Nothing Special   »   [go: up one dir, main page]

CN106850220A - Data ciphering method, data decryption method and device - Google Patents

Data ciphering method, data decryption method and device Download PDF

Info

Publication number
CN106850220A
CN106850220A CN201710095577.9A CN201710095577A CN106850220A CN 106850220 A CN106850220 A CN 106850220A CN 201710095577 A CN201710095577 A CN 201710095577A CN 106850220 A CN106850220 A CN 106850220A
Authority
CN
China
Prior art keywords
encryption
subdata
template
key
aes
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710095577.9A
Other languages
Chinese (zh)
Other versions
CN106850220B (en
Inventor
崔精兵
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tencent Technology Shenzhen Co Ltd
Original Assignee
Tencent Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology Shenzhen Co Ltd filed Critical Tencent Technology Shenzhen Co Ltd
Priority to CN201710095577.9A priority Critical patent/CN106850220B/en
Publication of CN106850220A publication Critical patent/CN106850220A/en
Application granted granted Critical
Publication of CN106850220B publication Critical patent/CN106850220B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a kind of data ciphering method, data decryption method and device, belong to field of computer technology.The method includes:Target data to be encrypted is obtained, the target data includes at least two subdatas;Obtain at least two AESs;For every subdata in the target data, from least two AES select target AES is encrypted to the subdata, the target data after being encrypted.The present invention solves server when target data is encrypted as an entirety using single AES, and the difficulty that malicious persons crack the target data after encryption is relatively low, the security of the target data after encryption problem not high;The difficulty that malicious persons crack the target data after encryption is improve, the security of the target data after encryption is improve.

