CN101692636B - Data element and coordinate algorithm-based method and device for encrypting mixed data - Google Patents
Data element and coordinate algorithm-based method and device for encrypting mixed data Download PDFInfo
- Publication number
- CN101692636B CN101692636B CN2009101933842A CN200910193384A CN101692636B CN 101692636 B CN101692636 B CN 101692636B CN 2009101933842 A CN2009101933842 A CN 2009101933842A CN 200910193384 A CN200910193384 A CN 200910193384A CN 101692636 B CN101692636 B CN 101692636B
- Authority
- CN
- China
- Prior art keywords
- data
- algorithm
- coordinate
- encryption
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Abstract
The invention relates to the field of data encryption, and discloses a method and a device for encrypting by performing data element division on data, performing coordinate distribution on each data element and adopting different algorithms and keys. The device is characterized in that: the security guarantee of the data does not depend on the complexity of a certain encryption algorithm or the length of a key for encrypting any more. By introducing various custom simple algorithms which cannot be predicted outside and mixing various different encryption algorithms to encrypt the same document, the advantages of the algorithms are effectively integrated, the computational load and cost for encrypting are greatly reduced, and the method and the device have significant beneficial effects and technical progress.
Description
Technical field:
The present invention relates to field of data encryption, more particularly be a kind ofly to divide, and each data element is carried out coordinate assignment and adopts algorithms of different to carry out method of encrypting and device by data being carried out data element.
Background technology
Data security is the important content of information technology and mechanics of communication research, is also concerning national security, company interest and personal property safety simultaneously.In order to guarantee data security, all over the world, from ancient times to the present the sky is all in research with designing the whole bag of tricks and equipment.
At present, by computer data being carried out method has multiplely, comprising: des encryption algorithm, RSA, 3DES, block encryption algorithm FEAL, IDEA algorithm etc.; Wherein the des encryption algorithm is to use one 56 key and 8 additional bit parity check positions, produce the block cipher of maximum 64 grouping size, during encryption at first in two with the text block of encrypting, use sub-key to half application cycle function wherein, will export then with second half and carry out nonequivalence operation; Then exchange these two halves, this process can continue, and the encryption method that last circulation is not exchanged.RSA is studied public key algorithm the most widely, and the fail safe of RSA depends on the factor of big number decomposes, and PKI and private key all are the functions of two big prime numbers (greater than 100 decimal digits); The generation key feature of RSA is the restriction that is subjected to the prime number generating technique; Block length is too big, for guaranteeing fail safe, makes the computing cost very high, and especially speed is slower, and than the slow several magnitude of symmetric cryptographic algorithm, and along with the development of big several decomposition techniques, this length is also increasing.
Contrast by various encryption methods, can find that it is the safety that the length of complexity by continuous this cryptographic algorithm of increase and encryption key improves data that all there is a kind of common feature in the various encryption methods that adopt at present, its cost of this characteristics is the load and the cost that must roll up computing.
Summary of the invention
The present invention seeks to deficiency at existing data ciphering method, providing a kind of divides by data being carried out data element, and each data element is carried out coordinate assignment and employing algorithms of different and key carry out method of encrypting and device, use this device or method that data are encrypted, can guarantee the safety of data height on the one hand, also can effectively reduce the load and the cost of computing simultaneously.
Encryption method of the present invention:
A kind of method of the mixed type data encryption based on data element and coordinate algorithm is characterized in that, comprises the steps:
A). encrypt end and set up the cryptographic algorithm database, in the database different cryptographic algorithm have make its can be indexed/coordinate label or the ID sequence called;
B). be-encrypted data is divided into the plurality of data unit;
C). the cryptographic algorithm distribution module for each data cell distribute coordinate or/the ID sequence, and use this coordinate or/ID sequence corresponding algorithm encrypts this data cell;
D). add toward the data encrypted unit this cryptographic algorithm coordinate or/the ID sequence field forms new data element;
E). new data element is combined into encrypted data.
Wherein, the different cryptographic algorithm of the cryptographic algorithm database of the above the inside refer to that carrying out identical or different computings by the key with different length or content realizes the algorithm encrypted;
Described coordinate label or ID sequence are formed by the field combination more than two sections or two sections with several Bit;
Described enciphered data is divided into the plurality of data unit and refers to that enciphered data is divided into some data segments common fixed-length or that have the different length grade that have;
Described new data element refers to be added with in front, ciphered data unit in order to the coordinate label of representing this cryptographic algorithm or ID sequence information and the data cell that forms.
As the integrality optimization that this method is used, method of the present invention also has a decryption step, and decryption step comprises:
21). decrypting end is set up the decipherment algorithm database, arbitrary cryptographic algorithm of encrypting end the decipherment algorithm database have at least one with its corresponding decipherment algorithm with different coordinate labels or ID sequence;
22). the new data element of encrypted data is separated, and extract the coordinate or the ID sequence of cryptographic algorithm from new data element;
23) be decrypted by the coordinate of decipherment algorithm and cryptographic algorithm or the coordinate or the ID sequence of hinting obliquely at algorithm acquisition decipherment algorithm of ID sequence, and by pairing algorithm;
24) decrypted data cell is reassembled into data.
