CN113452504B - Data decryption method and device - Google Patents

Data decryption method and device Download PDF

Info

Publication number
CN113452504B
CN113452504B CN202010211525.5A CN202010211525A CN113452504B CN 113452504 B CN113452504 B CN 113452504B CN 202010211525 A CN202010211525 A CN 202010211525A CN 113452504 B CN113452504 B CN 113452504B
Authority
CN
China
Prior art keywords
data
private key
characteristic
polynomial
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010211525.5A
Other languages
Chinese (zh)
Other versions
CN113452504A (en
Inventor
孙永超
肖雪
李照川
李淳
樊继硕
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chaozhou Zhuoshu Big Data Industry Development Co Ltd
Original Assignee
Chaozhou Zhuoshu Big Data Industry Development Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chaozhou Zhuoshu Big Data Industry Development Co Ltd filed Critical Chaozhou Zhuoshu Big Data Industry Development Co Ltd
Priority to CN202010211525.5A priority Critical patent/CN113452504B/en
Publication of CN113452504A publication Critical patent/CN113452504A/en
Application granted granted Critical
Publication of CN113452504B publication Critical patent/CN113452504B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3231Biological data, e.g. fingerprint, voice or retina

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Biomedical Technology (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Biodiversity & Conservation Biology (AREA)
  • General Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Power Engineering (AREA)
  • Telephone Function (AREA)
  • Storage Device Security (AREA)

Abstract

The application discloses a data decryption method and equipment, wherein the method comprises the following steps: acquiring a first biological characteristic of a user, and extracting first characteristic data through a biological characteristic extraction module; determining data pairs meeting conditions in a pre-stored database according to the first characteristic data; determining a first private key according to the data pair, and calculating a hash value of the first private key; and when the hash value of the first private key is determined to be the same as the hash value of the private key corresponding to the pre-stored user identification, decrypting the pre-acquired encrypted data through the first private key. According to the embodiment of the application, the first private key is further determined through the first biological characteristic of the user, and when the first private key is judged to be correct, the encrypted data are decrypted, so that the problem that the safety of the data cannot be guaranteed when the mobile equipment is lost or stolen in the prior art is solved.