Description

Data ciphering method, data decryption method and device
Technical field
The present embodiments relate to computer realm, more particularly to a kind of data ciphering method, data decryption method and dress Put.
Background technology
Antivirus software pass through antivirus engine detect the characteristic information that is stored in characteristic information and the virus base of file whether Match somebody with somebody to detect whether file is virus, when the characteristic information of file is matched with the characteristic information in virus base, determine that file is Virus.Wherein, antivirus software includes antivirus engine and virus base.If virus base is obtained by rogue program or wooden horse, and to it In the data such as characteristic information, Virus Name distorted, then antivirus software may be caused to detect asking for virus document Topic.Therefore, virus base is encrypted to ensure that virus base is not got by rogue program or wooden horse, is to ensure antivirus software The key component of the accuracy of virus investigation.
In correlation technique, server is integrally encrypted using default AES to virus base.When killing in terminal When malicious software passes through antivirus engine according to virus base virus investigation, antivirus engine is calculated using the decryption corresponding with default AES Whether method decrypts the virus base, the use of the Data Detection file in the virus base after decryption is virus.
Because server is encrypted using single AES to whole virus base, malicious persons crack encryption calculation The difficulty of method is relatively low, and the security of the virus base after encryption is not high.
The content of the invention
In order to solve prior art because server is encrypted using single AES to whole virus base, cause Virus base after encryption cracks that difficulty is relatively low, and Information Security problem not high the embodiment of the invention provides a kind of data Encryption method, data decryption method and device.The technical scheme is as follows:
First aspect, there is provided a kind of data ciphering method, methods described includes:
Target data to be encrypted is obtained, the target data includes at least two subdatas;
Obtain at least two AESs;
For every subdata in the target data, target encryption is selected from least two AES Algorithm is encrypted to the subdata, the target data after being encrypted.
Second aspect, there is provided a kind of data decryption method, methods described includes:
The target data after encryption is obtained, the target data after the encryption includes the subdata after at least two encryptions, There is the AES difference that the subdata after at least two encryptions is used in subdata after at least two encryptions;
The subdata after the encryption to be decrypted is determined from the target data after the encryption;
Obtain the corresponding decipherment algorithm of subdata after the encryption;
Subdata after the encryption is decrypted according to the decipherment algorithm.
The third aspect, there is provided a kind of data encryption device, described device includes:
First acquisition module, for obtaining target data to be encrypted, the target data includes at least two subdatas;
Second acquisition module, for obtaining at least two AESs;
Encrypting module, for every subdata in the target data that is got for first acquisition module, Target AES is selected to the subnumber from least two AES that the second acquisition unit gets According to being encrypted, the target data after being encrypted.
Fourth aspect, there is provided a kind of data decryption apparatus, described device includes:
First acquisition module, for obtaining the target data after encryption, the target data after the encryption includes at least two Subdata after bar encryption, the subdata existed after at least two encryptions in the subdata after at least two encryptions makes AES is different;
Determining module, for determining to wait to solve in the target data after the encryption that is got from first acquisition module Subdata after the close encryption;
Second acquisition module, for obtaining the corresponding decryption of subdata after the encryption that the determining module is determined Algorithm;
Deciphering module, after the decipherment algorithm for being got according to second acquisition module decrypts the encryption Subdata.
The beneficial effect that technical scheme provided in an embodiment of the present invention is brought includes:
Subdata different in target data is encrypted by the AES of at least two types, after being encrypted Target data;Server is solved when target data being encrypted as an entirety using single AES, The difficulty that malicious persons crack the target data after encryption is relatively low, the security of the target data after encryption problem not high;By Be encrypted by least two AESs in target data, malicious persons crack encryption after target data when, Need to crack at least two AESs, this improves the difficulty that malicious persons crack the target data after encryption, improve The security of the target data after encryption.
Brief description of the drawings
Technical scheme in order to illustrate more clearly the embodiments of the present invention, below will be to that will make needed for embodiment description Accompanying drawing is briefly described, it should be apparent that, drawings in the following description are only some embodiments of the present invention, for For those of ordinary skill in the art, on the premise of not paying creative work, other can also be obtained according to these accompanying drawings Accompanying drawing.
Fig. 1 is the structural representation of the data handling system that one embodiment of the invention is provided;
Fig. 2A is the flow chart of the data processing method that one embodiment of the invention is provided;
Fig. 2 B are a kind of schematic diagrames of data ciphering method that one embodiment of the invention is provided;
Fig. 2 C are the schematic diagrames of another data ciphering method that one embodiment of the invention is provided;
Fig. 2 D are the schematic diagrames of the method for the subdata after the determination encryption to be decrypted that one embodiment of the invention is provided;
Fig. 3 A are the flow charts of the method for the acquisition AES that one embodiment of the invention is provided;
Fig. 3 B are the schematic diagrames of the enciphering and deciphering algorithm set that one embodiment of the invention is provided;
Fig. 4 A are being encrypted to the subdata in target data by AES for one embodiment of the invention offer Method flow chart;
Fig. 4 B are the schematic diagrames of the data ciphering method that one embodiment of the invention is provided;
Fig. 5 A are the methods of the corresponding decipherment algorithm of subdata after the acquisition encryption that one embodiment of the invention is provided Flow chart;
Fig. 5 B are the schematic diagrames of the data decryption method that one embodiment of the invention is provided;
Fig. 6 is the schematic diagram of the data processing method that one embodiment of the invention is provided;
Fig. 7 is the block diagram of the data encryption device that one embodiment of the invention is provided;
Fig. 8 is the block diagram of the data decryption apparatus that one embodiment of the invention is provided;
Fig. 9 is the structural representation of the server that one embodiment of the invention is provided;
Figure 10 is the structural representation of the terminal that one embodiment of the invention is provided.
Specific embodiment
Here exemplary embodiment will be illustrated in detail, its example is illustrated in the accompanying drawings.Following description is related to During accompanying drawing, unless otherwise indicated, the same numbers in different accompanying drawings represent same or analogous key element.Following exemplary embodiment Described in implementation method do not represent and the consistent all implementation methods of the present invention.Conversely, they be only with it is such as appended The example of the consistent apparatus and method of some aspects being described in detail in claims, of the invention.
First to present document relates to several nouns be introduced.
Antivirus software is (also referred to as:Anti-viral software or antivirus software):Refer to be disliked for eliminating virus, wooden horse in terminal etc. The software of meaning program.Antivirus software at least includes antivirus engine and virus base.
Antivirus engine:It is one section of program, this section of program is used to detect and find rogue program, such as:Tav antivirus engines.
Virus base:Refer to the sample of the rogue program having been found that, for detecting and finding malice journey for antivirus engine Used during sequence.Virus base at least includes viral name storehouse and characteristic information storehouse, wherein, viral name storehouse includes the viral name of virus and should The corresponding viral ID (Identity, identity number) of viral name, refer to the viral name storehouse shown in table one, wherein, head letter Cease for indicator virus name storehouse.Characteristic information storehouse includes the characteristic information and the corresponding viral ID of this feature information of virus, please join The characteristic information storehouse shown in table two is examined, wherein, header is used for indicative character information bank.
Table one:
Table two:
Target data:Refer to need to be encrypted the data of protection.Target data includes:Characteristic information and disease in virus base At least one in malicious title, chat record, message registration, contact person, collection record and photograph album.Certainly, target data may be used also So that including other types of data, the present embodiment will not enumerate herein.
AES:It refer to the algorithm for encrypting target data.AES includes encrypted template and key, such as: AES is:Target data XOR key 1.
Decipherment algorithm:It refer to the algorithm for decrypting the target data after encryption.There is corresponding encryption and calculate in decipherment algorithm Method.Decipherment algorithm includes decryption template and key, such as:Decipherment algorithm is:Target data XOR key 1 after encryption.
Fig. 1 is refer to, the structural representation of the data handling system provided it illustrates one embodiment of the invention.This is System includes server 110 and terminal 120.
Server 110 can be a single server, or at least one server cluster, the present embodiment pair This is not construed as limiting.
Server 110 is used to be encrypted target data, and the target data after encryption is sent by communicating to connect To terminal 110.
Server 110 sets up communication connection by wireless network mode or cable network mode with terminal 120.
Terminal 120 includes mobile phone, panel computer, E-book reader, MP3 (Moving Picture Experts Group Audio Layer III, dynamic image expert's compression standard audio aspect 3) player, MP4 (Moving Picture Experts Group Audio Layer IV, dynamic image expert's compression standard audio aspect 4) it is player, on knee portable Computer and desktop computer etc., the present embodiment is not construed as limiting to this.
Target data of the terminal 120 after communicating to connect the encryption that the reception server 110 sends, and using the target During data, target data is decrypted.Alternatively, the feature letter after target data after encryption in virus base including encrypting Breath and encryption after Virus Name in it is at least one when, be provided with terminal 120 for detect file whether be virus kill Malicious software, the subdata to be decrypted that the antivirus software is used in antivirus engine is to the target data after encryption is solved It is close, and whether be virus according to the subdata detection file after decryption.
It should be added that, the present embodiment is only illustrated so that the quantity of terminal 120 is one as an example, in actual reality Now, the quantity of terminal 120 can be multiple, and the present embodiment is not construed as limiting to this.
Alternatively, above-mentioned wireless network or cable network use standard communication techniques and/or agreement.Network be usually because Special net, it may also be any network, including but not limited to LAN (Local Area Network, LAN), Metropolitan Area Network (MAN) (Metropolitan Area Network, MAN), wide area network (Wide Area Network, WAN), mobile, wired or nothing Any combinations of gauze network, dedicated network or VPN).In certain embodiments, using including hypertext markup Language (HyperText Mark-up Language, HTML), extensible markup language (Extensible Markup Language, XML) etc. technology and/or form represent by the data of network exchange.Can additionally use such as safe Socket layer (Secure Socket Layer, SSL), Transport Layer Security (Trassport Layer Security, TLS), void Intend dedicated network (Virtual Private Network, VPN), Internet Protocol Security (Internet Protocol Security, IPsec) etc. conventional encryption techniques encrypt all or some links.In further embodiments, can also make Replace or supplement above-mentioned data communication technology with customization and/or the exclusive data communication technology.
Fig. 2A is refer to, the flow chart of the data processing method provided it illustrates one embodiment of the invention.The method For in the data handling system shown in Fig. 1, the method can to include following steps:
Step 201, server obtains target data to be encrypted.
Target data refers to need to be encrypted the data of protection, and usual target data includes at least two subdatas.Son Data include at least one in the Virus Name in characteristic information in characteristic information storehouse and viral name storehouse.
Alternatively, at least two types of subdata in target data can be with identical, such as:At least two subnumbers According to being Virus Name;Or, at least two types of subdata can also be different, such as:At least two strip packets Characteristic information and Virus Name two types are included, the present embodiment is not construed as limiting to this.
The target data that server gets can be that developer is input into, or other terminals send, this Embodiment is not construed as limiting to this.
Step 202, server obtains at least two AESs.
The present embodiment is encrypted by using at least two AESs to target data, is improve malicious persons and is cracked The difficulty of the target data after encryption, so as to improve the security of the target data after encryption.
Alternatively, step 202 can be performed before step 201, it is also possible to be performed after step 201, can also and Step 201 is performed simultaneously, and the present embodiment is not construed as limiting to this.
Step 203, for every subdata in target data, server selection target from least two AESs AES subdata is encrypted, the target data after being encrypted.
Server selection target AES subdata from least two AESs is encrypted including but does not limit In following several ways.
First way, for different subdatas, server is encrypted using different target AESs.This When, subdata is corresponded with target AES.
Refer to Fig. 2 B, it is assumed that target data is the viral name storehouse in the virus base shown in upper table one, subdata is virus Viral name 1, viral name 2 and viral name 3 in name storehouse.It can be seen from Fig. 2 B, server is by the encrypted virus of AES 1 name 1 Viral name 1 after being encrypted;Viral name 2 after the encrypted virus of AES 2 name 2 is encrypted;By AES 3 Encrypted virus name 3 encrypt after viral name 3, thus, different in the target data after the encryption that server is obtained add The AES used between subdata after close is different.
