CN106850215B - Data encryption and decryption method and device - Google Patents
Data encryption and decryption method and deviceDownload PDFInfo
- Publication number
- CN106850215B CN106850215BCN201710160280.6ACN201710160280ACN106850215BCN 106850215 BCN106850215 BCN 106850215BCN 201710160280 ACN201710160280 ACN 201710160280ACN 106850215 BCN106850215 BCN 106850215B
- Authority
- CN
- China
- Prior art keywords
- file
- encrypted
- characteristic sequence
- generating
- iris
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0866—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/088—Usage controlling of secret information, e.g. techniques for restricting cryptographic keys to pre-authorized uses, different access levels, validity of crypto-period, different key- or password length, or different strong and weak cryptographic algorithms
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
- Collating Specific Patterns (AREA)
Abstract
Description
Technical Field
The invention relates to the field of data processing, in particular to a data encryption and decryption method and device.
Background
With the development of science and technology, the use of storage media such as computers, mobile phones, radio frequency cards and the like is becoming more and more widespread, wherein a large number of electronic documents of different types and related to high-security information are stored, and once the information is illegally stolen, immeasurable loss is generated, and the common practice at present is to use various document security software to encrypt data. Most of encryption systems in the industry, such as PGP and True Crypt, adopt a mixture of multiple encryption algorithms to improve security, but these encryption systems all have a significant drawback that if a key is forgotten or lost, an encrypted file cannot be decrypted normally and thus is useless data. In the prior art, an iris image is used for encrypting files, although the problem that keys are forgotten or lost is solved by using an encryption key generated by the method, the keys generated by the method are identical, namely the keys generated by encrypting each file are identical, so that the security of the keys generated by the method is poor, and the security of data cannot be really guaranteed.
Disclosure of Invention
In view of the above, embodiments of the present invention provide a method and an apparatus for encrypting and decrypting data to solve the above problem.
In a first aspect, an embodiment of the present invention provides a data encryption method, where the method includes: acquiring an iris image of a user; generating an iris characteristic sequence according to the iris image; acquiring a file to be encrypted; generating a file characteristic sequence according to the file to be encrypted; generating a secret key according to the file characteristic sequence and the iris characteristic sequence; and encrypting the file to be encrypted based on the key.
Further, generating a file feature sequence according to the file to be encrypted includes: acquiring partial data from the file to be encrypted, and generating data as a characteristic sequence; and generating a file feature sequence based on the feature sequence generation data.
Further, after the step of encrypting the file to be encrypted based on the key, the method further comprises: and generating an encrypted data packet according to the file characteristic sequence and the encrypted file to be encrypted.
Further, after the step of encrypting the file to be encrypted based on the key, the method further comprises: encrypting the file characteristic sequence; and generating an encrypted data packet according to the encrypted file characteristic sequence and the encrypted file to be encrypted.
In a second aspect, an embodiment of the present invention provides a data decryption method, where the method includes: acquiring an iris image of a user; generating an iris characteristic sequence according to the iris image; acquiring an encrypted data packet corresponding to a file to be decrypted, wherein the encrypted data packet is generated in the process of encrypting an original file to obtain the file to be decrypted, and the encrypted data comprises a file feature sequence of the original file; acquiring the file characteristic sequence from the encrypted data packet; generating a secret key according to the file characteristic sequence and the iris characteristic sequence; and decrypting the file to be decrypted according to the key.
In a third aspect, an embodiment of the present invention provides a data encryption apparatus, where the apparatus includes: the image acquisition module is used for acquiring an iris image of a user; the first generation module is used for generating an iris characteristic sequence according to the iris image; the file acquisition module is used for acquiring a file to be encrypted; the second generation module is used for generating a file characteristic sequence according to the file to be encrypted; the key generation module is used for generating a key according to the file characteristic sequence and the iris characteristic sequence; and the encryption module is used for encrypting the file to be encrypted based on the secret key.
Further, the second generating module comprises: the partial data acquisition submodule is used for acquiring partial data from the file to be encrypted and generating data as a characteristic sequence; and the sequence generation submodule is used for generating a file characteristic sequence based on the characteristic sequence generation data.
