[go: up one dir, main page]

WO2018166484A1 - Data encryption and decryption methods and apparatuses, electronic device and readable storage medium - Google Patents

Data encryption and decryption methods and apparatuses, electronic device and readable storage medium Download PDF

Info

Publication number
WO2018166484A1
WO2018166484A1 PCT/CN2018/079050 CN2018079050W WO2018166484A1 WO 2018166484 A1 WO2018166484 A1 WO 2018166484A1 CN 2018079050 W CN2018079050 W CN 2018079050W WO 2018166484 A1 WO2018166484 A1 WO 2018166484A1
Authority
WO
WIPO (PCT)
Prior art keywords
iris
data
encrypted
template
iris template
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/CN2018/079050
Other languages
French (fr)
Chinese (zh)
Inventor
易开军
高俊雄
托马斯 费尔兰德斯·
罗恒
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wuhan Hongshi Technologies Co Ltd
Original Assignee
Wuhan Hongshi Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wuhan Hongshi Technologies Co Ltd filed Critical Wuhan Hongshi Technologies Co Ltd
Publication of WO2018166484A1 publication Critical patent/WO2018166484A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0478Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0631Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/088Usage controlling of secret information, e.g. techniques for restricting cryptographic keys to pre-authorized uses, different access levels, validity of crypto-period, different key- or password length, or different strong and weak cryptographic algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms

Definitions

  • the present disclosure relates to the field of data processing, and in particular, to a data encryption and decryption method, apparatus, electronic device, and readable storage medium.
  • the purpose of the present disclosure includes providing a data encryption, decryption method, apparatus, and electronic device to improve the above problems.
  • the present disclosure provides a data encryption method, the method comprising: acquiring a user iris image; generating an iris template according to the iris image; generating a data key according to the iris template, and performing the iris template Encryption; encrypting the obtained file to be encrypted according to the data key.
  • the method further includes: generating an iris key according to the encrypted file to be encrypted; and pairing the iris template according to the iris key Performing secondary encryption; generating an encrypted data packet according to the second encrypted image and the encrypted file to be encrypted.
  • the acquiring the iris image of the user comprises: acquiring the iris image of the user by using an iris camera.
  • the step of generating an iris template according to the iris image includes:
  • the iris image is processed by using a preset algorithm to obtain intrinsic biometric property data of the human body included in the iris image;
  • the acquired intrinsic biometric property data is used as data in the iris template.
  • the step of generating a data key according to the iris template and encrypting the iris template includes:
  • the iris template is encrypted by using a preset encryption algorithm to obtain an encrypted iris template.
  • the present disclosure provides a data decryption method, the method includes: acquiring a user iris image; generating a new iris template according to the iris image; and acquiring an encrypted data packet corresponding to the file to be decrypted, where the encrypted data packet is Generating in the process of encrypting the original file to obtain the file to be decrypted, and the encrypted data packet includes the original file and the encrypted original iris template; acquiring the original file and the obtained from the encrypted data packet Decoding the original iris template; generating an iris key according to the original file; decrypting the encrypted original iris template according to the iris key; and the decrypted original iris template and the new iris The template is matched to obtain a matching result; and the file to be decrypted is decrypted according to the matching result.
  • the decrypting the encrypted file to be decrypted according to the matching result includes: if the matching result is that the decrypted original iris template matches the new iris template, obtaining the basis Decoding a data key generated by the original iris template; and decrypting the encrypted file to be decrypted according to the data key.
  • the step of decrypting the file to be decrypted includes:
  • the decryption process is ended.
  • the present disclosure provides a data decryption method, including:
  • the method further includes:
  • the step of decrypting the encrypted second iris template to obtain a second iris template includes:
  • the second iris template after the initial decryption is secondarily decrypted according to the iris decryption algorithm, and the second decrypted second iris template is used as the decrypted second iris template.
  • the first iris template includes first biometric data
  • the second iris template includes second biometric data
  • the step of determining whether the first iris template is consistent with the second iris template comprises:
  • the present disclosure provides a data encryption apparatus, the apparatus comprising: an image acquisition module configured to acquire a user iris image; a first generation module configured to generate an iris template according to the iris image; and a second generation module And configuring the data key to be generated according to the iris template, and encrypting the iris template; and the encryption module is configured to encrypt the to-be-encrypted file obtained according to the data key.
  • the device further includes: a third generating module, configured to generate an iris key according to the encrypted file to be encrypted; and a template encryption module configured to perform secondary encryption on the iris template according to the iris key; And a data packet generating module configured to generate an encrypted data packet according to the second encrypted IP template and the encrypted file to be encrypted.
  • a third generating module configured to generate an iris key according to the encrypted file to be encrypted
  • a template encryption module configured to perform secondary encryption on the iris template according to the iris key
  • a data packet generating module configured to generate an encrypted data packet according to the second encrypted IP template and the encrypted file to be encrypted.
  • the present disclosure provides a data decryption apparatus, the apparatus comprising: a first acquisition module configured to acquire a user iris image; a template generation module configured to generate a new iris template according to the iris image; a module configured to obtain an encrypted data packet corresponding to the file to be decrypted, where the encrypted data packet is generated in a process of encrypting the original file to obtain the to-be-decrypted file, and the encrypted data includes the original file and the encrypted file a raw iris template; a third obtaining module configured to acquire the original file and the encrypted original iris template from the encrypted data packet; and a key generation module configured to generate an iris key according to the original file a template decryption module configured to decrypt the encrypted original iris template according to the iris key; and a matching module configured to match the decrypted original iris template with the new iris template to obtain a match a file decryption module configured to decrypt the file to be decrypted according to the matching result
  • the file decryption module includes: a comparison sub-module configured to acquire, according to the original iris template, if the matching result is that the decrypted original iris template matches the new iris template a data key; a decryption sub-module configured to decrypt the encrypted file to be decrypted according to the data key.
  • the present disclosure provides an electronic device including an encryption processor and a memory coupled to the encryption processor, the memory storing instructions when the instruction is encrypted by the The electronic device performs the following operations: acquiring a user iris image; generating an iris template according to the iris image; generating a data key according to the iris template, and encrypting the iris template; The key encrypts the file to be encrypted obtained.
  • the present disclosure provides an electronic device including an iris collection device for collecting an iris image of a user, the electronic device including a processor and a non-easy computer instruction stored therein Loss memory, the electronic device performing the data encryption method of any one of claims 1-5 when the computer instructions are executed by the processor.
  • the present disclosure provides an electronic device including an iris collection device for collecting an iris image of a user, the electronic device including a processor and a non-easy computer instruction stored therein Loss memory, the electronic device performing the data decryption method of any one of claims 9-12 when the computer instructions are executed by the processor.
  • the present disclosure provides a readable storage medium, the readable storage medium comprising a computer program, wherein: when the computer program is running, controlling a user terminal where the readable storage medium is located to execute claim 1
  • the data encryption method according to any one of 5.
  • the present disclosure provides a readable storage medium, the readable storage medium comprising a computer program, wherein: when the computer program is running, controlling a user terminal where the readable storage medium is located to perform claim 9-
  • the data decryption method according to any one of 12.
  • the present disclosure provides a data encryption and decryption method and an electronic device.
  • an iris image of a user is acquired, an iris template is generated according to the iris image, and a data key is generated according to the iris template, so as to improve the security of the iris template, If the other person steals, the iris template needs to be encrypted, and the obtained file to be encrypted is encrypted according to the data key, and the iris template generated by the iris image is used, so that each iris template can be generated according to each time, thereby Different data keys are generated for each file to be encrypted, which improves data key security and data security.
  • FIG. 1 is a structural block diagram of an electronic device applicable to an embodiment of the present application
  • FIG. 3 is a flowchart of a data decryption method provided by the present disclosure
  • FIG. 4 is a structural block diagram of a data encryption apparatus provided by the present disclosure.
  • FIG. 5 is a structural block diagram of a data decryption apparatus provided by the present disclosure.
  • FIG. 1 is a structural block diagram of an electronic device 100 that can be applied to an embodiment of the present application.
  • the electronic device 100 may include a data encryption device or a data decryption device, a memory 101, a memory controller 102, an encryption processor 103, a peripheral interface 104, an input and output unit 105, an audio unit 106, and a display unit 107.
  • the components of the memory 101, the storage controller 102, the encryption processor 103, the peripheral interface 104, the input/output unit 105, the audio unit 106, and the display unit 107 are electrically connected directly or indirectly to each other to implement data transmission. Or interaction.
  • the components can be electrically connected to one another via one or more communication buses or signal lines.
  • the data encryption device or the data decryption device includes at least one software or firmware stored in the memory 101 or solidified in an operating system (OS) of the data encryption device or the data decryption device.
  • OS operating system
  • Software function module The cryptographic processor 103 is configured to execute executable modules stored in the memory 101, such as software functional modules or computer programs included in the data encryption device or data decryption device.
  • the memory 101 may be, but not limited to, a random access memory (RAM), a read only memory (ROM), and a programmable read-only memory (PROM). Erasable Programmable Read-Only Memory (EPROM), Electric Erasable Programmable Read-Only Memory (EEPROM), and the like.
  • RAM random access memory
  • ROM read only memory
  • PROM programmable read-only memory
  • EPROM Erasable Programmable Read-Only Memory
  • EEPROM Electric Erasable Programmable Read-Only Memory
  • the memory 101 is configured to store a program, and the encryption processor 103 executes the program after receiving the execution instruction, and the method executed by the server defined by the flow process disclosed in any of the foregoing embodiments may be applied to the encryption process. In the device 103, or implemented by the encryption processor 103.
  • the cryptographic processor 103 may be an integrated circuit chip with signal processing capabilities.
  • the cryptographic processor 103 may be a general-purpose processor, including a central processing unit (CPU), a network processor (NP Processor, etc.), or a digital signal processor (DSP), dedicated integration. Circuit (ASIC), off-the-shelf programmable gate array (FPGA) or other programmable logic device, discrete gate or transistor logic device, discrete hardware component.
  • the methods, steps, and logical block diagrams disclosed in this disclosure may be implemented or carried out.
  • the general purpose processor may be a microprocessor or the cryptographic processor 103 may be any conventional processor or the like.
  • peripheral interface 104 couples various input/output devices to the encryption processor 103 and the memory 101.
  • peripheral interface 104, cryptographic processor 103, and memory controller 102 can be implemented in a single chip. In other instances, they can be implemented by separate chips.
  • the input output unit 105 is configured to provide input to the user to enable user interaction with the server (or local terminal).
  • the input and output unit 105 can be, but is not limited to, a mouse, a keyboard, and the like.
  • the audio unit 106 provides an audio interface to the user, which may include one or more microphones, one or more speakers, and audio circuitry.
  • the display unit 107 provides an interactive interface (such as a user operation interface) between the electronic device 100 and the user or for displaying image data to the user for reference.
  • the display unit 107 can be a liquid crystal display or a touch display.
  • a touch display it can be a capacitive touch screen or a resistive touch screen that supports single-point and multi-touch operations. Supporting single-point and multi-touch operations means that the touch display can sense the touch operation simultaneously generated from one or more positions on the touch display, and the touch operation is transferred to the encryption processor.
  • 103 performs calculations and processing.
  • peripheral interface 104 couples various input/input devices to the encryption processor 103 and the memory 101.
  • peripheral interface 104, cryptographic processor 103, and memory controller 102 can be implemented in a single chip. In other instances, they can be implemented by separate chips.
  • the input output unit 105 is configured to provide input to the user to enable user interaction with the processing terminal.
  • the input and output unit 105 can be, but is not limited to, a mouse, a keyboard, and the like.
  • the electronic device 100 can be applied to encrypt or decrypt data during data transmission between the terminal device and the storage device, for example, when data is transmitted between the terminal device and the storage device.
  • 100 is connected to the terminal device and the storage device respectively, and the connection interface between the terminal device and the storage device may be a USB or SATA type interface, thereby implementing a function of encrypting and decrypting data transfer.
  • the electronic device 100 may encrypt the data when the data is transmitted to the storage device, and decrypt the data when the data is read from the storage device, thereby ensuring the security of the data.
  • the terminal device may be a terminal such as a personal computer (PC), a tablet computer, a smart phone, a personal digital assistant (PDA), a wearable device, or the like.
  • the storage device can be an SD memory card, or a memory, or other device that can store data.
  • FIG. 2 is a flowchart of a data encryption method according to the present disclosure. The method specifically includes the following steps:
  • Step S110 Acquire a user iris image.
  • the iris image of the user can be acquired by the iris camera, and the iris camera can adopt an optical anti-shake iris camera, and the iris camera can accurately capture the user's binocular or monocular iris images.
  • a CCD camera or other image acquisition device can also be used to collect the user's iris image.
  • Step S120 Generate an iris template according to the iris image.
  • the method for generating an iris template may be to generate an iris template by using an iris image through a one-dimensional log-Gabor filtering algorithm or a two-dimensional log-Gabor filtering algorithm.
  • the iris image can be processed by using the Daubechies-4 wavelet transform to obtain an iris template.
  • the embodiment of the present application does not limit the algorithm used to generate the iris template.
  • the iris template is an iris image format stored in the memory used to compare the similarity of the iris images in order to determine whether the different iris images are the same iris, and the iris template includes the inherent biological characteristics of the individual.
  • the iris template is an iris image format that is smaller in size than the original iris image measured by the camera.
  • the iris template may be a template that processes the iris image by Fourier transform or wavelet transform to include an individual's inherent biological characteristics.
  • Step S130 Generate a data key according to the iris template, and encrypt the iris template.
  • the iris template may be used to encrypt the iris template to generate a data key corresponding to the iris template.
  • the process of generating the iris template according to the iris image in the process of collecting the user iris image External environment factors such as light and color may cause differences in the generated templates, and eventually the generated data keys are changed, thereby improving data key security and data security.
  • an iris image collected under conditions of bright ambient light and good light is different from an iris image collected under conditions of dark environment and poor light.
  • Different irises can be generated according to different iris images. Templates, different iris templates are processed by encryption algorithms, and the resulting data keys are different.
  • the iris template can also be encrypted, and the encryption algorithm can be encrypted by using an iris module (optional, an iris module of the chip type AES256/128), or Encryption is performed using the national secret algorithm (SM1, SM2, SM3, SM4, SM7).
  • an iris module optionally an iris module of the chip type AES256/128
  • Encryption is performed using the national secret algorithm (SM1, SM2, SM3, SM4, SM7).
  • Step S140 Encrypt the obtained file to be encrypted according to the data key.
  • the data to be encrypted may be encrypted by using the data key, and the encryption method may also adopt a national secret algorithm (SM1, SM2, SM3, SM4, SM7) or the like.
  • the encrypted file is encrypted by using the data key to obtain the encrypted file to be encrypted.
  • the method may further include:
  • Step S150 Generate an iris key according to the encrypted file to be encrypted.
  • the encrypted file to be encrypted obtained in the above step may generate an iris key according to the encrypted file to be encrypted, and the generating method may adopt a fuzzy algorithm or a fuzzy extractor to perform iris density. Key generation.
  • Step S160 Perform secondary encryption on the iris template according to the iris key.
  • the iris module (optionally, the iris module of the chip type AES256/128 can be used for encryption), and the iris template is used for secondary encryption in this step.
  • the secret algorithm (optional, SM1, SM2, SM3, SM4, SM7, etc.) can be used for encryption.
  • the national secret algorithm is used (optional, it can be used).
  • the SM1, SM2, SM3, SM4, SM7 and other national secret algorithms are used for encryption, the iris template is used for secondary encryption in this step.
  • the iris module with the chip type AES256/128 can be used. Encryption to improve the security of the iris template to prevent it from being stolen by others.
  • Step S170 Generate an encrypted data packet according to the second encrypted image and the encrypted file to be encrypted.
  • the iris template corresponding to the encrypted file to be encrypted needs to be determined, and the encrypted template can be generated by the secondary encrypted iris template and the encrypted file to be encrypted.
  • the packet when decrypting the encrypted file to be encrypted, extracts the encrypted file to be encrypted and the second encrypted iris template from the encrypted data packet.
  • an iris template is generated according to the iris image, and a data key is generated according to the iris template, and the generated iris template is simultaneously encrypted, and then according to the data.
  • the key is used to encrypt the file to be encrypted.
  • the iris template may be secondarily encrypted according to the iris key generated by the encrypted file to be encrypted, in order to facilitate the decryption process.
  • Extracting a template, the iris template and the encrypted file to be encrypted may be generated into an encrypted data packet, and the data encryption method generates an iris template through an iris image, so that each of the different templates to be encrypted according to the iris template Files generate different keys, improving key security and data security.
  • FIG. 3 is a flowchart of a data decryption method according to the present disclosure.
  • the data decryption method specifically includes the following steps:
  • Step S210 Acquire a user iris image.
  • Step S110 Obtaining the file to be decrypted after encrypting the original file, if the file to be decrypted is to be decrypted, the iris image of the user needs to be acquired first, and the iris image obtained in this step can also be obtained by the iris camera, and the specific implementation method can be referred to. Step S110, for the sake of brevity of the description, will not be described again.
  • the file can be decrypted only by using the iris image used in the encryption process. Due to the biological characteristics and uniqueness of the iris image, that is, it is necessary to decrypt the encrypted file by using the iris image of the eye used by the user when encrypting.
  • Step S220 Generate a new iris template according to the iris image.
  • the iris image generation new iris template is the same as the method for generating the iris template in step S120, that is, the new iris template can be generated by a one-dimensional log-Gabor filtering algorithm or a two-dimensional log-Gabor filtering algorithm.
  • Step S230 Acquire an encrypted data packet corresponding to the file to be decrypted, where the encrypted data packet is generated in the process of encrypting the original file to obtain the file to be decrypted, and the encrypted data includes the original file and the encrypted file.
  • Original iris template
  • the encrypted data packet referred to herein may actually be the encrypted data packet generated in step S170, that is, the encrypted data packet is an encrypted data packet generated by the secondary encrypted original iris template and the encrypted original file.
  • the original file may be the file to be encrypted in the above encryption process, and the encrypted original file may be the encrypted file to be encrypted.
  • Step S240 Acquire the original file and the encrypted original iris template from the encrypted data packet.
  • the original file and the encrypted original iris template can be extracted therefrom. If the original file is an encrypted original file, the encrypted original file needs to be decrypted before being obtained.
  • the original file, the method of decrypting the encrypted original file can also be decrypted by using the national secret algorithm (optional, SM1, SM2, SM3, SM4, SM7 and other national secret algorithms).
  • the encrypted original file may be encrypted by using a data key in the foregoing encryption method, and the data key is generated by an iris template generated by the user's iris image. .
  • the iris image provided by the decrypter can be obtained, a new iris template is generated according to the iris image provided by the decrypter, and a new data key is generated by the new iris template, and the encrypted original file is decrypted by using the new data key. Get the original file without encryption.
  • Step S250 Generate an iris key according to the original file.
  • the iris key can be generated by the obtained original file, and the method for generating the iris key here can also be generated by using a fuzzy algorithm or a fuzzy extractor.
  • Step S260 Decrypt the encrypted original iris template according to the iris key.
  • the second encrypted original iris template is decrypted according to the iris key.
  • the national secret algorithm is used (optional, SM1, SM2 may be selected).
  • SM3, SM4, SM7 and other national secret algorithms are used for encryption.
  • the secondary encryption uses the iris module (optional, the iris module with the chip type AES256/128 can be selected) for encryption, and correspondingly, decryption When decrypting, the iris module (optional, iris module with chip type AES256/128) can be used for decryption.
  • the second decryption should use the national secret algorithm (optional, SM1, SM2, SM3 can be selected).
  • the iris module (chip type AES256/128) is used for encryption, and the secondary encryption is performed by the national secret algorithm (optional, SM1, SM2, SM3, SM4, etc.) SM7 and other national secret algorithms) are encrypted.
  • the national secret algorithm (optional, you can use SM1, SM2, SM3, SM4, SM7 and other national secret algorithms) for decryption and secondary decryption.
  • the iris module (optional, iris module with AES256/128 chip type) can be used for decryption. That is, the algorithm used in the encryption process of the iris template is encrypted, and the same algorithm is used for decryption in the decryption process.
  • Step S270 Match the decrypted original iris template with the new iris template to obtain a matching result.
  • the original iris template and the generated new iris template are obtained, and the original iris template and the new iris template can be matched by probability and threshold methods to obtain a matching result.
  • the original iris template can be compared with the new iris template, and the similarity between the two is calculated. If the similarity value exceeds the preset threshold, it indicates that the new iris template acquired later is encrypted.
  • the original iris template used.
  • the user indicating that the decryption is the user at the time of encryption, and the user uses the same eye as the source of the iris image acquired during decryption and encryption. At this time, the matching result of the original iris template and the letter iris template is that the similarity between the two satisfies the decryption requirement.
  • Step S280 Decrypt the file to be decrypted according to the matching result.
  • the matching result obtained in the above step if the matching result is that the decrypted original iris template matches the new iris template, the data key generated according to the original iris template is acquired, thereby according to the data key.
  • Decrypting the to-be-decrypted file if the matching result is that the decrypted original iris template is inconsistent with the new iris template, the data key generated by the original iris template cannot be obtained, and the data key cannot be obtained.
  • the decrypted file is decrypted to prevent data from being stolen, thereby ensuring the security of the data.
  • the encrypted data packet After acquiring the iris image of the user, generating a new iris template according to the iris image, and acquiring an encrypted data packet corresponding to the file to be decrypted, where the encrypted data packet is in the process of encrypting the original file to obtain the to-be-decrypted file.
  • Generating, and the encrypted data includes the original file and the encrypted original iris template, and then acquiring the original file and the encrypted original iris template from the encrypted data packet, and generating an iris key according to the original file.
  • the data decrypting method is to obtain the original iris template generated by the original file, and then the original iris template and the newly generated new iris The template is matched, so that the iris template and the data encryption method generated during the decryption process of the data are Whether the generated iris templates match, if they match, the decrypted files can be decrypted. If they do not match, the decrypted files cannot be decrypted, thereby improving key security and data security.
  • the embodiment of the present application discloses a data decryption method, which includes the following steps.
  • Step S301 obtaining a first iris template corresponding to the first iris image of the user.
  • the first iris image may be obtained by an iris collection device, and a corresponding algorithm may be used to generate a corresponding first iris template for the collected first iris image.
  • the first iris template can include the iris organism features inherent to the user's individual.
  • the user may use his own iris as an encryption key in the data encryption process.
  • the iris at the time of encryption must also be used, otherwise the correct decryption cannot be completed.
  • Step S301 Obtain an encrypted second iris template and encrypted data encrypted by the first data key, where the first data key is generated according to the second iris template in a data encryption process.
  • the first data key is generated by using the second iris template, and the data is encrypted by using the first data key.
  • the encrypted encrypted data and the second iris template used for encryption may be packaged and stored.
  • the packaged encrypted data may be obtained first.
  • the packaged second iris template may also be encrypted. After the packaged encrypted data and the encrypted second iris template are obtained, the encrypted second iris template and the encrypted data may be separated and processed separately.
  • the number of the first iris images may be one or more.
  • the number of second iris images may be one or more. That is to say, during the encryption process, the user can use the iris of one eye to encrypt, or the iris of two eyes to encrypt, and even more irises of the irises of three eyes of multiple people can be encrypted. Due to the uniqueness of the iris, a larger number of irises can achieve more secure encryption.
  • the iris of one eye or two eyes or more eyes is used for decryption to improve the security of the decryption process.
  • Step S301 decrypting the encrypted second iris template to obtain a second iris template.
  • the second iris template used in the encryption process is also encrypted, and the encryption algorithm used for encrypting the second iris template may be predetermined and randomly selected from a plurality of encryption algorithms.
  • the correct encryption algorithm must be used to decrypt, or the decryption algorithm corresponding to the encryption algorithm can be used for decryption.
  • the encryption algorithm or the decryption algorithm used for encryption may be preset.
  • the corresponding algorithm is used for decryption to obtain the decrypted second iris template.
  • Step S301 determining whether the first iris template and the second iris template are consistent.
  • the second iris template can be compared with the first iris template to determine whether the two are consistent. For example, in the process of encrypting a file, the user uses the iris of the left eye to encrypt, and correspondingly, during the decryption process, the user must also use the iris of the left eye to perform the decryption operation. The user only uses the same eye as the encryption process, and the comparison results of the first iris template and the second iris template are consistent.
  • Step S301 when the first iris template is consistent with the second iris template, generating the first data key according to the second iris template, and performing the encrypted data by using the first data key. Decrypt.
  • the user After comparing the first iris template and the second iris template, if the first iris iris template and the second iris template are identical, or both of the same features exceed a preset threshold, the user is used in decryption.
  • the first data key may be generated according to the second iris template, and the encrypted data is decrypted by using the first data key to obtain the decrypted data, and the data decryption process is completed.
  • the step of decrypting the encrypted second iris template to obtain a second iris template includes:
  • the second iris template after the initial decryption is secondarily decrypted according to the iris decryption algorithm, and the second decrypted second iris template is used as the decrypted second iris template.
  • the first iris template includes first biometric data
  • the second iris template includes second biometric data
  • the step of determining whether the first iris template is consistent with the second iris template comprises:
  • the above encryption method and decryption method can be applied to an encryption decryption device having an iris collection device.
  • the encryption and decryption device can be connected to the electronic device, and then the iris collection device on the encryption and decryption device is used to collect one or more iris images, and the collected iris image is utilized. Encryption of the data is done according to the above encryption method.
  • the encryption and decryption device needs to be used, and the iris image required for decryption is collected by the iris collection device on the encryption and decryption device, and the decrypted data is decrypted according to the decryption method. Data decryption process.
  • FIG. 4 is a structural block diagram of a data encryption apparatus 200 according to the present disclosure.
  • the apparatus is configured to perform the foregoing data encryption method, and the apparatus specifically includes:
  • the image acquisition module 210 is configured to acquire a user iris image.
  • the first generation module 220 is configured to generate an iris template according to the iris image.
  • the second generation module 230 is configured to generate a data key according to the iris template and encrypt the iris template.
  • the encryption module 240 is configured to encrypt the obtained file to be encrypted according to the data key.
  • the device may further include:
  • the third generation module 250 is configured to generate an iris key according to the encrypted file to be encrypted.
  • the template encryption module 260 is configured to perform secondary encryption on the iris template according to the iris key.
  • the data packet generating module 270 is configured to generate an encrypted data packet according to the second encrypted image and the encrypted file to be encrypted.
  • FIG. 5 is a structural block diagram of a data decryption apparatus 300 according to the present disclosure.
  • the apparatus is configured to perform the foregoing data decryption method, and the apparatus specifically includes:
  • the first obtaining module 310 is configured to acquire a user iris image.
  • the template generation module 320 is configured to generate a new iris template according to the iris image.
  • the second obtaining module 330 is configured to obtain an encrypted data packet corresponding to the file to be decrypted, where the encrypted data packet is generated in the process of encrypting the original file to obtain the to-be-decrypted file, and the encrypted data includes the original File and encrypted original iris template.
  • the third obtaining module 340 is configured to obtain the original file and the encrypted original iris template from the encrypted data packet.
  • the key generation module 350 is configured to generate an iris key according to the original file.
  • the template decryption module 360 is configured to decrypt the encrypted original iris template according to the iris key.
  • the matching module 370 is configured to match the decrypted original iris template with the new iris template to obtain a matching result.
  • the file decryption module 380 is configured to decrypt the file to be decrypted according to the matching result.
  • the device may further include:
  • the comparison sub-module is configured to acquire a data key generated according to the original iris template if the matching result is that the decrypted original iris template matches the matching result of the new iris template.
  • a decryption submodule configured to decrypt the encrypted file to be decrypted according to the data key.
  • the present disclosure provides a data encryption and decryption method and an electronic device, which first acquires an iris image of a user, generates an iris template according to the iris image, and generates a data key according to the iris template, in order to improve the iris template.
  • the iris template needs to be encrypted, and the obtained file to be encrypted is encrypted according to the data key, and the iris template generated by the iris image is generated, so that the iris template can be generated according to each time.
  • the difference is that different data keys are generated for each different file to be encrypted, which improves data key security and data security.
  • each block of the flowchart or block diagram can represent a module, a program segment, or a portion of code that includes one or more of the Executable instructions. It should also be noted that, in some alternative implementations, the functions noted in the blocks may also occur in a different order than those illustrated in the drawings.
  • each block of the block diagrams and/or flowcharts, and combinations of blocks in the block diagrams and/or flowcharts can be implemented in a dedicated hardware-based system that performs the specified function or function. Or it can be implemented by a combination of dedicated hardware and computer instructions.
  • each functional module in various embodiments of the present disclosure may be integrated to form a separate part, or each module may exist separately, or two or more modules may be integrated to form a separate part.
  • the functions, if implemented in the form of software functional modules and sold or used as separate products, may be stored in a computer readable storage medium.
  • a computer readable storage medium including: a U disk, a mobile hard disk, a read-only memory (ROM), a random access memory (RAM), a magnetic disk, or an optical disk, and the like.
  • the present disclosure provides a data encryption and decryption method, device, electronic device, and readable storage medium, which can generate different data keys for different files to be encrypted according to different generation of iris templates each time, thereby improving the data key.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Storage Device Security (AREA)
  • Collating Specific Patterns (AREA)

