | Publication date |
---|---|
CN113949552A (zh) | 2022-01-18 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2023061455A1 (zh) | 一种大文件加解密系统、方法、存储介质和设备 | |
US10205713B2 (en) | Private and mutually authenticated key exchange | |
KR101936758B1 (ko) | 정보 조회 기록의 무결성을 위한 암호화 장치, 방법 및 블록체인에서 정보 조회 기록의 무결성을 위한 분산 원장 장치 | |
CN107086915B (zh) | 一种数据传输方法、数据发送端及数据接收端 | |
US20120054491A1 (en) | Re-authentication in client-server communications | |
WO2018189681A1 (en) | Data tokenization | |
WO2018145606A1 (zh) | 一种用于cdn节点间加密的方法、系统、装置、介质及设备 | |
CN104158880B (zh) | 一种用户端云数据共享解决方法 | |
CN114513327B (zh) | 一种基于区块链的物联网隐私数据快速共享方法 | |
CN111865582B (zh) | 基于零知识证明的私钥离线存储方法、系统及存储介质 | |
CN113630248B (zh) | 一种会话密钥协商方法 | |
CN113034135A (zh) | 基于区块链的信息处理方法、装置、设备、介质和产品 | |
Murugesan et al. | Analysis on homomorphic technique for data security in fog computing | |
CN112487443A (zh) | 一种基于区块链的能源数据细粒度访问控制方法 | |
TW201537937A (zh) | 統一身份認證平臺及認證方法 | |
CN112564906A (zh) | 一种基于区块链的数据安全交互方法及系统 | |
CN112968778A (zh) | 区块链国密算法的转换方法、系统、计算机设备及应用 | |
Pérez et al. | A digital envelope approach using attribute-based encryption for secure data exchange in IoT scenarios | |
Reshma et al. | Pairing-free CP-ABE based cryptography combined with steganography for multimedia applications | |
Cho et al. | Using QKD in MACsec for secure Ethernet networks | |
Saranya et al. | A survey on mobile payment request verification over cloud using key distribution | |
WO2018102382A1 (en) | Method and system for switching public keys in ciphertexts | |
US11436351B1 (en) | Homomorphic encryption of secure data | |
CN112800462A (zh) | 一种云计算环境下机密信息的存储方法 | |
Huang et al. | Adaptive Secure Cross‐Cloud Data Collaboration with Identity‐Based Cryptography and Conditional Proxy Re‐Encryption |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 22880391 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 22880391 Country of ref document: EP Kind code of ref document: A1 |