# Method, system and apparatus for data ciphering and deciphering

## A data encryption, encryption and decryption technology, applied in the field of information security, can solve the problem of low security of stored data, achieve the effect of avoiding large-scale leaks and improving security

Active Publication Date: 2009-01-07

深圳市金蝶精斗云网络科技有限公司

0 Cites 52 Cited by

## AI-Extracted Technical Summary

### Problems solved by technology

[0009] One of the purposes of the present invention is to provide a data encryption and decryption met...

### Method used

[0073] In the present invention, the algorithms used by the encryption and decryption unit 103 in the process of encrypting and decrypting data are the same, all of which are symmetric encryption algorithms, including the aforementioned DES, IDEA, AES, etc. In one embodiment, the specific process of using the DES algorithm to perform encrypted calculations is: first implement an encrypted function by scripting language (JavaScript), such as DES (key, data), wherein the parameter data is data to be encrypted, key is a key, and DES The algorithm itself is public, and its formula can refer to the existing technology; then the above parameters are passed in and the encryption function is called, and the returned content is the encrypted result. In other embodiments, symmetric encryption algorithms such as IDEA and AES can also be used. These two algorithms have higher encryption strength but poorer performance. Considering that the encryption and decryption algorithm is run in a script environment, the performance will be greatly reduced. Therefore, in this patent DES algorithm is a better choice. It should be noted that the present invention does not limit the use of symmetric encryption algorithms, and other feasible algorithms are included in the protection scope of the present invention.

[0109] In step S905, the encryption and decryption unit 103 uses the encryption key to encrypt the original text through...

## Abstract

The invention relates to the field of information security and provides a method, system and device for data encryption and decryption. The data encryption method includes the following steps: A. obtaining an original text to be encrypted and receiving passwords input by users; B. generating random numbers according to the original text, and generating primary keys on the basis of the passwords and random numbers and extracting encrypted keys from the primary keys; C. encrypting the original text with the encrypted keys to obtain a primary cipher-text; D. making data integration of the primary cipher-text and random numbers to obtain a final cipher-text. In addition, a data encryption and decryption system, a data encryption and decryption device and a data decryption method are also provided, which then improves the security of data storage.

Application Domain

Multiple keys/algorithms usage

Technology Topic

Random number generationData integration +7

## Image

## Examples

- Experimental program(1)

### Example Embodiment

[0065] In order to make the objectives, technical solutions, and advantages of the present invention clearer, the following further describes the present invention in detail with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described here are only used to explain the present invention, but not to limit the present invention.

[0066] In the process of encrypting data, the present invention generates a string of random numbers for each original text to be encrypted, then generates a primary key based on the password and the random number, and extracts part of the data from the primary key as the encryption key , And then use the encryption key to encrypt the original text to obtain the primary ciphertext, and finally perform data fusion on the primary ciphertext and the random number to obtain the final ciphertext. In the process of decrypting data, first decompose the final ciphertext according to the password provided by the user to obtain the random number and the primary ciphertext, then generate the primary key based on the password and the random number, and finally use the primary key to decrypt the primary ciphertext. Get the original text. The invention avoids the large-area leakage of data and increases the encryption strength, thus improving the security of the stored data.

[0067] figure 2 It shows the structure of a data encryption and decryption system in one of the embodiments of the present invention. The system includes a client 100 and a server 200 connected to it and performing data interaction. It should be noted that the connection relationship between the devices in all the illustrations of the present invention is to clearly explain the needs of their information interaction and control process, and therefore should be regarded as a logical connection relationship, and should not be limited to a physical connection. In addition, it should be noted that the communication modes between the functional modules may be multiple, and the protection scope of the present invention should not be limited to a specific type of communication mode.

[0068] The server 200 is connected to the client 100 and performs data interaction. In the present invention, the server 200 includes a web server 201 and a database server 202, which are respectively used to provide web services for users and store data sent by the client 100.

[0069] The client 100 is for the user to log in, encrypt or decrypt data according to user operations, and perform data interaction with the server 200. It should be noted that all operations of data encryption and decryption in the present invention can be implemented based on a device with a closed structure, such as the client 100 shown in FIG. 3. In a simplest embodiment, the client 100 includes a user interface unit 101, an encryption and decryption unit 103, a key generation unit 102, and a data processing unit 104, where:

[0070] (1) The user interface unit 101 is used to receive the password input by the user, and obtain the original text or the final cipher text.