Abstract

Data encryption and decryption methods and apparatuses, an electronic device and a readable storage medium relate to the field of data processing. The data encryption method comprises: obtaining an iris image of a user; generating an iris template according to the iris image; generating a data key according to the iris template, and encrypting the iris template; and encrypting an obtained file to be encrypted according to the data key. As an iris template can be generated according to an iris image, a different data key can be generated for each different file to be encrypted according to a different iris template generated each time. Therefore, the security of data keys and the security of data are improved.

Description

数据加密、解密方法、装置、电子设备及可读存储介质Data encryption, decryption method, device, electronic device and readable storage medium

相关申请的交叉引用Cross-reference to related applications

本申请要求于2017年03月17日提交中国专利局的申请号为2017101636319,名称为“数据加密、解密方法、装置及电子设备”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。The present application claims priority to Chinese Patent Application No. 2017101636319, entitled "Data Encryption, Decryption Method, Apparatus, and Electronic Device", filed on March 17, 2017, the entire contents of which are incorporated herein by reference. In the application.

技术领域Technical field

本公开涉及数据处理领域,具体而言,涉及一种数据加密、解密方法、装置、电子设备及可读存储介质。The present disclosure relates to the field of data processing, and in particular, to a data encryption and decryption method, apparatus, electronic device, and readable storage medium.

