[go: up one dir, main page]

WO2018166484A1 - Procédés et appareils de chiffrement et de déchiffrement de données, dispositif électronique, et support de stockage lisible - Google Patents

Procédés et appareils de chiffrement et de déchiffrement de données, dispositif électronique, et support de stockage lisible Download PDF

Info

Publication number
WO2018166484A1
WO2018166484A1 PCT/CN2018/079050 CN2018079050W WO2018166484A1 WO 2018166484 A1 WO2018166484 A1 WO 2018166484A1 CN 2018079050 W CN2018079050 W CN 2018079050W WO 2018166484 A1 WO2018166484 A1 WO 2018166484A1
Authority
WO
WIPO (PCT)
Prior art keywords
iris
data
encrypted
template
iris template
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/CN2018/079050
Other languages
English (en)
Chinese (zh)
Inventor
易开军
高俊雄
托马斯 费尔兰德斯·
罗恒
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wuhan Hongshi Technologies Co Ltd
Original Assignee
Wuhan Hongshi Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wuhan Hongshi Technologies Co Ltd filed Critical Wuhan Hongshi Technologies Co Ltd
Publication of WO2018166484A1 publication Critical patent/WO2018166484A1/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0478Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0631Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/088Usage controlling of secret information, e.g. techniques for restricting cryptographic keys to pre-authorized uses, different access levels, validity of crypto-period, different key- or password length, or different strong and weak cryptographic algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms

Definitions

  • the present disclosure relates to the field of data processing, and in particular, to a data encryption and decryption method, apparatus, electronic device, and readable storage medium.
  • the purpose of the present disclosure includes providing a data encryption, decryption method, apparatus, and electronic device to improve the above problems.
  • the present disclosure provides a data encryption method, the method comprising: acquiring a user iris image; generating an iris template according to the iris image; generating a data key according to the iris template, and performing the iris template Encryption; encrypting the obtained file to be encrypted according to the data key.
  • the method further includes: generating an iris key according to the encrypted file to be encrypted; and pairing the iris template according to the iris key Performing secondary encryption; generating an encrypted data packet according to the second encrypted image and the encrypted file to be encrypted.
  • the acquiring the iris image of the user comprises: acquiring the iris image of the user by using an iris camera.
  • the step of generating an iris template according to the iris image includes:
  • the iris image is processed by using a preset algorithm to obtain intrinsic biometric property data of the human body included in the iris image;
  • the acquired intrinsic biometric property data is used as data in the iris template.
  • the step of generating a data key according to the iris template and encrypting the iris template includes:
  • the iris template is encrypted by using a preset encryption algorithm to obtain an encrypted iris template.
  • the present disclosure provides a data decryption method, the method includes: acquiring a user iris image; generating a new iris template according to the iris image; and acquiring an encrypted data packet corresponding to the file to be decrypted, where the encrypted data packet is Generating in the process of encrypting the original file to obtain the file to be decrypted, and the encrypted data packet includes the original file and the encrypted original iris template; acquiring the original file and the obtained from the encrypted data packet Decoding the original iris template; generating an iris key according to the original file; decrypting the encrypted original iris template according to the iris key; and the decrypted original iris template and the new iris The template is matched to obtain a matching result; and the file to be decrypted is decrypted according to the matching result.
  • the decrypting the encrypted file to be decrypted according to the matching result includes: if the matching result is that the decrypted original iris template matches the new iris template, obtaining the basis Decoding a data key generated by the original iris template; and decrypting the encrypted file to be decrypted according to the data key.
  • the step of decrypting the file to be decrypted includes:
  • the decryption process is ended.
  • the present disclosure provides a data decryption method, including:
  • the method further includes:
  • the step of decrypting the encrypted second iris template to obtain a second iris template includes:
  • the second iris template after the initial decryption is secondarily decrypted according to the iris decryption algorithm, and the second decrypted second iris template is used as the decrypted second iris template.
  • the first iris template includes first biometric data
  • the second iris template includes second biometric data
  • the step of determining whether the first iris template is consistent with the second iris template comprises:
  • the present disclosure provides a data encryption apparatus, the apparatus comprising: an image acquisition module configured to acquire a user iris image; a first generation module configured to generate an iris template according to the iris image; and a second generation module And configuring the data key to be generated according to the iris template, and encrypting the iris template; and the encryption module is configured to encrypt the to-be-encrypted file obtained according to the data key.
  • the device further includes: a third generating module, configured to generate an iris key according to the encrypted file to be encrypted; and a template encryption module configured to perform secondary encryption on the iris template according to the iris key; And a data packet generating module configured to generate an encrypted data packet according to the second encrypted IP template and the encrypted file to be encrypted.
  • a third generating module configured to generate an iris key according to the encrypted file to be encrypted
  • a template encryption module configured to perform secondary encryption on the iris template according to the iris key
  • a data packet generating module configured to generate an encrypted data packet according to the second encrypted IP template and the encrypted file to be encrypted.
  • the present disclosure provides a data decryption apparatus, the apparatus comprising: a first acquisition module configured to acquire a user iris image; a template generation module configured to generate a new iris template according to the iris image; a module configured to obtain an encrypted data packet corresponding to the file to be decrypted, where the encrypted data packet is generated in a process of encrypting the original file to obtain the to-be-decrypted file, and the encrypted data includes the original file and the encrypted file a raw iris template; a third obtaining module configured to acquire the original file and the encrypted original iris template from the encrypted data packet; and a key generation module configured to generate an iris key according to the original file a template decryption module configured to decrypt the encrypted original iris template according to the iris key; and a matching module configured to match the decrypted original iris template with the new iris template to obtain a match a file decryption module configured to decrypt the file to be decrypted according to the matching result
  • the file decryption module includes: a comparison sub-module configured to acquire, according to the original iris template, if the matching result is that the decrypted original iris template matches the new iris template a data key; a decryption sub-module configured to decrypt the encrypted file to be decrypted according to the data key.
  • the present disclosure provides an electronic device including an encryption processor and a memory coupled to the encryption processor, the memory storing instructions when the instruction is encrypted by the The electronic device performs the following operations: acquiring a user iris image; generating an iris template according to the iris image; generating a data key according to the iris template, and encrypting the iris template; The key encrypts the file to be encrypted obtained.
  • the present disclosure provides an electronic device including an iris collection device for collecting an iris image of a user, the electronic device including a processor and a non-easy computer instruction stored therein Loss memory, the electronic device performing the data encryption method of any one of claims 1-5 when the computer instructions are executed by the processor.
  • the present disclosure provides an electronic device including an iris collection device for collecting an iris image of a user, the electronic device including a processor and a non-easy computer instruction stored therein Loss memory, the electronic device performing the data decryption method of any one of claims 9-12 when the computer instructions are executed by the processor.
