CN105515760A - Information encryption method, information decryption method and information encryption and decryption system - Google Patents

Abstract

The invention relates to an information encryption method, an information encryption device, an information decryption method, an information decryption device and an information encryption and decryption system. The information encryption method comprises the steps of receiving an encryption request, and wherein information to be encrypted, a user identifier and encryption strength are carried in the encryption request; obtaining secret keys with corresponding quantity belonging to corresponding users according to the user identifier and the encryption strength; and encrypting the information to be encrypted for times of the corresponding quantity according to the obtained secret keys with the corresponding quantity, and thereby outputting a final cryptograph. According to the information encryption method, the secret keys with the corresponding quantity belonging to the corresponding users are obtained according to the user identifier and the encryption strength, then the information to be encrypted is encrypted for times of the corresponding quantity according to the obtained secret keys with the corresponding quantity, namely the difficulty of breaking the cryptograph can be greatly increased through multiple encryption by the multiple secret keys, and thereby the information security is improved.

Description

Information ciphering method, information decryption method and information encrypting and deciphering system

Technical field

The disclosure relates to communication technical field, particularly relates to a kind of information ciphering method and equipment, information decryption method and equipment and information encrypting and deciphering system.

Background technology

Present society is the epoch of an information, and increasing information is stored in the various equipment such as computer, mobile phone.But some important information such as identification card number, cell-phone number, the information such as bank's card number can cause very large puzzlement to the life of individual, even cause serious property loss and privacy leakage after being revealed or being stolen.Therefore, need to be encrypted storage to some important informations, even if to accomplish that others has stolen these information, also cannot use.

Current enciphering and deciphering algorithm, such as triple DEA (3DES) and Advanced Encryption Standard (AES) etc., because present computer run speed goes is fast, also has the development of various distributed type assemblies technology, the possibility of Brute Force password is increasing, uses the reliability of disclosed 3DES and AES scheduling algorithm to have a greatly reduced quality so simple.Therefore, in the urgent need to providing the encipher-decipher method of a kind of high security, high reliability.

Summary of the invention

For overcoming Problems existing in correlation technique, the disclosure provides a kind of information ciphering method and equipment, information decryption method and equipment and information encrypting and deciphering system.

According to the first aspect of disclosure embodiment, a kind of information ciphering method is provided, comprises:

Receive CIPHERING REQUEST, in described CIPHERING REQUEST, carry information to be encrypted, user's identifier and Cipher Strength;

According to described user's identifier and described Cipher Strength, obtain the key belonging to corresponding user's respective amount;

According to the double secret key of the respective amount obtained, information to be encrypted carries out respective amount time encryption, to export final ciphertext.

In one embodiment, information to be encrypted described in the double secret key of the described respective amount according to obtaining carries out respective amount time encryption, to export final ciphertext, comprising:

When respective amount is n, generate first ciphertext according to described content to be encrypted, first key and current crypto total degree;

I-th ciphertext is generated according to the i-th-1 ciphertext, i-th key and current crypto total degree, wherein, 2≤i≤n, and i is integer.

In one embodiment, described method also comprises:

Receive registration request, the address of the expectation frequency of utilization of the eliminative mechanism of the kind of the person's of portably using essential information, enciphered message, key, key, Cipher Strength, user's mark and access equipment in described registration request;

Return registration response.

In one embodiment, described method also comprises:

Obtain the parameter information of user's input, described parameter information comprises the eliminative mechanism of number of keys and described key;

Generate key information corresponding to described user according to described parameter information, and by described key storage in the first pool of keys, described key information has corresponding key identifier, and described key identifier represents the eliminative mechanism of described key.

In one embodiment, described method also comprises:

Add up the use information of described key, described use information comprises access times or service time;

When the use information of described key meets corresponding eliminative mechanism, described key information is transferred to the second pool of keys from described first pool of keys.

In one embodiment, described method also comprises:

Obtain the operation information of current system;

If described operation information reaches arbitrary alert if, then carry out warning reminding;

The frequency of utilization that described alert if comprises key information be greater than corresponding expectation frequency of utilization, user register power lower than the first predetermined threshold value, be encrypted to the key information usage quantity of power lower than the second predetermined threshold value or all users all lower than predetermined number.

According to the second aspect of disclosure embodiment, a kind of information decryption method is provided, comprises:

Receiving and deciphering request, carries ciphertext, user's identifier and Cipher Strength in described decoding request;

When described ciphertext is the discernible ciphertext of current system, described ciphertext is decrypted, to obtain raw information;

According to described user's identifier and described Cipher Strength, obtain the key belonging to corresponding user's respective amount;

According to the double secret key of the respective amount obtained, raw information carries out respective amount time encryption, to export the raw information after described raw information and encryption.

In one embodiment, described described ciphertext to be decrypted, to obtain raw information, to comprise:

When described Cipher Strength is n, i-th key used when obtaining generate described ciphertext according to described ciphertext, uses described i-th key and i to be decrypted described ciphertext, obtains the i-th-1 ciphertext, wherein, and 2≤i≤n, and i is integer;

First key used when obtaining generate described first ciphertext according to first ciphertext, uses ciphertext described in described first key and a pair to be decrypted, and obtains raw information.

In one embodiment, raw information described in the double secret key of the described respective amount according to obtaining carries out respective amount time encryption, comprising:

When respective amount is n, generate first ciphertext according to described raw information, first key and current crypto total degree;

Generate i-th ciphertext according to the i-th-1 ciphertext, i-th key and current crypto total degree, described i-th ciphertext is the raw information after encryption, wherein, and 2≤i≤n, and i is integer.

In one embodiment, described method also comprises:

Add up the use information of described key, described use information comprises access times or service time, and described key is arranged in the first pool of keys;

When the use information of described key meets corresponding eliminative mechanism, described key is transferred to the second pool of keys from described first pool of keys.

According to the third aspect of disclosure embodiment, a kind of information encrypting and deciphering system is provided, comprises:

Key management module, be configured to the parameter information obtaining user's input, generate key information corresponding to described user according to described parameter information, and by described key storage in the first pool of keys, described parameter information comprises the eliminative mechanism of number of keys and described key;

Encrypting module, be configured to receive CIPHERING REQUEST, information to be encrypted, user's identifier and Cipher Strength is carried in described CIPHERING REQUEST, according to described user's identifier and described Cipher Strength, the key belonging to corresponding user's respective amount is obtained from described first pool of keys, and according to the double secret key of the respective amount obtained, information to be encrypted carries out respective amount time encryption, to export final ciphertext.

In one embodiment, described system also comprises:

Deciphering module, is configured to receiving and deciphering request, carries ciphertext, user's identifier and Cipher Strength in described decoding request; When described ciphertext is the discernible ciphertext of current system, described ciphertext is decrypted, to obtain raw information; According to described user's identifier and described Cipher Strength, obtain the key belonging to corresponding user's respective amount; According to the double secret key of the respective amount obtained, raw information carries out respective amount time encryption, to export the raw information after described raw information and encryption.

In one embodiment, when respective amount is n, described encrypting module comprises:

First generates submodule, is configured to generate first ciphertext according to described content to be encrypted, first key and current crypto total degree;

I-th generates submodule, is configured to generate i-th ciphertext according to the i-th-1 ciphertext, i-th key and current crypto total degree, wherein, and 2≤i≤n, and i is integer.

In one embodiment, when respective amount is n, described deciphering module comprises:

I-th deciphering submodule, is configured to: i-th key used when obtaining generate described ciphertext according to described ciphertext, uses described i-th key and i to be decrypted described ciphertext, obtain the i-th-1 ciphertext, wherein, and 2≤i≤n, and i is integer;

First deciphering submodule, is configured to: first key used when obtaining generate described first ciphertext according to first ciphertext, uses ciphertext described in described first key and a pair to be decrypted, obtains raw information.

In one embodiment, when respective amount is n, described deciphering module comprises:

First generates submodule, is configured to when respective amount is n, generates first ciphertext according to described raw information, first key and current crypto total degree;

I-th generates submodule, is configured to generate i-th ciphertext according to the i-th-1 ciphertext, i-th key and current crypto total degree, and described i-th ciphertext is the raw information after encryption, wherein, and 2≤i≤n, and i is integer.

In one embodiment, described key management module, is also configured to:

Add up the use information of described key, described use information comprises access times or service time;

When the use information of described key meets corresponding eliminative mechanism, described key information is transferred to the second pool of keys from described first pool of keys.

In one embodiment, described system also comprises:

Auditing module, be configured to receive registration request, in described registration request, the person of portably using is based on the address of the expectation frequency of utilization of the eliminative mechanism of the kind of information, enciphered message, key, key, Cipher Strength, user's mark and access equipment, and returns registration response.

In one embodiment, described system also comprises:

Monitoring alarm module, is configured to the operation information obtaining current system, if described operation information reaches arbitrary alert if, then carries out warning reminding;

The frequency of utilization that described alert if comprises key information be greater than corresponding expectation frequency of utilization, user register power lower than the first predetermined threshold value, be encrypted to the key information usage quantity of power lower than the second predetermined threshold value or all users all lower than predetermined number.

According to the fourth aspect of disclosure embodiment, a kind of information encryption equipment is provided, comprises:

Processor;

For the memory of storage of processor executable instruction;

Wherein, processor is configured to:

Receive CIPHERING REQUEST, in described CIPHERING REQUEST, carry information to be encrypted, user's identifier and Cipher Strength;

According to described user's identifier and described Cipher Strength, obtain the key belonging to corresponding user's respective amount;

According to the double secret key of the respective amount obtained, information to be encrypted carries out respective amount time encryption, to export final ciphertext.

According to the 5th aspect of disclosure embodiment, a kind of decrypts information equipment is provided, comprises:

Processor;

For the memory of storage of processor executable instruction;

Wherein, processor is configured to:

Receiving and deciphering request, carries ciphertext, user's identifier and Cipher Strength in described decoding request;

When described ciphertext is the discernible ciphertext of current system, described ciphertext is decrypted, to obtain raw information;

According to described user's identifier and described Cipher Strength, obtain the key belonging to corresponding user's respective amount;

According to the double secret key of the respective amount obtained, raw information carries out respective amount time encryption, to export the raw information after described raw information and encryption.

The technical scheme that embodiment of the present disclosure provides can comprise following beneficial effect: obtain according to user's identifier and Cipher Strength the key belonging to corresponding user's respective amount, then respective amount time encryption is carried out according to the double secret key information to be encrypted of the respective amount obtained, namely repeatedly encrypted the difficulty that greatly can improve ciphertext and be cracked by multiple key, thus improve the fail safe of information.

Should be understood that, it is only exemplary and explanatory that above general description and details hereinafter describe, and can not limit the disclosure.

Accompanying drawing explanation

Accompanying drawing to be herein merged in specification and to form the part of this specification, shows embodiment according to the invention, and is used from specification one and explains principle of the present invention.

Fig. 1 is the flow chart of a kind of information ciphering method according to an exemplary embodiment.

Fig. 2 is the flow chart of the another kind of information ciphering method according to an exemplary embodiment.

Fig. 3 is the flow chart of the another kind of information ciphering method according to an exemplary embodiment.

Fig. 4 is the flow chart of the another kind of information ciphering method according to an exemplary embodiment.

Fig. 5 is the flow chart of a kind of information decryption method according to an exemplary embodiment.

Fig. 6 is the block diagram of a kind of information encrypting and deciphering system according to an exemplary embodiment.

Fig. 7 is the block diagram of the another kind of information encrypting and deciphering system according to an exemplary embodiment.

Fig. 8 is the block diagram of the another kind of information encrypting and deciphering system according to an exemplary embodiment.

Fig. 9 A-9B is the block diagram of the another kind of information encrypting and deciphering system according to an exemplary embodiment.

Figure 10 is the block diagram of the another kind of information encrypting and deciphering system according to an exemplary embodiment.

Figure 11 is the block diagram of the another kind of information encrypting and deciphering system according to an exemplary embodiment.

Figure 12 is the block diagram of the another kind of information encrypting and deciphering system according to an exemplary embodiment.

Figure 13 is a kind of block diagram being applicable to information encryption equipment according to an exemplary embodiment.

Figure 14 is a kind of block diagram being applicable to decrypts information equipment according to an exemplary embodiment.

Embodiment

Here will be described exemplary embodiment in detail, its sample table shows in the accompanying drawings.When description below relates to accompanying drawing, unless otherwise indicated, the same numbers in different accompanying drawing represents same or analogous key element.Execution mode described in following exemplary embodiment does not represent all execution modes consistent with the present invention.On the contrary, they only with as in appended claims describe in detail, the example of apparatus and method that aspects more of the present invention are consistent.

Fig. 1 is the flow chart of a kind of information ciphering method according to an exemplary embodiment, and as shown in Figure 1, this information ciphering method can be applicable to, on information encryption system, comprise the following steps S101-S103:

In step S101, receive CIPHERING REQUEST, in this CIPHERING REQUEST, carry information to be encrypted, user's identifier and Cipher Strength.

In this embodiment, information encryption system can receive the CIPHERING REQUEST of user's input, can carry information to be encrypted, user's identifier and Cipher Strength in this CIPHERING REQUEST.

Due to this embodiment provides encryption method can for multiple user, and each user can use different keys to be encrypted, therefore, in CIPHERING REQUEST, need the person's of portably using identifier, in this embodiment, user refers to the user of the encryption method using the disclosure to provide.

Wherein, user can arrange Cipher Strength according to the importance of information to be encrypted, and Cipher Strength is higher, and the difficulty that ciphertext is cracked is larger.Cipher Strength represents encryption number of times, and such as Cipher Strength is 3, then the follow-up key needing acquisition 3 different, and uses these 3 keys to carry out 3 encryptions.

In step s 102, according to user's identifier and Cipher Strength, obtain the key belonging to corresponding user's respective amount.

Because each user has the key of one's own some, therefore, in this embodiment, information encryption system needs to obtain according to user's identifier and Cipher Strength the key belonging to corresponding user's respective amount.

It should be noted that, the key in this embodiment can be represented by key identifier, can change therebetween.

In step s 103, respective amount time encryption is carried out, to export final ciphertext according to the double secret key information to be encrypted of the respective amount obtained.

Suppose, in this embodiment, obtain n key, then generate first ciphertext according to content to be encrypted, first key and current crypto total degree, then generate i-th ciphertext according to the i-th-1 ciphertext, i-th key and current crypto total degree, wherein, 2≤i≤n, and i is integer.

As n=3, the key of acquisition is called key_1, key_2 and key_3, the process be then encrypted is: content to be encrypted, this three part of key_1 and 1 are regularly arranged into first ciphertext by certain, then first ciphertext, this three part of key_2 and 2 are regularly arranged into second ciphertext by certain, then second ciphertext, this three part of key_3 and 3 are regularly arranged into the 3rd ciphertext by certain, the 3rd ciphertext is the final ciphertext of output.

Above-mentioned information ciphering method embodiment, the key belonging to corresponding user's respective amount is obtained according to user's identifier and Cipher Strength, then respective amount time encryption is carried out according to the double secret key information to be encrypted of the respective amount obtained, namely repeatedly encrypted the difficulty that greatly can improve ciphertext and be cracked by multiple key, thus improve the fail safe of information.

Fig. 2 is the flow chart of the another kind of information ciphering method according to an exemplary embodiment, as shown in Figure 2, comprises the steps:

In step s 201, receive registration request, the address of the expectation frequency of utilization of the eliminative mechanism of the kind of the person's of portably using essential information, enciphered message, key, key, Cipher Strength, user's mark and access equipment in this registration request.

In this embodiment, the user that each information ciphering method thinking that use disclosure embodiment provides is encrypted information, needs to register on this information encryption system.Need the information that input is necessary when registration, these information comprise: user basic information, the director of such as user and contact method etc. thereof; The kind of enciphered message, such as ID, cell-phone number etc.; The eliminative mechanism of key, such as, eliminate according to access times or eliminate service time; Estimate the Cipher Strength used; The expectation frequency of utilization of key; The information such as the IP address of access equipment and user ID.

In step S202, return registration response.

After user's registration information has inputted, keeper can be regular log-on message is audited, for auditing the user passed through, keeper needs the configuration carrying out some necessity, then return to respective user response of succeeding in registration, such user just can use the client of information encryption system to visit native system.

For the unsanctioned user of examination & verification, then return registration failure response to respective user.The method that the user receiving registration failure response cannot use the present embodiment to provide is encrypted.

As can be seen here, this embodiment can carry out the certification of each side to user, and such as, the multiple certifications such as the IP address of access equipment and user's identifier, effectively ensure that the legitimacy of user.

In this embodiment, because each user has an identifier, therefore, the information ciphering method that each user can independently use information encryption system to provide separately, is independent of each other.Like this, the information of a user has been cracked, and can not impact other users.

In step S203, obtain the parameter information of user's input, this parameter information comprises the eliminative mechanism of number of keys and key.

In this embodiment, for auditing the user passed through, information encryption system can obtain the parameter information of input, and this parameter information can comprise the eliminative mechanism of number of keys and key.

In step S204, generate key information corresponding to user according to parameter information, and by key storage in the first pool of keys.

Information encryption system is after acquisition parameter information, and can generate key information corresponding to user according to this parameter information, this key information has corresponding key identifier, and this key identifier can represent the eliminative mechanism of key.Namely the key of a user can have one or more eliminative mechanism, and such as, user can arrange maximum access times or the longest service time etc. of each key as required.

The key information generated can be stored in the first pool of keys.In this embodiment, first pool of keys can use distributed data base (hbase) to store, also can use distributed storage database (tt-server), the databases such as distribution type file stored data base (mongodb) store.

In step S205, receive CIPHERING REQUEST, in this CIPHERING REQUEST, carry information to be encrypted, user's identifier and Cipher Strength.

In this embodiment, Cipher Strength is larger, and secret grade is higher, and the difficulty be cracked is larger.

In step S206, according to user's identifier and Cipher Strength, obtain the key belonging to corresponding user's respective amount.

Because each user has the key of one's own some, therefore, in this embodiment, information encryption equipment needs to obtain according to user's identifier and Cipher Strength the key belonging to corresponding user's respective amount.

In step S207, carry out respective amount time encryption, to export final ciphertext according to the double secret key information to be encrypted of the respective amount obtained.

Suppose, in this embodiment, obtain n key, then generate first ciphertext according to content to be encrypted, first key and current crypto total degree, then generate i-th ciphertext according to the i-th-1 ciphertext, i-th key and current crypto total degree, wherein, 2≤i≤n, and i is integer.

As n=3, the key of acquisition is called key_1, key_2 and key_3, the process be then encrypted is: content to be encrypted, this three part of key_1 and 1 are regularly arranged into first ciphertext by certain, then first ciphertext, this three part of key_2 and 2 are regularly arranged into second ciphertext by certain, then second ciphertext, this three part of key_3 and 3 are regularly arranged into the 3rd ciphertext by certain, the 3rd ciphertext is the final ciphertext of output.

In this embodiment, the ciphertext that same confidential information of waiting for the right price obtains after encrypting at every turn may be all different, because each key used may be different.

In step S208, the use information of statistics key, this use information comprises access times or service time.

In this embodiment, use the information such as access times or service time of adding up key are needed.

Such as, access times or the service time of adding up key_1, key_2 and key_3 is needed.

In step S209, when the use information of key meets corresponding eliminative mechanism, key information is transferred to the second pool of keys from the first pool of keys.

In this embodiment, when key eliminates according to access times, and access times reach maximum access times, then deleted from the first pool of keys by this key, are put in the second pool of keys.

When key is according to eliminating service time, and service time reaches the longest service time, then deleted from the first pool of keys by this key, is put in the second pool of keys.

It should be noted that, the key in the second pool of keys can't be deleted at once, usually just can be deleted cleaning up hill and dale through such as 3 years for a long time.

Above-mentioned information ciphering method embodiment, by carrying out the certification of each side to user, effectively ensure that the legitimacy of user; The eliminative mechanism of key can be set flexibly according to the importance of information to be encrypted; For important information, Cipher Strength can be set flexibly, improve the difficulty be cracked.

