CN118353625A - Data processing method for campus ID card - Google Patents

Abstract

The invention relates to the technical field of data processing, in particular to a data processing method for a campus ID card. The method comprises the following steps: receiving campus card ID information and user behavior data input by a user; generating a unique key based on the user behavior data; using the unique key to perform preliminary encryption processing on the campus card ID information by using a symmetric encryption algorithm to generate preliminary encryption data; and carrying out secondary encryption processing on the primary encrypted data by using an asymmetric encryption algorithm, generating secondary encrypted data, and transmitting the secondary encrypted data to a server for decryption. The invention combines the symmetric encryption algorithm and the asymmetric encryption algorithm, thereby creating a multi-layer security protection system, obviously improving the security of data in the transmission and storage processes, and providing a rapid and safe way for encrypting a large amount of data by using AES symmetric encryption with high encryption and decryption speed and lower calculation resource requirement.

Description

Data processing method for campus ID card

Technical Field

The invention relates to the technical field of data processing, in particular to a data processing method for a campus ID card.

Background

Conventional campus ID card data processing methods typically rely on a single encryption technique, in many cases using a basic symmetric encryption algorithm for data protection. While symmetric encryption can provide faster processing speeds, since it uses the same key for encryption and decryption, once the key is compromised, all data is at risk of being hacked.

In addition, key management is generally simple in traditional methods, and a fixed or periodically-changing key is often adopted, so that once an attacker acquires the key, a large amount of data can be easily decrypted, thereby endangering user privacy and data security. In the data transmission process, the conventional method lacks enough security measures, such as not adopting data transmission encryption or using weaker encryption standards, so that the data is easy to attack by middle people and steal data in the public network.

Meanwhile, due to the fact that a traditional method lacks of efficient encryption algorithm optimization, system processing is slow when large-scale data processing is carried out, and user experience is affected.

Disclosure of Invention

The present invention is directed to a data processing method for a campus ID card, so as to solve the problems set forth in the background art.

In order to achieve the above purpose, the present invention provides the following technical solutions: the data processing method for the campus ID card comprises the following steps:

S1, receiving campus card ID information and user behavior data input by a user;

s2, generating a unique key based on the user behavior data;

S3, performing primary encryption processing on the campus card ID information by using the unique key through a symmetric encryption algorithm to generate primary encryption data;

S4, performing secondary encryption processing on the primary encrypted data by using an asymmetric encryption algorithm, generating secondary encrypted data, and transmitting the secondary encrypted data to a server for decryption.

As a further improvement of the technical solution, the user behavior data include, but are not limited to, login time, location information, and device type.

As a further improvement of the technical scheme, the unique key is generated based on the user behavior data, and the collected user behavior data is subjected to standardized processing; the preprocessed data are connected in series according to a certain format; and applying a hash function to the serially connected data to generate a hash value with a fixed length as a unique key.

As a further improvement of the technical scheme, the unique key is used for carrying out preliminary encryption processing on the campus card ID information by using a symmetric encryption algorithm to generate preliminary encrypted data, wherein the encryption preparation steps are as follows:

Encryption initialization: selecting AES as a symmetric encryption algorithm;

Key preparation: adjusting the unique key generated in the step S2 through a key expansion method to adapt to an AES-bit encryption standard;

Encryption process: the campus card ID information is regarded as a plaintext ID; in AES encryption, a plaintext ID is divided into data blocks of a fixed size;

AES encryption is performed: AES encryption of a plaintext ID with a unique key involves multiple rounds of byte substitution, row shifting, column confusion, and round-key operations.

As a further improvement of the present technical solution, the AES encryption process includes multiple rounds of byte substitution, row shifting, column confusion, and round-key addition operations, including:

Byte substitution: replacing each byte by a lookup table to realize nonlinear variation;

line shifting: performing row rotation operation on the data block, wherein the first row is kept unchanged, and each row rotates a specific byte number leftwards according to the row number of the first row;

Column confusion: performing a specific mathematical operation on the four bytes of each column, equivalent to performing a polynomial multiplication over a finite field, to mix each column;

Round key adding: performing exclusive OR operation on the expanded round key and the data block, wherein different round keys are used for each round of processing;

the encryption round is repeated: taking the four steps as one round, and performing multi-round processing to complete the whole encryption process;

Outputting preliminary encryption data: after the multiple rounds of processing, the finally obtained data block is encrypted campus card ID information and is primary encrypted data.