  • the present disclosure provides a readable storage medium, the readable storage medium comprising a computer program, wherein: when the computer program is running, controlling a user terminal where the readable storage medium is located to execute claim 1
  • the data encryption method according to any one of 5.
  • the present disclosure provides a readable storage medium, the readable storage medium comprising a computer program, wherein: when the computer program is running, controlling a user terminal where the readable storage medium is located to perform claim 9-
  • the data decryption method according to any one of 12.
  • the present disclosure provides a data encryption and decryption method and an electronic device.
  • an iris image of a user is acquired, an iris template is generated according to the iris image, and a data key is generated according to the iris template, so as to improve the security of the iris template, If the other person steals, the iris template needs to be encrypted, and the obtained file to be encrypted is encrypted according to the data key, and the iris template generated by the iris image is used, so that each iris template can be generated according to each time, thereby Different data keys are generated for each file to be encrypted, which improves data key security and data security.
  • FIG. 1 is a structural block diagram of an electronic device applicable to an embodiment of the present application
  • FIG. 3 is a flowchart of a data decryption method provided by the present disclosure
  • FIG. 4 is a structural block diagram of a data encryption apparatus provided by the present disclosure.
  • FIG. 5 is a structural block diagram of a data decryption apparatus provided by the present disclosure.
  • FIG. 1 is a structural block diagram of an electronic device 100 that can be applied to an embodiment of the present application.
  • the electronic device 100 may include a data encryption device or a data decryption device, a memory 101, a memory controller 102, an encryption processor 103, a peripheral interface 104, an input and output unit 105, an audio unit 106, and a display unit 107.
  • the components of the memory 101, the storage controller 102, the encryption processor 103, the peripheral interface 104, the input/output unit 105, the audio unit 106, and the display unit 107 are electrically connected directly or indirectly to each other to implement data transmission. Or interaction.
  • the components can be electrically connected to one another via one or more communication buses or signal lines.
  • the data encryption device or the data decryption device includes at least one software or firmware stored in the memory 101 or solidified in an operating system (OS) of the data encryption device or the data decryption device.
  • OS operating system
  • Software function module The cryptographic processor 103 is configured to execute executable modules stored in the memory 101, such as software functional modules or computer programs included in the data encryption device or data decryption device.
  • the memory 101 may be, but not limited to, a random access memory (RAM), a read only memory (ROM), and a programmable read-only memory (PROM). Erasable Programmable Read-Only Memory (EPROM), Electric Erasable Programmable Read-Only Memory (EEPROM), and the like.
  • RAM random access memory
  • ROM read only memory
  • PROM programmable read-only memory
  • EPROM Erasable Programmable Read-Only Memory
  • EEPROM Electric Erasable Programmable Read-Only Memory
  • the memory 101 is configured to store a program, and the encryption processor 103 executes the program after receiving the execution instruction, and the method executed by the server defined by the flow process disclosed in any of the foregoing embodiments may be applied to the encryption process. In the device 103, or implemented by the encryption processor 103.
  • the cryptographic processor 103 may be an integrated circuit chip with signal processing capabilities.
  • the cryptographic processor 103 may be a general-purpose processor, including a central processing unit (CPU), a network processor (NP Processor, etc.), or a digital signal processor (DSP), dedicated integration. Circuit (ASIC), off-the-shelf programmable gate array (FPGA) or other programmable logic device, discrete gate or transistor logic device, discrete hardware component.
  • the methods, steps, and logical block diagrams disclosed in this disclosure may be implemented or carried out.
  • the general purpose processor may be a microprocessor or the cryptographic processor 103 may be any conventional processor or the like.
  • peripheral interface 104 couples various input/output devices to the encryption processor 103 and the memory 101.
  • peripheral interface 104, cryptographic processor 103, and memory controller 102 can be implemented in a single chip. In other instances, they can be implemented by separate chips.
  • the input output unit 105 is configured to provide input to the user to enable user interaction with the server (or local terminal).
  • the input and output unit 105 can be, but is not limited to, a mouse, a keyboard, and the like.
  • the audio unit 106 provides an audio interface to the user, which may include one or more microphones, one or more speakers, and audio circuitry.
  • the display unit 107 provides an interactive interface (such as a user operation interface) between the electronic device 100 and the user or for displaying image data to the user for reference.
  • the display unit 107 can be a liquid crystal display or a touch display.
  • a touch display it can be a capacitive touch screen or a resistive touch screen that supports single-point and multi-touch operations. Supporting single-point and multi-touch operations means that the touch display can sense the touch operation simultaneously generated from one or more positions on the touch display, and the touch operation is transferred to the encryption processor.
  • 103 performs calculations and processing.
  • peripheral interface 104 couples various input/input devices to the encryption processor 103 and the memory 101.
  • peripheral interface 104, cryptographic processor 103, and memory controller 102 can be implemented in a single chip. In other instances, they can be implemented by separate chips.
  • the input output unit 105 is configured to provide input to the user to enable user interaction with the processing terminal.
  • the input and output unit 105 can be, but is not limited to, a mouse, a keyboard, and the like.
  • the electronic device 100 can be applied to encrypt or decrypt data during data transmission between the terminal device and the storage device, for example, when data is transmitted between the terminal device and the storage device.
  • 100 is connected to the terminal device and the storage device respectively, and the connection interface between the terminal device and the storage device may be a USB or SATA type interface, thereby implementing a function of encrypting and decrypting data transfer.
  • the electronic device 100 may encrypt the data when the data is transmitted to the storage device, and decrypt the data when the data is read from the storage device, thereby ensuring the security of the data.
  • the terminal device may be a terminal such as a personal computer (PC), a tablet computer, a smart phone, a personal digital assistant (PDA), a wearable device, or the like.
  • the storage device can be an SD memory card, or a memory, or other device that can store data.
  • FIG. 2 is a flowchart of a data encryption method according to the present disclosure. The method specifically includes the following steps:
  • Step S110 Acquire a user iris image.
