CN105516968A - Smart password key-based mobile phone data transmission method - Google Patents

Abstract

The invention discloses a smart password key-based mobile phone data transmission method. The data transmission method comprises the following steps of: encrypted data transmission based on SDKEY; and zero key transmission or public key transmission to realize data transmission, wherein the zero key transmission step, a transmitting end does not need to transmit an encrypted key thereof to a receiving end, needs to transmit encrypted data to the receiving end for m times, and simultaneously completes n times of a decryption process, each of m and n is a positive integer, in the public key transmission step, a public key system-based encrypted data transmission scheme is adopted, in public key system, a public key encryption algorithm is utilized to encrypt symmetric keys, and the symmetric keys are used for encrypting and decrypting a file. Through adoption of the smart password key-based mobile phone data transmission method, the data transmission safety is improved.

Description

Based on the data in mobile phone transmission method of intelligent code key

Technical field

The invention belongs to technical field of data transmission, relate to a kind of data in mobile phone transmission method, particularly relate to a kind of data in mobile phone transmission method based on intelligent code key.

Background technology

Along with popularizing gradually of 3G/4G smart mobile phone, Android operation system and internet achieve and highly merge, and smart mobile phone is while bringing great convenience to people's life, and the problem that the mobile phone sensitive data brought thus is stolen also becomes increasingly conspicuous.

In view of this, nowadays in the urgent need to designing a kind of new data in mobile phone transmission method, to overcome the above-mentioned defect of existing transmission method existence.

Summary of the invention

Technical problem to be solved by this invention is: provide a kind of data in mobile phone transmission method based on intelligent code key, can improve the fail safe of transfer of data.

For solving the problems of the technologies described above, the present invention adopts following technical scheme:

Based on a data in mobile phone transmission method for intelligent code key, described data in mobile phone transmission method comprises:

Step S1, double factor identification step;

First pass of data protection is the debarkation authentication of mobile phone terminal, adopts the dual-identity authentication mechanism based on hardware SDKEY and PIN;

Mobile phone will load SDKEY certification log-in module after os starting, if can't detect SDKEY, can point out insertion; Will require that after SDKEY being detected user inputs and log in PIN, the PIN that log-in module can use the PIN be stored in SDKEY to log in double secret key user input is encrypted, finally ciphertext is compared with the PIN ciphertext stored in mobile phone, only have the two coupling ability successful log completely; Equally, after the automatic screen locking of mobile phone, also use identical authentication mechanism to log in Android system;

Step S2, based on SDKEY Encrypted short message store and forwarding step;

SMS encryption based on SDKEY stores and sending module employs the responsive note that SDKEY hardware carrys out encryption and decryption user;

User selectes responsive note or uses SDKEY encrypting storing to store to mobile phone after manually writing note, opens later at every turn and SDKEY can be used to decipher and present to user, and deciphering flow process is similar with encryption flow; The validated user of SDKEY experiences less than SDKEY at backstage encryption process, and disabled user can not enter security mailbox because not having SDKEY, also can set to require input PIN code just can check for some occasion; For system file, because responsive note is all preserve, so also cannot check its content with ciphertext after encryption;

Step S3, encrypted data transmission step based on SDKEY; The scheme of step S31 or step S32 is adopted to realize;

Step S31, zero key transport step;

Transmitting terminal does not need the encryption key transmitting oneself to receiving terminal, but needs to transmit enciphered data 3 times to receiving terminal, completes 4 encryption process simultaneously;

(1) transmitting terminal needs to send sensitive information M (expressly), and its can send M to oneself SDKEY; SDKEY generates interim conversation key K 1 and carries out 1 encryption to plaintext M, returns ciphertext K1 (M) to transmitting terminal simultaneously; Finally, transmitting terminal sends receiving terminal K1 (M) to by free wireless public channel; Ciphering process completes in SDKEY, can not increase the amount of calculation of mobile phone terminal, and what transmit on common channel is encrypt data simultaneously, even if intercepted and captured or Replay Attack, it is also very difficult for wanting to crack; In order to prevent the data transmitted on common channel to be tampered, need in the data of transmission, increase the integrality that Hash verification ensures data;

(2) receiving terminal sends the K1 received (M) to the SDKEY of oneself; SDKEY generates interim conversation key K 2 pairs of ciphertext K1 (M) and carries out 2 encryptions, returns K2 (K1 (M)) to receiving terminal simultaneously; Finally, receiving terminal sends transmitting terminal K2 (K1 (M)) to by common channel; Equally, ciphering process can not increase the amount of calculation of mobile phone, and only transmits ciphertext on common channel;