Description

Data decryption method and device
Technical Field
The present application relates to the field of computer technologies, and in particular, to a data decryption method and device.
Background
In using and transmitting sensitive information relating to personal privacy, in order to prevent leakage of the sensitive information, it is necessary to encrypt the sensitive information using an encryption method. Currently used asymmetric encryption methods typically store the public key on a server and the private key in the user's personal mobile device. When the system is used, the server encrypts the sensitive information by the public key and sends the encrypted sensitive information to the personal mobile equipment, and the user decrypts the sensitive information by using the private key in the mobile equipment to obtain the required sensitive information.
In the prior art, most private keys for decryption of users are stored in mobile equipment for a long time, and once the mobile equipment is lost or stolen, the private keys are also exposed, so that the security of data cannot be guaranteed.
Disclosure of Invention
In view of this, embodiments of the present application provide a data decryption method and device, so as to solve the problem in the prior art that when a mobile device is lost or stolen, the security of data cannot be guaranteed.
The embodiment of the application adopts the following technical scheme:
the embodiment of the application provides a data decryption method, which comprises the following steps:
acquiring a first biological characteristic of a user, and extracting first characteristic data through a biological characteristic extraction module;
determining data pairs meeting conditions in a pre-stored database according to the first characteristic data;
determining a first private key according to the data pair, and calculating a hash value of the first private key;
and when the hash value of the first private key is determined to be the same as the hash value of the private key corresponding to the pre-stored user identification, decrypting the pre-acquired encrypted data through the first private key.
Further, before decrypting the pre-acquired encrypted data by the first private key, the method further includes:
sending a request for calling data to a server according to an instruction input by a user so that the server can encrypt the data through a public key corresponding to a user identifier received in advance;
and receiving the encrypted data sent by the server.
Further, before the obtaining the first biological feature of the user, the method further includes:
receiving a registration request sent by a user;
acquiring a second biological characteristic input by the user, and extracting second characteristic data through the biological characteristic extraction module, wherein the dimension of the second biological characteristic is the same as that of the first biological characteristic;
generating a private key corresponding to the user identification through a first preset algorithm;
constructing a polynomial according to preset requirements;
taking characters of a private key as coefficients of the polynomial according to a first preset mode;
substituting the second characteristic data into the polynomial to calculate a corresponding polynomial value;
generating a plurality of first random numbers and a plurality of second random numbers by a random number generator, wherein the first random numbers are different from the second characteristic data, and the values obtained by substituting the second random numbers and the first random numbers into the polynomial are different;
forming a first data pair by the second characteristic data and the corresponding polynomial value, and forming a second data pair by the first random number and the second random number;
storing the first data pair and the second data pair to a database, and deleting the private key, the coefficients of the polynomial, and the second feature data.
Further, the taking characters of a private key as coefficients of the polynomial according to a first preset mode specifically includes:
calculating the ASCII code of each character in the private key, and combining a preset number of ASCII codes into a coefficient value;
taking the coefficient values as coefficients of the polynomial.
Further, the determining, according to the first feature data, a data pair meeting a condition in a pre-stored database specifically includes:
setting an error threshold, and finding out the second characteristic data and/or the first random number which is different from the first characteristic data by the error threshold in the database;
and determining the first data pair and/or the second data pair according to the second characteristic data or the first random number.
Further, the second biological characteristics comprise one or more of human face characteristics, fingerprint characteristics, iris characteristics and vein characteristics.
Further, the determining the first private key according to the data pair specifically includes:
fitting the data pairs into a first polynomial according to a second preset algorithm, and determining coefficients of the first polynomial;
and converting the coefficient of the first polynomial according to a second preset mode to determine a first private key.
Further, the second preset algorithm is a lagrangian difference method or a least square method.
Further, the converting the coefficient of the polynomial according to a second preset mode to determine a first private key specifically includes:
and transforming the coefficients of the polynomial according to an ASCII code table to determine the first private key.
An embodiment of the present application further provides a data decryption device, where the device includes:
at least one processor; and the number of the first and second groups,
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores instructions executable by the at least one processor to enable the at least one processor to:
acquiring a first biological characteristic of a user, and extracting first characteristic data through a biological characteristic extraction module;
determining data pairs meeting conditions in a pre-stored database according to the first characteristic data;
determining a first private key according to the data pair, and calculating a hash value of the first private key;
and when the hash value of the first private key is determined to be the same as the hash value of the private key corresponding to the pre-stored user identification, decrypting the pre-acquired encrypted data through the first private key.
The embodiment of the application adopts at least one technical scheme which can achieve the following beneficial effects: according to the embodiment of the application, the first private key is further determined through the first biological characteristic of the user, and when the first private key is judged to be correct, the encrypted data are decrypted, so that the problem that the safety of the data cannot be guaranteed when the mobile equipment is lost or stolen in the prior art is solved.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the application and together with the description serve to explain the application and not to limit the application. In the drawings:
fig. 1 is a schematic flowchart of a data decryption method provided in an embodiment of the present disclosure.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the technical solutions of the present application will be described in detail and completely with reference to the following specific embodiments of the present application and the accompanying drawings. It should be apparent that the described embodiments are only some of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
The technical solutions provided by the embodiments of the present application are described in detail below with reference to the accompanying drawings.
Fig. 1 is a schematic flowchart of a data decryption method provided in an embodiment of the present specification, where the following steps may be executed by a mobile device in the embodiment of the present specification, and specifically include:
step S101, the mobile device obtains a first biological characteristic of a user, and first characteristic data is extracted through a biological characteristic extraction module.
And step S102, the mobile equipment determines the data pairs meeting the conditions in a pre-stored database according to the first characteristic data.
Step S103, the mobile device determines a first private key according to the data pair and calculates a hash value of the first private key.
And step S104, when the mobile equipment determines that the hash value of the first private key is the same as the hash value of the private key corresponding to the pre-stored user identification, decrypting the pre-acquired encrypted data through the first private key.
In step S104 of this embodiment of the present specification, the user identifier may be generated by a user through editing, and after receiving the user identifier input by the user, the processing unit needs to search the user identifier so as to prevent the user identifier input by the user from being the same as other user identifiers, and similarly, the user identifier may also be automatically generated by the processing unit.
According to the embodiment of the application, the first private key is further determined through the first biological characteristic of the user, and when the first private key is judged to be correct, the encrypted data are decrypted, so that the problem that the safety of the data cannot be guaranteed when the mobile equipment is lost or stolen in the prior art is solved.
Correspondingly to the embodiment, a second embodiment of the present specification provides a data decryption method, where the following steps may be executed by a mobile device in the embodiment of the present specification, and specifically include:
step S201, the mobile device receives a registration request sent by a user, collects a second biometric feature input by the user, and extracts second feature data through the biometric feature extraction module, where the registration request includes an identifier of the user.
In step S201 of the embodiment of the present specification, the second biometric feature may include one or more of a human face feature, a fingerprint feature, an iris feature, and a vein feature.
In step S201 of this embodiment of the present specification, the user identifier may be generated by a user through editing, and after receiving the user identifier input by the user, the processing unit needs to search the user identifier so as to prevent the user identifier input by the user from being the same as other user identifiers, and similarly, the user identifier may also be automatically generated by the processing unit.
It should be noted that the biometric feature extraction module is configured to extract a second biometric feature, and when the second biometric feature is a face feature, the biometric feature extraction module may be an image collector; when the second biological characteristic is a fingerprint characteristic, the biological characteristic extraction module can be a fingerprint collector; when the second biological characteristic is the iris characteristic, the biological characteristic extraction module can be used as an iris collector; when the second biometric characteristic is a vein characteristic, the biometric characteristic extraction module may be an iris collector.