Further optimize, on the method told about also comprise:
Encrypt end subscriber input private key, this private key combines back defeated encrypting again with the enciphered data that has made up after treatment;
Decrypting end, the user imports private key, this private key with treat that the password field of data decryption partly compares checking, and carry out follow-up deciphering incident by the rear in checking;
Encrypted data are carried out network data transmission in the ICP/IP protocol of encrypting use standard between end and the decrypting end.
Be encryption device of the present invention below:
A kind of based on the mixed type data encryption of data element and coordinate algorithm and the device of deciphering, it is characterized in that: it comprises as lower module:
31). the data input module that is used to obtain data and data is divided into the plurality of data unit;
32). be used for the encrypt/decrypt overall process is carried out central controlled encrypt/decrypt control module;
33). be used for the encryption/decryption algorithm database of storage encryption or decipherment algorithm;
34). be used to each data cell to carry out the algorithm assigns module of algorithm coordinate or ID sequence allocation/conversion;
35). be used to call the encrypting-decrypting module that algorithm is encrypted or deciphered;
36). be used to each encrypted data cell interpolation coordinate or ID sequence information field to form the packing module of new data element;
37). be used for new data element is combined into the composite module of encrypted/data decryption;
Described encrypt/decrypt control module control data input module obtains data and divide/or be decomposed into data cell, and the algorithm assigns module is that data cell is distributed and encrypted or the coordinate or the ID sequence of decipherment algorithm correspondence then; Close control module control encrypting-decrypting module obtains this coordinate or ID sequence corresponding algorithm is carried out encrypt/decrypt to the data unit from the encryption/decryption algorithm database; Encrypting control module control packing module forms new data cell and by composite module encrypted or decrypted data unit is made up.
Technical scheme in sum has following essence progress and beneficial effect:
1. adopt data are carried out the data element division, and by each data element is encrypted by the method with different cryptographic algorithm and key, final data is safe;
2. what the Information Security of encryption methods such as present DES, RSA, 3DES, FEAL, IDEA largely relied on is the complexity of algorithm itself and the length of key, and encryption method safety guarantee of the present invention comes from the diversity of cryptographic algorithm and key in the cryptographic algorithm database and is difficult to foreseeability;
3. when encryption method of the present invention is encrypted data element, both can adopt commonly used encrypting as DES, RSA, 3DES scheduling algorithm, more can adopt self-defining multiple simple or complicated, the cryptographic algorithm that key is changeable.The mixing of multiple encryption algorithms is used, can guarantee the degree of safety of data on the one hand, merge the advantage of multiple encryption algorithms, on the other hand, also can save the workload of encryption, because when encrypting unnecessary to all data all carry out as DES, RSA, 3DES so complex calculations handle, for the partial data unit as long as adopt simple the encryption.
4. data are illegally cracked if want, the condition that need possess is must know user's private key, must know the division methods of data cell, the rule distribution method that must know the algorithm coordinate and conversion method, must know key that cryptographic algorithm all in the database and each algorithm adopt, need know the combined method of data cell in addition exactly, so with respect to existing various encryption methods, the probability that encryption method of the present invention is cracked is littler.
Description of drawings:
Fig. 1 carries out the schematic diagram that data cell is cut apart;
Fig. 2 is the new data element data structure diagram that has added coordinate fields;
Fig. 3 is the new data element data structure diagram that has added length mark and coordinate fields;
Fig. 4 is the data structure diagram after the new data element of Fig. 2 makes up;
Fig. 5 is the data structure diagram after the new data element of Fig. 3 makes up;
Fig. 6 is encryption flow figure;
Fig. 7 is the deciphering flow chart;
Fig. 8 is the structured flowchart of encryption device;
Fig. 9 is the structured flowchart of decryption device;
Figure 10 is the structured flowchart of another kind of encryption device;
Figure 11 is the structured flowchart of another kind of decryption device;
Figure 12 is the encryption flow figure after optimizing;
Figure 13 is the deciphering flow chart after optimizing.