(3) transmitting terminal sends the SDKEY of oneself to after receiving K2 (K1 (M)); SDKEY reuses session key K1 and carries out 1 deciphering to ciphertext K2 (K1 (M)), obtains K2 (M) and returns to transmitting terminal simultaneously; Finally, transmitting terminal sends to receiving terminal K2 (M) by common channel; Equally, ciphering process can not increase the amount of calculation of mobile phone, and only transmits ciphertext on common channel;

(4) receiving terminal sends the SDKEY of oneself to after receiving K2 (M), and SDKEY uses session key K2 to carry out 2 deciphering to ciphertext K2 (M) and obtains plaintext M, and returns to receiving terminal simultaneously; Now, the cellphone subscriber of receiving terminal just can see the plaintext sensitive information that transmitting terminal sends;

In zero key transferring mechanism, in theory, 3 ciphertexts transmitted on the common channels may increase the chance that data are cracked, but after completing 1 secondary data encryption transport process, in order to ensure one-time pad, the SDKEY of transmission both sides can delete the session key of current use automatically; Meanwhile, transmission both sides do not transmit encryption key on the common channels, can reduce the chance that data are cracked like this, thus bring higher fail safe; In fact, receiving-transmitting sides carries out 3 communications and 4 encryption process on channel, and fail safe enhancing is realized by sacrifice bandwidth resources and amount of calculation; Wherein, 4 encryption process are all that SDKEY has come, and take cell phone system resources hardly, and therefore the program is only applicable to communication channel and all more sufficient applied environment of terminal computing capability; Meanwhile, also need for the program designs zero new secret key cryptographic algorithm; The algorithm speed of the discrete power operation used at present is comparatively slow, but after have employed meticulously optimised algorithm, speed weakness has obtained and effectively made up;

Step S32, PKI transmitting step;

Zero cipher key exchange mechanism is applicable to the good occasion of communication channel, does not particularly have the occasion of arranging key in advance; For other application scenarioss, adopt the encrypted data transmission scheme based on public key system; Adopt public key encryption algorithm to carry out encrypted symmetric key in PKI pass through mechanism, symmetric key is used for carrying out encryption and decryption to file; Meanwhile, additionally use different encryption modes for different file types, adopt quick encryption and decryption flag to identify hereof;

Byte stream is converted to after file byte stream, and the SDKEY needing the sensitive data of encryption to send self to; SDKEY utilizes current session encryption key to be encrypted sensitive data, utilize the PKI of recipient to be encrypted packing to current session encryption key simultaneously, finally obtain encrypted word throttling and carry out Sec Document encapsulation, after having encapsulated, calling communication module can complete transmission task; After recipient receives, whether the current reception file of system automatic Verification is effective; When user selects to open this cryptograph files, first system gives self SDKEY this Sec document backup, the deciphering that SDKEY completes session encryption key is unpacked task, then use session key automatically to decipher the cipher text part in Sec file, the internal memory sending mobile phone after having deciphered again to is checked for user; After user exits and browses, system can delete the clear data part in internal memory automatically.

Based on a data in mobile phone transmission method for intelligent code key, described data in mobile phone transmission method comprises:

Based on the encrypted data transmission step of SDKEY; Zero key transport step or PKI transmitting step is adopted to realize transfer of data;

In zero key transport step, transmitting terminal does not need the encryption key transmitting oneself to receiving terminal, needs to transmit enciphered data m time to receiving terminal, completes n encryption process simultaneously; M, n are positive integer;

In PKI transmitting step, adopt the encrypted data transmission scheme based on public key system; Adopt public key encryption algorithm to carry out encrypted symmetric key in PKI pass through mechanism, symmetric key is used for carrying out encryption and decryption to file.

As a preferred embodiment of the present invention, in described zero key transport step, need to transmit enciphered data m time to receiving terminal, complete n encryption process simultaneously; Zero key transport step specifically comprises:

(1) transmitting terminal needs to send sensitive information M (expressly), and its can send M to oneself SDKEY; SDKEY generates interim conversation key K 1 and carries out 1 encryption to plaintext M, returns ciphertext K1 (M) to transmitting terminal simultaneously; Finally, transmitting terminal sends receiving terminal K1 (M) to by free wireless public channel; Ciphering process completes in SDKEY, can not increase the amount of calculation of mobile phone terminal, and what transmit on common channel is encrypt data simultaneously, even if intercepted and captured or Replay Attack, it is also very difficult for wanting to crack; In order to prevent the data transmitted on common channel to be tampered, need in the data of transmission, increase the integrality that Hash verification ensures data;