Step S202, the mobile device generates a private key and a public key corresponding to the user identification through a first preset algorithm, wherein the mobile device sends the public key to a server, calculates a hash value of the private key, encrypts data by applying the public key in the server, and temporarily stores the private key in the mobile device.
In step S202 of the embodiment of the present specification, the first preset algorithm may be an asymmetric encryption algorithm.
Step S203, the mobile device constructs a polynomial according to a preset requirement, and uses characters of a private key as coefficients of the polynomial according to a first preset mode.
In step S203 of this embodiment, the method for determining the coefficients of the polynomial according to the first preset mode specifically includes: calculating the ASCII code of each character in the private key, and combining a preset number of ASCII codes into a coefficient value; taking the coefficient values as coefficients of the polynomial.
Further, in step S203 of this specification, in this embodiment, the SM2 algorithm may generate a corresponding public key and a corresponding private key, in a standard of the SM2 algorithm, the private key is composed of 64 characters, each character may be converted through ASCII to obtain a two-digit number (in this specification, the characters of the private key are converted through ASCII to have no three-digit number), two consecutive characters are merged, a four-digit number is obtained after ASCII conversion, and 64 characters in the private key will obtain 32 four-digit numbers. A31 th-order polynomial can be obtained by sequentially using 32 four-digit numbers as 32 coefficients of a 31 th-order polynomial, for example, the polynomial can be a 32 x 31 +a 31 x 30 ……a 2 x+a 1 Wherein a is 32 、a 31 ……a 2 、a 1 Are coefficients.
Further, in order to calculate more accurately, in the embodiments of the present specification, a root or a cubic root may be first formed for the 32 four-digit numbers, or 32 numbers may be grouped to serve as coefficients of a plurality of lower-order polynomials, for example, the 32 numbers may be grouped into 4 groups by 8, each group may be regarded as a 7-order polynomial, and reducing the number of the polynomials and the size of the coefficients may avoid excessively large values of the polynomials, so that the calculation is more accurate.
And step S204, the mobile equipment substitutes the second characteristic data into the polynomial to calculate a corresponding polynomial value.
In step S205, the mobile device generates a plurality of first random numbers and a plurality of second random numbers through a random number generator, where the first random numbers are different from the second feature data, and values obtained by substituting the second random numbers into the polynomial with the first random numbers are different, so as to prevent a private key from being calculated through the first random numbers and the second random numbers.
In step S206, the mobile device combines the second feature data and the corresponding polynomial value into a first data pair, and combines the first random number and the second random number into a second data pair.
In step S206 of this embodiment, for example, the second feature data a is substituted into a polynomial to obtain a corresponding polynomial value b, a and b are combined into a first data pair, and both the first random number and the second random number are randomly generated and may be combined to form a data pair as long as the condition of step S205 is satisfied.
Step S207, the mobile device stores the first data pair, the second data pair, and the hash value of the private key to a database, and deletes the private key, the coefficient of the polynomial, and the second feature data.
The above steps are processes of registering a public key and a private key for a user and encrypting the private key, and the following steps are processes of decrypting encrypted data by the user.
Step S208, the mobile device sends a request for calling data to the server according to the instruction input by the user, so that the server can encrypt the data through the public key corresponding to the user identifier received in advance, and send the encrypted data to the mobile device.
In step S209, the mobile device receives the encrypted data sent by the server.
Step S210, the mobile device obtains a first biological feature of the user, and extracts first feature data through the biological feature extraction module.
In step S210 of this embodiment, the first biometric feature includes one or more of a face feature, a fingerprint feature, an iris feature, and a vein feature. The first biological feature and the second biological feature have the same dimension, that is, the second biological feature and the first biological feature are the same in type, but the two biological features are different in acquisition time, the second biological feature can be acquired by the mobile device when the user registers, the first biological feature can be acquired by the mobile device when the server decrypts the encrypted data, for example, the second biological feature includes a face feature and a fingerprint feature, and the first biological feature includes a face feature and a fingerprint feature.
And step S211, the mobile equipment determines the data pairs meeting the conditions in a pre-stored database according to the first characteristic data.
In step S211 in the embodiment of this specification, the step specifically includes:
setting an error threshold, and finding out the second characteristic data and/or the first random number which is different from the first characteristic data by the error threshold in the database;
and determining the first data pair and/or the second data pair according to the second characteristic data or the first random number, wherein an error threshold value is 0.001 for example.
In step S212, the mobile device determines a first private key according to the data pair, and calculates a hash value of the first private key.
Further, determining the first private key according to the data pair specifically includes:
fitting the data pairs into a first polynomial according to a second preset algorithm, and determining coefficients of the first polynomial;
and converting the coefficient of the first polynomial according to a second preset mode to determine a first private key.
Further, the second preset algorithm is a lagrangian difference method or a least square method.
Further, the determining the first private key by converting the coefficient of the polynomial according to a second preset mode specifically includes:
and converting the coefficients of the polynomial according to an ASCII code table to obtain characters of the first private key, and further determining the first private key.
Step S213, when the mobile device determines that the hash value of the first private key is the same as the hash value of the private key corresponding to the pre-stored user identifier, decrypting the pre-obtained encrypted data by using the first private key.
In step S213 in this embodiment, if the mobile device determines that the hash value of the first private key is different from the hash value of the private key corresponding to the pre-stored user identifier, it needs to return to step S210.
It should be noted that, because the current asymmetric encryption scheme needs to store the private key for user decryption in the mobile device for a long time, once the mobile device is lost or stolen, the private key is also exposed, and the security of data cannot be guaranteed. In order to solve the problem, the security protection of the private key stored in the mobile device is required, and it is ensured that only the user himself can decrypt the encrypted data using the private key. The embodiments of the present specification achieve this effect through the rational use of biometrics. The biological characteristics are inherent physiological characteristics of human bodies and can be used as unique identification for identifying the identity of a user. The method comprises the steps of binding the biological characteristics with the private key, storing the binding result of the biological characteristics and the private key in the terminal device instead of the private key, unbinding the private key by inputting the biological characteristics again during decryption, and then decrypting information by using the unbound private key. The private key stored in the mobile terminal is protected by utilizing the biological characteristics of the user, so that the private key can be restored and used by the user through the re-input of the biological characteristics; on the other hand, the terminal device does not directly store the private key, and the private key cannot be unbound by only the mobile device except the user himself, so that a decryption result cannot be obtained.
In addition, conventional personal authentication methods typically store the biometric features generated when the user is registered in the mobile device, and re-enter the biometric features by the user during authentication, and compare the stored biometric features with the stored biometric features. The method stores the biological characteristic information in the mobile equipment, so that the mobile equipment is exposed when being lost or stolen, and under the condition that the biological characteristic encryption mode is more and more common, the biological characteristic is used as information which cannot be changed and can be used as a personal identity authentication standard, once the biological characteristic is stolen, great potential safety hazards are brought, and therefore, the mode of directly using the biological characteristic to carry out personal identity authentication has certain risks.
It should be noted that, in the method for binding the biometric feature and the private key in the embodiment of the present specification, the process of verifying the personal identity and determining the private key is combined, it is ensured that neither the biometric feature nor the private key used for decryption is directly stored in the mobile device, and the personal identity identification and the private key acquisition are performed simultaneously through the action of unbinding. When the biological characteristics are bound with the private key, almost no biological characteristics input twice are the same even for the same person, and the extracted characteristics of two facial pictures of the same person are probably very close to each other but almost impossible to be equal, so that the private key can be successfully obtained by using the biological characteristics which are similar to but not completely equal to the bound biological characteristics when the private key is determined.
According to the embodiment of the application, the first private key is further determined through the first biological characteristic of the user, and when the first private key is judged to be correct, the encrypted data are decrypted, so that the problem that the safety of the data cannot be guaranteed when the mobile equipment is lost or stolen in the prior art is solved.
An embodiment of the present application further provides a data decryption device, where the device includes:
at least one processor; and the number of the first and second groups,
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores instructions executable by the at least one processor to enable the at least one processor to:
acquiring a first biological characteristic of a user, and extracting first characteristic data through a biological characteristic extraction module;
determining data pairs meeting conditions in a pre-stored database according to the first characteristic data;
determining a first private key according to the data pair, and calculating a hash value of the first private key;
and when the hash value of the first private key is determined to be the same as the hash value of the private key corresponding to the pre-stored user identification, decrypting the pre-acquired encrypted data through the first private key.
In the 90 s of the 20 th century, improvements in a technology could clearly distinguish between improvements in hardware (e.g., improvements in circuit structures such as diodes, transistors, switches, etc.) and improvements in software (improvements in process flow). However, as technology advances, many of today's process flow improvements have been seen as direct improvements in hardware circuit architecture. Designers almost always obtain the corresponding hardware circuit structure by programming an improved method flow into the hardware circuit. Thus, it cannot be said that an improvement in the process flow cannot be realized by hardware physical blocks. For example, a Programmable Logic Device (PLD), such as a Field Programmable Gate Array (FPGA), is an integrated circuit whose Logic functions are determined by programming the Device by a user. A digital system is "integrated" on a PLD by the designer's own programming without requiring the chip manufacturer to design and fabricate application-specific integrated circuit chips. Furthermore, nowadays, instead of manually manufacturing an Integrated Circuit chip, such Programming is often implemented by "logic compiler" software, which is similar to a software compiler used in program development, but the original code before compiling is also written in a specific Programming Language, which is called Hardware Description Language (HDL), and the HDL is not only one kind but many kinds, such as abll (Advanced boot Expression Language), AHDL (alternate hard Description Language), traffic, CUPL (core ii universal Programming Language), HDCal (Java hard Description Language), lava, lola, HDL, PALASM, software, rhydl (Hardware Description Language), and vhul-Language (vhyg-Language), which is currently used in the field. It will also be apparent to those skilled in the art that hardware circuitry that implements the logical method flows can be readily obtained by merely slightly programming the method flows into an integrated circuit using the hardware description languages described above.
The controller may be implemented in any suitable manner, for example, the controller may take the form of, for example, a microprocessor or processor and a computer-readable medium storing computer-readable program code (e.g., software or firmware) executable by the (micro) processor, logic gates, switches, an Application Specific Integrated Circuit (ASIC), a programmable logic controller, and an embedded microcontroller, examples of which include, but are not limited to, the following microcontrollers: ARC 625D, atmel AT91SAM, microchip PIC18F26K20, and Silicone Labs C8051F320, the memory controller may also be implemented as part of the control logic for the memory. Those skilled in the art will also appreciate that, in addition to implementing the controller as pure computer readable program code, the same functionality can be implemented by logically programming method steps such that the controller is in the form of logic gates, switches, application specific integrated circuits, programmable logic controllers, embedded microcontrollers and the like. Such a controller may thus be considered a hardware component, and the means included therein for performing the various functions may also be considered as a structure within the hardware component. Or even means for performing the functions may be regarded as being both a software module for performing the method and a structure within a hardware component.
The systems, devices, modules or units illustrated in the above embodiments may be implemented by a computer chip or an entity, or by a product with certain functions. One typical implementation device is a computer. In particular, the computer may be, for example, a personal computer, a laptop computer, a cellular telephone, a camera phone, a smartphone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device, or a combination of any of these devices.
For convenience of description, the above devices are described as being divided into various units by function, respectively. Of course, the functionality of the units may be implemented in one or more software and/or hardware when implementing the present application.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrases "comprising a," "8230," "8230," or "comprising" does not exclude the presence of other like elements in a process, method, article, or apparatus comprising the element.
The application may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. The application may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, as for the system embodiment, since it is substantially similar to the method embodiment, the description is relatively simple, and reference may be made to the partial description of the method embodiment for relevant points.
The above description is only an example of the present application and is not intended to limit the present application. Various modifications and changes may occur to those skilled in the art. Any modification, equivalent replacement, improvement or the like made within the spirit and principle of the present application shall be included in the scope of the claims of the present application.

