Data encryption method and device and data decryption method and device

[0043] The exemplary embodiments will be described in detail here, and examples thereof are shown in the accompanying drawings. When the following description refers to the accompanying drawings, unless otherwise indicated, the same numbers in different drawings represent the same or similar elements. The implementation manners described in the following exemplary embodiments do not represent all implementation manners consistent with the present invention. Rather, they are merely examples of devices and methods consistent with some aspects of the present invention as detailed in the appended claims.

[0044] First, introduce several terms involved in this article.

[0045] Anti-virus software (also known as: anti-virus software or anti-virus software): refers to software used to eliminate malicious programs such as viruses and Trojan horses in the terminal. Anti-virus software includes at least an anti-virus engine and virus database.

[0046] Antivirus engine: It is a program that is used to detect and discover malicious programs, such as tav antivirus engine.

[0047] Virus database: refers to the specimens of malicious programs that have been discovered, which are used by anti-virus engines to detect and discover malicious programs. The virus database includes at least a virus name database and a characteristic information database. The virus name database includes the virus name of the virus and the virus ID (Identity) corresponding to the virus name. Please refer to the virus name database shown in Table 1. The header information is used to indicate the virus name database. The characteristic information database includes the characteristic information of the virus and the virus ID corresponding to the characteristic information. Please refer to the characteristic information database shown in Table 2, where the header information is used to indicate the characteristic information database.

[0048] Table I:

[0049]

[0050] Table II:

[0051]

[0052]

[0053] Target data: refers to the data that needs to be encrypted and protected. The target data includes: at least one of characteristic information and virus names in the virus database, chat records, call records, contacts, favorite records, and photo albums. Of course, the target data may also include other types of data, which will not be listed here in this embodiment.

[0054] Encryption algorithm: refers to the algorithm used to encrypt the target data. The encryption algorithm includes an encryption template and a key. For example, the encryption algorithm is: XOR key 1 of target data.

[0055] Decryption algorithm: refers to the algorithm used to decrypt the encrypted target data. The decryption algorithm has a corresponding encryption algorithm. The decryption algorithm includes a decryption template and a key. For example, the decryption algorithm is: the encrypted target data XOR key 1.

[0056] Please refer to figure 1 , Which shows a schematic structural diagram of a data processing system provided by an embodiment of the present invention. The system includes a server 110 and a terminal 120.

[0057] The server 110 may be a single server or at least one server cluster, which is not limited in this embodiment.

[0058] The server 110 is configured to encrypt target data, and send the encrypted target data to the terminal 110 through a communication connection.

[0059] The server 110 establishes a communication connection with the terminal 120 through a wireless network or a wired network.

[0060] Terminal 120 includes mobile phones, tablet computers, e-book readers, MP3 (Moving Picture Experts Group Audio Layer III, moving picture experts compressed standard audio layer 3) player, MP4 (Moving Picture Experts Group Audio Layer IV, moving picture experts compressed standard audio layer) 4) Players, laptop computers, desktop computers, etc., which are not limited in this embodiment.

[0061] The terminal 120 receives the encrypted target data sent by the server 110 through the communication connection, and decrypts the target data when using the target data. Optionally, when the encrypted target data includes at least one of the encrypted feature information in the virus database and the encrypted virus name, the terminal 120 is installed with antivirus software for detecting whether the file is a virus. The antivirus software It is used to decrypt the sub-data to be decrypted in the encrypted target data through the anti-virus engine, and detect whether the file is a virus according to the decrypted sub-data.

[0062] It should be supplemented that this embodiment only takes the number of terminals 120 as an example for description. In actual implementation, the number of terminals 120 may be multiple, which is not limited in this embodiment.

[0063] Optionally, the aforementioned wireless network or wired network uses standard communication technologies and/or protocols. The network is usually the Internet, but it can also be any network, including but not limited to local area network (LAN), metropolitan area network (MAN), wide area network (Wide Area Network, WAN), mobile, wired or wireless Network, private network or any combination of virtual private network). In some embodiments, technologies and/or formats including HyperText Mark-up Language (HTML), Extensible Markup Language (XML), etc. are used to represent data exchanged over the network. In addition, you can also use secure socket layer (Secure Socket Layer, SSL), transport layer security (Trassport Layer Security, TLS), virtual private network (Virtual Private Network, VPN), Internet Protocol Security (Internet Protocol Security, IPsec), etc. Conventional encryption technology to encrypt all or some links. In other embodiments, customized and/or dedicated data communication technologies can also be used to replace or supplement the aforementioned data communication technologies.

[0064] Please refer to Figure 2A , Which shows a flowchart of a data processing method provided by an embodiment of the present invention. This method is used figure 1 In the data processing system shown, the method may include the following steps:

[0065] Step 201: The server obtains target data to be encrypted.

[0066] Target data refers to data that needs to be encrypted and protected, and usually target data includes at least two sub-data. The sub-data includes at least one of the feature information in the feature information database and the virus name in the virus name database.

[0067] Optionally, the types of at least two sub-data in the target data may be the same, for example: the at least two sub-data are virus names; or, the types of the at least two sub-data may also be different, for example: the at least two sub-data It includes two types, feature information and virus name, which is not limited in this embodiment.

[0068] The target data obtained by the server may be input by the developer or sent by other terminals, which is not limited in this embodiment.

[0069] Step 202: The server obtains at least two encryption algorithms.

[0070] In this embodiment, by using at least two encryption algorithms to encrypt the target data, it is more difficult for a malicious person to crack the encrypted target data, thereby improving the security of the encrypted target data.