背景技术Background technique

随着科技的发展,目前计算机、手机、射频卡等存储介质的运用越来越广泛,其中存储了大量不同类型并且涉及保密要求高的信息的电子文档,这些信息一旦被非法窃取将产生不可估量的损失,而目前的普遍做法都是使用各种文档保密软件来对数据进行加密。业界主流的加密系统诸如PGP、True Crypt等都是采用了多种加密算法混合使用来提高安全性,而这些加密系统都有一个显著地缺陷,那就是若忘记密钥,或者密钥丢失,则加密过的文件无法正常解密而成为废弃数据无法使用。并且现有技术中采用虹膜图像来对文件进行加密,用此方法生成的加密密钥具有相同性,因此,该方法生成的密钥安全性较差,无法真正保证数据的安全。With the development of technology, the use of storage media such as computers, mobile phones, and radio frequency cards is becoming more and more widespread. Among them, a large number of electronic documents of different types and involving high confidentiality information are stored, and such information will be immeasurable once it is illegally stolen. The loss, and the current common practice is to use a variety of document security software to encrypt the data. The industry's mainstream encryption systems such as PGP and True Crypt use a variety of encryption algorithms to improve security. These encryption systems have a significant drawback, that is, if the key is forgotten, or the key is lost, then Encrypted files cannot be decrypted properly and become obsolete. Moreover, in the prior art, an iris image is used to encrypt a file, and the encryption key generated by the method has the sameness. Therefore, the key generated by the method has poor security and cannot truly guarantee data security.

发明内容Summary of the invention

有鉴于此,本公开的目的包括提供一种数据加密、解密方法、装置及电子设备,以改善上述问题。In view of this, the purpose of the present disclosure includes providing a data encryption, decryption method, apparatus, and electronic device to improve the above problems.

第一方面,本公开提供了一种数据加密方法,所述方法包括:获取用户虹膜图像;根据所述虹膜图像生成虹膜模板;根据所述虹膜模板生成数据密钥,并对所述虹膜模板进行加密;根据所述数据密钥对获取的待加密文件进行加密。In a first aspect, the present disclosure provides a data encryption method, the method comprising: acquiring a user iris image; generating an iris template according to the iris image; generating a data key according to the iris template, and performing the iris template Encryption; encrypting the obtained file to be encrypted according to the data key.

进一步地,根据所述数据密钥对获取的待加密文件进行加密的步骤之后,所述方法还包括:根据加密后的待加密文件生成虹膜密钥;根据所述虹膜密钥对所述虹膜模板进行二次加密;根据二次加密后的所述虹膜模板与加密后的所述待加密文件生成加密数据包。Further, after the step of encrypting the obtained file to be encrypted according to the data key, the method further includes: generating an iris key according to the encrypted file to be encrypted; and pairing the iris template according to the iris key Performing secondary encryption; generating an encrypted data packet according to the second encrypted image and the encrypted file to be encrypted.

进一步地,所述获取用户虹膜图像,包括:通过虹膜摄像头获取所述用户虹膜图像。Further, the acquiring the iris image of the user comprises: acquiring the iris image of the user by using an iris camera.

进一步地,根据所述虹膜图像生成虹膜模板的步骤包括:Further, the step of generating an iris template according to the iris image includes:

采用预设算法对所述虹膜图像进行处理,以得到所述虹膜图像中包括的人体的固有生物体特性数据;The iris image is processed by using a preset algorithm to obtain intrinsic biometric property data of the human body included in the iris image;

将获取到的固有生物体特性数据作为所述虹膜模板中的数据。The acquired intrinsic biometric property data is used as data in the iris template.

进一步地,根据所述虹膜模板生成数据密钥,并对所述虹膜模板进行加密的步骤包 括:Further, the step of generating a data key according to the iris template and encrypting the iris template includes:

利用哈希算法对所述虹膜模板进行运算,得到数据密钥;Performing an operation on the iris template by using a hash algorithm to obtain a data key;

采用预设加密算法对虹膜模板进行加密,得到加密后的虹膜模板。The iris template is encrypted by using a preset encryption algorithm to obtain an encrypted iris template.

第二方面,本公开提供了一种数据解密方法,所述方法包括:获取用户虹膜图像;根据所述虹膜图像生成新虹膜模板;获取待解密文件对应的加密数据包,所述加密数据包为在对原始文件进行加密得到所述待解密文件的过程中生成,且所述加密数据包包括所述原始文件和加密后的原始虹膜模板;从所述加密数据包中获取所述原始文件和所述加密后的原始虹膜模板;根据所述原始文件生成虹膜密钥;根据所述虹膜密钥对所述加密后的原始虹膜模板进行解密;将所述解密后的原始虹膜模板与所述新虹膜模板进行匹配,获得匹配结果;根据所述匹配结果,对所述待解密文件进行解密。In a second aspect, the present disclosure provides a data decryption method, the method includes: acquiring a user iris image; generating a new iris template according to the iris image; and acquiring an encrypted data packet corresponding to the file to be decrypted, where the encrypted data packet is Generating in the process of encrypting the original file to obtain the file to be decrypted, and the encrypted data packet includes the original file and the encrypted original iris template; acquiring the original file and the obtained from the encrypted data packet Decoding the original iris template; generating an iris key according to the original file; decrypting the encrypted original iris template according to the iris key; and the decrypted original iris template and the new iris The template is matched to obtain a matching result; and the file to be decrypted is decrypted according to the matching result.

进一步地,根据所述匹配结果,对所述加密后的待解密文件进行解密,包括:若所述匹配结果为所述解密后的原始虹膜模板与所述新虹膜模板匹配一致时,获取根据所述原始虹膜模板生成的数据密钥;根据所述数据密钥对所述加密后的待解密文件进行解密。Further, the decrypting the encrypted file to be decrypted according to the matching result includes: if the matching result is that the decrypted original iris template matches the new iris template, obtaining the basis Decoding a data key generated by the original iris template; and decrypting the encrypted file to be decrypted according to the data key.

进一步地,根据所述匹配结果,对待解密文件进行解密的步骤包括:Further, according to the matching result, the step of decrypting the file to be decrypted includes:

若所述匹配结果为所述解密后的原始虹膜模板与所述新虹膜模板匹配不一致,结束解密流程。If the matching result is that the decrypted original iris template is inconsistent with the new iris template, the decryption process is ended.

第三方面,本公开提供了一种数据解密方法,包括:In a third aspect, the present disclosure provides a data decryption method, including:

获得用户的第一虹膜图像对应的第一虹膜模板;Obtaining a first iris template corresponding to the first iris image of the user;

获得加密后的第二虹膜模板以及通过第一数据密钥加密后的加密数据,所述第一数据密钥为数据加密过程中根据所述第二虹膜模板生成;Obtaining the encrypted second iris template and the encrypted data encrypted by the first data key, where the first data key is generated according to the second iris template in the data encryption process;

对所述加密后的第二虹膜模板进行解密得到第二虹膜模板;Decrypting the encrypted second iris template to obtain a second iris template;

判断所述第一虹膜模板与所述第二虹膜模板是否一致;Determining whether the first iris template is consistent with the second iris template;

当所述第一虹膜模板与所述第二虹膜模板一致时,根据所述第二虹膜模板生成所述第一数据密钥,利用所述第一数据密钥对所述加密数据进行解密。And when the first iris template is consistent with the second iris template, generating the first data key according to the second iris template, and decrypting the encrypted data by using the first data key.

进一步地,该方法还包括:Further, the method further includes:

当所述第一虹膜膜板与所述第二虹膜模板不一致时,结束数据解密流程。When the first iris film plate is inconsistent with the second iris template, the data decryption process is ended.

进一步地,对所述加密后的第二虹膜模板进行解密得到第二虹膜模板的步骤包括:Further, the step of decrypting the encrypted second iris template to obtain a second iris template includes:

确定所述第二虹膜模板加密时使用的虹膜加密算法;Determining an iris encryption algorithm used when the second iris template is encrypted;

确定与所述虹膜加密算法对应的虹膜解密算法;Determining an iris decryption algorithm corresponding to the iris encryption algorithm;

根据所述虹膜解密算法对加密后的第二虹膜模板进行初次解密,得到初次解密后的第二虹膜模板;Performing an initial decryption of the encrypted second iris template according to the iris decryption algorithm to obtain a second iris template after initial decryption;

根据所述虹膜解密算法对初次解密后的第二虹膜模板进行二次解密,将二次解密 后的第二虹膜模板作为解密后的第二虹膜模板。The second iris template after the initial decryption is secondarily decrypted according to the iris decryption algorithm, and the second decrypted second iris template is used as the decrypted second iris template.

进一步地,所述第一虹膜模板中包括第一生物特征数据,所述第二虹膜模板包括第二生物特征数据,判断所述第一虹膜模板与所述第二虹膜模板是否一致的步骤包括:Further, the first iris template includes first biometric data, the second iris template includes second biometric data, and the step of determining whether the first iris template is consistent with the second iris template comprises:

判断所述第一生物特征数据与所述第二生物特征数据中相同的数据是否超过预设阈值;Determining whether the same data in the first biometric data and the second biometric data exceeds a preset threshold;

当所述第一生物特征数据与所述第二生物特征数据中相同的数据超过预设阈值,表明所述第一虹膜模板与所述第二虹膜模板一致;When the same data in the first biometric data and the second biometric data exceeds a preset threshold, indicating that the first iris template is consistent with the second iris template;

当所述第一生物特征数据与所述第二生物特征数据中相同的数据低于所述预设阈值,表明所述第一虹膜模板与所述第二虹膜模板不一致。And when the same data in the first biometric data and the second biometric data is lower than the preset threshold, indicating that the first iris template is inconsistent with the second iris template.

第四方面,本公开提供了一种数据加密装置,所述装置包括:图像获取模块,配置成获取用户虹膜图像;第一生成模块,配置成根据所述虹膜图像生成虹膜模板;第二生成模块,配置成根据所述虹膜模板生成数据密钥,并对所述虹膜模板进行加密;加密模块,配置成根据所述数据密钥对获取的待加密文件进行加密。In a fourth aspect, the present disclosure provides a data encryption apparatus, the apparatus comprising: an image acquisition module configured to acquire a user iris image; a first generation module configured to generate an iris template according to the iris image; and a second generation module And configuring the data key to be generated according to the iris template, and encrypting the iris template; and the encryption module is configured to encrypt the to-be-encrypted file obtained according to the data key.

进一步地,所述装置还包括:第三生成模块,配置成根据加密后的待加密文件生成虹膜密钥;模板加密模块,配置成根据所述虹膜密钥对所述虹膜模板进行二次加密;数据包生成模块,配置成根据二次加密后的所述虹膜模板与加密后的所述待加密文件生成加密数据包。Further, the device further includes: a third generating module, configured to generate an iris key according to the encrypted file to be encrypted; and a template encryption module configured to perform secondary encryption on the iris template according to the iris key; And a data packet generating module configured to generate an encrypted data packet according to the second encrypted IP template and the encrypted file to be encrypted.

第五方面,本公开提供了一种数据解密装置,所述装置包括:第一获取模块,配置成获取用户虹膜图像;模板生成模块,配置成根据所述虹膜图像生成新虹膜模板;第二获取模块,配置成获取待解密文件对应的加密数据包,所述加密数据包为在对原始文件进行加密得到所述待解密文件的过程中生成,且所述加密数据包括所述原始文件和加密后的原始虹膜模板;第三获取模块,配置成从所述加密数据包中获取所述原始文件和所述加密后的原始虹膜模板;密钥生成模块,配置成根据所述原始文件生成虹膜密钥;模板解密模块,配置成根据所述虹膜密钥对所述加密后的原始虹膜模板进行解密;匹配模块,配置成将所述解密后的原始虹膜模板与所述新虹膜模板进行匹配,获得匹配结果;文件解密模块,配置成根据所述匹配结果,对所述待解密文件进行解密。In a fifth aspect, the present disclosure provides a data decryption apparatus, the apparatus comprising: a first acquisition module configured to acquire a user iris image; a template generation module configured to generate a new iris template according to the iris image; a module configured to obtain an encrypted data packet corresponding to the file to be decrypted, where the encrypted data packet is generated in a process of encrypting the original file to obtain the to-be-decrypted file, and the encrypted data includes the original file and the encrypted file a raw iris template; a third obtaining module configured to acquire the original file and the encrypted original iris template from the encrypted data packet; and a key generation module configured to generate an iris key according to the original file a template decryption module configured to decrypt the encrypted original iris template according to the iris key; and a matching module configured to match the decrypted original iris template with the new iris template to obtain a match a file decryption module configured to decrypt the file to be decrypted according to the matching result

进一步地,所述文件解密模块包括:比对子模块,配置成若所述匹配结果为所述解密后的原始虹膜模板与所述新虹膜模板匹配一致时,获取根据所述原始虹膜模板生成的数据密钥;解密子模块,配置成根据所述数据密钥对所述加密后的待解密文件进行解密。Further, the file decryption module includes: a comparison sub-module configured to acquire, according to the original iris template, if the matching result is that the decrypted original iris template matches the new iris template a data key; a decryption sub-module configured to decrypt the encrypted file to be decrypted according to the data key.

第六方面,本公开提供了一种电子设备,所述电子设备包括加密处理器和存储器,所述存储器耦接到所述加密处理器,所述存储器存储指令,当所述指令由所述加密处理器执行时所述电子设备执行以下操作:获取用户虹膜图像;根据所述虹膜图像生成虹膜模板; 根据所述虹膜模板生成数据密钥,并对所述虹膜模板进行加密;根据所述数据密钥对获取的待加密文件进行加密。In a sixth aspect, the present disclosure provides an electronic device including an encryption processor and a memory coupled to the encryption processor, the memory storing instructions when the instruction is encrypted by the The electronic device performs the following operations: acquiring a user iris image; generating an iris template according to the iris image; generating a data key according to the iris template, and encrypting the iris template; The key encrypts the file to be encrypted obtained.

第七方面,本公开提供了一种电子设备,所述电子设备包括虹膜采集装置,所述虹膜采集装置用于采集用户的虹膜图像,所述电子设备包括处理器及存储有计算机指令的非易失性存储器,所述计算机指令被所述处理器执行时,所述电子设备执行权利要求1-5中任意一项所述的数据加密方法。In a seventh aspect, the present disclosure provides an electronic device including an iris collection device for collecting an iris image of a user, the electronic device including a processor and a non-easy computer instruction stored therein Loss memory, the electronic device performing the data encryption method of any one of claims 1-5 when the computer instructions are executed by the processor.

第八方面,本公开提供了一种电子设备,所述电子设备包括虹膜采集装置,所述虹膜采集装置用于采集用户的虹膜图像,所述电子设备包括处理器及存储有计算机指令的非易失性存储器,所述计算机指令被所述处理器执行时,所述电子设备执行权利要求9-12中任意一项所述的数据解密方法。In an eighth aspect, the present disclosure provides an electronic device including an iris collection device for collecting an iris image of a user, the electronic device including a processor and a non-easy computer instruction stored therein Loss memory, the electronic device performing the data decryption method of any one of claims 9-12 when the computer instructions are executed by the processor.

第九方面,本公开提供了一种可读存储介质,所述可读存储介质包括计算机程序,其特征在于:所述计算机程序运行时控制所述可读存储介质所在用户终端执行权利要求1-5中任意一项所述的数据加密方法。In a ninth aspect, the present disclosure provides a readable storage medium, the readable storage medium comprising a computer program, wherein: when the computer program is running, controlling a user terminal where the readable storage medium is located to execute claim 1 The data encryption method according to any one of 5.

第十方面,本公开提供了一种可读存储介质,所述可读存储介质包括计算机程序,其特征在于:所述计算机程序运行时控制所述可读存储介质所在用户终端执行权利要求9-12中任意一项所述的数据解密方法。In a tenth aspect, the present disclosure provides a readable storage medium, the readable storage medium comprising a computer program, wherein: when the computer program is running, controlling a user terminal where the readable storage medium is located to perform claim 9- The data decryption method according to any one of 12.