Claims (8)

1. A method for data decryption, the method comprising:
receiving a registration request sent by a user;
acquiring a second biological characteristic input by the user, and extracting second characteristic data through the biological characteristic extraction module, wherein the dimension of the second biological characteristic is the same as that of the first biological characteristic;
generating a private key corresponding to the user identifier through a first preset algorithm;
constructing a polynomial according to preset requirements;
taking characters of a private key as coefficients of the polynomial according to a first preset mode;
substituting the second characteristic data into the polynomial to calculate a corresponding polynomial value;
generating a plurality of first random numbers and a plurality of second random numbers by a random number generator, wherein the first random numbers are different from the second characteristic data, and the values obtained by substituting the second random numbers and the first random numbers into the polynomial are different;
forming a first data pair by the second characteristic data and the corresponding polynomial value, and forming a second data pair by the first random number and the second random number;
storing the first data pair and the second data pair to a database, and deleting the private key, the coefficients of the polynomial, and the second feature data;
acquiring a first biological characteristic of a user, and extracting first characteristic data through a biological characteristic extraction module;
determining data pairs meeting conditions in a pre-stored database according to the first characteristic data;
setting an error threshold, and finding out the second characteristic data and/or the first random number which is different from the first characteristic data by the error threshold in the database;
determining the first data pair and/or the second data pair according to the second characteristic data or the first random number;
determining a first private key according to the data pair, and calculating a hash value of the first private key;
and when the hash value of the first private key is determined to be the same as the hash value of the private key corresponding to the pre-stored user identification, decrypting the pre-acquired encrypted data through the first private key.
2. The data decryption method of claim 1, wherein before decrypting the pre-obtained encrypted data by the first private key, the method further comprises:
sending a request for calling data to a server according to an instruction input by a user so that the server can encrypt the data through a public key corresponding to a user identifier received in advance;
and receiving the encrypted data sent by the server.
3. The data decryption method according to claim 1, wherein the taking characters of a private key as coefficients of the polynomial according to a first preset manner specifically comprises:
calculating the ASCII code of each character in the private key, and forming a coefficient value by using a preset number of ASCII codes;
taking the coefficient values as coefficients of the polynomial.
4. The data decryption method of claim 1, wherein the second biometric characteristic comprises one or more of a face characteristic, a fingerprint characteristic, an iris characteristic, and a vein characteristic.
5. The data decryption method of claim 1, wherein the determining a first private key according to the data pair specifically comprises:
fitting the data pairs into a first polynomial according to a second preset algorithm, and determining coefficients of the first polynomial;
and converting the coefficient of the first polynomial according to a second preset mode to determine a first private key.
6. The data decryption method of claim 5, wherein the second predetermined algorithm is Lagrangian difference method or least squares method.
7. The data decryption method according to claim 5, wherein the converting the coefficients of the polynomial according to a second preset manner to determine a first private key specifically comprises:
and transforming the coefficients of the polynomial according to an ASCII code table to determine the first private key.
8. A data decryption device, characterized in that the device comprises:
at least one processor; and (c) a second step of,
a memory communicatively coupled to the at least one processor; wherein, the first and the second end of the pipe are connected with each other,
the memory stores instructions executable by the at least one processor to enable the at least one processor to:
receiving a registration request sent by a user;
collecting a second biological characteristic input by the user, and extracting second characteristic data through the biological characteristic extraction module, wherein the dimension of the second biological characteristic is the same as that of the first biological characteristic;
generating a private key corresponding to the user identifier through a first preset algorithm;
constructing a polynomial according to preset requirements;
taking characters of a private key as coefficients of the polynomial according to a first preset mode;
substituting the second characteristic data into the polynomial to calculate a corresponding polynomial value;
generating a plurality of first random numbers and a plurality of second random numbers by a random number generator, wherein the first random numbers are different from the second characteristic data, and the values obtained by substituting the second random numbers and the first random numbers into the polynomial are different;
forming a first data pair by the second characteristic data and the corresponding polynomial value, and forming a second data pair by the first random number and the second random number;
storing the first data pair and the second data pair to a database, and deleting the private key, the coefficients of the polynomial, and the second characteristic data;
acquiring a first biological characteristic of a user, and extracting first characteristic data through a biological characteristic extraction module;
determining data pairs meeting conditions in a pre-stored database according to the first characteristic data;
setting an error threshold, and finding out the second characteristic data and/or the first random number which is different from the first characteristic data by the error threshold in the database;
determining the first data pair and/or the second data pair according to the second characteristic data or the first random number;
determining a first private key according to the data pair, and calculating a hash value of the first private key;
and when the hash value of the first private key is determined to be the same as the hash value of the private key corresponding to the pre-stored user identification, decrypting the pre-acquired encrypted data through the first private key.
CN202010211525.5A 2020-03-24 2020-03-24 Data decryption method and device Active CN113452504B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010211525.5A CN113452504B (en) 2020-03-24 2020-03-24 Data decryption method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010211525.5A CN113452504B (en) 2020-03-24 2020-03-24 Data decryption method and device

