KR101678182B1 - Method of encryption and decryption - Google Patents

Abstract

In the encryption method, the token ciphertexts encrypting all the numeric digits of N to (N + M) digits and the token ciphers corresponding to each of the numeric digits of the N to (N + M) A length of a division window is determined to be less than or equal to the number of digits of the original numeric string and equal to or greater than N digits and equal to or less than (N + M) digits, and a division window Generates a partial token corresponding to the partial numeric string included in the partition window in the original numeric string based on the token image file, generates a temporary numeric string by replacing the partial numeric string with the partial token in the original numeric string, Moving the split window one by one in the second lateral direction until the split window reaches the second side end of the temporary string of numbers, Updating the temporary numeric string by replacing the partial numeric string with the partial token in the temporary numeric string, setting the segmentation window at the first side end of the temporary numeric string, generating the token corresponding to the token Generates a partial token corresponding to the partial numeric string included in the partition window in the temporary numeric string based on the image file, and substitutes the partial numeric string into the partial numeric string in the temporary numeric string to output as the security token corresponding to the original numeric string.

Description

METHOD OF ENCRYPTION AND DECRYPTION [0002]

The present invention relates to an encryption method and a decryption method, and more particularly, to a method of encrypting a numeric string or character string and a method of decrypting an encrypted numeric string or character string.

When the field management system encrypts field data in a table using a general encryption algorithm, the original data has a text format composed of strings, whereas the encrypted data is a binary format composed of binary numbers . Thus, encrypted data can not be stored in the original table without changing the type and length of each field in the table.

Tokenization techniques are known as techniques for encrypting original text data without changing the format and length of the original text data. In order to generate tokens that are mapped on a one-to-one basis with the original data in the application, it is necessary to provide original text data to a separate token server and receive a token corresponding to the original text data from the token server.

Since the data communication is performed between the application and the token server in the process of generating the token, when the token is generated for a large amount of data, there is a problem that the operation speed of the application is slowed due to the communication overhead between the application and the token server . In addition, when the token server fails, the application can not perform the encryption operation.

Accordingly, it is an object of the present invention to reduce a communication overhead between an application and a token server in an encryption process and a decryption process, to perform an encryption / decryption operation even when a token server fails, And to provide tokens that are not similar to each other even for strings, and a decoding method therefor.

In order to achieve the above object, according to an embodiment of the present invention, there is provided an encryption method comprising: encrypting N * (N + M) ) Token image file that associates and stores the token ciphertexts encrypted with the tokens corresponding to each of the digit strings of the (N + 1) th digit, and generates a token image file that is smaller than or equal to N digits and smaller than or equal to (N + M) Determining a length of the partition window so as to have a length corresponding to a partial numeric string included in the partition window, setting the partition window at a first side end of the original numeric string, Generating a token, replacing the partial numeric string with the partial token in the original numeric string to generate a temporary numeric string, A partial token corresponding to a partial number sequence included in the partition window in the temporary number sequence is generated based on the token image file while moving the partition window one by one in the second lateral direction until reaching the side end , The temporary number column is replaced with the partial token to update the temporary number column in the temporary number column, the partition window is set to the first side end of the temporary number column, Generates a partial token corresponding to the partial numeric string included in the partition window in the numeric string, and replaces the partial numeric string with the partial numeric string in the temporary numeric string to output as a security token corresponding to the original numeric string.

In one embodiment, the step of determining the length of the partition window may include determining the length of the partition window to be (N + M) digits when the number of digits in the original numeric string is (N + M) And determining the length of the partition window as the number of digits of the original numeric string when the number of digits in the original numeric string is less than (N + M) digits.

In one embodiment, the partial token corresponding to the partial number sequence included in the partitioning window may correspond to a numerical sequence of the same number as the length of the partitioning window.

In one embodiment, generating the token image file comprises generating K-block tokens corresponding to each of all the digit strings of K (K is an integer equal to or greater than N + M) Generating K-block token ciphertexts by encrypting each of the K number of digit strings; generating K-block token ciphertexts by encrypting each of the K-block tokens; Block token ciphertexts in ascending order based on the K-block token ciphertext to generate K-block pairs, generating serial numbers representing the order of the K- Block cipher texts in the ascending order based on the K-block original text ciphertexts included in the pairs, and generating the K-block cipher pairs and the K- It may comprise the step of storing as a file.

Each of the K-block text ciphertexts and the K-block token ciphertexts may have a text format.

Generating the K-block source text ciphertexts by encrypting each of the K digits of all the digit strings comprises generating K-block temporary text ciphertexts by applying an encryption algorithm to each of the K digits of all the digit strings And generating the K-block text ciphertexts by applying a BASE64 algorithm to each of the K-block temporary text ciphertexts, wherein each of the K-block tokens is encrypted to generate the K-block token ciphertexts Block temporary token ciphertexts by applying the encryption algorithm for each of the K-block tokens, and applying the BASE64 algorithm to each of the K-block temporary token ciphertexts to generate the K- And generating block token ciphertexts.

Each of the K-block tokens may include a K digit string.

Wherein the step of generating the partial token corresponding to the partial number sequence comprises the steps of generating the partial numeric string cipher text by encrypting the partial numeric string, reading the partial token cipher text corresponding to the partial numeric string cipher text from the token image file And decrypting the partial token ciphertext to generate the partial token.

Wherein the step of reading the partial token ciphertext corresponding to the partial numeric string cipher text from the token image file comprises the steps of: determining the number of digits in the partial numeric string corresponding to the partial numeric string cipher text; Block pair including the K-block text cipher text that matches the partial number column cipher text among the K-block pairs based on the K-block cipher index included in the token image file And reading the K-block token ciphertext included in the matched K-block pair as the partial token ciphertext.