[0071] (2) The key generation unit 102 is connected to the user interface unit 101, the encryption and decryption unit 103, and the data processing unit 104 and performs data interaction, and is used to generate random numbers for the original text to be encrypted, and generate a primary key based on the password and the random number , And extract the encryption key from the primary key. The specific content of the key generation unit 102 will be described in Figure 5 Elaborate in detail.

[0072] (3) The encryption and decryption unit 103 is connected to the key generation unit 102 and the data processing unit 104 and performs data interaction. It is further used to encrypt the original text with the encryption key in the encryption phase to obtain the primary ciphertext, and in the decryption phase Use the primary key to decrypt the primary ciphertext to obtain the original text.

[0073] In the present invention, the algorithms used by the encryption and decryption unit 103 in the process of encrypting and decrypting data are the same, and they are all symmetric encryption algorithms, including the aforementioned DES, IDEA, AES, etc. In one embodiment, the specific process of using the DES algorithm to perform encryption calculations is: first, an encryption function, such as DES (key, data), is implemented through a scripting language (JavaScript), where the parameter data is the data to be encrypted, key is the key, and DES The algorithm itself is public, and its formula can refer to the existing technology; then the above parameters are passed in and the encryption function is called, and the returned content is the result of encryption. In other embodiments, symmetric encryption algorithms such as IDEA and AES can also be used. These two algorithms have higher encryption strength but poor performance. Considering that the encryption and decryption algorithms are run in a script environment, the performance will be greatly reduced. Therefore, this patent The DES algorithm is a better choice. It should be noted that the present invention does not limit the use of symmetric encryption algorithms, and various other feasible algorithms are included in the protection scope of the present invention.

[0074] (4) The data processing unit 104 is connected to the key generation unit 102 and the encryption and decryption unit 103 and performs data interaction, and is used for data fusion of the primary ciphertext and random numbers in the encryption stage to obtain the final ciphertext, and to perform data exchange in the decryption stage. Finally, the ciphertext is decomposed into data to obtain the primary ciphertext and random numbers. The specific content of the data processing unit 104 will be described in Figure 6 with Figure 7 Elaborate in detail.

[0075] In a preferred embodiment, the client 100 further includes a data storage unit 105, which is connected to the user interface unit 101 and the data processing unit 104 and performs data interaction, and is used to store the original text or the final cipher text for the user interface unit. 101 extraction. In this case, if the original text is already stored in the data storage unit 105, the user interface unit 101 can extract the original text or the final cipher text from the data storage unit 105 according to a user operation; if there is no data stored locally in the data storage unit 105, then The user interface unit 101 can obtain the original text or the final cipher text by receiving data sent by an external device.

[0076] It should be noted that the present invention can not only implement data encryption and decryption based on the above-mentioned closed device (client 100), but also based on an open system, and only part of the operations are performed based on the client 100. Based on this consideration, the present invention proposes Figure 4 的实施例。 Example.

[0077] Figure 4 Shows the structure of a data encryption and decryption system in one of the embodiments of the present invention, including a user interface unit 101, an encryption and decryption unit 103, a key generation unit 102, a data processing unit 104, and a data storage unit 105, in which:

[0078] (1) The user interface unit 101 is used to receive the password input by the user, and obtain the original text or the final cipher text.

[0079] (2) The key generation unit 102 is connected to the user interface unit 101, the encryption and decryption unit 103, and the data processing unit 104 and performs data interaction, and is used to generate random numbers for the original text to be encrypted, and generate a primary key based on the password and the random number , And extract the encryption key from the primary key. The specific content of the key generation unit 102 will be described in Figure 5 Elaborate in detail.

[0080] (3) The encryption and decryption unit 103 is connected to the key generation unit 102 and the data processing unit 104 and performs data interaction. It is further used to encrypt the original text with the encryption key in the encryption phase to obtain the primary ciphertext, and in the decryption phase Use the primary key to decrypt the primary ciphertext to obtain the original text.

[0081] In the present invention, the algorithms used by the encryption and decryption unit 103 in the process of encrypting and decrypting data are the same, and they are all symmetric encryption algorithms, including the aforementioned DES, IDEA, AES, etc. The specific content and the foregoing figure 2 It is consistent with the content in Figure 3, so it will not be repeated here.

[0082](4) The data processing unit 104 is connected to the key generation unit 102 and the encryption and decryption unit 103 and performs data interaction, and is used for data fusion of the primary ciphertext and random numbers in the encryption stage to obtain the final ciphertext, and to perform data exchange in the decryption stage. Finally, the ciphertext is decomposed into data to obtain the primary ciphertext and random numbers. The specific content of the data processing unit 104 will be described in Figure 6 with Figure 7 Elaborate in detail.

[0083] (5) The data storage unit 105 is connected to the user interface unit 101 and the data processing unit 104 and performs data interaction, and is used to store the original text or the final cipher text for the user interface unit 101 to extract. In this case, if the original text is already stored in the data storage unit 105, the user interface unit 101 can extract the original text or the final cipher text from the data storage unit 105 according to a user operation; if there is no data stored locally in the data storage unit 105, then The user interface unit 101 can obtain the original text or the final cipher text by receiving data sent by an external device.

[0084] Figure 5 The structure of the key generation unit 102 in one of the embodiments of the present invention is shown, including a random number generation module 1021, a key calculation module 1022, and a key extraction module 1023. among them:

[0085] (1) The random number generation module is connected to the 1021 key calculation module 1022 and performs data exchange, and is used to generate random numbers for the original text to be encrypted. In the present invention, random numbers can take many forms, including integers, floating-point numbers, and so on. In practical applications, the random number is preferably an integer. When floating-point numbers are used, the results expressed in computers with different word lengths may be biased. The random number can be generated by using a random number function in a general programming language, as long as the result data has randomness. The random number function includes a variety of functions, such as the Math.random() function in JavaScript.

[0086] (2) The key calculation module 1022 is connected to the random number generation module and the key extraction module and performs data interaction, and is used to generate a primary key according to the password and the random number. In the present invention, the algorithm for generating the key K must be an irreversible algorithm, and the simplest is to use a known hash algorithm. For example, if the original text is T, the password entered by the user is P, and the random number is S, then P+S is taken as a whole string, and then the hashing algorithm is used to calculate the hash result for the whole string, that is, the primary key K . Since the random number S calculated for each encryption is different, the result of the hash algorithm calculation is also different. Since the algorithm itself is not reversible, the value of K is different each time, so it cannot be cracked with the cracked K. The user's other data avoids large-scale leakage of data. The hash algorithm can be multiple, such as MD5, Secure Hash Algorithm (SHA) and so on. These algorithms are relatively similar, but the difficulty of finding the collision value is different, and MD5 is relatively better in computing performance.

[0087] In a specific embodiment, the key calculation module 1022 uses the MD5 algorithm to generate the primary key. The specific process is: first implement the MD5 function through a scripting language (JavaScript), such as MD5(data), perform a hash operation on the data, and the return value is the result of the calculation; then pass in the overall string of P+S and call MD5() Function, the return hash value K is the primary key.

[0088] (3) The key extraction module 1023 is connected to the key calculation module 1022 and performs data interaction, and is used to extract an encryption key from the primary key, and is used for the encryption and decryption unit 103 to encrypt data.

[0089] In one embodiment, if the algorithm used by the key calculation module 1022 to generate the primary key K is the MD5 algorithm, the algorithm used by the encryption and decryption unit 103 to encrypt the data is the DES algorithm, because the length of K obtained by the MD5 algorithm is 16 bytes, and the key length required by the DES algorithm is 8 bytes, so a part of the primary key K can be used as the final key. In the present invention, the key extraction module 1023 can extract the encryption key from the primary key according to various principles, as long as it is ensured that the extracted data meets the bit number requirement of the subsequent encryption algorithm. This method of using partial hash results as the final key of the symmetric encryption algorithm ensures that the hash algorithm is irreversible. Therefore, the password P entered by the user cannot be directly cracked according to the primary key K, and the encryption strength is guaranteed.

[0090] Figure 6 The structure of the data processing unit 104 in one of the embodiments of the present invention is shown, including a data fusion module 1041 and a data decomposition module 1042. among them:

[0091] (1) The data fusion module 1041 is used to perform data fusion on the primary ciphertext and random numbers in the encryption stage to obtain the final ciphertext. For example, if the password entered by the user is P, the random number obtained is S, the primary key is K, the extracted encryption key is K', and the encrypted primary ciphertext is E, then the data fusion module 1041 will The text is E and the random number S are data fused, and the final cipher text R is obtained. There are many ways of data fusion in the present invention. In one embodiment, the data fusion module 1041 uses the random number S as a prefix to merge with the primary ciphertext E. Of course, the protection scope of the present invention is not limited to this way.

[0092] (2) The data decomposition module 1042 is used to decompose the final ciphertext in the decryption stage to obtain the primary ciphertext and random numbers. Based on the foregoing example, in the decryption process, the data decomposition module 1042 decomposes the final ciphertext R according to the password P provided by the user to obtain the combined data of the random number S and the primary ciphertext E, and further analyzes the random number S and the primary ciphertext E Combine the data to decompose, and get the independent random number S and the primary ciphertext E.

[0093] Figure 7 The structure of the data processing unit 104 in one of the embodiments of the present invention is shown. In addition to the data fusion module 1041 and the data decomposition module 1042, it also includes a verification processing module 1043. among them:

[0094] The verification processing module 1043 is respectively connected with the data fusion module and the data decomposition module and performs data interaction, and is used to generate a verification code according to the random number in the encryption phase, and send it to the data fusion module, and according to the verification code in the decryption phase Verify the decryption result. Specifically: (1) In the encryption phase, the verification processing module 1043 can use multiple algorithms to generate a verification code. In one embodiment, the check processing module 1043 uses a cyclic redundancy check (Cyclic Redundancy Check, CRC) algorithm to perform data processing on the original text T to obtain a check code C, namely: C=CRC(T), C will be During decryption, it is used to check whether the decryption result is correct. Of course, the present invention is not limited to this algorithm, and other similar algorithms are also included in the protection scope of the present invention. (2) In the decryption stage, the verification processing module 1043 can also use multiple algorithms to verify the accuracy of the verification code. In one embodiment, the check processing module 1043 uses the CRC algorithm to perform data processing based on the original text T in the decoding result, and obtains a new check code C', namely: C'=CRC(T); then, C and C 'Contrast, if C=C', prove that the decryption result is correct, otherwise it is wrong. The purpose of verifying the check code is to avoid outputting wrong garbled codes when the password is wrong.

[0095] Since this embodiment is compared to Figure 6 In the illustrated embodiment, a verification processing module 1043 is added to the data processing unit 104, and a verification code C is generated based on the original text T. Therefore, the data fusion module 1041 performs data fusion between the verification code C and the original text T during the encryption phase. And the overall data of C+T is sent to the encryption and decryption unit 103. In an embodiment, the data fusion module 1041 uses the check code C as a prefix to perform data fusion with the original text T. In this case, the encryption and decryption unit 103 uses a symmetric encryption algorithm (for example, DES, IDEA, AES, etc.), and uses the encryption key K'to encrypt the entire C+T data. In the case of using the DES algorithm, that is, E=DES(K', C+T).

[0096] In addition, the data decomposition module 1042 is also different. In the decryption stage, the primary ciphertext E is decrypted through the symmetric encryption algorithm according to the primary key K, and the combined data of the check code C and the original text T is obtained. At this time, the data decomposition module 1042 combines the check code C and the original text T The data is decomposed to obtain an independent check code C and original text T, and then the check code C is input into the check processing module 1043 for verification.

[0097] Figure 8 Shows the method flow of data encryption in one of the embodiments of the present invention, and the method flow is based on figure 2 , Figure 3A , Figure 3B System structure, or based on Figure 4 The system structure shown includes the following steps:

[0098] In step S801, the user interface unit 101 obtains the original text to be encrypted, and receives the password input by the user.

[0099] In step S802, the key generation unit 102 generates a random number for the original text to be encrypted, and further generates a primary key based on the password and the random number, and then extracts the encryption key from the primary key, and sends the encryption key Enter the encryption and decryption unit 103.

[0100] In step S803, the encryption and decryption unit 103 encrypts the original text with the encryption key to obtain the primary ciphertext.

[0101] In step S804, the data processing unit 104 performs data fusion on the primary ciphertext and the random number to obtain the final ciphertext. The reason for data fusion of primary ciphertext and random number is for the need of smooth decryption.

[0102] Picture 9 Shows the method flow of data encryption in one of the embodiments of the present invention, which specifically includes:

[0103] In step S901, the user interface unit 101 obtains the original text to be encrypted, and receives the password input by the user. In the present invention, the user interface unit 101 can obtain the original text in a variety of ways. If the original text is stored in the data storage unit 105, it can be extracted from the data storage unit 105; if the original text is not stored in the data storage unit 105, then Need to be imported from other external equipment.