  • the iris image of the user can be acquired by the iris camera, and the iris camera can adopt an optical anti-shake iris camera, and the iris camera can accurately capture the user's binocular or monocular iris images.
  • a CCD camera or other image acquisition device can also be used to collect the user's iris image.
  • Step S120 Generate an iris template according to the iris image.
  • the method for generating an iris template may be to generate an iris template by using an iris image through a one-dimensional log-Gabor filtering algorithm or a two-dimensional log-Gabor filtering algorithm.
  • the iris image can be processed by using the Daubechies-4 wavelet transform to obtain an iris template.
  • the embodiment of the present application does not limit the algorithm used to generate the iris template.
  • the iris template is an iris image format stored in the memory used to compare the similarity of the iris images in order to determine whether the different iris images are the same iris, and the iris template includes the inherent biological characteristics of the individual.
  • the iris template is an iris image format that is smaller in size than the original iris image measured by the camera.
  • the iris template may be a template that processes the iris image by Fourier transform or wavelet transform to include an individual's inherent biological characteristics.
  • Step S130 Generate a data key according to the iris template, and encrypt the iris template.
  • the iris template may be used to encrypt the iris template to generate a data key corresponding to the iris template.
  • the process of generating the iris template according to the iris image in the process of collecting the user iris image External environment factors such as light and color may cause differences in the generated templates, and eventually the generated data keys are changed, thereby improving data key security and data security.
  • an iris image collected under conditions of bright ambient light and good light is different from an iris image collected under conditions of dark environment and poor light.
  • Different irises can be generated according to different iris images. Templates, different iris templates are processed by encryption algorithms, and the resulting data keys are different.
  • the iris template can also be encrypted, and the encryption algorithm can be encrypted by using an iris module (optional, an iris module of the chip type AES256/128), or Encryption is performed using the national secret algorithm (SM1, SM2, SM3, SM4, SM7).
  • an iris module optionally an iris module of the chip type AES256/128
  • Encryption is performed using the national secret algorithm (SM1, SM2, SM3, SM4, SM7).
  • Step S140 Encrypt the obtained file to be encrypted according to the data key.
  • the data to be encrypted may be encrypted by using the data key, and the encryption method may also adopt a national secret algorithm (SM1, SM2, SM3, SM4, SM7) or the like.
  • the encrypted file is encrypted by using the data key to obtain the encrypted file to be encrypted.
  • the method may further include:
  • Step S150 Generate an iris key according to the encrypted file to be encrypted.
  • the encrypted file to be encrypted obtained in the above step may generate an iris key according to the encrypted file to be encrypted, and the generating method may adopt a fuzzy algorithm or a fuzzy extractor to perform iris density. Key generation.
  • Step S160 Perform secondary encryption on the iris template according to the iris key.
  • the iris module (optionally, the iris module of the chip type AES256/128 can be used for encryption), and the iris template is used for secondary encryption in this step.
  • the secret algorithm (optional, SM1, SM2, SM3, SM4, SM7, etc.) can be used for encryption.
  • the national secret algorithm is used (optional, it can be used).
  • the SM1, SM2, SM3, SM4, SM7 and other national secret algorithms are used for encryption, the iris template is used for secondary encryption in this step.
  • the iris module with the chip type AES256/128 can be used. Encryption to improve the security of the iris template to prevent it from being stolen by others.
  • Step S170 Generate an encrypted data packet according to the second encrypted image and the encrypted file to be encrypted.
  • the iris template corresponding to the encrypted file to be encrypted needs to be determined, and the encrypted template can be generated by the secondary encrypted iris template and the encrypted file to be encrypted.
  • the packet when decrypting the encrypted file to be encrypted, extracts the encrypted file to be encrypted and the second encrypted iris template from the encrypted data packet.
  • an iris template is generated according to the iris image, and a data key is generated according to the iris template, and the generated iris template is simultaneously encrypted, and then according to the data.
  • the key is used to encrypt the file to be encrypted.
  • the iris template may be secondarily encrypted according to the iris key generated by the encrypted file to be encrypted, in order to facilitate the decryption process.
  • Extracting a template, the iris template and the encrypted file to be encrypted may be generated into an encrypted data packet, and the data encryption method generates an iris template through an iris image, so that each of the different templates to be encrypted according to the iris template Files generate different keys, improving key security and data security.
  • FIG. 3 is a flowchart of a data decryption method according to the present disclosure.
  • the data decryption method specifically includes the following steps:
  • Step S210 Acquire a user iris image.
  • Step S110 Obtaining the file to be decrypted after encrypting the original file, if the file to be decrypted is to be decrypted, the iris image of the user needs to be acquired first, and the iris image obtained in this step can also be obtained by the iris camera, and the specific implementation method can be referred to. Step S110, for the sake of brevity of the description, will not be described again.
  • the file can be decrypted only by using the iris image used in the encryption process. Due to the biological characteristics and uniqueness of the iris image, that is, it is necessary to decrypt the encrypted file by using the iris image of the eye used by the user when encrypting.
  • Step S220 Generate a new iris template according to the iris image.
  • the iris image generation new iris template is the same as the method for generating the iris template in step S120, that is, the new iris template can be generated by a one-dimensional log-Gabor filtering algorithm or a two-dimensional log-Gabor filtering algorithm.
  • Step S230 Acquire an encrypted data packet corresponding to the file to be decrypted, where the encrypted data packet is generated in the process of encrypting the original file to obtain the file to be decrypted, and the encrypted data includes the original file and the encrypted file.
  • Original iris template
  • the encrypted data packet referred to herein may actually be the encrypted data packet generated in step S170, that is, the encrypted data packet is an encrypted data packet generated by the secondary encrypted original iris template and the encrypted original file.
  • the original file may be the file to be encrypted in the above encryption process, and the encrypted original file may be the encrypted file to be encrypted.
  • Step S240 Acquire the original file and the encrypted original iris template from the encrypted data packet.
  • the original file and the encrypted original iris template can be extracted therefrom. If the original file is an encrypted original file, the encrypted original file needs to be decrypted before being obtained.