The step of determining the matching K-block pair comprises: applying a binary search algorithm to the K-block cipher pair and the K-block pairs to determine whether the K- Block pair including the K-block original text ciphertext.

In order to achieve the above object, according to an embodiment of the present invention, there is provided a method of decrypting text in which N ~ (N + M) ) To generate a token image file that associates and stores token ciphertexts encrypted with tokens corresponding to each of the digit strings of the (N + 1) th digit, and generates a token image file that is smaller than or equal to N digits of the security token, Determining a length of the partition window to have a length of the security token, setting the partition window at a first side end of the security token, and generating a partial number corresponding to the partial token included in the partition window in the security token based on the token image file Generating a temporary number sequence by replacing the partial token with the partial token sequence in the security token and generating a temporary number sequence at the second side end of the temporary sequence of numbers; Generating a partial number sequence corresponding to a partial token included in the partition window in the temporary number sequence based on the token image file and replacing the partial token with the partial number sequence in the temporary number sequence, Updating the numeric column and moving the partition window one position in the first lateral direction until the partition window reaches the first side edge of the temporary numeric column, Generating a partial numeric string corresponding to a partial token included in the partition window, updating the temporary numeric string by replacing the partial token with the partial numeric string in the temporary numeric string, As the original numeric string corresponding to "

In order to achieve the object of the present invention, there is provided an encryption method according to an embodiment of the present invention. In the encrypting method, the N + (N + M) A token image file for associating and storing token ciphertexts encrypted with tokens corresponding to each of all the strings of the digits, and generating a token image file having a length less than or equal to N digits and less than or equal to N + M digits Determining a length of the partition window to have the partition window to have the partition window, setting the partition window at the first side end of the original character string, and generating a partial token corresponding to the partial string included in the partition window in the original character string based on the token image file And generating a temporary string by replacing the partial string with the partial token in the original text string, Generating a partial token corresponding to the partial string included in the partitioned window in the temporary string based on the token image file while moving the partitioned window one by one in the second lateral direction until reaching the side end, Updating the temporary string by replacing the partial string with the partial token in the temporary string, setting the partition window at the first side end of the temporary string, and extracting the partial string from the temporary string based on the token image file, Generates a partial token corresponding to the partial string included in the window, replaces the partial string with the partial token in the temporary string, and outputs the partial token as a security token corresponding to the original character string.

In order to achieve the above object, according to an embodiment of the present invention, there is provided a method of decrypting text in which N ~ (N + M) (N + M) digits less than or equal to the number of digits of the security token, and the length of the token image file is greater than or equal to N digits Determining a length of the partition window to have the partition window to be partitioned, setting the partition window at a first side end of the security token, and generating a substring corresponding to the partial token included in the partition window in the security token based on the token image file And generating a temporary string by replacing the partial token with the partial token in the security token and setting the partition window at the second side of the temporary string And generates a substring corresponding to a partial token included in the partition window in the temporary string based on the token image file and updates the temporary string by replacing the partial token with the substring in the temporary string , The partition window is moved in the first lateral direction by one position until the partition window reaches the first side end of the temporary character string, and is included in the partition window in the temporary character string based on the token image file Generates a partial string corresponding to the partial token, updates the temporary string by replacing the partial token with the partial string in the temporary string, and outputs the temporary string as the original text string corresponding to the security token.

According to the encryption method and the decryption method according to the embodiments of the present invention, it is not necessary to perform data communication with the token server during the encryption and decryption processes, so that the encryption / decryption rate can be improved, and even when a failure occurs in the token server The encryption / decryption operation can be continuously performed, and security tokens that are not similar to each other with respect to successive original text strings or strings can be generated, thereby improving security.

1 is a flowchart illustrating an encryption method according to an embodiment of the present invention.
2 is a block diagram illustrating an encryption / decryption system according to an embodiment of the present invention.
3 is a flowchart showing an example of a step of generating the token image file of FIG.
4 is a view for explaining an example of a step of generating the token image file of FIG.
5 is a diagram showing an example of a token image file.
FIG. 6 is a diagram for explaining an encryption operation of an application server included in the encryption / decryption system of FIG. 2. FIG.
7 is a flowchart showing an example of a step of generating a partial token corresponding to the partial number sequence of FIG.
8 is a flowchart illustrating a decoding method according to an embodiment of the present invention.
FIG. 9 is a diagram for explaining a decryption operation of an application server included in the encryption / decryption system of FIG. 2. FIG.
10 is a flowchart showing an example of a step of generating a partial digit sequence corresponding to the partial token of FIG.

For the embodiments of the invention disclosed herein, specific structural and functional descriptions are set forth for the purpose of describing an embodiment of the invention only, and it is to be understood that the embodiments of the invention may be practiced in various forms, The present invention should not be construed as limited to the embodiments described in Figs.

The present invention is capable of various modifications and various forms, and specific embodiments are illustrated in the drawings and described in detail in the text. It is to be understood, however, that the invention is not intended to be limited to the particular forms disclosed, but on the contrary, is intended to cover all modifications, equivalents, and alternatives falling within the spirit and scope of the invention.

The terms first, second, etc. may be used to describe various components, but the components should not be limited by the terms. The terms may be used for the purpose of distinguishing one component from another. For example, without departing from the scope of the present invention, the first component may be referred to as a second component, and similarly, the second component may also be referred to as a first component.

It is to be understood that when an element is referred to as being "connected" or "connected" to another element, it may be directly connected or connected to the other element, . On the other hand, when an element is referred to as being "directly connected" or "directly connected" to another element, it should be understood that there are no other elements in between. Other expressions that describe the relationship between components, such as "between" and "between" or "neighboring to" and "directly adjacent to" should be interpreted as well.