The second way, for the part subdata in target data, server is encrypted using identical first object and calculated Method is encrypted;Different remaining subdata in for target data, server uses the second different target AESs It is encrypted, the target data after being encrypted.
Wherein, the quantity of part subdata is at least two, and the quantity of remaining subdata is at least one.First object adds Close algorithm is different from the second target AES.
Refer to Fig. 2 C, it is assumed that target data is the viral name storehouse in the virus base shown in table one, subdata is viral name Viral name 1, viral name 2 and viral name 3 in storehouse.It can be seen from Fig. 2 C, server is obtained by the encrypted virus of AES 1 name 1 Viral name 1 after to encryption;Viral name 2 after the encrypted virus of AES 1 name 2 is encrypted;Added by AES 3 Close viral name 3 encrypted after viral name 3, thus, in the target data after the encryption that server is obtained both exist at least two The AES that subdata after bar encryption is used is different, such as:The viral name 3 after viral name 1 and encryption after encryption, deposits again The AES that subdata after being encrypted at least two is used is identical, such as:The virus after viral name 1 and encryption after encryption Name 2.
Alternatively, server is regularly sent to terminal the target data after encryption.
Step 204, terminal obtains the target data after encryption.
Target data after encryption can server send, or terminal in voluntarily encrypt after preserves, Embodiment is not construed as limiting to this.The target data that terminal gets include at least two encryption after subdata, and this at least two There is the AES difference that the subdata after at least two encryptions is used in subdata after bar encryption.
Step 205, terminal determines the subdata after encryption to be decrypted from the target data after encryption.
Because terminal is when using target data, it may not be necessary to use all subdatas in the target data, such as: When antivirus software passes through the viral name of viral library lookup virus document, it is only necessary to the feature with the virus document in virus base The viral corresponding viral name of information is decrypted, to obtain the viral name, therefore, terminal is after determining encryption to be decrypted Subdata, the subdata after the encryption is decrypted so that the solution used needed for the terminal is only existed in the internal memory of terminal Subdata after close, the subdata after other encryptions remains in that encrypted state, and malicious persons will not use number of targets in terminal During, whole subdatas that the target data includes are got, improve the security of other subdatas.
Alternatively, when the target data after encryption is the Virus Name after being encrypted in virus base, terminal is from after encryption The subdata after encryption to be decrypted is determined in target data, including:Antivirus engine is by the characteristic information and characteristic information of file Characteristic information in storehouse is matched;When matching with the characteristic information of this document in the presence of a characteristic information in characteristic information storehouse When, the corresponding viral ID of this feature information is obtained from this feature information bank;According to virus ID in viral name storehouse and viral name it Between corresponding relation, the corresponding viral names of the viral ID are defined as the subdata after encryption to be decrypted.
Refer to Fig. 2 D, it is assumed that as shown in upper table one, as shown in upper table two, antivirus software exists in viral name storehouse in characteristic information storehouse When whether inspection file 21 is malicious file, whether there is and text in searching characteristic information storehouse 23 by feature matcher 22 first The characteristic information that the characteristic information of part 21 matches;If exist in characteristic information storehouse 23 matching with the characteristic information of file 21 Characteristic information, then antivirus software the viral ID3 corresponding with this feature information is obtained from characteristic information storehouse 23.Then, kill virus Viral name 3 of the software after viral name selector 24 searches the virus corresponding encryptions of ID3 in viral name storehouse 25, it is determined that encryption Viral name 3 afterwards is the subdata after encryption to be decrypted.
Alternatively, when terminal needs all of target data of single use, it is also possible to all sons in target data Data are decrypted, and the present embodiment is not construed as limiting to this.
Step 206, terminal obtains the corresponding decipherment algorithm of subdata after encryption.
Decipherment algorithm is corresponding with AES, such as:AES is target data XOR key 1, then decryption is calculated Method is the target data XOR key 1 after encryption.
Step 207, terminal is according to the subdata after decipherment algorithm decryption encryption.
When the subdata after the Partial encryption in the target data after terminal is only to encryption is decrypted, the internal memory of terminal In only exist decryption after part subdata.
Alternatively, terminal shows the subdata after decryption after the subdata after decrypting encryption.
Alternatively, step 201-203 can be implemented separately the data ciphering method for server side;Step 204-207 can be single Solely it is embodied as the data decryption method of end side;Or, it is the data encryption side of end side that step 201-203 can be implemented separately Method;Step 204-207 can be implemented separately the data decryption method for end side, and the present embodiment is not construed as limiting to this.
In sum, the method that the present embodiment is provided, by the AES of at least two types in target data not Same subdata is encrypted, the target data after being encrypted;Solve server and use single AES by mesh When mark data are encrypted as an entirety, the difficulty that malicious persons crack the target data after encryption is relatively low, after encryption The security of target data problem not high;Because target data is encrypted by least two AESs, malice Personnel, it is necessary to crack at least two AESs, crack in the target data after cracking encryption this improves malicious persons The difficulty of the target data after encryption, improves the security of the target data after encryption.
In addition, the subdata after encryption to be decrypted is determined from the target data after encryption;After obtaining encryption The corresponding decipherment algorithm of subdata, the subdata after the encryption is decrypted according to the AES so that terminal is using number of targets Be not in the target data after whole decryption during subdata in, in internal memory, but only exist part subnumber According to improve the security of other subdatas do not decrypted in terminal.
Further, since the AES of target data is the key generation according to random generation, for same number of targets Subdata in, the front and rear AES for generating twice may be different, so, even if the AES of previous generation is disliked Meaning personnel crack, and for the latter AES of generation, malicious persons also need to crack again, improve malicious persons and crack The difficulty of the subdata after encryption.
It should be added that, in the present embodiment, only with target data including in viral name storehouse and characteristic information storehouse At least one as a example by illustrate, when actually realizing, target data can also be chat record, photograph album, message registration, connection It is people, collection record, correspondingly, the subdata in target data can also be chat message, view data, communicating data, connection It is personal data, collection data, the present embodiment is not construed as limiting to this.Certainly, target data and subdata can also be other types Data, the present embodiment will not enumerate herein.
Alternatively, according to the difference of application scenarios, such as:When the data ciphering method that the present embodiment is provided is used to encrypt end When chat record, photograph album, message registration, contact person, collection record in end etc., step 201-203 can also be held by terminal OK.Now, the target data that terminal gets is that the acquisition component in terminal is collected, or user input, this reality Example is applied to be not construed as limiting this.When by terminal to encrypt target data, its realization principle and the content phase described in step 201-203 Together, therefore not to repeat here for the present embodiment.
Separately below to concrete mode (referring to the embodiment shown in Fig. 3 A), the step of acquisition AES in step 202 The concrete mode that Choice encryption algorithm is encrypted to the subdata in target data in 203 is (referring to the implementation shown in Fig. 4 A Example), the concrete mode (referring to the embodiment shown in Fig. 5 A) of the corresponding decipherment algorithm of subdata after encryption is obtained in step 206 It is described in detail respectively.
Fig. 3 A are refer to, the flow chart of the method for the acquisition AES provided it illustrates one embodiment of the invention. In the server 110 that the method is used in the data handling system shown in Fig. 1, the method includes following steps.
Step 301, obtains encryption and decryption template pair.
Encryption and decryption template is to including:Encrypted template decryption template corresponding with the encrypted template.Generally, encrypted template is conciliate Close template is that developer chooses.In an encryption and decryption template pair, the mould of the template type of encrypted template and decryption template Plate type is identical, and the template type includes XOR template, same or template and non-template or non-template and template or mould In plate and non-template at least two.Certainly, template type can also be other types of template, such as:XOR template and mould Combination of plate etc..
Step 302, at least one key of random generation.
In this step, server generates at least one key, first random number at random by the first random number generator The scope of maker generation random number can be fixed, it is also possible to not fixed, the present embodiment is not construed as limiting to this.
In addition, digit of the present embodiment not to the key of the first random number generator generation is construed as limiting, such as:First is random The digit of the key of number maker generation is identical with the digit of subdata.
Step 303, according to encryption and decryption template pair and key generation enciphering and deciphering algorithm set.
Enciphering and deciphering algorithm set includes at least two group encryption/decryption algorithm combinations.Server is added one by algorithm synthesizer Decryption template pair and a key synthesize a group encryption/decryption algorithm combination, wherein, the encrypted template of encryption and decryption template centering and Key synthesizes AES, and the decryption template and key of the encryption and decryption template centering synthesize decipherment algorithm.That is, every group adds solution Close algorithm combination includes the AES and decipherment algorithm bag in AES and decipherment algorithm, and the group encryption/decryption algorithm combination The key for including is identical.
Assuming that the template type of the encrypted template of the close template centering of encryption and decryption is XOR template, random number generator generation Key is key A, then, the AES in the enciphering and deciphering algorithm combination that algorithm synthesizer is obtained is:Subdata XOR key A;Decipherment algorithm is the subdata XOR key A after encryption.Wherein, AES has identical key A with decipherment algorithm.
Alternatively, unique group encryption/decryption algorithm combination, different groups can be determined according to key to ensure terminal The key included between AES combination is different.
Alternatively, between the template type of the encryption and decryption template pair of the enciphering and deciphering algorithms combination of different groups can with identical, This can be not construed as limiting with difference, the present embodiment.
Refer to the enciphering and deciphering algorithm set shown in Fig. 3 B.Enciphering and deciphering algorithm set includes three group encryption/decryption algorithm combinations, Include AES and decipherment algorithm per group encryption/decryption algorithm.The key of different group encryption/decryption algorithm combinations is different, such as:First The key of group encryption/decryption algorithm combination is key A, the key of the second group encryption/decryption algorithm combination is key B, the 3rd group encryption/decryption The key of algorithm combination is ciphering key.The encryption and decryption template pair of the AES combinations of difference group can be with identical, such as:First group The template type and the encryption and decryption template pair of the second group encryption/decryption algorithm combination of the encryption and decryption template pair of enciphering and deciphering algorithm combination Template type is identical, is XOR template;The template type of the encryption and decryption template pair of the AES combination of difference group can also Difference, such as:The template type of the encryption and decryption template of the first group encryption/decryption algorithm combination is XOR template, and the 3rd group encryption/decryption is calculated The template type of the encryption and decryption template pair of method combination is same or template, and the two is different.
In sum, the method that the present embodiment is provided, by obtaining encryption and decryption template pair;Random generation at least one is close Key;According to encryption and decryption template pair and key generation enciphering and deciphering algorithm so that the feelings that server is fixed in the quantity of encryption and decryption template Under condition, various enciphering and deciphering algorithms can be generated by the multiple keys of random generation, increased the number of AES.
Further, since the algorithm complex of encryption and decryption template is relatively low, server for encrypting subdata and terminal deciphering are reduced The difficulty of subdata, so as to improve the efficiency of encryption target data and decryption target data.
Fig. 4 A are refer to, it illustrates one embodiment of the invention offer by AES to the son in target data The flow chart of the method that data are encrypted.In the server 110 that the method is used in the data handling system shown in Fig. 1, should Method includes following steps.
Step 401, for every subdata, from the key of at least two AESs, randomly selects target cipher key.
In this step, it is close that server randomly selects target by the second random number generator from the key of AES Key.It can be seen from the embodiment shown in Fig. 3 A, the AES in enciphering and deciphering algorithm set is by encrypted template and corresponding key Constitute, corresponding target cipher key can be found out in enciphering and deciphering algorithm set according to the random number that random number generator is generated.