  • the original file, the method of decrypting the encrypted original file can also be decrypted by using the national secret algorithm (optional, SM1, SM2, SM3, SM4, SM7 and other national secret algorithms).
  • the encrypted original file may be encrypted by using a data key in the foregoing encryption method, and the data key is generated by an iris template generated by the user's iris image. .
  • the iris image provided by the decrypter can be obtained, a new iris template is generated according to the iris image provided by the decrypter, and a new data key is generated by the new iris template, and the encrypted original file is decrypted by using the new data key. Get the original file without encryption.
  • Step S250 Generate an iris key according to the original file.
  • the iris key can be generated by the obtained original file, and the method for generating the iris key here can also be generated by using a fuzzy algorithm or a fuzzy extractor.
  • Step S260 Decrypt the encrypted original iris template according to the iris key.
  • the second encrypted original iris template is decrypted according to the iris key.
  • the national secret algorithm is used (optional, SM1, SM2 may be selected).
  • SM3, SM4, SM7 and other national secret algorithms are used for encryption.
  • the secondary encryption uses the iris module (optional, the iris module with the chip type AES256/128 can be selected) for encryption, and correspondingly, decryption When decrypting, the iris module (optional, iris module with chip type AES256/128) can be used for decryption.
  • the second decryption should use the national secret algorithm (optional, SM1, SM2, SM3 can be selected).
  • the iris module (chip type AES256/128) is used for encryption, and the secondary encryption is performed by the national secret algorithm (optional, SM1, SM2, SM3, SM4, etc.) SM7 and other national secret algorithms) are encrypted.
  • the national secret algorithm (optional, you can use SM1, SM2, SM3, SM4, SM7 and other national secret algorithms) for decryption and secondary decryption.
  • the iris module (optional, iris module with AES256/128 chip type) can be used for decryption. That is, the algorithm used in the encryption process of the iris template is encrypted, and the same algorithm is used for decryption in the decryption process.
  • Step S270 Match the decrypted original iris template with the new iris template to obtain a matching result.
  • the original iris template and the generated new iris template are obtained, and the original iris template and the new iris template can be matched by probability and threshold methods to obtain a matching result.
  • the original iris template can be compared with the new iris template, and the similarity between the two is calculated. If the similarity value exceeds the preset threshold, it indicates that the new iris template acquired later is encrypted.
  • the original iris template used.
  • the user indicating that the decryption is the user at the time of encryption, and the user uses the same eye as the source of the iris image acquired during decryption and encryption. At this time, the matching result of the original iris template and the letter iris template is that the similarity between the two satisfies the decryption requirement.
  • Step S280 Decrypt the file to be decrypted according to the matching result.
  • the matching result obtained in the above step if the matching result is that the decrypted original iris template matches the new iris template, the data key generated according to the original iris template is acquired, thereby according to the data key.
  • Decrypting the to-be-decrypted file if the matching result is that the decrypted original iris template is inconsistent with the new iris template, the data key generated by the original iris template cannot be obtained, and the data key cannot be obtained.
  • the decrypted file is decrypted to prevent data from being stolen, thereby ensuring the security of the data.
  • the encrypted data packet After acquiring the iris image of the user, generating a new iris template according to the iris image, and acquiring an encrypted data packet corresponding to the file to be decrypted, where the encrypted data packet is in the process of encrypting the original file to obtain the to-be-decrypted file.
  • Generating, and the encrypted data includes the original file and the encrypted original iris template, and then acquiring the original file and the encrypted original iris template from the encrypted data packet, and generating an iris key according to the original file.
  • the data decrypting method is to obtain the original iris template generated by the original file, and then the original iris template and the newly generated new iris The template is matched, so that the iris template and the data encryption method generated during the decryption process of the data are Whether the generated iris templates match, if they match, the decrypted files can be decrypted. If they do not match, the decrypted files cannot be decrypted, thereby improving key security and data security.
  • the embodiment of the present application discloses a data decryption method, which includes the following steps.
  • Step S301 obtaining a first iris template corresponding to the first iris image of the user.
  • the first iris image may be obtained by an iris collection device, and a corresponding algorithm may be used to generate a corresponding first iris template for the collected first iris image.
  • the first iris template can include the iris organism features inherent to the user's individual.
  • the user may use his own iris as an encryption key in the data encryption process.
  • the iris at the time of encryption must also be used, otherwise the correct decryption cannot be completed.
  • Step S301 Obtain an encrypted second iris template and encrypted data encrypted by the first data key, where the first data key is generated according to the second iris template in a data encryption process.
  • the first data key is generated by using the second iris template, and the data is encrypted by using the first data key.
  • the encrypted encrypted data and the second iris template used for encryption may be packaged and stored.
  • the packaged encrypted data may be obtained first.
  • the packaged second iris template may also be encrypted. After the packaged encrypted data and the encrypted second iris template are obtained, the encrypted second iris template and the encrypted data may be separated and processed separately.
  • the number of the first iris images may be one or more.
  • the number of second iris images may be one or more. That is to say, during the encryption process, the user can use the iris of one eye to encrypt, or the iris of two eyes to encrypt, and even more irises of the irises of three eyes of multiple people can be encrypted. Due to the uniqueness of the iris, a larger number of irises can achieve more secure encryption.
  • the iris of one eye or two eyes or more eyes is used for decryption to improve the security of the decryption process.
  • Step S301 decrypting the encrypted second iris template to obtain a second iris template.
  • the second iris template used in the encryption process is also encrypted, and the encryption algorithm used for encrypting the second iris template may be predetermined and randomly selected from a plurality of encryption algorithms.
  • the correct encryption algorithm must be used to decrypt, or the decryption algorithm corresponding to the encryption algorithm can be used for decryption.
  • the encryption algorithm or the decryption algorithm used for encryption may be preset.
  • the corresponding algorithm is used for decryption to obtain the decrypted second iris template.
  • Step S301 determining whether the first iris template and the second iris template are consistent.
  • the second iris template can be compared with the first iris template to determine whether the two are consistent. For example, in the process of encrypting a file, the user uses the iris of the left eye to encrypt, and correspondingly, during the decryption process, the user must also use the iris of the left eye to perform the decryption operation. The user only uses the same eye as the encryption process, and the comparison results of the first iris template and the second iris template are consistent.
  • Step S301 when the first iris template is consistent with the second iris template, generating the first data key according to the second iris template, and performing the encrypted data by using the first data key. Decrypt.
  • the user After comparing the first iris template and the second iris template, if the first iris iris template and the second iris template are identical, or both of the same features exceed a preset threshold, the user is used in decryption.
  • the first data key may be generated according to the second iris template, and the encrypted data is decrypted by using the first data key to obtain the decrypted data, and the data decryption process is completed.
  • the step of decrypting the encrypted second iris template to obtain a second iris template includes:
  • the second iris template after the initial decryption is secondarily decrypted according to the iris decryption algorithm, and the second decrypted second iris template is used as the decrypted second iris template.
  • the first iris template includes first biometric data
  • the second iris template includes second biometric data
  • the step of determining whether the first iris template is consistent with the second iris template comprises:
  • the above encryption method and decryption method can be applied to an encryption decryption device having an iris collection device.
  • the encryption and decryption device can be connected to the electronic device, and then the iris collection device on the encryption and decryption device is used to collect one or more iris images, and the collected iris image is utilized. Encryption of the data is done according to the above encryption method.
  • the encryption and decryption device needs to be used, and the iris image required for decryption is collected by the iris collection device on the encryption and decryption device, and the decrypted data is decrypted according to the decryption method. Data decryption process.
  • FIG. 4 is a structural block diagram of a data encryption apparatus 200 according to the present disclosure.
  • the apparatus is configured to perform the foregoing data encryption method, and the apparatus specifically includes:
  • the image acquisition module 210 is configured to acquire a user iris image.
  • the first generation module 220 is configured to generate an iris template according to the iris image.
  • the second generation module 230 is configured to generate a data key according to the iris template and encrypt the iris template.
  • the encryption module 240 is configured to encrypt the obtained file to be encrypted according to the data key.
  • the device may further include:
  • the third generation module 250 is configured to generate an iris key according to the encrypted file to be encrypted.
  • the template encryption module 260 is configured to perform secondary encryption on the iris template according to the iris key.
  • the data packet generating module 270 is configured to generate an encrypted data packet according to the second encrypted image and the encrypted file to be encrypted.
  • FIG. 5 is a structural block diagram of a data decryption apparatus 300 according to the present disclosure.
  • the apparatus is configured to perform the foregoing data decryption method, and the apparatus specifically includes:
  • the first obtaining module 310 is configured to acquire a user iris image.
  • the template generation module 320 is configured to generate a new iris template according to the iris image.
  • the second obtaining module 330 is configured to obtain an encrypted data packet corresponding to the file to be decrypted, where the encrypted data packet is generated in the process of encrypting the original file to obtain the to-be-decrypted file, and the encrypted data includes the original File and encrypted original iris template.
  • the third obtaining module 340 is configured to obtain the original file and the encrypted original iris template from the encrypted data packet.
  • the key generation module 350 is configured to generate an iris key according to the original file.
  • the template decryption module 360 is configured to decrypt the encrypted original iris template according to the iris key.
  • the matching module 370 is configured to match the decrypted original iris template with the new iris template to obtain a matching result.
  • the file decryption module 380 is configured to decrypt the file to be decrypted according to the matching result.
  • the device may further include:
  • the comparison sub-module is configured to acquire a data key generated according to the original iris template if the matching result is that the decrypted original iris template matches the matching result of the new iris template.
  • a decryption submodule configured to decrypt the encrypted file to be decrypted according to the data key.
  • the present disclosure provides a data encryption and decryption method and an electronic device, which first acquires an iris image of a user, generates an iris template according to the iris image, and generates a data key according to the iris template, in order to improve the iris template.
  • the iris template needs to be encrypted, and the obtained file to be encrypted is encrypted according to the data key, and the iris template generated by the iris image is generated, so that the iris template can be generated according to each time.
  • the difference is that different data keys are generated for each different file to be encrypted, which improves data key security and data security.
  • each block of the flowchart or block diagram can represent a module, a program segment, or a portion of code that includes one or more of the Executable instructions. It should also be noted that, in some alternative implementations, the functions noted in the blocks may also occur in a different order than those illustrated in the drawings.
  • each block of the block diagrams and/or flowcharts, and combinations of blocks in the block diagrams and/or flowcharts can be implemented in a dedicated hardware-based system that performs the specified function or function. Or it can be implemented by a combination of dedicated hardware and computer instructions.
  • each functional module in various embodiments of the present disclosure may be integrated to form a separate part, or each module may exist separately, or two or more modules may be integrated to form a separate part.
  • the functions, if implemented in the form of software functional modules and sold or used as separate products, may be stored in a computer readable storage medium.
  • a computer readable storage medium including: a U disk, a mobile hard disk, a read-only memory (ROM), a random access memory (RAM), a magnetic disk, or an optical disk, and the like.
  • the present disclosure provides a data encryption and decryption method, device, electronic device, and readable storage medium, which can generate different data keys for different files to be encrypted according to different generation of iris templates each time, thereby improving the data key.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)
  • Collating Specific Patterns (AREA)

Abstract

L'invention appartient au domaine du traitement de données, et concerne des procédés et des appareils de chiffrement et de déchiffrement de données, un dispositif électronique, et un support de stockage lisible. Le procédé de chiffrement de données consiste à : obtenir une image d'iris d'un utilisateur ; générer un modèle d'iris d'après l'image d'iris ; générer une clé de données d'après le modèle d'iris, et chiffrer le modèle d'iris ; et chiffrer un fichier obtenu devant être chiffré d'après la clé de données. Comme un modèle d'iris peut être généré d'après une image d'iris, une clé de données différente peut être générée pour chaque fichier différent devant être chiffré d'après un modèle d'iris différent généré à chaque fois. L'invention améliore ainsi la sécurité des clés de données et la sécurité des données.
PCT/CN2018/079050 2017-03-17 2018-03-14 Procédés et appareils de chiffrement et de déchiffrement de données, dispositif électronique, et support de stockage lisible Ceased WO2018166484A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201710163631.9A CN107248972B (zh) 2017-03-17 2017-03-17 数据加密、解密方法、装置及电子设备
CN201710163631.9 2017-03-17

Publications (1)

Publication Number Publication Date
WO2018166484A1 true WO2018166484A1 (fr) 2018-09-20

Family

ID=60017477

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/079050 Ceased WO2018166484A1 (fr) 2017-03-17 2018-03-14 Procédés et appareils de chiffrement et de déchiffrement de données, dispositif électronique, et support de stockage lisible

Country Status (2)