Fig. 3 is the flow chart of the another kind of information ciphering method according to an exemplary embodiment, as shown in Figure 3, after step S209, can also comprise the steps:

In step S210, obtain the operation information of current system.

In this embodiment, can monitor the ruuning situation of current system, to obtain the operation information of current system, this operation information can call frequency including, but not limited to current system, the authentication success rate of user, each user can number of keys, the frequency of utilization etc. of each user.

In step S211, if the operation information obtained reaches arbitrary alert if, then carry out warning reminding.

Wherein, alert if can including, but not limited to the frequency of utilization of key information be greater than corresponding expectation frequency of utilization, user register power lower than the first predetermined threshold value, be encrypted to the key information usage quantity of power lower than the second predetermined threshold value, all users all lower than predetermined number, whether frequency of utilization is greater than predeterminated frequency etc.

In this embodiment, if the operation information of current system reaches any one alert if, then warning reminding can be carried out.

Such as, if monitor certain user to improve frequency of utilization suddenly, then can obtain the contact method such as cell-phone number of this user, and inquire reason, pretend to be this user at the information ciphering method using current system to provide to avoid other people.

Above-mentioned information ciphering method embodiment, when the operation information obtained reaches arbitrary alert if, carry out warning reminding, can monitor the behavior of user and current system, ensure that the fail safe of system, thus ensure that the fail safe of the information ciphering method that native system provides.

Fig. 4 is the flow chart of the another kind of information ciphering method according to an exemplary embodiment, as shown in Figure 4, after step S209, can also comprise the steps:

In step S212, obtain the statistical information of current system.

In this embodiment, can obtain the statistical information of current system, this statistical information can have how many users in current system, the relevant information of each user, the IP address of access, identifier, the frequency of access, the key service condition of each user, such as employ how many keys altogether, have how many keys to be eliminated, what the reason of eliminating is, the information such as the key of current use has how many, the average time that key uses.

In step S213, statistical information is represented with the form of graphics table, check ruuning situation and the system of the discovery Problems existing of current system to facilitate keeper according to graphics table.

After acquisition statistical information, these statistical informations can be shown with the form of graphics table, like this, keeper better can check the ruuning situation of system, finds potential problem.

In addition, it should be noted that, above-mentioned steps S212-S213 also can perform after S211, but not shown.

Above-mentioned information ciphering method embodiment, by statistical information is represented with the form of graphics table, thus facilitate keeper to check ruuning situation and the system of the discovery Problems existing of current system according to graphics table, and then can solve a problem promptly, ensure the fail safe of current system.

Fig. 5 is the flow chart of a kind of information decryption method according to an exemplary embodiment, and the method can be applicable to decrypts information system, and as shown in Figure 5, the method comprises the following steps:

In step S501, receiving and deciphering request, carries ciphertext, user's identifier and Cipher Strength in this decoding request.

In this embodiment, if user wants to decipher certain ciphertext, then can submit decoding request to this decrypts information system, ciphertext can be carried in this decoding request, want to decipher user's identifier and the Cipher Strength of this ciphertext.

Wherein, the Cipher Strength used when Cipher Strength is and generates this ciphertext.Such as, Cipher Strength during this ciphertext of encryption generation is 3, then the Cipher Strength of carrying in this decoding request is 3.

In step S502, when ciphertext is the discernible ciphertext of current system, ciphertext is decrypted, to obtain raw information.

In this embodiment, first ciphertext is identified, if None-identified, then show that it is not the ciphertext that the information ciphering method using the disclosure to provide is encrypted, so directly return an error code.If can identify, then ciphertext is decrypted, to obtain raw information.

Due to the n-th ciphertext be (n-1)th ciphertext, the n-th key and current crypto total degree according to certain generate rule, therefore whether can meet this rule according to this ciphertext, judge its whether identifiable design.Suppose that this ciphertext can identify, then can obtain (n-1)th ciphertext, the like, can raw information be obtained.

It should be noted that, the key in this embodiment can be represented by key identifier, can change therebetween.

In this embodiment, the process obtaining raw information can be:

When Cipher Strength is n, i-th key used when obtaining generating ciphertext according to this ciphertext, uses i-th key and i to be decrypted ciphertext, obtains the i-th-1 ciphertext, wherein, and 2≤i≤n, and i is integer; First key used when then obtaining generation first ciphertext according to first ciphertext, uses first key and a pair ciphertext to be decrypted, and obtains raw information.

As can be seen here, the process be decrypted this ciphertext is the inverse process that encryption generates this ciphertext.

In addition, in this embodiment, while deciphering, access times or the service time of the use information such as key of key can be added up, after deciphering completes, judge whether the use information of key meets corresponding eliminative mechanism, if met, is then transferred to the second pool of keys from the first pool of keys by key.

In step S503, according to user's identifier and Cipher Strength, obtain the key belonging to corresponding user's respective amount.

In this embodiment, after acquisition raw information, directly do not export this ciphertext and raw information, but encryption is re-started to raw information, then use new ciphertext to replace old ciphertext, thus raising cracks difficulty.Therefore, need to reselect a respective amount key according to Cipher Strength.

In step S504, carry out respective amount time encryption according to the double secret key raw information of the respective amount obtained, to export the raw information after raw information and encryption.

In this embodiment, be: when respective amount is n generate first ciphertext according to raw information, first key and current crypto total degree to the process that raw information is encrypted; Generate i-th ciphertext according to the i-th-1 ciphertext, i-th key and current crypto total degree, i-th ciphertext is the raw information after encryption, wherein, and 2≤i≤n, and i is integer.

As can be seen here, the process be encrypted raw information is identical with the process of generating ciphertext, but the key difference owing to adopting, so the final ciphertext generated is also different.

As can be seen here, in this embodiment, for an important information, the process of deciphering is again the process of an encryption simultaneously, namely after subsequent decryption goes out raw information, according to Cipher Strength, raw information is encrypted, like this, old ciphertext just cannot be cracked, thus improves by the difficulty of Brute Force.

In addition, in the process that raw information is encrypted, still need the use information of adding up key, and when the use information of key meets corresponding eliminative mechanism, key is transferred to the second pool of keys from the first pool of keys.

Alternatively, this embodiment also can comprise the execution step shown in Fig. 3 and Fig. 4.If comprise the execution step shown in Fig. 3, then can comprise in operation information and be decrypted into power.

Above-mentioned information decryption method embodiment, after decrypting raw information, is encrypted raw information according to Cipher Strength, and like this, old ciphertext just cannot be cracked, thus improves by the difficulty of Brute Force.

Corresponding with aforementioned information encryption method, information decryption method embodiment, the disclosure additionally provides information encrypting and deciphering system embodiment.

Fig. 6 is the block diagram of a kind of information encrypting and deciphering system according to an exemplary embodiment, and as shown in Figure 6, this information encrypting and deciphering system comprises: key management module 61 and encrypting module 62.

Key management module 61 is configured to the parameter information obtaining user's input, generate key information corresponding to user, and by key storage in the first pool of keys, parameter information comprises the eliminative mechanism of number of keys and key according to parameter information.

In this embodiment, for auditing the user passed through, key management module 61 can obtain the parameter information of input, and this parameter information can comprise the eliminative mechanism of number of keys and key.

Key management module 61 is after acquisition parameter information, and can generate key information corresponding to user according to this parameter information, this key information has corresponding key identifier, and this key identifier can represent the eliminative mechanism of key.Namely the key of a user can have one or more eliminative mechanism, and such as, user can arrange maximum access times or the longest service time etc. of each key as required.

The key information generated can be stored in the first pool of keys.In this embodiment, the first pool of keys can use distributed data base (hbase) to store, and also can use tt-server, and the databases such as distribution type file stored data base (mongodb) store.

Encrypting module 62 is configured to receive CIPHERING REQUEST, information to be encrypted, user's identifier and Cipher Strength is carried in this CIPHERING REQUEST, according to user's identifier and Cipher Strength, the key belonging to corresponding user's respective amount is obtained from the first pool of keys, and carry out respective amount time encryption, to export final ciphertext according to the double secret key information to be encrypted of the respective amount obtained.

In this embodiment, encrypting module 62 can receive the CIPHERING REQUEST of user's input, can carry information to be encrypted, user's identifier and Cipher Strength in this CIPHERING REQUEST.

Due to this embodiment provides encryption method can for multiple user, and each user can use different keys to be encrypted, therefore, in CIPHERING REQUEST, need the person's of portably using identifier, in this embodiment, user refers to the user of the encryption method using the disclosure to provide.

Wherein, user can arrange Cipher Strength according to the importance of information to be encrypted, and Cipher Strength is higher, and the difficulty that ciphertext is cracked is larger.Cipher Strength represents encryption number of times, and such as Cipher Strength is 3, then the follow-up key needing acquisition 3 different, and uses these 3 keys to carry out 3 encryptions.

Because each user has the key of one's own some, therefore, in this embodiment, encrypting module 62 can obtain according to user's identifier and Cipher Strength the key belonging to corresponding user's respective amount.

It should be noted that, the key in this embodiment can be represented by key identifier, can change therebetween.

Suppose, in this embodiment, obtain n key, then encrypting module 62 generates first ciphertext according to content to be encrypted, first key and current crypto total degree, then i-th ciphertext is generated according to the i-th-1 ciphertext, i-th key and current crypto total degree, wherein, 2≤i≤n, and i is integer.

As n=3, the key of acquisition is called key_1, key_2 and key_3, the process that then encrypting module 62 is encrypted is: content to be encrypted, this three part of key_1 and 1 are regularly arranged into first ciphertext by certain, then first ciphertext, this three part of key_2 and 2 are regularly arranged into second ciphertext by certain, then second ciphertext, this three part of key_3 and 3 are regularly arranged into the 3rd ciphertext by certain, the 3rd ciphertext is the final ciphertext of output.

System is as shown in Figure 6 for realizing above-mentioned method flow as shown in Figure 1 or 2, and the related content related to describes identical, does not repeat herein.

Above-mentioned information encrypting and deciphering system embodiment, the key belonging to corresponding user's respective amount is obtained according to user's identifier and Cipher Strength, then respective amount time encryption is carried out according to the double secret key information to be encrypted of the respective amount obtained, namely repeatedly encrypted the difficulty that greatly can improve ciphertext and be cracked by multiple key, thus improve the fail safe of information.

Fig. 7 is the block diagram of the another kind of information encrypting and deciphering system according to an exemplary embodiment, and as shown in Figure 7, on above-mentioned basis embodiment illustrated in fig. 6, this system also can comprise: deciphering module 63.

Deciphering module 63 is configured to receiving and deciphering request, carries ciphertext, user's identifier and Cipher Strength in this decoding request; When ciphertext is the discernible ciphertext of current system, ciphertext is decrypted, to obtain raw information; According to user's identifier and Cipher Strength, obtain the key belonging to corresponding user's respective amount; Respective amount time encryption is carried out, to export the raw information after raw information and encryption according to the double secret key raw information of the respective amount obtained.

In this embodiment, if user wants to decipher certain ciphertext, then can submit decoding request to this information encrypting and deciphering system, ciphertext can be carried in this decoding request, want to decipher user's identifier and the Cipher Strength of this ciphertext.

Wherein, the Cipher Strength used when Cipher Strength is and generates this ciphertext.Such as, Cipher Strength during this ciphertext of encryption generation is 3, then the Cipher Strength of carrying in this decoding request is 3.

In this embodiment, first deciphering module 63 identifies ciphertext, if None-identified, then shows that it is not the ciphertext that the information ciphering method using the disclosure to provide is encrypted, so directly returns an error code.If can identify, then ciphertext is decrypted, to obtain raw information.

Due to the n-th ciphertext be (n-1)th ciphertext, the n-th key and current crypto total degree according to certain generate rule, therefore whether can meet this rule according to this ciphertext, judge its whether identifiable design.Suppose that this ciphertext can identify, then can obtain (n-1)th ciphertext, the like, can raw information be obtained.

It should be noted that, the key in this embodiment can be represented by key identifier, can change therebetween.

In this embodiment, deciphering module 63 obtains the process of raw information and can be:

When Cipher Strength is n, i-th key used when obtaining generating ciphertext according to this ciphertext, uses i-th key and i to be decrypted ciphertext, obtains the i-th-1 ciphertext, wherein, and 2≤i≤n, and i is integer; First key used when then obtaining generation first ciphertext according to first ciphertext, uses first key and a pair ciphertext to be decrypted, and obtains raw information.

As can be seen here, the process be decrypted this ciphertext is the inverse process that encryption generates this ciphertext.

In addition, in this embodiment, while deciphering, key management module 61 can add up access times or the service time of the use information such as key of key, after deciphering completes, judge whether the use information of key meets corresponding eliminative mechanism, if met, is then transferred to the second pool of keys from the first pool of keys by key.

In this embodiment, after acquisition raw information, deciphering module 63 does not directly export this ciphertext and raw information, but re-starts encryption to raw information, then uses new ciphertext to replace old ciphertext, thus raising cracks difficulty.Therefore, need to reselect a respective amount key according to Cipher Strength.

In this embodiment, be: when respective amount is n generate first ciphertext according to raw information, first key and current crypto total degree to the process that raw information is encrypted; Generate i-th ciphertext according to the i-th-1 ciphertext, i-th key and current crypto total degree, i-th ciphertext is the raw information after encryption, wherein, and 2≤i≤n, and i is integer.

As can be seen here, the process be encrypted raw information is identical with the process of generating ciphertext, but the key difference owing to adopting, so the final ciphertext generated is also different.

As can be seen here, in this embodiment, for an important information, the process of deciphering is again the process of an encryption simultaneously, namely after subsequent decryption goes out raw information, according to Cipher Strength, raw information is encrypted, like this, old ciphertext just cannot be cracked, thus improves by the difficulty of Brute Force.

In addition, in the process be encrypted raw information, key management module 61 still needs the use information of adding up key, and when the use information of key meets corresponding eliminative mechanism, is transferred to the second pool of keys by key from the first pool of keys.

System is as shown in Figure 7 for realizing above-mentioned method flow as shown in Figure 5, and the related content related to describes identical, does not repeat herein.

Above-mentioned information encrypting and deciphering system embodiment, after decrypting raw information, is encrypted raw information according to Cipher Strength, and like this, old ciphertext just cannot be cracked, thus improves by the difficulty of Brute Force.

Fig. 8 is the block diagram of the another kind of information encrypting and deciphering system according to an exemplary embodiment, as shown in Figure 8, on above-mentioned basis embodiment illustrated in fig. 6, when respective amount is n, encrypting module 62 can comprise: first generates submodule 621 and i-th generates submodule 622.

First generates submodule 621 is configured to generate first ciphertext according to content to be encrypted, first key and current crypto total degree.

I-th generates submodule 622 is configured to generate i-th ciphertext according to the i-th-1 ciphertext, i-th key and current crypto total degree, wherein, and 2≤i≤n, and i is integer.

In this embodiment, key management module 61 also can be configured to: the use information of statistics key, and use information comprises access times or service time; When the use information of key meets corresponding eliminative mechanism, key information is transferred to the second pool of keys from the first pool of keys.

System is as shown in Figure 8 for realizing above-mentioned method flow as shown in Figure 1 or 2, and the related content related to describes identical, does not repeat herein.

Above-mentioned information encrypting and deciphering system embodiment, repeatedly encrypts according to multiple information and generates final ciphertext, ciphertext is not easily cracked, improves the fail safe of ciphertext.

Fig. 9 A is the block diagram of the another kind of information encrypting and deciphering system according to an exemplary embodiment, as shown in Figure 9 A, on above-mentioned basis embodiment illustrated in fig. 7, when respective amount is n, deciphering module 63 can comprise: the i-th deciphering submodule 631 and the first deciphering submodule 632.

I-th deciphering submodule 631 is configured to: i-th key used when obtaining generating ciphertext according to ciphertext, uses i-th key and i to be decrypted ciphertext, obtain the i-th-1 ciphertext, wherein, and 2≤i≤n, and i is integer.

First deciphering submodule 632 is configured to: first key used when obtaining generation first ciphertext according to first ciphertext, uses first key and a pair ciphertext to be decrypted, and obtains raw information.

As shown in Figure 9 B, on above-mentioned basis embodiment illustrated in fig. 7, when respective amount is n, deciphering module 63 can comprise: first generates submodule 633 and i-th generates submodule 634.

First generates submodule 633 is configured to when respective amount is n, generates first ciphertext according to raw information, first key and current crypto total degree.

I-th generates submodule 634 is configured to generate i-th ciphertext according to the i-th-1 ciphertext, i-th key and current crypto total degree, and i-th ciphertext is the raw information after encryption, wherein, and 2≤i≤n, and i is integer.

In this embodiment, key management module 61 also can be configured to: the use information of statistics key, and use information comprises access times or service time; When the use information of key meets corresponding eliminative mechanism, key information is transferred to the second pool of keys from the first pool of keys.

System is as shown in figs. 9 a-9b for realizing above-mentioned method flow as shown in Figure 5, and the related content related to describes identical, does not repeat herein.

Above-mentioned information encrypting and deciphering system embodiment, the inverse process according to encryption decrypts raw information; Then according to multiple information, the new ciphertext of generation is repeatedly encrypted to raw information, improve by the difficulty of Brute Force.

Figure 10 is the block diagram of the another kind of information encrypting and deciphering system according to an exemplary embodiment, and as shown in Figure 10, on above-mentioned Fig. 6 or basis embodiment illustrated in fig. 7, this system also can comprise: auditing module 64.

Auditing module 64 is configured to receive registration request, in this registration request, the person of portably using is based on the address of the expectation frequency of utilization of the eliminative mechanism of the kind of information, enciphered message, key, key, Cipher Strength, user's mark and access equipment, and returns registration response.

In this embodiment, the user that each information ciphering method thinking that use disclosure embodiment provides is encrypted information, needs to register on this information encryption system.Need the information that input is necessary when registration, these information comprise: user basic information, the director of such as user and contact method etc. thereof; The kind of enciphered message, such as ID, cell-phone number etc.; The eliminative mechanism of key, such as, eliminate according to access times or eliminate service time; Estimate the Cipher Strength used; The expectation frequency of utilization of key; The information such as the IP address of access equipment and user ID.

After user's registration information has inputted, keeper can be regular log-on message is audited, for auditing the user passed through, keeper needs the configuration carrying out some necessity, then return to respective user response of succeeding in registration by auditing module 64, such user just can use the client of information encryption system to visit native system.

For the unsanctioned user of examination & verification, auditing module 64 returns registration failure response to respective user.The method that the user receiving registration failure response cannot use the present embodiment to provide is encrypted.

As can be seen here, this embodiment can carry out the certification of each side to user, and such as, the multiple certifications such as the IP address of access equipment and user's identifier, effectively ensure that the legitimacy of user.

System is as shown in Figure 10 for realizing above-mentioned method flow as shown in Figure 2, and the related content related to describes identical, does not repeat herein.

Above-mentioned information encrypting and deciphering system embodiment, by carrying out the certification of each side to user, effectively ensure that the legitimacy of user, simultaneously, each user can independently use this information encrypting and deciphering system separately, be independent of each other, the information of such user has been cracked, and can not impact other users.

Figure 11 is the block diagram of the another kind of information encrypting and deciphering system according to an exemplary embodiment, and as shown in figure 11, on above-mentioned basis embodiment illustrated in fig. 10, this system also can comprise: monitoring alarm module 65.

Monitoring alarm module 65 is configured to the operation information obtaining current system, if operation information reaches arbitrary alert if, then carries out warning reminding.

In this embodiment, can monitor the ruuning situation of current system, to obtain the operation information of current system, this operation information can call frequency including, but not limited to current system, the authentication success rate of user, each user can number of keys, the frequency of utilization etc. of each user.

Wherein, the frequency of utilization that alert if comprises key information be greater than corresponding expectation frequency of utilization, user register power lower than the first predetermined threshold value, be encrypted to the key information usage quantity of power lower than the second predetermined threshold value or all users all lower than predetermined number.

In this embodiment, if the operation information of current system reaches any one alert if, then warning reminding can be carried out.

Such as, if monitor certain user to improve frequency of utilization suddenly, then can obtain the contact method such as cell-phone number of this user, and inquire reason, pretend to be this user at the information ciphering method using current system to provide to avoid other people.