[0104] In step S902, the key generation unit 102 calls its random number generation module 1021 to generate a random number for the original text to be encrypted, and the adopted algorithm is a random number algorithm. In the present invention, random numbers can take many forms, including integers, floating-point numbers, and so on. In practical applications, the random number is preferably an integer. When floating-point numbers are used, the results expressed in computers with different word lengths may be biased. The random number can be generated by using a random number function in a general programming language, as long as the result data has randomness. The random number function includes a variety of functions, such as the Math.random() function in JavaScript.

[0105] In step S903, the key generation unit 102 calls its key calculation module 1022 to generate a primary key based on the password and the random number. In the present invention, the algorithm for generating the primary key K must be an irreversible algorithm, and the simplest is to use a known hash algorithm. For example, if the original text is T, the password entered by the user is P, and the random number is S, then P+S is taken as a whole string, and then the hashing algorithm is used to calculate the hash result for the whole string, that is, the primary key K . Since the random number S calculated for each encryption is different, the result of the hash algorithm calculation is also different. Since the algorithm itself is not reversible, the value of K is different each time, so it cannot be cracked with the cracked K. The user's other data avoids large-scale leakage of data. And the hash algorithm can be multiple, such as MD5, Secure Hash Algorithm (Secure Hash Algorithm, SHA) and so on. These algorithms are relatively similar, but the difficulty of finding the collision value is different, and MD5 is relatively better in computing performance.

[0106]In a specific embodiment, the key calculation module 1022 uses the MD5 algorithm to generate the primary key. The specific process is: first implement the MD5 function through a scripting language (JavaScript), such as MD5(data), perform a hash operation on the data, and the return value is the result of the calculation; then pass in the overall string of P+S and call MD5() Function, the returned hash value K is the primary key.

[0107] In step S904, the key generation unit 102 calls its key extraction module 1023 to extract part of the data of the primary key as an encryption key.

[0108] In an embodiment, if the algorithm used by the key calculation module 1022 to generate the primary key K is the MD5 algorithm, the algorithm used by the encryption and decryption unit 103 to encrypt the data is the DES algorithm, since the length of K obtained by the MD5 algorithm is 16 bytes, and the key length required by the DES algorithm is 8 bytes, so a part of the primary key K can be used as the final key. In the present invention, the key extraction module 1023 can extract the encryption key from the primary key according to various principles, as long as it is ensured that the extracted data meets the bit number requirement of the subsequent encryption algorithm. This method of using partial hash results as the final key of the symmetric encryption algorithm ensures that the hash algorithm is irreversible, so the password P entered by the user cannot be directly cracked according to the primary key K, and the encryption strength is guaranteed.

[0109] In step S905, the encryption and decryption unit 103 uses a symmetric encryption algorithm and an encryption key to encrypt the original text to obtain the primary ciphertext, and input it into the data processing unit 104. In the present invention, the algorithms used by the encryption and decryption unit 103 in the process of encrypting and decrypting data are the same, and they are all symmetric encryption algorithms, including the aforementioned DES, IDEA, AES, etc. In one embodiment, the specific process of using the DES algorithm to perform encryption calculations is: first, an encryption function is implemented through a scripting language (JavaScript), such as DES (key, data), where the parameter data is the data to be encrypted, key is the key, and DES The algorithm itself is public, and its formula can refer to the prior art; then the above parameters are passed in and the encryption function is called, and the content returned is the result of encryption. In other embodiments, symmetric encryption algorithms such as IDEA and AES can also be used. These two algorithms have higher encryption strength but poor performance. Considering that the performance of encryption and decryption algorithms running in a script environment will be greatly reduced, this patent The DES algorithm is a better choice. It should be noted that the present invention does not limit the use of symmetric encryption algorithms, and various other feasible algorithms are included in the protection scope of the present invention.

[0110] In step S906, after receiving the primary ciphertext, the data processing unit 104 combines the random number as a prefix with the primary ciphertext to generate the final ciphertext, and sends it to the data storage unit 105.

[0111] For example, if the password entered by the user is P, the random number obtained is S, the primary key is K, the extracted encryption key is K', and the encrypted primary ciphertext is E, then the data fusion module 1041 will The text is E and the random number S are data fused to obtain the final cipher text R. There are many ways of data fusion in the present invention. In one embodiment, the data fusion module 1041 uses the random number S as a prefix to merge with the primary ciphertext E. Of course, the protection scope of the present invention is not limited to this way.

[0112] In step S907, the data storage unit 105 saves the encryption result, that is, the final ciphertext. In the present invention, the data storage unit 105 can store the final ciphertext in a variety of storage formats, such as a data table, a text file, etc., for details, please refer to the prior art, which will not be repeated here.

[0113] Picture 10 Shows the method flow of data encryption in one of the embodiments of the present invention, which specifically includes:

[0114] In step S1001, the user interface unit 101 obtains the original text to be encrypted, and receives the password input by the user. In the present invention, the user interface unit 101 can obtain the original text in a variety of ways. If the original text is stored in the data storage unit 105, it can be extracted from the data storage unit 105; if the original text is not stored in the data storage unit 105, then It needs to be imported from other external equipment. The specific implementation process of this step S1001 is the same as the aforementioned Picture 9 Step S901 in is the same, so it will not be repeated here.

[0115] In step S1002, the key generation unit 102 calls its random number generation module 1021 to generate a random number for the original text to be encrypted, and the adopted algorithm is a random number algorithm. Regarding the random number and random number algorithm, the specific content is the same as the aforementioned Picture 9 Step S902 in is the same, so it will not be repeated here.

[0116] In step S1003, in step S903, the key generation unit 102 calls its key calculation module 1022 to generate a primary key based on the password and the random number. In the present invention, the algorithm for generating the primary key K must be an irreversible algorithm, and the simplest is to use a known hash algorithm. Regarding the hash algorithm, the specific content is the same as the aforementioned Picture 9 Step S903 in is the same, so it will not be repeated here.

[0117] In step S1004, the key generation unit 102 calls its key extraction module 1023 to extract part of the data of the primary key as an encryption key. Regarding the specific process of extraction, Picture 9 Step S904 in is the same, so it will not be repeated here.

[0118] In step S1005, the data processing unit 104 calls its verification processing module 1043, uses a verification algorithm to verify the original text, and obtains a verification code. It should be noted that this step S1005 can be performed synchronously with the aforementioned steps S1002, S1003, and S1004, or can be performed sequentially.

[0119] In the above step S1005, the verification processing module 1043 may use multiple algorithms to generate a verification code. In one embodiment, the check processing module 1043 uses a cyclic redundancy check (Cyclic RedundancyCheck, CRC) algorithm to perform data processing on the original text T to obtain a check code C, namely: C=CRC(T), C will be decrypted It is used to check whether the decryption result is correct. Of course, the present invention is not limited to this algorithm, and other similar algorithms are also included in the protection scope of the present invention.

[0120] In step S1006, the data processing unit 104 further calls its data fusion module 1041 to use the check code as a prefix to perform data fusion with the original text. Since this embodiment is compared to Picture 9 In the illustrated embodiment, the check code C is generated based on the original text T, so the data fusion module 1041 performs data fusion between the check code C and the original text T in the encryption stage, and sends the overall data of C+T to the encryption and decryption unit 103. In an embodiment, the data fusion module 1041 uses the check code C as a prefix to perform data fusion with the original text T.

[0121] In step S1007, the encryption and decryption unit 103 uses the symmetric encryption algorithm to encrypt the combined data of the original text and the check code with the encryption key to obtain the primary ciphertext, and input it into the data processing unit 104.

[0122] In the present invention, the algorithms used by the encryption and decryption unit 103 in the process of encrypting and decrypting data are the same, and they are all symmetric encryption algorithms, including the aforementioned DES, IDEA, AES, etc. Regarding the symmetric encryption algorithm, the specific content and Picture 9 Step S905 in is the same. But because compared to Picture 9 In this embodiment, the check code C is generated based on the original text T, and the two are subjected to data fusion processing. Therefore, in this case, the encryption and decryption unit 103 uses the encryption key K'to compare the overall data of C+T Encrypted. In the case of using the DES algorithm, that is, E=DES(K', C+T).

[0123] In step S1008, after receiving the primary ciphertext, the data processing unit 104 combines the random number as a prefix with the primary ciphertext to generate the final ciphertext. The specific implementation process of this step is consistent with step S906 in the foregoing embodiment, so it will not be repeated here.

[0124] In step S1009, the data storage unit 105 saves the encryption result, that is, the final ciphertext. In the present invention, the data storage unit 105 can store the final ciphertext in a variety of storage formats, such as a data table, a text file, etc., for details, please refer to the prior art, which will not be repeated here.

[0125] Picture 11 Shows the method flow of data decryption in one of the embodiments of the present invention. The data decryption process of the present invention corresponds to the aforementioned encryption process. The data decryption process specifically includes:

[0126] In step S1101, the user interface unit 101 obtains the final ciphertext to be decrypted, and the password input by the user in the encryption phase.

[0127] In step S1102, the data processing unit 104 decomposes the final ciphertext according to the password provided by the user to obtain a random number and a primary ciphertext.

[0128] In step S1103, the key generation unit 102 generates a primary key based on the password and the random number.

[0129] In step S1104, the encryption and decryption unit 103 uses the primary key to decrypt the primary ciphertext to obtain the original text.

[0130] Picture 12 Shows the method flow of data decryption in one of the embodiments of the present invention, which specifically includes:

[0131] In step S1201, the user interface unit 101 obtains the final ciphertext to be decrypted and the password input by the user in the encryption phase. In the present invention, the user interface unit 101 can obtain the final ciphertext in a variety of ways. If the final ciphertext is stored in the data storage unit 105, it can be extracted from the data storage unit 105; if there is no final ciphertext in the data storage unit 105 To store the final ciphertext, it needs to be imported from other external devices. In this embodiment, the final ciphertext obtained is R, and the password entered by the user is P.

[0132] In step S1202, the data processing unit 104 decomposes the final ciphertext to obtain combined data of the random number and the primary ciphertext. In this embodiment, the data processing unit 104 calls its data decomposition module 1042 to decompose the final ciphertext R according to the password P provided by the user to obtain the combined data of the random number S and the primary ciphertext E.

[0133] In step S1203, the data processing unit 104 further decomposes the combined data of the random number and the primary ciphertext to obtain an independent random number and the primary ciphertext. In this embodiment, the data decomposition module 1042 further decomposes the combined data of the random number S and the primary ciphertext E to obtain an independent random number S and the primary ciphertext E. The specific decomposition process can refer to the existing technology.

[0134] In step S1204, the key generation unit 102 generates a primary key based on the password and the random number. In the present invention, the algorithm for generating the primary key K must be an irreversible algorithm, and the simplest is to use a known hash algorithm. For example, if the password input by the user is P and the random number is S, then P+S is taken as a whole character string, and then the hash result is calculated for the whole character string using a hash algorithm, that is, the primary key K. Since the random number S calculated for each encryption is different, the result of the hash algorithm calculation is also different. Since the algorithm itself is not reversible, the value of K is different each time, so it cannot be cracked with the cracked K. The user’s other data avoids large-scale leaks of data. The hash algorithm can be multiple, such as MD5, Secure Hash Algorithm (SHA), etc. These algorithms are relatively similar, but the difficulty of finding the collision value is different, and MD5 is relatively better in computing performance.

[0135]In a specific embodiment, the key generation unit 102 calls the key calculation module 1022 to generate the primary key using the MD5 algorithm. The specific process is: first implement the MD5 function through a scripting language (JavaScript), such as MD5(data), perform a hash operation on the data, and the return value is the result of the calculation; then pass in the overall string of P+S and call MD5() Function, the returned hash value K is the primary key.

[0136] In step S1205, the encryption and decryption unit 103 decrypts the primary ciphertext through a symmetric encryption algorithm according to the primary key to obtain the original text, and sends it to the data storage unit 105. The symmetric encryption algorithm used for decryption here is the same as the aforementioned Figure 8 , Picture 9 , Picture 10 The symmetric encryption algorithm used in the encryption is the same, including DES, IDEA, AES, etc., which will not be repeated here. In this embodiment, the encryption and decryption unit 103 decrypts the primary ciphertext E according to the primary key K through the above-mentioned symmetric encryption algorithm to obtain the original text T. If the DES algorithm is adopted, it is: T=DES(K, E).

[0137] In step S1206, the data storage unit 105 saves the decrypted result, that is, the original text.

[0138] Figure 13 Shows the method flow of data decryption in one of the embodiments of the present invention, which specifically includes:

[0139] In step S1301, the user interface unit 101 obtains the final ciphertext to be decrypted and the password input by the user in the encryption phase. In this embodiment, the final ciphertext obtained is R, and the password entered by the user is P. The specific content of this step is the same as the above Picture 12 The step S1201 is the same, and will not be repeated here.

[0140] In step S1302, the data processing unit 104 decomposes the final ciphertext to obtain combined data of the random number and the primary ciphertext. In this embodiment, the data decomposition module 1042 decomposes the final ciphertext R according to the password P provided by the user to obtain the combined data of the random number S and the primary ciphertext E. The specific content of this step is the same as the above Picture 12 The step S1202 is the same, and will not be repeated here.

[0141] In step S1303, the data processing unit 104 further decomposes the combined data of the random number and the primary ciphertext to obtain an independent random number and the primary ciphertext. In this embodiment, the data decomposition module 1042 further decomposes the combined data of the random number S and the primary ciphertext E to obtain an independent random number S and the primary ciphertext E. The specific decomposition process can refer to the existing technology. The specific content of this step is the same as the above Picture 12 The step S1203 is the same, and will not be repeated here.

[0142] In step S1304, the key generation unit 102 generates a primary key based on the password and the random number. In the present invention, the algorithm for generating the primary key K must be an irreversible algorithm, and the simplest is to use a known hash algorithm. The specific content of this step is the same as the above Picture 12 The step S1203 is the same, and will not be repeated here.

[0143] In step S1305, the encryption and decryption unit 103 decrypts the primary ciphertext through a symmetric encryption algorithm according to the primary key, and then sends the decryption result to the data processing unit 104. The symmetric encryption algorithm used for decryption here is the same as the aforementioned Figure 8 , Picture 9 , Picture 10 The symmetric encryption algorithms used in the encryption are the same, including DES, IDEA, AES, etc., so I won’t repeat them here.

[0144] In step S1306, after receiving the decryption result, the data processing unit 104 analyzes the decryption result to determine whether it is the combined data of the check code and the original text: if yes, execute step S1307; if not, execute step S1309.

[0145] In step S1307, the data processing unit 104 calls its data decomposition module 1042 to decompose the combined data of the check code and the original text to obtain an independent check code and original text. In this embodiment, if the decryption result is the combined data of the check code and the original text, the data decomposition module 1042 decomposes the combined data of the check code C and the original text T to obtain independent check codes C and original text T, and then Then input the check code C into the check processing module 1043.

[0146] In step S1308, the verification processing module 1043 verifies the verification code to determine whether the decoding result of the foregoing steps is correct: if it is correct, execute step S1309; if it is incorrect, it ends.

[0147] In the decryption stage, the verification processing module 1043 can also use multiple algorithms to verify the accuracy of the verification code. In one embodiment, the check processing module 1043 uses the CRC algorithm to perform data processing based on the original text T in the decoding result, and obtains a new check code C', namely: C'=CRC(T); and then combine C with C 'Contrast, if C=C', prove that the decryption result is correct, otherwise it is wrong. The purpose of verifying the check code is to avoid outputting wrong garbled codes when the password is wrong.

[0148] In step S1309, the data storage unit 105 saves the decryption result, that is, the original text T.

[0149] To sum up, in the encryption and decryption method provided by the present invention, the encryption key of each original text is different, thus avoiding large-scale leakage of secrets due to one data being cracked; and because only part of the data is extracted from the primary key As an encryption key, even if the primary key can be cracked, the password entered by the user cannot be cracked directly based on the primary key. It can be seen from the above that the present invention improves the security of stored data.

[0150] The above are only the preferred embodiments of the present invention and are not intended to limit the present invention. Any modification, equivalent replacement and improvement made within the spirit and principle of the present invention shall be included in the protection of the present invention. Within range.

## PUM

## Description & Claims & Application Information

We can also present the details of the Description, Claims and Application information to help users get a comprehensive understanding of the technical details of the patent, such as background art, summary of invention, brief description of drawings, description of embodiments, and other original content. On the other hand, users can also determine the specific scope of protection of the technology through the list of claims; as well as understand the changes in the life cycle of the technology with the presentation of the patent timeline. Login to view more.

## Similar technology patents

## Foodstuff monitoring method and device

Owner:XIAOMI INC

## Cookie-based secure single sign-on method and unified authentication service system thereof

Owner:SICHUAN CHANGHONG ELECTRIC CO LTD

## Method, device and system for carrying out service access control on third-party application

Owner:ALIBABA GRP HLDG LTD

## Multifunctional carry-on power supply

Owner:NANKAI UNIV

## Classification and recommendation of technical efficacy words

- improve security

## Block chain system, and data storage method and apparatus

Owner:ADVANCED NEW TECH CO LTD

## Pesticide micro-capsule granules and preparation method thereof

Owner:联合国南通农药剂型开发中心 +1

## Method for achieving user authentication by utilizing camera

Owner:湖北微模式科技发展有限公司

## Signing and decrypting method and system applied to cloud computing and based on SM2 algorithm

Owner:INST OF INFORMATION ENG CAS