The terminology used in this application is used only to describe a specific embodiment and is not intended to limit the invention. The singular expressions include plural expressions unless the context clearly dictates otherwise. In the present application, the terms "comprise", "having", and the like are intended to specify the presence of stated features, integers, steps, operations, elements, components, or combinations thereof, , Steps, operations, components, parts, or combinations thereof, as a matter of principle.

Unless otherwise defined, all terms used herein, including technical or scientific terms, have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. Terms such as those defined in commonly used dictionaries should be construed as meaning consistent with meaning in the context of the relevant art and are not to be construed as ideal or overly formal in meaning unless expressly defined in the present application .

Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings. The same reference numerals are used for the same constituent elements in the drawings and redundant explanations for the same constituent elements are omitted.

1 is a flowchart illustrating an encryption method according to an embodiment of the present invention.

Referring to FIG. 1, in the encryption method according to the present invention, there are provided original text ciphertexts in which all numeric digits of N digits to (N + M) digits are encrypted and all numeric digits of N digits to (N + M) (Step S100). The token image file is stored in association with the token ciphertexts encrypted with the corresponding tokens. Here, N and M represent positive integers.

For example, if N is 3 and M is 2, all three-digit numeric sequences including 000 to 999, all four-digit sequences including 0000 to 9999, and five to 00000 to 99999 Generates the tokens corresponding to each of the digit strings of the place, generates the original text ciphertexts encrypting all the digit strings of the three digits, all the digit strings of the four digits, and all the digit strings of the five digits Encrypts the tokens corresponding to each of the three-digit numeric strings, all four-digit strings, and all five-digit strings to generate the token ciphertexts, The token ciphertexts can be associated with each other and stored as the token image file.

In one embodiment, the tokens corresponding to each of the N digits to (N + M) digit strings may be generated through the token server.

The original text ciphertexts and the token ciphertexts may be generated using various encryption algorithms.

Thereafter, the length of the partition window is determined to be less than or equal to the number of digits of the original text string to be encrypted, and to have a length of N digits or more and (N + M) digits or less (step S200).

In one embodiment, the length of the partition window is determined to be (N + M) digits when the number of digits in the original numeric string is not less than (N + M) , The length of the division window can be determined as the number of digits of the original numeric string.

For example, if the original numeric string is a seven-digit string, N is 3, and M is 2, the length of the split window is (N + M) ) Digit, that is, five digits.

Then, the division window is set at a first side end of the original numeric string, a partial token corresponding to a partial numeric string included in the division window is generated in the original numeric string based on the token image file, The partial number string is replaced with the partial token to generate a temporary number string (step S300). Here, the first side may be on the left side. As described later, the partial token corresponding to the partial number string included in the partitioning window may correspond to a numerical string having the same length as the length of the partitioning window.

Thereafter, while moving the partition window one by one in the second lateral direction until the partition window reaches the second side end of the temporary number column, the temporary window is shifted from the temporary number column to the partition window based on the token image file Generates a partial token corresponding to the partial numeric string included therein, and updates the temporary numeric string by replacing the partial numeric string with the partial token in the temporary numeric string. Here, the second side may be the right side.

For example, after step S300, it is determined whether the division window is located at the second side end of the temporary number string (step S400). If the division window is not located at the second side end of the temporary number string (Step S400; NO), the partitioning window is shifted by one position in the second lateral direction of the temporary number string (step S500), and the partial number included in the partitioning window in the temporary number string based on the token image file (Step S600) of generating the partial token corresponding to the column and replacing the partial number column with the partial token in the temporary number column to update the temporary number column.

If the partition window reaches the second side end of the temporary number string (step S400; YES), the partitioning window is reset at the first side end of the temporary number string, and the temporary number A partial token corresponding to a partial number string included in the partition window in the column, and the partial number string is replaced with the partial token in the temporary number string to update the temporary string, As a security token corresponding to the original numeric string (step S700).

As described above, according to the encryption method of the present invention, after the token image file is generated in advance using the token server, the original text string is encrypted using the previously generated token image file, . In this way, since there is no need to perform data communication with the token server in the encryption process for the original numeric string, the encryption speed can be improved and the encryption operation can be continuously performed even when the token server fails.

According to the encrypting method of the present invention, the partition window is moved from the first side end to the second side end by one digit in the original numeric string, and is included in the partition window based on the token image file Repeatedly performing a process of generating a partial token corresponding to the partial digit sequence and replacing the partial digit sequence with the partial token, and finally, resetting the partition window to the first side end, Generates a partial token corresponding to a partial number string included in the partitioning window, and substitutes the partial number string with the partial token to generate the security token. Therefore, it is difficult to deduce the original numeric sequences through the security tokens because they generate security tokens that are not similar to each other in succession of original numeric sequences. Therefore, the security of the encryption method according to the present invention can be further improved.

2 is a block diagram illustrating an encryption / decryption system according to an embodiment of the present invention.

The encryption method of FIG. 1 may be performed through the encryption / decryption system 10 shown in FIG.

Hereinafter, the encryption method of FIG. 1 performed by the encryption / decryption system 10 will be described in detail with reference to FIGS. 1 and 2. FIG.

Referring to FIG. 2, the encryption / decryption system 10 includes an application server 100 and a token server 200.

The application server 100 uses the token server 200 at the beginning of the operation to transmit the original text ciphertexts and all of the N digits to (N + M) digits, which are all the N digits to (N + M) A token image file (TIF) 110 for associating and storing the token ciphertexts encrypted with the tokens corresponding to the respective numeric strings, respectively, at step S100.

FIG. 3 is a flowchart illustrating an example of a step of generating a token image file of FIG. 1, and FIG. 4 is a diagram illustrating an example of a step of generating a token image file of FIG.

2 to 4, the application server 100 generates the K-block tokens (K-TK) corresponding to each of the K numbered K-NS number sequences using the token server 200 (Step S110). Here, K represents an integer equal to or greater than N (N + M).

2, the application server 100 provides all the K digits of the K digits K-NS to the token server 200, and the token server 200 provides the application server 100 with the K- K-block tokens (K-TK) mapped on a one-to-one basis with each of the K digits of all the K digits received from the server 100 and provides the K-block tokens K-TK to the application server 100.

For example, if N is 3 and M is 2, the application server 100 uses the token server 200 to generate three-block tokens that are mapped on a one-to-one basis with each of the three digit strings, Block tokens that are mapped on a one-to-one basis with all four-digit numeric strings using the server 200, and generates a 4-block token, which is mapped on a one-to-one basis with each of the five digit numeric strings using the token server 200 - You can create block tokens.

FIG. 4 exemplarily shows a case where K is 3, and 3 (k-1), which is mapped on a one-to-one basis with all three-digit numerical strings (K-NS) including 000 to 999 and all three- Block tokens (K-TK) are shown.

4, the K-block tokens K-TK generated from the token server 200 and provided to the application server 100 are in the same format as the K-digit strings K-NS, Can have the same length. That is, each of the K-block tokens (K-TK) may include a K digit string.

The application server 100 generates K-block original text ciphertexts (K-PED) (step S120) by encrypting each of the K numbered K-number strings K-NS, ) To generate K-block token ciphertexts (K-TED) (step S130).

In one embodiment, the application server 100 generates K-block temporary textual ciphertexts by applying an encryption algorithm to each of the K numbered K-NS digit strings K-NS, and the K-block temporary textual ciphertexts K-block original text ciphertexts (K-PED) can be generated by applying the BASE64 algorithm to each. Also, the application server 100 generates K-block temporary token ciphertexts by applying the encryption algorithm to each K-block token K-TK, and for each K-block temporary token ciphertext, Block token ciphertexts (K-TED).

Thus, as shown in FIG. 4, each of the K-block original text ciphertexts (K-PED) and the K-block token ciphertexts (K-TED) may have a text format including a character string.

The K-block temporary text ciphertexts and the K-block temporary token ciphertexts may be generated using various encryption algorithms such as 3DES, AES, RSA, and national standards such as SEED, ARIA, and the like.

Subsequently, the application server 100 sends pairs of K-block text ciphertexts (K-PED) and K-block token ciphertexts (K-TED) corresponding to each other to the K-block token ciphertext K-block pairs (K-PAIR) can be generated in ascending order (step S140).

The K-block pairs (K-PAIR) may be assigned a serial number (K-SER) in the ordered order.

The application server 100 sends serial numbers (K-SER) indicating the order of K-block pairs (K-PAIR) to K-block original text ciphertext (K-PED) contained in K- Block index K-IDX (step S150).

The application server 100 may then store the K-block pairs (K-PAIR) and the K-block secret index (K-IDX) as the token image file 110 (step S160).

The application server 100 repeatedly performs the operation as described with reference to Figs. 2 to 4 on all the numeric strings of (N + M) (N + M) -PAIR) and the N-block cipher indices (N-IDX) to (N + M) ) And store it as a token image file 110, as shown in FIG.

In this way, the application server 100 can generate the token image file 110 in advance using the token server 200 at the beginning of the operation.

Referring again to Figures 1 and 2, the application server 100 may load the pre-generated token image file 110 into memory and perform the encryption operation using the token image file 110. [

FIG. 6 is a diagram for explaining an encryption operation of an application server included in the encryption / decryption system of FIG. 2. FIG.

Hereinafter, the encryption operation of the application server 100 will be described with reference to Figs.

6, the application server 100 can determine the length of the partition window DW based on the number of digits of the original numeric string NS ("1234567" in FIG. 6) to be encrypted S200).

The length of the division window DW is determined to be (N + M) digits, and when the number of digits of the original numeric string NS is greater than (N + M) Is less than (N + M) digits, the length of the division window DW can be determined as the number of digits of the original numeric sequence NS.

For example, as shown in FIG. 6, when the original numeric string NS is a seven-digit string, N is 3 and M is 2, the digits of the original numeric string NS are (N + M) digits , The length of the division window DW can be determined to be (N + M) digits, that is, five digits.

6, the application server 100 sets the partition window DW at the end of the first side (shown on the left side in Fig. 6) of the original numeric string NS, and sets the partition window DW in the token image file 110 The partial token PTK ("54934" in FIG. 6) corresponding to the partial numeric string PNS ("12345" in FIG. 6) included in the partition window DW in the original numeric string NS, (Step S300).

7 is a flowchart showing an example of a step of generating a partial token corresponding to the partial number sequence of FIG.

Referring to FIGS. 6 and 7, the application server 100 may generate a partial numeric string cipher text PNS_E by encrypting a partial numeric string PNS (step S310).

At this time, in the process of generating the token image file 110, the application server 100 generates K-block original text ciphertexts (K-PED) by encrypting each K-digit number sequence K-NS , And K-block tokens (K-TK) to generate K-block token ciphertexts (K-TED) using the same algorithm as the encryption algorithm used to generate K-block token ciphertexts .

Subsequently, the application server 100 may read the partial token cipher text (PTK_E) corresponding to the partial numeric string cipher text (PNS_E) from the token image file 110 (step S320).

Specifically, the application server 100 can determine the number of digits of the partial numeric string (PNS) corresponding to the partial numeric string cipher text (PNS_E). For the example shown in FIG. 6, the partial numeric string PNS may be a five digit column.

The application server 100 sets the K-block password index (K-IDX) included in the token image file 110 to the K-block password index (K-IDX) when the partial numeric string PNS corresponding to the partial- Block pair including a K-block original text cipher text (K-PED) that matches a partial numeric string cipher text PNS_E among the K-block pairs (K-PAIR) included in the token image file 110 It can be judged.

In one embodiment, application server 100 applies a binary search algorithm to K-block cipher indices (K-IDX) and K-block pairs (K-PAIR) Block pair including the K-block original cipher text (K-PED) that matches the partial numeric cipher ciphertext (PNS_E) among the K-block pairs PAIR and PAIR.

The application server 100 may read the K-block token cipher text (K-TED) included in the matched K-block pair as the partial token cipher text (PTK_E).

The application server 100 can read the partial token cipher text (PTK_E) corresponding to the partial number cipher text PNS_E from the token image file 110 through the above-described operation.

Then, the application server 100 may generate a partial token (PTK) by decrypting the partial token cipher text (PTK_E) (step S330).

Thus, the partial token PTK may be a numeric string having the same length as the partial numeric sequence PNS.

Referring again to Figures 1 to 6, the application server 100 may generate a temporary string of numbers TNS by replacing the partial string of digits PNS with the partial token PTK in the original text string NS (step < RTI ID = 0.0 > S300).

Thereafter, the application server 100 can determine whether the partition window DW is located at the end of the second side of the temporary number string TNS (right side in Fig. 6) (step S400). 6, since the current partitioning window DW is not located at the second side end of the temporary number string TNS (step S400: No), the application server 100 temporarily stores the partition window DW as temporary (PNS) included in the partition window DW at the temporary numeric string TNS based on the token image file 110 (step S500), and moves one digit in the second lateral direction of the numeric string TNS ("86593" in the case of FIG. 6) corresponding to the partial digit sequence PNS ("49346 " in the case of FIG. 6) PTK) to update the temporary numeric string TNS (step S600).

Here, a partial token PTK corresponding to the partial numerical string PNS ("49346" in FIG. 6) included in the partition window DW in the temporary numeric string TNS based on the token image file 110, ("86593" in the case of FIG. 6) may be performed in the same manner as described with reference to FIG.

Thereafter, the application server 100 can determine whether the partition window DW is located at the end of the second side of the temporary number string TNS (right side in Fig. 6) (step S400). 6, since the current partitioning window DW is not located at the second side end of the temporary number string TNS (step S400: No), the application server 100 temporarily stores the partition window DW as temporary (PNS) included in the partition window DW at the temporary numeric string TNS based on the token image file 110 (step S500), and moves one digit in the second lateral direction of the numeric string TNS (In the case of FIG. 6, "89549") corresponding to the partial digit sequence PNS ("65937" in the case of FIG. 6) PTK) to update the temporary numeric string TNS (step S600).

Here, a partial token PTK corresponding to the partial numerical string PNS ("65937" in FIG. 6) included in the partition window DW at the temporary numeric string TNS based on the token image file 110, ("89549" in the case of FIG. 6) may be performed in the same manner as described with reference to FIG.

Thereafter, the application server 100 can determine whether the partition window DW is located at the end of the second side of the temporary number string TNS (right side in Fig. 6) (step S400). 6, since the current partitioning window DW is located at the second side end of the temporary number string TNS (step S400; YES), the application server 100 stores the partition window DW as a temporary number Is reset to the first side end of the column TNS and the partial number sequence PNS included in the partition window DW at the temporary number column TNS based on the token image file 110 60639 "in the case of FIG. 6) and replacing the partial numeric string PNS with the partial token PTK in the temporary numeric string TNS to generate the temporary number PTK (" 58895 " After updating the column TNS, the temporary numeric string TNS is replaced with a security token STK ("6063949" in Fig. 6) corresponding to the original numeric string NS ("1234567 " (Step S700).

Although the encryption operation according to the present invention has been described in the application server 100 in which the token image file 110 is generated, the token image file 110 can be copied to any other server , And any server having the token image file 110 can generate a security token (STK) corresponding to the original numeric sequence NS by performing the encryption operation as described above.

As described above with reference to Figs. 1 to 7, according to the encryption method of the present invention, the token image file 110 is generated in advance using the token server 200, To generate a security token (STK) by encrypting the original numeric string NS. In this manner, since there is no need to perform data communication with the token server 200 in the process of encrypting the original numeric string NS, the encryption speed can be improved, and even when a failure occurs in the token server 200, It can be done continuously.

According to the encrypting method of the present invention, the partition window DW is moved from the first side end to the second side end by one digit in the original numeric string NS, and based on the token image file 110, It repeatedly performs a process of generating a partial token PTK corresponding to the partial numeric string PNS included in the partition window DW and replacing the partial numeric string PNS with the partial token PTK, , Sets the partition window DW to the first side end and generates a partial token (PTK) corresponding to the partial number sequence PNS included in the partition window DW based on the token image file 110 And generates a security token (STK) by replacing the partial numeric string (PNS) with a partial token (PTK). Therefore, it is difficult to deduce the original numeric sequences NS through the security tokens STK since they generate security tokens (STK) that are not similar to each other with respect to successive original numeric sequences NS. Therefore, the security of the encryption method according to the present invention can be further improved.

8 is a flowchart illustrating a decoding method according to an embodiment of the present invention.

The decoding method of FIG. 8 can be performed through the encryption / decryption system 10 shown in FIG.

Referring to FIG. 8, in the decryption method according to the present invention, the application server 100 encrypts N digits to (N + M) digits, (Step S100). The token image file is stored in association with the token ciphertexts encrypted with the tokens corresponding to the respective numeric strings of the tokens.

The step S100 of generating the token image file shown in Fig. 8 may be performed in the same manner as the step S100 of generating the token image file shown in Fig.

The application server 100 may load the pre-generated token image file 110 into the memory and perform the decryption operation using the token image file 110. [

FIG. 9 is a diagram for explaining a decryption operation of an application server included in the encryption / decryption system of FIG. 2. FIG.

As shown in FIG. 9, the decryption method of FIG. 8 can be performed in the reverse order of the encryption method of FIG.

Hereinafter, the decoding operation of the application server 100 will be described with reference to Figs.

9, the application server 100 can determine the length of the partition window DW based on the number of digits of the security token (STK) ("6063949" in the case of FIG. 9) to be decrypted (step S201 ).

In one embodiment, if the number of digits of the security token (STK) is greater than or equal to (N + M), the length of the partition window DW is determined to be (N + M) N + M) digits, the length of the partition window DW can be determined as the number of digits of the security token (STK).

For example, as shown in FIG. 9, when the security token (STK) is a seven-digit sequence, N is 3 and M is 2, the digit number of the security token (STK) is (N + M) digits or more , The length of the division window DW may be determined to be (N + M) digits, that is, five digits.

9, the application server 100 sets a partition window DW at the end of the first side (shown on the left side in FIG. 9) of the security token (STK) ("58895" in FIG. 9) corresponding to the partial token PTK ("60639" in the case of FIG. 9) included in the partition window DW in the security token STK (Step S301).

10 is a flowchart showing an example of a step of generating a partial digit sequence corresponding to the partial token of FIG.

Referring to FIGS. 9 and 10, the application server 100 may generate a partial token cipher text (PTK_E) by encrypting the partial token (PTK) (step S311).

At this time, in the process of generating the token image file 110, the application server 100 generates K-block original text ciphertexts (K-PED) by encrypting each K-digit number sequence K-NS (PTK_E) using the same algorithm as the encryption algorithm used when encrypting each of the K-block tokens (K-TK) and K-block tokens (K-TK) have.

Then, the application server 100 may read the partial numeric string cipher text (PNS_E) corresponding to the partial token cipher text (PTK_E) from the token image file 110 (step S321).

Specifically, the application server 100 may determine the number of digits of the partial token (PTK) corresponding to the partial token cipher text (PTK_E). In the example shown in FIG. 9, the partial token (PTK) may be a five digit column.

When the partial token (PTK) corresponding to the partial token cipher text (PTK_E) is a K-digit sequence, the application server 100 selects the partial token ciphertext (K-PAIR) among the K-block pairs Block pair including the K-block token cipher text (K-TED) that matches the input K-block (PTK_E).

In one embodiment, the K-block pairs (K-PAIR) included in the token image file 110 are arranged in ascending order based on the K-block token cipher text (K-TED) Block token ciphertext (K-TED) that matches the partial token cipher text (PTK_E) in the K-block pairs (K-PAIR) by applying a binary search algorithm to the K- Block pair including the matching K-block.

The application server 100 may read the K-block original text cipher text (K-PED) included in the matched K-block pair as a partial numeric string cipher text PNS_E.

The application server 100 can read the partial numeric string cipher text PNS_E corresponding to the partial token cipher text PTK_E from the token image file 110 through the above operation.

Thereafter, the application server 100 may generate the partial numeric string PNS by decoding the partial numeric cipher text PNS_E (step S331).

Thus, the partial numeric sequence PNS may be a numeric sequence having the same length as the partial token PTK.

Referring again to Figures 1 to 9, the application server 100 may generate a temporary number sequence TNS by replacing the partial token PTK with the partial number sequence PNS in the security token STK (step S301 ).

Then, the application server 100 sets the partition window DW at the end of the second side of the temporary number string TNS (right side in FIG. 9), and creates a temporary string DW based on the token image file 110 TNS) generates a partial numerical string PNS ("65937" in Fig. 9) corresponding to the partial token PTK ("89549" in Fig. 9) included in the partition window DW, The temporary numeric string TNS may be updated by replacing the partial token PTK with the partial numeric string PNS in the numeric string TNS (step S401).

Here, the partial numerical string PNS corresponding to the partial token PTK ("89549" in FIG. 9) included in the partition window DW at the temporary numeric string TNS based on the token image file 110, ("65937" in the case of FIG. 9) may be performed in the same manner as described with reference to FIG.

Thereafter, the application server 100 may determine whether the partition window DW is positioned at the end of the first side of the temporary numeric string TNS (left side in FIG. 9) (step S501). 9, since the current partitioning window DW is not located at the first side end of the temporary number string TNS (step S501: No), the application server 100 sets the partitioning window DW to temporary A partial token PTK included in the partition window DW at the temporary numeric string TNS based on the token image file 110 is moved by one digit in the first lateral direction of the numeric string TNS (step S601) (&Quot; 49346 "in the case of FIG. 9) corresponding to the partial numeric string (" 86593 "in the case of FIG. 9) PNS) to update the temporary numeric string TNS (step S701).

Here, the partial numeric string PNS corresponding to the partial token PTK ("86593" in FIG. 9) contained in the partition window DW at the temporary numeric string TNS based on the token image file 110, (In the case of FIG. 9, "49346") may be performed in the same manner as described with reference to FIG.

Thereafter, the application server 100 may determine whether the partition window DW is positioned at the end of the first side of the temporary numeric string TNS (left side in FIG. 9) (step S501). 9, since the current partitioning window DW is not located at the first side end of the temporary number string TNS (step S501: No), the application server 100 sets the partitioning window DW to temporary A partial token PTK included in the partition window DW at the temporary numeric string TNS based on the token image file 110 is moved by one digit in the first lateral direction of the numeric string TNS (step S601) (In the case of FIG. 9, "12345") corresponding to the partial numeric string ("54934" in the case of FIG. 9) and generates the partial token (PTK) PNS) to update the temporary numeric string TNS (step S701).

Here, a partial numeric string PNS corresponding to the partial token PTK ("54934" in FIG. 9) contained in the partition window DW at the temporary numeric string TNS based on the token image file 110, (In the case of FIG. 9, "12345") may be performed in the same manner as described with reference to FIG.

Thereafter, the application server 100 may determine whether the partition window DW is positioned at the end of the first side of the temporary numeric string TNS (left side in FIG. 9) (step S501). 9, the application server 100 stores the temporary numeric string TNS in a secure state (step S501; YES), because the current partition window DW is located at the first side end of the temporary numeric string TNS (Step S801) as the original numeric string NS ("1234567" in FIG. 9) corresponding to the token STK ("6063949" in FIG. 9).

Although the decryption operation according to the present invention has been described in the application server 100 in which the token image file 110 is generated, the token image file 110 can be copied to any other server , And any server having the token image file 110 can generate a text string (NS) corresponding to the security token (STK) by performing the decryption operation as described above.

As described above with reference to FIGS. 1 to 10, according to the decoding method of the present invention, the token image file 110 is generated in advance using the token server 200, To decrypt the security token (STK) to generate the original numeric string (NS). Since it is not necessary to perform data communication with the token server 200 in the decryption process for the security token STK, the decryption rate can be improved, and even when the token server 200 fails, . ≪ / RTI >

According to the decryption method according to the present invention, the partition window DW is set at the first side end in the security token STK, and the partial token included in the partition window DW based on the token image file 110 (PNS) corresponding to the first side (PTK), replacing the partial token (PTK) with the partial number sequence (PNS), and thereafter dividing the window (PNS) corresponding to the partial token (PTK) included in the partition window DW based on the token image file 110 while moving the partial token PTK one digit to the end, Column (PNS) is repeated to generate the original numeric string (NS).

Therefore, according to the encryption / decryption method according to the present invention, since security tokens (STK) that are not similar to each other are generated for successive original numeric sequences NS and normally decrypted, the security tokens (STK) It may be difficult to infer the numeric sequences (NS). Therefore, the security of the encryption / decryption method according to the present invention can be further improved.

As described above, with reference to FIGS. 1 to 10, a description will be given of an encryption / decryption method capable of generating security tokens that are not similar to each other with respect to successive original text strings, and can generate the original text strings by normally decrypting the security tokens However, the present invention is not limited to this. That is, the encryption / decryption method for the numeric string is merely an example of the encryption / decryption method according to the embodiments of the present invention. According to the embodiment, the same encryption / decryption method as described above with reference to Figs. Lt; RTI ID = 0.0 > and / or < / RTI >

In this case, the token image file 110 includes original text ciphertexts in which all strings of N digits to (N + M) digits are replaced with N digits to (N + M) N + M) token ciphertexts that encipher the tokens corresponding to each of all the strings in place.

For example, when N is 3 and M is 2, all three-digit strings including aaa to zzz, all four-digit strings including aaaa to zzzz, and five-digit strings including aaaaa to zzzzz Generates the tokens corresponding to each of all the strings, generates the original text ciphertexts in which all the three-digit strings, the four-digit all strings, and all the strings of the five digits are encrypted, Encrypts the tokens corresponding to each of the strings, all the four-digit strings, and all the strings of the five digits to generate the token pass phrases, and associates the to- File 110 as shown in FIG.

The operation of encrypting the original text string based on the token image file 110 to generate a security token and decrypting the security token to generate the original text string may be performed by encrypting and decrypting the original text string described above with reference to FIGS. Can be performed in the same manner as the method of FIG. Therefore, redundant description of the encryption / decryption method for the original text string is omitted.

The encryption method and the decryption method according to the embodiments of the present invention are applied to a device that performs encryption and decryption on a numeric string to provide a high-security encryption / decryption service at a high speed without service interruption even when a token server fails . ≪ / RTI >

Although the preferred embodiments of the present invention have been disclosed for illustrative purposes, those skilled in the art will appreciate that various modifications, additions and substitutions are possible, without departing from the scope and spirit of the invention as disclosed in the accompanying claims. It will be understood that the invention may be modified and varied without departing from the scope of the invention.

Claims (13)

Token ciphertexts that associate and encrypt tokens ciphertexts encrypting all numeric strings of N ~ (N + M) digits and tokens corresponding to each of the N ~ (N + M) Generating an image file (N and M are positive integers);
Determining a length of the partition window to be less than or equal to the number of digits in the original text string, and having a length of N digits or more and (N + M) digits or less;
The method comprising: setting the partition window at a first side end of the original numeric string, generating a partial token corresponding to a partial numeric string included in the partition window in the original numeric string based on the token image file, Replacing the partial number sequence with the partial token to generate a temporary sequence of numbers;
Wherein the temporary window is shifted by one digit in the second lateral direction until the partition window arrives at the second side edge of the temporary number string, Generating a partial token corresponding to the partial numeric string, and replacing the partial numeric string with the partial token in the temporary numeric string to update the temporary string; And
Setting the partition window at the first side end of the temporary number column and generating a partial token corresponding to the partial number column included in the partition window in the temporary number column based on the token image file, Replacing the partial number string with the partial token and outputting the same as a security token corresponding to the original numeric string;
Wherein the partial token corresponds to a numeric string in the same position as the length of the partition window. 2. The method of claim 1, wherein determining the length of the partitioning window comprises:
Determining a length of the division window to be (N + M) digits when the number of digits in the original numeric string is (N + M) digits or more; And
And determining the length of the partition window as the number of digits in the original numeric string when the number of digits in the original numeric string is less than (N + M) digits. delete 2. The method of claim 1, wherein generating the token image file comprises:
Generating K-block tokens corresponding to each of all the digit strings of K (where K is an integer equal to or greater than N and equal to or less than (N + M));
Encrypting each of the digit strings of the K digits to generate K-block original text ciphertexts;
Encrypting each of the K-block tokens to generate K-block token pass phrases;
Generating K-block pairs by sorting the pairs of the K-block text ciphertexts and the K-block token ciphertexts corresponding to each other in ascending order based on the K-block token ciphertext;
Generating a K-block cipher index by sorting the serial numbers representing the order of the K-block pairs in ascending order based on the K-block original cipher text included in the K-block pairs; And
Storing the K-block pairs and the K-block encryption index as the token image file. 5. The method of claim 4, wherein each of the K-block text ciphertexts and the K-block token ciphertexts has a text format. 6. The method of claim 5, wherein generating the K-block text ciphertexts by encrypting each of the K digits of all the digit strings comprises:
Generating K-block temporary text ciphertexts by applying an encryption algorithm to each of the K digits of all the digit strings; And
And applying the BASE64 algorithm to each of the K-block temporary text ciphertexts to generate the K-block text ciphertexts,
Wherein the step of encrypting each of the K-block tokens to generate the K-block token pass phrases comprises:
Applying the encryption algorithm to each of the K-block tokens to generate K-block temporary token ciphertexts; And
And applying the BASE64 algorithm to each of the K-block temporary token ciphertexts to generate the K-block token ciphertexts. 5. The method of claim 4, wherein each of the K-block tokens comprises a K digit string. 5. The method of claim 4, wherein generating the partial token corresponding to the partial number sequence comprises:
Encrypting the partial numeric string to generate a partial numeric string cipher text;
Reading a partial token cipher text corresponding to the partial numeric string cipher text from the token image file; And
And decrypting the partial token ciphertext to generate the partial token. 9. The method of claim 8, wherein reading the partial token ciphertext corresponding to the partial number column ciphertext from the token image file comprises:
Determining a digit number of the partial numeric string corresponding to the partial numeric string cipher text;
Block cipher text that matches the partial numeric column cipher text in the K-block pairs based on the K-block cipher index included in the token image file when the partial numeric string is a K- Determining a matching K-block pair; And
And reading the K-block token ciphertext included in the matched K-block pair as the partial token ciphertext. 10. The method of claim 9, wherein determining the coincident K-
Block ciphers corresponding to the K-block cipher text and the K-block cipher text matching the K-block ciphertext by applying a binary search algorithm to the K-block cipher pairs and the K- And determining a block pair. Token ciphertexts that associate and encrypt tokens ciphertexts encrypting all numeric strings of N ~ (N + M) digits and tokens corresponding to each of the N ~ (N + M) Generating an image file (N and M are positive integers);
Determining a length of the partition window to be less than or equal to the number of digits of the security token and having a length of N digits or more and (N + M) digits or less;
Establishing the partition window at a first side end of the security token, generating a partial numeric sequence corresponding to a partial token included in the partition window in the security token based on the token image file, Replacing the token with the partial numeric string to generate a temporary numeric string;
Setting the partition window at a second side end of the temporary number column and generating a partial number column corresponding to the partial token included in the partition window in the temporary number column based on the token image file, Updating the temporary number string by replacing the partial token with the partial number string;
Wherein the partitioning window is included in the partitioning window in the temporary number sequence based on the token image file, while moving the partitioning window one by one in the first lateral direction until the partitioning window reaches the first side end of the temporary number string Generating a partial numeric string corresponding to the partial token and replacing the partial token with the partial numeric string in the temporary numeric string to update the temporary string; And
And outputting the temporary numeric string as a source text string corresponding to the security token,
Wherein the security token corresponds to a numeric string consisting of numbers. A token image file for associating and storing tokens and ciphertexts encrypting all of the N to M + N character strings and the token ciphers corresponding to the N to (N + M) (Where N and M are positive integers);
Determining a length of the partition window to be less than or equal to the number of digits of the original text string and having a length of N digits or more and (N + M) digits or less;
Setting a partition window at a first side end of the original text string, generating a partial token corresponding to the substring included in the partition window in the original text string based on the token image file, Replacing the partial token with the partial token to generate a temporary string;
Wherein the dividing window is shifted by one digit in the second lateral direction until the dividing window reaches the second side end of the temporary string, Generating a partial token corresponding to the string, and replacing the partial string with the partial token in the temporary string to update the temporary string; And
Setting the partition window at the first side end of the temporary string, generating a partial token corresponding to the partial character string included in the partition window in the temporary character string based on the token image file, Replacing the string with the partial token and outputting it as a security token corresponding to the original character string,
Wherein the partial token corresponds to a string of the same length as the length of the partition window. A token image file for associating and storing tokens and ciphertexts encrypting all of the N to M + N character strings and the token ciphers corresponding to the N to (N + M) (Where N and M are positive integers);
Determining a length of the partition window to be less than or equal to the number of digits of the security token and having a length of N digits or more and (N + M) digits or less;
Establishing the partition window at a first side end of the security token, generating a substring corresponding to the partial token included in the partition window in the security token based on the token image file, With the substring to generate a temporary string;
Setting the partition window at a second side end of the temporary string, generating a substring corresponding to the partial token included in the partitioning window in the temporary string based on the token image file, Replacing the temporary string with the temporary string to update the temporary string;
The portion of the temporary string that is included in the partitioning window in the temporary string based on the token image file, while moving the partitioning window one by one in the first lateral direction until the partitioning window reaches the first side end of the temporary string, Generating a substring corresponding to the token and replacing the partial token with the substring in the temporary string to update the temporary string; And
And outputting the temporary string as a source text string corresponding to the security token,
Wherein the security token corresponds to a string of characters.

Images