As a further improvement of the technical scheme, the step of performing secondary encryption processing by using an asymmetric encryption algorithm based on the primary encryption data to generate secondary encryption data is as follows:

obtaining a server public key: obtaining an RSA public key of the server by directly downloading from the server, wherein the public key exists in a digital certificate form;

Performing secondary encryption: using RSA as an asymmetric encryption algorithm, when RSA encryption is performed, data is represented as an integer, and encryption operations are completed using exponents and modulo values in a public key, as follows:

the data represents: converting the primary encrypted data into an integer m, the conversion being limited by the size of the RSA public key modulo n, where m < n;

Encryption operation: the encryption operation is completed through a modular exponentiation operation formula C=m ^e mod n, wherein C is asymmetrically encrypted data, and is secondarily encrypted data; e is part of the RSA public key, called public key exponent; n is a modulus, also part of the RSA public key, derived from the product of two prime numbers.

As a further improvement of the technical scheme, the modular exponentiation calculation is optimized through a rapid exponentiation algorithm, and the specific steps are as follows:

Binary decomposition: representing the exponent e as binary form;

initializing: setting a result variable result=1, and maintaining a current value variable current=m;

binary representation of traversal index: starting from the lowest order bit, for each binary bit of exponent e, there is the following specific update:

if the current bit is, update result= (result current) mod n;

Regardless of the current bit, update current= (current ²) mod n for the next round of cycles;

Move to the next binary bit until all bits are processed.

Compared with the prior art, the invention has the beneficial effects that:

1. the data processing method for the campus ID card combines the symmetric encryption and the asymmetric encryption algorithm, thereby creating a multi-layer security protection system, obviously improving the security of data in the transmission and storage processes, using AES symmetric encryption to encrypt a large amount of data in a rapid and safe way with high encryption and decryption speed and lower calculation resource requirement, and ensuring the confidentiality of information even in a scene with limited resources; meanwhile, by adopting the unique key generated based on the user behavior data for encryption, the complexity and individuation of an encryption scheme are increased, so that an attacker can hardly crack the data of other users even if acquiring a certain part of data, because the encryption key of each user data is unique and irregularly and circularly available; in addition, by the double encryption mechanism of the symmetric encryption and the subsequent asymmetric encryption (such as RSA) of the initial data, the data security is further enhanced, and especially in the data transmission process, the data can be effectively protected even in a public network environment, and the risks of man-in-the-middle attack and the like are prevented.

2. Another great advantage of the data processing method for campus ID cards is that the efficiency of asymmetric encryption operations is significantly improved by modular exponentiation optimized with a fast exponentiation algorithm, especially when large data blocks are processed; the rapid power algorithm greatly reduces the operation times required by calculating modular powers through binary decomposition technology and iterative squaring operation, thereby reducing the time complexity of asymmetric encryption in practical application, which means that the high-level security can be ensured, and the high efficiency and the response speed of the system are ensured, and the method is particularly suitable for scenes needing to process a large number of encryption operations, such as campus ID card systems. In this way, protection of campus ID information is not only enhanced at a technical level, but also provides a solution that is both efficient and safe in coping with increasingly complex network security challenges, effectively balancing the relationship between security and performance.

Drawings

FIG. 1 is a schematic diagram of the method steps of the present invention.

Detailed Description

The following description of the embodiments of the present invention will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are only some, but not all embodiments of the invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.

Referring to fig. 1, the present invention provides a technical solution: the data processing method for the campus ID card comprises the following method steps:

S1, receiving campus card ID information and user behavior data input by a user;

s2, generating a unique key based on the user behavior data;

S3, performing primary encryption processing on the campus card ID information by using the unique key through a symmetric encryption algorithm to generate primary encryption data;

S4, performing secondary encryption processing on the primary encrypted data by using an asymmetric encryption algorithm, generating secondary encrypted data, and transmitting the secondary encrypted data to a server for decryption.