System is as shown in figure 11 for realizing above-mentioned method flow as shown in Figure 3, and the related content related to describes identical, does not repeat herein.

Above-mentioned information encrypting and deciphering system embodiment, when the operation information obtained reaches arbitrary alert if, carries out warning reminding, can monitor, ensure that the fail safe of system to the behavior of user and current system.

Figure 12 is the block diagram of another the information encrypting and deciphering system according to an exemplary embodiment, and as shown in figure 12, on above-mentioned basis embodiment illustrated in fig. 11, this system also can comprise: statistical module 66.

Statistical module 66 is configured to the statistical information obtaining current system, and statistical information is represented with the form of graphics table, checks ruuning situation and the system of the discovery Problems existing of current system to facilitate user according to graphics table.

In this embodiment, statistical module 66 can obtain the statistical information of current system, and this statistical information can have how many users in current system, the relevant information of each user, the IP address of access, identifier, the frequency of access, the key service condition of each user, such as employ how many keys altogether, have how many keys to be eliminated, what the reason of eliminating is, the information such as the key of current use has how many, the average time that key uses.

Statistical module 66 is after acquisition statistical information, and these statistical informations can be shown with the form of graphics table, like this, keeper better can check the ruuning situation of system, finds potential problem.

System is as shown in figure 12 for realizing above-mentioned method flow as shown in Figure 4, and the related content related to describes identical, does not repeat herein.

Above-mentioned information encrypting and deciphering system embodiment, by statistical information is represented with the form of graphics table, thus facilitate keeper to check ruuning situation and the system of the discovery Problems existing of current system according to graphics table, and then can solve a problem promptly, ensure the fail safe of current system.

About the system in above-described embodiment, wherein the concrete mode of modules, submodule executable operations has been described in detail in about the embodiment of the method, will not elaborate explanation herein.

Figure 13 is a kind of block diagram being applicable to information encryption equipment 1300 according to an exemplary embodiment.With reference to Figure 13, information encryption equipment 1300 can comprise processing components 1322, and it comprises one or more processor further, and the memory resource representated by memory 1332, can such as, by the instruction of the execution of processing components 1322, application program for storing.The application program stored in memory 1332 can comprise each module corresponding to one group of instruction one or more.In addition, processing components 1322 is configured to perform instruction, to perform the above method: receive CIPHERING REQUEST, carry information to be encrypted, user's identifier and Cipher Strength in described CIPHERING REQUEST; According to described user's identifier and described Cipher Strength, obtain the key belonging to corresponding user's respective amount; According to the double secret key of the respective amount obtained, information to be encrypted carries out respective amount time encryption, to export final ciphertext.

Information encryption equipment 1300 can also comprise the power management that a power supply module 1326 is configured to perform server 1300, a wired or wireless network interface 13130 is configured to server 1300 to be connected to network, and input and output (I/O) interface 13138.Server 1300 can operate the operating system based on being stored in memory 1332, such as WindowsServerTM, MacOSXTM, UnixTM, LinuxTM, FreeBSDTM or similar.

Figure 14 is a kind of block diagram being applicable to decrypts information equipment 1400 according to an exemplary embodiment.With reference to Figure 14, decrypts information equipment 1400 can comprise processing components 1422, and it comprises one or more processor further, and the memory resource representated by memory 1432, can such as, by the instruction of the execution of processing components 1422, application program for storing.The application program stored in memory 1432 can comprise each module corresponding to one group of instruction one or more.In addition, processing components 1422 is configured to perform instruction, to perform the above method: receiving and deciphering request, carries ciphertext, user's identifier and Cipher Strength in described decoding request; When described ciphertext is the discernible ciphertext of current system, described ciphertext is decrypted, to obtain raw information; According to described user's identifier and described Cipher Strength, obtain the key belonging to corresponding user's respective amount; According to the double secret key of the respective amount obtained, raw information carries out respective amount time encryption, to export the raw information after described raw information and encryption.

Decrypts information equipment 1400 can also comprise the power management that a power supply module 1426 is configured to perform server 1400, a wired or wireless network interface 14140 is configured to server 1400 to be connected to network, and input and output (I/O) interface 14148.Server 1400 can operate the operating system based on being stored in memory 1432, such as WindowsServerTM, MacOSXTM, UnixTM, LinuxTM, FreeBSDTM or similar.

Those skilled in the art, at consideration specification and after putting into practice disclosed herein disclosing, will easily expect other embodiment of the present disclosure.The application is intended to contain any modification of the present disclosure, purposes or adaptations, and these modification, purposes or adaptations are followed general principle of the present disclosure and comprised the undocumented common practise in the art of the disclosure or conventional techniques means.Specification and embodiment are only regarded as exemplary, and true scope of the present disclosure and spirit are pointed out by claim below.

Should be understood that, the disclosure is not limited to precision architecture described above and illustrated in the accompanying drawings, and can carry out various amendment and change not departing from its scope.The scope of the present disclosure is only limited by appended claim.

Claims (20)

1. an information ciphering method, is characterized in that, described method comprises:

Receive CIPHERING REQUEST, in described CIPHERING REQUEST, carry information to be encrypted, user's identifier and Cipher Strength;

According to described user's identifier and described Cipher Strength, obtain the key belonging to corresponding user's respective amount;

According to the double secret key of the respective amount obtained, information to be encrypted carries out respective amount time encryption, to export final ciphertext.

2. information ciphering method according to claim 1, is characterized in that, information to be encrypted described in the double secret key of the described respective amount according to obtaining carries out respective amount time encryption, to export final ciphertext, comprising:

When respective amount is n, generate first ciphertext according to described content to be encrypted, first key and current crypto total degree;

I-th ciphertext is generated according to the i-th-1 ciphertext, i-th key and current crypto total degree, wherein, 2≤i≤n, and i is integer.

3. information ciphering method according to claim 1, is characterized in that, described method also comprises:

Receive registration request, the address of the expectation frequency of utilization of the eliminative mechanism of the kind of the person's of portably using essential information, enciphered message, key, key, Cipher Strength, user's mark and access equipment in described registration request;

Return registration response.

4. information ciphering method according to claim 3, is characterized in that, described method also comprises:

Obtain the parameter information of user's input, described parameter information comprises the eliminative mechanism of number of keys and described key;

Generate key information corresponding to described user according to described parameter information, and by described key storage in the first pool of keys, described key information has corresponding key identifier, and described key identifier represents the eliminative mechanism of described key.

5. information ciphering method according to claim 4, is characterized in that, described method also comprises:

Add up the use information of described key, described use information comprises access times or service time;

When the use information of described key meets corresponding eliminative mechanism, described key information is transferred to the second pool of keys from described first pool of keys.

6. information ciphering method according to claim 3, is characterized in that, described method also comprises:

Obtain the operation information of current system;

If described operation information reaches arbitrary alert if, then carry out warning reminding;

The frequency of utilization that described alert if comprises key information be greater than corresponding expectation frequency of utilization, user register power lower than the first predetermined threshold value, be encrypted to the key information usage quantity of power lower than the second predetermined threshold value or all users all lower than predetermined number.

7. an information decryption method, is characterized in that, described method comprises:

Receiving and deciphering request, carries ciphertext, user's identifier and Cipher Strength in described decoding request;

When described ciphertext is the discernible ciphertext of current system, described ciphertext is decrypted, to obtain raw information;

According to described user's identifier and described Cipher Strength, obtain the key belonging to corresponding user's respective amount;

According to the double secret key of the respective amount obtained, raw information carries out respective amount time encryption, to export the raw information after described raw information and encryption.

8. information decryption method according to claim 7, is characterized in that, is describedly decrypted described ciphertext, to obtain raw information, comprising:

When described Cipher Strength is n, i-th key used when obtaining generate described ciphertext according to described ciphertext, uses described i-th key and i to be decrypted described ciphertext, obtains the i-th-1 ciphertext, wherein, and 2≤i≤n, and i is integer;

First key used when obtaining generate described first ciphertext according to first ciphertext, uses ciphertext described in described first key and a pair to be decrypted, and obtains raw information.

9. information decryption method according to claim 7, is characterized in that, raw information described in the double secret key of the described respective amount according to obtaining carries out respective amount time encryption, comprising:

When respective amount is n, generate first ciphertext according to described raw information, first key and current crypto total degree;

Generate i-th ciphertext according to the i-th-1 ciphertext, i-th key and current crypto total degree, described i-th ciphertext is the raw information after encryption, wherein, and 2≤i≤n, and i is integer.

10. information decryption method according to claim 8 or claim 9, it is characterized in that, described method also comprises:

Add up the use information of described key, described use information comprises access times or service time, and described key is arranged in the first pool of keys;

When the use information of described key meets corresponding eliminative mechanism, described key is transferred to the second pool of keys from described first pool of keys.

11. 1 kinds of information encrypting and deciphering systems, is characterized in that, described system comprises:

Key management module, be configured to the parameter information obtaining user's input, generate key information corresponding to described user according to described parameter information, and by described key storage in the first pool of keys, described parameter information comprises the eliminative mechanism of number of keys and described key;

Encrypting module, be configured to receive CIPHERING REQUEST, information to be encrypted, user's identifier and Cipher Strength is carried in described CIPHERING REQUEST, according to described user's identifier and described Cipher Strength, the key belonging to corresponding user's respective amount is obtained from described first pool of keys, and according to the double secret key of the respective amount obtained, information to be encrypted carries out respective amount time encryption, to export final ciphertext.

12. information encrypting and deciphering systems according to claim 11, it is characterized in that, described system also comprises:

Deciphering module, is configured to receiving and deciphering request, carries ciphertext, user's identifier and Cipher Strength in described decoding request; When described ciphertext is the discernible ciphertext of current system, described ciphertext is decrypted, to obtain raw information; According to described user's identifier and described Cipher Strength, obtain the key belonging to corresponding user's respective amount; According to the double secret key of the respective amount obtained, raw information carries out respective amount time encryption, to export the raw information after described raw information and encryption.

13. information encrypting and deciphering systems according to claim 11, is characterized in that, when respective amount is n, described encrypting module comprises:

First generates submodule, is configured to generate first ciphertext according to described content to be encrypted, first key and current crypto total degree;

I-th generates submodule, is configured to generate i-th ciphertext according to the i-th-1 ciphertext, i-th key and current crypto total degree, wherein, and 2≤i≤n, and i is integer.

14. information encrypting and deciphering systems according to claim 12, is characterized in that, when respective amount is n, described deciphering module comprises:

I-th deciphering submodule, is configured to: i-th key used when obtaining generate described ciphertext according to described ciphertext, uses described i-th key and i to be decrypted described ciphertext, obtain the i-th-1 ciphertext, wherein, and 2≤i≤n, and i is integer;

First deciphering submodule, is configured to: first key used when obtaining generate described first ciphertext according to first ciphertext, uses ciphertext described in described first key and a pair to be decrypted, obtains raw information.

15. information encrypting and deciphering systems according to claim 12, is characterized in that, when respective amount is n, described deciphering module comprises:

First generates submodule, is configured to when respective amount is n, generates first ciphertext according to described raw information, first key and current crypto total degree;

I-th generates submodule, is configured to generate i-th ciphertext according to the i-th-1 ciphertext, i-th key and current crypto total degree, and described i-th ciphertext is the raw information after encryption, wherein, and 2≤i≤n, and i is integer.

16. information encrypting and deciphering systems according to any one of claim 13-15, it is characterized in that, described key management module, is also configured to:

Add up the use information of described key, described use information comprises access times or service time;

When the use information of described key meets corresponding eliminative mechanism, described key information is transferred to the second pool of keys from described first pool of keys.

17. information encrypting and deciphering systems according to claim 16, it is characterized in that, described system also comprises:

Auditing module, be configured to receive registration request, in described registration request, the person of portably using is based on the address of the expectation frequency of utilization of the eliminative mechanism of the kind of information, enciphered message, key, key, Cipher Strength, user's mark and access equipment, and returns registration response.

18. information encrypting and deciphering systems according to claim 17, it is characterized in that, described system also comprises:

Monitoring alarm module, is configured to the operation information obtaining current system, if described operation information reaches arbitrary alert if, then carries out warning reminding;

The frequency of utilization that described alert if comprises key information be greater than corresponding expectation frequency of utilization, user register power lower than the first predetermined threshold value, be encrypted to the key information usage quantity of power lower than the second predetermined threshold value or all users all lower than predetermined number.

19. 1 kinds of information encryption equipments, is characterized in that, comprising:

Processor;

For the memory of storage of processor executable instruction;

Wherein, described processor is configured to:

Receive CIPHERING REQUEST, in described CIPHERING REQUEST, carry information to be encrypted, user's identifier and Cipher Strength;

According to described user's identifier and described Cipher Strength, obtain the key belonging to corresponding user's respective amount;

According to the double secret key of the respective amount obtained, information to be encrypted carries out respective amount time encryption, to export final ciphertext.

20. 1 kinds of decrypts information equipment, is characterized in that, comprising:

Processor;

For the memory of storage of processor executable instruction;

Wherein, described processor is configured to:

Receiving and deciphering request, carries ciphertext, user's identifier and Cipher Strength in described decoding request;

When described ciphertext is the discernible ciphertext of current system, described ciphertext is decrypted, to obtain raw information;

According to described user's identifier and described Cipher Strength, obtain the key belonging to corresponding user's respective amount;

According to the double secret key of the respective amount obtained, raw information carries out respective amount time encryption, to export the raw information after described raw information and encryption.