Publications (2)

Publication Number Publication Date
CN113452504A CN113452504A (en) 2021-09-28
CN113452504B true CN113452504B (en) 2023-02-21

Family

ID=77806390

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010211525.5A Active CN113452504B (en) 2020-03-24 2020-03-24 Data decryption method and device

Country Status (1)

Country Link
CN (1) CN113452504B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107579817A (en) * 2017-09-12 2018-01-12 广州广电运通金融电子股份有限公司 User ID authentication method, apparatus and system based on block chain
CN109522698A (en) * 2018-10-11 2019-03-26 平安科技(深圳)有限公司 User authen method and terminal device based on block chain
CN110519297A (en) * 2019-09-17 2019-11-29 腾讯科技(深圳)有限公司 A kind of data processing method and equipment based on block chain private key
CN110601853A (en) * 2019-09-17 2019-12-20 腾讯科技(深圳)有限公司 Block chain private key generation method and equipment

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107426170B (en) * 2017-05-24 2019-08-09 阿里巴巴集团控股有限公司 A kind of data processing method and equipment based on block chain
EP4120620A1 (en) * 2017-12-08 2023-01-18 Ping Identity Corporation Methods and systems for recovering data using dynamic passwords

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107579817A (en) * 2017-09-12 2018-01-12 广州广电运通金融电子股份有限公司 User ID authentication method, apparatus and system based on block chain
CN109522698A (en) * 2018-10-11 2019-03-26 平安科技(深圳)有限公司 User authen method and terminal device based on block chain
CN110519297A (en) * 2019-09-17 2019-11-29 腾讯科技(深圳)有限公司 A kind of data processing method and equipment based on block chain private key
CN110601853A (en) * 2019-09-17 2019-12-20 腾讯科技(深圳)有限公司 Block chain private key generation method and equipment

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
"基于区块链技术的生物特征和口令双因子跨域认证方案";周致成等;《计算机应用》;20180327;全文 *

Also Published As

Publication number Publication date
CN113452504A (en) 2021-09-28

Similar Documents

Publication Publication Date Title
CN111431936B (en) Authorization processing method, device, equipment, system and storage medium based on verifiable statement
CN111885024B (en) Login information processing method and equipment
CN108055132B (en) Method, device and equipment for service authorization
CN107241364B (en) File downloading method and device
CN110795501A (en) Method, device, equipment and system for creating verifiable statement based on block chain
CN110011954B (en) Homomorphic encryption-based biological identification method, device, terminal and business server
KR20170051424A (en) Encrypting and decrypting information
US11704420B2 (en) Terminal device and computer program
CN110519294B (en) Identity authentication method, device, equipment and system
US20200265147A1 (en) Blockchain-based image processing method and apparatus
CN111342966B (en) Data storage method, data recovery method, device and equipment
TWI782502B (en) Information verification method, device and equipment
CN110995410A (en) Method, device, equipment and medium for generating public key and private key
CN113221142A (en) Authorization service processing method, device, equipment and system
CN112287376A (en) Method and device for processing private data
CN112101954A (en) Cross-border service processing method and device based on private data and equipment information
CN114817984A (en) Data processing method, device, system and equipment
KR102552111B1 (en) Data security system and method therefor
CN108052828B (en) Method and device for generating screen recording file, terminal and storage medium
CN113452503B (en) Block chain-based private key retrieving method, device and medium
CN113452504B (en) Data decryption method and device
CN113497710A (en) Data decryption method and device
CN116011028B (en) Electronic signature method, electronic signature device and electronic signature system
CN109560927B (en) Equipment fingerprint implementation method and device
US11451388B2 (en) Data extraction system, data extraction method, registration apparatus, and program

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right

Effective date of registration: 20221205

Address after: 214002 1101, 1102, 1103, 1104, 1105, 1106, 1107, 1108, No. 15, first financial street, Wuxi Economic Development Zone, Wuxi City, Jiangsu Province

Applicant after: Chaozhou Zhuoshu Big Data Industry Development Co.,Ltd.

Address before: Room 3110, S01 / F, Langchao building, 1036 Langchao Road, high tech Zone, Jinan City, Shandong Province, 250101

Applicant before: Shandong Aicheng Network Information Technology Co.,Ltd.

TA01 Transfer of patent application right
GR01 Patent grant
GR01 Patent grant