The method specifically comprises the following steps:

s1, receiving campus card ID information and user behavior data input by a user, wherein the method specifically comprises the following steps:

a user inputs campus card ID information through a client device;

The client automatically collects user behavior data at the same time, including but not limited to login time, location information, device type, etc.

S2, generating a unique key based on the user behavior data, and carrying out standardized processing on the collected user behavior data (login time, position information, equipment type and the like); the preprocessed data are connected in series according to a certain format; applying a hash function to the concatenated data to generate a hash value of a fixed length as a unique key, such as:

Data preprocessing: the user behavior data that is assumed to be collected includes: login time: t is a T; position information: l (can be represented by longitude and latitude as l= (Lat, lon)); device type: d, a step of performing the process; for time T, it is converted to a representation of the number of milliseconds since 1 month 1 day 1970; for the position information L, a numerical representation of longitude and latitude is directly used; the device type D is represented by a specific code number;

Data concatenation: the preprocessed data are concatenated in a format such as: s=t|l|d, where|is a field separator, if the login time t= 1609459200000 (2021, 1 month, 1 day, 00:00 milliseconds), the location l= (34.052235, -118.243683), the device type d=1 (assuming 1 represents a smartphone), the resulting concatenation string S is as follows: s=1609459200000|34.052235, -118.243683|1;

hash operation: performing hash operation on S by using a hash function to obtain a hash value H, and selecting SHA-256 as the hash function, wherein the hash value H is expressed as: h=sha-256 (S); and uses it as a unique key.

Through the above-described process, the unique key generated based on the user behavior data ensures the uniqueness and security of each key due to the uniqueness of the input data. This approach not only relies on the user's specific behavioral data to generate the key, but also ensures the dynamics and difficult predictability of the generated key because the data is different each time.

S3, performing preliminary encryption processing on the campus card ID information by using the unique key through a symmetric encryption algorithm to generate preliminary encrypted data, wherein the method specifically comprises the following steps of:

encryption initialization: AES was chosen as the symmetric encryption algorithm because it provides strong security and is widely used in a variety of encryption scenarios;

key preparation: adjusting the unique key generated in the step S2 through a key expansion method to adapt to an AES-256 bit encryption standard;

Encryption process: the campus card ID information is regarded as a plaintext ID; in AES encryption, the plaintext needs to be split into fixed-size blocks of data, assuming that the ID has met this requirement or has undergone the necessary padding.

AES encryption is performed: AES encryption is carried out on the plaintext ID by using a unique key, and the encryption process comprises multiple rounds of byte replacement, row shift, column confusion and round key adding operation, and the encryption process comprises the following specific steps:

Byte substitution: replacing each byte by a lookup table to realize nonlinear variation;

line shifting: performing row rotation operation on the data block, wherein the first row is kept unchanged, and each row rotates a specific byte number leftwards according to the row number of the first row;

Column confusion: performing a specific mathematical operation on the four bytes of each column, equivalent to performing a polynomial multiplication over a finite field, to mix each column;

Round key adding: performing exclusive OR operation on the expanded round key and the data block, wherein different round keys are used for each round of processing;

The encryption round is repeated: taking the four steps as one round, and performing multiple rounds of processing on the AES-256 to complete the whole encryption process;

outputting preliminary encryption data: after the multiple rounds of processing, the finally obtained data block is the encrypted campus card ID information, namely the primary encrypted data.

Through the above process, the campus card ID information ID is securely encrypted as preliminary encrypted data, and this encryption process ensures that only the entity having the corresponding key H can decrypt, thereby effectively protecting the security and privacy of the data during storage and transmission.