[0071] Optionally, step 202 can be performed before step 201, can also be performed after step 201, and can also be performed simultaneously with step 201, which is not limited in this embodiment.

[0072] Step 203: For each piece of sub-data in the target data, the server selects the target encryption algorithm from at least two encryption algorithms to encrypt the sub-data to obtain encrypted target data.

[0073] The server selects the target encryption algorithm from at least two encryption algorithms to encrypt the sub-data including but not limited to the following methods.

[0074] In the first way, for different sub-data, the server uses different target encryption algorithms for encryption. At this time, the sub-data corresponds to the target encryption algorithm one to one.

[0075] Please refer to Figure 2B , Assuming that the target data is the virus name database in the virus database shown in Table 1, and the sub-data is virus name 1, virus name 2, and virus name 3 in the virus name database. according to Figure 2B It can be seen that the server encrypts virus name 1 through encryption algorithm 1 to obtain encrypted virus name 1; encrypts virus name 2 through encryption algorithm 2 to obtain encrypted virus name 2; encrypts virus name 3 through encryption algorithm 3 to obtain encrypted virus name 3 Therefore, different encrypted sub-data in the encrypted target data obtained by the server use different encryption algorithms.

[0076] In the second way, for some sub-data in the target data, the server uses the same first target encryption algorithm to encrypt; for different remaining sub-data in the target data, the server uses a different second target encryption algorithm to encrypt, and get The encrypted target data.

[0077] Wherein, the number of partial sub-data is at least two, and the number of remaining sub-data is at least one. The first target encryption algorithm is different from the second target encryption algorithm.

[0078] Please refer to Figure 2C Suppose the target data is the virus name database in the virus database shown in Table 1, and the sub-data are virus name 1, virus name 2, and virus name 3 in the virus name database. according to Figure 2C It can be seen that the server encrypts the virus name 1 through the encryption algorithm 1 to obtain the encrypted virus name 1; encrypts the virus name 2 through the encryption algorithm 1 to obtain the encrypted virus name 2; encrypts the virus name 3 through the encryption algorithm 3 to obtain the encrypted virus name 3 Therefore, there are at least two encrypted sub-data using different encryption algorithms in the encrypted target data obtained by the server, such as: encrypted virus name 1 and encrypted virus name 3, and there are at least two The encrypted sub-data uses the same encryption algorithm, such as: encrypted virus name 1 and encrypted virus name 2.

[0079] Optionally, the server periodically sends the encrypted target data to the terminal.

[0080] Step 204: The terminal obtains the encrypted target data.

[0081] The encrypted target data may be sent by the server, or stored in the terminal after being encrypted by itself, which is not limited in this embodiment. The target data acquired by the terminal includes at least two encrypted sub-data, and in the at least two encrypted sub-data, at least two encrypted sub-data use different encryption algorithms.

[0082] Step 205: The terminal determines the encrypted sub-data to be decrypted from the encrypted target data.

[0083] When the terminal uses the target data, it may not need to use all the sub-data in the target data. For example, when the anti-virus software searches the virus name of the virus file through the virus database, it only needs to check the characteristics of the virus file in the virus database. The virus name corresponding to the virus is decrypted to obtain the virus name. Therefore, the terminal decrypts the encrypted subdata by determining the encrypted subdata to be decrypted, so that only the terminal needs to be used in the memory of the terminal The decrypted sub-data, other encrypted sub-data still remain encrypted. Malicious persons will not obtain all the sub-data included in the target data while the terminal is using the target data, which improves the security of other sub-data .

[0084] Optionally, when the encrypted target data is the encrypted virus name in the virus database, the terminal determines the encrypted subdata to be decrypted from the encrypted target data, including: the antivirus engine compares the characteristic information and characteristics of the file The feature information in the information database is matched; when there is a feature information in the feature information database that matches the feature information of the file, the virus ID corresponding to the feature information is obtained from the feature information database; according to the virus ID in the virus name database The corresponding relationship with the virus name, the virus name corresponding to the virus ID is determined as the encrypted sub-data to be decrypted.

[0085] Please refer to Figure 2D Suppose the feature information database is as shown in Table 1 above, and the virus name database is as shown in Table 2 above. When the antivirus software checks whether the file 21 is a malicious file, it first uses the feature matcher 22 to find whether there is a file 21 in the feature information database 23. Feature information that matches the feature information; if there is feature information that matches the feature information of the file 21 in the feature information database 23, the antivirus software obtains the virus ID3 corresponding to the feature information from the feature information database 23. Then, the anti-virus software searches the virus name database 25 for the encrypted virus name 3 corresponding to the virus ID 3 through the virus name selector 24, and determines that the encrypted virus name 3 is the encrypted sub-data to be decrypted.

[0086] Optionally, when the terminal needs to use all the target data at once, it can also decrypt all the sub-data in the target data, which is not limited in this embodiment.

[0087] Step 206: The terminal obtains the decryption algorithm corresponding to the encrypted sub-data.

[0088] The decryption algorithm corresponds to the encryption algorithm. For example, if the encryption algorithm is the XOR key 1 of the target data, the decryption algorithm is the XOR key 1 of the target data after encryption.

[0089] Step 207: The terminal decrypts the encrypted sub-data according to the decryption algorithm.

[0090] When the terminal only decrypts part of the encrypted sub-data in the encrypted target data, only the decrypted part of the sub-data exists in the memory of the terminal.

[0091] Optionally, after decrypting the encrypted sub-data, the terminal displays the decrypted sub-data.