Further, the apparatus further comprises: and the third generation module is used for generating an encrypted data packet according to the file characteristic sequence and the encrypted file to be encrypted.
Further, the apparatus further comprises: the sequence encryption module is used for encrypting the file characteristic sequence; and the data packet generating module is used for generating an encrypted data packet according to the encrypted file characteristic sequence and the encrypted file to be encrypted.
In a fourth aspect, an embodiment of the present invention provides a data decryption apparatus, where the apparatus includes: the first acquisition module is used for acquiring an iris image of a user; the characteristic sequence generation module is used for generating an iris characteristic sequence according to the iris image; the second obtaining module is used for obtaining an encrypted data packet corresponding to a file to be decrypted, wherein the encrypted data packet is generated in the process of encrypting an original file to obtain the file to be decrypted, and the encrypted data comprises a file feature sequence of the original file; a third obtaining module, configured to obtain the file feature sequence from the encrypted data packet; the generating module is used for generating a secret key according to the file characteristic sequence and the iris characteristic sequence; and the decryption module is used for decrypting the file to be decrypted according to the secret key.
The embodiment of the invention has the beneficial effects that:
the embodiment of the invention provides a data encryption and decryption method and a device, which are characterized by firstly obtaining an iris image of a user, generating an iris characteristic sequence according to the iris image, then obtaining a file to be encrypted, generating a file characteristic sequence according to the file to be encrypted, then generating a key according to the file characteristic sequence and the iris characteristic sequence, encrypting the file to be encrypted based on the key, and generating different keys for different files to be decrypted according to the file characteristic sequence and the iris characteristic sequence through the file characteristic sequence and the file characteristic sequence generated by the file to be encrypted, thereby improving the key security and the data security.
Additional features and advantages of the invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by the practice of the embodiments of the invention. The objectives and other advantages of the invention will be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present invention and therefore should not be considered as limiting the scope, and for those skilled in the art, other related drawings can be obtained according to the drawings without inventive efforts.
Fig. 1 shows a block diagram of an electronic device applicable to an embodiment of the present application;
fig. 2 is a flowchart of a data encryption method according to an embodiment of the present invention;
fig. 3 is a flowchart of a data decryption method according to an embodiment of the present invention;
fig. 4 is a block diagram of a data encryption apparatus according to an embodiment of the present invention;
fig. 5 is a block diagram of a data decryption apparatus according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. The components of embodiments of the present invention generally described and illustrated in the figures herein may be arranged and designed in a wide variety of different configurations. Thus, the following detailed description of the embodiments of the present invention, presented in the figures, is not intended to limit the scope of the invention, as claimed, but is merely representative of selected embodiments of the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments of the present invention without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures. Meanwhile, in the description of the present invention, the terms "first", "second", and the like are used only for distinguishing the description, and are not to be construed as indicating or implying relative importance.
Referring to fig. 1, fig. 1 is a block diagram illustrating anelectronic device 100 applicable to an embodiment of the present application. Theelectronic device 100 may include a data encryption device or a data decryption device, a memory 101, a memory controller 102, aprocessor 103, aperipheral interface 104, an input-output unit 105, anaudio unit 106, and adisplay unit 107.
The memory 101, the memory controller 102, theprocessor 103, theperipheral interface 104, the input/output unit 105, theaudio unit 106, and thedisplay unit 107 are electrically connected to each other directly or indirectly to realize data transmission or interaction. For example, the components may be electrically connected to each other via one or more communication buses or signal lines. The data encryption device or the data decryption device includes at least one software function module that may be stored in the memory 101 in the form of software or firmware (firmware) or solidified in an Operating System (OS) of the data encryption device or the data decryption device. Theprocessor 103 is configured to execute an executable module stored in the memory 101, such as a software functional module or a computer program included in the data encryption apparatus or the data decryption apparatus.
The Memory 101 may be, but is not limited to, a Random Access Memory (RAM), a Read Only Memory (ROM), a Programmable Read-Only Memory (PROM), an Erasable Read-Only Memory (EPROM), an electrically Erasable Read-Only Memory (EEPROM), and the like. The memory 101 is configured to store a program, and theprocessor 103 executes the program after receiving an execution instruction, and the method executed by the server defined by the flow process disclosed in any of the foregoing embodiments of the present invention may be applied to theprocessor 103, or implemented by theprocessor 103.
Theprocessor 103 may be an integrated circuit chip having signal processing capabilities. TheProcessor 103 may be a general-purpose Processor, and includes a Central Processing Unit (CPU), a Network Processor (NP), and the like; but may also be a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf programmable gate array (FPGA) or other programmable logic device, discrete gate or transistor logic, discrete hardware components. The various methods, steps and logic blocks disclosed in the embodiments of the present invention may be implemented or performed. A general purpose processor may be a microprocessor or theprocessor 103 may be any conventional processor or the like.
Theperipheral interface 104 couples various input/output devices to theprocessor 103 as well as to the memory 101. In some embodiments, theperipheral interface 104, theprocessor 103, and the memory controller 102 may be implemented in a single chip. In other examples, they may be implemented separately from the individual chips.
The input and output unit 105 is used for providing input data for a user to realize the interaction of the user and the server (or the local terminal). The input/output unit 105 may be, but is not limited to, a mouse, a keyboard, and the like.
Thedisplay unit 107 provides an interactive interface (e.g., a user interface) between theelectronic device 100 and a user or for displaying image data to a user reference. In this embodiment, thedisplay unit 107 may be a liquid crystal display or a touch display. In the case of a touch display, the display can be a capacitive touch screen or a resistive touch screen, which supports single-point and multi-point touch operations. Supporting single-point and multi-point touch operations means that the touch display can sense touch operations simultaneously generated from one or more positions on the touch display, and the sensed touch operations are sent to theprocessor 103 for calculation and processing.
Theperipheral interface 104 couples various input/output devices to theprocessor 103 as well as to the memory 101. In some embodiments, theperipheral interface 104, theprocessor 103, and the memory controller 102 may be implemented in a single chip. In other examples, they may be implemented separately from the individual chips.
The input and output unit 105 is used for providing input data for a user to realize the interaction of the user and the processing terminal. The input/output unit 105 may be, but is not limited to, a mouse, a keyboard, and the like.
Referring to fig. 2, fig. 2 is a flowchart of a data encryption method according to an embodiment of the present invention, where the method specifically includes the following steps:
step S110: an iris image of the user is acquired.
As an implementation mode, the iris camera can be used for acquiring the iris image of the user, and the iris camera adopts an optical anti-shaking iris camera which can accurately acquire the iris image of the user in both eyes or one eye. In addition, a CCD camera or other image acquisition devices can be adopted to acquire the iris image of the user.
Step S120: and generating an iris characteristic sequence according to the iris image.
Because the original iris image generally acquired by a camera or an image acquisition device usually does not only include the iris, and often includes other parts of the eye, such as eyelids, eyelashes, white eyes, etc., before generating the iris feature sequence, after the positions of the irises in the image are determined and the size normalization is performed, the normalization aims to adjust the acquired original iris image to the same size and corresponding position, so as to eliminate the influence of translation, scaling and rotation on iris recognition, perform iris recognition on the obtained normalized iris image, that is, perform iris image preprocessing, to obtain a processed pure iris image, and generate the iris feature sequence from the processed iris image.
As an embodiment, the method for generating an iris feature sequence may detect an iris boundary in a processed iris image, map pixels representing the iris in the iris image to a rectangular image according to the iris boundary, filter the pixels in the rectangular image to generate a filtered output, where the filtering may be performed by using a sum and difference filter, and then binarize the filtered output to generate a feature vector representing the iris image, that is, obtain the iris feature sequence.
In addition, the method for generating the iris feature sequence can also adopt a fuzzy algorithm or a fuzzy extractor for generation, and can also adopt a Haar wavelet three-layer decomposition method, a random extractor extraction method and other methods for generation, and the specific algorithm process is not described herein again.
Alternatively, the iris feature sequence may be generated in other ways, such as multi-channel filtering, two-dimensional wavelet transform, etc.
Step S130: and acquiring a file to be encrypted.
Acquiring file data needing to be encrypted, namely a file to be encrypted.
Step S140: and generating a file characteristic sequence according to the file to be encrypted.
After the file to be encrypted is obtained, the file to be encrypted needs to be generated into a file feature sequence, as an implementation manner, the generation method may be a hash algorithm, and the algorithm process is not described in detail herein. The generated file feature sequence uniquely corresponds to a file to be encrypted, so that keys generated correspondingly to different files are different, the key cannot be stolen easily, the security of the key is improved, and the security of data is ensured.
In addition, as an embodiment, in order to achieve the rapidity and efficiency of generating the file feature sequence, partial data may be acquired from the file to be encrypted to be used as feature sequence generation data, and then the file feature sequence corresponding to the file to be encrypted is generated based on the feature sequence generation data, and the file feature sequence may uniquely identify the file to be encrypted.
Step S150: and generating a secret key according to the file characteristic sequence and the iris characteristic sequence.
Through the acquired file feature sequence and the iris feature sequence, a key can be generated, and the method for generating the key here can also be generated by using a fuzzy algorithm or a fuzzy extractor in step S110.
Step S160: and encrypting the file to be encrypted based on the key.
After the key is generated, the file to be encrypted needs to be encrypted by using the key, and the encryption method can adopt a cryptographic algorithm (SM1, SM2, SM3, SM4, SM7) and the like.
After step S160, in order to perform file feature sequence extraction in the decryption process, the data encryption method may further include:
step S170: and generating an encrypted data packet according to the file characteristic sequence and the encrypted file to be encrypted.
In order to extract the file feature sequence in the decryption process, the file feature sequence and the encrypted file to be encrypted may be generated into an encrypted data packet. In addition, since only the file feature sequence needs to be extracted in advance in the decryption process, only the file feature sequence may be generated into the encrypted data packet, or the file feature sequence may be encrypted to generate the encrypted data packet.
After an iris image of a user is obtained, an iris feature sequence is generated according to the iris image, a file to be encrypted is obtained, a file feature sequence is generated according to the file to be encrypted, a secret key is generated according to the file feature sequence and the iris feature sequence, the file to be encrypted is encrypted based on the secret key, the file to be encrypted is encrypted, and then an encrypted data packet can be generated from the file feature sequence or the encrypted file to be encrypted in order to facilitate extraction of the file feature sequence in a decryption process.
Referring to fig. 3, fig. 3 is a flowchart of a data decryption method according to an embodiment of the present invention, where the method specifically includes the following steps:
step S210: an iris image of the user is acquired.
The method includes the steps of obtaining a file to be decrypted after an original file is encrypted, obtaining an iris image of a user first if the file to be decrypted is to be decrypted, obtaining the iris image in the step can also be obtained through an iris camera, and referring to step S110 for the specific implementation method, so that redundant description is omitted for simplicity of description.
Step S220: and generating an iris characteristic sequence according to the iris image.
The method for generating the iris feature sequence from the iris image in this step is the same as the method for generating the iris feature sequence in step S120, i.e., the iris feature sequence can be generated by a fuzzy algorithm or a fuzzy extractor, or can be generated by a Haar wavelet three-layer decomposition method, a random extractor extraction method and other methods, and please refer to step S120 for a specific implementation method.
Step S230: the method comprises the steps of obtaining an encrypted data packet corresponding to a file to be decrypted, wherein the encrypted data packet is generated in the process of encrypting an original file to obtain the file to be decrypted, and the encrypted data comprises a file feature sequence of the original file.
The encrypted data packet is actually the encrypted data packet generated in step S170, that is, the encrypted data packet is generated for the file feature sequence of the original file, or the encrypted data packet is generated for the encrypted original file, that is, the file to be decrypted and the file feature sequence.
Step S240: and acquiring the file characteristic sequence from the encrypted data packet.
After the encrypted data packet is obtained, the file feature sequence of the original file can be extracted from the encrypted data packet, and if the file feature sequence is the encrypted file feature sequence, the file feature sequence of the original file can be obtained only after the encrypted file feature sequence is decrypted.
Step S250: and generating a secret key according to the file characteristic sequence and the iris characteristic sequence.
And generating a key through the acquired file feature sequence and the iris feature sequence, wherein the key generation method can also adopt a fuzzy algorithm or a fuzzy extractor for generation.
Step S260: and decrypting the file to be decrypted according to the key.