本公开的有益效果包括,例如:Advantages of the disclosure include, for example:

本公开提供一种数据加密、解密方法及电子设备,首先获取用户虹膜图像,根据所述虹膜图像生成虹膜模板,再根据所述虹膜模板生成数据密钥,为了提高虹膜模板的安全性,防止被别人窃取,则需对所述虹膜模板进行加密,再根据所述数据密钥对获取的待加密文件进行加密,通过虹膜图像生成的虹膜模板,从而可根据每次生成虹膜模板的不同,从而对不同的每个待加密文件生成不同的数据密钥,提高了数据密钥安全性和数据安全性。The present disclosure provides a data encryption and decryption method and an electronic device. First, an iris image of a user is acquired, an iris template is generated according to the iris image, and a data key is generated according to the iris template, so as to improve the security of the iris template, If the other person steals, the iris template needs to be encrypted, and the obtained file to be encrypted is encrypted according to the data key, and the iris template generated by the iris image is used, so that each iris template can be generated according to each time, thereby Different data keys are generated for each file to be encrypted, which improves data key security and data security.

本公开的其他特征和优点将在随后的说明书阐述,并且,部分地从说明书中变得显而易见,或者通过实施本公开了解。本公开的目的和其他优点可通过在所写的说明书、权利要求书、以及附图中所特别指出的结构来实现和获得。Other features and advantages of the present disclosure will be set forth in the description which follows. The objectives and other advantages of the present disclosure can be realized and obtained by the structure particularly pointed out in the written description and claims.

附图说明DRAWINGS

为了更清楚地说明本公开的技术方案,下面将对实施例中所需要使用的附图作简单地介绍,应当理解,以下附图仅示出了本公开的某些实施例,因此不应被看作是对范围的限定,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他相关的附图。In order to more clearly illustrate the technical solutions of the present disclosure, the drawings to be used in the embodiments will be briefly described below. It should be understood that the following drawings show only certain embodiments of the present disclosure and therefore should not be It is considered to be a limitation on the scope, and other related drawings may be obtained according to the drawings without any creative work for those skilled in the art.

图1示出了一种可应用于本申请实施例中的电子设备的结构框图;FIG. 1 is a structural block diagram of an electronic device applicable to an embodiment of the present application;

图2为本公开提供的一种数据加密方法的流程图;2 is a flowchart of a data encryption method provided by the present disclosure;

图3为本公开提供的一种数据解密方法的流程图;FIG. 3 is a flowchart of a data decryption method provided by the present disclosure;

图4为本公开提供的一种数据加密装置的结构框图;4 is a structural block diagram of a data encryption apparatus provided by the present disclosure;

图5为本公开提供的一种数据解密装置的结构框图。FIG. 5 is a structural block diagram of a data decryption apparatus provided by the present disclosure.

具体实施方式detailed description

下面将结合本公开中附图,对本公开中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本公开一部分实施例,而不是全部的实施例。通常在此处附图中描述和示出的本公开的组件可以以各种不同的配置来布置和设计。因此,以下对在附图中提供的本公开的实施例的详细描述并非旨在限制要求保护的本公开的范围,而是仅仅表示本公开的选定实施例。基于本公开的实施例,本领域技术人员在没有做出创造性劳动的前提下所获得的所有其他实施例,都属于本公开保护的范围。The technical solutions in the present disclosure are clearly and completely described in the following with reference to the accompanying drawings in the present disclosure. It is obvious that the described embodiments are only a part of the embodiments of the present disclosure, and not all of the embodiments. The components of the present disclosure, which are generally described and illustrated in the figures herein, can be arranged and designed in a variety of different configurations. The detailed description of the embodiments of the present disclosure, which is set forth in the claims All other embodiments obtained by a person skilled in the art based on the embodiments of the present disclosure without creative efforts are within the scope of the present disclosure.

应注意到:相似的标号和字母在下面的附图中表示类似项,因此,一旦某一项在一个附图中被定义,则在随后的附图中不需要对其进行进一步定义和解释。同时,在本公开的描述中,术语“第一”、“第二”等仅用于区分描述,而不能理解为指示或暗示相对重要性。It should be noted that similar reference numerals and letters indicate similar items in the following figures, and therefore, once an item is defined in a drawing, it is not necessary to further define and explain it in the subsequent drawings. Meanwhile, in the description of the present disclosure, the terms "first", "second", and the like are used merely to distinguish a description, and are not to be construed as indicating or implying a relative importance.

请参照图1,图1示出了一种可应用于本申请实施例中的电子设备100的结构框图。电子设备100可以包括数据加密装置或数据解密装置、存储器101、存储控制器102、加密处理器103、外设接口104、输入输出单元105、音频单元106、显示单元107。Please refer to FIG. 1. FIG. 1 is a structural block diagram of an electronic device 100 that can be applied to an embodiment of the present application. The electronic device 100 may include a data encryption device or a data decryption device, a memory 101, a memory controller 102, an encryption processor 103, a peripheral interface 104, an input and output unit 105, an audio unit 106, and a display unit 107.

所述存储器101、存储控制器102、加密处理器103、外设接口104、输入输出单元105、音频单元106、显示单元107各元件相互之间直接或间接地电性连接,以实现数据的传输或交互。例如,这些元件相互之间可通过一条或多条通讯总线或信号线实现电性连接。所述数据加密装置或数据解密装置包括至少一个可以软件或固件(firmware)的形式存储于所述存储器101中或固化在所述数据加密装置或数据解密装置的操作系统(operating system,OS)中的软件功能模块。所述加密处理器103配置成执行存储器101中存储的可执行模块,例如所述数据加密装置或数据解密装置包括的软件功能模块或计算机程序。The components of the memory 101, the storage controller 102, the encryption processor 103, the peripheral interface 104, the input/output unit 105, the audio unit 106, and the display unit 107 are electrically connected directly or indirectly to each other to implement data transmission. Or interaction. For example, the components can be electrically connected to one another via one or more communication buses or signal lines. The data encryption device or the data decryption device includes at least one software or firmware stored in the memory 101 or solidified in an operating system (OS) of the data encryption device or the data decryption device. Software function module. The cryptographic processor 103 is configured to execute executable modules stored in the memory 101, such as software functional modules or computer programs included in the data encryption device or data decryption device.

其中,存储器101可以是,但不限于,随机存取存储器(Random Access Memory,RAM),只读存储器(Read Only Memory,ROM),可编程只读存储器(Programmable Read-Only Memory,PROM),可擦除只读存储器(Erasable Programmable Read-Only Memory,EPROM),电可擦除只读存储器(Electric Erasable Programmable Read-Only Memory,EEPROM)等。其中,存储器101配置成存储程序,所述加密处理器103在接收到执行指令后,执行所述程序,前述本公开任一实施例揭示的流过程定义的服务器所执行的方法可以应用于加密处理器103中,或者由加密处理器103实现。The memory 101 may be, but not limited to, a random access memory (RAM), a read only memory (ROM), and a programmable read-only memory (PROM). Erasable Programmable Read-Only Memory (EPROM), Electric Erasable Programmable Read-Only Memory (EEPROM), and the like. The memory 101 is configured to store a program, and the encryption processor 103 executes the program after receiving the execution instruction, and the method executed by the server defined by the flow process disclosed in any of the foregoing embodiments may be applied to the encryption process. In the device 103, or implemented by the encryption processor 103.

加密处理器103可能是一种集成电路芯片,具有信号的处理能力。上述的加密处理器103可以是通用处理器,包括中央处理器(Central Processing Unit,简称CPU)、网络处理 器(Network Processor,简称NP)等;还可以是数字信号处理器(DSP)、专用集成电路(ASIC)、现成可编程门阵列(FPGA)或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件。可以实现或者执行本公开中的公开的各方法、步骤及逻辑框图。通用处理器可以是微处理器或者该加密处理器103也可以是任何常规的处理器等。The cryptographic processor 103 may be an integrated circuit chip with signal processing capabilities. The cryptographic processor 103 may be a general-purpose processor, including a central processing unit (CPU), a network processor (NP Processor, etc.), or a digital signal processor (DSP), dedicated integration. Circuit (ASIC), off-the-shelf programmable gate array (FPGA) or other programmable logic device, discrete gate or transistor logic device, discrete hardware component. The methods, steps, and logical block diagrams disclosed in this disclosure may be implemented or carried out. The general purpose processor may be a microprocessor or the cryptographic processor 103 may be any conventional processor or the like.

所述外设接口104将各种输入/输出装置耦合至加密处理器103以及存储器101。在一些实施例中,外设接口104,加密处理器103以及存储控制器102可以在单个芯片中实现。在其他一些实例中,他们可以分别由独立的芯片实现。The peripheral interface 104 couples various input/output devices to the encryption processor 103 and the memory 101. In some embodiments, peripheral interface 104, cryptographic processor 103, and memory controller 102 can be implemented in a single chip. In other instances, they can be implemented by separate chips.

输入输出单元105配置成提供给用户输入数据实现用户与所述服务器(或本地终端)的交互。所述输入输出单元105可以是,但不限于,鼠标和键盘等。The input output unit 105 is configured to provide input to the user to enable user interaction with the server (or local terminal). The input and output unit 105 can be, but is not limited to, a mouse, a keyboard, and the like.

音频单元106向用户提供音频接口,其可包括一个或多个麦克风、一个或者多个扬声器以及音频电路。The audio unit 106 provides an audio interface to the user, which may include one or more microphones, one or more speakers, and audio circuitry.

显示单元107在所述电子设备100与用户之间提供一个交互界面(例如用户操作界面)或用于显示图像数据给用户参考。在本实施例中,所述显示单元107可以是液晶显示器或触控显示器。若为触控显示器,其可为支持单点和多点触控操作的电容式触控屏或电阻式触控屏等。支持单点和多点触控操作是指触控显示器能感应到来自该触控显示器上一个或多个位置处同时产生的触控操作,并将该感应到的触控操作交由加密处理器103进行计算和处理。The display unit 107 provides an interactive interface (such as a user operation interface) between the electronic device 100 and the user or for displaying image data to the user for reference. In this embodiment, the display unit 107 can be a liquid crystal display or a touch display. For a touch display, it can be a capacitive touch screen or a resistive touch screen that supports single-point and multi-touch operations. Supporting single-point and multi-touch operations means that the touch display can sense the touch operation simultaneously generated from one or more positions on the touch display, and the touch operation is transferred to the encryption processor. 103 performs calculations and processing.

所述外设接口104将各种输入/输入装置耦合至加密处理器103以及存储器101。在一些实施例中,外设接口104,加密处理器103以及存储控制器102可以在单个芯片中实现。在其他一些实例中,他们可以分别由独立的芯片实现。The peripheral interface 104 couples various input/input devices to the encryption processor 103 and the memory 101. In some embodiments, peripheral interface 104, cryptographic processor 103, and memory controller 102 can be implemented in a single chip. In other instances, they can be implemented by separate chips.

输入输出单元105配置成提供给用户输入数据实现用户与处理终端的交互。所述输入输出单元105可以是,但不限于,鼠标和键盘等。The input output unit 105 is configured to provide input to the user to enable user interaction with the processing terminal. The input and output unit 105 can be, but is not limited to, a mouse, a keyboard, and the like.

需要说明的是,该电子设备100可以应用于终端设备与存储设备之间数据传输时,实现对数据的加密或解密操作,例如,在终端设备与存储设备之间进行数据传输时,该电子设备100分别与所述终端设备和存储设备进行连接,其与所述终端设备和存储设备的连接接口可以为USB、SATA类型的接口,从而实现一个数据转接时加密和解密的功能。It should be noted that the electronic device 100 can be applied to encrypt or decrypt data during data transmission between the terminal device and the storage device, for example, when data is transmitted between the terminal device and the storage device. 100 is connected to the terminal device and the storage device respectively, and the connection interface between the terminal device and the storage device may be a USB or SATA type interface, thereby implementing a function of encrypting and decrypting data transfer.

例如,在终端设备向存储设备发送数据时,电子设备100可以在数据传输至存储设备时对数据进行加密,在数据从存储设备中读取时对数据进行解密,从而保证数据的安全。For example, when the terminal device transmits data to the storage device, the electronic device 100 may encrypt the data when the data is transmitted to the storage device, and decrypt the data when the data is read from the storage device, thereby ensuring the security of the data.

另外,该终端设备可以为个人电脑(personal computer,PC)、平板电脑、智能手机、个人数字助理(personal digital assistant,PDA)、可穿戴设备等终端。存储设备可以为SD存储卡,或者存储器,或者其他可以存储数据的设备。In addition, the terminal device may be a terminal such as a personal computer (PC), a tablet computer, a smart phone, a personal digital assistant (PDA), a wearable device, or the like. The storage device can be an SD memory card, or a memory, or other device that can store data.

请参照图2,图2为本公开提供的一种数据加密方法的流程图,所述方法具体包括如 下步骤:Please refer to FIG. 2. FIG. 2 is a flowchart of a data encryption method according to the present disclosure. The method specifically includes the following steps:

步骤S110:获取用户虹膜图像。Step S110: Acquire a user iris image.

作为一种实施方式,可以通过虹膜摄像头获取用户虹膜图像,该虹膜摄像头可以采用光学防抖动虹膜摄像头,通过虹膜摄像头能够精确采集用户的双眼或单眼虹膜图像。另外,也可采用CCD摄像头或者其他图像采集装置进行用户虹膜图像的采集。As an embodiment, the iris image of the user can be acquired by the iris camera, and the iris camera can adopt an optical anti-shake iris camera, and the iris camera can accurately capture the user's binocular or monocular iris images. In addition, a CCD camera or other image acquisition device can also be used to collect the user's iris image.

步骤S120:根据所述虹膜图像生成虹膜模板。Step S120: Generate an iris template according to the iris image.

作为一种实施方式,该生成虹膜模板的方法可以是将虹膜图像通过一维log-Gabor滤波算法或二维log-Gabor滤波算法等其他算法生成虹膜模板。例如,还可以采用Daubechies-4小波变换对虹膜图像进行处理得到虹膜模板,本申请实施例对生成虹膜模板采用的算法并不做出限制。As an implementation manner, the method for generating an iris template may be to generate an iris template by using an iris image through a one-dimensional log-Gabor filtering algorithm or a two-dimensional log-Gabor filtering algorithm. For example, the iris image can be processed by using the Daubechies-4 wavelet transform to obtain an iris template. The embodiment of the present application does not limit the algorithm used to generate the iris template.

在本申请实施例中,虹膜模板是为了判断不同的虹膜图像是否为同一虹膜而进行虹膜图像的类似度比较时所使用的存储于存储器的虹膜图像格式,虹膜模板中包括个人固有的生物体特性,虹膜模板是数据的大小相对于与摄像机所测量到的原始虹膜图像更小的虹膜图像格式。In the embodiment of the present application, the iris template is an iris image format stored in the memory used to compare the similarity of the iris images in order to determine whether the different iris images are the same iris, and the iris template includes the inherent biological characteristics of the individual. The iris template is an iris image format that is smaller in size than the original iris image measured by the camera.

举例说,若原本的虹膜图像所占的存储器为约100KByte,则与它相对应的虹膜模板为约10KByte左右,即为原本虹膜图像数据的约1/10左右。这表示,虹膜模板与原本的虹膜图像数据相比减小了很多。为了提高认证时的处理速度、存储器的存储利用率,虹膜模板可以是通过傅里叶变换或小波变换等对虹膜图像进行加工而包括个人的固有生物体特性的模板。For example, if the original iris image occupies about 100 KByte, the iris template corresponding thereto is about 10 KByte, which is about 1/10 of the original iris image data. This means that the iris template is much reduced compared to the original iris image data. In order to improve the processing speed at the time of authentication and the storage utilization ratio of the memory, the iris template may be a template that processes the iris image by Fourier transform or wavelet transform to include an individual's inherent biological characteristics.

步骤S130:根据所述虹膜模板生成数据密钥,并对所述虹膜模板进行加密。Step S130: Generate a data key according to the iris template, and encrypt the iris template.

在获取到所述虹膜模板后,可采用哈希算法对虹膜模板进行加密生成与虹膜模板相对应的数据密钥,在根据虹膜图像生成虹膜模板的过程中,在采集用户虹膜图像的过程中由于光线、颜色等外部环境因素下可能会导致生成的模板有差异,最终也就导致生成的数据密钥是变化的,从而提高了数据密钥安全性和数据安全性。After obtaining the iris template, the iris template may be used to encrypt the iris template to generate a data key corresponding to the iris template. In the process of generating the iris template according to the iris image, in the process of collecting the user iris image External environment factors such as light and color may cause differences in the generated templates, and eventually the generated data keys are changed, thereby improving data key security and data security.

例如,在周围环境明亮、光线良好的条件下采集到的虹膜图像,与环境阴暗、光线较差的条件下采集到的虹膜图像是不同的,根据不同的虹膜图像就可以生成对应的不同的虹膜模板,不同的虹膜模板经过加密算法运算后,得到的数据密钥也就是不同的。For example, an iris image collected under conditions of bright ambient light and good light is different from an iris image collected under conditions of dark environment and poor light. Different irises can be generated according to different iris images. Templates, different iris templates are processed by encryption algorithms, and the resulting data keys are different.

并且为了保证所述虹膜模板的安全性,还可以对该虹膜模板进行加密,这里进行加密的算法可采用虹膜模组(可选的,芯片型号为AES256/128的虹膜模组)进行加密,或者采用国密算法(SM1,SM2,SM3,SM4,SM7)进行加密。And in order to ensure the security of the iris template, the iris template can also be encrypted, and the encryption algorithm can be encrypted by using an iris module (optional, an iris module of the chip type AES256/128), or Encryption is performed using the national secret algorithm (SM1, SM2, SM3, SM4, SM7).

步骤S140:根据所述数据密钥对获取的待加密文件进行加密。Step S140: Encrypt the obtained file to be encrypted according to the data key.

在生成所述数据密钥后可以利用该数据密钥对所述待加密文件进行加密,其加密方法 也可采用国密算法(SM1,SM2,SM3,SM4,SM7)等。通过采用数据密钥对待加密文件进行加密,得到加密后的待加密文件。After the data key is generated, the data to be encrypted may be encrypted by using the data key, and the encryption method may also adopt a national secret algorithm (SM1, SM2, SM3, SM4, SM7) or the like. The encrypted file is encrypted by using the data key to obtain the encrypted file to be encrypted.

作为一种实施方式,所述方法还可包括:As an implementation manner, the method may further include:

步骤S150:根据加密后的待加密文件生成虹膜密钥。Step S150: Generate an iris key according to the encrypted file to be encrypted.

为了进一步提高虹膜模板的安全性,在上述步骤中得到的加密后的待加密文件,可以根据该加密后的待加密文件生成虹膜密钥,该生成方法可采用模糊算法或模糊提取器进行虹膜密钥的生成。In order to further improve the security of the iris template, the encrypted file to be encrypted obtained in the above step may generate an iris key according to the encrypted file to be encrypted, and the generating method may adopt a fuzzy algorithm or a fuzzy extractor to perform iris density. Key generation.

步骤S160:根据所述虹膜密钥对所述虹膜模板进行二次加密。Step S160: Perform secondary encryption on the iris template according to the iris key.

若在步骤S130中对虹膜模板进行一次加密是采用虹膜模组(可选的,可以采用芯片型号为AES256/128的虹膜模组)进行加密,则本步骤中对虹膜模板进行二次加密采用国密算法(可选的,可以采用SM1,SM2,SM3,SM4,SM7等国密算法)等进行加密,若在步骤S130中对虹膜模板进行一次加密是采用国密算法(可选的,可以采用SM1,SM2,SM3,SM4,SM7等国密算法)等进行加密,则本步骤中对虹膜模板进行二次加密采用虹膜模组(可选的,可以采用芯片型号为AES256/128的虹膜模组)进行加密,从而提高虹膜模板的安全性,以防止被别人窃取。If the iris template is encrypted once in step S130, the iris module (optionally, the iris module of the chip type AES256/128 can be used for encryption), and the iris template is used for secondary encryption in this step. The secret algorithm (optional, SM1, SM2, SM3, SM4, SM7, etc.) can be used for encryption. If the iris template is encrypted once in step S130, the national secret algorithm is used (optional, it can be used). If the SM1, SM2, SM3, SM4, SM7 and other national secret algorithms are used for encryption, the iris template is used for secondary encryption in this step. (Optionally, the iris module with the chip type AES256/128 can be used. Encryption to improve the security of the iris template to prevent it from being stolen by others.

步骤S170:根据二次加密后的所述虹膜模板与加密后的所述待加密文件生成加密数据包。Step S170: Generate an encrypted data packet according to the second encrypted image and the encrypted file to be encrypted.

在对加密后的待加密文件进行解密的过程中,需要确定与加密后的待加密文件相对应的虹膜模板,可以将二次加密后的虹膜模板与加密后的所述待加密文件生成加密数据包,在对加密后的待加密文件进行解密时,从加密数据包中提取出加密后的待加密文件以及二次加密后的虹膜模板。In the process of decrypting the encrypted file to be encrypted, the iris template corresponding to the encrypted file to be encrypted needs to be determined, and the encrypted template can be generated by the secondary encrypted iris template and the encrypted file to be encrypted. The packet, when decrypting the encrypted file to be encrypted, extracts the encrypted file to be encrypted and the second encrypted iris template from the encrypted data packet.

在本申请实施例中,在获取到用户虹膜图像后,根据所述虹膜图像生成虹膜模板,再根据所述虹膜模板生成数据密钥,同时对生成的虹膜模板进行加密,然后再根据所述数据密钥对获取的待加密文件进行加密,为了提高虹膜模板的安全性,还可根据加密后的待加密文件生成的虹膜密钥对所述虹膜模板进行二次加密,为了方便解密过程中对虹膜模板的提取,可以将所述虹膜模板和所述加密后的所述待加密文件生成加密数据包,该数据加密方法通过虹膜图像生成的虹膜模板,从而可根据虹膜模板对不同的每个待加密文件生成不同的密钥,提高了密钥安全性和数据安全性。In the embodiment of the present application, after the iris image of the user is acquired, an iris template is generated according to the iris image, and a data key is generated according to the iris template, and the generated iris template is simultaneously encrypted, and then according to the data. The key is used to encrypt the file to be encrypted. In order to improve the security of the iris template, the iris template may be secondarily encrypted according to the iris key generated by the encrypted file to be encrypted, in order to facilitate the decryption process. Extracting a template, the iris template and the encrypted file to be encrypted may be generated into an encrypted data packet, and the data encryption method generates an iris template through an iris image, so that each of the different templates to be encrypted according to the iris template Files generate different keys, improving key security and data security.

请参照图3,图3为本公开提供的一种数据解密方法的流程图,所述数据解密方法具体包括如下步骤:Please refer to FIG. 3. FIG. 3 is a flowchart of a data decryption method according to the present disclosure. The data decryption method specifically includes the following steps:

步骤S210:获取用户虹膜图像。Step S210: Acquire a user iris image.

在对原始文件进行加密后获取待解密文件,若要对该待解密文件进行解密,则需要先获取用户的虹膜图像,该步骤中获取虹膜图像也可以通过虹膜摄像头进行获取,具体实现方法可参照步骤S110,在此为了描述的简洁,不再过多赘述。Obtaining the file to be decrypted after encrypting the original file, if the file to be decrypted is to be decrypted, the iris image of the user needs to be acquired first, and the iris image obtained in this step can also be obtained by the iris camera, and the specific implementation method can be referred to. Step S110, for the sake of brevity of the description, will not be described again.

用户在需要对一个使用上述加密方法加密过的文件进行解密时,只有使用加密过程中使用过的虹膜图像才能实现对该文件的解密。由于虹膜图像的生物特性和唯一性,也就是说,必须是加密时的用户本人使用加密时使用的眼睛的虹膜图像才能实现对加密过的文件进行解密。When a user needs to decrypt a file encrypted using the above encryption method, the file can be decrypted only by using the iris image used in the encryption process. Due to the biological characteristics and uniqueness of the iris image, that is, it is necessary to decrypt the encrypted file by using the iris image of the eye used by the user when encrypting.

步骤S220:根据所述虹膜图像生成新虹膜模板。Step S220: Generate a new iris template according to the iris image.

此步骤中虹膜图像生成新虹膜模板与步骤S120中生成虹膜模板的方法一样,即都可通过一维log-Gabor滤波算法或二维log-Gabor滤波算法等算法生成新虹膜模板。In this step, the iris image generation new iris template is the same as the method for generating the iris template in step S120, that is, the new iris template can be generated by a one-dimensional log-Gabor filtering algorithm or a two-dimensional log-Gabor filtering algorithm.

步骤S230:获取待解密文件对应的加密数据包,所述加密数据包为在对原始文件进行加密得到所述待解密文件的过程中生成,且所述加密数据包括所述原始文件和加密后的原始虹膜模板。Step S230: Acquire an encrypted data packet corresponding to the file to be decrypted, where the encrypted data packet is generated in the process of encrypting the original file to obtain the file to be decrypted, and the encrypted data includes the original file and the encrypted file. Original iris template.

这里所说的加密数据包实际上可以是步骤S170中生成的加密数据包,即该加密数据包为二次加密后的原始虹膜模板和加密后的原始文件生成的加密数据包。该原始文件可以是上述加密过程中的待加密文件,加密后的原始文件可以是加密后的待加密文件。The encrypted data packet referred to herein may actually be the encrypted data packet generated in step S170, that is, the encrypted data packet is an encrypted data packet generated by the secondary encrypted original iris template and the encrypted original file. The original file may be the file to be encrypted in the above encryption process, and the encrypted original file may be the encrypted file to be encrypted.

步骤S240:从所述加密数据包中获取所述原始文件和所述加密后的原始虹膜模板。Step S240: Acquire the original file and the encrypted original iris template from the encrypted data packet.

在获得上述加密数据包后,即可从中提取出原始文件和加密后的原始虹膜模板,若该原始文件为加密后的原始文件,则需要对该加密后的原始文件进行解密后才能获得未加密的原始文件,对加密后的原始文件进行解密的方法也可采用国密算法(可选的,可以采用SM1,SM2,SM3,SM4,SM7等国密算法)等进行解密。After obtaining the encrypted data packet, the original file and the encrypted original iris template can be extracted therefrom. If the original file is an encrypted original file, the encrypted original file needs to be decrypted before being obtained. The original file, the method of decrypting the encrypted original file can also be decrypted by using the national secret algorithm (optional, SM1, SM2, SM3, SM4, SM7 and other national secret algorithms).

在一种具体实施方式中,加密后的原始文件可以是利用前述加密方法中的数据密钥进行加密的,而该数据密钥是由虹膜模板生成的,该虹膜模板是由用户的虹膜图像生成。在需要对加密后的原始文件进行解密时。可以获取解密者提供的虹膜图像,根据解密者提供的虹膜图像生成新虹膜模板,再由该新虹膜模板生成新的数据密钥,使用该新的数据密钥对加密后的原始文件进行解密,得到没有加密过的原始文件。In a specific embodiment, the encrypted original file may be encrypted by using a data key in the foregoing encryption method, and the data key is generated by an iris template generated by the user's iris image. . When you need to decrypt the encrypted original file. The iris image provided by the decrypter can be obtained, a new iris template is generated according to the iris image provided by the decrypter, and a new data key is generated by the new iris template, and the encrypted original file is decrypted by using the new data key. Get the original file without encryption.

步骤S250:根据所述原始文件生成虹膜密钥。Step S250: Generate an iris key according to the original file.

通过获取的原始文件,则可生成虹膜密钥,此处的生成虹膜密钥的方法也可采用模糊算法或模糊提取器进行生成。The iris key can be generated by the obtained original file, and the method for generating the iris key here can also be generated by using a fuzzy algorithm or a fuzzy extractor.

步骤S260:根据所述虹膜密钥对所述加密后的原始虹膜模板进行解密。Step S260: Decrypt the encrypted original iris template according to the iris key.

在获取到虹膜密钥后,根据虹膜密钥对所述二次加密后的原始虹膜模板进行解密,若原始虹膜模板一次加密时采用的是国密算法(可选的,可以选用SM1,SM2,SM3,SM4, SM7等国密算法)进行加密的,二次加密时采用的是虹膜模组(可选的,可以选用芯片型号为AES256/128的虹膜模组)进行加密的,相应地,解密时,一次解密应采用虹膜模组(可选的,可以选用芯片型号为AES256/128的虹膜模组)进行解密,二次解密应采用国密算法(可选的,可以选用SM1,SM2,SM3,SM4,SM7等国密算法)进行解密。若原始虹膜模板一次加密时采用的是虹膜模组(芯片型号为AES256/128)进行加密的,二次加密时采用的是国密算法(可选的,可以选用SM1,SM2,SM3,SM4,SM7等国密算法)进行加密的,相应地,解密时,一次解密应采用国密算法(可选的,可以选用SM1,SM2,SM3,SM4,SM7等国密算法)进行解密,二次解密应采用虹膜模组(可选的,可以选用芯片型号为AES256/128的虹膜模组)进行解密。也就是,对虹膜模板在加密过程中采用的算法进行加密,则在解密过程也相应的采用相同的算法进行解密。After obtaining the iris key, the second encrypted original iris template is decrypted according to the iris key. If the original iris template is encrypted once, the national secret algorithm is used (optional, SM1, SM2 may be selected). SM3, SM4, SM7 and other national secret algorithms are used for encryption. The secondary encryption uses the iris module (optional, the iris module with the chip type AES256/128 can be selected) for encryption, and correspondingly, decryption When decrypting, the iris module (optional, iris module with chip type AES256/128) can be used for decryption. The second decryption should use the national secret algorithm (optional, SM1, SM2, SM3 can be selected). , SM4, SM7 and other national secret algorithms) for decryption. If the original iris template is encrypted once, the iris module (chip type AES256/128) is used for encryption, and the secondary encryption is performed by the national secret algorithm (optional, SM1, SM2, SM3, SM4, etc.) SM7 and other national secret algorithms) are encrypted. Correspondingly, when decrypting, one decryption should use the national secret algorithm (optional, you can use SM1, SM2, SM3, SM4, SM7 and other national secret algorithms) for decryption and secondary decryption. The iris module (optional, iris module with AES256/128 chip type) can be used for decryption. That is, the algorithm used in the encryption process of the iris template is encrypted, and the same algorithm is used for decryption in the decryption process.

步骤S270:将所述解密后的原始虹膜模板与所述新虹膜模板进行匹配,获得匹配结果。Step S270: Match the decrypted original iris template with the new iris template to obtain a matching result.

在上述步骤中获取到原始虹膜模板与生成的新虹膜模板,可以通过概率学和阈值等方法对原始虹膜模板与新虹膜模板进行匹配,从而获得匹配结果。In the above steps, the original iris template and the generated new iris template are obtained, and the original iris template and the new iris template can be matched by probability and threshold methods to obtain a matching result.

详细的,可以通过将原始虹膜模板与新虹膜模板进行比对,计算得到两者之间的相似度,如果该相似度数值超过了预设阈值,表明该在后获取的新虹膜模板就是加密时使用的原始虹膜模板。表明进行解密的用户就是加密时的用户,且该用户使用了同样的眼睛作为解密和加密时采集的虹膜图像的来源。此时原始虹膜模板和信虹膜模板的匹配结果就是两者的相似度满足解密要求。In detail, the original iris template can be compared with the new iris template, and the similarity between the two is calculated. If the similarity value exceeds the preset threshold, it indicates that the new iris template acquired later is encrypted. The original iris template used. The user indicating that the decryption is the user at the time of encryption, and the user uses the same eye as the source of the iris image acquired during decryption and encryption. At this time, the matching result of the original iris template and the letter iris template is that the similarity between the two satisfies the decryption requirement.

步骤S280:根据所述匹配结果,对所述待解密文件进行解密。Step S280: Decrypt the file to be decrypted according to the matching result.

根据上述步骤得到的匹配结果,若所述匹配结果为所述解密后的原始虹膜模板与所述新虹膜模板匹配一致时,获取根据所述原始虹膜模板生成的数据密钥,从而根据数据密钥对所述待解密文件进行解密,若匹配结果为所述解密后的原始虹膜模板与所述新虹膜模板匹配不一致时,则不能获取所述原始虹膜模板生成的数据密钥,也就不能对所述待解密文件进行解密了,防止数据被窃取,从而保证了数据的安全性。According to the matching result obtained in the above step, if the matching result is that the decrypted original iris template matches the new iris template, the data key generated according to the original iris template is acquired, thereby according to the data key. Decrypting the to-be-decrypted file, if the matching result is that the decrypted original iris template is inconsistent with the new iris template, the data key generated by the original iris template cannot be obtained, and the data key cannot be obtained. The decrypted file is decrypted to prevent data from being stolen, thereby ensuring the security of the data.

在获取到用户虹膜图像后,根据所述虹膜图像生成新虹膜模板,再获取待解密文件对应的加密数据包,所述加密数据包为在对原始文件进行加密得到所述待解密文件的过程中生成,且所述加密数据包括所述原始文件和加密后的原始虹膜模板,再从所述加密数据包中获取所述原始文件和所述加密后的原始虹膜模板,根据原始文件生成虹膜密钥,再根据所述虹膜密钥对加密后的原始虹膜模板进行解密,将所述解密后的原始虹膜模板与所述新虹膜模板进行匹配,若所述匹配结果为所述解密后的原始虹膜模板与所述新虹膜模板匹配一致时,获取根据所述原始虹膜模板生成的数据密钥,该数据解密方法是通过获取原始文件生成的原始虹膜模板,再将该原始虹膜模板与新生成的新虹膜模板进行匹配,从而比对 该数据解密过程中生成的虹膜模板与数据加密方法中生成的虹膜模板是否匹配,若匹配,即可对待解密文件进行解密,若不匹配,则无法解密,从而提高了密钥安全性和数据安全性。After acquiring the iris image of the user, generating a new iris template according to the iris image, and acquiring an encrypted data packet corresponding to the file to be decrypted, where the encrypted data packet is in the process of encrypting the original file to obtain the to-be-decrypted file. Generating, and the encrypted data includes the original file and the encrypted original iris template, and then acquiring the original file and the encrypted original iris template from the encrypted data packet, and generating an iris key according to the original file. And decrypting the encrypted original iris template according to the iris key, and matching the decrypted original iris template with the new iris template, if the matching result is the decrypted original iris template Acquiring with the new iris template matching, acquiring a data key generated according to the original iris template, the data decrypting method is to obtain the original iris template generated by the original file, and then the original iris template and the newly generated new iris The template is matched, so that the iris template and the data encryption method generated during the decryption process of the data are Whether the generated iris templates match, if they match, the decrypted files can be decrypted. If they do not match, the decrypted files cannot be decrypted, thereby improving key security and data security.

本申请实施例公开了一种数据解密方法,包括以下步骤。The embodiment of the present application discloses a data decryption method, which includes the following steps.

步骤S301,获得用户的第一虹膜图像对应的第一虹膜模板。Step S301, obtaining a first iris template corresponding to the first iris image of the user.

第一虹膜图像可以是通过虹膜采集设备获得的,针对采集到的第一虹膜图像可以采用相应的算法生成对应的第一虹膜模板。第一虹膜模板可以包括用户的个人固有的虹膜生物体特征。The first iris image may be obtained by an iris collection device, and a corresponding algorithm may be used to generate a corresponding first iris template for the collected first iris image. The first iris template can include the iris organism features inherent to the user's individual.

在本申请实施例中的数据加密方法中,用户可以在数据加密过程中采用自身的虹膜作为加密密钥。在对使用虹膜作为加密密钥的文件数据进行解密过程中,也必须使用加密时的虹膜,否则就无法完成正确的解密。In the data encryption method in the embodiment of the present application, the user may use his own iris as an encryption key in the data encryption process. In the process of decrypting file data using the iris as an encryption key, the iris at the time of encryption must also be used, otherwise the correct decryption cannot be completed.

步骤S301,获得加密后的第二虹膜模板以及通过第一数据密钥加密后的加密数据,所述第一数据密钥为数据加密过程中根据所述第二虹膜模板生成。Step S301: Obtain an encrypted second iris template and encrypted data encrypted by the first data key, where the first data key is generated according to the second iris template in a data encryption process.

本申请实施例中,使用第二虹膜模板生成第一数据密钥,再使用该第一数据密钥对数据进行加密。在使用第一数据密钥完成对数据的加密后,加密后的加密数据以及加密所使用的第二虹膜模板可以打包存储,在需要对加密数据进行解密时,可以先获得打包后的加密数据和第二虹膜模板。打包后的第二虹膜模板也可以是经过加密的,在获得打包后的加密数据和加密后的第二虹膜模板后,可以将加密的第二虹膜模板和加密数据分离,分别进行处理。In the embodiment of the present application, the first data key is generated by using the second iris template, and the data is encrypted by using the first data key. After the data is encrypted by using the first data key, the encrypted encrypted data and the second iris template used for encryption may be packaged and stored. When the encrypted data needs to be decrypted, the packaged encrypted data may be obtained first. Second iris template. The packaged second iris template may also be encrypted. After the packaged encrypted data and the encrypted second iris template are obtained, the encrypted second iris template and the encrypted data may be separated and processed separately.

在本申请实施例中,第一虹膜图像的数量可以是一个也可以是多个。第二虹膜图像的数量可以是一个也可以是多个。即用户在加密过程中,可以使用一只眼睛的虹膜进行加密,也可以是两只眼睛的虹膜进行加密,甚至可以实现多人的三只眼睛的虹膜多更多数量的虹膜进行加密。由于虹膜的唯一性,数量更多的虹膜可以实现安全性更高的加密。相应的,在解密过程中,使用一只眼睛或两只眼睛或更多只眼睛的虹膜进行解密,提高解密过程的安全性。In the embodiment of the present application, the number of the first iris images may be one or more. The number of second iris images may be one or more. That is to say, during the encryption process, the user can use the iris of one eye to encrypt, or the iris of two eyes to encrypt, and even more irises of the irises of three eyes of multiple people can be encrypted. Due to the uniqueness of the iris, a larger number of irises can achieve more secure encryption. Correspondingly, during the decryption process, the iris of one eye or two eyes or more eyes is used for decryption to improve the security of the decryption process.

步骤S301,对所述加密后的第二虹膜模板进行解密得到第二虹膜模板。Step S301, decrypting the encrypted second iris template to obtain a second iris template.

为了提高加密过程和解密过程的安全性,加密过程中使用的第二虹膜模板也经过加密,对第二虹膜模板加密使用的加密算法可以是预先确定的,且从多个加密算法中随机选择,在对加密后的第二虹膜模板进行解密时,必须使用正确的加密算法才能实现解密,或者使用与加密算法对应的解密算法才能实现解密。加密时使用的加密算法或者解密算法可以预先设定,在需要对加密后的第二虹膜模板进行解密时,使用对应的算法进行解密,得到解密后的第二虹膜模板。In order to improve the security of the encryption process and the decryption process, the second iris template used in the encryption process is also encrypted, and the encryption algorithm used for encrypting the second iris template may be predetermined and randomly selected from a plurality of encryption algorithms. When decrypting the encrypted second iris template, the correct encryption algorithm must be used to decrypt, or the decryption algorithm corresponding to the encryption algorithm can be used for decryption. The encryption algorithm or the decryption algorithm used for encryption may be preset. When the encrypted second iris template needs to be decrypted, the corresponding algorithm is used for decryption to obtain the decrypted second iris template.

步骤S301,判断所述第一虹膜模板与所述第二虹膜模板是否一致。Step S301, determining whether the first iris template and the second iris template are consistent.

在得到解密后的第二虹膜模板后,可以将该第二虹膜模板与第一虹膜模板进行对比,确定两者是否一致。例如,在对文件进行加密过程中,用户使用了左眼的虹膜进行加密,相应的,在解密过程中,用户也必须使用左眼的虹膜进行解密操作。用户只有使用了与加密过程中相同眼睛,第一虹膜模板和第二虹膜模板的比对结果才会一致。After the decrypted second iris template is obtained, the second iris template can be compared with the first iris template to determine whether the two are consistent. For example, in the process of encrypting a file, the user uses the iris of the left eye to encrypt, and correspondingly, during the decryption process, the user must also use the iris of the left eye to perform the decryption operation. The user only uses the same eye as the encryption process, and the comparison results of the first iris template and the second iris template are consistent.

步骤S301,当所述第一虹膜模板与所述第二虹膜模板一致时,根据所述第二虹膜模板生成所述第一数据密钥,利用所述第一数据密钥对所述加密数据进行解密。Step S301, when the first iris template is consistent with the second iris template, generating the first data key according to the second iris template, and performing the encrypted data by using the first data key. Decrypt.

在对第一虹膜模板和第二虹膜模板进行比对后,如果第一虹膜虹膜模板和第二虹膜模板一致,或者,两者相同的特征超过了预设的阈值,表明用户在解密时使用了与加密时相同的眼睛。此时,就可以根据第二虹膜模板生成第一数据密钥,并利用第一数据密钥对加密数据进行解密,得到解密后的数据,完成数据解密流程。After comparing the first iris template and the second iris template, if the first iris iris template and the second iris template are identical, or both of the same features exceed a preset threshold, the user is used in decryption. The same eye as when encrypting. At this time, the first data key may be generated according to the second iris template, and the encrypted data is decrypted by using the first data key to obtain the decrypted data, and the data decryption process is completed.

当所述第一虹膜膜板与所述第二虹膜模板不一致时,表明用户使用了与加密过程使用的眼睛不同的眼睛,或者是其他用户使用虹膜试图解密所述加密数据,这样的解密过程就是非正确的,此时就可以结束数据解密流程。When the first iris film plate is inconsistent with the second iris template, indicating that the user uses an eye different from the eye used by the encryption process, or other users use the iris to attempt to decrypt the encrypted data, such a decryption process is Incorrect, you can end the data decryption process.

详细的,对所述加密后的第二虹膜模板进行解密得到第二虹膜模板的步骤包括:In detail, the step of decrypting the encrypted second iris template to obtain a second iris template includes:

确定所述第二虹膜模板加密时使用的虹膜加密算法;Determining an iris encryption algorithm used when the second iris template is encrypted;

确定与所述虹膜加密算法对应的虹膜解密算法;Determining an iris decryption algorithm corresponding to the iris encryption algorithm;

根据所述虹膜解密算法对加密后的第二虹膜模板进行初次解密,得到初次解密后的第二虹膜模板;Performing an initial decryption of the encrypted second iris template according to the iris decryption algorithm to obtain a second iris template after initial decryption;

根据所述虹膜解密算法对初次解密后的第二虹膜模板进行二次解密,将二次解密后的第二虹膜模板作为解密后的第二虹膜模板。The second iris template after the initial decryption is secondarily decrypted according to the iris decryption algorithm, and the second decrypted second iris template is used as the decrypted second iris template.

详细的,所述第一虹膜模板中包括第一生物特征数据,所述第二虹膜模板包括第二生物特征数据,判断所述第一虹膜模板与所述第二虹膜模板是否一致的步骤包括:In detail, the first iris template includes first biometric data, the second iris template includes second biometric data, and the step of determining whether the first iris template is consistent with the second iris template comprises:

判断所述第一生物特征数据与所述第二生物特征数据中相同的数据是否超过预设阈值;Determining whether the same data in the first biometric data and the second biometric data exceeds a preset threshold;

当所述第一生物特征数据与所述第二生物特征数据中相同的数据超过预设阈值,表明所述第一虹膜模板与所述第二虹膜模板一致;When the same data in the first biometric data and the second biometric data exceeds a preset threshold, indicating that the first iris template is consistent with the second iris template;

当所述第一生物特征数据与所述第二生物特征数据中相同的数据低于所述预设阈值,表明所述第一虹膜模板与所述第二虹膜模板不一致。And when the same data in the first biometric data and the second biometric data is lower than the preset threshold, indicating that the first iris template is inconsistent with the second iris template.

在本申请实施例中,上述加密方法和解密方法可以应用于具有虹膜采集装置的加密解密设备。用户在需要对某一电子设备上的数据进行加密时,可以将该加密解密设备与电子设备连接,然后使用加密解密设备上的虹膜采集装置采集一个或多个虹膜图像,利用采集 到的虹膜图像根据上述加密方法完成对数据的加密。当用户希望对加密后的数据进行解密时,需要使用该加密解密设备,并通过该加密解密设备上的虹膜采集装置采集解密需要的虹膜图像,并根据上述解密方法完成对加密数据的解密,完成数据解密流程。In the embodiment of the present application, the above encryption method and decryption method can be applied to an encryption decryption device having an iris collection device. When the user needs to encrypt the data on an electronic device, the encryption and decryption device can be connected to the electronic device, and then the iris collection device on the encryption and decryption device is used to collect one or more iris images, and the collected iris image is utilized. Encryption of the data is done according to the above encryption method. When the user wants to decrypt the encrypted data, the encryption and decryption device needs to be used, and the iris image required for decryption is collected by the iris collection device on the encryption and decryption device, and the decrypted data is decrypted according to the decryption method. Data decryption process.

请参照图4,图4为本公开提供的一种数据加密装置200的结构框图,该装置用于执行上述的数据加密方法,所述装置具体包括:Please refer to FIG. 4. FIG. 4 is a structural block diagram of a data encryption apparatus 200 according to the present disclosure. The apparatus is configured to perform the foregoing data encryption method, and the apparatus specifically includes:

图像获取模块210,配置成获取用户虹膜图像。The image acquisition module 210 is configured to acquire a user iris image.

第一生成模块220,配置成根据所述虹膜图像生成虹膜模板。The first generation module 220 is configured to generate an iris template according to the iris image.

第二生成模块230,配置成根据所述虹膜模板生成数据密钥,并对所述虹膜模板进行加密。The second generation module 230 is configured to generate a data key according to the iris template and encrypt the iris template.

加密模块240,配置成根据所述数据密钥对获取的待加密文件进行加密。The encryption module 240 is configured to encrypt the obtained file to be encrypted according to the data key.

作为一种实施方式,所述装置还可包括:As an embodiment, the device may further include:

第三生成模块250,配置成根据加密后的待加密文件生成虹膜密钥。The third generation module 250 is configured to generate an iris key according to the encrypted file to be encrypted.

模板加密模块260,配置成根据所述虹膜密钥对所述虹膜模板进行二次加密。The template encryption module 260 is configured to perform secondary encryption on the iris template according to the iris key.

数据包生成模块270,配置成根据二次加密后的所述虹膜模板与加密后的所述待加密文件生成加密数据包。The data packet generating module 270 is configured to generate an encrypted data packet according to the second encrypted image and the encrypted file to be encrypted.

请参照图5,图5为本公开提供的一种数据解密装置300的结构框图,该装置用于执行上述的数据解密方法,所述装置具体包括:Please refer to FIG. 5. FIG. 5 is a structural block diagram of a data decryption apparatus 300 according to the present disclosure. The apparatus is configured to perform the foregoing data decryption method, and the apparatus specifically includes:

第一获取模块310,配置成获取用户虹膜图像。The first obtaining module 310 is configured to acquire a user iris image.

模板生成模块320,配置成根据所述虹膜图像生成新虹膜模板。The template generation module 320 is configured to generate a new iris template according to the iris image.

第二获取模块330,配置成获取待解密文件对应的加密数据包,所述加密数据包为在对原始文件进行加密得到所述待解密文件的过程中生成,且所述加密数据包括所述原始文件和加密后的原始虹膜模板。The second obtaining module 330 is configured to obtain an encrypted data packet corresponding to the file to be decrypted, where the encrypted data packet is generated in the process of encrypting the original file to obtain the to-be-decrypted file, and the encrypted data includes the original File and encrypted original iris template.

第三获取模块340,配置成从所述加密数据包中获取所述原始文件和所述加密后的原始虹膜模板。The third obtaining module 340 is configured to obtain the original file and the encrypted original iris template from the encrypted data packet.

密钥生成模块350,配置成根据所述原始文件生成虹膜密钥。The key generation module 350 is configured to generate an iris key according to the original file.

模板解密模块360,配置成根据所述虹膜密钥对所述加密后的原始虹膜模板进行解密。The template decryption module 360 is configured to decrypt the encrypted original iris template according to the iris key.

匹配模块370,配置成将所述解密后的原始虹膜模板与所述新虹膜模板进行匹配,获得匹配结果。The matching module 370 is configured to match the decrypted original iris template with the new iris template to obtain a matching result.

文件解密模块380,配置成根据所述匹配结果,对所述待解密文件进行解密。The file decryption module 380 is configured to decrypt the file to be decrypted according to the matching result.

作为一种实施方式,所述装置还可包括:As an embodiment, the device may further include:

比对子模块,配置成若所述匹配结果为所述解密后的原始虹膜模板与所述新虹膜模板的匹配结果一致时,获取根据所述原始虹膜模板生成的数据密钥。The comparison sub-module is configured to acquire a data key generated according to the original iris template if the matching result is that the decrypted original iris template matches the matching result of the new iris template.

解密子模块,配置成根据所述数据密钥对所述加密后的待解密文件进行解密。And a decryption submodule configured to decrypt the encrypted file to be decrypted according to the data key.

所属领域的技术人员可以清楚地了解到,为描述的方便和简洁,上述描述的方法的具体工作过程,可以参考前述装置中的对应过程,在此不再过多赘述。A person skilled in the art can clearly understand that for the convenience and brevity of the description, the specific working process of the method described above can refer to the corresponding process in the foregoing apparatus, and details are not described herein again.

综上所述,本公开提供一种数据加密、解密方法及电子设备,首先获取用户虹膜图像,根据所述虹膜图像生成虹膜模板,再根据所述虹膜模板生成数据密钥,为了提高虹膜模板的安全性,防止被别人窃取,则需对所述虹膜模板进行加密,再根据所述数据密钥对获取的待加密文件进行加密,通过虹膜图像生成的虹膜模板,从而可根据每次生成虹膜模板的不同,从而对不同的每个待加密文件生成不同的数据密钥,提高了数据密钥安全性和数据安全性。In summary, the present disclosure provides a data encryption and decryption method and an electronic device, which first acquires an iris image of a user, generates an iris template according to the iris image, and generates a data key according to the iris template, in order to improve the iris template. Security, to prevent being stolen by others, the iris template needs to be encrypted, and the obtained file to be encrypted is encrypted according to the data key, and the iris template generated by the iris image is generated, so that the iris template can be generated according to each time. The difference is that different data keys are generated for each different file to be encrypted, which improves data key security and data security.

在本申请所提供的几个实施例中,应该理解到,所揭露的装置和方法,也可以通过其它的方式实现。以上所描述的装置实施例仅仅是示意性的,例如,附图中的流程图和框图显示了根据本公开的多个实施例的装置、方法和计算机程序产品的可能实现的体系架构、功能和操作。在这点上,流程图或框图中的每个方框可以代表一个模块、程序段或代码的一部分,所述模块、程序段或代码的一部分包含一个或多个用于实现规定的逻辑功能的可执行指令。也应当注意,在有些作为替换的实现方式中,方框中所标注的功能也可以以不同于附图中所标注的顺序发生。例如,两个连续的方框实际上可以基本并行地执行,它们有时也可以按相反的顺序执行,这依所涉及的功能而定。也要注意的是,框图和/或流程图中的每个方框、以及框图和/或流程图中的方框的组合,可以用执行规定的功能或动作的专用的基于硬件的系统来实现,或者可以用专用硬件与计算机指令的组合来实现。In the several embodiments provided by the present application, it should be understood that the disclosed apparatus and method may also be implemented in other manners. The apparatus embodiments described above are merely illustrative, for example, the flowcharts and block diagrams in the figures illustrate the architecture, functionality, and functionality of possible implementations of apparatus, methods, and computer program products according to various embodiments of the present disclosure. operating. In this regard, each block of the flowchart or block diagram can represent a module, a program segment, or a portion of code that includes one or more of the Executable instructions. It should also be noted that, in some alternative implementations, the functions noted in the blocks may also occur in a different order than those illustrated in the drawings. For example, two consecutive blocks may be executed substantially in parallel, and they may sometimes be executed in the reverse order, depending upon the functionality involved. It is also noted that each block of the block diagrams and/or flowcharts, and combinations of blocks in the block diagrams and/or flowcharts, can be implemented in a dedicated hardware-based system that performs the specified function or function. Or it can be implemented by a combination of dedicated hardware and computer instructions.

另外,在本公开各个实施例中的各功能模块可以集成在一起形成一个独立的部分,也可以是各个模块单独存在,也可以两个或两个以上模块集成形成一个独立的部分。In addition, each functional module in various embodiments of the present disclosure may be integrated to form a separate part, or each module may exist separately, or two or more modules may be integrated to form a separate part.

所述功能如果以软件功能模块的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。基于这样的理解,本公开的技术方案本质上或者说对现有技术做出贡献的部分或者该技术方案的部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行本公开各个实施例所述方法的全部或部分步骤。而前述的存储介质包括:U盘、移动硬盘、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、磁碟或者光盘等各种可以存储程序代码的介质。需要说明的是,在本文中,诸如第一和第二等之类的关系术语仅仅用来将一个实体或者操作与另一个实体或操作区分开来,而不一定要求或者暗示这些实体或操作之间存在任何这种实际的关系或者顺序。而且,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、物品或者设备不仅包括那些 要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、物品或者设备所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括所述要素的过程、方法、物品或者设备中还存在另外的相同要素。The functions, if implemented in the form of software functional modules and sold or used as separate products, may be stored in a computer readable storage medium. Based on such understanding, the portion of the technical solution of the present disclosure that contributes in essence or to the prior art or the portion of the technical solution may be embodied in the form of a software product stored in a storage medium, including The instructions are used to cause a computer device (which may be a personal computer, server, or network device, etc.) to perform all or part of the steps of the methods described in various embodiments of the present disclosure. The foregoing storage medium includes: a U disk, a mobile hard disk, a read-only memory (ROM), a random access memory (RAM), a magnetic disk, or an optical disk, and the like. . It should be noted that, in this context, relational terms such as first and second are used merely to distinguish one entity or operation from another entity or operation, and do not necessarily require or imply such entities or operations. There is any such actual relationship or order between them. Furthermore, the term "comprises" or "comprises" or "comprises" or any other variations thereof is intended to encompass a non-exclusive inclusion, such that a process, method, article, or device that comprises a plurality of elements includes not only those elements but also Other elements, or elements that are inherent to such a process, method, item, or device. An element that is defined by the phrase "comprising a ..." does not exclude the presence of additional equivalent elements in the process, method, item, or device that comprises the element.

以上所述仅为本公开的优选实施例而已,并不用于限制本公开,对于本领域的技术人员来说,本公开可以有各种更改和变化。凡在本公开的精神和原则之内,所作的任何修改、等同替换、改进等,均应包含在本公开的保护范围之内。应注意到:相似的标号和字母在下面的附图中表示类似项,因此,一旦某一项在一个附图中被定义,则在随后的附图中不需要对其进行进一步定义和解释。The above description is only a preferred embodiment of the present disclosure, and is not intended to limit the disclosure, and various changes and modifications may be made to the present disclosure. Any modifications, equivalent substitutions, improvements, etc., made within the spirit and scope of the present disclosure are intended to be included within the scope of the present disclosure. It should be noted that similar reference numerals and letters indicate similar items in the following figures, and therefore, once an item is defined in a drawing, it is not necessary to further define and explain it in the subsequent drawings.

以上所述,仅为本公开的具体实施方式,但本公开的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本公开揭露的技术范围内,可轻易想到变化或替换,都应涵盖在本公开的保护范围之内。因此,本公开的保护范围应所述以权利要求的保护范围为准。The above is only the specific embodiment of the present disclosure, but the scope of the present disclosure is not limited thereto, and any person skilled in the art can easily think of changes or substitutions within the technical scope of the disclosure. It should be covered within the scope of protection of the present disclosure. Therefore, the scope of protection of the present disclosure should be determined by the scope of the claims.

需要说明的是,在本文中,诸如第一和第二等之类的关系术语仅仅用来将一个实体或者操作与另一个实体或操作区分开来,而不一定要求或者暗示这些实体或操作之间存在任何这种实际的关系或者顺序。而且,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、物品或者设备不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、物品或者设备所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括所述要素的过程、方法、物品或者设备中还存在另外的相同要素。It should be noted that, in this context, relational terms such as first and second are used merely to distinguish one entity or operation from another entity or operation, and do not necessarily require or imply such entities or operations. There is any such actual relationship or order between them. Furthermore, the term "comprises" or "comprises" or "comprises" or any other variations thereof is intended to encompass a non-exclusive inclusion, such that a process, method, article, or device that comprises a plurality of elements includes not only those elements but also Other elements, or elements that are inherent to such a process, method, item, or device. An element that is defined by the phrase "comprising a ..." does not exclude the presence of additional equivalent elements in the process, method, item, or device that comprises the element.

工业实用性Industrial applicability

本公开提供了一种数据加密、解密方法、装置、电子设备及可读存储介质,可根据每次生成虹膜模板的不同,从而对不同的每个待加密文件生成不同的数据密钥,提高了数据密钥安全性和数据安全性。The present disclosure provides a data encryption and decryption method, device, electronic device, and readable storage medium, which can generate different data keys for different files to be encrypted according to different generation of iris templates each time, thereby improving the data key. Data key security and data security.

Claims (21)