[0092] Optionally, steps 201-203 can be implemented separately as a data encryption method on the server side; steps 204-207 can be implemented separately as a data decryption method on the terminal side; or steps 201-203 can be implemented as a data encryption method on the terminal side separately ; Steps 204-207 can be separately implemented as a data decryption method on the terminal side, which is not limited in this embodiment.

[0093] In summary, the method provided in this embodiment encrypts different sub-data in the target data through at least two types of encryption algorithms to obtain the encrypted target data; it solves the problem that the server uses a single encryption algorithm to encrypt the target data. When encrypting as a whole, it is less difficult for a malicious person to crack the encrypted target data, and the security of the encrypted target data is not high; because the target data is encrypted by at least two encryption algorithms, the malicious person When cracking the encrypted target data, at least two encryption algorithms need to be cracked. Therefore, the difficulty of the malicious person in cracking the encrypted target data is increased, and the security of the encrypted target data is improved.

[0094] In addition, the encrypted sub-data to be decrypted is determined from the encrypted target data; the decryption algorithm corresponding to the encrypted sub-data is obtained, and the encrypted sub-data is decrypted according to the encryption algorithm, so that the terminal can use the target data During the process of sub-data, there will not be all the decrypted target data in the memory, but only part of the sub-data, which improves the security of other undecrypted sub-data in the terminal.

[0095] In addition, since the encryption algorithm of the target data is generated based on a randomly generated key, for the sub-data in the same target data, the encryption algorithm generated twice may be different. In this way, even if the encryption algorithm generated the previous time is cracked by a malicious person For the encryption algorithm generated later, the malicious person also needs to crack it again, which increases the difficulty for the malicious person to crack the encrypted sub-data.

[0096] It should be supplemented that, in this embodiment, only the target data includes at least one of a virus name database and a characteristic information database as an example. In actual implementation, the target data can also be chat records, photo albums, and phone calls. Records, contacts, and favorite records. Accordingly, the sub-data in the target data may also be chat information, image data, call data, contact data, and favorite data, which is not limited in this embodiment. Of course, the target data and sub-data may also be other types of data, which are not listed here in this embodiment.

[0097] Optionally, according to different application scenarios, for example, when the data encryption method provided in this embodiment is used to encrypt chat records, photo albums, call records, contacts, favorite records, etc. in the terminal, steps 201-203 can also be performed by Terminal to execute. At this time, the target data acquired by the terminal is collected by the collection component in the terminal or input by the user, which is not limited in this embodiment. When the target data is encrypted by the terminal, the implementation principle is the same as the content described in steps 201-203, which will not be repeated in this embodiment.

[0098] The following is the specific method of obtaining the encryption algorithm in step 202 (see Figure 3A The illustrated embodiment), the specific method of selecting an encryption algorithm to encrypt the sub-data in the target data in step 203 (see Figure 4A The illustrated embodiment), the specific method of obtaining the decryption algorithm corresponding to the encrypted sub-data in step 206 (see Figure 5A The illustrated embodiments) are described in detail respectively.

[0099] Please refer to Figure 3A , Which shows a flowchart of a method for obtaining an encryption algorithm provided by an embodiment of the present invention. This method is used figure 1 In the server 110 in the data processing system shown, the method includes the following steps.

[0100] Step 301: Obtain an encryption and decryption template pair.

[0101] The encryption and decryption template pair includes: an encryption template and a decryption template corresponding to the encryption template. Usually, the encryption template and decryption template are selected by the developer. In an encryption and decryption template pair, the template type of the encryption template and the template type of the decryption template are the same. The template types include XOR template, XOR template, NAND template, NOR template, AND template, or template and non-template. At least two of the templates. Of course, the template type can also be other types of templates, such as exclusive OR templates, and combinations with templates.

[0102] Step 302: At least one key is randomly generated.

[0103] In this step, the server randomly generates at least one key through the first random number generator, and the range of the random number generated by the first random number generator may be fixed or not, which is not limited in this embodiment.

[0104] In addition, this embodiment does not limit the number of bits of the key generated by the first random number generator. For example, the number of bits of the key generated by the first random number generator is the same as the number of sub-data.

[0105] Step 303: Generate an encryption and decryption algorithm set according to the encryption and decryption template pair and the key.

[0106] The encryption and decryption algorithm set includes at least two encryption and decryption algorithm combinations. The server synthesizes an encryption and decryption template pair and a key into a set of encryption and decryption algorithm combinations through an algorithm synthesizer. The encryption template and the key in the encryption and decryption template pair are synthesized into an encryption algorithm. The decryption in the encryption and decryption template pair The template and key are combined into a decryption algorithm. That is, each combination of encryption and decryption algorithms includes an encryption algorithm and a decryption algorithm, and the encryption algorithm and decryption algorithm in the combination of encryption and decryption algorithms include the same key.

[0107] Assuming that the template type of the encryption template in the encryption and decryption encryption template pair is XOR template, and the key generated by the random number generator is key A, then the encryption algorithm in the encryption and decryption algorithm combination obtained by the algorithm synthesizer is: subdata XOR key A; the decryption algorithm is the encrypted subdata XOR key A. Among them, the encryption algorithm and the decryption algorithm have the same key A.

[0108] Optionally, in order to ensure that the terminal can determine a unique set of encryption and decryption algorithm combinations according to the keys, the keys included in different sets of encryption algorithm combinations are different.

[0109] Optionally, the template types of the encryption and decryption template pairs of different encryption and decryption algorithm combinations may be the same or different, which is not limited in this embodiment.