Country Link
CN (1) CN107248972B (fr)
WO (1) WO2018166484A1 (fr)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107248972B (zh) * 2017-03-17 2019-12-06 武汉虹识技术有限公司 数据加密、解密方法、装置及电子设备
CN111368308A (zh) * 2018-12-25 2020-07-03 珠海汇金科技股份有限公司 图像获取装置、服务器及加密系统的控制方法、控制装置
CN110826038B (zh) * 2019-10-18 2022-05-24 武汉虹识技术有限公司 数据加解密方法及装置
CN115037469B (zh) * 2022-05-20 2024-10-29 谢轩豪 用户眼部生物特征的加密方法、装置、系统及存储介质
CN116052313B (zh) * 2023-02-10 2024-02-23 北京中超伟业信息安全技术股份有限公司 一种智能保密柜控制方法、装置、设备及存储介质

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101458750A (zh) * 2008-11-21 2009-06-17 东莞市智盾电子技术有限公司 数据安全处理方法和数据安全存储设备
US20150312034A1 (en) * 2014-04-29 2015-10-29 Altek Corporation Method for image encryption and decryption incorporating physiological features and image capture device thereof
CN105447405A (zh) * 2015-11-09 2016-03-30 南京以太安全技术有限公司 基于虹膜识别认证的文档加解密方法及装置
CN107248972A (zh) * 2017-03-17 2017-10-13 武汉虹识技术有限公司 数据加密、解密方法、装置及电子设备

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104572891B (zh) * 2014-12-24 2017-12-12 北京大学深圳研究生院 一种用于网络信息分离存储的文件更新方法

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101458750A (zh) * 2008-11-21 2009-06-17 东莞市智盾电子技术有限公司 数据安全处理方法和数据安全存储设备
US20150312034A1 (en) * 2014-04-29 2015-10-29 Altek Corporation Method for image encryption and decryption incorporating physiological features and image capture device thereof
CN105447405A (zh) * 2015-11-09 2016-03-30 南京以太安全技术有限公司 基于虹膜识别认证的文档加解密方法及装置
CN107248972A (zh) * 2017-03-17 2017-10-13 武汉虹识技术有限公司 数据加密、解密方法、装置及电子设备

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
WANG, QIANG ET AL.: "Study on the Key Based on Iris Feature for Barracks Information Encryption", COMPUTER SYSTEMS AND APPLICATIONS, vol. 22, no. 9, 27 September 2013 (2013-09-27), pages 119 - 121 *

Also Published As

Publication number Publication date
CN107248972B (zh) 2019-12-06
CN107248972A (zh) 2017-10-13

Similar Documents

Publication Publication Date Title
CN106412907B (zh) 一种网络接入方法、相关设备及系统
CN108734031B (zh) 具有在数据安全桥中实现的安全功能的安全数据存储设备
CN105960775B (zh) 用于迁移密钥的方法和装置
WO2018166484A1 (fr) Procédés et appareils de chiffrement et de déchiffrement de données, dispositif électronique, et support de stockage lisible
WO2017050093A1 (fr) Procédé d'entrée d'informations d'ouverture de session, procédé de stockage d'informations d'ouverture de session et dispositif associé
CN110390191A (zh) 用于安全生物识别验证的方法和系统
CN105429761A (zh) 一种密钥生成方法及装置
CN104573551A (zh) 一种文件处理的方法及移动终端
WO2020215568A1 (fr) Procédé, appareil et système de changement de numéro de communication, dispositif informatique et support d'enregistrement
TW202107316A (zh) 資料處理方法、裝置和電子設備
WO2016192165A1 (fr) Procédé et appareil de chiffrement de données
CN104239815A (zh) 基于虹膜识别的电子文档加密解密装置及方法
CN105005731A (zh) 一种数据加密、解密的方法及移动终端
WO2016103221A1 (fr) Programme informatique, procédé, et système de gestion de données sécurisée
CN110321757B (zh) 跨端生物特征识别系统、生物特征管理系统、方法及装置
WO2018165811A1 (fr) Procédé de sauvegarde et de vérification de modèle biométrique, et appareil et terminal de reconnaissance biométrique
CN104318201A (zh) 一种指纹处理的方法及芯片、终端
CN117280652A (zh) 数据管理系统、数据管理方法及非暂时性记录介质
WO2018113537A1 (fr) Procédé et système de chiffrement de photographie basé sur une identification par empreinte digitale
CN105426721A (zh) 一种图片加密的方法及装置
CN106850215B (zh) 数据加密、解密方法及装置
CN105426727A (zh) 指纹解密方法及移动终端
CN105373741A (zh) 一种指纹信息的使用方法及装置
CN113079017A (zh) 一种电子签名的指纹实名认证方法和系统
CN114239028B (zh) 一种数据处理方法、装置、计算机设备及存储介质

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18767727

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18767727

Country of ref document: EP

Kind code of ref document: A1