(2) receiving terminal sends the K1 received (M) to the SDKEY of oneself; SDKEY generates interim conversation key K 2 pairs of ciphertext K1 (M) and carries out 2 encryptions, returns K2 (K1 (M)) to receiving terminal simultaneously; Finally, receiving terminal sends transmitting terminal K2 (K1 (M)) to by common channel; Equally, ciphering process can not increase the amount of calculation of mobile phone, and only transmits ciphertext on common channel;

(3) transmitting terminal sends the SDKEY of oneself to after receiving K2 (K1 (M)); SDKEY reuses session key K1 and carries out 1 deciphering to ciphertext K2 (K1 (M)), obtains K2 (M) and returns to transmitting terminal simultaneously; Finally, transmitting terminal sends to receiving terminal K2 (M) by common channel; Equally, ciphering process can not increase the amount of calculation of mobile phone, and only transmits ciphertext on common channel;

(4) receiving terminal sends the SDKEY of oneself to after receiving K2 (M), and SDKEY uses session key K2 to carry out 2 deciphering to ciphertext K2 (M) and obtains plaintext M, and returns to receiving terminal simultaneously; Now, the cellphone subscriber of receiving terminal just can see the plaintext sensitive information that transmitting terminal sends.

As a preferred embodiment of the present invention, in zero key transferring mechanism, in theory, 3 ciphertexts transmitted on the common channels may increase the chance that data are cracked, but after completing 1 secondary data encryption transport process, in order to ensure one-time pad, the SDKEY of transmission both sides can delete the session key of current use automatically; Meanwhile, transmission both sides do not transmit encryption key on the common channels, can reduce the chance that data are cracked like this, thus bring higher fail safe; In fact, receiving-transmitting sides carries out 3 communications and 4 encryption process on channel, and fail safe enhancing is realized by sacrifice bandwidth resources and amount of calculation; Wherein, 4 encryption process are all that SDKEY has come, and take cell phone system resources hardly, and therefore the program is only applicable to communication channel and all more sufficient applied environment of terminal computing capability; Meanwhile, also need for the program designs zero new secret key cryptographic algorithm; The algorithm speed of the discrete power operation used at present is comparatively slow, but after have employed meticulously optimised algorithm, speed weakness has obtained and effectively made up;

As a preferred embodiment of the present invention, in PKI transmitting step, additionally use different encryption modes for different file types, adopt quick encryption and decryption flag to identify hereof.

As a preferred embodiment of the present invention, in PKI transmitting step, after file byte stream, convert byte stream to, and the SDKEY needing the sensitive data of encryption to send self to; SDKEY utilizes current session encryption key to be encrypted sensitive data, utilize the PKI of recipient to be encrypted packing to current session encryption key simultaneously, finally obtain encrypted word throttling and carry out Sec Document encapsulation, after having encapsulated, calling communication module can complete transmission task; After recipient receives, whether the current reception file of system automatic Verification is effective; When user selects to open this cryptograph files, first system gives self SDKEY this Sec document backup, the deciphering that SDKEY completes session encryption key is unpacked task, then use session key automatically to decipher the cipher text part in Sec file, the internal memory sending mobile phone after having deciphered again to is checked for user; After user exits and browses, system can delete the clear data part in internal memory automatically.

As a preferred embodiment of the present invention, described data in mobile phone transmission method also comprised before the encrypted data transmission step based on SDKEY:

Step S1, double factor identification step;

First pass of data protection is the debarkation authentication of mobile phone terminal, adopts the dual-identity authentication mechanism based on hardware SDKEY and PIN;

Mobile phone will load SDKEY certification log-in module after os starting, if can't detect SDKEY, can point out insertion; Will require that after SDKEY being detected user inputs and log in PIN, the PIN that log-in module can use the PIN be stored in SDKEY to log in double secret key user input is encrypted, finally ciphertext is compared with the PIN ciphertext stored in mobile phone, only have the two coupling ability successful log completely; Equally, after the automatic screen locking of mobile phone, also use identical authentication mechanism to log in Android system.

As a preferred embodiment of the present invention, described data in mobile phone transmission method also comprised before the encrypted data transmission step based on SDKEY:

Step S2, based on SDKEY Encrypted short message store and forwarding step;

SMS encryption based on SDKEY stores and sending module employs the responsive note that SDKEY hardware carrys out encryption and decryption user;

User selectes responsive note or uses SDKEY encrypting storing to store to mobile phone after manually writing note, opens later at every turn and SDKEY can be used to decipher and present to user, and deciphering flow process is similar with encryption flow; The validated user of SDKEY experiences less than SDKEY at backstage encryption process, and disabled user can not enter security mailbox because not having SDKEY, also can set to require input PIN code just can check for some occasion; For system file, because responsive note is all preserve, so also cannot check its content with ciphertext after encryption.