[0110] Please refer to Figure 3B The set of encryption and decryption algorithms shown. The encryption and decryption algorithm set includes three groups of encryption and decryption algorithm combinations, and each group of encryption and decryption algorithms includes an encryption algorithm and a decryption algorithm. Different groups of encryption and decryption algorithm combinations have different keys, such as: the first group of encryption and decryption algorithm combinations are key A, the second group of encryption and decryption algorithm combinations are key B, and the third group of encryption and decryption algorithms are combined. The key is key C. The encryption and decryption template pairs of different encryption algorithm combinations can be the same. For example, the template type of the encryption and decryption template pair of the first encryption and decryption algorithm combination is the same as the template type of the encryption and decryption template pair of the second encryption and decryption algorithm combination. It is an exclusive OR template; the template types of the encryption and decryption template pairs of different groups of encryption algorithm combinations can also be different, for example: the template type of the encryption and decryption templates of the first group of encryption and decryption algorithm combinations is the exclusive OR template, and the third group of encryption and decryption algorithms The template type of the combined encryption and decryption template pair is the same or template, and the two are different.

[0111] In summary, the method provided in this embodiment obtains an encryption and decryption template pair; randomly generates at least one key; generates an encryption and decryption algorithm based on the encryption and decryption template pair and the key, so that the server has a fixed number of encryption and decryption templates. Next, multiple encryption and decryption algorithms can be generated by randomly generating multiple keys, which increases the number of encryption algorithms.

[0112] In addition, because the algorithm complexity of the encryption and decryption template is low, the difficulty of encrypting the sub-data of the server and decrypting the sub-data of the terminal is reduced, thereby improving the efficiency of encrypting and decrypting the target data.

[0113] Please refer to Figure 4A , Which shows a flowchart of a method for encrypting sub-data in target data through an encryption algorithm provided by an embodiment of the present invention. This method is used figure 1 In the server 110 in the data processing system shown, the method includes the following steps.

[0114] Step 401: For each piece of sub-data, randomly select a target key from the keys of at least two encryption algorithms.

[0115] In this step, the server randomly selects the target key from the keys of the encryption algorithm through the second random number generator. according to Figure 3A The illustrated embodiment shows that the encryption algorithm in the encryption and decryption algorithm set is composed of an encryption template and a corresponding key, and the corresponding target key can be found in the encryption and decryption algorithm set according to the random number generated by the random number generator.

[0116] Optionally, in order to ensure that the server can find the corresponding target key in the encryption and decryption algorithm set according to the random number generated by the second random number generator, the generation range of the random number of the second random number generator is determined by the encryption and decryption algorithm All the keys in the set are composed.

[0117] Assume that the encryption and decryption algorithms generated by the server are as follows Figure 3B As shown, then, the random number generation range of the second random number generator is composed of key A, key B, and key C.

[0118] Step 402: Determine the target encryption algorithm to which the target key belongs among the at least two encryption algorithms.

[0119] The server selects the target encryption algorithm from at least two encryption algorithms through the encryption algorithm selector. Since the encryption algorithm is composed of an encryption template and a corresponding key, the encryption algorithm selector can determine the target encryption algorithm to which the target key belongs according to the target key.

[0120] Assume that the encryption and decryption algorithms generated by the server are as follows Figure 3B As shown, the target key generated by the second random number generator is key A, then the key encryption algorithm determined by the encryption algorithm selector is: sub-data XOR key A.

[0121] Step 403: Encrypt the sub-data through the target encryption algorithm to obtain the encrypted sub-data.

[0122] Assuming that the target key is key A, the target encryption algorithm determined by the server according to key A is: sub-data XOR key A, if the sub-data is 10110110 and key A is 00001111, the encrypted sub-data is 10111001.

[0123] It should be supplemented that, in this embodiment, the number of bits of the key is equal to the number of sub-data as an example. In actual implementation, the number of bits of the key and the number of sub-data may also be different. When the number of digits of the key is different from that of the sub-data, for the one with the smaller median of the key and the sub-data, zero-padded processing is performed in front of the data, and the number of digits obtained after zero-padded is the same as that of the other The digits are equal.

[0124] Step 404: Establish a correspondence between the encrypted sub-data and the target key.

[0125] The corresponding relationship is used to determine the decryption algorithm to which it belongs according to the corresponding target key when decrypting the encrypted sub-data.

[0126] Assuming that the sub-data is each virus name in the virus name database shown in Table 1, the server encrypts virus name 1 according to the XOR algorithm to which key A belongs, and establishes the correspondence between key A and encrypted virus name 1; The virus name 2 is encrypted according to the XOR algorithm to which the key B belongs, and the corresponding relationship between the key B and the encrypted virus name 2 is established; the virus name 3 is encrypted according to the XOR algorithm to which the key C belongs, and the key C and Correspondence between the encrypted virus names 3, from this, the virus name database shown in Table 3 is obtained.

[0127] Table Three:

[0128]

[0129]

[0130] Step 405: Generate encrypted target data according to the encrypted sub-data.

[0131] Optionally, step 405 may be executed after step 404, or may be executed before step 404, or simultaneously with step 404, which is not limited in this embodiment.

[0132] In summary, the method provided in this embodiment encrypts the sub-data in the target data by randomly selecting an encryption algorithm from the set of encryption and decryption algorithms, and establishes a relationship between the encrypted sub-data and the key in the encryption algorithm. Correspondence, and obtain the encrypted target data. On the premise of increasing the difficulty of the malicious person to decrypt the encrypted target data, it also ensures that the terminal can decrypt the encrypted target data normally according to the key, ensuring the encrypted target The data can be used normally by the terminal.

[0133] Schematically, in order to understand the data encryption method provided in this embodiment more clearly, please refer to Figure 4B , The following is an example of the data encryption method. In this example, the target data is the virus name database, and the subdata is the virus name.

[0134] After obtaining the virus name 41, the server first generates the target key 43 through the second random number generator 42; then, the encryption algorithm selector 44 selects the target secret from the set of encryption and decryption algorithms 45 according to the target key 43. The target encryption algorithm 46 to which the key 43 belongs; then, the virus name 41 is encrypted by the target encryption algorithm 46 to obtain the encrypted virus name 47; the correspondence between the encrypted virus name 47 and the key 43 is established to obtain the corresponding The relationship is stored in the virus name database.

[0135] Please refer to Figure 5A , Which shows a flowchart of a method for obtaining the decryption algorithm corresponding to the encrypted sub-data provided by an embodiment of the present invention. This method is used figure 1 In the terminal 120 in the data processing system shown, the method includes the following steps.

[0136] Step 501: Obtain a set of encryption and decryption algorithms.

[0137] The set of encryption and decryption algorithms acquired by the terminal may be generated by itself or sent by the server, which is not limited in this embodiment. Among them, the encryption and decryption algorithm set includes at least two encryption and decryption algorithm combinations. Each encryption and decryption algorithm combination includes an encryption algorithm and a decryption algorithm. The encryption algorithm includes an encryption template and a key. The decryption algorithm includes a decryption template and a key. The same set of encryption and decryption The encryption algorithm and the decryption algorithm in the algorithm combination include the same keys, and the encryption algorithm combinations of different groups include different keys.

[0138] Optionally, when the terminal obtains the decryption algorithm corresponding to the encrypted target data from the server, the server may not send all the encryption and decryption algorithm sets to the terminal, but sends the decryption algorithms in the encryption and decryption algorithm set to the terminal. This implementation The example does not limit this.

[0139] Step 502: Determine the key corresponding to the encrypted sub-data according to the pre-stored correspondence, and the correspondence at least includes the correspondence between the encrypted sub-data and the key.

[0140] When the terminal obtains the encrypted target data, it will also obtain the corresponding relationship between each encrypted sub-data and the key in the encrypted target data. The corresponding relationship is used for the terminal to determine each encrypted target data. The decryption algorithm corresponding to the sub-data. It is assumed that the corresponding relationship obtained by the terminal is shown in Table 3.

[0141] Optionally, step 502 can be performed after step 501, or before step 501, or can be performed simultaneously with step 501, which is not limited in this embodiment.

[0142] Step 503: Search for the decryption algorithm to which the key belongs from the encryption and decryption algorithm set.

[0143] The terminal uses the decryption algorithm selector to find the decryption algorithm to which the key belongs from the set of decryption algorithms.

[0144] Assume that the set of encryption and decryption algorithms obtained by the terminal is as follows Figure 3B As shown, the correspondence between the encrypted sub-data and the key is shown in Table 3. If the encrypted sub-data is the encrypted virus name 1, then the encrypted virus is obtained according to the correspondence shown in Table 3. The key corresponding to name 1 is key A, and the decryption algorithm selector finds that the decryption algorithm to which key A belongs in the encryption and decryption algorithm set is: the encrypted sub-data XOR key A.

[0145] Schematically, in order to understand the data decryption method provided in this embodiment more clearly, please refer to Figure 5B , The following describes the data decryption method with an example. In this example, the target data is the virus name database, and the subdata is the virus name.

[0146] When detecting whether the file 51 is a malicious file, the terminal uses the feature matcher 52 to search the feature information database 53 to see if there is feature information that matches the feature information of the file 51; if it exists, the terminal obtains the feature information from the feature information database 53 The virus ID 54 corresponding to the characteristic information; the terminal uses the virus name selector 55 to find the encrypted virus name 57 corresponding to the virus ID 54 and the key 58 corresponding to the encrypted virus name 57 in the virus name database 56; the terminal decrypts The algorithm selector 59 selects the decryption algorithm 592 to which the key 58 belongs from the encryption and decryption algorithm set 591; the terminal decrypts the encrypted virus name 57 according to the decryption algorithm 592 to obtain the decrypted virus name 593.

[0147] Optionally, the server can encrypt the same sub-data using at least two target encryption algorithms. At this time, for each piece of sub-data, the server selects the method of each target encryption algorithm and Figure 4A The selection method described is the same, and will not be repeated in this embodiment.

[0148] After the server selects at least two target encryption algorithms for encrypting the same piece of sub-data, methods for using the at least two target encryption algorithms to encrypt the sub-data include but are not limited to the following.

[0149] In the first method, the priority of each encryption algorithm is preset in the server, and the server encrypts the sub-data according to the selected priority of at least two target encryption algorithms in descending order to obtain the encrypted sub-data.

[0150] Correspondingly, when the terminal decrypts the encrypted sub-data, it determines the decryption algorithm corresponding to each target encryption algorithm in the at least two target encryption algorithms (that is, the decryption algorithm that has the same key as the encryption algorithm), according to The priority of the decryption algorithm is from low to high to decrypt the sub-data. Among them, the priority of the decryption algorithm is the same as the priority of the encryption algorithm.

[0151] Suppose the target encryption algorithm selected by the server is: sub-data XOR key A and sub-data XOR key B, and the priority of the encryption algorithm is that sub-data XOR key A is higher than sub-data XOR key B; then For the same sub-data, the server first XORs the sub-data with the key A to obtain the first sub-data; then XORs the first sub-data with the key B to obtain the encrypted sub-data.

[0152] Correspondingly, when decrypting the above-mentioned encrypted sub-data, the terminal first XORs the encrypted sub-data with key B to obtain the first sub-data; and then XORs the first sub-data with key A to obtain the sub-data.

[0153] In the second way, for the same piece of sub-data, the server encrypts the sub-data in a random order using at least two selected target encryption algorithms to obtain the encrypted sub-data; records the random order, and sends the random order to the terminal.

[0154] Correspondingly, when the terminal decrypts the encrypted sub-data, it determines the decryption algorithm corresponding to each target encryption algorithm in the at least two target encryption algorithms (that is, the decryption algorithm that has the same key as the encryption algorithm), according to The sub-data is decrypted in the reverse order of the random order recorded by the server.

[0155] Suppose that the target encryption algorithm selected by the server is: sub-data XOR key A and sub-data XOR key B; for the same sub-data, the server randomly XORs the sub-data first to obtain the first sub-data; Then, the first sub-data XOR key B is used to obtain the encrypted sub-data, and the random sequence is recorded: sub-data XOR key A and sub-data XOR key B.

[0156] Correspondingly, when the terminal decrypts the above-mentioned encrypted sub-data, according to the order opposite to the above-mentioned random order, first XOR the encrypted sub-data with key B to obtain the first sub-data; then XOR the first sub-data Key A gets sub-data.

[0157] In order to more clearly understand the entire process of the data encryption method and data decryption method provided by the present invention, the above method will be described below with an example. Please refer to Image 6 , Which shows a flowchart of a data processing method provided by an embodiment of the present invention. In the following example, the data encryption method is applied to the server, and the data decryption method is applied to the terminal. The target data is the virus name database, and the sub-data in the target data is the virus name in the virus name database.

[0158] The server obtains the virus name database 61; the server generates the encryption and decryption algorithm set 63 through the algorithm synthesizer 62 according to the encryption and decryption template pair and the key; the server selects the target from the encryption and decryption algorithm set 63 according to the randomly generated key through the encryption algorithm selector 64 Encryption algorithm 65; the server encrypts the virus name database 61 according to the target encryption algorithm 65 to obtain the encrypted virus name database 66; the server sends the encryption and decryption algorithm set 63 and the encrypted virus name database 66 to the terminal.

[0159] Correspondingly, the terminal receives the encryption and decryption algorithm set 63 and the encrypted virus name database 66.

[0160] When the anti-virus software in the terminal detects whether the file 67 is a malicious file, the anti-virus engine 68 in the anti-virus software detects whether the characteristic information of the file is the characteristic information of the malicious file; if so, obtain the virus ID corresponding to the characteristic information; The encrypted virus name corresponding to the virus ID is determined in the subsequent virus name database 66, and the decryption algorithm is selected from the encryption and decryption algorithm set 63 according to the key corresponding to the encrypted virus name, and the decryption algorithm is used for the encrypted virus name. The virus name is decrypted, and the original virus name 69 is obtained; the terminal displays the virus name 69.

[0161] The following are device embodiments of the present invention, which can be used to implement the method embodiments of the present invention. For details not disclosed in the device embodiment of the present invention, please refer to the method embodiment of the present invention.

[0162] Please refer to Figure 7 , Which shows a block diagram of a data processing device provided by an embodiment of the present invention. The device has the function of executing the above method example, and the function can be realized by hardware, or by hardware executing corresponding software. The apparatus may include: a first acquisition module 710, a second acquisition module 720, and an encryption module 730.

[0163] The first obtaining module 710 is configured to perform the above step 201;

[0164] The second acquisition module 720 is configured to perform the above step 202;

[0165] The encryption module 730 is configured to execute the above step 203.

[0166] Optionally, the second obtaining module 720 includes: an obtaining unit, a first generating unit, and a second generating unit.

[0167] The obtaining unit is configured to perform step 301 above;

[0168] The first generating unit is configured to execute the above step 302;

[0169] The second generating unit is configured to perform step 303 above.

[0170] Optionally, for the encryption algorithm and decryption algorithm in the same encryption and decryption algorithm combination, the template type of the encryption template included in the encryption algorithm and the template type of the decryption template included in the decryption algorithm are the same, and the template types include XOR template, XOR template At least one of, NAND template, NOR template, AND template, or template and non-template.

[0171] Optionally, the encryption module 730 includes: a selection unit, a determination unit, an encryption unit, a relationship establishment unit, and a third generation unit.

[0172] The selection unit is used to execute the above step 401;

[0173] The determining unit is configured to execute the above step 402;

[0174] The encryption unit is used to perform step 403 above;

[0175] The relationship establishment unit is configured to perform step 404 above;

[0176] The third generating unit is configured to perform step 405 above.

[0177] Related details can refer to Figure 2A , Figure 3A , Figure 4A Example of the method shown.

[0178] Please refer to Figure 8 , Which shows a block diagram of a data processing device provided by an embodiment of the present invention. The device has the function of executing the above method example, and the function can be realized by hardware, or by hardware executing corresponding software. The apparatus may include: a first acquisition module 810, a determination module 820, a second acquisition module 830, and a decryption module 840.

[0179] The first obtaining module 810 is configured to perform the above step 204;

[0180] The determining module 820 is configured to execute the above step 205;

[0181] The second acquiring module 830 is configured to execute the above step 206;

[0182] The decryption module 840 is configured to execute the above step 207.

[0183] Optionally, the second acquiring module 830 includes: an acquiring unit, a determining unit, and a searching unit.

[0184] The obtaining unit is configured to perform step 501 above;

[0185] The determining unit is configured to execute the above step 502;

[0186] The search unit is used to perform step 503 above.

[0187] Related details can refer to Figure 2A with Figure 5A Example of the method shown.

[0188] It should be noted that: when the device provided in the above embodiment realizes its function, only the division of the above-mentioned functional modules is used as an example. In practical applications, the above-mentioned functions can be allocated by different functional modules as required, that is, equipment The internal structure is divided into different functional modules to complete all or part of the functions described above. In addition, the apparatus and method embodiments provided in the above embodiments belong to the same concept, and the specific implementation process is detailed in the method embodiments, and details are not described herein again.

[0189] Please refer to Picture 9 , Which shows a structural framework diagram of a server provided by an embodiment of the present invention. The server 900 includes a central processing unit (CPU) 901, a system memory 904 including a random access memory (RAM) 902 and a read only memory (ROM) 903, and a system bus 905 connecting the system memory 904 and the central processing unit 901. The server 900 also includes a basic input/output system (I/O system) 906 that helps transfer information between various devices in the computer, and a mass storage for storing the operating system 913, application programs 914, and other program modules 918. Equipment 907.

[0190] The basic input/output system 906 includes a display 908 for displaying information and an input device 909 such as a mouse and a keyboard for the user to input information. The display 908 and the input device 909 are both connected to the central processing unit 901 through the input and output controller 910 connected to the system bus 905. The basic input/output system 906 may also include an input and output controller 910 for receiving and processing input from multiple other devices such as a keyboard, a mouse, or an electronic stylus. Similarly, the input and output controller 910 also provides output to a display screen, a printer, or other types of output devices.

[0191] The mass storage device 907 is connected to the central processing unit 901 through a mass storage controller (not shown) connected to the system bus 905. The mass storage device 907 and its associated computer readable medium provide non-volatile storage for the server 900. That is, the mass storage device 907 may include a computer-readable medium (not shown) such as a hard disk or a CD-ROM drive.

[0192] Without loss of generality, the computer-readable media may include computer storage media and communication media. Computer storage media includes volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storing information such as computer readable instructions, data structures, program modules or other data. Computer storage media include RAM, ROM, EPROM, EEPROM, flash memory or other solid-state storage technologies, CD-ROM, DVD or other optical storage, tape cartridges, magnetic tape, disk storage or other magnetic storage devices. Of course, those skilled in the art may know that the computer storage medium is not limited to the foregoing. The aforementioned system memory 904 and mass storage device 907 may be collectively referred to as a memory.

[0193] According to various embodiments of the present invention, the server 900 may also be connected to a remote computer on the network to run through a network such as the Internet. That is, the server 900 can be connected to the network 912 through the communication component 911 connected to the system bus 905, or in other words, the communication component 911 can also be used to connect to other types of networks or remote computer systems (not shown).

[0194] The memory further includes one or more programs, the one or more programs are stored in the memory, and the one or more programs include the data encryption method provided by the embodiment of the present invention that is executed by the server. instruction.

[0195] Those of ordinary skill in the art can understand that all or part of the steps in the data encryption method of the foregoing embodiment can be completed by a program instructing relevant hardware. The program can be stored in a computer-readable storage medium, and the storage medium can include: Read only memory (ROM, Read Only Memory), random access memory (RAM, Random Access Memory), magnetic disk or optical disk, etc.

[0196] Please refer to Picture 10 , Which shows a schematic structural diagram of a terminal provided by an embodiment of the present invention. The terminal 1000 is used to implement the data decryption method provided in the foregoing embodiment. Specifically:

[0197] The terminal 1000 may include an RF (Radio Frequency, radio frequency) circuit 1010, a memory 1020 including one or more computer-readable storage media, an input unit 1030, a display unit 1040, a sensor 1050, an audio circuit 1060, WiFi (wireless fidelity, wireless The fidelity) module 1070 includes a processor 1080 with one or more processing cores, a power supply 1090 and other components. Those skilled in the art can understand, Picture 10 The terminal structure shown in does not constitute a limitation on the terminal, and may include more or fewer components than shown in the figure, or combine some components, or arrange different components. among them:

[0198] The RF circuit 1010 can be used for receiving and sending signals in the process of sending and receiving information or talking. In particular, after receiving the downlink information of the base station, it is processed by one or more processors 1080; in addition, the uplink data is sent to the base station. . Generally, the RF circuit 1010 includes but is not limited to an antenna, at least one amplifier, a tuner, one or more oscillators, a subscriber identity module (SIM) card, a transceiver, a coupler, and an LNA (Low Noise Amplifier, low noise amplifier) , Duplexer, etc. In addition, the RF circuit 1010 can also communicate with the network and other devices through wireless communication. The wireless communication can use any communication standard or protocol, including but not limited to GSM (Global System of Mobile communication), GPRS (General Packet Radio Service, General Packet Radio Service), CDMA (Code Division Multiple Access) , Code Division Multiple Access), WCDMA (Wideband Code Division Multiple Access), LTE (Long Term Evolution), email, SMS (Short Messaging Service, short message service), etc.

[0199] The memory 1020 may be used to store software programs and modules. The processor 1080 runs the software programs and modules stored in the memory 1020 to execute various functional applications and data decryption. The memory 1020 may mainly include a program storage area and a data storage area. The program storage area may store an operating system, an application program required by at least one function (such as a sound playback function, an image playback function, etc.), etc.; The data (such as audio data, phone book, etc.) created by the use of the terminal 1000 and so on. In addition, the memory 1020 may include a high-speed random access memory, and may also include a non-volatile memory, such as at least one magnetic disk storage device, a flash memory device, or other volatile solid-state storage devices. Correspondingly, the memory 1020 may further include a memory controller to provide the processor 1080 and the input unit 1030 to access the memory 1020.

[0200] The input unit 1030 can be used to receive inputted digital or character information, and generate keyboard, mouse, joystick, optical or trackball signal input related to user settings and function control. Specifically, the input unit 1030 may include an image input device 1031 and other input devices 1032. The image input device 1031 may be a camera or a photoelectric scanning device. In addition to the image input device 1031, the input unit 1030 may also include other input devices 1032. Specifically, other input devices 1032 may include, but are not limited to, one or more of a physical keyboard, function keys (such as volume control buttons, switch buttons, etc.), trackball, mouse, joystick, etc.

[0201] The display unit 1040 may be used to display information input by the user or information provided to the user and various graphical user interfaces of the terminal 1000. These graphical user interfaces may be composed of graphics, text, icons, videos, and any combination thereof. The display unit 1040 may include a display panel 1041. Optionally, the display panel 1041 may be configured in the form of LCD (Liquid Crystal Display), OLED (Organic Light-Emitting Diode, organic light emitting diode), etc.

[0202] The terminal 1000 may also include at least one sensor 1050, such as a light sensor, a motion sensor, and other sensors. Specifically, the light sensor can include an ambient light sensor and a proximity sensor. The ambient light sensor can adjust the brightness of the display panel 1041 according to the brightness of the ambient light. The proximity sensor can close the display panel 1041 and the display panel 1041 when the terminal 1000 is moved to the ear. / Or backlight. As a kind of motion sensor, the gravity acceleration sensor can detect the magnitude of acceleration in various directions (usually three-axis), and can detect the magnitude and direction of gravity when it is stationary. It can be used to identify mobile phone posture applications (such as horizontal and vertical screen switching, related Games, magnetometer posture calibration), vibration recognition related functions (such as pedometer, percussion), etc.; as for other sensors such as gyroscopes, barometers, hygrometers, thermometers, infrared sensors, etc., which can also be configured in the terminal 1000, here are not Repeat it again.

[0203] The audio circuit 1060, the speaker 1061, and the microphone 1062 can provide an audio interface between the user and the terminal 1000. The audio circuit 1060 can transmit the electrical signal converted from the received audio data to the speaker 1061, and the speaker 1061 converts it into a sound signal for output; on the other hand, the microphone 1062 converts the collected sound signal into an electrical signal, and the audio circuit 1060 After being received, the audio data is converted into audio data, and then processed by the audio data output processor 1080, and then sent to, for example, another terminal via the RF circuit 1010, or the audio data is output to the memory 1020 for further processing. The audio circuit 1060 may also include an earplug jack to provide communication between a peripheral earphone and the terminal 1000.

[0204] WiFi is a short-distance wireless transmission technology. Through the WiFi module 1070, the terminal 1000 can help users send and receive emails, browse web pages, and access streaming media, etc. It provides users with wireless broadband Internet access. although Picture 10 The WiFi module 1070 is shown, but it is understandable that it is not a necessary component of the terminal 1000, and can be omitted as needed without changing the essence of the invention.

[0205] The processor 1080 is the control center of the terminal 1000. It uses various interfaces and lines to connect the various parts of the entire mobile phone. By running or executing software programs and/or modules stored in the memory 1020, and calling data stored in the memory 1020, Perform various functions of the terminal 1000 and process data, thereby monitoring the mobile phone as a whole. Optionally, the processor 1080 may include one or more processing cores; preferably, the processor 1080 may integrate an application processor and a modem processor, where the application processor mainly processes the operating system, user interface, and application programs, etc. , The modem processor mainly deals with wireless communication. It can be understood that the foregoing modem processor may not be integrated into the processor 1080.

[0206] The terminal 1000 further includes a power supply 1090 (such as a battery) for supplying power to various components. Preferably, the power supply may be logically connected to the processor 1080 through a power management system, so that functions such as charging, discharging, and power management are realized through the power management system. The power supply 1090 may also include one or more DC or AC power supplies, a recharging system, a power failure detection circuit, a power converter or inverter, a power status indicator, and any other components.

[0207] Although not shown, the terminal 1000 may also include a Bluetooth module, etc., which will not be repeated here.

[0208] Specifically, in this embodiment, the terminal 1000 further includes a memory and one or more programs, where one or more programs are stored in the memory and configured to be executed by one or more processors. The above one or more programs contain instructions for executing the above methods.

[0209] It should be understood that the "plurality" mentioned herein refers to two or more. "And/or" describes the association relationship of the associated object, indicating that there can be three types of relationships, for example, A and/or B, which can mean: A alone exists, A and B exist at the same time, and B exists alone. The character "/" generally indicates that the associated objects are in an "or" relationship.

[0210] The sequence numbers of the foregoing embodiments of the present invention are only for description, and do not represent the superiority of the embodiments.

[0211] Those of ordinary skill in the art can understand that all or part of the steps in the foregoing embodiments can be implemented by hardware, or by a program instructing related hardware to be completed. The program can be stored in a computer-readable storage medium. The storage medium mentioned can be a read-only memory, a magnetic disk or an optical disk, etc.

[0212] The above descriptions are only preferred embodiments of the present invention and are not intended to limit the present invention. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention shall be included in the protection of the present invention. Within range.