Alternatively, in order to ensure the random number that server can be generated according to the second random number generator, calculated in encryption and decryption Corresponding target cipher key is found out in method set, the formation range of the random number of the second random number generator is by enciphering and deciphering algorithm collection All keys in conjunction are constituted.
Assuming that server generation enciphering and deciphering algorithm set as shown in Figure 3 B, then, the second random number generator it is random Several formation ranges is made up of key A, key B and ciphering key.
Step 402, determines the target AES belonging to target cipher key at least two AESs.
Server passes through AES selector selection target AES from least two AESs.Due to encryption Algorithm is made up of encrypted template and corresponding key, therefore, AES selector can determine the mesh according to target cipher key Target AES belonging to mark key.
Assuming that the enciphering and deciphering algorithm set of server generation is as shown in Figure 3 B, the target of the second random number generator generation is close Key is key A, then, the secret key cryptographic algorithm that AES selector is determined is:Subdata XOR key A.
Step 403, subdata, the subdata after being encrypted are encrypted by target AES.
Assuming that target cipher key is key A, the target AES that server is determined according to key A is:Subdata XOR Key A, if subdata is 10110110, key A is 00001111, then the subdata after encrypting is 10111001.
It should be added that, the present embodiment is illustrated so that the digit of key is equal with the digit of subdata as an example, When actually realizing, the digit of key can also be different from the digit of subdata.When key digit and subdata digit not Simultaneously for key and the less one of subdata median, in data zero padding treatment made above, obtained after zero padding treatment Digit is equal with the digit of another one.
Step 404, the corresponding relation between the subdata set up after encryption and target cipher key.
Corresponding relation is used for when the subdata after to encryption is decrypted, according to belonging to corresponding target cipher key is determined Decipherment algorithm.
Assuming that subdata is each the viral name in the viral name storehouse shown in table one, server is different according to belonging to key A Or algorithm for encryption virus name 1, the corresponding relation between the viral name 1 set up after key A and encryption;It is different according to belonging to key B Or algorithm for encryption virus name 2, the corresponding relation between the viral name 2 set up after key B and encryption;It is same according to belonging to ciphering key Or algorithm for encryption virus name 3, the corresponding relation between the viral name 3 set up after ciphering key and encryption, thus, obtain shown in table three Viral name storehouse.
Table three:
Step 405, according to the target data after the subdata generation encryption after encryption.
Alternatively, step 405 can be performed after step 404, it is also possible to be performed before step 404, can also be with Step 404 is performed simultaneously, and the present embodiment is not construed as limiting to this.
In sum, the method that the present embodiment is provided, is calculated by randomly choosing a kind of encryption from enciphering and deciphering algorithm set Method encrypts the subdata in target data, and corresponding between the subdata set up after encryption and the key in AES is closed System, and the target data after encrypt, on the premise of the difficulty of the target data after malicious persons decryption is encrypted is improve, Also assures that terminal can normally decrypt the target data after encryption according to key, it is ensured that target data after encryption can be by Terminal is normally used.
Schematically, in order to make it easier to understand that the present embodiment provide data ciphering method, refer to Fig. 4 B, below it is right The data ciphering method cites an actual example and illustrates.In this example, it is viral name storehouse with target data, subdata is virus Illustrated as a example by name.
Server first, target cipher key 43 is generated by the second random number generator 42 after viral name 41 is got;So Afterwards, the institute of target cipher key 43 is selected from enciphering and deciphering algorithm set 45 according to the target cipher key 43 by AES selector 44 The target AES 46 of category;Then, by the encrypted virus of target AES 46 name 41, the viral name after being encrypted 47;Corresponding relation between the viral name 47 and key 43 set up after encryption, the corresponding relation for obtaining is stored in viral name storehouse.
Fig. 5 A are refer to, the corresponding decryption of subdata after the acquisition encryption provided it illustrates one embodiment of the invention The flow chart of the method for algorithm.The method be used for Fig. 1 shown in data handling system in terminal 120 in, the method include with Under several steps.
Step 501, obtains enciphering and deciphering algorithm set.
The enciphering and deciphering algorithm set that terminal gets can be that itself is generated, or server sends, this reality Example is applied to be not construed as limiting this.Wherein, enciphering and deciphering algorithm set includes at least two group encryption/decryption algorithm combinations, per group encryption/decryption algorithm Combination includes AES and decipherment algorithm, and AES includes encrypted template and key, decipherment algorithm include decryption template with Key, the AES in same group encryption/decryption algorithm combination is identical with the key that decipherment algorithm includes, different group encryption algorithms The key included between combination is different.
Alternatively, when the corresponding decipherment algorithm of target data after terminal obtains encryption from server, server can be with Enciphering and deciphering algorithm set is not sent to terminal all, but the decipherment algorithm in enciphering and deciphering algorithm set is sent to terminal, The present embodiment is not construed as limiting to this.
Step 502, the corresponding key of subdata after encryption is determined according to the corresponding relation for prestoring, and corresponding relation is at least wrapped Include the corresponding relation between subdata and key after encryption.
Terminal get encryption after target data when, can also get encryption after target data in every encryption after Subdata and key between corresponding relation, the corresponding relation be used for for terminal determine every encryption after subdata correspondence Decipherment algorithm.Assuming that the corresponding relation that terminal gets is as shown in Table 3.
Alternatively, step 502 can be performed after step 501, it is also possible to be performed before step 501, can also be with Step 501 is performed simultaneously, and the present embodiment is not construed as limiting to this.
Step 503, searches the decipherment algorithm belonging to key from enciphering and deciphering algorithm set.
Terminal searches the decipherment algorithm belonging to key by decipherment algorithm selector from decipherment algorithm set.
Assuming that the enciphering and deciphering algorithm set that terminal gets is as shown in Figure 3 B, it is right between the subdata and key after encryption Should be related to as shown in Table 3, if the subdata after encryption is the viral name 1 after encryption, the corresponding relation according to table three is obtained The corresponding key of viral name 1 after to encryption is key A, and decipherment algorithm selector finds key in enciphering and deciphering algorithm set Decipherment algorithm belonging to A is:Subdata XOR key A after encryption.
Schematically, in order to make it easier to understand that the present embodiment provide data decryption method, refer to Fig. 5 B, below it is right The data decryption method cites an actual example and illustrates.In this example, it is viral name storehouse with target data, subdata is virus Illustrated as a example by name.
Terminal is searched by feature matcher 52 when whether detect file 51 is malicious file in characteristic information storehouse 53 With the presence or absence of the characteristic information that the characteristic information with file 51 matches;If in the presence of terminal is obtained from characteristic information storehouse 53 The corresponding viral ID54 of this feature information;Terminal passes through viral name selector 55 in viral name storehouse 56, searches ID54 pairs, virus Viral name 57 and key 58 corresponding with the viral name 57 after the encryption after the encryption answered;Terminal passes through decipherment algorithm selector 59 select the decipherment algorithm 592 belonging to key 58 from enciphering and deciphering algorithm set 591;Terminal should according to the decryption of decipherment algorithm 592 Viral name 57 after encryption, the viral name 593 after the decryption for obtaining.
Alternatively, server can encrypt same subdata using at least two target AESs.Now, for every Subdata, the mode that server chooses every kind of target AES is identical with the choosing method described in Fig. 4 A, and the present embodiment is herein Do not repeat.
After server selects at least two target AESs for encrypting same subdata, using this at least two Kind of target AES encrypt the subdata mode include but is not limited to it is following several.
First way, is preset with the priority of each AES in server, server is according to selecting at least Two kinds of priority of target AES ordered encryption subdata from high to low, the subdata after being encrypted.
Correspondingly, it is every kind of in determining at least two targets AES when the subdata after the terminal deciphering encryption The corresponding decipherment algorithm of target AES (has the decipherment algorithm of identical key) with the AES, is calculated according to decryption The priority of method order from low to high decrypts the subdata.Wherein, the priority of the priority of decipherment algorithm and AES It is identical.
Assuming that the target AES that server is selected is:Subdata XOR key A and subdata XOR key B, and The priority of AES is that subdata XOR key A is higher than subdata XOR key B;Then for same subdata, server First by subdata XOR key A, the first subdata is obtained;Subdata after the first subdata XOR key B is encrypted again.
Correspondingly, terminal, first by the subdata XOR key B after encryption, is obtained in the subdata after decrypting above-mentioned encryption To the first subdata;The first subdata XOR key A is obtained into subdata again.
The second way, for same subdata, server using at least two target AESs selected by The subdata is encrypted according to random sequence, the subdata after being encrypted;The random sequence is recorded, the random sequence is sent to end End.
Correspondingly, it is every kind of in determining at least two targets AES when the subdata after the terminal deciphering encryption The corresponding decipherment algorithm of target AES (has the decipherment algorithm of identical key) with the AES, according to service The order that the random sequence of device record is opposite decrypts the subdata.
Assuming that the target AES that server is selected is:Subdata XOR key A and subdata XOR key B;It is right In same subdata, server randomness ground obtains the first subdata first by subdata XOR key A;Again by the first subdata XOR key B encrypted after subdata, record the random sequence:Subdata XOR key A, subdata XOR key B.
Correspondingly, terminal is first according to the order opposite with above-mentioned random sequence in the subdata after decrypting above-mentioned encryption By the subdata XOR key B after encryption, the first subdata is obtained;The first subdata XOR key A is obtained into subdata again.
In order to be more clearly understood that the data ciphering method of present invention offer and the whole flow process of data decryption method, below The above method is cited an actual example and is illustrated.Fig. 6 is refer to, it illustrates the data processing that one embodiment of the invention is provided The flow chart of method.In following examples, it is applied in server with data ciphering method, data decryption method is applied to terminal In, target data is viral name storehouse, and the subdata in target data is to illustrate as a example by the viral name in viral name storehouse.
Server obtains viral name storehouse 61;Server is generated by algorithm synthesizer 62 according to encryption and decryption template pair and key Enciphering and deciphering algorithm set 63;Server is by AES selector 64 according to the random key for generating from enciphering and deciphering algorithm set Selection target AES 65 in 63;Server is encrypted according to 65 pairs of viral name storehouses 61 of target AES, is encrypted Viral name storehouse 66 afterwards;Server sends to terminal the viral name storehouse 66 after enciphering and deciphering algorithm set 63 and encryption.
Correspondingly, terminal receives the viral name storehouse 66 after enciphering and deciphering algorithm set 63 and encryption.
When whether the antivirus software detection file 67 in terminal is malicious file, by the antivirus engine in antivirus software 68 detection files characteristic information whether be malicious file characteristic information;If so, then obtaining the corresponding virus of this feature information ID;The viral name after the corresponding encryptions of the viral ID is determined in viral name storehouse 66 from after encryption, according to the virus after the encryption The corresponding key of name selects decipherment algorithm from enciphering and deciphering algorithm set 63, using the decipherment algorithm to the encryption after viral name It is decrypted, obtains original viral name 69;Terminal shows the viral name 69.
Following is apparatus of the present invention embodiment, can be used for performing the inventive method embodiment.For apparatus of the present invention reality The details not disclosed in example is applied, the inventive method embodiment is refer to.
Fig. 7 is refer to, the block diagram of the data processing equipment provided it illustrates one embodiment of the invention.The device has The function of above method example is performed, function can be realized by hardware, it is also possible to corresponding software is performed by hardware and is realized.The dress Putting to include:First acquisition module 710, the second acquisition module 720 and encrypting module 730.
First acquisition module 710, for performing above-mentioned steps 201;
Second acquisition module 720, for performing above-mentioned steps 202;
Encrypting module 730, for performing above-mentioned steps 203.
Alternatively, the second acquisition module 720, including:Acquiring unit, the first generation unit and the second generation unit.
Acquiring unit, for performing above-mentioned steps 301;
First generation unit, for performing above-mentioned steps 302;
Second generation unit, for performing above-mentioned steps 303.
Alternatively, for the AES and decipherment algorithm in same group encryption/decryption algorithm combination, what AES included The template type of encrypted template is identical with the template type of the decryption template that decipherment algorithm includes, template type includes XOR mould At least one in plate, same or template and non-template or non-template and template or template and non-template.