Embodiment
Embodiment one
Referring to figs. 1 to 7, the method for a kind of mixed type data encryption based on data element and coordinate algorithm of open the present invention.This method comprises the steps to realize:
1). obtaining by data input module needs ciphered data;
2). data are divided into plurality of data unit, i.e. data segment; Division methods comprises: A. is divided into the data segment with identical fixing length cell with data input stream, and (length of data segment can be determined without limits according to actual needs; Because the data division of the IP datagram of IPV4 is the longest to be 64KB, so can each data segment be set at 64KB with reference to it), and with the data of a length cell of remaining less than as an independent data segment; B. define some length scale (for example can be with 128KB, 64KB, 32KB, 12KB, 1KB, 512B, 256B be defined as 6~0 grades successively, the method of definition can be determined according to actual needs, do not have restriction in principle), data input stream is divided into the data segment with the rank length that defines, and with the data of the minimum rank length of remaining deficiency as an independent data segment; C. the length by specific algorithm (produce algorithm as random number and produce random number) specified data section as the length of this data segment, the algorithm of asking optimal value etc. by the size analysis of whole data being regulated data segment, length.Compare down, the realization program that data input stream is divided into the data segment with identical fixing length cell is the simplest, divide and the efficient of control also the highest, so be that example is further described with it.
With reference to shown in Figure 1, be-encrypted data enters from an end of data input module, and (1~N), data cell is exported in order then to be divided into the data cell of serial equal length successively by the data cell partitioning algorithm of data input module.
3). obtain data cell, the cryptographic algorithm distribution module for this data cell distribute coordinate or/the ID sequence.Coordinate or/the ID sequence is by the forming more than two periods or two periods with some bytes.Denotation coordination or/byte number of ID sequence can decide according to the cryptographic algorithm number in the cryptographic algorithm database.As suppose to use 16 byte representations, but then the corresponding algorithm number mostly is 65536 kinds most; Use 32 byte representations, but then the corresponding algorithm number can reach kind more than 4,200,000,000; Based on the fail safe and the efficient of encrypting, under the general case, use 16 bytes to meet demand for security fully.Coordinate or/the ID sequence constitutes can have several different methods according to algorithm in the expression difference of database internal coordinate, as adopting the two-dimensional representation method, promptly uses (X, Y) expression (seeing Fig. 3 and Fig. 4), wherein X coordinate, Y coordinate are used 9 bytes, 7 byte representations respectively, and then the X scope is 0~511, and the Y scope is 0~127; The cryptographic algorithm distribution module is that data cell is distributed in the algorithm coordinate in the definition coordinate range successively by the algorithm in it, described algorithm is included in and produces an integer in the coordinate range at random and produce equally distributed random integers as coordinate, in coordinate range as coordinate etc., is example to produce equally distributed random integers in coordinate range as coordinate, and its algorithm can be by following realization:
Suppose and will produce a rounded coordinate equably at random in [0,511], then computing formula is:
r
i=mod(5r
i-1,4n);
t
i=int(r
i/4);
Wherein, initial value is r
0〉=0 odd number, n=2
K,K=[log
2 511]+1 can obtain random integers.
Block:
Int?r;
{int?k,l,m,i,p;
k=511;l=2;
while(l<511)l=l+1;
m=4*l;k=r;i=1
while(i<=l)
{k=k+k+k+k+k;
k=k%m;l=k/4;
If(i<=b){p=1;i=i+1}
}
r=k;
return(p);
}
The method of the byte length of coordinate or ID sequence, division hop count and generation coordinate can be done self-defined or adjustment according to actual;
4). the coordinate that produces according to the cryptographic algorithm distribution module or/ID sequence inquiry cryptographic algorithm database and the algorithm that calls the inside carry out encryption to the data unit; The algorithm characteristic of cryptographic algorithm lane database storage is: can be any general or self-defining cryptographic algorithm, promptly can comprise: common crypto algorithms such as des encryption algorithm, RSA, 3DES, block encryption algorithm FEAL, IDEA algorithm; Can comprise that also the key figure place has any figure place in employing key carries out the algorithm of any simple or complex process to data, as use 6 keys successively the data unit to be carried out XOR and encrypt, use 3 keys that the data unit is carried out moving 2 processing or the like then with computing, key and encryption method can have various variations.Because data security of the present invention is not to depend on the complexity of certain algorithm wherein or the length of key, and focus on the diversity of cryptographic algorithm and be difficult to predictability, so in cryptographic algorithm, be added into the results of the encryption method of carrying out unconventional processing beyond often can playing to the safety of data by brief key, the live load that reduction that simultaneously also can be a large amount of is encrypted has also improved the efficient of encrypting when having guaranteed data security.
5). toward encrypted data cell add this be used for to the coordinate of its algorithm of encrypting or/the ID sequence field to be to form new data element; Shown in Fig. 2 and 3, for added coordinate or/ new data element structure behind the ID sequence information.Wherein the data cell of Fig. 2 represents that its length is the regular length of acquiescence, also can not carry out data cell in decrypting end and separates and decipher so need not add in data cell in order to the length mark field that indicates its length; The data unit length that Fig. 3 represents is that divide by length scale or variable, is necessary then that at first front end in data cell adds certain byte representing the length of this data cell, and then add coordinate or/the ID sequence information.And for example shown in Figure 3, expression be with its length scale of coded representation of 4 bytes or length, with 9 byte representation coordinate X-axis positions (first half of ID sequence), with 7 byte representation Y-axis positions (latter half of ID sequence).During actual enforcement, the byte number of expression length and coordinate can be set according to actual needs.
6). after all data cells were encrypted, new data element was reassembled into data; Structure after the new data element that is respectively Fig. 2 and 3 correspondences as shown in Figure 4 and Figure 5 makes up.During enforcement, for some big files, can at first be divided into the plurality of data piece, and then data block is divided into data cell encrypts, the combination so here can be earlier be carried out the part combination with data block and carry out entire combination again, is combined into whole data file after promptly at first the corresponding new data element of each data block being reassembled into new data block.
With reference to shown in Figure 6, the flow process that adopts the present invention to carry out data encryption is further elaborated:
As S101 among the figure, at first obtaining needs ciphered data;
As S102 among the figure, the data that obtain are divided into the plurality of data unit;
As S among the figure 103, obtain a data unit in order, and distribute coordinate/ID sequence for this data cell by the cryptographic algorithm distribution module;
As S104 among the figure, use this coordinate/ID sequence inquiry cryptographic algorithm database;
As S105 among the figure, judge whether the cryptographic algorithm database exists the cryptographic algorithm of this coordinate or ID correspondence,
If then enter; S106, otherwise forward S103 to, for this data cell is redistributed coordinate/ID sequence;
As S106 among the figure, from the cryptographic algorithm database, call the cryptographic algorithm of this coordinate or ID correspondence and carry out encryption;
As S107 among the figure, encrypted data cell stem adds this coordinate or id information field (adding coordinate or id information field after perhaps adding the length mark field earlier) forms new data cell;
As S108 among the figure, new data cell is stored in spatial cache;
As S109 among the figure, judge whether all encryptions of all data cells, if otherwise forward S103 to; Otherwise forward S110 to;
As S110 among the figure, new data cell is combined into the data of finishing;
As S111 among the figure, ciphered data is output.
For a kind of data ciphering method, encryption and decryption be two of equal importance and exist positive connection process, below to the pairing deciphering do description:
21). obtaining needs decrypted data;
22). need decrypted data to isolate data cell one by one this; Or knownly identify, so only need cut apart when separating by the data unit length before being combined by stem in its data cell because encrypted data unit length is an acquiescence;
23). from the data cell that splits, extract coordinate or ID sequence to its algorithm of encrypting;
24). the decipherment algorithm distribution module uses the algorithm in it to change formation new coordinate or ID sequence to coordinate or the ID sequence extracted; Wherein conversion method have multiple, comprise this coordinate or ID sequence each form carry out various mathematical operations (as open round behind 2 roots, with the random number addition after integer etc. in the intercepting coordinate range), displacement is moving, use that key is changed etc.Because encryption and decryption are two inverse process that have positive connection, so in selection algorithm, carry out correct deciphering to data element then must correctly select the decipherment algorithm corresponding with this cryptographic algorithm and be decrypted, should have one at disclosed coordinate or ID sequence transformation rule between the two so encrypt the algorithm coordinate of end and decrypting end, the decipherment algorithm distribution module then needs to carry out coordinate or the conversion of ID sequence and then be the correct decipherment algorithm of this data cell distribution according to this transformation rule.The method of conversion is consistent with coordinate or ID sequence transformation rule.
25). coordinate that distributes for this data cell according to the decipherment algorithm distribution module or ID sequence are called corresponding decipherment algorithm and are decrypted operation from the decipherment algorithm database, carry out the deciphering incident.Wherein, exist in decipherment algorithm database and the cryptographic algorithm database and must concern and be: in the cryptographic algorithm database arbitrary cryptographic algorithm the decipherment algorithm database have at least one with it corresponding decipherment algorithm, promptly this data cell must be separated by the algorithm of decipherment algorithm database.Each cryptographic algorithm (as des encryption algorithm, RSA, 3DES, self-defining cryptographic algorithm etc.), its corresponding decipherment algorithm is inequality, and the implementer for definien and developer, this area is known, because cryptographic algorithm is many more in the cryptographic algorithm database, the decipherment algorithm of decipherment algorithm database is just many more, so enumerate explanation no longer one by one.
26). after whole (or data block is whole) pairing all data cells of data are decrypted, make up, form overall data, data decryption is finished.
With reference to figure 7, data decryption flow process of the present invention is further elaborated:
Shown in S201 among the figure, at first obtaining needs decrypted data;
Shown in S202 among the figure, these data are carried out data cell separate;
Shown in S203 among the figure, obtain one of them data cell in order, and length mark field, coordinate or id field, data field are separated; And extraction coordinate or id field wherein;
Shown in S204 among the figure, transformation rule and algorithm that the deciphering distribution module is called in it are changed acquisition new coordinate or ID to this coordinate or ID;
Shown in S205 among the figure and 206, the decipherment algorithm that calls new coordinate or ID correspondence from the decipherment algorithm database is decrypted processing to this data cell;
Shown in S207 among the figure, judge whether that all data elements are all decrypted, if otherwise forward S203 to; Otherwise forward S208 to;
Shown in S208 among the figure, data decryption unit is reassembled into data;
Shown in S209 among the figure, data decryption finishes, data output.
Embodiment two
Present embodiment discloses another kind of technical scheme of the present invention: a kind of based on the mixed type data encryption of data element and coordinate algorithm and the device of deciphering:
As shown in Figure 8, this encryption device is made up of encryption control module 10, data input module 11, cryptographic algorithm distribution module 12, cryptographic algorithm database 13, encrypting module 14, cache module 15, composite module 16; Wherein, each module or composition directly are connected with encryption control module 10, and realize encrypting under the centralized control of acceptance encryption control module 10: in the time of work based on the hybrid algorithm of data cell and coordinate, under the control of encrypting control module 10, data input module 11 be responsible for obtaining need ciphered data go forward side by side line data dividing elements and storage, and in order with data cell input encryption control module 10; Cryptographic algorithm distribution module 12 is distributed cryptographic algorithm coordinate or ID sequence for data cell; Encrypting module 14 is responsible for calling from cryptographic algorithm database 13 cryptographic algorithm of this coordinate or ID sequence correspondence the data unit is encrypted; Cache module 15 is used for interim storage from encrypting the encrypted data unit of control module 10 outputs; Composite module 16 is responsible for ciphered data unit is reassembled into complete data and output.
As shown in Figure 9, this decryption device is made up of deciphering control module 20, data input module 21, separation and coordinate extraction module 22, decipherment algorithm distribution module 23, decipherment algorithm database 24, deciphering module 25, cache module 26, composite module 27; Wherein, each module or composition directly are connected with encryption control module 20, and realize deciphering under the centralized control of acceptance encryption control module 20: in the time of work based on the hybrid algorithm of data cell and coordinate, under the control of deciphering control module 20, data input module 21 is responsible for obtaining needs the decrypted data line data unit of going forward side by side to separate, then and in order with data cell input deciphering control module 20; Separate and interior coordinate or the id information of coordinate extraction module 22 extraction data cells; Decipherment algorithm distribution module 23 transforms formation new coordinate or ID sequence with this coordinate or ID sequence; The decipherment algorithm that deciphering module 25 is responsible for calling from decipherment algorithm database 24 new coordinate or ID sequence correspondence is decrypted the data unit; Cache module 26 is used for the data decryption unit of interim storage from 20 outputs of deciphering control module; Composite module 27 is responsible for decrypted data unit is reassembled into complete data and output.
But the method for realization encryption and decryption of the contrive equipment of present embodiment and implementing of flow process reference example one.
Embodiment three
With reference to Figure 10 and Figure 11, to encrypt or the further optimization of the device of data decryption for a kind of hybrid algorithm based on data cell and coordinate of the present invention, the difference that in contrast to example two is: this encryption or decryption device also have a private key for user input module; The private key for user input module is responsible for gathering the key of user's input, and this key combine the new enciphered data of formation with encrypted data after treatment.During deciphering, then below this private key for user being verified situation about passing through, carry out follow-up decryption oprerations earlier.
The device of present embodiment is encrypted or the data decryption method time, can reference example one be implemented on the one hand based on the hybrid algorithm of data cell and coordinate realizing, also needs part steps is done corresponding modify simultaneously.
Relatively with the inventive method of embodiment one, the disclosed device of present embodiment is realized data encryption and when deciphering, need do further optimization that promptly realization flow is as follows:
Encrypt (as shown in figure 12):
At first, as S112 among the figure, at first user's input is used for these data are decrypted the key of restriction, and this key length is answered numerical value up to specification;
As S113 among the figure, this key is handled, wherein the method for Chu Liing comprise carry out between various operation method such as the secret key bits with or the displacement of evaluation, secret key bits, carry out logical operation etc. with fixed numbers;
As S101 among the figure, obtaining needs ciphered data;
As S102 among the figure, the data that obtain are divided into the plurality of data unit;
As S103 among the figure, obtain a data unit in order, and distribute coordinate/ID sequence for this data cell by the cryptographic algorithm distribution module;
As S104 among the figure, use this coordinate/ID sequence inquiry cryptographic algorithm database;
As S105 among the figure, judge whether the cryptographic algorithm database exists the cryptographic algorithm of this coordinate or ID correspondence, if then enter; S106, otherwise forward S103 to, for this data cell is redistributed coordinate/ID sequence;
As S106 among the figure, from the cryptographic algorithm database, call the cryptographic algorithm of this coordinate or ID correspondence and carry out encryption;
As S107 among the figure, encrypted data cell stem adds this coordinate or id information field (adding coordinate or id information field after perhaps adding the length mark field earlier) forms new data cell;
As S108 among the figure, new data cell is stored in spatial cache;
As S109 among the figure, judge whether all encryptions of all data cells, if otherwise forward S103 to; Otherwise forward S110 to;
As S110 among the figure, new data cell is combined into the data of finishing;
As S114 among the figure, the encrypted data of processed key and combination reconfigure the data that form the band password field;
As S111 among the figure, ciphered data is output.
Deciphering (as shown in figure 13):
Shown in S210 among the figure, at first the user imports key;
Shown in S201 among the figure, obtaining needs decrypted data;
Shown in S211 among the figure, extract the cipher key field in the decrypted data;
Shown in S212 among the figure, key is handled and verified, if the verification passes execution in step S202 then; Otherwise forward S201 to, the prompting user re-enters password;
Shown in S202 among the figure, these data are carried out data cell separate;
Shown in S203 among the figure, obtain one of them data cell in order, and length mark field, coordinate or id field, data field are separated; And extraction coordinate or id field wherein;
Shown in S204 among the figure, transformation rule and algorithm that the deciphering distribution module is called in it are changed acquisition new coordinate or ID to this coordinate or ID;
Shown in S205 among the figure and 206, the decipherment algorithm that calls new coordinate or ID correspondence from the decipherment algorithm database is decrypted processing to this data cell;
Shown in S207 among the figure, judge whether that all data elements are all decrypted, if otherwise forward S203 to; Otherwise forward S208 to;
Shown in S208 among the figure, data decryption unit is reassembled into data;
Shown in S209 among the figure, data decryption finishes, data output.
Embodiment four
Present embodiment discloses a kind of method of carrying out the secure data exchange on the internet, its feature with transfer of data before adopt earlier embodiment one to three described method or device to encrypt, by being transferred to the other side based on ICP/IP protocol, the recipient carries out decryption method of the present invention in application layer then.Encryption and decryption process reference example one to three is described, no longer repeats.
Claims (10)
1. the method based on the mixed type data encryption of data element and coordinate algorithm is characterized in that, comprises the steps:
1). encrypt end and set up the cryptographic algorithm database, in the database different cryptographic algorithm have make its can be indexed/coordinate label or the ID sequence called;
2). be-encrypted data is divided into the plurality of data unit;
3). the cryptographic algorithm distribution module is distributed coordinate or ID sequence for each data cell, and uses this coordinate or ID sequence corresponding algorithm that this data cell is encrypted;
4). the coordinate or the ID sequence field of adding this cryptographic algorithm toward the data encrypted unit form new data element;
5). new data element is combined into encrypted data.
2. the method for mixed type data encryption as claimed in claim 1 is characterized in that: the different cryptographic algorithm of described cryptographic algorithm database the inside refer to that carrying out identical or different computings by the key with different length or content realizes the algorithm encrypted.
3. the method for mixed type data encryption as claimed in claim 2 is characterized in that: described coordinate label or ID sequence are formed by the field combination more than two sections or two sections with several Bit.
4. the method for mixed type data encryption as claimed in claim 3 is characterized in that: described be-encrypted data is divided into the plurality of data unit and refers to that be-encrypted data is divided into some data segments common fixed-length or that have the different length grade that have.
5. the method for mixed type data encryption as claimed in claim 3 is characterized in that: described new data element refers to be added with in front, ciphered data unit in order to the coordinate label of representing this cryptographic algorithm or ID sequence information and the data cell that forms.
6. as the method for the arbitrary described mixed type data encryption of claim 1 to 5, it is characterized in that also having a decryption step, decryption step comprises:
21). decrypting end is set up the decipherment algorithm database, arbitrary cryptographic algorithm of encrypting end the decipherment algorithm database have at least one with its corresponding decipherment algorithm with different coordinate labels or ID sequence;
22). the new data element of encrypted data is separated, and extract the coordinate or the ID sequence of cryptographic algorithm from new data element;
23) be decrypted by the coordinate of decipherment algorithm and cryptographic algorithm or the coordinate or the ID sequence of hinting obliquely at algorithm acquisition decipherment algorithm of ID sequence, and by pairing algorithm;
24) decrypted data cell is reassembled into data.
7. as the method for the arbitrary described mixed type data encryption of claim 1 to 5, it is characterized in that: also comprise
Encrypt end subscriber input private key, this private key combines back output again with the enciphered data that has made up after treatment.
8. the method for mixed type data encryption as claimed in claim 6 is characterized in that: also comprise and encrypt end subscriber input private key, this private key combines back output again with the enciphered data that has made up after treatment;
Decrypting end, the user imports private key, this private key with treat that the password field of data decryption partly compares checking, and carry out follow-up deciphering incident by the rear in checking.
9. the method for mixed type data encryption as claimed in claim 6 is characterized in that: the ICP/IP protocol that also comprises encrypted data use standard between encryption end and decrypting end is carried out network data transmission.
10. one kind based on the mixed type data encryption of data element and coordinate algorithm and the device of deciphering, and it is characterized in that: it comprises as lower module:
31). the data input module that is used to obtain data and data is divided into the plurality of data unit;
32). be used for carrying out central controlled encryption control module, be used for the deciphering overall process is carried out central controlled deciphering control module encrypting overall process;
33). be used for the cryptographic algorithm database of storage encryption algorithm, be used for the decipherment algorithm database of store decrypted algorithm;
34). be used to each data cell to carry out the algorithm assigns module of algorithm coordinate or ID sequence allocation/conversion;
35). be used to call the encrypting module that algorithm is encrypted, be used to call the deciphering module that algorithm is decrypted;
36). be used to each encrypted data cell interpolation coordinate or ID sequence information field to form the packing module of new data element;
37). be used for new data element is combined into the composite module of encrypted data/data decryption;
Described encryption control module control data input module obtains data and is divided into data cell, and deciphering control module control data input module obtains data and is decomposed into data cell; The algorithm assigns module is coordinate or the ID sequence that data cell is distributed the cryptographic algorithm correspondence then, or changes the coordinate or the ID sequence of decipherment algorithm correspondence for data cell; Encrypt control module control encrypting module and obtain this coordinate or ID sequence corresponding algorithm is encrypted the data unit from the cryptographic algorithm database, deciphering control module control deciphering module obtains this coordinate or ID sequence corresponding algorithm is decrypted the data unit from the decipherment algorithm database; Encryption control module control packing module forms new data cell and by composite module encrypted data cell is made up, and the deciphering control module is controlled and by composite module decrypted data cell made up.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009101933842A CN101692636B (en) | 2009-10-27 | 2009-10-27 | Data element and coordinate algorithm-based method and device for encrypting mixed data |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009101933842A CN101692636B (en) | 2009-10-27 | 2009-10-27 | Data element and coordinate algorithm-based method and device for encrypting mixed data |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101692636A CN101692636A (en) | 2010-04-07 |
| CN101692636B true CN101692636B (en) | 2011-10-05 |
Family
ID=42081294
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2009101933842A Expired - Fee Related CN101692636B (en) | 2009-10-27 | 2009-10-27 | Data element and coordinate algorithm-based method and device for encrypting mixed data |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101692636B (en) |
Families Citing this family (19)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102064936B (en) * | 2010-11-29 | 2012-08-22 | 北京卓微天成科技咨询有限公司 | Data encryption and decryption methods and devices |
| CN101984574B (en) * | 2010-11-29 | 2012-09-05 | 北京卓微天成科技咨询有限公司 | Data encryption and decryption method and device |
| CN102223229A (en) * | 2011-06-21 | 2011-10-19 | 航天科工深圳(集团)有限公司 | Method for safe transmission of data in public network |
| CN103366125B (en) * | 2012-03-28 | 2017-07-21 | 富泰华工业(深圳)有限公司 | file encryption system and method |
| CN102611711A (en) * | 2012-04-09 | 2012-07-25 | 中山爱科数字科技股份有限公司 | Cloud data safe storing method |
| CN103684758B (en) * | 2013-11-05 | 2016-06-15 | 广东全通教育股份有限公司 | A kind of method and system of user cipher Hybrid Encryption |
| CN104836817A (en) | 2015-06-04 | 2015-08-12 | 于志 | Architecture and method for ensuring network information safety |
| CN106022584A (en) * | 2016-05-13 | 2016-10-12 | 成都镜杰科技有限责任公司 | Resource management method for small enterprises |
| CN107454042A (en) * | 2016-05-31 | 2017-12-08 | 中兴通讯股份有限公司 | Message sending, receiving method and device |
| US10797722B2 (en) * | 2016-06-10 | 2020-10-06 | The Boeing Company | System and method for providing hardware based fast and secure expansion and compression functions |
| CN106850220B (en) * | 2017-02-22 | 2021-01-01 | 腾讯科技(深圳)有限公司 | Data encryption method, data decryption method and device |
| CN107104969B (en) * | 2017-04-27 | 2020-12-25 | 山西大学 | Method for protecting personal privacy information in express by applying dynamic encryption mechanism |
| CN108234521B (en) * | 2018-02-08 | 2020-06-02 | 中国石油天然气集团有限公司 | Secret coordinate transmission method, system and system using method |
| CN108390759A (en) * | 2018-03-21 | 2018-08-10 | 平安普惠企业管理有限公司 | Code encryption, decryption method, device, computer equipment and storage medium |
| CN109347622A (en) * | 2018-09-26 | 2019-02-15 | 浙江万朋教育科技股份有限公司 | A method of the reversible anti-tamper encryption and decryption data based on encryption and digest algorithm |
| CN110213354B (en) * | 2019-05-20 | 2021-07-13 | 电子科技大学 | Cloud storage data confidentiality protection method |
| CN113538814A (en) * | 2021-06-22 | 2021-10-22 | 华录智达科技股份有限公司 | Intelligent bus vehicle-mounted terminal supporting digital RMB payment |
| CN114338247B (en) * | 2022-03-15 | 2022-05-27 | 中国信息通信研究院 | Data transmission method and apparatus, electronic device, storage medium, and program product |
| CN115085916B (en) * | 2022-06-18 | 2022-12-23 | 王芳 | Decentralized method and system for protecting personal information about the use of big data |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US4853962A (en) * | 1987-12-07 | 1989-08-01 | Universal Computer Consulting, Inc. | Encryption system |
| CN1246008A (en) * | 1998-08-26 | 2000-03-01 | 英业达股份有限公司 | Privacy method for multimedium data |
| CN1503503A (en) * | 2002-11-26 | 2004-06-09 | ���µ�����ҵ��ʽ���� | Method and device for data encipher/deciphering |
-
2009
- 2009-10-27 CN CN2009101933842A patent/CN101692636B/en not_active Expired - Fee Related
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US4853962A (en) * | 1987-12-07 | 1989-08-01 | Universal Computer Consulting, Inc. | Encryption system |
| CN1246008A (en) * | 1998-08-26 | 2000-03-01 | 英业达股份有限公司 | Privacy method for multimedium data |
| CN1503503A (en) * | 2002-11-26 | 2004-06-09 | ���µ�����ҵ��ʽ���� | Method and device for data encipher/deciphering |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101692636A (en) | 2010-04-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101692636B (en) | Data element and coordinate algorithm-based method and device for encrypting mixed data | |
| CN1993922B (en) | Stream cipher combining system and method | |
| CN102546181B (en) | Cloud storage encrypting and deciphering method based on secret key pool | |
| CN108365947A (en) | A kind of image encryption method based on Feistel networks Yu dynamic DNA encoding | |
| CN101383703B (en) | Dynamic ciphering method based on broad sense information field | |
| CN105051677A (en) | Masking with shared random bits | |
| WO1997031449A1 (en) | Communication method using common cryptographic key | |
| CN103716157A (en) | Grouped multiple-key encryption method and grouped multiple-key encryption device | |
| CN101394268B (en) | Advanced ciphering system and method based on broad sense information field | |
| CN107294697A (en) | Symmetrical full homomorphic cryptography method based on plaintext similar matrix | |
| Iyer et al. | A novel idea on multimedia encryption using hybrid crypto approach | |
| CN108123794A (en) | The generation method and encryption method of whitepack key, apparatus and system | |
| CN101814985B (en) | Block cipher system using multi-chaotic mapping multi-dynamic S-box | |
| CN109861810A (en) | A kind of data ciphering method and decryption method based on chaos Tuber yield | |
| CN103916248A (en) | Fully homomorphic encryption public key space compression method | |
| CN104158880A (en) | User-end cloud data sharing solution | |
| Agrawal et al. | Elliptic curve cryptography with hill cipher generation for secure text cryptosystem | |
| Li et al. | Research and Realization based on hybrid encryption algorithm of improved AES and ECC | |
| CN109861809A (en) | A kind of random encipher-decipher method of grouping of functionization | |
| Sekar et al. | Comparative study of encryption algorithm over big data in cloud systems | |
| JunLi et al. | Email encryption system based on hybrid AES and ECC | |
| CN111314270B (en) | Data encryption and decryption method based on validity period uniform distribution symmetric algorithm | |
| CN102246456A (en) | System and method for countering side-channel attacks against encryption based on cyclic groups | |
| Salman et al. | A homomorphic cloud framework for big data analytics based on elliptic curve cryptography | |
| CN105763322A (en) | Obfuscatable encryption key-insulated digital signature making method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C56 | Change in the name or address of the patentee |
Owner name: ZHONGSHAN IKER DIGITAL TECHNOLOGY CO., LTD. Free format text: FORMER NAME: ZHONGSHAN AIKE DIGITAL TECHNOLOGY CO., LTD. |
|
| CP01 | Change in the name or title of a patent holder |
Address after: Six, 528400, building 605, 6 Xinhua Road Town, triangle town, Guangdong, Zhongshan Patentee after: Zhongshan Iker Digital Technology Co., Ltd. Address before: Six, 528400, building 605, 6 Xinhua Road Town, triangle town, Guangdong, Zhongshan Patentee before: Zhongshan Aike Digital Technology Co., Ltd. |
|
| TR01 | Transfer of patent right |
Effective date of registration: 20180418 Address after: 528400 one of 25 floors, 25 floors, 2506 rooms, No. 1, de Zhong square, No. 1 of mice East Road, Guangdong Torch Development Zone Patentee after: Guangdong Zen science and Technology Co., Ltd. Address before: Six, 528400, building 605, 6 Xinhua Road Town, triangle town, Guangdong, Zhongshan Patentee before: Zhongshan Iker Digital Technology Co., Ltd. |
|
| TR01 | Transfer of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20111005 Termination date: 20201027 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |