Search

CN-122027229-A - Data encryption method and device, data decryption method and device, equipment and computer program product

CN122027229ACN 122027229 ACN122027229 ACN 122027229ACN-122027229-A

Abstract

The application discloses a data encryption method and device, a data decryption method and device, equipment and a computer program product, wherein the data encryption method comprises the steps of obtaining key data to be encrypted and extracting characteristics to obtain a first characteristic vector of the key data; and encrypting the key data to be encrypted by using a preset multiple encryption mechanism according to the session key of the key data to be encrypted to obtain an encryption result of the key data. The application provides a unique identifier for each piece of data through dynamic feature extraction, thereby generating a dynamic session key, improving the data security, and enabling an attacker to be unable to infer the original data through analyzing the encryption result by a multiple encryption mechanism. The security and flexibility of data encryption are considered through the cooperation of dynamic feature extraction and multiple encryption mechanisms, and the data security protection with high strength, playback resistance and statistical analysis resistance is realized.

Inventors

  • ZHANG XINBAO
  • WANG JING

Assignees

  • 中国邮政储蓄银行股份有限公司

Dates

Publication Date
20260512
Application Date
20260116

Claims (12)

  1. 1. A data encryption method, characterized in that the data encryption method comprises: acquiring key data to be encrypted; extracting the characteristics of the key data to be encrypted to obtain a first characteristic vector of the key data; Generating a session key of the key data to be encrypted by using a preset session key derivation algorithm according to the first feature vector of the key data; And encrypting the key data to be encrypted by utilizing a preset multiple encryption mechanism according to the session key of the key data to be encrypted, so as to obtain an encryption result of the key data.
  2. 2. The method according to claim 1, wherein the generating the session key of the critical data to be encrypted using a preset session key derivation algorithm according to the first feature vector of the critical data comprises: Carrying out hash value calculation on a first feature vector of the key data to obtain a hash value of the first feature vector; And generating a session key of the key data to be encrypted by using a preset key derivation algorithm according to the hash value and the random salt of the first feature vector.
  3. 3. The data encryption method according to claim 1, wherein the preset multiple encryption mechanism includes a dynamic transformation matrix generation mechanism, a linear diffusion transformation mechanism, a nonlinear confusion mechanism, and an authentication encryption mechanism, and the encrypting the key data to be encrypted by using the preset multiple encryption mechanism according to the session key of the key data to be encrypted, to obtain the encryption result of the key data includes: Generating a dynamic transformation matrix by using the dynamic transformation matrix generation mechanism according to the session key of the key data to be encrypted; according to the key data to be encrypted and the dynamic transformation matrix, linear diffusion is carried out by utilizing the linear diffusion transformation mechanism, and data after linear diffusion is obtained; according to the linearly diffused data, nonlinear confusion processing is carried out by utilizing the nonlinear confusion mechanism, and nonlinear confused data are obtained; And carrying out authentication encryption by utilizing the authentication encryption mechanism according to the session key of the key data to be encrypted and the nonlinear confused data to obtain an encryption result of the key data.
  4. 4. A data encryption method according to claim 3, wherein said generating a dynamic transformation matrix using said dynamic transformation matrix generation mechanism based on said session key of said critical data to be encrypted comprises: Performing segmentation processing on the session key of the key data to be encrypted to obtain a plurality of segments of the session key; Respectively carrying out hash value calculation on a plurality of segments of the session key to obtain hash values of the segments; generating the dynamic transformation matrix according to the hash value of each segment; And carrying out reversibility verification on the dynamic transformation matrix, and outputting the reversible dynamic transformation matrix.
  5. 5. The method for encrypting data according to claim 3, wherein said linearly diffusing by using said linearly diffusion transformation mechanism according to said key data to be encrypted and said dynamic transformation matrix, obtaining linearly diffused data comprises: Carrying out data rearrangement on the key data to be encrypted to obtain a rearrangement matrix of the key data; and performing matrix operation on the rearrangement matrix of the key data and the dynamic transformation matrix to obtain the linearly diffused data.
  6. 6. The data encryption method according to claim 1, wherein the encryption result of the key data includes ciphertext of the key data and a corresponding authentication tag, the data encryption method further comprising: Generating a data identifier of the key data according to the first feature vector of the key data; mapping and storing the data identifier and other encryption parameters corresponding to the key data, wherein the other encryption parameters comprise an authentication tag, an encryption time stamp, a random salt, an initialization vector, a first feature vector, creation time and a validity period; And forming a transmission data packet by the ciphertext of the key data and the data identifier, and sending the transmission data packet to a decryption party.
  7. 7. A data decryption method, characterized in that the data decryption method comprises: Receiving a transmission data packet of a decryption party, wherein the transmission data packet comprises ciphertext of key data and a data identifier; Generating a session key of the ciphertext of the key data by using a preset session key derivation algorithm according to the transmission data packet; Decrypting the ciphertext of the key data by using a preset multiple decryption mechanism according to the session key of the ciphertext of the key data to obtain original key data; extracting features of the original key data to obtain a second feature vector of the key data; Verifying the original key data according to the second feature vector of the key data to obtain a decryption result of the key data; The ciphertext of the key data is obtained based on the data encryption method of any one of claims 1-6.
  8. 8. The data decryption method according to claim 7, wherein after receiving the transmission data packet of the decrypting side, the data decryption method further comprises: Inquiring other decryption parameters corresponding to ciphertext of the key data according to the data identifier, wherein the other decryption parameters comprise an encryption time stamp and an expiration date; determining whether the transmission data packet is in the validity period or not by utilizing the validity period according to the difference value between the current time stamp and the encryption time stamp; if yes, executing a step of generating a session key of ciphertext of the key data by using a preset session key derivation algorithm according to the transmission data packet; Otherwise, the decryption is refused.
  9. 9. A data encryption device, characterized in that the data encryption device comprises: the acquisition unit is used for acquiring key data to be encrypted; the first feature extraction unit is used for carrying out feature extraction on the key data to be encrypted to obtain a first feature vector of the key data; the first key derivation unit is used for generating a session key of the key data to be encrypted by using a preset session key derivation algorithm according to the first feature vector of the key data; and the encryption unit is used for encrypting the key data to be encrypted by utilizing a preset multiple encryption mechanism according to the session key of the key data to be encrypted to obtain an encryption result of the key data.
  10. 10. A data decryption apparatus, characterized in that the data decryption apparatus comprises: The receiving unit is used for receiving a transmission data packet of a decryption party, wherein the transmission data packet comprises a ciphertext of key data and a data identifier; The second key derivation unit is used for generating a session key of the ciphertext of the key data by using a preset session key derivation algorithm according to the transmission data packet; The decryption unit is used for decrypting the ciphertext of the key data by utilizing a preset multiple decryption mechanism according to the session key of the ciphertext of the key data to obtain original key data; The second feature extraction unit is used for carrying out feature extraction on the original key data to obtain a second feature vector of the key data; The verification unit is used for verifying the original key data according to the second feature vector of the key data to obtain a decryption result of the key data; Wherein the ciphertext of the key data is obtained based on the data encryption device of claim 9.
  11. 11. An apparatus, comprising: A processor and a memory arranged to store computer executable instructions which when executed cause the processor to perform the data encryption method of any one of claims 1 to 6 and to perform the data decryption method of any one of claims 7 to 8.
  12. 12. A computer program product comprising computer programs/instructions which, when executed by a processor, implement the data encryption method of any one of claims 1 to 6 and implement the data decryption method of any one of claims 7 to 8.

Description

Data encryption method and device, data decryption method and device, equipment and computer program product Technical Field The present application relates to the field of information security technologies, and in particular, to a data encryption method and apparatus, a data decryption method and apparatus, a device, and a computer program product. Background In the present digital age, information security has become a key element in various fields. With the rapid development of information technology, a large amount of sensitive information, such as personal identification information, financial transaction data, business secrets, government secrets, etc., is frequently transmitted and stored in a network environment. Once revealed or tampered, the sensitive information brings great loss and serious potential safety hazard to individuals, enterprises and even countries. Therefore, how to effectively protect the sensitive information and ensure confidentiality, integrity and usability of the sensitive information becomes a core problem to be solved in the information security field. Data encryption is an important means of protecting sensitive information and plays a vital role in the information security system. The plaintext data is converted into the ciphertext through specific transformation, so that only authorized parties with correct keys can restore the ciphertext into the plaintext, thereby preventing unauthorized access and theft. The data encryption technology is widely applied to various scenes including but not limited to network communication, data storage, identity authentication and the like, and provides firm guarantee for information security. In the field of information security, a conventional symmetric encryption algorithm is an important basis for data encryption, and mainly includes DES (data encryption standard), 3DES (triple DES), AES (advanced encryption standard) and the like. Although the traditional symmetric encryption algorithm can guarantee the security of data to a certain extent, the traditional symmetric encryption algorithm cannot meet the increasingly complex and diversified requirements of the modern information security field due to the defects of key management risk, lack of dynamic encryption parameters, easiness in being attacked by statistical analysis, lack of timeliness control mechanism and the like. Therefore, a new data encryption scheme is developed to overcome the defects of the traditional symmetric encryption algorithm, improve the safety and flexibility of data encryption, and have important practical significance and urgency. Disclosure of Invention The embodiment of the application provides a data encryption method and device, a data decryption method and device, equipment and a computer program product, so as to improve the security and flexibility of data encryption and decryption. The embodiment of the application adopts the following technical scheme: in a first aspect, an embodiment of the present application provides a data encryption method, where the data encryption method includes: acquiring key data to be encrypted; extracting the characteristics of the key data to be encrypted to obtain a first characteristic vector of the key data; Generating a session key of the key data to be encrypted by using a preset session key derivation algorithm according to the first feature vector of the key data; And encrypting the key data to be encrypted by utilizing a preset multiple encryption mechanism according to the session key of the key data to be encrypted, so as to obtain an encryption result of the key data. In a second aspect, an embodiment of the present application further provides a data decryption method, where the data decryption method includes: Receiving a transmission data packet of a decryption party, wherein the transmission data packet comprises ciphertext of key data and a data identifier; Generating a session key of the ciphertext of the key data by using a preset session key derivation algorithm according to the transmission data packet; Decrypting the ciphertext of the key data by using a preset multiple decryption mechanism according to the session key of the ciphertext of the key data to obtain original key data; extracting features of the original key data to obtain a second feature vector of the key data; Verifying the original key data according to the second feature vector of the key data to obtain a decryption result of the key data; the ciphertext of the key data is obtained based on the data encryption method of any one of the above. In a third aspect, an embodiment of the present application further provides a data encryption apparatus, where the data encryption apparatus includes: the acquisition unit is used for acquiring key data to be encrypted; the first feature extraction unit is used for carrying out feature extraction on the key data to be encrypted to obtain a first feature vector of the key data; the first key de