Alternatively, encrypting module 730, including:Choose unit, determining unit, ciphering unit, relation and set up unit and the 3rd Generation unit.
Unit is chosen, for performing above-mentioned steps 401;
Determining unit, for performing above-mentioned steps 402;
Ciphering unit, for performing above-mentioned steps 403;
Relation sets up unit, for performing above-mentioned steps 404;
3rd generation unit, for performing above-mentioned steps 405.
Correlative detail refers to the embodiment of the method shown in Fig. 2A, Fig. 3 A, Fig. 4 A.
Fig. 8 is refer to, the block diagram of the data processing equipment provided it illustrates one embodiment of the invention.The device has The function of above method example is performed, function can be realized by hardware, it is also possible to corresponding software is performed by hardware and is realized.The dress Putting to include:First acquisition module 810, determining module 820, the second acquisition module 830 and deciphering module 840.
First acquisition module 810, for performing above-mentioned steps 204;
Determining module 820, for performing above-mentioned steps 205;
Second acquisition module 830, for performing above-mentioned steps 206;
Deciphering module 840, for performing above-mentioned steps 207.
Alternatively, the second acquisition module 830, including:Acquiring unit, determining unit and searching unit.
Acquiring unit, for performing above-mentioned steps 501;
Determining unit, for performing above-mentioned steps 502;
Searching unit, for performing above-mentioned steps 503.
Correlative detail refers to the embodiment of the method shown in Fig. 2A and Fig. 5 A.
It should be noted that:Above-described embodiment provide device when its function is realized, only with above-mentioned each functional module Division is carried out for example, in practical application, can be completed by different functional modules as needed and by above-mentioned functions distribution, Will the internal structure of equipment be divided into different functional modules, to complete all or part of function described above.In addition, The apparatus and method embodiment that above-described embodiment is provided belongs to same design, and it implements process and refers to embodiment of the method, this In repeat no more.
Fig. 9 is refer to, the structural framing figure of the server provided it illustrates one embodiment of the invention.The server 900 include CPU (CPU) 901, including random access memory (RAM) 902 and read-only storage (ROM) 903 System storage 904, and connection system memory 904 and CPU 901 system bus 905.The server 900 basic input/outputs (I/O systems) 906 for also including transmission information between each device in help computer, and For the mass-memory unit 907 of storage program area 913, application program 914 and other program modules 918.
The basic input/output 906 is included for the display 908 of display information and for user input letter The input equipment 909 of such as mouse, keyboard etc of breath.Wherein described display 908 and input equipment 909 are all by being connected to The IOC 910 of system bus 905 is connected to CPU 901.The basic input/output 906 Can also including IOC 910 for receive and process from etc. keyboard, mouse or electronic touch pen it is multiple its The input of his equipment.Similarly, IOC 910 also provides output to display screen, printer or other kinds of defeated Go out equipment.
The mass-memory unit 907 is by being connected to the bulk memory controller (not shown) of system bus 905 It is connected to CPU 901.The mass-memory unit 907 and its associated computer-readable medium are server 900 provide non-volatile memories.That is, the mass-memory unit 907 can include such as hard disk or CD-ROM The computer-readable medium (not shown) of driver etc.
Without loss of generality, the computer-readable medium can include computer-readable storage medium and communication media.Computer Storage medium is including for storage computer-readable instruction, data structure, program module or information etc. other data Volatibility and non-volatile, removable and irremovable medium that any method or technique is realized.Computer-readable storage medium includes RAM, ROM, EPROM, EEPROM, flash memory or other solid-state storages its technologies, CD-ROM, DVD or other optical storages, tape Box, tape, disk storage or other magnetic storage apparatus.Certainly, skilled person will appreciate that the computer-readable storage medium It is not limited to above-mentioned several.Above-mentioned system storage 904 and mass-memory unit 907 may be collectively referred to as memory.
According to various embodiments of the present invention, the server 900 can also be arrived by network connections such as internets Remote computer operation on network.Namely server 900 can be by the communication component that is connected on the system bus 905 911 are connected to network 912, in other words, it is also possible to other kinds of network or remote computation are connected to using communication component 911 Machine system (not shown).
The memory also include one or more than one program, one or more than one program storage in In memory, one or more than one program bag is containing in for carrying out data ciphering method provided in an embodiment of the present invention Instruction as performed by server.
One of ordinary skill in the art will appreciate that all or part of step in the data ciphering method of above-described embodiment Program be can be by instruct the hardware of correlation to complete, the program can be stored in a computer-readable recording medium, Storage medium can include:Read-only storage (ROM, Read Only Memory), random access memory (RAM, Random Access Memory), disk or CD etc..
Figure 10 is refer to, the structural representation of the terminal provided it illustrates one embodiment of the invention.The terminal 1000 For the data decryption method for implementing to be provided in above-described embodiment.Specifically:
Terminal 1000 can include RF (Radio Frequency, radio frequency) circuit 1010, include one or more The memory 1020 of computer-readable recording medium, input block 1030, display unit 1040, sensor 1050, voicefrequency circuit 1060th, WiFi (wireless fidelity, Wireless Fidelity) module 1070, include one or more than one processing core Processor 1080 and the part such as power supply 1090.It will be understood by those skilled in the art that the terminal structure shown in Figure 10 is simultaneously The not restriction of structure paired terminal, can include part more more or less than diagram, or combine some parts, or different Part is arranged.Wherein:
RF circuits 1010 can be used to receiving and sending messages or communication process in, the reception and transmission of signal, especially, by base station After downlink information is received, transfer to one or more than one processor 1080 is processed;In addition, will be related to up data is activation to Base station.Generally, RF circuits 1010 include but is not limited to antenna, at least one amplifier, tuner, one or more oscillators, It is subscriber identity module (SIM) card, transceiver, coupler, LNA (Low Noise Amplifier, low-noise amplifier), double Work device etc..Additionally, RF circuits 1010 can also be communicated by radio communication with network and other equipment.The radio communication can be with Using any communication standard or agreement, including but not limited to GSM (Global System of Mobile communication, Global system for mobile communications), GPRS (General Packet Radio Service, general packet radio service), CDMA (Code Division Multiple Access, CDMA), WCDMA (Wideband Code Division Multiple Access, WCDMA), LTE (Long Term Evolution, Long Term Evolution), Email, SMS (Short Messaging Service, Short Message Service) etc..
Memory 1020 can be used to store software program and module, and processor 1080 is by running storage in memory 1020 software program and module, so as to perform various function application and data deciphering.Memory 1020 can mainly include Storing program area and storage data field, wherein, the application journey that storing program area can be needed for storage program area, at least one function Sequence (such as sound-playing function, image player function etc.) etc.;Storage data field can be stored to be created according to using for terminal 1000 Data (such as voice data, phone directory etc.) built etc..Additionally, memory 1020 can include high-speed random access memory, Nonvolatile memory can also be included, for example, at least one disk memory, flush memory device or other volatile solid-states are deposited Memory device.Correspondingly, memory 1020 can also include Memory Controller, to provide processor 1080 and input block 1030 Access to memory 1020.
Input block 1030 can be used to receive the numeral or character information of input, and generation is set and function with user The relevant keyboard of control, mouse, action bars, optics or trace ball signal input.Specifically, input block 1030 may include figure As input equipment 1031 and other input equipments 1032.Image input device 1031 can be camera, or photoelectricity Scanning device.Except image input device 1031, input block 1030 can also include other input equipments 1032.Specifically, Other input equipments 1032 can include but is not limited to physical keyboard, function key (such as volume control button, switch key etc.), One or more in trace ball, mouse, action bars etc..
Display unit 1040 can be used for display by the information of user input or be supplied to the information and terminal 1000 of user Various graphical user interface, these graphical user interface can by figure, text, icon, video and its any combination come structure Into.Display unit 1040 may include display panel 1041, it is alternatively possible to using LCD (Liquid Crystal Display, Liquid crystal display), the form such as OLED (Organic Light-Emitting Diode, Organic Light Emitting Diode) configure display Panel 1041.
Terminal 1000 may also include at least one sensor 1050, such as optical sensor, motion sensor and other biographies Sensor.Specifically, optical sensor may include ambient light sensor and proximity transducer, wherein, ambient light sensor can be according to ring The light and shade of environmental light adjusts the brightness of display panel 1041, and proximity transducer can close when terminal 1000 is moved in one's ear Display panel 1041 and/or backlight.As one kind of motion sensor, in the detectable all directions of Gravity accelerometer The size of (generally three axles) acceleration, can detect that size and the direction of gravity when static, can be used to recognize mobile phone attitude (such as pedometer, struck using (such as horizontal/vertical screen switching, dependent game, magnetometer pose calibrating), Vibration identification correlation function Hit) etc.;Gyroscope, barometer, hygrometer, thermometer, infrared ray sensor for being can also configure as terminal 1000 etc. other biography Sensor, will not be repeated here.
Voicefrequency circuit 1060, loudspeaker 1061, microphone 1062 can provide the COBBAIF between user and terminal 1000. Electric signal after the voice data conversion that voicefrequency circuit 1060 will can be received, is transferred to loudspeaker 1061, by loudspeaker 1061 Be converted to voice signal output;On the other hand, the voice signal of collection is converted to electric signal by microphone 1062, by voicefrequency circuit 1060 receive after be converted to voice data, then after voice data output processor 1080 is processed, through RF circuits 1010 sending To such as another terminal, or voice data is exported to memory 1020 so as to further treatment.Voicefrequency circuit 1060 may be used also Earphone jack can be included, to provide the communication of peripheral hardware earphone and terminal 1000.
WiFi belongs to short range wireless transmission technology, and terminal 1000 can help user to receive and dispatch electricity by WiFi module 1070 Sub- mail, browse webpage and access streaming video etc., it has provided the user wireless broadband internet and has accessed.Although Figure 10 shows Go out WiFi module 1070, but it is understood that, it is simultaneously not belonging to must be configured into for terminal 1000, completely can be according to need To be omitted in the essential scope for do not change invention.
Processor 1080 is the control centre of terminal 1000, using various interfaces and each portion of connection whole mobile phone Point, by running or performing software program and/or module of the storage in memory 1020, and storage is called in memory Data in 1020, perform the various functions and processing data of terminal 1000, so as to carry out integral monitoring to mobile phone.Alternatively, Processor 1080 may include one or more processing cores;Preferably, processor 1080 can integrated application processor and modulatedemodulate Processor is adjusted, wherein, application processor mainly processes operating system, user interface and application program etc., modem processor Main treatment radio communication.It is understood that above-mentioned modem processor can not also be integrated into processor 1080.
Terminal 1000 also includes the power supply 1090 (such as battery) powered to all parts, it is preferred that power supply can pass through Power-supply management system is logically contiguous with processor 1080, so as to realize management charging, electric discharge, Yi Jigong by power-supply management system The functions such as consumption management.Power supply 1090 can also include one or more direct current or AC power, recharging system, power supply The random component such as failure detector circuit, power supply changeover device or inverter, power supply status indicator.
Although not shown, terminal 1000 can also will not be repeated here including bluetooth module etc..
It is specific that terminal 1000 also includes memory, and one or more than one program in the present embodiment, its In one or more than one program storage in memory, and be configured to by one or more than one computing device. Said one or more than one program bag are containing the instruction for performing the above method.
It should be appreciated that referenced herein " multiple " refers to two or more."and/or", description association The incidence relation of object, expression there may be three kinds of relations, for example, A and/or B, can represent:Individualism A, while there is A And B, individualism B these three situations.Character "/" typicallys represent forward-backward correlation pair as if a kind of relation of "or".
The embodiments of the present invention are for illustration only, and the quality of embodiment is not represented.
One of ordinary skill in the art will appreciate that realizing that all or part of step of above-described embodiment can be by hardware To complete, it is also possible to instruct the hardware of correlation to complete by program, described program can be stored in a kind of computer-readable In storage medium, storage medium mentioned above can be read-only storage, disk or CD etc..
The foregoing is only presently preferred embodiments of the present invention, be not intended to limit the invention, it is all it is of the invention spirit and Within principle, any modification, equivalent substitution and improvements made etc. should be included within the scope of the present invention.

Claims (12)

1. a kind of data ciphering method, it is characterised in that methods described includes:
Target data to be encrypted is obtained, the target data includes at least two subdatas;
Obtain at least two AESs;
For every subdata in the target data, target AES is selected from least two AES The subdata is encrypted, the target data after being encrypted.
2. method according to claim 1, it is characterised in that the AES of the acquisition at least two, including:
Encryption and decryption template pair is obtained, the encryption and decryption template is to including:Encrypted template and the corresponding decryption mould of the encrypted template Plate;
At least one key of random generation;
Enciphering and deciphering algorithm set is generated according to the encryption and decryption template pair and the key, the enciphering and deciphering algorithm set is included extremely Few two group encryption/decryption algorithm combinations, enciphering and deciphering algorithm combination described in every group includes AES and decipherment algorithm, and the encryption is calculated Method includes the encrypted template and the key, and the decipherment algorithm includes decryption template and the key, same group of institute The AES stated in enciphering and deciphering algorithm combination is identical with the key that the decipherment algorithm includes, difference group is described to be added The key included between close algorithm combination is different.
3. method according to claim 2, it is characterised in that described in enciphering and deciphering algorithm combination described in same group AES and the decipherment algorithm, the template type and the decipherment algorithm of the encrypted template that the AES includes Including the decryption template template type it is identical, the template type include XOR template, with or template and non-template, Or at least one in non-template and template or template and non-template.
4. according to any described method of claims 1 to 3, it is characterised in that every in the target data Subdata, from least two AES select target AES is encrypted to the subdata, is added Target data after close, including:
For subdata every described, from the key of at least two AES, target cipher key, Mei Zhongsuo are randomly selected Stating AES includes encrypted template and key;
Determine the target AES belonging to target cipher key described at least two AES;
The subdata, the subdata after being encrypted are encrypted by the target AES;
Corresponding relation between the subdata set up after the encryption and the target cipher key, the corresponding relation is used for institute The subdata after encryption is stated when being decrypted, affiliated decipherment algorithm, the solution are determined according to the corresponding target cipher key Close algorithm includes decryption template and the target cipher key;
Target data after the encryption is generated according to the subdata after the encryption.
5. a kind of data decryption method, it is characterised in that methods described includes:
The target data after encryption is obtained, the target data after the encryption includes the subdata after at least two encryptions, described There is the AES difference that the subdata after at least two encryptions is used in subdata after at least two encryptions;
The subdata after the encryption to be decrypted is determined from the target data after the encryption;
Obtain the corresponding decipherment algorithm of subdata after the encryption;
Subdata after the encryption is decrypted according to the decipherment algorithm.
6. method according to claim 5, it is characterised in that the corresponding decryption of subdata after the acquisition encryption Algorithm, including:
Enciphering and deciphering algorithm set is obtained, the enciphering and deciphering algorithm set includes at least two group encryption/decryption algorithm combinations, described in every group Enciphering and deciphering algorithm combination includes AES and decipherment algorithm, and the AES includes the encrypted template and the key, The decipherment algorithm includes decryption template and the key, and the encryption in enciphering and deciphering algorithm combination described in same group is calculated Method is identical with the key that the decipherment algorithm includes, the key included between the difference group AES combination is not Together;
Corresponding relation according to prestoring determines the corresponding key of the subdata after the encryption, and the corresponding relation is at least wrapped Include the corresponding relation between the subdata after the encryption and the key;
The decipherment algorithm belonging to the key is searched from the enciphering and deciphering algorithm set.
7. a kind of data encryption device, it is characterised in that described device includes:
First acquisition module, for obtaining target data to be encrypted, the target data includes at least two subdatas;
Second acquisition module, for obtaining at least two AESs;
Encrypting module, for every subdata in the target data that is got for first acquisition module, from institute State and select target AES at least two AES that second acquisition unit gets the subdata is entered Row encryption, the target data after being encrypted.
8. device according to claim 7, it is characterised in that second acquisition module, including:
Acquiring unit, for obtaining encryption and decryption template pair, the encryption and decryption template is to including:Encrypted template and the encrypted template Corresponding decryption template;
First generation unit, at least one key of random generation;
Second generation unit, it is single for the encryption and decryption template pair got according to the acquiring unit and the described first generation The key generation enciphering and deciphering algorithm set of unit's generation, the enciphering and deciphering algorithm set includes at least two group encryption/decryption algorithm groups Close, enciphering and deciphering algorithm combination described in every group includes AES and decipherment algorithm, and the AES includes the encrypted template With the key, the decipherment algorithm includes decryption template and the key, in enciphering and deciphering algorithm combination described in same group The AES it is identical with the key that the decipherment algorithm includes, include between the difference group AES combinations The key it is different.
9. device according to claim 8, it is characterised in that described in enciphering and deciphering algorithm combination described in same group AES and the decipherment algorithm, the template type and the decipherment algorithm of the encrypted template that the AES includes Including the decryption template template type it is identical, the template type include XOR template, with or template and non-template, Or at least one in non-template and template or template and non-template.
10. according to any described device of claim 7 to 9, it is characterised in that the encrypting module, including:
Unit is chosen, for for subdata every described, from the key of at least two AES, randomly selecting mesh Mark key, every kind of AES includes encrypted template and key;
Determining unit, for determine described at least two AES choose unit selection the target cipher key belonging to Target AES;
Ciphering unit, the target AES for being determined by the determining unit encrypts the subdata, obtains Subdata after encryption;
Relation sets up unit, for the subdata and the target cipher key set up after the encryption that the ciphering unit is obtained it Between corresponding relation, the corresponding relation be used for when the subdata after to the encryption is decrypted, according to corresponding described Target cipher key determines affiliated decipherment algorithm, and the decipherment algorithm includes decryption template and the target cipher key;
3rd generation unit, after generating the encryption for the subdata after the encryption that is obtained according to the ciphering unit Target data.
11. a kind of data decryption apparatus, it is characterised in that described device includes:
First acquisition module, for obtaining the target data after encryption, the target data after the encryption adds including at least two Subdata after close, what the subdata existed after at least two encryptions in the subdata after at least two encryptions was used AES is different;
Determining module, it is to be decrypted for determining in the target data after the encryption that is got from first acquisition module Subdata after the encryption;
Second acquisition module, calculates for obtaining the corresponding decryption of the subdata after the encryption that the determining module is determined Method;
Deciphering module, the decipherment algorithm for being got according to second acquisition module decrypts the subnumber after the encryption According to.
12. devices according to claim 11, it is characterised in that second acquisition module, including:
Acquiring unit, for obtaining enciphering and deciphering algorithm set, the enciphering and deciphering algorithm set includes at least two group encryption/decryption algorithms Combination, enciphering and deciphering algorithm combination described in every group includes AES and decipherment algorithm, and the AES includes the encryption mould Plate and the key, the decipherment algorithm include decryption template and the key, enciphering and deciphering algorithm combination described in same group In the AES it is identical with the key that the decipherment algorithm includes, wrapped between the difference group AES combinations The key for including is different;
Determining unit, it is described for determining the corresponding key of the subdata after the encryption according to the corresponding relation for prestoring Corresponding relation at least includes the corresponding relation between subdata and the key after the encryption;
Searching unit, it is true for searching the determining unit from the enciphering and deciphering algorithm set that the acquiring unit gets The decipherment algorithm belonging to the key made.
CN201710095577.9A 2017-02-22 2017-02-22 Data encryption method, data decryption method and device Active CN106850220B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710095577.9A CN106850220B (en) 2017-02-22 2017-02-22 Data encryption method, data decryption method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710095577.9A CN106850220B (en) 2017-02-22 2017-02-22 Data encryption method, data decryption method and device

Publications (2)

Publication Number Publication Date
CN106850220A true CN106850220A (en) 2017-06-13
CN106850220B CN106850220B (en) 2021-01-01

Family

ID=59134339

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710095577.9A Active CN106850220B (en) 2017-02-22 2017-02-22 Data encryption method, data decryption method and device

Country Status (1)

Country Link
CN (1) CN106850220B (en)

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107425959A (en) * 2017-06-20 2017-12-01 郑州云海信息技术有限公司 A kind of method for realizing encryption, system, client and service end
CN108390759A (en) * 2018-03-21 2018-08-10 平安普惠企业管理有限公司 Code encryption, decryption method, device, computer equipment and storage medium
CN108632296A (en) * 2018-05-17 2018-10-09 中体彩科技发展有限公司 A kind of dynamic encryption and decryption method of network communication
CN109165485A (en) * 2018-08-14 2019-01-08 石榴籽科技有限公司 A kind of decryption system and method for service transaction system of networking
WO2019019287A1 (en) * 2017-07-27 2019-01-31 深圳市盛路物联通讯技术有限公司 Random encryption method and apparatus for internet of things terminal data
CN109800588A (en) * 2019-01-24 2019-05-24 工业和信息化部装备工业发展中心 Bar code dynamic encrypting method and device, bar code dynamic decryption method and device
CN110401849A (en) * 2019-03-01 2019-11-01 腾讯科技(深圳)有限公司 The cipher processing method and device of video data
CN110611568A (en) * 2019-09-20 2019-12-24 天翼电子商务有限公司 Dynamic encryption and decryption method, device and equipment based on multiple encryption and decryption algorithms
CN110620792A (en) * 2019-10-24 2019-12-27 福建星网视易信息系统有限公司 Communication encryption method, communication device, system, and computer-readable storage medium
CN110650010A (en) * 2019-09-24 2020-01-03 支付宝(杭州)信息技术有限公司 Method, device and equipment for generating and using private key in asymmetric key
WO2020237868A1 (en) * 2019-05-24 2020-12-03 平安科技(深圳)有限公司 Data transmission method, electronic device, server and storage medium
CN112434322A (en) * 2020-12-03 2021-03-02 深圳市欢太科技有限公司 Data encryption method and device, computer equipment and computer readable storage medium
CN112528349A (en) * 2020-12-02 2021-03-19 合肥宏晶微电子科技股份有限公司 Data processing method and device, electronic equipment and readable storage medium
CN113538814A (en) * 2021-06-22 2021-10-22 华录智达科技股份有限公司 Intelligent bus vehicle-mounted terminal supporting digital RMB payment
CN114239028A (en) * 2021-12-20 2022-03-25 中国平安财产保险股份有限公司 Data processing method and device, computer equipment and storage medium
CN114978573A (en) * 2022-03-30 2022-08-30 潍柴动力股份有限公司 OTA data encryption method, device and system

Citations (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1330353A (en) * 2000-06-20 2002-01-09 北京华诺信息技术有限公司 Information encryption method and system
CN1503503A (en) * 2002-11-26 2004-06-09 ���µ�����ҵ��ʽ���� Method and device for data encipher/deciphering
US20050047597A1 (en) * 2001-12-13 2005-03-03 Zhibin Zheng Method of selecting encrypting arithmetric for realizing communication of secrecy
CN101282212A (en) * 2008-05-20 2008-10-08 北京方正国际软件系统有限公司 System and method for encipherment and decipherment based on template
CN101692636A (en) * 2009-10-27 2010-04-07 中山爱科数字科技有限公司 Data element and coordinate algorithm-based method and device for encrypting mixed data
CN101877634A (en) * 2009-04-28 2010-11-03 华为技术有限公司 Data encryption and decryption method and device for Ethernet passive optical network (EPON) system
CN101895390A (en) * 2010-02-05 2010-11-24 上海复旦天臣新技术有限公司 Method, device and system for encryption and decryption
CN102081717A (en) * 2011-02-25 2011-06-01 金洋 Method for protecting authorized software by using metadata
CN102523087A (en) * 2011-12-14 2012-06-27 百度在线网络技术(北京)有限公司 Method and equipment for carrying out encrypting treatment on self-execution network information
CN103561024A (en) * 2013-10-31 2014-02-05 大连金马衡器有限公司 Data transmission method based on weighing instrument and remote server
CN104378198A (en) * 2014-10-16 2015-02-25 南京中科龙脉物联网技术有限公司 Voice encryption method based on block cipher system
CN105357003A (en) * 2015-11-19 2016-02-24 广东小天才科技有限公司 Data encryption method and device
CN105897417A (en) * 2016-04-01 2016-08-24 广东欧珀移动通信有限公司 Encrypted data input method and encrypted data input device
CN106210775A (en) * 2016-08-26 2016-12-07 浙江大华技术股份有限公司 A kind of method of video-encryption, camera head and video processing platform
CN106411500A (en) * 2016-10-18 2017-02-15 林少忠 Data encryption method in communication process

Patent Citations (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1330353A (en) * 2000-06-20 2002-01-09 北京华诺信息技术有限公司 Information encryption method and system
US20050047597A1 (en) * 2001-12-13 2005-03-03 Zhibin Zheng Method of selecting encrypting arithmetric for realizing communication of secrecy
CN1503503A (en) * 2002-11-26 2004-06-09 ���µ�����ҵ��ʽ���� Method and device for data encipher/deciphering
CN101282212A (en) * 2008-05-20 2008-10-08 北京方正国际软件系统有限公司 System and method for encipherment and decipherment based on template
CN101877634A (en) * 2009-04-28 2010-11-03 华为技术有限公司 Data encryption and decryption method and device for Ethernet passive optical network (EPON) system
CN101692636A (en) * 2009-10-27 2010-04-07 中山爱科数字科技有限公司 Data element and coordinate algorithm-based method and device for encrypting mixed data
CN101895390A (en) * 2010-02-05 2010-11-24 上海复旦天臣新技术有限公司 Method, device and system for encryption and decryption
CN102081717A (en) * 2011-02-25 2011-06-01 金洋 Method for protecting authorized software by using metadata
CN102523087A (en) * 2011-12-14 2012-06-27 百度在线网络技术(北京)有限公司 Method and equipment for carrying out encrypting treatment on self-execution network information
CN103561024A (en) * 2013-10-31 2014-02-05 大连金马衡器有限公司 Data transmission method based on weighing instrument and remote server
CN104378198A (en) * 2014-10-16 2015-02-25 南京中科龙脉物联网技术有限公司 Voice encryption method based on block cipher system
CN105357003A (en) * 2015-11-19 2016-02-24 广东小天才科技有限公司 Data encryption method and device
CN105897417A (en) * 2016-04-01 2016-08-24 广东欧珀移动通信有限公司 Encrypted data input method and encrypted data input device
CN106210775A (en) * 2016-08-26 2016-12-07 浙江大华技术股份有限公司 A kind of method of video-encryption, camera head and video processing platform
CN106411500A (en) * 2016-10-18 2017-02-15 林少忠 Data encryption method in communication process

Cited By (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107425959A (en) * 2017-06-20 2017-12-01 郑州云海信息技术有限公司 A kind of method for realizing encryption, system, client and service end
WO2019019287A1 (en) * 2017-07-27 2019-01-31 深圳市盛路物联通讯技术有限公司 Random encryption method and apparatus for internet of things terminal data
CN108390759A (en) * 2018-03-21 2018-08-10 平安普惠企业管理有限公司 Code encryption, decryption method, device, computer equipment and storage medium
CN108632296A (en) * 2018-05-17 2018-10-09 中体彩科技发展有限公司 A kind of dynamic encryption and decryption method of network communication
CN108632296B (en) * 2018-05-17 2021-08-13 中体彩科技发展有限公司 Dynamic encryption and decryption method for network communication
CN109165485A (en) * 2018-08-14 2019-01-08 石榴籽科技有限公司 A kind of decryption system and method for service transaction system of networking
CN109800588A (en) * 2019-01-24 2019-05-24 工业和信息化部装备工业发展中心 Bar code dynamic encrypting method and device, bar code dynamic decryption method and device
CN110401849A (en) * 2019-03-01 2019-11-01 腾讯科技(深圳)有限公司 The cipher processing method and device of video data
WO2020237868A1 (en) * 2019-05-24 2020-12-03 平安科技(深圳)有限公司 Data transmission method, electronic device, server and storage medium
CN110611568A (en) * 2019-09-20 2019-12-24 天翼电子商务有限公司 Dynamic encryption and decryption method, device and equipment based on multiple encryption and decryption algorithms
CN110650010A (en) * 2019-09-24 2020-01-03 支付宝(杭州)信息技术有限公司 Method, device and equipment for generating and using private key in asymmetric key
CN110650010B (en) * 2019-09-24 2022-04-29 支付宝(杭州)信息技术有限公司 Method, device and equipment for generating and using private key in asymmetric key
CN110620792A (en) * 2019-10-24 2019-12-27 福建星网视易信息系统有限公司 Communication encryption method, communication device, system, and computer-readable storage medium
CN112528349A (en) * 2020-12-02 2021-03-19 合肥宏晶微电子科技股份有限公司 Data processing method and device, electronic equipment and readable storage medium
CN112434322A (en) * 2020-12-03 2021-03-02 深圳市欢太科技有限公司 Data encryption method and device, computer equipment and computer readable storage medium
CN112434322B (en) * 2020-12-03 2024-05-07 深圳市欢太科技有限公司 Data encryption method, device, computer equipment and computer readable storage medium
CN113538814A (en) * 2021-06-22 2021-10-22 华录智达科技股份有限公司 Intelligent bus vehicle-mounted terminal supporting digital RMB payment
CN114239028A (en) * 2021-12-20 2022-03-25 中国平安财产保险股份有限公司 Data processing method and device, computer equipment and storage medium
CN114978573A (en) * 2022-03-30 2022-08-30 潍柴动力股份有限公司 OTA data encryption method, device and system
CN114978573B (en) * 2022-03-30 2024-02-20 潍柴动力股份有限公司 Encryption method, device and system of OTA data

Also Published As

Publication number Publication date
CN106850220B (en) 2021-01-01

Similar Documents

Publication Publication Date Title
CN106850220A (en) Data ciphering method, data decryption method and device
CN104821937B (en) Token acquisition methods, apparatus and system
ES2836114T3 (en) Information sending method, information reception method, device and system
CN111600710B (en) Key storage method, device, terminal, server and readable medium
US9875363B2 (en) Use of generic (browser) encryption API to do key exchange (for media files and player)
CN106712932B (en) Key management method, apparatus and system
CN110417543B (en) Data encryption method, device and storage medium
US20100070769A1 (en) Log acquisition system, log collection terminal, log acquisition terminal, and log acquisition method and program using the same system and terminals
CN106686008A (en) Information storage method and information storage device
CN108011879A (en) File encryption, method, apparatus, equipment and the storage medium of decryption
CN113395159A (en) Data processing method based on trusted execution environment and related device
US20120170740A1 (en) Content protection apparatus and content encryption and decryption apparatus using white-box encryption table
WO2016115889A1 (en) Method and system for controlling encryption of information and analyzing information as well as terminal
CN103914541B (en) The method and device of information search
CN102387343A (en) Terminal device, server, data processing system, data processing method, and program
CN107154935A (en) service request method and device
CN110545190A (en) signature processing method, related device and equipment
CN114553612B (en) Data encryption and decryption method and device, storage medium and electronic equipment
CN112533202A (en) Identity authentication method and device
CN108234124A (en) Auth method, device and system
CN104639394B (en) Statistical method, the device and system of client number of users
CN107592409A (en) Application control method and device
CN114547082A (en) Data aggregation method, related device, equipment and storage medium
CN114389825B (en) Data communication method based on block chain and related device
CN108234412A (en) Auth method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant