Disclosure of Invention
In view of the foregoing, in order to solve some or all of the foregoing technical problems, embodiments of the present application provide a data processing method, apparatus, electronic device, and storage medium.
In a first aspect, an embodiment of the present application provides a data processing method, where the method includes:
acquiring data to be encrypted and determining an initial key;
Dividing the data to be encrypted to obtain a first data fragment sequence;
Encrypting a first segment in the first data segment sequence by adopting the initial key to obtain first encrypted data, wherein the first segment is the first data segment in the first data segment sequence;
Performing exclusive OR operation on the data segment and the first segment in the first data segment subsequence to obtain second encrypted data corresponding to the data segment; wherein the first data segment subsequence is: a sequence of data segments of the first sequence of data segments other than the first segment;
Generating target encrypted data of the data to be encrypted based on the first encrypted data and the second encrypted data.
In one possible implementation manner, the dividing the data to be encrypted includes:
determining the byte length of the data to be encrypted to obtain a first length;
Determining whether the first length is an integer multiple of a preset length;
The data to be encrypted is divided into data fragments with the preset length on average under the condition that the first length is integral multiple of the preset length;
and under the condition that the first length is not the integral multiple of the preset length, filling the data to be encrypted, so that the filled data to be encrypted is the integral multiple of the preset length, and dividing the filled data to be encrypted into data fragments with the preset length on average.
In one possible implementation manner, in a case that the first length is not an integer multiple of the preset length, the step of supplementing the data to be encrypted includes:
Determining the character length of the complement data of the data to be encrypted to obtain a second length;
Determining the character length of target data to obtain a third length, wherein the target data corresponds to the second length;
determining a random number with a length being a target length, wherein the target length is a difference value between the second length and the third length;
splicing the random number and the target data to obtain supplementary data;
and filling the filling data to the preset position of the data to be encrypted.
In one possible implementation, after the determining the initial key, the method further includes:
Encrypting the initial key by adopting a public key to obtain authorization data; and
After the generating the target encrypted data of the data to be encrypted based on the first encrypted data and the second encrypted data, the method further includes:
And decrypting the target encrypted data based on the authorization data to obtain the data to be encrypted.
In one possible implementation manner, the decrypting the target encrypted data based on the authorization data to obtain the data to be encrypted includes:
Determining a private key of the public key;
decrypting the authorization data by adopting the private key to obtain the initial key;
And decrypting the target encrypted data based on the initial key to obtain the data to be encrypted.
In one possible embodiment, after the generating the target encrypted data of the data to be encrypted based on the first encrypted data and the second encrypted data, the method further includes:
dividing the target encrypted data to obtain a second data fragment sequence;
decrypting a second segment by adopting the initial key to obtain first decrypted data, wherein the second segment is the first data segment in the second data segment sequence;
Performing exclusive OR operation on the data segment and the first decryption data in the second data segment subsequence to obtain second decryption data corresponding to the data segment; wherein the second data fragment subsequence is: a sequence of data fragments other than the second fragment in the second sequence of data fragments;
and generating the data to be encrypted based on the first decryption data and the second decryption data.
In one possible implementation manner, the generating the data to be encrypted based on the first decrypted data and the second decrypted data includes:
Splicing the first decrypted data and the obtained second decrypted data to obtain intermediate data;
Determining whether the intermediate data comprises patch data;
and deleting the filling data in the intermediate data under the condition that the filling data are included in the intermediate data, so as to obtain the data to be encrypted.
In a second aspect, an embodiment of the present application provides a data processing apparatus, the apparatus including:
the acquisition unit is used for acquiring the data to be encrypted and determining an initial key;
the first dividing unit is used for dividing the data to be encrypted to obtain a first data fragment sequence;
The first encryption unit is used for encrypting a first segment in the first data segment sequence by adopting the initial key to obtain first encrypted data, wherein the first segment is the first data segment in the first data segment sequence;
The first operation unit is used for carrying out exclusive or operation on the data segment and the first segment in the first data segment subsequence to obtain second encrypted data corresponding to the data segment; wherein the first data segment subsequence is: a sequence of data segments of the first sequence of data segments other than the first segment;
a first generation unit configured to generate target encrypted data of the data to be encrypted based on the first encrypted data and the second encrypted data.
In one possible implementation manner, the dividing the data to be encrypted includes:
determining the byte length of the data to be encrypted to obtain a first length;
Determining whether the first length is an integer multiple of a preset length;
The data to be encrypted is divided into data fragments with the preset length on average under the condition that the first length is integral multiple of the preset length;
and under the condition that the first length is not the integral multiple of the preset length, filling the data to be encrypted, so that the filled data to be encrypted is the integral multiple of the preset length, and dividing the filled data to be encrypted into data fragments with the preset length on average.
In one possible implementation manner, in a case that the first length is not an integer multiple of the preset length, the step of supplementing the data to be encrypted includes:
Determining the character length of the complement data of the data to be encrypted to obtain a second length;
Determining the character length of target data to obtain a third length, wherein the target data corresponds to the second length;
determining a random number with a length being a target length, wherein the target length is a difference value between the second length and the third length;
splicing the random number and the target data to obtain supplementary data;
and filling the filling data to the preset position of the data to be encrypted.
In one possible implementation, after the determining the initial key, the apparatus further includes:
the second encryption unit is used for encrypting the initial key by adopting a public key to obtain authorization data; and
After the generating the target encrypted data of the data to be encrypted based on the first encrypted data and the second encrypted data, the apparatus further includes:
and the first decryption unit is used for decrypting the target encrypted data based on the authorization data to obtain the data to be encrypted.
In one possible implementation manner, the decrypting the target encrypted data based on the authorization data to obtain the data to be encrypted includes:
Determining a private key of the public key;
decrypting the authorization data by adopting the private key to obtain the initial key;
And decrypting the target encrypted data based on the initial key to obtain the data to be encrypted.
In one possible embodiment, after the generating the target encrypted data of the data to be encrypted based on the first encrypted data and the second encrypted data, the apparatus further includes:
The second dividing unit is used for dividing the target encrypted data to obtain a second data fragment sequence;
the second decryption unit is used for decrypting a second segment by adopting the initial key to obtain first decrypted data, wherein the second segment is the first data segment in the second data segment sequence;
The second operation unit is used for carrying out exclusive or operation on the data segment and the first decryption data aiming at the data segment in the second data segment subsequence to obtain second decryption data corresponding to the data segment; wherein the second data fragment subsequence is: a sequence of data fragments other than the second fragment in the second sequence of data fragments;
And the second generation unit is used for generating the data to be encrypted based on the first decryption data and the second decryption data.
In one possible implementation manner, the generating the data to be encrypted based on the first decrypted data and the second decrypted data includes:
Splicing the first decrypted data and the obtained second decrypted data to obtain intermediate data;
Determining whether the intermediate data comprises patch data;
and deleting the filling data in the intermediate data under the condition that the filling data are included in the intermediate data, so as to obtain the data to be encrypted.
In a third aspect, an embodiment of the present application provides an electronic device, including:
a memory for storing a computer program;
A processor for executing a computer program stored in the memory, and when the computer program is executed, implementing the method according to any one of the embodiments of the data processing method according to the first aspect of the present application.
In a fourth aspect, embodiments of the present application provide a computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements a method as in any of the embodiments of the data processing method of the first aspect described above.
In a fifth aspect, embodiments of the present application provide a computer program comprising computer readable code which, when run on a device, causes a processor in the device to implement a method as in any of the embodiments of the data processing method of the first aspect described above.
The data processing method provided by the embodiment of the application can acquire data to be encrypted, determine an initial key, divide the data to be encrypted to obtain a first data segment sequence, encrypt a first segment in the first data segment sequence by adopting the initial key to obtain first encrypted data, wherein the first segment is a first data segment in the first data segment sequence, and then exclusive-or operate the data segment and the first segment with respect to the data segment in the first data segment subsequence to obtain second encrypted data corresponding to the data segment; wherein the first data segment subsequence is: and finally, generating target encrypted data of the data to be encrypted based on the first encrypted data and the second encrypted data. Therefore, the data segment and the first segment in the first data segment sub-sequence can be processed through the exclusive or operation, and further the target encrypted data of the data to be encrypted is obtained, so that the complexity of encryption calculation can be reduced.
Detailed Description
Various exemplary embodiments of the application will now be described in detail with reference to the accompanying drawings, it being apparent that the described embodiments are some, but not all embodiments of the application. It should be noted that: the relative arrangement of the parts and steps, numerical expressions and numerical values set forth in these embodiments do not limit the scope of the present application unless it is specifically stated otherwise.
It will be appreciated by those skilled in the art that terms such as "first," "second," and the like in the embodiments of the present application are used merely to distinguish between different steps, devices or modules and the like, and do not represent any particular technical meaning or logical sequence therebetween.
It should also be understood that in this embodiment, "plurality" may refer to two or more, and "at least one" may refer to one, two or more.
It should also be appreciated that any component, data, or structure referred to in an embodiment of the application may be generally understood as one or more without explicit limitation or the contrary in the context.
In addition, the term "and/or" in the present application is merely an association relationship describing the association object, and indicates that three relationships may exist, for example, a and/or B may indicate: a exists alone, A and B exist together, and B exists alone. In the present application, the character "/" generally indicates that the front and rear related objects are an or relationship.
It should also be understood that the description of the embodiments of the present application emphasizes the differences between the embodiments, and that the same or similar features may be referred to each other, and for brevity, will not be described in detail.
The following description of at least one exemplary embodiment is merely exemplary in nature and is in no way intended to limit the application, its application, or uses.
Techniques, methods, and apparatus known to one of ordinary skill in the relevant art may not be discussed in detail, but are intended to be part of the specification where appropriate.
It should be noted that: like reference numerals and letters denote like items in the following figures, and thus once an item is defined in one figure, no further discussion thereof is necessary in subsequent figures.
It should be noted that, without conflict, the embodiments of the present application and features of the embodiments may be combined with each other. For an understanding of embodiments of the present application, the present application will be described in detail below with reference to the drawings in conjunction with the embodiments. It will be apparent that the described embodiments are some, but not all, embodiments of the application. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
In order to solve the technical problem of large calculation amount of encryption operation in the prior art, the application provides a data processing method which can reduce the complexity of encryption calculation.
Fig. 1 is a flow chart of a data processing method according to an embodiment of the present application. The method can be applied to one or more electronic devices such as smart phones, notebook computers, desktop computers, portable computers, servers and the like. The main execution body of the method may be hardware or software. When the execution body is hardware, the execution body may be one or more of the electronic devices. For example, a single electronic device may perform the method, or multiple electronic devices may cooperate with one another to perform the method. When the execution subject is software, the method may be implemented as a plurality of software or software modules, or may be implemented as a single software or software module. The present application is not particularly limited herein.
As shown in fig. 1, the method specifically includes:
step 101, obtaining data to be encrypted, and determining an initial key.
In this embodiment, the data to be encrypted may be any data to be encrypted. As an example, the data to be encrypted may include at least one of: three-dimensional model data, user information, business secret data, and the like.
The initial key may be any key. As an example, the key may be generated by a random number generator, either manually by the user, or by employing one or more key generation algorithms, such as AES (Advanced Encryption Standard ), and taken as the initial key.
In addition, the length of the initial key may be determined according to actual requirements. For example, the initial key may be 128 bits, 256 bits, etc. in length.
And 102, dividing the data to be encrypted to obtain a first data fragment sequence.
In this embodiment, the data to be encrypted may be divided according to a fixed length, or a certain multiple of the fixed length, so as to obtain a first data segment sequence.
Wherein, each data segment in the first data segment sequence may be each part of the data to be encrypted obtained by dividing.
For example, the data to be encrypted may be divided into n segments of length L (e.g. L is a multiple of 1024 (i.e. the fixed length described above)) bytes, thereby obtaining the first sequence of data segments X1, X2, …, xn. Where n represents the number of data fragments in the first sequence of data fragments. For example, n may be a quotient of the length of the data to be encrypted and L described above.
And 103, encrypting a first segment in the first data segment sequence by adopting the initial key to obtain first encrypted data, wherein the first segment is the first data segment in the first data segment sequence.
In this embodiment, one or more symmetric encryption algorithms of DES algorithm, 3DES algorithm, TDEA (TRIPLE DATA Encryption Algorithm ) algorithm, blowfish algorithm, RC5 (a variable encryption algorithm) algorithm, IDEA (International Data Encryption Algorithm ) algorithm may be adopted, and the first segment in the first data segment sequence is encrypted by using the initial key to obtain first encrypted data.
The first encrypted data may be an encrypted result obtained by encrypting a first segment in the first data segment sequence using the initial key.
Step 104, performing exclusive or operation on the data segment and the first segment in the first data segment sub-sequence to obtain second encrypted data corresponding to the data segment; wherein the first data segment subsequence is: a sequence of data segments of the first sequence of data segments other than the first segment.
In this embodiment, the second encrypted data corresponding to the data segment may be a result obtained by performing an exclusive-or operation on the data segment and the first segment.
As an example, if the first data segment sub-sequence includes "X2, …, xn", the first segment is X1, X2, …, xn may be xored (exclusive or) with X1, respectively, generating f (X2), f (X3), …, f (Xn). Where f (Xn) is the result of an exclusive-or operation of Xn with X1, and n is a positive integer greater than 1.
Thus, n pieces of second encrypted data can be obtained.
And step 105, generating target encrypted data of the data to be encrypted based on the first encrypted data and the second encrypted data.
In this embodiment, the first encrypted data and the second encrypted data may be spliced in a preset order, so as to obtain target encrypted data of the data to be encrypted. Or the preset characters or randomly generated characters can be spliced with the first encrypted data and the second encrypted data according to a preset sequence, so that target encrypted data of the data to be encrypted is obtained.
The above reference numerals do not limit the execution sequence of the above steps.
For example, the above-described "determining the initial key" may be performed before "acquiring the data to be encrypted", may be performed after "acquiring the data to be encrypted", or may be performed simultaneously with "acquiring the data to be encrypted".
For another example, the initial key determination may be performed before the step 102, after the step 102, or simultaneously with the step 102.
The data processing method provided by the embodiment of the application can acquire data to be encrypted, determine an initial key, divide the data to be encrypted to obtain a first data segment sequence, encrypt a first segment in the first data segment sequence by adopting the initial key to obtain first encrypted data, wherein the first segment is a first data segment in the first data segment sequence, and then exclusive-or operate the data segment and the first segment with respect to the data segment in the first data segment subsequence to obtain second encrypted data corresponding to the data segment; wherein the first data segment subsequence is: and finally, generating target encrypted data of the data to be encrypted based on the first encrypted data and the second encrypted data. Therefore, the data segment and the first segment in the first data segment sub-sequence can be processed through the exclusive or operation, and further the target encrypted data of the data to be encrypted is obtained, so that the complexity of encryption calculation can be reduced.
In some optional implementations of this embodiment, after determining the initial key, the initial key may also be encrypted with a public key to obtain the authorization data.
The authorization data may be a result obtained by encrypting the initial key with a public key.
In addition, one or more asymmetric encryption algorithms of RSA (Rivest-Shamir-Adleman), elGamal, knapsack algorithm, rabin (special case of RSA method) can be adopted, and the public key is used for encrypting the initial key, so that authorization data is obtained.
On this basis, after the step 105 is performed, the target encrypted data may be decrypted based on the authorization data, to obtain the data to be encrypted.
The data to be encrypted may be a result obtained by decrypting the target encrypted data based on the authorization data.
Here, since there may be various ways of obtaining the target encrypted data, accordingly, various ways may be adopted to decrypt the target encrypted data based on the authorization data, to obtain the data to be encrypted. The manner of obtaining the target encrypted data by encryption may correspond to the manner of obtaining the data to be encrypted by decryption.
It can be appreciated that in the above alternative implementation manner, the public key may be used to encrypt the initial key to obtain the authorization data, and further, in the decryption process, based on the authorization data, the target encrypted data is decrypted to obtain the data to be encrypted, so that the security of the data in the encryption and decryption process may be further improved.
In some application scenarios in the above alternative implementations, the method may further include decrypting the target encrypted data based on the authorization data to obtain the data to be encrypted:
First, a private key of the public key is determined.
The private key and the public key may be corresponding private keys and public keys in the same encryption and decryption algorithm.
And then, decrypting the authorization data by adopting the private key to obtain the initial key.
Here, a decryption algorithm corresponding to an encryption algorithm for obtaining the authorization data may be employed, and the authorization data may be decrypted using the private key, thereby obtaining the initial key.
And then, decrypting the target encrypted data based on the initial key to obtain the data to be encrypted.
Here, a decryption algorithm corresponding to an encryption algorithm for obtaining the target encrypted data may be employed, and the target encrypted data may be decrypted using the initial key, thereby obtaining the data to be encrypted.
It can be understood that under the application scenario, the symmetric encryption algorithm and the asymmetric encryption algorithm can be combined, the data of a part (a smaller part for the data occupying more storage space) in the data to be encrypted is encrypted and decrypted, and the data of the other part (a larger part for the data occupying more storage space) is encrypted by adopting the exclusive-or operation, so that the calculation amount of the encryption and decryption process can be reduced, the data access efficiency can be further improved, the data security can be improved, and the segmented query is supported.
In this embodiment, the above step 102 may be performed in various manners. For example, the above step 102 may be performed in the manner shown in fig. 2. Fig. 2 is a flow chart of another data processing method according to an embodiment of the present application. As shown in fig. 2, the method specifically includes:
Step 201, determining the byte length of the data to be encrypted, and obtaining a first length.
In this embodiment, the first length may be a byte length of data to be encrypted.
Step 202, determining whether the first length is an integer multiple of a preset length.
In this embodiment, the preset length may be a preset length. For example, the preset length may be a multiple of 1024. For example 1024.
Step 203, dividing the data to be encrypted into data segments of the preset length on average, where the first length is an integer multiple of the preset length.
Step 204, when the first length is not an integer multiple of the preset length, the data to be encrypted is padded, so that the padded data to be encrypted is an integer multiple of the preset length, and the padded data to be encrypted is divided into data segments of the preset length on average.
In the present embodiment, if the first length is 2040 bits, the preset length is 1024 bits, for example. Then it may be determined that the first length is not an integer multiple of the preset length, i.e. the first length is not divisible by the preset length. Thus, the data to be encrypted may be padded, so as to obtain padded data to be encrypted with a length of 2048 (other integer multiples of 1024 are also possible, for example 4096). Further, if the length of the data to be encrypted after the padding is 2048, the data to be encrypted may be divided into 2 pieces of data having a length of 1024 on average.
In addition, the above data used to patch to the data to be encrypted (i.e., patch data) may be determined in a variety of ways. For example, data of a desired length may be truncated from preset data as the complement data.
In some optional implementations of this embodiment, when the first length is not an integer multiple of the preset length, the data to be encrypted may be further padded in the following manner:
Firstly, determining the character length of the patch data of the data to be encrypted to obtain a second length.
The second length may be a character length of the patch data of the data to be encrypted. For example, if the character length of the data to be encrypted is 2040 bits, the character length of the data to be encrypted needs to be padded to 2048 bits, and then the second length may be a difference between 2048 and 2040.
And then determining the character length of the target data to obtain a third length. Wherein the target data corresponds to the second length.
For example, the target data and the second length may have the following correspondence: the target data may represent a second length, or the target data may be represented as: the difference between the second length and the predetermined length, wherein the storage location of the predetermined length may be used to store the second length or the difference between the second length and the predetermined length.
The third length may be a character length of the determination target data.
Then, a random number having a length of the target length is determined. Wherein the target length is the difference between the second length and the third length.
And then, splicing the random number and the target data to obtain the filling data.
And finally, the filling data are filled to the preset position of the data to be encrypted.
Specifically, in the case where the target data is represented as a difference of the second length from the predetermined length, if the predetermined length is 2 bits for storing data representing the second length "8", the patch data may be formed by splicing two parts. Wherein the first portion has a length of 8-2=6 bits, the 6 bits of data may be randomly generated, and the second portion has a length of 2 bits, the 2 bits of data may represent a second length of "8", or a difference between the second length and a predetermined length, i.e., 6.
It can be appreciated that in the above alternative implementation manner, the data to be encrypted may be complemented in the above manner, so that in the decryption process, it can be more quickly identified which data belong to the complemented data and which data belong to the data to be encrypted, thereby ensuring that the data to be encrypted can be correctly restored after encryption and decryption.
It should be noted that, in addition to the above descriptions, the present embodiment may further include the corresponding technical features described in the embodiment corresponding to fig. 1, so as to further achieve the technical effects of the data processing method shown in fig. 1, and the detailed description with reference to fig. 1 is omitted herein for brevity.
According to the data processing method provided by the embodiment of the application, the byte length of the data to be encrypted is used for obtaining the multiple relation between the first length and the preset length, so that the data to be encrypted after being complemented is an integer multiple of the preset length, and the execution of exclusive-or operation is ensured.
Fig. 3 is a flowchart of another data processing method according to an embodiment of the present application. In this embodiment, the method may continue with the following steps 301-304 after step 105 described above.
Specifically, as shown in fig. 3, the method specifically includes:
and step 301, dividing the target encrypted data to obtain a second data fragment sequence.
In this embodiment, each data segment in the second data segment sequence may be each portion of the target encrypted data obtained by dividing.
For example, the target encrypted data may be divided into n segments of length L (e.g., L is a multiple of 1024 (i.e., the fixed length described above)) bytes to obtain the second sequence of data segments Y1, Y2, …, yn. Where n represents the number of data fragments in the second sequence of data fragments. For example, n may be a quotient of the length of the target encrypted data and L as described above.
Here, the division method of step 301 may correspond to the division method of step 102. Specifically, if the specific way of dividing the data to be encrypted is: dividing the data to be encrypted into 1024-bit data fragments; then, the specific way to divide the target encrypted data is: the target encrypted data is divided into data fragments of 1024 bits in length. If the specific way of dividing the data to be encrypted is: dividing the data to be encrypted into data fragments with the lengths of 1024, 2048, 4096 … bits; then, the specific way to divide the target encrypted data is: the target encrypted data is divided into data fragments of 1024, 2048, 4096 … bits in length.
And step 302, decrypting a second segment by adopting the initial key to obtain first decrypted data, wherein the second segment is the first data segment in the second data segment sequence.
In this embodiment, the first decryption data may be a result obtained by decrypting the second segment using the initial key.
Here, a decryption algorithm for decrypting the second segment using the initial key may correspond to the encryption algorithm for decrypting the second segment described above. Thus, the obtained first decrypted data may be the first fragment described above.
Step 303, performing exclusive-or operation on the data segment and the first decrypted data with respect to the data segment in the second data segment sub-sequence, to obtain second decrypted data corresponding to the data segment; wherein the second data fragment subsequence is: and a sequence consisting of data fragments other than the second fragment in the second sequence of data fragments.
In this embodiment, the second encrypted data corresponding to the data segment may be a result obtained by performing an exclusive-or operation on the data segment and the first segment.
As an example, if the second data fragment sub-sequence includes "Y2, …, yn", the second fragment is Y1, then Y2, …, yn may be xored (exclusive or-operated) with Y1, respectively, to generate f (Y2), f (Y3), …, f (Yn). Where f (Yn) is the result of an exclusive OR operation of Yn and Y1, and n is a positive integer greater than 1.
Thereby, n pieces of second decrypted data can be obtained.
Step 304, generating the data to be encrypted based on the first decrypted data and the second decrypted data.
In this embodiment, the first decrypted data and the second decrypted data may be spliced in the same order as the preset order described in step 105, so as to obtain the data to be encrypted. Or, the preset characters or randomly generated characters described in the step 105, the first segment corresponding to the first encrypted data, and the first data segment sub-sequence corresponding to the second encrypted data may be extracted according to the preset sequence, so as to obtain the data to be encrypted.
It should be noted that, in addition to the above descriptions, the present embodiment may further include the technical features described in the above embodiments, so as to achieve the technical effects of the data processing method shown above, and the detailed description is referred to above, and is omitted herein for brevity.
According to the data processing method provided by the embodiment of the application, the data fragments in the second data fragment subsequence and the second fragments can be processed through the exclusive OR operation, so that the data to be encrypted is obtained, the complexity of decryption calculation can be reduced, and the data query efficiency is further improved.
In some optional implementations of this embodiment, the generating the data to be encrypted may be performed based on the first decrypted data and the second decrypted data in the following manner:
Firstly, the first decryption data and the obtained second decryption data are spliced to obtain intermediate data.
The first decryption data and the obtained second decryption data can be spliced according to the same mode that the complementary data are obtained through the splicing, so that intermediate data are obtained.
The intermediate data may be a result of splicing the first decrypted data and the obtained second decrypted data.
Then, it is determined whether the intermediate data includes patch data.
The splicing data may be part of data in the preset data, or the splicing data may include data representing the number of bits of the splicing data, thereby determining whether the intermediate data includes the repair data.
Then, deleting the complement data in the intermediate data to obtain the data to be encrypted in the case that the complement data is included in the intermediate data.
Here, as an example, the splice data may be part of data in the preset data, or the splice data may include data representing the number of bits of the splice data, and thus, the repair data may be recognized accordingly.
It may be appreciated that in the above alternative implementation manner, in the case that the intermediate data includes the patch data, the patch data in the intermediate data may be deleted, so that the data to be encrypted may be restored more accurately.
The following description will take the data to be encrypted as three-dimensional model data as an example, but it should be noted that the embodiments of the present application may have the features described below, and the following description does not limit the protection scope of the embodiments of the present application.
Along with the increasing number of three-dimensional application scenes, the precision of the three-dimensional model is higher, the corresponding three-dimensional model data file is larger and larger, and is more and more GB, meanwhile, the intellectual property rights and data security of the three-dimensional model are also more and more concerned, and how to effectively protect the security of the data file under the condition that the model data file is larger and larger, and meanwhile, the access efficiency of the data file is guaranteed, so that the three-dimensional model data file is one concern of industry development.
The whole data file is encrypted by adopting a symmetrical encryption algorithm, the calculation complexity is much higher than that of the Xor operation, the influence on small files is small, but the read-write efficiency can not meet the requirement for data files which are like three-dimensional model data files and are frequently up with GB or larger.
The encryption process may include the steps of:
A 128-bit key K is generated as a starting key (i.e., the initial key) either by a random number generator or manually by the user prior to encrypting the model data file.
This K is encrypted by the user's public key Pb and generates an authorization (i.e. the authorization data described above) to the user.
The model data file is then divided into n segments of length L (L is a 1024 multiple) bytes, X1, X2, …, xn. Encrypting a first piece of data X1 (i.e., the first piece) with K to generate ciphertext F (X1) (i.e., the first encrypted data);
performing Xor operations on X2, …, xn (i.e., the data segment in the first data segment subsequence) and X1 to generate f (X2), f (X3), …, f (Xn) (i.e., the second encrypted data);
Here, if the encrypted model data file length is less than L or the length of the last data segment is less than L, the foregoing operations are performed after complementing to L.
The decryption process may include the steps of:
decrypting the received user authorization through the private key Pr of the user to obtain a decryption key K (namely the initial key);
The encrypted model data file is divided into n segments of length L (L is a multiple of 1024) bytes, Y1, Y2, …, yn (i.e. the second sequence of data fragments described above). Decrypting the first segment of data Y1 (i.e., the second segment) with K to generate plaintext X1 (i.e., the first segment or the first decrypted data);
performing Xor operation on Y2, …, yn and X1 to generate X2, X3, … and Xn (namely the first data fragment sequence);
and deleting the complemented data, thereby obtaining the data to be encrypted.
By comprehensively applying the asymmetric encryption and decryption algorithm, the symmetric encryption and decryption algorithm and the exclusive-or algorithm, the method can improve the access efficiency of the model data file and support the segmented access of the model data file on the premise of ensuring the data security.
Fig. 4 is a schematic structural diagram of a data processing apparatus according to an embodiment of the present application. The method specifically comprises the following steps:
An obtaining unit 401, configured to obtain data to be encrypted, and determine an initial key;
A first dividing unit 402, configured to divide the data to be encrypted to obtain a first data segment sequence;
A first encryption unit 403, configured to encrypt a first segment in the first data segment sequence with the initial key to obtain first encrypted data, where the first segment is a first data segment in the first data segment sequence;
A first operation unit 404, configured to perform an exclusive-or operation on a data segment in the first data segment sub-sequence and the data segment to obtain second encrypted data corresponding to the data segment; wherein the first data segment subsequence is: a sequence of data segments of the first sequence of data segments other than the first segment;
a first generating unit 405, configured to generate target encrypted data of the data to be encrypted based on the first encrypted data and the second encrypted data.
In one possible implementation manner, the dividing the data to be encrypted includes:
determining the byte length of the data to be encrypted to obtain a first length;
Determining whether the first length is an integer multiple of a preset length;
The data to be encrypted is divided into data fragments with the preset length on average under the condition that the first length is integral multiple of the preset length;
and under the condition that the first length is not the integral multiple of the preset length, filling the data to be encrypted, so that the filled data to be encrypted is the integral multiple of the preset length, and dividing the filled data to be encrypted into data fragments with the preset length on average.
In one possible implementation manner, in a case that the first length is not an integer multiple of the preset length, the step of supplementing the data to be encrypted includes:
Determining the character length of the complement data of the data to be encrypted to obtain a second length;
Determining the character length of target data to obtain a third length, wherein the target data corresponds to the second length;
determining a random number with a length being a target length, wherein the target length is a difference value between the second length and the third length;
splicing the random number and the target data to obtain supplementary data;
and filling the filling data to the preset position of the data to be encrypted.
In one possible implementation, after the determining the initial key, the apparatus further includes:
a second encryption unit (not shown in the figure) for encrypting the initial key with a public key to obtain authorization data; and
After the generating the target encrypted data of the data to be encrypted based on the first encrypted data and the second encrypted data, the apparatus further includes:
A first decryption unit (not shown) for decrypting the target encrypted data based on the authorization data to obtain the data to be encrypted.
In one possible implementation manner, the decrypting the target encrypted data based on the authorization data to obtain the data to be encrypted includes:
Determining a private key of the public key;
decrypting the authorization data by adopting the private key to obtain the initial key;
And decrypting the target encrypted data based on the initial key to obtain the data to be encrypted.
In one possible embodiment, after the generating the target encrypted data of the data to be encrypted based on the first encrypted data and the second encrypted data, the apparatus further includes:
A second dividing unit (not shown in the figure) for dividing the target encrypted data to obtain a second data fragment sequence;
a second decryption unit (not shown in the figure) for decrypting a second segment using the initial key to obtain first decrypted data, wherein the second segment is a first data segment in the second sequence of data segments;
A second operation unit (not shown in the figure) configured to perform an exclusive-or operation on the data segment and the first decrypted data with respect to the data segment in the second data segment sub-sequence, to obtain second decrypted data corresponding to the data segment; wherein the second data fragment subsequence is: a sequence of data fragments other than the second fragment in the second sequence of data fragments;
A second generating unit (not shown in the figure) for generating the data to be encrypted based on the first decrypted data and the second decrypted data.
In one possible implementation manner, the generating the data to be encrypted based on the first decrypted data and the second decrypted data includes:
Splicing the first decrypted data and the obtained second decrypted data to obtain intermediate data;
Determining whether the intermediate data comprises patch data;
and deleting the filling data in the intermediate data under the condition that the filling data are included in the intermediate data, so as to obtain the data to be encrypted.
The data processing apparatus provided in this embodiment may be a data processing apparatus as shown in fig. 4, and may perform all the steps of each data processing method described above, so as to achieve the technical effects of each data processing method described above, and specific reference should be made to the above related description, which is omitted herein for brevity.
Fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present application, and an electronic device 500 shown in fig. 5 includes: at least one processor 501, memory 502, at least one network interface 504, and other user interfaces 503. The various components in the electronic device 500 are coupled together by a bus system 505. It is understood that bus system 505 is used to enable connected communications between these components. The bus system 505 includes a power bus, a control bus, and a status signal bus in addition to a data bus. But for clarity of illustration the various buses are labeled as bus system 505 in fig. 5.
The user interface 503 may include, among other things, a display, a keyboard, or a pointing device (e.g., a mouse, a trackball, a touch pad, or a touch screen, etc.).
It will be appreciated that the memory 502 in embodiments of the application can be either volatile memory or nonvolatile memory, or can include both volatile and nonvolatile memory. The nonvolatile Memory may be a Read-Only Memory (ROM), a Programmable ROM (PROM), an Erasable PROM (EPROM), an Electrically Erasable EPROM (EEPROM), or a flash Memory. The volatile memory may be random access memory (Random Access Memory, RAM) which acts as external cache memory. By way of example, and not limitation, many forms of RAM are available, such as static random access memory (STATIC RAM, SRAM), dynamic random access memory (DYNAMIC RAM, DRAM), synchronous Dynamic Random Access Memory (SDRAM), double data rate Synchronous dynamic random access memory (Double DATA RATE SDRAM, DDRSDRAM), enhanced Synchronous dynamic random access memory (ENHANCED SDRAM, ESDRAM), synchronous link dynamic random access memory (SYNCH LINK DRAM, SLDRAM), and Direct memory bus random access memory (DRRAM). The memory 502 described herein is intended to comprise, without being limited to, these and any other suitable types of memory.
In some implementations, the memory 502 stores the following elements, executable units or data structures, or a subset thereof, or an extended set thereof: an operating system 5021 and application programs 5022.
The operating system 5021 includes various system programs, such as a framework layer, a core library layer, a driver layer, and the like, for implementing various basic services and processing hardware-based tasks. The application 5022 includes various application programs, such as a media player (MEDIA PLAYER), a Browser (Browser), and the like, for implementing various application services. A program for implementing the method according to the embodiment of the present application may be included in the application 5022.
In this embodiment, the processor 501 is configured to execute the method steps provided in the method embodiments by calling a program or an instruction stored in the memory 502, specifically, a program or an instruction stored in the application 5022, for example, including:
acquiring data to be encrypted and determining an initial key;
Dividing the data to be encrypted to obtain a first data fragment sequence;
Encrypting a first segment in the first data segment sequence by adopting the initial key to obtain first encrypted data, wherein the first segment is the first data segment in the first data segment sequence;
Performing exclusive OR operation on the data segment and the first segment in the first data segment subsequence to obtain second encrypted data corresponding to the data segment; wherein the first data segment subsequence is: a sequence of data segments of the first sequence of data segments other than the first segment;
Generating target encrypted data of the data to be encrypted based on the first encrypted data and the second encrypted data.
The method disclosed in the above embodiment of the present application may be applied to the processor 501 or implemented by the processor 501. The processor 501 may be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the above method may be performed by integrated logic circuitry in hardware or instructions in software in the processor 501. The Processor 501 may be a general purpose Processor, a digital signal Processor (DIGITAL SIGNAL Processor, DSP), an Application SPECIFIC INTEGRATED Circuit (ASIC), an off-the-shelf programmable gate array (Field Programmable GATE ARRAY, FPGA) or other programmable logic device, discrete gate or transistor logic device, discrete hardware components. The disclosed methods, steps, and logic blocks in the embodiments of the present application may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of the method disclosed in connection with the embodiments of the present application may be embodied directly in the execution of a hardware decoding processor, or in the execution of a combination of hardware and software elements in a decoding processor. The software elements may be located in a random access memory, flash memory, read-only memory, programmable read-only memory or electrically erasable programmable memory, registers, etc. as well known in the art. The storage medium is located in a memory 502, and the processor 501 reads information in the memory 502 and, in combination with its hardware, performs the steps of the method described above.
It is to be understood that the embodiments described herein may be implemented in hardware, software, firmware, middleware, microcode, or a combination thereof. For a hardware implementation, the Processing units may be implemented within one or more Application SPECIFIC INTEGRATED Circuits (ASICs), digital signal processors (DIGITAL SIGNAL Processing, DSPs), digital signal Processing devices (DSPDEVICE, DSPD), programmable logic devices (Programmable Logic Device, PLDs), field-Programmable gate arrays (Field-Programmable GATE ARRAY, FPGA), general purpose processors, controllers, micro-controllers, microprocessors, other electronic units for performing the above-described functions of the application, or a combination thereof.
For a software implementation, the techniques described herein may be implemented by means of units that perform the functions described herein. The software codes may be stored in a memory and executed by a processor. The memory may be implemented within the processor or external to the processor.
The electronic device provided in this embodiment may be an electronic device as shown in fig. 5, and may perform all the steps of each data processing method described above, so as to achieve the technical effects of each data processing method described above, and specific reference is made to the above related description, which is omitted herein for brevity.
The embodiment of the application also provides a storage medium (computer readable storage medium). The storage medium here stores one or more programs. Wherein the storage medium may comprise volatile memory, such as random access memory; the memory may also include non-volatile memory, such as read-only memory, flash memory, hard disk, or solid state disk; the memory may also comprise a combination of the above types of memories.
When one or more programs in the storage medium are executable by one or more processors, the above-described data processing method performed on the electronic device side is implemented.
The processor is configured to execute a data processing program stored in the memory, so as to implement the following steps of a data processing method executed on the electronic device side:
acquiring data to be encrypted and determining an initial key;
Dividing the data to be encrypted to obtain a first data fragment sequence;
Encrypting a first segment in the first data segment sequence by adopting the initial key to obtain first encrypted data, wherein the first segment is the first data segment in the first data segment sequence;
Performing exclusive OR operation on the data segment and the first segment in the first data segment subsequence to obtain second encrypted data corresponding to the data segment; wherein the first data segment subsequence is: a sequence of data segments of the first sequence of data segments other than the first segment;
Generating target encrypted data of the data to be encrypted based on the first encrypted data and the second encrypted data.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative elements and steps are described above generally in terms of function in order to clearly illustrate the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied in hardware, in a software module executed by a processor, or in a combination of the two. The software modules may be disposed in Random Access Memory (RAM), memory, read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
It is to be understood that the terminology used herein is for the purpose of describing particular example embodiments only, and is not intended to be limiting. As used herein, the singular forms "a", "an" and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. The terms "comprises," "comprising," "includes," "including," and "having" are inclusive and therefore specify the presence of stated features, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, steps, operations, elements, components, and/or groups thereof. The method steps, processes, and operations described herein are not to be construed as necessarily requiring their performance in the particular order described or illustrated, unless an order of performance is explicitly stated. It should also be appreciated that additional or alternative steps may be used.
The foregoing is only a specific embodiment of the invention to enable those skilled in the art to understand or practice the invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.