Example data: campus card ID information (plaintext ID): "1234567890123456";

unique key: "abcdefghabcdefghabcdefghabcdefgh" (ensuring a length of 32 bytes, applicable to AES-256)

Encryption process: assuming we use AES-256, the following is a schematic of each step (not including all AES details):

Key expansion: performing key expansion on the unique key to generate a plurality of round keys for different encryption rounds;

Initial wheel: exclusive or (XOR) operating the campus card ID with the initial round key (from the extended first set of keys);

the following step 14 rounds are repeated (the last round ignores column confusion):

byte substitution: each byte is replaced by an S-box, e.g., byte '1' (ASCII value 49) is replaced by a corresponding value in the S-box;

line shifting: the first row does not move, the second row moves 1 bit, the third row moves 2 bits, and the fourth row moves 3 bits;

column confusion (except for the last round): applying a fixed polynomial confusion for each column;

Round key adding: exclusive-or operation is carried out on the data block and the secret key of the corresponding round.

Encrypted output (primary encrypted data): assume that the data is "A0C1B2D3E4F59876 …" (hexadecimal representation); in addition, decryption requires the same key and reverse order of steps, each using the reverse operation.

S4, performing secondary encryption processing on the primary encrypted data by using an asymmetric encryption algorithm, generating secondary encrypted data, and sending the secondary encrypted data to a server, wherein the method specifically comprises the following steps:

Obtaining a server public key: obtaining the RSA public key of the server through a secure channel (e.g. downloaded directly from the server or obtained through a trusted certificate authority CA), the public key being in the form of a digital certificate;

Performing secondary encryption: using RSA as an asymmetric encryption algorithm, when RSA encryption is performed, data is represented as an integer, and encryption operations are completed using exponents and modulo values in a public key, as follows:

The data represents: firstly, primary encrypted data needs to be converted into an integer m, the conversion process is limited by the size of an RSA public key module n, wherein m is less than n, and the conversion process is satisfied by sectionally encrypting large-scale data;

Encryption operation: the encryption operation is completed through a modular exponentiation operation formula C=m ^e mod n, wherein C is asymmetrically encrypted data, namely, secondarily encrypted data; e is part of the RSA public key, called public key exponent; n is a modulus, also part of the RSA public key, derived from the product of two prime numbers.

Because the bottom calculation process of modular exponentiation is not directly carried out after m ^e is calculated and then n is subjected to modulo operation, the method is low in efficiency and can possibly cause data overflow problem in calculation, and then the process is optimized by adopting a fast exponentiation algorithm which is an effective method for calculating a ^b mod n and is particularly suitable for being applied to large number operations such as RSA encryption, the basic idea of the algorithm is to decompose exponent operation into a series of square sum multiplication operations, and the calculation steps are reduced by means of binary representation of the exponent, and the specific steps are as follows:

binary decomposition: first, the exponent e is expressed as a binary form, e.g., if e=13, then its binary form is 1101, meaning e=2ζ3+2ζ2+2ζ0;

initializing: setting a result variable result=1, and maintaining a current value variable current=m;

binary representation of traversal index: starting from the lowest order bit, for each binary bit of exponent e, there is the following specific update:

If the current bit is 1, update result= (result current) mod n;

Regardless of the current bit, update current= (current ²) mod n is used for the next round of looping (equivalent to squaring radix);

Move to the next binary bit until all bits are processed.

Examples: m ⁵ mod n, where m and n are known, and the binary form of 5 is 101; initializing result=1, current=m, and processing from right to left because the binary form of 5 is 101:

the first bit (lowest bit) is 1, update result= (result current) mod n;

The second bit is 0, then not updating result, update current= (current ²) mod n;

the third bit is 1: again update result= (result current) mod n, at the same time, current= (current ²) mod n per step, until all binary bits have been traversed.

The fast power algorithm optimizes the process by reducing the number of multiplications necessary, which makes it particularly suitable for large number operations, such as used in RSA encryption and other key exchange protocols, which significantly reduces the computational complexity and increases the efficiency of the algorithm execution.

And finally, sending the secondary encrypted data to a server for decryption.

The foregoing has shown and described the basic principles, principal features and advantages of the invention. It will be understood by those skilled in the art that the present invention is not limited to the above-described embodiments, and that the above-described embodiments and descriptions are only preferred embodiments of the present invention, and are not intended to limit the invention, and that various changes and modifications may be made therein without departing from the spirit and scope of the invention as claimed. The scope of the invention is defined by the appended claims and equivalents thereof.

Claims (7)

1. The data processing method for the campus ID card is characterized by comprising the following steps:

S1, receiving campus card ID information and user behavior data input by a user;

s2, generating a unique key based on the user behavior data;

S3, performing primary encryption processing on the campus card ID information by using the unique key through a symmetric encryption algorithm to generate primary encryption data;

S4, performing secondary encryption processing on the primary encrypted data by using an asymmetric encryption algorithm, generating secondary encrypted data, and transmitting the secondary encrypted data to a server for decryption.

2. The data processing method for a campus ID card of claim 1, wherein the user behavior data includes, but is not limited to, login time, location information, device type.

3. The data processing method for a campus ID card according to claim 1, wherein the unique key is generated based on user behavior data by performing a normalization process on the collected user behavior data; the preprocessed data are connected in series according to a certain format; and applying a hash function to the serially connected data to generate a hash value with a fixed length as a unique key.

4. The data processing method for the campus ID card according to claim 1, wherein the primary encryption processing is performed on the campus card ID information using a symmetric encryption algorithm using a unique key, and primary encrypted data is generated, wherein the encryption preparation step is as follows:

Encryption initialization: selecting AES as a symmetric encryption algorithm;

key preparation: adjusting the unique key generated in the step S2 through a key expansion method to adapt to an AES-256 bit encryption standard;

Encryption process: the campus card ID information is regarded as a plaintext ID; in AES encryption, a plaintext ID is divided into data blocks of a fixed size;

AES encryption is performed: AES encryption of a plaintext ID with a unique key involves multiple rounds of byte substitution, row shifting, column confusion, and round-key operations.

5. The data processing method for campus ID card of claim 4, wherein the AES encryption process comprises multiple rounds of byte substitution, row shifting, column confusion, and round-key operations, specifically comprising:

Byte substitution: replacing each byte by a lookup table to realize nonlinear variation;

line shifting: performing row rotation operation on the data block, wherein the first row is kept unchanged, and each row rotates a specific byte number leftwards according to the row number of the first row;

Column confusion: performing a specific mathematical operation on the four bytes of each column, equivalent to performing a polynomial multiplication over a finite field, to mix each column;

Round key adding: performing exclusive OR operation on the expanded round key and the data block, wherein different round keys are used for each round of processing;

the encryption round is repeated: taking the four steps as one round, and performing multi-round processing to complete the whole encryption process;

Outputting preliminary encryption data: after the multiple rounds of processing, the finally obtained data block is encrypted campus card ID information and is primary encrypted data.

6. The data processing method for campus ID card according to claim 1, wherein the step of performing the secondary encryption processing using the asymmetric encryption algorithm based on the primary encrypted data, generating the secondary encrypted data is as follows:

obtaining a server public key: obtaining an RSA public key of the server by directly downloading from the server, wherein the public key exists in a digital certificate form;

Performing secondary encryption: using RSA as an asymmetric encryption algorithm, when RSA encryption is performed, data is represented as an integer, and encryption operations are completed using exponents and modulo values in a public key, as follows:

the data represents: converting the primary encrypted data into an integer m, the conversion being limited by the size of the RSA public key modulo n, where m < n;

Encryption operation: the encryption operation is completed through a modular exponentiation operation formula C=m ^e mod n, wherein C is asymmetrically encrypted data, and is secondarily encrypted data; e is part of the RSA public key, called public key exponent; n is a modulus, also part of the RSA public key, derived from the product of two prime numbers.

7. The data processing method for campus ID card according to claim 6, wherein the modular exponentiation calculation is optimized by a fast exponentiation algorithm, and the specific steps are as follows:

Binary decomposition: representing the exponent e as binary form;

initializing: setting a result variable result=1, and maintaining a current value variable current=m;

binary representation of traversal index: starting from the lowest order bit, for each binary bit of exponent e, there is the following specific update:

If the current bit is 1, update result= (result current) mod n;

Regardless of the current bit, update current= (current ²) mod n for the next round of cycles;

Move to the next binary bit until all bits are processed.