一种数据加密方法,其特征在于,所述方法包括:A data encryption method, the method comprising: 获取用户虹膜图像;Obtaining a user iris image; 根据所述虹膜图像生成虹膜模板;Generating an iris template according to the iris image; 根据所述虹膜模板生成数据密钥,并对所述虹膜模板进行加密;Generating a data key according to the iris template, and encrypting the iris template; 根据所述数据密钥对获取的待加密文件进行加密。The obtained file to be encrypted is encrypted according to the data key. 根据权利要求1所述的方法,其特征在于,根据所述数据密钥对获取的待加密文件进行加密的步骤之后,所述方法还包括:The method according to claim 1, wherein after the step of encrypting the obtained file to be encrypted according to the data key, the method further comprises: 根据加密后的待加密文件生成虹膜密钥;Generating an iris key according to the encrypted file to be encrypted; 根据所述虹膜密钥对所述虹膜模板进行二次加密;Performing secondary encryption on the iris template according to the iris key; 根据二次加密后的所述虹膜模板与加密后的所述待加密文件生成加密数据包。And generating an encrypted data packet according to the second encrypted image and the encrypted file to be encrypted. 根据权利要求1或2任意一项所述的方法,其特征在于,所述获取用户虹膜图像,包括:The method according to any one of claims 1 or 2, wherein the acquiring a user iris image comprises: 通过虹膜摄像头获取所述用户的虹膜图像。The iris image of the user is acquired by an iris camera. 根据权利要求1至3任意一项所述的数据加密方法,其特征在于,根据所述虹膜图像生成虹膜模板的步骤包括:The data encryption method according to any one of claims 1 to 3, wherein the step of generating an iris template according to the iris image comprises: 采用预设算法对所述虹膜图像进行处理,以得到所述虹膜图像中包括的人体的固有生物体特性数据;The iris image is processed by using a preset algorithm to obtain intrinsic biometric property data of the human body included in the iris image; 将获取到的固有生物体特性数据作为所述虹膜模板中的数据。The acquired intrinsic biometric property data is used as data in the iris template. 根据权利要求1至4任意一项所述的数据加密方法,其特征在于,根据所述虹膜模板生成数据密钥,并对所述虹膜模板进行加密的步骤包括:The data encryption method according to any one of claims 1 to 4, wherein the step of generating a data key according to the iris template and encrypting the iris template comprises: 利用哈希算法对所述虹膜模板进行运算,得到数据密钥;Performing an operation on the iris template by using a hash algorithm to obtain a data key; 采用预设加密算法对虹膜模板进行加密,得到加密后的虹膜模板。The iris template is encrypted by using a preset encryption algorithm to obtain an encrypted iris template. 一种数据解密方法,其特征在于,所述方法包括:A data decryption method, the method comprising: 获取用户虹膜图像;Obtaining a user iris image; 根据所述虹膜图像生成新虹膜模板;Generating a new iris template according to the iris image; 获取待解密文件对应的加密数据包,所述加密数据包为在对原始文件进行加密得到所述待解密文件的过程中生成,且所述加密数据包包括所述原始文件和加密后的原始虹膜模板;Obtaining an encrypted data packet corresponding to the file to be decrypted, where the encrypted data packet is generated in the process of encrypting the original file to obtain the to-be-decrypted file, and the encrypted data packet includes the original file and the encrypted original iris template; 从所述加密数据包中获取所述原始文件和所述加密后的原始虹膜模板;Obtaining the original file and the encrypted original iris template from the encrypted data packet; 根据所述原始文件生成虹膜密钥;Generating an iris key based on the original file; 根据所述虹膜密钥对所述加密后的原始虹膜模板进行解密;Decrypting the encrypted original iris template according to the iris key; 将所述解密后的原始虹膜模板与所述新虹膜模板进行匹配,获得匹配结果;Matching the decrypted original iris template with the new iris template to obtain a matching result; 根据所述匹配结果,对所述待解密文件进行解密。Decrypting the file to be decrypted according to the matching result. 根据权利要求6所述的数据解密方法,其特征在于,根据所述匹配结果,对待解密文件进行解密,包括:The data decryption method according to claim 6, wherein the decrypting the decrypted file according to the matching result comprises: 若所述匹配结果为所述解密后的原始虹膜模板与所述新虹膜模板匹配一致时,获取根据所述原始虹膜模板生成的数据密钥;If the matching result is that the decrypted original iris template matches the new iris template, acquiring a data key generated according to the original iris template; 根据所述数据密钥对所述加密后的待解密文件进行解密。Decrypting the encrypted file to be decrypted according to the data key. 根据权利要求6或7任意一项所述的数据解密方法,其特征在于,根据所述匹配结果,对待解密文件进行解密的步骤包括:The data decryption method according to any one of claims 6 or 7, wherein the step of decrypting the file to be decrypted according to the matching result comprises: 若所述匹配结果为所述解密后的原始虹膜模板与所述新虹膜模板匹配不一致,结束解密流程。If the matching result is that the decrypted original iris template is inconsistent with the new iris template, the decryption process is ended. 一种数据解密方法,其特征在于,包括:A data decryption method, comprising: 获得用户的第一虹膜图像对应的第一虹膜模板;Obtaining a first iris template corresponding to the first iris image of the user; 获得加密后的第二虹膜模板以及通过第一数据密钥加密后的加密数据,所述第一数据密钥为数据加密过程中根据所述第二虹膜模板生成;Obtaining the encrypted second iris template and the encrypted data encrypted by the first data key, where the first data key is generated according to the second iris template in the data encryption process; 对所述加密后的第二虹膜模板进行解密得到第二虹膜模板;Decrypting the encrypted second iris template to obtain a second iris template; 判断所述第一虹膜模板与所述第二虹膜模板是否一致;Determining whether the first iris template is consistent with the second iris template; 当所述第一虹膜模板与所述第二虹膜模板一致时,根据所述第二虹膜模板生成所述第一数据密钥,利用所述第一数据密钥对所述加密数据进行解密。And when the first iris template is consistent with the second iris template, generating the first data key according to the second iris template, and decrypting the encrypted data by using the first data key. 根据权利要求9所述的数据解密法,其特征在于,该方法还包括:The data decryption method according to claim 9, wherein the method further comprises: 当所述第一虹膜膜板与所述第二虹膜模板不一致时,结束数据解密流程。When the first iris film plate is inconsistent with the second iris template, the data decryption process is ended. 根据权利要求9或10任意一项所述的数据解密方法,其特征在于,对所述加密后的第二虹膜模板进行解密得到第二虹膜模板的步骤包括:The data decryption method according to any one of claims 9 to 10, wherein the step of decrypting the encrypted second iris template to obtain a second iris template comprises: 确定所述第二虹膜模板加密时使用的虹膜加密算法;Determining an iris encryption algorithm used when the second iris template is encrypted; 确定与所述虹膜加密算法对应的虹膜解密算法;Determining an iris decryption algorithm corresponding to the iris encryption algorithm; 根据所述虹膜解密算法对加密后的第二虹膜模板进行初次解密,得到初次解密后的第二虹膜模板;Performing an initial decryption of the encrypted second iris template according to the iris decryption algorithm to obtain a second iris template after initial decryption; 根据所述虹膜解密算法对初次解密后的第二虹膜模板进行二次解密,将二次解密后的第二虹膜模板作为解密后的第二虹膜模板。The second iris template after the initial decryption is secondarily decrypted according to the iris decryption algorithm, and the second decrypted second iris template is used as the decrypted second iris template. 根据权利要求9至11任意一项所述的数据解密方法,其特征在于,所述第一虹膜模板中包括第一生物特征数据,所述第二虹膜模板包括第二生物特征数据,判断所述第一虹膜模板与所述第二虹膜模板是否一致的步骤包括:The data decryption method according to any one of claims 9 to 11, wherein the first iris template includes first biometric data, and the second iris template includes second biometric data, and the judging is The step of whether the first iris template is consistent with the second iris template includes: 判断所述第一生物特征数据与所述第二生物特征数据中相同的数据是否超过预设阈值;Determining whether the same data in the first biometric data and the second biometric data exceeds a preset threshold; 当所述第一生物特征数据与所述第二生物特征数据中相同的数据超过预设阈值,表明所述第一虹膜模板与所述第二虹膜模板一致;When the same data in the first biometric data and the second biometric data exceeds a preset threshold, indicating that the first iris template is consistent with the second iris template; 当所述第一生物特征数据与所述第二生物特征数据中相同的数据低于所述预设阈值,表明所述第一虹膜模板与所述第二虹膜模板不一致。And when the same data in the first biometric data and the second biometric data is lower than the preset threshold, indicating that the first iris template is inconsistent with the second iris template. 一种数据加密装置,其特征在于,所述装置包括:A data encryption device, characterized in that the device comprises: 图像获取模块,配置成获取用户虹膜图像;An image acquisition module configured to acquire a user iris image; 第一生成模块,配置成根据所述虹膜图像生成虹膜模板;a first generating module configured to generate an iris template according to the iris image; 第二生成模块,配置成根据所述虹膜模板生成数据密钥,并对所述虹膜模板进行加密;a second generating module, configured to generate a data key according to the iris template, and encrypt the iris template; 加密模块,配置成根据所述数据密钥对获取的待加密文件进行加密。The encryption module is configured to encrypt the to-be-encrypted file obtained according to the data key. 根据权利要求13所述的装置,其特征在于,所述装置还包括:The device according to claim 13, wherein the device further comprises: 第三生成模块,配置成根据加密后的待加密文件生成虹膜密钥;a third generation module, configured to generate an iris key according to the encrypted file to be encrypted; 模板加密模块,配置成根据所述虹膜密钥对所述虹膜模板进行二次加密;a template encryption module, configured to perform secondary encryption on the iris template according to the iris key; 数据包生成模块,配置成根据二次加密后的所述虹膜模板与加密后的所述待加密文件生成加密数据包。And a data packet generating module configured to generate an encrypted data packet according to the second encrypted IP template and the encrypted file to be encrypted. 一种数据解密装置,其特征在于,所述装置包括:A data decryption device, characterized in that the device comprises: 第一获取模块,配置成获取用户虹膜图像;a first acquiring module configured to acquire a user iris image; 模板生成模块,配置成根据所述虹膜图像生成新虹膜模板;a template generating module, configured to generate a new iris template according to the iris image; 第二获取模块,配置成获取待解密文件对应的加密数据包,所述加密数据包为在对原始文件进行加密得到所述待解密文件的过程中生成,且所述加密数据包括所述原始文件和加密后的原始虹膜模板;a second acquiring module, configured to acquire an encrypted data packet corresponding to the file to be decrypted, where the encrypted data packet is generated in a process of encrypting the original file to obtain the to-be-decrypted file, and the encrypted data includes the original file And the original iris template after encryption; 第三获取模块,配置成从所述加密数据包中获取所述原始文件和所述加密后的原始虹膜模板;a third obtaining module, configured to obtain the original file and the encrypted original iris template from the encrypted data packet; 密钥生成模块,配置成根据所述原始文件生成虹膜密钥;a key generation module, configured to generate an iris key according to the original file; 模板解密模块,配置成根据所述虹膜密钥对所述加密后的原始虹膜模板进行解密;a template decryption module configured to decrypt the encrypted original iris template according to the iris key; 匹配模块,配置成将所述解密后的原始虹膜模板与所述新虹膜模板进行匹配,获得匹配结果;a matching module, configured to match the decrypted original iris template with the new iris template to obtain a matching result; 文件解密模块,配置成根据所述匹配结果,对所述待解密文件进行解密。The file decryption module is configured to decrypt the file to be decrypted according to the matching result. 根据权利要求15所述的装置,其特征在于,所述文件解密模块包括:The device according to claim 15, wherein the file decryption module comprises: 比对子模块,配置成若所述匹配结果为所述解密后的原始虹膜模板与所述新虹膜 模板匹配一致时,获取根据所述原始虹膜模板生成的数据密钥;Aligning the sub-module, configured to acquire a data key generated according to the original iris template if the matching result is that the decrypted original iris template matches the new iris template; 解密子模块,配置成根据所述数据密钥对所述加密后的待解密文件进行解密。And a decryption submodule configured to decrypt the encrypted file to be decrypted according to the data key. 一种电子设备,其特征在于,所述电子设备包括加密处理器和存储器,所述存储器耦接到所述加密处理器,所述存储器存储指令,当所述指令由所述加密处理器执行时所述电子设备执行以下操作:An electronic device, comprising: an encryption processor and a memory, the memory coupled to the encryption processor, the memory storing instructions when the instructions are executed by the encryption processor The electronic device performs the following operations: 获取用户虹膜图像;Obtaining a user iris image; 根据所述虹膜图像生成虹膜模板;Generating an iris template according to the iris image; 根据所述虹膜模板生成数据密钥,并对所述虹膜模板进行加密;Generating a data key according to the iris template, and encrypting the iris template; 根据所述数据密钥对获取的待加密文件进行加密。The obtained file to be encrypted is encrypted according to the data key. 一种电子设备,其特征在于,所述电子设备包括虹膜采集装置,所述虹膜采集装置用于采集用户的虹膜图像,所述电子设备包括处理器及存储有计算机指令的非易失性存储器,所述计算机指令被所述处理器执行时,所述电子设备执行权利要求1-5中任意一项所述的数据加密方法。An electronic device, comprising: an iris collection device, wherein the iris collection device is configured to collect an iris image of a user, the electronic device comprising a processor and a non-volatile memory storing computer instructions, The electronic device performs the data encryption method according to any one of claims 1 to 5 when the computer instruction is executed by the processor. 一种电子设备,其特征在于,所述电子设备包括虹膜采集装置,所述虹膜采集装置用于采集用户的虹膜图像,所述电子设备包括处理器及存储有计算机指令的非易失性存储器,所述计算机指令被所述处理器执行时,所述电子设备执行权利要求9-12中任意一项所述的数据解密方法。An electronic device, comprising: an iris collection device, wherein the iris collection device is configured to collect an iris image of a user, the electronic device comprising a processor and a non-volatile memory storing computer instructions, The electronic device performs the data decryption method of any one of claims 9-12 when the computer instructions are executed by the processor. 一种可读存储介质,其特征在于,所述可读存储介质包括计算机程序,其特征在于:所述计算机程序运行时控制所述可读存储介质所在用户终端执行权利要求1-5中任意一项所述的数据加密方法。A readable storage medium, characterized in that the readable storage medium comprises a computer program, characterized in that: when the computer program is running, controlling a user terminal where the readable storage medium is located to perform any one of claims 1-5 The data encryption method described in the item. 一种可读存储介质,其特征在于,所述可读存储介质包括计算机程序,其特征在于:所述计算机程序运行时控制所述可读存储介质所在用户终端执行权利要求9-12中任意一项所述的数据解密方法。A readable storage medium, comprising: a computer program, wherein: when the computer program is running, controlling a user terminal where the readable storage medium is located to perform any one of claims 9-12 The data decryption method described in the item.
PCT/CN2018/079050 2017-03-17 2018-03-14 Data encryption and decryption methods and apparatuses, electronic device and readable storage medium Ceased WO2018166484A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201710163631.9A CN107248972B (en) 2017-03-17 2017-03-17 Data encryption and decryption method and device and electronic equipment
CN201710163631.9 2017-03-17

Publications (1)

Publication Number Publication Date
WO2018166484A1 true WO2018166484A1 (en) 2018-09-20

Family

ID=60017477

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/079050 Ceased WO2018166484A1 (en) 2017-03-17 2018-03-14 Data encryption and decryption methods and apparatuses, electronic device and readable storage medium

Country Status (2)

Country Link
CN (1) CN107248972B (en)
WO (1) WO2018166484A1 (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107248972B (en) * 2017-03-17 2019-12-06 武汉虹识技术有限公司 Data encryption and decryption method and device and electronic equipment
CN111368308A (en) * 2018-12-25 2020-07-03 珠海汇金科技股份有限公司 Image acquisition device, server, control method of encryption system, and control device
CN110826038B (en) * 2019-10-18 2022-05-24 武汉虹识技术有限公司 Data encryption and decryption method and device
CN115037469B (en) * 2022-05-20 2024-10-29 谢轩豪 Encryption method, device and system for user eye biological characteristics and storage medium
CN116052313B (en) * 2023-02-10 2024-02-23 北京中超伟业信息安全技术股份有限公司 Intelligent secret cabinet control method, device, equipment and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101458750A (en) * 2008-11-21 2009-06-17 东莞市智盾电子技术有限公司 Data security processing method and data security storage device
US20150312034A1 (en) * 2014-04-29 2015-10-29 Altek Corporation Method for image encryption and decryption incorporating physiological features and image capture device thereof
CN105447405A (en) * 2015-11-09 2016-03-30 南京以太安全技术有限公司 Document encryption/decryption method and apparatus based on iris recognition and authentication
CN107248972A (en) * 2017-03-17 2017-10-13 武汉虹识技术有限公司 Data encryption, decryption method, device and electronic equipment

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104572891B (en) * 2014-12-24 2017-12-12 北京大学深圳研究生院 A kind of file updating method for network information separation storage

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101458750A (en) * 2008-11-21 2009-06-17 东莞市智盾电子技术有限公司 Data security processing method and data security storage device
US20150312034A1 (en) * 2014-04-29 2015-10-29 Altek Corporation Method for image encryption and decryption incorporating physiological features and image capture device thereof
CN105447405A (en) * 2015-11-09 2016-03-30 南京以太安全技术有限公司 Document encryption/decryption method and apparatus based on iris recognition and authentication
CN107248972A (en) * 2017-03-17 2017-10-13 武汉虹识技术有限公司 Data encryption, decryption method, device and electronic equipment

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
WANG, QIANG ET AL.: "Study on the Key Based on Iris Feature for Barracks Information Encryption", COMPUTER SYSTEMS AND APPLICATIONS, vol. 22, no. 9, 27 September 2013 (2013-09-27), pages 119 - 121 *

Also Published As

Publication number Publication date
CN107248972B (en) 2019-12-06
CN107248972A (en) 2017-10-13

Similar Documents

Publication Publication Date Title
CN106412907B (en) Network access method, related equipment and system
CN108734031B (en) Secure data storage device having security functions implemented in a data security bridge
CN105960775B (en) Method and apparatus for migrating keys
WO2018166484A1 (en) Data encryption and decryption methods and apparatuses, electronic device and readable storage medium
WO2017050093A1 (en) Login information input method, login information storage method, and associated device
US20160180102A1 (en) Computer program, method, and system for secure data management
CN105429761A (en) A method and device for generating a key
CN104573551A (en) File processing method and mobile terminal
WO2020215568A1 (en) Communication number changing method, apparatus and system, computer device and storage medium
CN110390191A (en) Method and system for secure biometric authentication
TW202107316A (en) Data processing method and apparatus, and electronic device
WO2016192165A1 (en) Data encryption method and apparatus
CN104239815A (en) Electronic document encryption and decryption method and method based on iris identification
CN105005731A (en) A data encryption and decryption method and mobile terminal
CN110321757B (en) Cross-end biological feature recognition system, biological feature management system, method and device
WO2018165811A1 (en) Method for saving and verifying biometric template, and biometric recognition apparatus and terminal
EP4329241A1 (en) Data management system, data management method, and non-transitory recording medium
WO2018113537A1 (en) Method and system for encrypting photograph on the basis fingerprint identification
CN105426721A (en) Picture encryption method and device
CN106850215B (en) Data encryption and decryption method and device
CN105426727A (en) Fingerprint decryption method and mobile terminal
CN105373741A (en) Method and device for usage of fingerprint information
CN113079017A (en) Fingerprint real-name authentication method and system for electronic signature
CN114239028B (en) A data processing method, device, computer equipment and storage medium
TWI772648B (en) Method of verifying partial data based on collective certificate

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18767727

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18767727

Country of ref document: EP

Kind code of ref document: A1