Beneficial effect of the present invention is: the data in mobile phone transmission method based on intelligent code key that the present invention proposes, and can improve the fail safe of transfer of data.

The present invention adopts the safety compute that provides based on SDKEY and storage environment to realize, and it possesses memory function, forces the safety functions such as authentication, high strength encryption and decryption and electronic signature.First, based on the logging in and screen locking debarkation authentication of hardware SDKEY of Android mobile phone system; Secondly, propose the SMS encryption storage scheme based on hardware SDKEY, the note of all transmissions is all encrypted by SDKEY; Again, use based on the encrypted transmission of hardware SDKEY for the transmission of long-range sensitive data, and design multiple cipher key exchange mechanism in order to the problem solving cipher key delivery.

Accompanying drawing explanation

Fig. 1 is Security Data Transmission protocol population Organization Chart.

Fig. 2 is SDKEY debarkation authentication flow chart.

Fig. 3 is responsive SMS encryption storing process schematic diagram.

Fig. 4 is that zero secret key encryption transmits ciphertext flow chart.

Fig. 5 is Sec encrypt file structural representation.

Fig. 6 is PKI transfer mechanism schematic diagram.

Embodiment

The preferred embodiments of the present invention are described in detail below in conjunction with accompanying drawing.

Embodiment one

Present invention is disclosed a kind of data in mobile phone transmission method based on intelligent code key, the fail safe of transfer of data can be improved.The Security Encryption module of SDKEY provides basic encryption and decryption functions, also provides sensitive data memory block and massive store district simultaneously.Wherein sensitive data memory block is used for the sensitive data such as storage key and individual recognition code (PersonalIdentificationNumber, PIN), and massive store district is for storing the data that other need encryption.SDKEY is inserted in Android mobile phone by MicroSD interface, and the prototype system developed in literary composition is Android system installation kit (androidpackage, the APK) program of a data protection class, and it is positioned at the application layer of Android framework, as shown in Figure 1.This prototype system has 3 functional modules, i.e. authentication log-in module, SMS encryption store and sending module and transmitting sensitive encrypted data module.Introduce their implementation below respectively.

The data in mobile phone transmission method that the present invention is based on intelligent code key specifically comprises the steps:

The authentication of [step S1] double factor.

First pass of data protection is the debarkation authentication of mobile phone terminal.Devise the dual-identity authentication mechanism based on hardware SDKEY and PIN herein, as shown in Figure 2.Mobile phone will load SDKEY certification log-in module after os starting, if can't detect SDKEY, can point out insertion; Will require that after SDKEY being detected user inputs and log in PIN, the PIN that log-in module can use the PIN be stored in SDKEY to log in double secret key user input is encrypted, finally ciphertext is compared with the PIN ciphertext stored in mobile phone, only having the two to mate completely just can successful log; Equally, after the automatic screen locking of mobile phone, also use identical authentication mechanism to log in Android system.

[step S2] stores based on the Encrypted short message of SDKEY and sends.

SMS encryption based on SDKEY stores and sending module employs the responsive note that SDKEY hardware carrys out encryption and decryption user, and encryption flow as shown in Figure 3.

User selectes responsive note (or can manually write) and uses SDKEY encrypting storing to store to mobile phone afterwards, opens later at every turn and SDKEY can be used to decipher and present to user, and deciphering flow process is similar with encryption flow.The validated user of SDKEY experiences less than SDKEY at backstage encryption process, and disabled user can not enter security mailbox because not having SDKEY, also can set require that input PIN code just can be checked for some occasion.For system file, because responsive note is all preserve, so also cannot check its content with ciphertext after encryption.

[step S3] is based on the encrypted data transmission of SDKEY.

In order to improve the speed of data encrypting and deciphering, general enciphering and deciphering algorithm all realizes based on symmetric cryptographic algorithm, therefore needs the effective key exchange scheme of design safety.According to the difference of application scenarios, the present invention devises 2 kinds of different implementations.The scheme of step S31 or step S32 can be adopted to realize.

Step S31, zero key transferring mechanism.

As shown in Figure 4, transmitting terminal does not need the encryption key transmitting oneself to receiving terminal to zero key transferring mechanism, but needs to transmit enciphered data 3 times to receiving terminal, completes 4 encryption process simultaneously.

(1) transmitting terminal needs to send sensitive information M (expressly), and its can send M to oneself SDKEY; SDKEY generates interim conversation key K 1 and carries out 1 encryption to plaintext M, returns ciphertext K1 (M) to transmitting terminal simultaneously; Finally, transmitting terminal sends receiving terminal K1 (M) to by free wireless public channel.Ciphering process completes in SDKEY, can not increase the amount of calculation of mobile phone terminal, and what transmit on common channel is encrypt data simultaneously, even if intercepted and captured or Replay Attack, it is also very difficult for wanting to crack.In order to prevent the data transmitted on common channel to be tampered, need in the data of transmission, increase the integrality that Hash verification ensures data.

(2) receiving terminal sends the K1 received (M) to the SDKEY of oneself; SDKEY generates interim conversation key K 2 pairs of ciphertext K1 (M) and carries out 2 encryptions, returns K2 (K1 (M)) to receiving terminal simultaneously; Finally, receiving terminal sends transmitting terminal K2 (K1 (M)) to by common channel.Equally, ciphering process can not increase the amount of calculation of mobile phone, and only transmits ciphertext on common channel.

(3) transmitting terminal sends the SDKEY of oneself to after receiving K2 (K1 (M)); SDKEY reuses session key K1 and carries out 1 deciphering to ciphertext K2 (K1 (M)), obtains K2 (M) and returns to transmitting terminal simultaneously; Finally, transmitting terminal sends to receiving terminal K2 (M) by common channel.Equally, ciphering process can not increase the amount of calculation of mobile phone, and only transmits ciphertext on common channel.

(4) receiving terminal sends the SDKEY of oneself to after receiving K2 (M), and SDKEY uses session key K2 to carry out 2 deciphering to ciphertext K2 (M) and obtains plaintext M, and returns to receiving terminal simultaneously.Now, the cellphone subscriber of receiving terminal just can see the plaintext sensitive information that transmitting terminal sends.

In zero key transferring mechanism, in theory, 3 ciphertexts transmitted on the common channels may increase the chance that data are cracked, but after completing 1 secondary data encryption transport process, in order to ensure one-time pad, the SDKEY of transmission both sides can delete the session key of current use automatically.Meanwhile, transmission both sides do not transmit encryption key on the common channels, can reduce the chance that data are cracked like this, thus bring higher fail safe.In fact, receiving-transmitting sides carries out 3 communications and 4 encryption process on channel, and fail safe enhancing is realized by sacrifice bandwidth resources and amount of calculation.Wherein, 4 encryption process are all that SDKEY has come, and take cell phone system resources hardly, and therefore the program is only applicable to communication channel and all more sufficient applied environment of terminal computing capability.Meanwhile, also need for the program designs zero new secret key cryptographic algorithm.The algorithm speed of the discrete power operation used at present is comparatively slow, but after have employed meticulously optimised algorithm, speed weakness has obtained and effectively made up.

Step S32, PKI transmission mechanism.

Zero cipher key exchange mechanism is applicable to the good occasion of communication channel, does not particularly have the occasion of arranging key in advance.For other application scenarioss, devise the encrypted data transmission scheme based on public key system herein.Adopt public key encryption algorithm to carry out encrypted symmetric key in PKI pass through mechanism, symmetric key is used for carrying out encryption and decryption to file.Meanwhile, additionally use different encryption modes for different file types, adopt quick encryption and decryption flag to identify hereof.Therefore, Sec encrypt file structure is as shown in Figure 5 devised herein.

Fig. 6 describes the process being encrypted transfer of data based on public key system.First, transmit both sides and must insert specific SDKEY.The sender-selected file needing transmission, converts byte stream to after file byte stream, and the SDKEY needing the sensitive data of encryption to send self to.SDKEY utilizes current session encryption key to be encrypted sensitive data, utilize the PKI of recipient to be encrypted packing to current session encryption key simultaneously, finally obtain encrypted word throttling and carry out Sec Document encapsulation, after having encapsulated, calling communication module can complete transmission task.After recipient receives, whether the current reception file of system automatic Verification is effective.When user selects to open this cryptograph files, first system gives self SDKEY this Sec document backup, the deciphering that SDKEY completes session encryption key is unpacked task, then use session key automatically to decipher the cipher text part in Sec file, the internal memory sending mobile phone after having deciphered again to is checked for user.After user exits and browses, system can delete the clear data part in internal memory automatically.

In sum, the data in mobile phone transmission method based on intelligent code key that the present invention proposes, can improve the fail safe of transfer of data.

The present invention adopts the safety compute that provides based on SDKEY and storage environment to realize, and it possesses memory function, forces the safety functions such as authentication, high strength encryption and decryption and electronic signature.First, based on the logging in and screen locking debarkation authentication of hardware SDKEY of Android mobile phone system; Secondly, propose the SMS encryption storage scheme based on hardware SDKEY, the note of all transmissions is all encrypted by SDKEY; Again, use based on the encrypted transmission of hardware SDKEY for the transmission of long-range sensitive data, and design multiple cipher key exchange mechanism in order to the problem solving cipher key delivery.

Here description of the invention and application is illustrative, not wants by scope restriction of the present invention in the above-described embodiments.Distortion and the change of embodiment disclosed are here possible, are known for the replacement of embodiment those those of ordinary skill in the art and the various parts of equivalence.Those skilled in the art are noted that when not departing from spirit of the present invention or substantive characteristics, the present invention can in other forms, structure, layout, ratio, and to realize with other assembly, material and parts.When not departing from the scope of the invention and spirit, can other distortion be carried out here to disclosed embodiment and change.

Claims (8)

1. based on a data in mobile phone transmission method for intelligent code key, it is characterized in that, described data in mobile phone transmission method comprises:

Step S1, double factor identification step;

First pass of data protection is the debarkation authentication of mobile phone terminal, adopts the dual-identity authentication mechanism based on hardware SDKEY and PIN;

Mobile phone will load SDKEY certification log-in module after os starting, if can't detect SDKEY, can point out insertion; Will require that after SDKEY being detected user inputs and log in PIN, the PIN that log-in module can use the PIN be stored in SDKEY to log in double secret key user input is encrypted, finally ciphertext is compared with the PIN ciphertext stored in mobile phone, only have the two coupling ability successful log completely; Equally, after the automatic screen locking of mobile phone, also use identical authentication mechanism to log in Android system;

Step S2, based on SDKEY Encrypted short message store and forwarding step;

SMS encryption based on SDKEY stores and sending module employs the responsive note that SDKEY hardware carrys out encryption and decryption user;

User selectes responsive note or uses SDKEY encrypting storing to store to mobile phone after manually writing note, opens later at every turn and SDKEY can be used to decipher and present to user, and deciphering flow process is similar with encryption flow; The validated user of SDKEY experiences less than SDKEY at backstage encryption process, and disabled user can not enter security mailbox because not having SDKEY, also can set to require input PIN code just can check for some occasion; For system file, because responsive note is all preserve, so also cannot check its content with ciphertext after encryption;

Step S3, encrypted data transmission step based on SDKEY; The scheme of step S31 or step S32 is adopted to realize;

Step S31, zero key transport step;

Transmitting terminal does not need the encryption key transmitting oneself to receiving terminal, but needs to transmit enciphered data 3 times to receiving terminal, completes 4 encryption process simultaneously;

(1) transmitting terminal needs to send sensitive information M (expressly), and its can send M to oneself SDKEY; SDKEY generates interim conversation key K 1 and carries out 1 encryption to plaintext M, returns ciphertext K1 (M) to transmitting terminal simultaneously; Finally, transmitting terminal sends receiving terminal K1 (M) to by free wireless public channel; Ciphering process completes in SDKEY, can not increase the amount of calculation of mobile phone terminal, and what transmit on common channel is encrypt data simultaneously, even if intercepted and captured or Replay Attack, it is also very difficult for wanting to crack; In order to prevent the data transmitted on common channel to be tampered, need in the data of transmission, increase the integrality that Hash verification ensures data;

(2) receiving terminal sends the K1 received (M) to the SDKEY of oneself; SDKEY generates interim conversation key K 2 pairs of ciphertext K1 (M) and carries out 2 encryptions, returns K2 (K1 (M)) to receiving terminal simultaneously; Finally, receiving terminal sends transmitting terminal K2 (K1 (M)) to by common channel; Equally, ciphering process can not increase the amount of calculation of mobile phone, and only transmits ciphertext on common channel;

(3) transmitting terminal sends the SDKEY of oneself to after receiving K2 (K1 (M)); SDKEY reuses session key K1 and carries out 1 deciphering to ciphertext K2 (K1 (M)), obtains K2 (M) and returns to transmitting terminal simultaneously; Finally, transmitting terminal sends to receiving terminal K2 (M) by common channel; Equally, ciphering process can not increase the amount of calculation of mobile phone, and only transmits ciphertext on common channel;

(4) receiving terminal sends the SDKEY of oneself to after receiving K2 (M), and SDKEY uses session key K2 to carry out 2 deciphering to ciphertext K2 (M) and obtains plaintext M, and returns to receiving terminal simultaneously; Now, the cellphone subscriber of receiving terminal just can see the plaintext sensitive information that transmitting terminal sends;

In zero key transferring mechanism, in theory, 3 ciphertexts transmitted on the common channels may increase the chance that data are cracked, but after completing 1 secondary data encryption transport process, in order to ensure one-time pad, the SDKEY of transmission both sides can delete the session key of current use automatically; Meanwhile, transmission both sides do not transmit encryption key on the common channels, can reduce the chance that data are cracked like this, thus bring higher fail safe; In fact, receiving-transmitting sides carries out 3 communications and 4 encryption process on channel, and fail safe enhancing is realized by sacrifice bandwidth resources and amount of calculation; Wherein, 4 encryption process are all that SDKEY has come, and take cell phone system resources hardly, and therefore the program is only applicable to communication channel and all more sufficient applied environment of terminal computing capability; Meanwhile, also need for the program designs zero new secret key cryptographic algorithm; The algorithm speed of the discrete power operation used at present is comparatively slow, but after have employed meticulously optimised algorithm, speed weakness has obtained and effectively made up;

Step S32, PKI transmitting step;

Zero cipher key exchange mechanism is applicable to the good occasion of communication channel, does not particularly have the occasion of arranging key in advance; For other application scenarioss, adopt the encrypted data transmission scheme based on public key system; Adopt public key encryption algorithm to carry out encrypted symmetric key in PKI pass through mechanism, symmetric key is used for carrying out encryption and decryption to file; Meanwhile, additionally use different encryption modes for different file types, adopt quick encryption and decryption flag to identify hereof;

Byte stream is converted to after file byte stream, and the SDKEY needing the sensitive data of encryption to send self to; SDKEY utilizes current session encryption key to be encrypted sensitive data, utilize the PKI of recipient to be encrypted packing to current session encryption key simultaneously, finally obtain encrypted word throttling and carry out Sec Document encapsulation, after having encapsulated, calling communication module can complete transmission task; After recipient receives, whether the current reception file of system automatic Verification is effective; When user selects to open this cryptograph files, first system gives self SDKEY this Sec document backup, the deciphering that SDKEY completes session encryption key is unpacked task, then use session key automatically to decipher the cipher text part in Sec file, the internal memory sending mobile phone after having deciphered again to is checked for user; After user exits and browses, system can delete the clear data part in internal memory automatically.

2. based on a data in mobile phone transmission method for intelligent code key, it is characterized in that, described data in mobile phone transmission method comprises:

Based on the encrypted data transmission step of SDKEY; Zero key transport step or PKI transmitting step is adopted to realize transfer of data;

In zero key transport step, transmitting terminal does not need the encryption key transmitting oneself to receiving terminal, needs to transmit enciphered data m time to receiving terminal, completes n encryption process simultaneously; M, n are positive integer;

In PKI transmitting step, adopt the encrypted data transmission scheme based on public key system; Adopt public key encryption algorithm to carry out encrypted symmetric key in PKI pass through mechanism, symmetric key is used for carrying out encryption and decryption to file.

3. the data in mobile phone transmission method based on intelligent code key according to claim 2, is characterized in that:

In described zero key transport step, need to transmit enciphered data m time to receiving terminal, complete n encryption process simultaneously; Zero key transport step specifically comprises:

(1) transmitting terminal needs to send sensitive information M (expressly), and its can send M to oneself SDKEY; SDKEY generates interim conversation key K 1 and carries out 1 encryption to plaintext M, returns ciphertext K1 (M) to transmitting terminal simultaneously; Finally, transmitting terminal sends receiving terminal K1 (M) to by free wireless public channel; Ciphering process completes in SDKEY, can not increase the amount of calculation of mobile phone terminal, and what transmit on common channel is encrypt data simultaneously, even if intercepted and captured or Replay Attack, it is also very difficult for wanting to crack; In order to prevent the data transmitted on common channel to be tampered, need in the data of transmission, increase the integrality that Hash verification ensures data;

(2) receiving terminal sends the K1 received (M) to the SDKEY of oneself; SDKEY generates interim conversation key K 2 pairs of ciphertext K1 (M) and carries out 2 encryptions, returns K2 (K1 (M)) to receiving terminal simultaneously; Finally, receiving terminal sends transmitting terminal K2 (K1 (M)) to by common channel; Equally, ciphering process can not increase the amount of calculation of mobile phone, and only transmits ciphertext on common channel;

(3) transmitting terminal sends the SDKEY of oneself to after receiving K2 (K1 (M)); SDKEY reuses session key K1 and carries out 1 deciphering to ciphertext K2 (K1 (M)), obtains K2 (M) and returns to transmitting terminal simultaneously; Finally, transmitting terminal sends to receiving terminal K2 (M) by common channel; Equally, ciphering process can not increase the amount of calculation of mobile phone, and only transmits ciphertext on common channel;

(4) receiving terminal sends the SDKEY of oneself to after receiving K2 (M), and SDKEY uses session key K2 to carry out 2 deciphering to ciphertext K2 (M) and obtains plaintext M, and returns to receiving terminal simultaneously; Now, the cellphone subscriber of receiving terminal just can see the plaintext sensitive information that transmitting terminal sends.

4. the data in mobile phone transmission method based on intelligent code key according to claim 3, is characterized in that:

In zero key transferring mechanism, in theory, 3 ciphertexts transmitted on the common channels may increase the chance that data are cracked, but after completing 1 secondary data encryption transport process, in order to ensure one-time pad, the SDKEY of transmission both sides can delete the session key of current use automatically; Meanwhile, transmission both sides do not transmit encryption key on the common channels, can reduce the chance that data are cracked like this, thus bring higher fail safe; In fact, receiving-transmitting sides carries out 3 communications and 4 encryption process on channel, and fail safe enhancing is realized by sacrifice bandwidth resources and amount of calculation; Wherein, 4 encryption process are all that SDKEY has come, and take cell phone system resources hardly, and therefore the program is only applicable to communication channel and all more sufficient applied environment of terminal computing capability; Meanwhile, also need for the program designs zero new secret key cryptographic algorithm; The algorithm speed of the discrete power operation used at present is comparatively slow, but after have employed meticulously optimised algorithm, speed weakness has obtained and effectively made up.

5. the data in mobile phone transmission method based on intelligent code key according to claim 3, is characterized in that:

In PKI transmitting step, additionally use different encryption modes for different file types, adopt quick encryption and decryption flag to identify hereof.

6. the data in mobile phone transmission method based on intelligent code key according to claim 3, is characterized in that:

In PKI transmitting step, after file byte stream, convert byte stream to, and the SDKEY needing the sensitive data of encryption to send self to; SDKEY utilizes current session encryption key to be encrypted sensitive data, utilize the PKI of recipient to be encrypted packing to current session encryption key simultaneously, finally obtain encrypted word throttling and carry out Sec Document encapsulation, after having encapsulated, calling communication module can complete transmission task; After recipient receives, whether the current reception file of system automatic Verification is effective; When user selects to open this cryptograph files, first system gives self SDKEY this Sec document backup, the deciphering that SDKEY completes session encryption key is unpacked task, then use session key automatically to decipher the cipher text part in Sec file, the internal memory sending mobile phone after having deciphered again to is checked for user; After user exits and browses, system can delete the clear data part in internal memory automatically.

7. the data in mobile phone transmission method based on intelligent code key according to claim 2, is characterized in that:

Described data in mobile phone transmission method also comprised before the encrypted data transmission step based on SDKEY:

Step S1, double factor identification step;

First pass of data protection is the debarkation authentication of mobile phone terminal, adopts the dual-identity authentication mechanism based on hardware SDKEY and PIN;

Mobile phone will load SDKEY certification log-in module after os starting, if can't detect SDKEY, can point out insertion; Will require that after SDKEY being detected user inputs and log in PIN, the PIN that log-in module can use the PIN be stored in SDKEY to log in double secret key user input is encrypted, finally ciphertext is compared with the PIN ciphertext stored in mobile phone, only have the two coupling ability successful log completely; Equally, after the automatic screen locking of mobile phone, also use identical authentication mechanism to log in Android system.

8. the data in mobile phone transmission method based on intelligent code key according to claim 2, is characterized in that:

Described data in mobile phone transmission method also comprised before the encrypted data transmission step based on SDKEY:

Step S2, based on SDKEY Encrypted short message store and forwarding step;

SMS encryption based on SDKEY stores and sending module employs the responsive note that SDKEY hardware carrys out encryption and decryption user;

User selectes responsive note or uses SDKEY encrypting storing to store to mobile phone after manually writing note, opens later at every turn and SDKEY can be used to decipher and present to user, and deciphering flow process is similar with encryption flow; The validated user of SDKEY experiences less than SDKEY at backstage encryption process, and disabled user can not enter security mailbox because not having SDKEY, also can set to require input PIN code just can check for some occasion; For system file, because responsive note is all preserve, so also cannot check its content with ciphertext after encryption.