And after the key is obtained, decrypting the file to be decrypted according to the key, wherein if the key generated in the step S250 is not consistent with the key generated in the encryption process, the file to be decrypted cannot be decrypted, and if the key generated in the step S250 is consistent with the key generated in the encryption process, the file to be decrypted can be decrypted into an original file. The decryption algorithm here may employ cryptographic algorithms (SM1, SM2, SM3, SM4, SM7) and the like.
After an iris image of a user is obtained, an iris characteristic sequence is generated according to the iris image, an encrypted data packet corresponding to a file to be decrypted is obtained, the encrypted data packet is generated in the process of encrypting an original file to obtain the file to be decrypted, the encrypted data comprises a file characteristic sequence of the original file, the file characteristic sequence is obtained from the encrypted data packet, a secret key is generated according to the file characteristic sequence and the iris characteristic sequence, the file to be decrypted is decrypted according to the secret key, the data decryption method is that the file characteristic sequence generated by the original file is obtained, the secret key is generated according to the file characteristic sequence and the iris characteristic sequence of the user, whether the secret key is consistent with the secret key generated in the data encryption method is compared, if so, the file to be decrypted can be decrypted, if the two are not consistent, decryption cannot be performed, and therefore key security and data security are improved.
Referring to fig. 4, fig. 4 is a block diagram of a data encryption apparatus 200 according to an embodiment of the present invention, the apparatus is configured to perform the data encryption method, and the apparatus includes:
animage obtaining module 210, configured to obtain an iris image of the user.
Afirst generating module 220, configured to generate an iris feature sequence according to the iris image.
Thefile obtaining module 230 is configured to obtain a file to be encrypted.
And asecond generating module 240, configured to generate a file feature sequence according to the file to be encrypted.
And akey generating module 250, configured to generate a key according to the file feature sequence and the iris feature sequence.
And theencryption module 260 is configured to encrypt the file to be encrypted based on the key.
Wherein thesecond generating module 240 comprises:
and the partial data acquisition submodule is used for acquiring partial data from the file to be encrypted as the characteristic sequence generation data.
And the sequence generation submodule is used for generating a file characteristic sequence based on the characteristic sequence generation data.
As an embodiment, the apparatus may further include:
and the third generation module is used for generating an encrypted data packet according to the file characteristic sequence and the encrypted file to be encrypted.
Alternatively, the apparatus may further include:
and the sequence encryption module is used for encrypting the file characteristic sequence.
And the data packet generating module is used for generating an encrypted data packet according to the encrypted file characteristic sequence and the encrypted file to be encrypted.
Referring to fig. 5, fig. 5 is a block diagram of adata decryption apparatus 300 according to an embodiment of the present invention, the apparatus is configured to execute the data decryption method described above, and the apparatus specifically includes:
the first obtainingmodule 310 is configured to obtain an iris image of a user.
A featuresequence generating module 320, configured to generate an iris feature sequence according to the iris image.
The second obtainingmodule 330 is configured to obtain an encrypted data packet corresponding to a file to be decrypted, where the encrypted data packet is generated in a process of encrypting an original file to obtain the file to be decrypted, and the encrypted data includes a file feature sequence of the original file.
A third obtainingmodule 340, configured to obtain the file feature sequence from the encrypted data packet.
Agenerating module 350, configured to generate a key according to the file feature sequence and the iris feature sequence.
And thedecryption module 360 is configured to decrypt the file to be decrypted according to the key.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working process of the apparatus described above may refer to the corresponding process in the foregoing method, and will not be described in too much detail herein.
In summary, embodiments of the present invention provide a method and an apparatus for encrypting and decrypting data, where an iris image of a user is first obtained, an iris feature sequence is generated according to the iris image, a file to be encrypted is then obtained, a file feature sequence is generated according to the file to be encrypted, a key is then generated according to the file feature sequence and the iris feature sequence, the file to be encrypted is encrypted based on the key, and different keys are generated for different files to be encrypted according to the file feature sequence and the iris feature sequence by using the file feature sequence and the iris feature sequence generated by the file to be encrypted, so that key security and data security are improved.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method can be implemented in other ways. The apparatus embodiments described above are merely illustrative, and for example, the flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In addition, the functional modules in the embodiments of the present invention may be integrated together to form an independent part, or each module may exist separately, or two or more modules may be integrated to form an independent part.
The functions, if implemented in the form of software functional modules and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes. It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention. It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures.
The above description is only for the specific embodiments of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present invention, and all the changes or substitutions should be covered within the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
Claims (10)
1. A method for data encryption, the method comprising:
acquiring an iris image of a user;
generating an iris characteristic sequence according to the iris image;
acquiring a file to be encrypted;
generating a file characteristic sequence according to the file to be encrypted, wherein the file characteristic sequence is uniquely corresponding to the file to be encrypted;
generating a secret key according to the file characteristic sequence and the iris characteristic sequence;
and encrypting the file to be encrypted based on the key.
2. The method according to claim 1, wherein generating a file feature sequence from the file to be encrypted comprises:
acquiring partial data from the file to be encrypted, and generating data as a characteristic sequence;
and generating a file feature sequence based on the feature sequence generation data.
3. The method according to claim 1, wherein after the step of encrypting the file to be encrypted based on the key, the method further comprises:
and generating an encrypted data packet according to the file characteristic sequence and the encrypted file to be encrypted.
4. The method according to claim 1, wherein after the step of encrypting the file to be encrypted based on the key, the method further comprises:
encrypting the file characteristic sequence;
and generating an encrypted data packet according to the encrypted file characteristic sequence and the encrypted file to be encrypted.
5. A method for data decryption, the method comprising:
acquiring an iris image of a user;
generating an iris characteristic sequence according to the iris image;
acquiring an encrypted data packet corresponding to a file to be decrypted, wherein the encrypted data packet is generated in the process of encrypting an original file to obtain the file to be decrypted, and the encrypted data comprises a file feature sequence of the original file, and the file feature sequence is uniquely corresponding to the original file;
acquiring the file characteristic sequence from the encrypted data packet;
generating a secret key according to the file characteristic sequence and the iris characteristic sequence;
and decrypting the file to be decrypted according to the key.
6. An apparatus for encrypting data, the apparatus comprising:
the image acquisition module is used for acquiring an iris image of a user;
the first generation module is used for generating an iris characteristic sequence according to the iris image;
the file acquisition module is used for acquiring a file to be encrypted;
the second generation module is used for generating a file characteristic sequence according to the file to be encrypted, and the file characteristic sequence is uniquely corresponding to the file to be encrypted;
the key generation module is used for generating a key according to the file characteristic sequence and the iris characteristic sequence;
and the encryption module is used for encrypting the file to be encrypted based on the secret key.
7. The apparatus of claim 6, wherein the second generating module comprises:
the partial data acquisition submodule is used for acquiring partial data from the file to be encrypted and generating data as a characteristic sequence;
and the sequence generation submodule is used for generating a file characteristic sequence based on the characteristic sequence generation data.
8. The apparatus of claim 6, further comprising:
and the third generation module is used for generating an encrypted data packet according to the file characteristic sequence and the encrypted file to be encrypted.
9. The apparatus of claim 6, further comprising:
the sequence encryption module is used for encrypting the file characteristic sequence;
and the data packet generating module is used for generating an encrypted data packet according to the encrypted file characteristic sequence and the encrypted file to be encrypted.
10. An apparatus for decrypting data, the apparatus comprising:
the first acquisition module is used for acquiring an iris image of a user;
the characteristic sequence generation module is used for generating an iris characteristic sequence according to the iris image;
the second acquisition module is used for acquiring an encrypted data packet corresponding to a file to be decrypted, wherein the encrypted data packet is generated in the process of encrypting an original file to obtain the file to be decrypted, the encrypted data comprises a file feature sequence of the original file, and the file feature sequence is uniquely corresponding to the original file;
a third obtaining module, configured to obtain the file feature sequence from the encrypted data packet;
the generating module is used for generating a secret key according to the file characteristic sequence and the iris characteristic sequence;
and the decryption module is used for decrypting the file to be decrypted according to the secret key.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710160280.6ACN106850215B (en) | 2017-03-17 | 2017-03-17 | Data encryption and decryption method and device |
| PCT/CN2018/079049WO2018166483A1 (en) | 2017-03-17 | 2018-03-14 | Data encryption and decryption method and apparatus |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710160280.6ACN106850215B (en) | 2017-03-17 | 2017-03-17 | Data encryption and decryption method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106850215A CN106850215A (en) | 2017-06-13 |
| CN106850215Btrue CN106850215B (en) | 2020-04-10 |
Family
ID=59145201
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710160280.6AActiveCN106850215B (en) | 2017-03-17 | 2017-03-17 | Data encryption and decryption method and device |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN106850215B (en) |
| WO (1) | WO2018166483A1 (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106850215B (en)* | 2017-03-17 | 2020-04-10 | 武汉虹识技术有限公司 | Data encryption and decryption method and device |
| CN111538969A (en)* | 2020-03-30 | 2020-08-14 | 北京万里红科技股份有限公司 | Document encryption method, document decryption device, electronic equipment and medium |
| CN115601217B (en)* | 2022-12-09 | 2023-02-28 | 成都工业职业技术学院 | Monitoring video encryption method |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104572891A (en)* | 2014-12-24 | 2015-04-29 | 北京大学深圳研究生院 | File updating method for separately storing network information |
| CN105447405A (en)* | 2015-11-09 | 2016-03-30 | 南京以太安全技术有限公司 | Document encryption/decryption method and apparatus based on iris recognition and authentication |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101247520B (en)* | 2008-02-27 | 2011-05-18 | 北京航空航天大学 | Video data enciphering/deciphering method |
| TWI519994B (en)* | 2014-04-29 | 2016-02-01 | 華晶科技股份有限公司 | Image encryption and decryption method combining physiological characteristics and image capturing device thereof |
| CN106850215B (en)* | 2017-03-17 | 2020-04-10 | 武汉虹识技术有限公司 | Data encryption and decryption method and device |
- 2017
- 2017-03-17CNCN201710160280.6Apatent/CN106850215B/enactiveActive
- 2018
- 2018-03-14WOPCT/CN2018/079049patent/WO2018166483A1/ennot_activeCeased
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104572891A (en)* | 2014-12-24 | 2015-04-29 | 北京大学深圳研究生院 | File updating method for separately storing network information |
| CN105447405A (en)* | 2015-11-09 | 2016-03-30 | 南京以太安全技术有限公司 | Document encryption/decryption method and apparatus based on iris recognition and authentication |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2018166483A1 (en) | 2018-09-20 |
| CN106850215A (en) | 2017-06-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110324143B (en) | Data transmission method, electronic device and storage medium | |
| CN110011954B (en) | Homomorphic encryption-based biological identification method, device, terminal and business server | |
| CN107241364B (en) | File downloading method and device | |
| CN107248972B (en) | Data encryption and decryption method and device and electronic equipment | |
| EA037018B1 (en) | Method for digitally signing an electronic file | |
| CN105005731A (en) | A data encryption and decryption method and mobile terminal | |
| CN110390191A (en) | Method and system for secure biometric authentication | |
| CN105429761A (en) | A method and device for generating a key | |
| CN104573551A (en) | File processing method and mobile terminal | |
| WO2016192165A1 (en) | Data encryption method and apparatus | |
| CN106850215B (en) | Data encryption and decryption method and device | |
| CN106487517A (en) | data encryption and decryption method and device | |
| US20150286843A1 (en) | Method and system for modular digital watermarking of electronic files | |
| CN105426721A (en) | Picture encryption method and device | |
| US10003462B2 (en) | Key generating method and apparatus | |
| CN104915583A (en) | Interface decryption processing method and mobile terminal | |
| CN112163542A (en) | A Palmprint Confidentiality Authentication Method Based on ElGamal Encryption | |
| CN105426727A (en) | Fingerprint decryption method and mobile terminal | |
| CN108052828A (en) | Generation method, device, terminal and the storage medium of record screen file | |
| CN111177748A (en) | Fingerprint storage encryption method, device and system | |
| CN107092834A (en) | A kind of finger print data management method and terminal | |
| US20150110361A1 (en) | System and method for collection and validation of nutritional data | |
| CN105574429A (en) | Method, device and terminal for file data encryption and decryption processing | |
| CN114186246A (en) | Database storage encryption method, decryption method, system and equipment | |
| CN113839773A (en) | LUKS key offline extraction method, terminal equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |