CN106464973A - Mobile device and method of sharing content - Google Patents
Mobile device and method of sharing content Download PDFInfo
- Publication number
- CN106464973A CN106464973A CN201580022041.3A CN201580022041A CN106464973A CN 106464973 A CN106464973 A CN 106464973A CN 201580022041 A CN201580022041 A CN 201580022041A CN 106464973 A CN106464973 A CN 106464973A
- Authority
- CN
- China
- Prior art keywords
- equipment
- key
- content
- encryption
- encrypted content
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title abstract description 297
- 230000004044 response Effects 0.000 claims abstract description 13
- 238000003860 storage Methods 0.000 claims description 88
- 238000004891 communication Methods 0.000 claims description 43
- 238000009826 distribution Methods 0.000 claims description 7
- 230000005540 biological transmission Effects 0.000 description 86
- 230000008569 process Effects 0.000 description 76
- 108010028930 invariant chain Proteins 0.000 description 26
- 238000011084 recovery Methods 0.000 description 26
- 238000010586 diagram Methods 0.000 description 18
- 230000006870 function Effects 0.000 description 14
- 238000010276 construction Methods 0.000 description 11
- 238000012937 correction Methods 0.000 description 11
- 230000011218 segmentation Effects 0.000 description 11
- 241000208340 Araliaceae Species 0.000 description 10
- 235000005035 Panax pseudoginseng ssp. pseudoginseng Nutrition 0.000 description 10
- 235000003140 Panax quinquefolius Nutrition 0.000 description 10
- 235000008434 ginseng Nutrition 0.000 description 10
- 230000033001 locomotion Effects 0.000 description 8
- 238000012986 modification Methods 0.000 description 8
- 230000004048 modification Effects 0.000 description 8
- 230000008859 change Effects 0.000 description 7
- 238000007726 management method Methods 0.000 description 7
- 238000012545 processing Methods 0.000 description 7
- 230000006399 behavior Effects 0.000 description 6
- 239000000284 extract Substances 0.000 description 5
- 230000009471 action Effects 0.000 description 4
- 238000001514 detection method Methods 0.000 description 4
- 230000005611 electricity Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 238000009434 installation Methods 0.000 description 3
- 230000007774 longterm Effects 0.000 description 3
- 239000000203 mixture Substances 0.000 description 3
- 229920001621 AMOLED Polymers 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 2
- 238000013459 approach Methods 0.000 description 2
- 229940104697 arixtra Drugs 0.000 description 2
- 230000033228 biological regulation Effects 0.000 description 2
- 238000006243 chemical reaction Methods 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 230000005672 electromagnetic field Effects 0.000 description 2
- 230000005674 electromagnetic induction Effects 0.000 description 2
- 230000005670 electromagnetic radiation Effects 0.000 description 2
- KANJSNBRCNMZMV-ABRZTLGGSA-N fondaparinux Chemical compound O[C@@H]1[C@@H](NS(O)(=O)=O)[C@@H](OC)O[C@H](COS(O)(=O)=O)[C@H]1O[C@H]1[C@H](OS(O)(=O)=O)[C@@H](O)[C@H](O[C@@H]2[C@@H]([C@@H](OS(O)(=O)=O)[C@H](O[C@H]3[C@@H]([C@@H](O)[C@H](O[C@@H]4[C@@H]([C@@H](O)[C@H](O)[C@@H](COS(O)(=O)=O)O4)NS(O)(=O)=O)[C@H](O3)C(O)=O)O)[C@@H](COS(O)(=O)=O)O2)NS(O)(=O)=O)[C@H](C(O)=O)O1 KANJSNBRCNMZMV-ABRZTLGGSA-N 0.000 description 2
- 230000006698 induction Effects 0.000 description 2
- 230000005055 memory storage Effects 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 230000001052 transient effect Effects 0.000 description 2
- 244000283207 Indigofera tinctoria Species 0.000 description 1
- 230000001133 acceleration Effects 0.000 description 1
- 230000004913 activation Effects 0.000 description 1
- 230000003321 amplification Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 239000003990 capacitor Substances 0.000 description 1
- 238000005253 cladding Methods 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 239000004020 conductor Substances 0.000 description 1
- 239000003989 dielectric material Substances 0.000 description 1
- 210000004247 hand Anatomy 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 239000003550 marker Substances 0.000 description 1
- 238000002715 modification method Methods 0.000 description 1
- 238000003199 nucleic acid amplification method Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000010355 oscillation Effects 0.000 description 1
- 230000001151 other effect Effects 0.000 description 1
- 238000011112 process operation Methods 0.000 description 1
- 239000000523 sample Substances 0.000 description 1
- 238000000682 scanning probe acoustic microscopy Methods 0.000 description 1
- 230000035945 sensitivity Effects 0.000 description 1
- 238000012163 sequencing technique Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/30—Security of mobile devices; Security of mobile applications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/43—Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
- H04N21/44—Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream, rendering scenes according to MPEG-4 scene graphs
- H04N21/4408—Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream, rendering scenes according to MPEG-4 scene graphs involving video stream encryption, e.g. re-encrypting a decrypted video stream for redistribution in a home network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/60—Network structure or processes for video distribution between server and client or between remote clients; Control signalling between clients, server and network components; Transmission of management data between server and client, e.g. sending from server to client commands for recording incoming content stream; Communication details between server and client
- H04N21/63—Control signaling related to video distribution between client, server and network components; Network processes for video distribution between server and clients or between remote clients, e.g. transmitting basic layer and enhancement layers over different transmission paths, setting up a peer-to-peer communication via Internet between remote STB's; Communication protocols; Addressing
- H04N21/633—Control signals issued by server directed to the network components or client
- H04N21/6332—Control signals issued by server directed to the network components or client directed to client
- H04N21/6334—Control signals issued by server directed to the network components or client directed to client for authorisation, e.g. by transmitting a key
- H04N21/63345—Control signals issued by server directed to the network components or client directed to client for authorisation, e.g. by transmitting a key by transmitting keys
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/02—Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/60—Context-dependent security
- H04W12/63—Location-dependent; Proximity-dependent
- H04W12/64—Location-dependent; Proximity-dependent using geofenced areas
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/80—Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W88/00—Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
- H04W88/02—Terminal devices
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Multimedia (AREA)
- Information Transfer Between Computers (AREA)
- Storage Device Security (AREA)
Abstract
A mobile device and methods for sharing content are provided. The mobile device includes a communicator configured to communicate with at least one external device, and a controller configured to control decryption of encrypted content that is shared with the at least one external device, in response to determining that the mobile device is located within a proximate spacing of the at least one external device.
Description
Technical field
One or more one exemplary embodiment are related to content and share, more specifically it relates in the safety containing multiple equipment
The mobile device of shared content and method in group.
Background technology
User terminal due to such as smart phone and panel computer is applied more and more widely, has extended
The ability of shared content between multiple equipment.But, if appropriate action can not be taken shared between multiple equipment to control
Content, the content of secret is possible to savagely or be not inadvertently distributed to the public.
Content of the invention
Technical problem
For example, it is possible to producing is the content of private content for two or more users, such as one section video is cut
Collect or picture.But, if the pass between the user of generation private content there occurs change after tying up to this content of generation, deposit
May be to the risk of this private content of public exposure in one of user.Technical scheme
One or more one exemplary embodiment provide the shifting for safely encrypted content in the time cycle short at one
Dynamic terminal (this content is shared in the secure group containing multiple equipment), and the method for shared content.
One or more one exemplary embodiment also provide encrypted for safely deciphering in the time cycle short at one
The mobile terminal (this content in the secure group containing multiple equipment shared) of content and the method for shared content.
Brief description
From the following description of the accompanying drawings of embodiments, these and/or other effect of the total inventive concept of the present invention
Will be apparent from, and be easier to understand, wherein:
Fig. 1 shows the block diagram of the secure group according to an one exemplary embodiment;
Fig. 2 shows the schematic diagram of the secure group example shown in Fig. 1;
The flow chart that Fig. 3 shows the method for the encrypted content according to an one exemplary embodiment;
Fig. 4 shows the exemplary reality with reference to the distribution containing in the method for encrypted content that Fig. 3 illustrates and storing process
Apply example;
Fig. 5 shows the one exemplary embodiment with reference to the storing process containing in the encrypted content that Fig. 3 illustrates;
The flow chart that Fig. 6 shows the example operation of secure group of display in Fig. 1, this example is according to reference to Fig. 3 explanation
The method of encrypted content in the generation of the encryption key that contains and some keys and generation some keys
Assigning process;
Fig. 7 shows the more detailed flow chart of the example operation of secure group of display in Fig. 1, and this example is according to reference
The method of the encrypted content of Fig. 6 explanation;
The flow chart that Fig. 8 shows the example operation of secure group of display in Fig. 1, this example is according to reference to Fig. 3 explanation
The method of encrypted content in the encryption of the content of encryption that contains and storing process;
The flow chart that Fig. 9 shows another example of the operation of the secure group that Fig. 1 shows, this example is according to reference to Fig. 3
The encryption key containing in the method for the encrypted content illustrating and the generation process of some keys and produced multiple portion
Divide the assigning process of key;
The flow chart that Figure 10 shows another example operation of the secure group that Fig. 1 shows, this example is to show according in Fig. 3
The method of encrypted content in the encryption of the content of encryption that contains and storing process;
The flow chart that Figure 11 shows another example operation of secure group of display in Fig. 1, this example is according to reference to Fig. 3
The encryption key containing in the method for the encrypted content illustrating and the generation process of some keys and produced multiple portion
Divide the assigning process of key;
The flow chart that Figure 12 shows another example operation of the secure group that Fig. 1 shows, this example is to say according to reference to Fig. 3
The process of the content of the encryption of the content of the encryption containing in the method for bright encrypted content and storage encryption;
The flow chart that Figure 13 shows another example S400 of the operation of secure group of display in Fig. 1, this example is basis
With reference to the generation process of the encryption key that contains and some keys in the method for encrypted content of Fig. 3 explanation and generation
The assigning process of some keys;
The flow chart that Figure 14 shows another example of the operation of secure group of display in Fig. 1, this example is to be shown according to Fig. 3
The ciphering process containing in the method for the encrypted content shown and storing process;
The flow chart that Figure 15 shows an example of the operation of secure group of display in Fig. 1, this example is according to reference
The example of one modification of the method for encrypted content of Fig. 3 explanation;
The flow chart that Figure 16 shows an example of the operation of secure group of display in Fig. 1, this example is according to reference
The example of one modification of the method for encrypted content of Fig. 3 explanation;
The flow chart that Figure 17 shows an example of the operation of secure group of display in Fig. 1, this example is according to reference
The example of one modification of the method for encrypted content of Fig. 3 explanation;
The flow chart that Figure 18 shows an example of the operation of secure group of display in Fig. 1, this example is according to reference
The example of one modification of the method for encrypted content of Fig. 3 explanation;
The flow chart that Figure 19 shows the method for the deciphering content according to an one exemplary embodiment;
Figure 20 shows whether each equipment of determination with reference to containing in the method for deciphering content that Figure 19 illustrates mutually is located at
Close on the one exemplary embodiment within distance;
Figure 21 shows whether each equipment of determination with reference to containing in the method for deciphering content that Figure 19 illustrates mutually is located at
Close on another one exemplary embodiment within distance;
Figure 22 shows an one exemplary embodiment of the method for deciphering content with reference to Figure 19 explanation;
Figure 23 shows the example operation of the secure group that Fig. 1 of the method according to the deciphering content with reference to Figure 19 explanation shows
Flow chart;
Figure 24 shows another behaviour of the secure group that Fig. 1 of the method according to the deciphering content with reference to Figure 19 explanation shows
The flow chart making example;
The method that Figure 25 shows the deciphering content with reference to the method for encrypted content of Fig. 3 explanation and with reference to Figure 19 explanation
Exemplary applications;
Figure 26 shows the block diagram of the security system according to an one exemplary embodiment;
The flow chart that Figure 27 shows the example of the operation of the security system shown in Figure 26, this example is according to reference to Fig. 3
The encryption key containing in the method for the encrypted content illustrating and the generation process of some keys and some producing
The assigning process of key;
The flow chart that Figure 28 shows the example operation of the security system shown in Figure 26, this example is to say according to reference to Fig. 3
The storing process of the content of the ciphering process of the content containing in the method for bright encrypted content and encryption;
The flow chart that Figure 29 shows another example operation of the security system that Figure 26 shows, this example is according to reference to figure
The encryption key containing in the method for encrypted content of 3 explanations and the generation process of some keys and produced multiple portion
Divide the assigning process of key;
The flow chart that Figure 30 shows another example operation of the security system shown in Figure 26, this example is according to reference to figure
The ciphering process of content containing in the method for encrypted content of 3 explanations and the storing process of the content of encryption;
The flow chart that Figure 31 shows another example of the operation of the security system shown in Figure 26, this example is according to reference
The encryption key containing in the method for encrypted content of Fig. 3 explanation and the generation process of some keys and the multiple portions producing
Divide the assigning process of key;
The flow chart that Figure 32 shows another example of the operation of the security system shown in Figure 26, this example is according to reference
The encryption key containing in the method for encrypted content of Fig. 3 explanation and the generation process of some keys and the multiple portions producing
Divide the assigning process of key;
The flow chart that Figure 33 shows another example of the operation of the security system shown in Figure 26, this example is according to reference
The method of the deciphering content of Figure 19 explanation;
Figure 34 is the block diagram of the equipment according to an one exemplary embodiment;
Figure 35 is the block diagram of the example of the detector unit shown in Figure 34;
Figure 36 is the block diagram of the equipment according to an one exemplary embodiment;
Figure 37 shows the block diagram of the software configuration according to an one exemplary embodiment;
Figure 38 shows the block diagram of the server according to an one exemplary embodiment;And
Figure 39 shows the block diagram of the server according to an one exemplary embodiment.
Specific embodiment
According to the one side of an one exemplary embodiment, provide a kind of mobile device, this mobile device includes:Communication
Device, for at least one external device communication;Controller, in response to determining that mobile device is located at outside at least one
The encrypted content that mobile device and at least one external equipment are shared is deciphered in closing on of equipment within distance.
Mobile device also can include user input unit, and controller can be used in response to receive for at least
One external equipment shares the user input of content and encrypted content.
Mobile device can also include the memorizer of the content for storage encryption.
Controller can be used for storing the content encrypted in external server.
Communicator can be used for transmitting the content encrypted at least one external equipment.
Controller can produce the encryption key and some keys for encrypted content, and distributes produced multiple
Part of key is at least one external equipment.
Controller can be encrypted some keys and distribute some keys of encryption at least one external equipment.
Mobile device can also include memorizer, distributes to mobile device at least for storing in some keys
One part of key and encryption key.
Controller can recover to correspond to encryption key from some keys distributing at least one external equipment
Decruption key, and in response to determine at least one external equipment be located at mobile device close on distance within, by using
The content to decipher encryption for the decruption key recovering.
The distance that controller can be closed on mobile device in response to determining at least one external equipment to be not located at it
The interior and content that re-encrypts deciphering.
Mobile device can also include user input, and wherein at least one external equipment includes the first equipment and second and sets
Standby, controller can be used in response to receiving the user input with the first equipment and the second collaborative share content through user input
And encrypted content, close within distance with mobile device in response to determining at least one the first equipment and the second equipment and being located at
Deciphering encrypted content.
Communicator can include short-range wireless communication module, and this module includes at least one following:Near-field communication (NFC) mould
Block, bluetooth module, WiFi module and ZigBee module, wherein communicator are used for determining whether mobile device is located at outside at least one
Portion's equipment close on distance within.
Mobile device can also include detector, this detector include touch sensor and Proximity Sensor at least it
One, wherein detector is used for determining that whether mobile device is located at the closing within distance of at least one external equipment.
Mobile device can also include display or speaker, and controller can be used for through display or speaker output solution
Close content.
According to the one side of another one exemplary embodiment, provide a kind of shared in the secure group containing multiple equipment in
The method held, the method includes:Determine that the quantity in multiple equipment reaches equal to or more than whether the equipment of threshold value is located at mutually
Between within the distance closed on;It is equal to or more than in response to determining the quantity being located at the equipment within distance that closes on each other
Threshold value, the encrypted content that deciphering multiple equipment is shared.
The method may be responsive to receive and adds for sharing the user input of content between devices
Close content.
The method can also include storing the content of encryption at least one of to multiple equipment.
The method can also include storing encrypted content to external server.
Contents encryption process can include:Produce the encryption key for encrypted content and produce some keys;Point
Join produced some keys to multiple equipment;Using encryption keys content.
The process of encrypted content can also include encrypting some keys, and distributes some keys of generation
Process can include distributing some keys encrypted to multiple equipment.
The method can also include at least one of storage encryption key and some keys distributing to multiple equipment
Safety zone.
The method can also include deciphering encrypted content, and decrypting process includes:In response to determine be located at mutually it
Between close on distance within equipment quantity be equal to or more than threshold value, from some keys distributing to multiple equipment recover
Decruption key corresponding to encryption key;And decipher encrypted content using the decruption key recovering.
The process of encrypted content can include being not at and mobile device in response to determining at least one external equipment
Close on and stop within distance recovering decruption key and deciphering encrypted content and the content re-encrypting deciphering.
Determine whether the quantity of the equipment within distance adjacent to one another that is located at includes through short equal to or more than the process of threshold value
Journey wireless communication module (including near-field communication (NFC) module, bluetooth module, WiFi module and ZigBee module) is multiple to determine
Whether equipment is located within distance adjacent to one another.
Determine whether the quantity of the equipment within distance adjacent to one another that is located at includes through extremely equal to or more than the process of threshold value
Lack a touch sensor or Proximity Sensor to determine whether multiple equipment is located within distance adjacent to one another.
According to the one side of another one exemplary embodiment, a kind of non-transient computer-readable record storage is provided to be situated between
Matter, is stored thereon with computer program, and when executed by a computer, the method for this program performing includes:Determine in multiple equipment
The quantity positioned at the equipment closing on each other within distance whether be equal to or more than threshold value;It is located at mutually in response to determining
Between close on distance within equipment quantity be equal to or more than threshold value, and decipher multiple equipment share encrypted content.
Embodiment
In detail below with reference to one exemplary embodiment, the example in these one exemplary embodiment shows in the accompanying drawings, wherein exists
In all accompanying drawings, similar reference refers to similar element.In this regard, the one exemplary embodiment of the present invention can have
Different forms, therefore should not be construed as limiting in explanation here.Therefore, below with reference to accompanying drawing to one exemplary embodiment
Illustrate to be merely intended to explain each aspect of the present invention.In the following description, the specific of correlation technique explains in detail may not
The place necessarily obscuring the present invention is omitted.As used herein, term "and/or" includes of related Listed Items
Or multiple any one or whole combination.Such as " at least one " expression way when before a column element, revise
The element of this row and individually do not revise the element of this row.
The function of providing in view of one exemplary embodiment, is used herein general and widely used term, and can
Changed with the generation according to the intention of those of ordinary skill in the art, precedent or new technique.It will thus be appreciated that this
In the term that uses be interpreted as having the implication consistent with their implication in the context of correlation technique.
Additionally, use (such as " unit " or " module ") used herein refer to can by hardware, software or hardware with
The entity that the combination of software is implemented.
Fig. 1 shows the block diagram of the secure group 10 according to an one exemplary embodiment.
With reference to Fig. 1, secure group 10 can include multiple equipment, the such as first to the 3rd equipment 100-300.In detail, pacify
Full group 10 can share content between multiple equipment 100-300, can encrypt this content and deciphering encrypted content for this.
Therefore, secure group 10 is properly termed as the decryption system of content encryption system or encrypted content.Therefore, secure group 10 can also be referred to as
Security system.
But, each element shown in Fig. 1 is not all basic element.Secure group 10 or security system can by using than
The more or less of unit of those elements shown in Fig. 1 usually implements.For example, secure group 10 can include two equipment, or
Person can include four or more equipment.As another example, secure group 10 or security system can also include multiple setting
Standby server or Cloud Server.
The operation producing or initializing secure group 10 can be executed, and execute the equipment of aforesaid operations and be properly termed as group neck
Lead.In current one exemplary embodiment, the first equipment 100 can be the group leader of secure group 10, second and the 3rd equipment
200,300 can be group membership.First equipment 100 can be the equipment of first user USER1, and the second equipment 200 can be
The equipment of two user USER2, the 3rd equipment 300 can be the equipment of the 3rd user USER3.
For example, the first to the 3rd equipment 100-300 can be smart phone, but these equipment are not limited to intelligent electricity
Words.One of first to the 3rd equipment 100-300 or multiple can be desktop personal computers (PC), PC, intelligent television, honeycomb
Phone, personal digital assistant (PDA), laptop computer, media player, microserver, global positioning system (GPS), electronics
Book terminal, digital broadcast terminal, navigation system, news-stand, motion characteristics planning audio layer 3 (MP3) player, Digital photographic
Machine, wearable device or other mobile or stationary computing devices.
The content that one of first to the 3rd equipment 100-300 can produce and storage content and encryption are stored.Encryption
Content can be replicated between the first to the 3rd equipment 100-300 and share.First to the 3rd equipment 100-300 at least it
One can store encrypted content in safety zone (such as TrustZone (trust region)), so can utilize hardware
To protect encrypted content.According to another one exemplary embodiment, server or Cloud Server (not shown) can store quilt
The content of encryption, and the content storing can share between the first to the 3rd equipment 100-300.
Content can be video content (such as TV programme, video request program (VOD), the content (UCC) of user's creation, sound
Happy video clipping, YouTube video editing etc.), rest image content (such as photo, picture etc.), content of text (for example
The e-book of poem or novel, mail, job documentation, webpage etc.), music content (such as music, music program, wireless
Electricity broadcast etc.) or application program (such as widget, game, video phone call etc.).
According to an one exemplary embodiment, content can artificially be selected according to user input.For example, can be in profit
Select content with while such as camera application or photograph album application.As another example, can be used for sharing by execution
The particular application of the content in secure group 10 is selecting content.
According to another one exemplary embodiment, (can be based on according to the status information of the first to the 3rd equipment 100-300
Context) automatically determine content.For example, can positional information based on the first to the 3rd equipment and/or social networkies
In service (SNS), the relation information of the first to the 3rd equipment 100-300 to determine content.As another example, first to the 3rd
One of equipment can unilaterally determine content.
According to an one exemplary embodiment, only close on apart from it when the first to the 3rd equipment 100-300 is located at from each other
When interior, encrypted content can be come by least one first to the 3rd equipment 100-300, and the content after encrypting can be decrypted
And it is shared between the first to the 3rd equipment 100-300.The distance of closing on of equipment is not limited to definite distance, shows in different
In exemplary embodiment, possibly several meters of this distance is actual between equipment touches together.If the first to the 3rd equipment 100-
300 all agree to, content can become public or be changed.
In detail, the secure group 10 including the first to the 3rd equipment 100-300 can based on privacy sharing method (also referred to as
Secret dividing method) encryption/deciphering content.Privacy sharing method is by using for safely maintenance and management secret information
(by a secret information of such as encryption key being divided into multiple secret shares and storing multiple secret in each group membership
Close share) encryption technology implementing.
According to another one exemplary embodiment, content can be encrypted by least one of first to the 3rd equipment 100-300.
When within some device signal in the first to the 3rd equipment 100-300 be located at close on distance within when, the content of encryption is permissible
Decrypted and shared in each equipment.Therefore, if some equipment in the first to the 3rd equipment 100-300 agree to, content can
To become disclosed or to be modified.
In detail, the secure group 10 including the first to the 3rd equipment 100-300 based on threshold method encryption or can solve
Close content.Threshold method is the modification method of privacy sharing method.In threshold method, if t or more in N number of participant
Individual participant is close to each other, then can recover original secret information.Close to each other if fewer than t participant, then cannot
Recover original secret information.For example, if N is 3, t is 2, then as two in the first to the 3rd equipment 100-300 or
When more equipment are close to each other, (positioned at closing within distance) can decipher and share encrypted content.
Describe the method for encrypted content and the method for deciphering encrypted content below with reference to Fig. 2 to 25 in detail.
Fig. 2 shows the schematic diagram of secure group 10a of the example as the secure group 10 shown in Fig. 1.
With reference to Fig. 2, secure group 10a includes the first to the 3rd equipment 100a-300a.For example, the first to the 3rd equipment
100a-300a can store the memorandum EC1 of encryption, the file of the mail EC2 of encryption, the photo EC3 of encryption or encryption
EC4.In this case, it is possible to understand that the first to the 3rd equipment 100a-300a has split secret share S1-S3 respectively.Cause
This, each of first to the 3rd equipment 100a-300a cannot recover original private information.
But, if the first to the 3rd equipment 100a-300a is close to each other, can be based on secret share S1- split
S3 is recovering original secret information.Then, the first to the 3rd equipment 100a-300a can obtain the memorandum DC1 of deciphering, solution
The file DC4 of close mail DC2, the photo DC3 of deciphering or deciphering.
The flow chart that Fig. 3 shows the method for the encrypted content according to an one exemplary embodiment.
With reference to Fig. 3, in current one exemplary embodiment, the method for encrypted content refers to encrypt the peace containing multiple equipment
The method of the content that Quan Zuzhong shares, the method is included by the operation of one of following multiple equipment execution.For example, working as
In front one exemplary embodiment, the method for encrypted content can include the first equipment 100 that the secure group 10 shown in Fig. 1 includes
The operation of the time sequencing of execution.
In operation s 310, encryption key and some keys are produced.In detail, the first equipment 100 can produce and treat
It is assigned to encryption key and some keys of the first to the 3rd equipment 100-300.Encryption key can be used for encrypted content,
Some keys can be used for deciphering encrypted content.
According to an one exemplary embodiment, in the method for encrypted content, it is possible to use asymmetrical cryptographic method is encrypting
Content.Encryption key can include the key pair containing public-key cryptography and private key.Public-key cryptography can be used for encrypted content,
Private key can be used for deciphering content.For example, private key can be divided at least three by the first equipment 100
Point, then produce first and arrive Part III key.As another example, public-key cryptography can be divided into three by the first equipment 100
Individual part arrives Part III key to produce first.
According to another one exemplary embodiment, in the method for encrypted content, it is possible to use symmetric encryption method encrypted content.
Because encryption key can be used for encrypting or deciphers content, therefore encryption key is referred to as symmetric key.For example,
Secret splitting can be become three parts to arrive Part III key to produce first by one equipment 100.
In operation S320, produced some keys are assigned to multiple equipment.In detail, the first equipment 100
The produced first Part I key in Part III key can be stored, and transmit Part II key and the 3rd
Divide each of key to the second equipment 200 and the 3rd equipment 300.According to another one exemplary embodiment, the side of encrypted content
Method can also include encrypting some keys.In the case, the first equipment 100 can transmit encryption second and the 3rd
Divide each of key to the second equipment 200 and the 3rd equipment 300.
In operation s 330, it is possible to use produced encryption key carrys out encrypted content.In detail, equipment 100 can profit
It is stored encrypted in the content in the first equipment 100 or server with the encryption key producing.For example, in asymmetric cryptosystem
In method, the first equipment 100 can be using public-key cryptography come encrypted content.As another example, in symmetric encryption method,
First equipment 100 can be by the use of the encryption key as symmetric key come encrypted content.
In operation S340, store encrypted content.In detail, the first equipment 100 can store encrypted content.
According to an one exemplary embodiment, the first equipment 100 can store the interior of encryption in safety zone (such as TrustZone)
Hold, in being available with hardware protection encrypted content.Additionally, the first equipment 100 can transmit encrypted content to
At least one of two equipment 200 and the 3rd equipment 300, and/or encrypted content can be transmitted to server.
Fig. 4 shows the exemplary reality with reference to the distribution comprising in the method for encrypted content that Fig. 3 illustrates and storage operation
Apply example.
With reference to Fig. 4, the first equipment 100a of first user USER1 can be respectively transmitted second and Part III key to the
Two and the 3rd equipment 200a and 300a.Therefore, because any user of the arbitrary equipment in secure group 10 cannot obtain all
Part of key (the such as second equipment 200a only receives Part II key), any user cannot independently access content.
But, only when the equipment of the quantity reaching equal to or more than threshold value in the multiple equipment that equipment safety group 10 includes is located at phase
When mutually closing within distance, it is possible to use some keys being respectively stored in corresponding equipment recovering decruption key,
Then arbitrarily user can access the content of encryption by using the decruption key recovering.
The first equipment 100a of first user USER1 can be respectively transmitted second and Part III key of encryption to second
With the 3rd equipment 200a and 200b.Therefore, because or including in secure group 10 in the equipment not included in the of 10 not included in safety
Another equipment does not have the key of second and Part III key for deciphering encryption, and miscellaneous equipment cannot obtain the second He
Part III key.
Additionally, the first equipment 100a can transmit the content of encryption to second and the 3rd equipment 200a and 300a.Therefore, by
In the equipment being not belonging to secure group 10 or user, there is no keys for decrypting the encrypted content, miscellaneous equipment or user are not
Encrypted content can be accessed.
Fig. 5 shows the one exemplary embodiment of the storage operation that the method with reference to the encrypted content of Fig. 3 explanation includes.
With reference to Fig. 5, each of first to the 3rd equipment 100a-300a can store content EC of encryption.Additionally,
Arrive Part III key, the first to the 3rd equipment because the first to the 3rd equipment 100a-300a stores corresponding first respectively
100a-300a cannot independently decipher content EC of encryption.
The flow chart that Fig. 6 shows the example of the operation of secure group 10 shown in Fig. 1, this example is according to reference to Fig. 3 explanation
The method of encrypted content in the generation of the encryption key that contains and some keys and generation some keys
Assigning process.
With reference to Fig. 6, in current exemplary embodiment, the method for encrypted content includes implementing by distributing private key
Segmentation encryption method.The first to the 3rd equipment that the secure group 10 that the method for encrypted content is included as shown in Figure 1 includes
The operation that 100-300 is processed.It is therefore understood that the explanation with reference to the secure group 10 of Fig. 1 explanation is also applied to currently show
The method of the encrypted content of exemplary embodiment, even if non-repeat specification.
In operation S610, the first equipment 100 produces the key pair including public keys and private key.For example, first
Equipment 100 can produce for the public keys T of encryption and corresponding to public keys T and be used for the private key t deciphering.
In operation S620, private key t is divided into three parts by the first equipment 100, then produces first to the 3rd
Part of key.For example, the first equipment 100 can be by being divided into three partly to produce first to the 3rd private key t
Part of key t1-t3.In the case, the first equipment 100 can be by using secret sharing scheme (such as Shamir scheme)
To split private key t.
In operation S630, delete private key t.For example, the first equipment 100 can delete private key t.Cause
This, do not have equipment can obtain private key t in the first to the 3rd equipment 100-300, then cannot independently access encryption
Content.
In operation s 640, second and Part III key can be encrypted.For example, the first equipment 100 can pass through
Encrypt each of second and Part III key t2 and t3 to produce second and Part III key of encryption, to ensure
Second and the transmission safety of Part III key.Then, in second and Part III cipher key processes of transmission encryption, do not include
Equipment in secure group 10 cannot obtain second and Part III key.
In operation s 650, the first equipment 100 transmits public-key cryptography with the Part II key of encryption to the second equipment
200.In operation s 660, the first equipment 100 transmits public-key cryptography with the Part III key of encryption to the 3rd equipment 300.Lift
For example, the first equipment 100 can be through wireless communication connection (WiFi, the third generation (3G), long-term evolution (LTE), bluetooth etc.
Deng) second and Part III key of transmission public-key cryptography and encryption be respectively to second and the 3rd equipment 200 and 300.
In operation S670, the first equipment 100 stores public-key cryptography and Part I key.In operation S680, second
Equipment 200 storage public-key cryptography and Part II key.In operation S690, the 3rd equipment 300 stores public-key cryptography and the 3rd
Part of key.For example, second and the 3rd equipment 200 and 300 can respectively pass through deciphering encryption second and the 3rd
Key is divided to extract second and Part III key.Further, since second and the 3rd equipment 200 and 300 there is public-key cryptography T,
In first to the 3rd user USER1-USER3 of the first to the 3rd equipment 100-300, any user can be by using open
Cipher key T is deciphering content.
Fig. 7 shows the more detailed flow chart of the example operation of secure group 10 of display in Fig. 1, and this example is according to ginseng
The method examining the encrypted content of Fig. 6 explanation.
With reference to Fig. 7, in operation S710a, the first equipment 100 produces the first mark public-key cryptography K1 and the first mark is private
Key k1.By the first mark public-key cryptography K1 and first mark the first tagged keys of constituting of private key k1 to being for identifying
It is arranged on the combination of the key of the first application in the first equipment 100.It is arranged on the second and the 3rd in equipment 200 and 300
Two and the 3rd application can check by using the first mark public-key cryptography K1 or identify the being arranged in the first equipment 100
One application.
According to an one exemplary embodiment, the first equipment 100 can ask the public key infrastructure of such as phone PK1
(PK1) to produce the first mark public-key cryptography K1 and first mark private key k1.According to another one exemplary embodiment, first
Equipment 100 can ask phone PK1 to produce the first mark public-key cryptography K1 and first mark private key k1 and for the
The First Certificate Certificate of one mark public-key cryptography K1p1(K1).P1 represents the key of certification the first equipment 100, the first card
Book Certificatep1(K1) it is for contacting the identity of first user USER1 and public-key cryptography (i.e. the first mark public-key cryptography
K1 file).
In operation S710b, the second equipment 200 produces the second mark public-key cryptography K2 and the second mark private key k2.
By the second mark public-key cryptography K2 and second mark the second tagged keys of constituting of private key k2 to being to be arranged on for mark
The combination of the key of the second application in the second equipment 200.It is arranged on the first and the 3rd first and in equipment 100 and 300
Three applications can check or identify second being arranged in the second equipment 200 by using the second mark public-key cryptography K2 should
With.
According to an one exemplary embodiment, the second equipment 200 can ask phone PK1 to produce the second mark public-key cryptography
K2 and second mark private key k2.According to another one exemplary embodiment, the second equipment 200 can ask phone PK1 to produce
Raw second mark public-key cryptography K2 and the second mark private key k2 and the second certificate for the second mark public-key cryptography K2
Certificatep2(K2).P2 represents the key of certification the second equipment 200, the second certificate Certificatep2(K2) be for
The identity of contact second user USER2 and the file of public-key cryptography (i.e. the second mark public-key cryptography K2).
In operation S710c, the 3rd equipment 300 produces the 3rd mark public-key cryptography K3 and the 3rd mark private key k3.
By the 3rd mark public-key cryptography K3 and the 3rd mark the 3rd tagged keys that constitute of private key k3 to being to be arranged on for mark
The combination of the key of the 3rd application in the 3rd equipment 300.It is arranged on first in the first and second equipment 100 and 200 and
Two applications can check or identify the 3rd being arranged in the 3rd equipment 300 by using the 3rd mark public-key cryptography K3 should
With.
According to an one exemplary embodiment, the 3rd equipment 300 can ask phone PK1 to produce the 3rd mark public-key cryptography
K3 and the 3rd mark private key k3.According to another one exemplary embodiment, the 3rd equipment 300 can ask phone PK1 to produce
Raw 3rd mark public-key cryptography K3 and the 3rd mark private key k3 and the 3rd certificate for the 3rd mark public-key cryptography K3
Certificatep3(K3).P3 represents the key of certification the 3rd equipment 300, the 3rd certificate Certificatep3(K3) be for
Contact the identity of the 3rd user USER3 and the file of public-key cryptography (i.e. the second mark public-key cryptography K3).Above-mentioned operation
S710a-S710b is properly termed as producing the operation of tagged keys.
In operation S720a, the second equipment 200 transmission the second mark public-key cryptography K2 to first equipment 100.The of transmission
Two mark public-key cryptography K2 can be used for encrypting the second content private sector key t2.According to another one exemplary embodiment, second
Equipment 200 can transmit the second mark public-key cryptography K2 and the second certificate Certificatep2(K2) to the first equipment 100.
In operation S720b, the 3rd equipment 300 transmission the 3rd mark public-key cryptography K3 to first equipment 100.The of transmission
Three mark public-key cryptography K3 can be used for encrypting the 3rd content private sector key t3.According to another one exemplary embodiment, the 3rd
Equipment 300 can transmit the 3rd mark public-key cryptography K3 and the 3rd certificate Certificatep3(K3) to the first equipment 100.
In operation S730, the first equipment 100 produces the mark disclosure including the first to the 3rd mark public-key cryptography K1-K3
The group { K1, K2, K3 } of key.The group { K1, K2, K3 } of produced mark public-key cryptography can be stored in the first to the 3rd equipment
In.
In operation S740, the first equipment 100 produces content public-key cryptography T and content private key t.Disclosed close by content
The content key that key T and content private key t are constituted is to the group being key for encrypting/deciphering the content that secure group 10 is shared
Close.In detail, content private key t can encrypt the symmetric key s for encrypted content.
According to another one exemplary embodiment, the first equipment 100 can also identify public-key cryptography K1-K3 and produce from first to the 3rd
Raw mark public-key cryptography contact value G (i.e. G=K1 K2 K3).
In operation S750, the first equipment 100 content private key t is divided at least three parts, then produces first
To the 3rd content private sector key t1-t3 (i.e. t=t1+t2+t3).First equipment 100 can be by using such as Shamir
The secret sharing scheme of scheme is splitting content private key t.
According to another one exemplary embodiment, the first equipment 100 can produce mark public-key cryptography contact value G and each difference
The first to the 3rd electronic signature for the first to the 3rd content private sector key t1-t3.According to another one exemplary embodiment,
First equipment 100 can produce group mark (ID) GroupID, mark public-key cryptography contact value G and be directed to first in the 3rd
Hold the electronic signature of private sector key t1-t3.In detail, the first electronic signature is E-Signt(GroupID G t1), second
Electronic signature is E-Signt(GroupID G t2) and the 3rd electronic signature are E-Signt(GroupID G t3).
In operation S760, the first equipment 100 deletes content private key t.Then, content private key t be not to appoint
Knowable to meaning user, and unless in the first to the 3rd equipment 100-300, reach the equipment position of the quantity equal to or more than threshold value
Within distance adjacent to one another, any user cannot independently decipher encrypted content.According to another exemplary reality
Apply example, the first equipment 100 can be with storage content private key t to such as TrustZone or any hardware based safety knot
In the safety zone 1 of structure, therefore can protect content private key t by using hardware.
In operation S770, the first equipment 100 be utilized respectively second and the 3rd mark public-key cryptography K2 and K3 encrypting the
Two and the 3rd content private sector key t2 and t3.Then, produce the second content private sector key secret value EncK2(t2) and
3rd content private sector key secret value EncK3(t3).Due to the second content private sector key secret value EncK2(t2) may be used
To decipher by using the second mark private key k2 corresponding to the second mark public-key cryptography K2, the second content private sector
Key secret value EncK2(t2) can only be deciphered by second equipment 200 with the second tagged keys k2.Further, since the 3rd
Content private sector key secret value EncK3(t3) can be by using the 3rd mark corresponding to the 3rd mark public-key cryptography K3
Private key k3 deciphering, the 3rd content private sector key secret value EncK3(t3) can be only by having the 3rd tagged keys k3
The 3rd equipment 300 deciphering.
In operation S780a, the group { K1, K2, K3 } of the first equipment 100 transmission mark public-key cryptography, content public-key cryptography T
With the second content private sector key secret value EncK2(t2) to the second equipment 200.According to another one exemplary embodiment, first sets
Standby 100 can also transmit the second electronic signature E-Signt(GroupID G t2) is to the second equipment 200.
In operation S780b, the group { K1, K2, K3 } of the first equipment 100 transmission mark public-key cryptography, content public-key cryptography T
With the 3rd content private sector key secret value EncK3(t3) to the 3rd equipment 300.According to another one exemplary embodiment, first sets
Standby 100 can also transmit the 3rd electronic signature E-Signt(GroupID G t3) is to the 3rd equipment 300.Operation S710a-S780b
It is properly termed as generation and the initialization of secure group 10.
In operation S790a, the first equipment 100 stores the group { K1, K2, K3 } of mark public-key cryptography, content public-key cryptography T
With first content private sector key t1.In operation S790b, the second equipment 200 is by using the second mark private key k2
Decipher the second content private sector key secret value EncK2(t2) extracting and to store the second content private sector key t2.In behaviour
Make in S790c, the 3rd equipment 300 deciphers the 3rd content private sector key secret value by using the 3rd mark private key k3
EncK3(t3) extracting and to store the 3rd content private sector key t3.According to an one exemplary embodiment, first sets to the 3rd
Standby 100-300 can store the first to the 3rd content private key t1-t3 to such as TrustZone or other respectively and be based on hardware
The safety zone of safeguard construction in.
The flow chart that Fig. 8 shows another example operation of secure group 10 of display in Fig. 1, this example is according to reference to figure
The encryption of encrypted content containing in the method for encrypted content of 3 explanations and storing process.
With reference to Fig. 8, in current one exemplary embodiment, can be in the side of the encrypted content having executed with reference to Fig. 6 explanation
The method executing this encrypted content after method.Additionally, in current one exemplary embodiment, the method for encrypted content include by
The operation of the first to the 3rd equipment 100-300 execution that secure group 10 includes.Hereafter, by the operation of explanation encrypted content, its
In cryptographic operation is executed by the first equipment 100.But, according to other one exemplary embodiment, second and the 3rd equipment 200 He
One of 300 can be using public-key cryptography come encrypted content.
In operation S810, the first equipment 100 is believed according to the state of user input or the first to the 3rd equipment 100-300
Cease and to determine content to be encrypted.In detail, first user USER1 can artificially determine the first equipment 100 through user input
In or server in storage content as content to be encrypted.Alternatively, the state according to the first to the 3rd equipment 100-300
Information, in the first equipment 100 or server, the content of storage can be automatically determined as content to be encrypted.
For example, first user USER1 can select the determination in the lump of the photo of storage in the first equipment 100 selected
Photo as content to be encrypted.As another example, can automatically select in the photo of storage from the first equipment 100
Including the photo of the first to the 3rd user USER1-USER3, and selected photo can automatically select and will encrypt
Content.As another example, automatically select in the first to the 3rd equipment 100- in the photo of storage from the first equipment 100
The photo shooting at 300, and selected photo is automatically determined as content to be encrypted.As another example, from
Automatically determine in the photo of storage in one equipment 100 that (the first to the 3rd user is pre- to it as on content to be encrypted and SNS
Order) the relevant photo of the activity of the first to the 3rd user USER1-USER3.
In operation S820, the first equipment 100 carrys out encrypted content by using public-key cryptography.For example, the first equipment
100 can be by using symmetrical key s (i.e. AESS(m)) encrypted content, and by using public-key cryptography T (i.e. EncT(s))
To encrypt this symmetrical key s.
In operation S830, the first equipment 100 stores encrypted content.For example, the first equipment 100 can be all
As stored encrypted content in the safety zone of TrustZone or hardware based safeguard construction, then pass through and utilize hardware
Protection encrypted content.
In operation S840, the first equipment 100 transmission encrypted content is to the second equipment 200.In operation S850, the
One equipment 100 transmission encrypted content is to the 3rd equipment 300.For example, the first equipment 100 can be through wireless communication connection
(such as WiFi, 3G, LTE, bluetooth etc.) transmission encrypted content is to second and the 3rd equipment 200 and 300.
In operation S860, the second equipment storage encrypted content.In operation S870, the 3rd equipment 300 stores
The content of encryption.For example, second and the 3rd equipment 200 and 300 can be in such as TrustZone or hardware based safety
Store encrypted content in the safety zone of structure, then pass through using hardware protection encrypted content.
The method producing some keys according to the segmentation private key with reference to Fig. 6-8 explanation, including in secure group
In 10 first can independently encrypted content to one of the 3rd equipment 100-300.But, when including in secure group 10
When the equipment of the quantity reaching equal to or more than threshold value in one to the 3rd equipment 100-300 is located within distance adjacent to one another,
The part of key that can store from each recovers private key, thus it is possible to deciphering encrypted content.
Therefore, in the case although content can be appointed to the 3rd user USER1-USER3 by first in secure group 10
One of what, to produce or to add, but can only work as the user reaching the quantity equal to or more than threshold value within distance adjacent to one another
When access encrypted content.For example, the first to the 3rd user USER1-USER3 is one of any can produce joint account
Number, only when the entirety of the first to the 3rd user USER1-USER3 or some be located within distance adjacent to one another when, first to the 3rd
The entirety of user USER1-USER3 or some can access this joint account.
The flow chart that Fig. 9 shows another example of the operation of the secure group that Fig. 1 shows, this example is according to reference to Fig. 3
The encryption key containing in the method for the encrypted content illustrating and the generation process of some keys and produced multiple portion
Divide the assigning process of key.
With reference to Fig. 9, in current exemplary embodiment, the method for encrypted content includes the segmentation by distributing private key
Encryption method.The first to the 3rd equipment 100-300 that the secure group 10 that the method for this encrypted content is included as shown in Figure 1 includes
The operation processing.It is therefore understood that the explanation that the secure group 10 with regard to illustrating with reference to Fig. 1 provides can also be applied to currently show
The method of the encrypted content of exemplary embodiment, even if do not repeat its explanation.
In operation S910, the first equipment 100 produces the key pair being made up of public-key cryptography and private key.Citing comes
Say, the first equipment 100 can produce for encryption public-key cryptography T-phase should in public-key cryptography T and for deciphering individual close
Key t.
In operation S920, public-key cryptography T is divided into three parts by the first equipment 100, then produces first to the 3rd
Part of key.For example, the first equipment 100 can be by being divided into three partly to produce at least first public-key cryptography T
To Part III cipher key T 1-T3.In the case, the first equipment 100 can be by using secret sharing scheme (such as Shamir
Scheme) splitting public-key cryptography T.
In operation S930, delete public-key cryptography T.For example, the first equipment 100 can delete public-key cryptography T.Cause
This, do not have equipment can obtain public-key cryptography T in the first to the 3rd equipment 100-300, then cannot independently encrypted content.
In operation S940, the first equipment encrypts second and Part III cipher key T 2 and T3.For example, the first equipment
100 can by encrypt second and Part III cipher key T 2 and T3 each produce second and Part III key of encryption,
To guarantee the safety in transmit process.Then, in second and Part III key of transmission encryption, do not wrap in secure group 10
The equipment including cannot obtain second and Part III key.
In operation S950, the Part II key of the first equipment 100 transmission encryption is to the second equipment 200.In operation
In S960, the Part III key of the first equipment 100 transmission encryption is to the 3rd equipment 300.For example, the first equipment 100 can
With second and Part III key through wireless communication connection (such as WiFi, 3G, LTE, bluetooth etc.) transmission encryption to second
With the 3rd equipment 200 and 300.
In operation S970, the first equipment 100 stores Part I key.In operation S980, the second equipment 200 stores
Part II key.In operation S990, the 3rd equipment 300 stores Part III key.For example, second and the 3rd equipment
200 and 300 can by decipher second and Part III key of encryption extract each second and Part III key.
The flow chart that Figure 10 shows another example operation of the secure group 10 that Fig. 1 shows, this example is according to aobvious in Fig. 3
The encryption of the content of the encryption containing in the method for the encrypted content shown and storing process.
With reference to Figure 10, in current one exemplary embodiment, the method for encrypted content can perform with reference to Fig. 9 explanation
The method of encrypted content after execute.Additionally, in the present example, the method for encrypted content includes being wrapped by secure group 10
The operation that first including executes to the 3rd equipment 100-300.
In operation S1010, the first equipment 100 is according to the state of user input or the first to the 3rd equipment 100-300
Information is determining content to be encrypted.In detail, first user USER1 can artificially determine the first equipment through user input
100 or server in storage content as content to be encrypted.Alternatively, the shape according to the first to the 3rd equipment 100-300
State information, in the first equipment 100 or server, the content of storage can be automatically determined as content to be encrypted.
In operation S1020a, the first equipment 100 transmission encryption request message is to the second equipment 200.In operation S1020b, the
One equipment 100 transmission encryption request message is to the 3rd equipment 300.
In operation S1030a, the second equipment 200 transmission the first encryption acceptance message is to the first equipment 100.For example,
First encryption acceptance message can include the secret value of the Part II cipher key T 2 of storage in the second equipment 200.In operation
In S1030b, the 3rd equipment 300 transmission the second encryption acceptance message is to the first equipment 100.For example, the second encryption agreement disappears
Breath can include the secret value of the Part III cipher key T 3 of storage in the 3rd equipment 300.
In operation S1040, the first equipment 100 is based on the first and second encryption acceptance message and recovers public-key cryptography.Lift
Example for, the first equipment 100 can based on first and second encryption acceptance message include each second and Part III close
In the secret value of key T2 and T3 and the first equipment 100 storage Part I cipher key T 1 and recover public-key cryptography T (i.e. T=T1+
T2+T3).
In operation S1050, the first equipment 100 is by using public key encryption content.For example, the first equipment
100 can be by using symmetrical key s (i.e. AESS(m)) encrypted content, by using public-key cryptography T (the i.e. Enc recoveringT
(s)) carry out the key of cryptographic symmetrical.
In operation S1060, the first equipment 100 stores the content of encryption.For example, the first equipment 100 can store
The content of encryption is in the safety zone of the hardware based structure of such as TrustZone or other.
In operation S1070a, the content of the first equipment 100 transmission encryption is to the second equipment 200.In operation S1070b,
The content of the first equipment 100 transmission encryption is to the 3rd equipment 300.For example, the first equipment 100 can be through wireless communication connection
The content of (such as WiFi, 3G, LTE, bluetooth etc.) transmission encryption is to second and the 3rd equipment 200 or 300.
In operation S1080a, the second equipment 200 stores the content of encryption.In operation S1080b, the 3rd equipment 300 is deposited
The content of storage encryption.For example, second and the 3rd equipment 200 and 300 can store the content of encryption to such as TrustZone
Or in the safety zone of other hardware based structure.
The method producing some keys according to the segmentation public-key cryptography with reference to Fig. 9 and 10 explanation, only when secure group 10
The equipment of the quantity reaching equal to or more than threshold value in the 3rd equipment 100-300 for first including be located at adjacent to one another away from
From within when, the part of key that can be stored based on each recovers public-key cryptography, then can be with encrypted content.On the contrary, secure group
10 the first to the 3rd equipment 100-300 including are one of any can to decipher encrypted content.
For example although only producing when the first to the 3rd equipment 100-300 is located at and closes on each other within distance
With regard to the content of law, policy or regulations, anyone can access produced with regard in law, policy or regulations
Hold.
The flow chart that Figure 11 shows another example operation of secure group 10 of display in Fig. 1, this example is according to reference
The generation process of the encryption key that contains and some keys and produced multiple in the method for encrypted content of Fig. 3 explanation
The assigning process of part of key.
With reference to Figure 11, in current exemplary embodiment, the method for encrypted content is included by distributing private key execution
Correction segmentation encryption method.The secure group 10 that the method for this encrypted content is included as shown in Figure 1 include first to
The operation that three equipment 100-300 are processed.It is therefore understood that the explanation with reference to the secure group 10 of Fig. 1 explanation is also applied to
The method of the encrypted content of current exemplary embodiment, even if non-repeat specification.
In operation S1110, the first equipment 100 produces the key pair being made up of public-key cryptography and private key.Citing comes
Say, the first equipment 100 can produce for encryption public-key cryptography T and corresponding to public-key cryptography T and for deciphering individual close
Key t.
In operation S1120, private key is divided at least two parts by the first equipment 100, then produces at least the
One and Part II key.For example, the first equipment 100 can be by being divided at least two partly to come private key t
Produce at least first and second part of key t1 and t2.In the case, the first equipment 100 can be by using such as Shamir
The secret sharing scheme of scheme is splitting private key t.
In operation S1130, the first equipment 100 encrypts the first and second part of key.For example, the first equipment 100
The first and second part of key of encryption can be produced by encrypting the first and second part of key t1 and t2 respectively, so that really
Protect the safety in transmission.Therefore, during the first and second part of key of transmission encryption, not to be covered in secure group 10 set
Standby cannot obtain the first and second part of key.
In operation S1140a, the first equipment 100 transmits public-key cryptography with the Part I key of encryption to the second equipment
200.In operation S1140b, the first equipment 100 transmits public-key cryptography with the Part II key of encryption to the 3rd equipment 300.
For example, the first equipment 100 can be respectively transmitted disclosure through wireless communication connection (such as WiFi, 3G, LTE, bluetooth etc.)
Key and second and the Part III key encrypted to second and the 3rd equipment 200 and 300.
In operation S1150a, the first equipment 100 stores public-key cryptography and private key.For example, the first equipment 100
Independently encrypted content can be carried out by using public-key cryptography T, and independently to decipher content by using private key t.
The first user USER1 of the first equipment 100 can be had generation, revise or the very high authoritative people using content, interior
Appearance can be very private or sensitivity data.
In operation S1150b, the second equipment 200 stores public-key cryptography and Part I key.In operation S1150c,
3rd equipment 300 storage public-key cryptography and Part II key.For example, second and the 3rd equipment 200 and 300 can distinguish
Extract the first and second part of key by deciphering the first and second part of key of encryption.
Further, since second and the 3rd equipment 200 and 300 there is public-key cryptography T, second and the 3rd equipment 200 and 300
Second and the 3rd any one can carry out encrypted content by using public-key cryptography T in user USER2 and USER3.But, by
In second and the 3rd equipment 200 and 300 be respectively provided with the first and second part of key t1 and t2, second and the 3rd equipment 200 He
300 independently cannot decipher content, and only when second and the 3rd equipment 200 and 300 be located at and close on each other within distance
When can decipher content.Second and the 3rd equipment 200 and 300 second and the 3rd user USER2 and USER3 can be with product
The power of raw content still uses the relatively low people of the power of content.
The flow chart that Figure 12 shows another example operation of the secure group 10 that Fig. 1 shows, this example is according to reference to Fig. 3
The process of the content of the encryption of the content of the encryption containing in the method for the encrypted content illustrating and storage encryption.
With reference to Figure 12, in current exemplary embodiment, the method for encrypted content can perform with reference to Figure 11 explanation
The method of encrypted content after execute.Additionally, in current one exemplary embodiment, the method for this encrypted content includes by scheming
The operation of the first to the 3rd equipment 100-300 execution that the secure group 10 shown in 1 includes.Hereafter, will be explained in first to set
The operation of the encrypted content of standby 100 execution.But, according to another one exemplary embodiment, second and the 3rd equipment 200 and 300 it
One can be by using public key encryption content.
In operation S1210, the first equipment 100 is believed according to the state of user input or the first to the 3rd equipment 100-300
Cease and to determine content to be encrypted.In detail, first user USER1 can artificially determine the first equipment 100 through user input
Or the content storing in server is as content to be encrypted.Alternatively, the state according to the first to the 3rd equipment 100-300 is believed
Breath, in the first equipment 100 or server, the content of storage can be automatically determined as content to be encrypted.
In operation S1220, the first equipment 100 carrys out encrypted content by using public-key cryptography.For example, the first equipment
100 can be by using symmetrical key s (i.e. AESS(m)) carry out encrypted content, by using public-key cryptography T (i.e. EncT(s)) come
The key s of cryptographic symmetrical.
In operation S1230, the first equipment 100 stores the content of encryption.For example, the first equipment 100 can store
Encrypted content is in the safety zone of such as TrustZone or any hardware based safeguard construction.
In operation S1240, the content of the first equipment 100 transmission encryption is to the second equipment 200.In operation S1250, the
The content of one equipment 100 transmission encryption is to the 3rd equipment 300.For example, the first equipment 100 can be through wireless communication connection
The content of (such as WiFi, 3G, LTE, bluetooth etc.) transmission encryption is respectively to second and the 3rd equipment 200 and 300.
In operation S1260, the second equipment 200 stores the content of encryption.In operation S1270, the 3rd equipment 300 stores
The content of encryption.For example, second and the 3rd equipment 200 and 300 can store encrypted content to such as TrustZone
Or in the safety zone of other hardware based safeguard constructions.
Correction according to the method producing some keys by style private key with reference to Figure 11 and 12 explanation
Method, any one equipment in the first to the 3rd equipment 100-300 that secure group 10 includes can independently be encrypted interior
Hold.On the contrary, in the first to the 3rd equipment 100-300 that secure group 10 includes, the only first equipment 100 has private key, and it can
To decipher encrypted content, second and the 3rd equipment 200 and 300 can be by closing on apart from it from being located at each other respectively
The part of key of interior storage recovers private key to decipher content.
For example, first user USER1 can be receive medical services patient, second and the 3rd user USER2 and
USER3 can be doctor or the medical officer providing medical services.Information with regard to medical treatment can be by first to the 3rd
The all of user USER1 to USER3 produces or additional.But although the first user USER1 as patient can independently visit
Ask the information of encryption, only when second and the 3rd user USER2 and USER3 be located at each other close on distance within when both can
To access the information of encryption.
The flow chart that Figure 13 shows another example of the operation of secure group 10 of display in Fig. 1, this example is according to ginseng
Examine the many of the generation process of the encryption key that contains and some keys in the method for encrypted content of Fig. 3 explanation and generation
The assigning process of individual part of key.
With reference to Figure 13, in current one exemplary embodiment, the method for encrypted content is included by distributing symmetrical key
Come the segmentation encryption method to execute, and include the first to the 3rd equipment 100-300 process in the secure group 10 shown in Fig. 1
Operation.It is therefore understood that the explanation of the secure group 10 illustrating with reference to Fig. 1 is also applied to the encrypted content of present example
Method, even if non-repeat specification.
In operation S1310, the first equipment 100 produces encryption key, i.e. symmetrical key.For example, the first equipment
100 can produce the encryption key sk for encryption.Produced encryption key sk can be also used for deciphering.
In operation S1320, encryption key is divided at least three parts by the first equipment 100, then, produces at least the
One arrives Part III key.For example, the first equipment 100 can be by being divided at least three partly to come encryption key sk
Produce at least first and arrive Part III key sk1-sk3.In the case, the first equipment 100 can be by using such as
The secret sharing scheme of Shamir scheme is splitting encryption key sk.
In operation S1330, the first equipment 100 deletes encryption key.
In operation S1340, the first equipment 100 encrypts second and Part III key.For example, the first equipment 100
The second and Part III key sk2 and sk3 of encryption can be produced by encryption second and Part III key respectively, with true
Protect the safety in transmission.Therefore, during transmission second and Part III key, in secure group 10, equipment not to be covered is not
Second and Part III key can be obtained.
In operation S1350, the Part II key of the first equipment 100 transmission encryption is to the second equipment 200.In operation
In S1360, the Part III key of the first equipment 100 transmission encryption is to the 3rd equipment 300.For example, the first equipment 100 can
With through wireless communication connection (such as WiFi, 3G, LTE, bluetooth etc.) will public-key cryptography and encryption second and Part III close
Key is respectively transmitted to second and the 3rd equipment 200 and 300.
In operation S1370, the first equipment 100 stores Part I key sk1.In operation S1380, the second equipment
200 storage Part II key sk2.In operation S1390, the 3rd equipment 300 stores Part III key sk3.
Because the first to the 3rd equipment 100-300 is respectively provided with first to Part III key sk1-sk3, first to the 3rd
The first of equipment 100-300 to the 3rd user USER1-USER3 cannot independently encrypted content, only when the first to the 3rd equipment
100-300 is located at just can be with encrypted content when closing on each other within distance.Further, since the first to the 3rd equipment 100-
300 use symmetrical encrypting/decrypting method, and first to the 3rd user USER1-USER3 of the first to the 3rd equipment 100-300 is not
Content can independently be deciphered, only just permissible when the first to the 3rd equipment 100-300 is located at and closes on each other within distance
Deciphering content.
The flow chart that Figure 14 shows another example operations of the operation of secure group 10 of display in Fig. 1, this example is root
The ciphering process containing in the method for the encrypted content showing according to Fig. 3 and storing process.
With reference to Figure 14, in current one exemplary embodiment, the method for encrypted content can be in adding with reference to Figure 13 explanation
Execute after the method for close content.Additionally, in current one exemplary embodiment, the method for encrypted content is included by secure group 10
The operation that first including executes to the 3rd equipment 100-300.
In operation S1410, the first equipment 100 is believed according to the state of user input or the first to the 3rd equipment 100-300
Cease and to determine content to be encrypted.In detail, first user USER1 can artificially determine the first equipment through user input
100 or server in storage content to be encrypted.Alternatively, the status information according to the first to the 3rd equipment 100-300, the
In one equipment 100 or server, the content of storage can automatically determine as content to be encrypted.
In operation S1420a, the first equipment 100 transmission encryption request message is to the second equipment 200.In operation S1420b
In, the first equipment 100 transmission encryption request message is to the 3rd equipment 300.
In operation S1430a, the second equipment 200 transmission the first encryption acceptance message is to the first equipment 100.For example,
First encryption acceptance message can include the secret value of the Part II key sk2 of storage in the second equipment 200.In operation
In S1430b, the 3rd equipment 300 transmission the second encryption acceptance message is to the first equipment 100.For example, the second encryption agreement disappears
Breath can include the secret value of the Part III key sk3 of storage in the 3rd equipment 300.
In operation S1440, the first equipment 100 is based on the first and second encryption acceptance message and recovers public-key cryptography.Lift
Example for, the first equipment 100 can based on first and second encryption acceptance message include each second and Part III close
In key sk2 and sk3 and the first equipment 100, the secret value of the Part I key sk1 of storage is recovering encryption key sk (i.e. sk
=sk1+sk2+sk3).
In operation S1450, the first equipment 100 carrys out encrypted content by using encryption key.For example, the first equipment
100 can be by using symmetrical key s (i.e. AESS(m)) carry out encrypted content, by using the encryption key sk recovering (i.e.
EncT(s)) carry out the key s of cryptographic symmetrical.
In operation S1460, the first equipment 100 stores the content of encryption.For example, the first equipment 100 can store
The content of encryption is in the safety zone of such as TrustZone or any hardware based safeguard construction.
In operation S1470a, the content of the first equipment 100 transmission encryption is to the second equipment 200.In operation S1470b,
The content of the first equipment 100 transmission encryption is to the 3rd equipment 300.For example, the first equipment 100 can be through wireless communication connection
The content of encryption is respectively transmitted to second and the 3rd by (such as WiFi, the third generation (3G), long-term evolution (LTE), bluetooth etc.)
Equipment 200 and 300.
In operation S1480a, the second equipment 200 stores the content of encryption.In operation S1480b, the 3rd equipment 300 is deposited
The content of storage encryption.For example, second and the 3rd equipment 200 and 300 can store the content of encryption to such as TrustZone
Or in the safety zone of any hardware based safeguard construction.
By splitting the method that private key produces some keys, only work as safety according to reference to Figure 13 and 14 explanation
The equipment reaching the quantity equal to or more than threshold value in the first to the 3rd equipment 100-300 that group 10 includes is located at each other
When closing within distance, symmetrical key can be recovered based on each part of key of storage.Thus it is possible to encrypted content,
And encrypted content can be deciphered.
For example, first user USER1 can be employer, and second user USER2 can be overseer.Only when the first He
Second user USER1 and USER2 are located at when closing on each other within distance, can be with encrypted electronic file or data, and can
To decipher encrypted content.
The flow chart that Figure 15 shows an example of the operation of secure group 10 of display in Fig. 1, this example is according to ginseng
Examine the example of a modification of the method for encrypted content of Fig. 3 explanation.
With reference to Figure 15, in current one exemplary embodiment, the method for encrypted content increased adds newly to secure group 10
The method of member.The method of this encrypted content can perform the method safety group according to the encrypted content with reference to Fig. 6 explanation
Execute after 10 operation.In current one exemplary embodiment, the method for encrypted content includes secure group 10 as shown in Figure 1
The operation that first including is processed to the 3rd equipment 100-300.It will thus be appreciated that the secure group 10 illustrating with reference to Fig. 1
The method illustrating to be also applied to the encrypted content of current exemplary embodiment, even if non-repeat specification.
In operation S1510, the 4th equipment 400 produces the 4th mark public-key cryptography K4 and the 4th mark private key k4.
4th equipment 400 is the equipment of fourth user USER4, and it is the newcomer subscribing to secure group 10.4th mark public-key cryptography
K4 and the 4th mark private key k4 constitute the 4th tagged keys to be for mark the 4th equipment 400 in install the 4th should
The combination of key.Be arranged in the first to the 3rd equipment 100-300 first to the 3rd application each can be through the 4th
Mark public-key cryptography K4 checks or identifies the 4th application installed in the 4th equipment 400.
According to an one exemplary embodiment, the 4th equipment 400 can ask phone PKI or other PKI to produce the 4th mark
Know public-key cryptography K4 and the 4th mark private key k4.According to another one exemplary embodiment, the 4th equipment 400 can be asked
PKI produces the 4th mark public-key cryptography K4 and the 4th mark private key k4 and the 4th card for the 4th mark public-key cryptography k4
Book Certificatep4(K4), the 4th certificate Certificatep4(K4) it is for contacting the identity of fourth user USER4 and public affairs
Open the file of key (i.e. the 4th mark public-key cryptography K4).
In operation S1520, the 4th equipment 400 transmits the 4th tagged keys K4 to first equipment 100. first equipment 100
The 4th content private sector key t4 can be encrypted using the 4th tagged keys K4 of transmission.According to another exemplary implementation
Example, the 4th equipment 400 can transmit the 4th mark public-key cryptography K4 and the 4th certificate Certificatep4(K4) to the first equipment
100.
In operation S1530a, the second equipment 200 transmits the first additional acceptance message to the first equipment 100.For example,
First additional acceptance message can include the secret value of the Part II key t2 of storage in the second equipment 200.In detail, first
Additional acceptance message can include encrypting, by using the first mark public-key cryptography K1, value Enc that Part II key t2 obtainsK1
(t2).
In operation S1530b, the 3rd equipment 300 transmits the second additional acceptance message to the first equipment 100.For example,
Second additional acceptance message can include the secret value of the Part III key t3 of storage in the 3rd equipment 300.In detail, second
Additional acceptance message can include encrypting, by using the first mark public-key cryptography K1, value Enc that Part III key t3 obtainsK1
(t3).
In operation S1540, it is private that the first equipment 100 to recover content by using the first and second additional acceptance message
Key.In detail, the first equipment 100 can be deciphered the first and second additional agreements by using the first mark public-key cryptography K1 and disappear
The secret value Enc of second and Part III key that breath includesK1And Enc (t2)K1(t3) come to recover second and Part III close
Key t2 and t3.Then, the first equipment 100 can recover content private key t based on first to Part III key t1 to t3.
In operation S1550, the first equipment 100 is split content private key t again and is become at least four parts, then produces new
The first to the 4th content private sector key t1 '-t4 ' (i.e. t=t1 '+t2 '+t3 '+t4 ' ...).First equipment 100 can lead to
Cross and split content private key t again using the secret sharing scheme of such as Shamir scheme.
In operation S1560, the first equipment 100 deletes content private key t.Then, content private key t can not be
To knowable to anyone, unless the equipment position of the quantity reaching equal to or more than threshold value in the first to the 4th equipment 100-400
When closing on each other within distance, any one equipment cannot independently decipher encrypted content.According to another
One exemplary embodiment, the first equipment 100 can with storage content private key t to such as TrustZone or any based on hardware
The safety zone of safeguard construction in.
In operation S1570, the first equipment 100 to add respectively by using the second to the 4th mark public-key cryptography K2-K4
Close the second to the 4th new content private sector key t2 '-t4 '.Then, create the second new content private sector key to add
Close value EncK2(t2 '), the 3rd new content private sector key secret value EncK3(t3 ') and the 4th new content individual portion
Divide key secret value EncK4(t4’).
Due to the second new content private sector key secret value EncK2(t2 ') can be by using corresponding to the second mark
The second mark private key k2 of public-key cryptography K2 deciphering, new the second content private sector key value EncK2(t2 ') is permissible
Only deciphered by second equipment 200 with the second mark private key k2.Further, since the 3rd new content private sector key
Secret value EncK3(t3 ') can solve by using the 3rd mark private key k3 corresponding to the 3rd mark public-key cryptography K3
The 3rd close, new content private sector key value EncK3(t3 ') can be by the 3rd equipment with the 3rd mark private key k3
300 deciphering.Further, since the 4th new content private sector key secret value EncK4(t4 ') can be by using corresponding to
The 4th mark private key k4 of four mark public-key cryptography K4 deciphering, new the 4th content private sector key value EncK4
(t4 ') can be deciphered by the 4th equipment 400 with the 4th mark private key k4.
In operation S1580a, the first equipment 100 transmits the second new content private sector key value EncK2(t2 ') is to
Two equipment 200.In operation S1580b, the first equipment 100 transmits the 3rd new content private sector key value EncK3(t3 ') arrives
3rd equipment 300.In operation S1580c, the first equipment 100 transmits the 4th new content private sector key value EncK4(t4’)
To the 4th equipment 400.
In operation S1590a, the first equipment 100 stores new first content private sector key t1 '.In operation
In S1590b, the second equipment 200 adds by using the second new content private sector key of the second mark private key k2 deciphering
Close value EncK2(t2 '), then extracts and storage the second new content private sector key t2 '.In operation S1590c, the 3rd sets
Standby 300 by using the 3rd new content private sector key secret value Enc of the 3rd mark private key k3 decipheringK3(t3 '), in
It is to extract and storage the 3rd new content private sector key t3 '.In operation S1590d, the 4th equipment 400 is by using the
The 4th new content private sector key secret value Enc of four mark private key k4 decipheringK4(t4 '), then extracts and storage the
The content private sector key t4 ' of the "four news" (new ideas.According to an one exemplary embodiment, the first to the 4th equipment 100-400 can distinguish
Store the first to the 4th new content private key t1 '-t4 ' and arrive such as TrustZone or any hardware based safety knot
In the safety zone of structure.
As described above, the 4th equipment 400 can be added to secure group 10 by execution operation S1510-S1590d.According to
Another one exemplary embodiment, even if new member is added to secure group 10, if the required threshold value of deciphering is equal to new one-tenth
The required threshold value before adding of member, then not have to change the first to the 3rd content private sector key t1-t3 and just can produce
Raw 4th content private sector key.Then it is impossible to occur the 4th equipment 400 and second and the 3rd equipment business.
The flow chart that Figure 16 shows an example of the operation of secure group of display in Fig. 1, this example is according to reference
The example of one modification of the method for encrypted content of Fig. 3 explanation.
With reference to Figure 16, in current one exemplary embodiment, the method for encrypted content includes cancelling the one-tenth in secure group 10
The method of member.The method can be after the operation of the method safety group 10 performing according to the encrypted content with reference to Fig. 6 explanation
Execution.In current one exemplary embodiment, the method for encrypted content can be that the secure group 10 shown in from Fig. 1 includes
The method cancelling the second equipment 200 in one to the 3rd equipment 100-300, and can include in secure group 10 as shown in Figure 1
Including the first to the 3rd equipment 100-300 and be newly added to the 4th equipment 400 of secure group 10 and process sequentially in time
Operation.It will thus be appreciated that the explanation with reference to the secure group 10 of Fig. 1 and 15 explanation is also applied to current exemplary in fact
The method applying the encrypted content of example, even if non-repeat specification.
In operation S1610a, the first equipment 100 cancels the message of the second equipment 200 to the 3rd equipment 300 transmitting request.
The message of request revocation the second equipment 200 can include the first mark public-key cryptography K1, group ID GroupID and be directed to first
The electronic signature of mark public-key cryptography K1, the 3rd mark public-key cryptography K3, the second mark public-key cryptography K2 and group ID GroupID
E-SignK1(K1|K3|K2|GroupID).
In operation S1610b, the first equipment 100 cancels the message of the second equipment 200 to the 4th equipment 400 transmitting request.
The message of request revocation the second equipment 200 can include the first mark public-key cryptography K1, group ID GroupID and be directed to first
The electronic signature of mark public-key cryptography K1, the 4th mark public-key cryptography K4, the second mark public-key cryptography K2 and group ID GroupID
E-SignK1(K1|K4|K2|GroupID).
So, the message that the first equipment 100 can cancel the second equipment 200 with transmitting request arrives and is different to be cancelled second
The member of the secure group 10 of equipment 200.
In operation S1620a, the 3rd equipment 300 transmission the first revocation acceptance message is to the first equipment 100.First revocation
Acceptance message can include (identifying public-key cryptography K1 using first and being directed to by encrypting the 3rd content private sector key t3
EncK1(t3) electronic signature) value Enc that obtainsK1(t3).In operation S1620b, the 4th equipment 400 transmission second revocation is same
Meaning message is to the first equipment 100.For example, the second revocation acceptance message can be included by encrypting the 4th content private sector
Key t4 (identifies public-key cryptography K1 using first and is directed to EncK1(t4) electronic signature) value Enc that obtainsK1(t4).
In operation S1630, the first equipment 100 extracts the second to the 4th content private sector key t2-t4.In detail,
First equipment 100 can be by decrypted value Enc respectivelyK1(t2)、EncK1And Enc (t3)K1(t4) (private close using the first mark
Key k1) extracting the second to the 4th content private key t2-t4, its intermediate value EncK1(t2)、EncK1And Enc (t3)K1(t4) it is logical
Cross what encryption second to the 4th content private sector key t2-t4 obtained.
In operation S1640, the first equipment 100 is private from first content private sector key t1 and second to the 4th content
Part of key t2-t4 recovers content private key t.
In operation S1650, the first equipment 100 updates certificate revocation list (CRL).According to another one exemplary embodiment,
First equipment 100 can also produce the electronic signature E-Sign of CRLt(CRL).
In operation S1660a, CRL to the 3rd equipment 300 that the first equipment 100 transmission updates.According to another exemplary reality
Apply example, the first equipment 100 can transmit the electronic signature E-Sign of the CRL and this CRL of renewalt(CRL) to the 3rd equipment 300.
In operation S1660b, CRL to the 4th equipment 400 that the first equipment 100 transmission updates.According to another one exemplary embodiment, the
One equipment 100 can transmit the electronic signature E-Sign of the CRL and this CRL of renewalt(CRL) to the 4th equipment 400.
The flow chart that Figure 17 shows an example of the operation of secure group 10 of display in Fig. 1, this example is according to ginseng
Examine the example of a modification of the method for encrypted content of Fig. 3 explanation.
With reference to Figure 17, in current one exemplary embodiment, if one of multiple equipment of including of secure group 10 is lost
Lose or leave secure group 10, then the method that the method for encrypted content includes recovering key using cloud service.This encrypted content
Method can execute after the operation of the method for the encrypted content performing with reference to Fig. 6 explanation.The method bag of this encrypted content
The operation that the first to the 3rd equipment 100-300 that the secure group 10 including as shown in Figure 1 includes is processed.It is therefore understood that ginseng
The method that the explanation of the secure group 10 illustrating according to Fig. 1 is also applied to the encrypted content of current exemplary embodiment, even if not
Repeat specification.
In operation S1710, the encryption key ti that the first equipment 100 transmission is revised is to Cloud Server 450.In operation
In S1720, Cloud Server 450 stores the encryption key ti revising.For example, the encryption key ti of correction can have accordingly
In content private key t (in detail, using the content private key Enc of the first to the 3rd mark public-key cryptography K1-K3 encryptionK1
(EncK2(EncK3(t)))) value.
In operation S1730, the first equipment 100 produces and recovers key v.In operation S1740, the first equipment 100 transmits
Recover key v to Cloud Server 450.In operation S1750, Cloud Server 450 encrypts the encryption of correction using recovering key v
Key ti.For example, the key of the correction of encryption can be Encv(EncK1(EncK2(EncK3(t)))).
In operation S1760a, the encryption key Enc of the correction of Cloud Server 450 transmission encryptionv(EncK1(EncK2
(EncK3(t)))) to the first equipment 100.In operation S1760b, the encryption key of the correction of Cloud Server 450 transmission encryption
Encv(EncK1(EncK2(EncK3(t)))) to the second equipment 200.In operation S1760c, Cloud Server 450 transmission encryption
The encryption key Enc revisingv(EncK1(EncK2(EncK3(t)))) to the 3rd equipment 300.
In operation S1770a, the first equipment 100 is by using the correction of the first mark private key k1 deciphering encryption
Encryption key Encv(EncK1(EncK2(EncK3(t)))) and obtain the first decrypted result Deck1(Encv(EncK1(EncK2(EncK3
(t))))).In operation S1770b, the second equipment 200 is by using the correction of the second mark private key k2 deciphering encryption
Encryption key Encv(EncK1(EncK2(EncK3(t)))) and obtain the second decrypted result Deck2(Encv(EncK1(EncK2(EncK3
(t))))).In operation S1770c, the 3rd equipment 300 is by using the correction of the 3rd mark private key k3 deciphering encryption
Encryption key Encv(EncK1(EncK2(EncK3(t)))) and obtain the 3rd decrypted result Deck3(Encv(EncK1(EncK2(EncK3
(t))))).
In operation S1780a, the second equipment 200 transmits the second decrypted result Deck2(Encv(EncK1(EncK2(EncK3
(t))))) to the first equipment 100.In operation S1780b, the 3rd equipment 300 transmits the 3rd decrypted result Deck3(Encv(EncK1
(EncK2(EncK3(t))))) to the first equipment 100.So, each equipment sequentially utilizes corresponding to its mark private key
To encrypt the encryption key Enc of the correction of encryptionv(EncK1(EncK2(EncK3(t)))).As a result, the first equipment 100 can
To obtain Encv(t).
In operation S1790, the last key v using recovery of the first equipment 100 recovers encryption key.For example,
First equipment 100 can decipher Enc by using recovering key vv(t) (i.e. Decv(Encv(t)=t) and recover content individual
Key t.
The flow chart that Figure 18 shows an example of the operation of secure group 10 of display in Fig. 1, this example is according to ginseng
Examine the example of a modification of the method for encrypted content of Fig. 3 explanation.
With reference to Figure 18, in current one exemplary embodiment, the method for encrypted content includes the method increasing new equipment, should
Multiple users of the multiple equipment that new equipment is included by secure group 10 are had.The method can perform according to reference picture
It is performed after the operation of secure group 10 of the method for encrypted content of 6 explanations.For example, in current one exemplary embodiment
In, the method for encrypted content can include increasing the first optional equipment 150 and arrive secure group 10, the wherein first optional equipment 150 by
The first user USER1 of the first equipment 100 that the secure group 10 shown in Fig. 1 includes has.The method of this encrypted content includes
First equipment 100 and the operation of the first optional equipment 150 process.It is therefore understood that the secure group 10 with reference to Fig. 1 and 6 explanation
Explanation be also applied to current exemplary embodiment encrypted content method, even if non-repeat specification.
In operation S1810, personal identification code (PIN) is imported into the first equipment 100.In operation S1820, PIN quilt
It is input to the first optional equipment 150.It is separately input to the first equipment 100 and the PIN of the first optional equipment 150 can be each other
It is identical.
In operation S1830, the first equipment 100 transmission the first mark public-key cryptography K1, the first mark private key k1, the
The group { K1, K2, K3 } of one content private sector key t1 and mark public-key cryptography is to the first optional equipment 150.Shown according to another
Exemplary embodiment, the first equipment 100 can encrypt the first mark private key k1 and first content private sector key t1, and passes
Send the mark private key k1 of encryption and first content private sector key t1 to first optional equipment 150 of encryption.
The flow chart that Figure 19 shows the method for the deciphering content according to an one exemplary embodiment.
With reference to Figure 19, in current one exemplary embodiment, the method for deciphering content is the secure group including multiple equipment
The decryption method of 10 shared contents, including the operation being executed by one of multiple equipment, as described below.For example, current
Embodiment in, it is suitable with the time that the method for deciphering content may include the first equipment 100 that secure group 10 as shown in Figure 1 includes
The operation that sequence is processed.Additionally, in the ongoing illustrated embodiment, the method for deciphering content can be corresponding to the encryption with reference to Fig. 3 explanation
The method of content.
In operation S1910, determine the equipment reaching the quantity equal to or more than threshold value in multiple equipment be located at mutually it
Between close on distance within so that equipment can identify each other.In detail, the first equipment 100 can determine to reach and is equal to or more than
The equipment of the quantity of threshold value is located at and closes on each other within distance.Threshold value can be such as two equipment.
If secure group 10 includes N number of equipment, wherein N is equal to or the integer more than 2, and threshold value can be equal to or be more than
2 and be equal to or less than N integer.If so that it takes up a position, for example, N is 2, threshold value can be 2.If N is more than 2, threshold value can
With equal to or more than 2 and equal to or less than N.
In operation S1920, it is located at some keys closing on the equipment within distance each other from being assigned to
Recover decruption key.According to an one exemplary embodiment, in the method for deciphering content, content can be according to asymmetric deciphering
Method deciphering.Some keys can correspond to multiple private sector keys, and decruption key can be private key.According to
Another one exemplary embodiment, in the method for deciphering content, content can be deciphered according to asymmetric decryption method.Some
Key can correspond to multiple private sector keys, and decruption key can be encryption key.
In operation S1930, to decipher encrypted content by using the decruption key recovering.In detail, first arrive
3rd equipment 100-300 can decipher by using the encryption key recovering and be stored in the first to the 3rd equipment 100-300
At least one or server in content.For example, with regard to asymmetric decryption method, the first to the 3rd equipment 100-300
Content can be deciphered by using the private key recovering.As another example, with regard to symmetrical decryption method, first to the 3rd
Equipment 100-300 can decipher content by using the encryption key of symmetric key.
Figure 20 shows whether each equipment of determination with reference to containing in the method for deciphering content that Figure 19 illustrates mutually is located at
Close on the one exemplary embodiment within distance.
With reference to Figure 20, first user USER1 can be touched using the first equipment 100a or access the of second user USER2
Two equipment 200a.Here, the second equipment 200a is properly termed as target device.Thus it is possible to detect whether the first equipment 100a and
Second equipment 200a is located at and closes on each other within distance to identify each other, and the first equipment 100a and the second equipment 200a
Can interconnect.Figure 20 only show the first equipment 100a and the second equipment 200a.However, it is possible to by touching or accessing that
This closes within distance so that each equipment identifies that each other detecting that whether the first to the 3rd equipment 100a-300a is located at
This.First to the 3rd equipment 100a-300a can be connected with each other.
Additionally, first user USER1 can touch by using the first equipment 100a or access the second equipment 200a to pass
Send the Part II key of distribution or the part of key of encryption to the second equipment 200a of second user USER2.Similarly, first
User USER1 can touch by using the first equipment 100a or access the second equipment 200a and come from second user USER2 the
Two equipment 200a receive the part of key of Part II key or encryption.
Figure 21 shows whether each equipment of determination with reference to containing in the method for deciphering content that Figure 19 illustrates mutually is located at
Close on another one exemplary embodiment within distance.
With reference to Figure 21 if it is determined that first to the 3rd equipment 100a-300a is located at closes within distance each other, then
The operation of deciphering encrypted content can be executed.According to an one exemplary embodiment, can through one or more sensors (such as
Touch sensor and proximity transducer) detect whether the first to the 3rd equipment 100a-300a is located within distance adjacent to one another.Root
According to another one exemplary embodiment, can be through short-range wireless communication module detection first to the when three equipment 100a-300a whether position
Within distance adjacent to one another, this communication module includes near-field communication (NFC) module, bluetooth module, WiFi module and ZigBee
At least one of module.
Figure 21 shows the situation when the first to the 3rd equipment 100a-300a is entirely located within distance adjacent to one another.
However, according to another example embodiment, though two equipment in the first to the 3rd equipment 100a-300a be located at adjacent to one another away from
From within when it is also possible to execution deciphering encrypted content operation.
Figure 22 shows an one exemplary embodiment of the method for deciphering content with reference to Figure 19 explanation.
With reference to Figure 22, the first to the 3rd user USER1-USER3 constitutes secure group 10, the first to the 3rd user USER1-
The first of USER3 stores first respectively to the 3rd equipment 100a-300a and arrives Part III key.Therefore, the first to the 3rd user
USER1-USER3 cannot decipher the content of the encryption being stored in the first to the 3rd equipment 100a-300a independently of each other.
But, if first to the 3rd equipment 100a-300a of the first to the 3rd user USER1-USER3 is located at mutually faced
Within closely, then can decipher the content of encryption, and the first to the 3rd user USER1-USER3 can be with the content of shared unsigncryption
DC.According to another one exemplary embodiment, if first to the 3rd equipment 100a- of the first to the 3rd user USER1-USER3
Two equipment in 300a are located within distance in close proximity to one another, then can decipher the content of encryption, and the first to the 3rd equipment
Two users being located in 100a-300a within distance in close proximity to one another can be with content DC of shared unsigncryption.
Figure 23 shows the operation model of the secure group 10 that Fig. 1 of the method according to the deciphering content with reference to Figure 19 explanation shows
The flow chart of example.
With reference to Figure 23, in current one exemplary embodiment, the method for deciphering content is included in the secure group 10 shown in Fig. 1
Including first to the 3rd equipment 100-300 process operation.It is therefore understood that the saying of secure group 10 with reference to Fig. 1 explanation
The method of the bright encrypted content being also applied to current exemplary embodiment, even if non-repeat specification.
In operation S2310, the first equipment 100 determine the first to the 3rd equipment 100-300 whether be located in close proximity to one another away from
From within.
In operation S2320a, the first and second equipment 100 and 200 are connected with each other.In operation S2320b, first and the
Three equipment 100 and 300 are connected with each other.Therefore, second and the 3rd equipment 200 and 300 be connected with each other.
In operation S2330a, the first equipment 100 transmission deciphering agrees to request message to the second equipment 200.In operation
In S2330b, the first equipment 100 transmission deciphering agrees to request message to the 3rd equipment 300.
In operation S2340a, the second equipment 200 transmission the first deciphering acceptance message is to the first equipment 100.For example,
First deciphering acceptance message can include the secret value Enc of the Part II key t2 of storage in the second equipment 200K1(t2).?
In operation S2340b, the 3rd equipment 300 transmission the second decoding acceptance message is to the first equipment 100.For example, the second deciphering is same
Meaning message can include the secret value Enc of the Part III key t3 of storage in the 3rd equipment 300K1(t3).
In operation S2350, the first equipment 100 is based on the first and second deciphering acceptance message and recovers decruption key.Citing
For, the first equipment 100 can be by deciphering second and the 3rd being respectively included in the first and second deciphering acceptance message
Divide the secret value Enc of key t2 and t3K1And Enc (t2)K1(t3) (using the first mark private key k1) is obtaining second and the
Three part of key t2 and t3.Then, the first equipment 100 can be based on second and Part III key t2 and t3 and the first equipment
In 100, the Part I key t1 of storage is recovering private key t (i.e. t=t1+t2+t3).
In operation S2360, the first equipment 100 to decipher encrypted content by using the decruption key recovering.Lift
For example, the first equipment 100 can decipher symmetrical key s (i.e. Dec by using the private key t recoveringt(EncT(s))
=s), and to decipher encrypted content (i.e. AES by using the symmetrical key s of decipheringS(m)=m).
In operation S2370, the first equipment 100 deletes the content of the encryption key recovering and/or recovery.For example,
First equipment 100 can delete the encryption key t of recovery and/or content m of recovery.
Figure 24 shows another of the secure group 10 that Fig. 1 of the method according to the deciphering content with reference to Figure 19 explanation shows
The flow chart of example operation.
With reference to Figure 24, in current one exemplary embodiment, the method for encrypted content includes secure group 10 as shown in Figure 1
The operation that first including is processed to the 3rd equipment 100-300.It is therefore understood that the secure group 10 illustrating with reference to Fig. 1
The method illustrating to be also applied to the encrypted content of current exemplary embodiment, even if non-repeat specification.
In operation S2410, the first equipment 100 determine the first to the 3rd equipment 100-300 whether be located at adjacent to one another away from
From within.
In operation S2420a, the first and second equipment 100 and 200 are connected to each other.In operation S2420b, first and the
Three equipment 100 and 300 are connected to each other.Therefore, second and the 3rd equipment 200 and 300 be connected to each other.
In operation S2430, the first equipment 100 can be according to user input or the first to the 3rd equipment 100-300
Status information is determining content to be deciphered.In detail, first user USER1 can artificially determine through user input and be stored in
The content of the encryption in the first equipment 100 or server is as content to be deciphered.Alternatively, according to the first to the 3rd equipment
The status information of 100-300, in the first equipment 100 or server, the encrypted content of storage can be automatically determined
For content to be deciphered.
In operation S2440a, the first equipment 100 transmission decoding request message is to the second equipment 200.In operation S2440b
In, the first equipment 100 transmission decoding request message is to the 3rd equipment 300.
In operation S2450a, the second equipment 200 transmission the first deciphering acceptance message is to the first equipment 100.For example,
First deciphering acceptance message can include the secret value Enc of the Part II key t2 of storage in the second equipment 200K1(t2).?
In operation S2450b, the 3rd equipment 300 transmission the second deciphering acceptance message is to the first equipment 100.For example, the second deciphering is same
Meaning message can include the secret value Enc of the Part III key t3 of storage in the 3rd equipment 300K1(t3).
In operation S2460, the first equipment 100 is based on the first and second deciphering acceptance message and recovers decruption key.Lift
For example, the first equipment 100 can be respectively included in second and the 3rd in the first and second deciphering acceptance message by deciphering
The secret value Enc of part of key t2 and t3K1And Enc (t2)K1(t3) (using the first mark private key k1) obtains second and the
Three part of key t2 and t3.Then, the first equipment 100 can be based on second and Part III key t2 and t3 and the first equipment
In 100, the Part I key t1 of storage is recovering private key t (i.e. t=t1+t2+t3).
In operation S2470, the first equipment 100 to decipher encrypted content by using the decruption key recovering.Lift
For example, the first equipment 100 can decipher symmetrical key s (i.e. Dec by using the private key t recoveringt(EncT(s))
=s), and to decipher encrypted content (i.e. AES by using the symmetrical key s of decipheringS(m)=m).
In operation S2380, the first equipment 100 deletes the content of the encryption key recovering and/or recovery.For example,
First equipment 100 can delete the encryption key t of recovery and/or content m of recovery.
The method that Figure 25 shows the deciphering content with reference to the method for encrypted content of Fig. 3 explanation and with reference to Figure 19 explanation
Exemplary applications.
With reference to Figure 25, in the first operation of image 2510, first user USER1 and second user USER2 can be related to
Intimacy.In the first operation of image 2510, the first equipment 100a of first user USER1 and second user USER2
At least one of second equipment 200a can produce or initialize secure group 10a, therefore, first equipment of first user USER1
Second equipment 200a of 100a and second user USER2 could be arranged to secure group 10a.
In the second operation of image 2520, first user USER1 and second user USER2 can according to their group photo simultaneously
Shared clapped photo.This photo can be encrypted and stored in the first equipment 100a and the second user of first user USER1
In at least one of second equipment 200a of USER2.If first user USER1 and second user USER2 are co-located at same
Place, the first equipment 100a and the second equipment 200a can for example be connected to each other through NFC.Therefore, the first equipment 100a and
Second equipment 200a can decipher and the shared photo encrypted.If first user USER1 and second user USER2 be not one
Rise, the first equipment 100a and the second equipment 200a is not connected to each other, then cannot share and be encrypted and stored in the first equipment
Photo at least one 100a and the second equipment 200a.
In the 3rd operation in image 2530, the relation between first user USER1 and second user USER2 may be sent out
Raw problem.First user USER1 and second user USER2 cannot access and be encrypted and stored in the first equipment 100a and second
Photo at least one equipment 200a, and it has been encrypted and stored at least one the first equipment 100a and the second equipment 200a
In photo be in the lock state.
In the 4th operation of image 2540, first user USER1 and second user USER2 can terminate their relation
It is separated from each other.Because first user USER1 may no longer meet each other with second user USER2, the first equipment 100a to second
The connection of equipment 200a can not be reconditioned.Then, be encrypted and stored in the first equipment 100a and the second equipment 200a at least it
Photo in one can not possibly be exposed to the external world.
Figure 26 shows the block diagram of the security system 20 according to an one exemplary embodiment.
With reference to Figure 26, security system 20 can include secure group SG, and the latter includes multiple equipment, and (such as first sets to the 3rd
Standby 500-700) and server 800.In detail, in secure group SG safely can be shared between multiple equipment 500-700
Hold, for this reason, server 800 with encrypted content and can decipher encrypted content.Therefore, security system 20 is properly termed as content
Encryption system or the decryption system of encrypted content.
But, each element shown in Figure 26 is not all requisite element.Secure group SG or content encryption system are permissible
Usually implement by using than the more or less of unit shown in Figure 26.For example, security system 20 can include two and sets
The even more many equipment of standby or four equipment.
Server 800 can produce or initialize secure group SG.First equipment 500 can be setting of first user USER1
Standby.Second equipment 600 can be the equipment of second user USER2.3rd equipment 700 can be the equipment of the 3rd user USER3.
For example, the first to the 3rd equipment 500-700 can be smart phone, but not limited to this.First to the 3rd
In equipment 500-700, at least one can be panel computer, PC, intelligent TV, cell phone, personal digital assistant (PDA), above-knee
Computer, media player, microserver, global positioning system (GPS) equipment, e-book terminal, news-stand, digital broadcasting are eventually
End, navigation system, MP3 player, digital camera, wearable device or other mobile or non-mobile device.
One of first to the 3rd equipment 500-700 can produce and storage content, and server 800 can be with encrypted content.?
The content of encryption can be replicated and shared between the first to the 3rd equipment 500-700.In first to the 3rd equipment 500-700
At least one equipment selecting can store encrypted content to such as TrustZone or other hardware based safety knot
The safety zone of structure, thus utilizes hardware protection encrypted content.According to another one exemplary embodiment, server 800 stores
The encrypted content and content storing can be shared between the first to the 3rd equipment 500-700.
According to another one exemplary embodiment, content can artificially be selected according to user input.For example, can work as and hold
Content is selected during the application of row such as photographing unit or photograph album.As another example, can by execution for secure group SG it
Between shared content application-specific selecting content.
According to another one exemplary embodiment, can be based on upper according to the status information of the first to the 3rd equipment 500-700
Hereafter, automatically select content.For example, can be according to the first to the 3rd equipment 500- in social network service (SNS)
The relation information of first user USER1 to the 3rd user USER3 of 700 positional information and the first to the 3rd equipment 500-700
At least one determining content.As another example, one of first to the 3rd equipment 500-700 equipment can be unilaterally true
Determine content.
According to an one exemplary embodiment, only when the first to the 3rd equipment 500-700 is located within distance adjacent to one another,
Can by server 800 encrypted content, and encrypted content can decrypted and the first to the 3rd equipment 500-700 it
Between shared.Therefore, if the first to the 3rd equipment 500-700 all agrees to, content can become disclosed or be changed.
According to another one exemplary embodiment, when some equipment in the first to the 3rd equipment 500-700 are positioned at adjacent to one another
When within distance, content can be encrypted by server 800, and encrypted content can be decrypted and set to the 3rd first
Shared between standby 500-700.Therefore, if some equipment in the first to the 3rd equipment 500-700 agree to, content can become
Disclosed or be changed.
Hereafter, the method for encrypted content and the method for deciphering encrypted content will be described in detail with reference to Figure 27-33.
The flow chart that Figure 27 shows the example of the operation of security system 20 shown in Figure 26, this example is according to reference to figure
The encryption key containing in the method for encrypted content of 3 explanations and the generation process of some keys and some producing
The assigning process of key.
With reference to Figure 27, in current one exemplary embodiment, the method for encrypted content include by distribute private key
The segmentation encryption method of execution.The method of this encrypted content includes first to the 3rd that the security system 20 shown in Figure 26 includes
The operation that equipment 500-700 server 800 is processed.It will thus be appreciated that the security system 20 with reference to Figure 26 explanation is relevant
The method that explanation can also be applied to the encrypted content of present example, even if do not repeat its explanation.
In operation S2710, server 800 produces the key pair that public-key cryptography and private key are constituted.For example, take
The private key t that the deciphering that business device 800 can produce the encryption public-key cryptography T using and correspond to public-key cryptography T uses.
In operation S2720, private key t is divided into three parts by server 800, then produces first and arrives Part III
Key.For example, server 800 can be by being divided into three partly to produce at least first to the 3rd private key t
Part of key t1-t3.In the case, server 800 can come by using the secret sharing scheme of such as Shamir scheme
Segmentation private key t.
In operation S2730, server 800 deletes private key t.For example, server 800 can delete private close
Key t.Therefore, do not have equipment can obtain private key t in the first to the 3rd equipment 500-700, then cannot independently visit
Ask encrypted content.
In operation S2740, Part III key is arrived in server 800 encryption first.For example, server 800 is permissible
By encryption first to Part III key t1-t3, each produces the first of encryption and arrives Part III key, to guarantee
The safety of Part III cipher key processes is arrived in transmission first.Then, in the process of transmission second and Part III key of encryption
In, in secure group SG, equipment not to be covered cannot obtain second and Part III key.
In operation S2750a, server 800 transmits public-key cryptography with the Part I key of encryption to the first equipment
500.In operation S2750b, server 800 transmits public-key cryptography with the Part II key of encryption to the second equipment 600.?
In operation S2750c, server 800 transmits public-key cryptography with the Part III key of encryption to the 3rd equipment 700.For example,
Server 800 can arrive the first of public-key cryptography and encryption through wireless communication connection (such as WiFi, 3G, LTE, bluetooth etc.)
Part III key is respectively transmitted to the first to the 3rd equipment 500-700.
In operation S2760a, the first equipment 500 stores public-key cryptography and Part I key.In operation S2760b,
Second equipment 600 storage public-key cryptography and Part II key.In operation S2760c, the 3rd equipment 700 stores public-key cryptography
With Part III key.For example, the first to the 3rd equipment 500-700 can be by first to the 3rd of deciphering encryption
Point key come to extract first arrive Part III key each.Further, since the first to the 3rd equipment 500-700 has disclosure
Cipher key T, any user in first to the 3rd user USER1-USER3 of the first to the 3rd equipment 500-700 can pass through
Using public-key cryptography T come encrypted content.
The flow chart that Figure 28 shows the example operation of the security system shown in Figure 26, this example is to say according to reference to Fig. 3
The storing process of the content of the ciphering process of the content containing in the method for bright encrypted content and encryption.
With reference to Figure 28, in current one exemplary embodiment, the method for encrypted content can be said with reference to Figure 27 performing
Execute after the method for bright encrypted content.Additionally, in current one exemplary embodiment, the method for encrypted content can include
The first to the 3rd equipment 500-700 and the operation of server 800 execution that secure group 20 shown in Figure 26 includes.Hereafter,
The operation of the encrypted content that explanation server 800 is executed.But, according to another one exemplary embodiment, the first to the 3rd equipment
One of 500-700 can be by using public key encryption content.
In operation S2810, server 800 is believed according to the state of user input or the first to the 3rd equipment 500-700
Cease and to determine content to be encrypted.In detail, first user USER1 can artificially determine the first equipment 500 through user input
Or the content storing in server 800 is as content to be encrypted.Alternatively, the shape according to the first to the 3rd equipment 500-700
State information, in the first equipment 500 or server 800, the content of storage can be automatically determined as content to be encrypted.
In operation S2820, server 800 carrys out encrypted content by using public-key cryptography T.For example, server 800
Encrypted content can be carried out by using symmetrical key s, carry out the key s of cryptographic symmetrical by using public-key cryptography T.In operation
In S2830, server 800 stores encrypted content.
In operation S2840a, the content of server 800 transmission encryption is to the first equipment 500.In operation S2840b, clothes
The content of business device 800 transmission encryption is to the second equipment 600.In operation S2840c, the content of server 800 transmission encryption to the
Three equipment 700.
In operation 2850a, the first equipment 500 stores encrypted content.In operation 2850b, the second equipment 600 is deposited
Storage encrypted content.In operation 2850c, the 3rd equipment 700 stores encrypted content.For example, first to the 3rd
Equipment 500-700 can store the safety of the content of encryption to such as TrustZone or other hardware based safeguard construction
Region.
The flow chart that Figure 29 shows another example operation of the security system 20 that Figure 26 shows, this example is according to reference
The generation process of the encryption key that contains and some keys and produced multiple in the method for encrypted content of Fig. 3 explanation
The assigning process of part of key.
With reference to Figure 29, in current one exemplary embodiment, the method for encrypted content includes holding by distributing private key
The segmentation encryption method of row.The security system 20 that the method for this encrypted content is included shown in Figure 26 include first to the 3rd
The operation that equipment 500-700 server 800 is processed.It will thus be appreciated that the security system 20 with reference to Figure 26 explanation is relevant
The method that explanation can also be applied to the encrypted content of present example, even if do not repeat its explanation.
In operation S2910, server 800 produces the key pair being made up of public-key cryptography and private key.For example,
Server 800 can produce for the public-key cryptography T of encryption and corresponding to public-key cryptography T and be used for the private key t deciphering.?
In operation S2920, public-key cryptography T is divided into three parts by server 800, then produces first and arrives Part III key.Citing
For, public-key cryptography T can be divided at least three parts by server 800, then produce at least first close to Part III
Key T1-T3.
In operation S2930, server 800 deletes public-key cryptography T.In operation S2940, server 800 encryption first
With Part III key.For example, server 800 can by encrypt first arrive Part III cipher key T 1-T3 each Lai
Produce first and Part III key of encryption, to guarantee to transmit the first of encryption to during Part III cipher key T 1-T3
Safety.
In operation S2950a, the Part I key of server 800 transmission encryption is to the first equipment 500.In operation
In S2950b, the Part II key of server 800 transmission encryption is to the second equipment 600.In operation S2950c, server
The Part III key of 800 transmission encryptions is to the 3rd equipment 700.In operation S2960a, the first equipment 500 stores Part I
Key.In operation S2960b, the second equipment 600 stores Part II key.In operation S2960c, the 3rd equipment 700 is deposited
Storage Part III key.
The flow chart that Figure 30 shows another example operation of the security system 20 shown in Figure 26, this example is according to reference
The ciphering process of content containing in the method for encrypted content of Fig. 3 explanation and the storing process of the content of encryption.
With reference to Figure 30, in current one exemplary embodiment, the method for encrypted content can be said with reference to Figure 29 performing
Execute after the method for bright encrypted content.Additionally, in current one exemplary embodiment, the method for encrypted content includes by scheming
The operation that the first to the 3rd equipment 500-700 server 800 that security system 20 shown in 26 includes is processed.
In operation S3010, server 800 is according to the status information of user input or the first to the 3rd equipment 500-700
To determine content to be encrypted.In operation S3020a, server 800 transmission encryption request message is to the first equipment 500.In behaviour
Make in S3020b, server 800 transmission encryption request message is to the second equipment 600.In operation S3020c, server 800 passes
Send encryption request message to the 3rd equipment 700.
In operation S3030a, the first equipment 500 transmission the first encryption acceptance message is to server 800.For example,
One encryption acceptance message can include the secret value of the Part I cipher key T 1 of storage in the first equipment 500.In operation S3030b
In, the second equipment 600 transmission the second encryption acceptance message is to server 800.For example, the second encryption acceptance message can be wrapped
Include the secret value of the Part II cipher key T 2 of storage in the second equipment 600.In operation S3030c, the 3rd equipment 700 transmission the 3rd
Encryption acceptance message is to server 800.For example, the 3rd encryption acceptance message can include storage in the 3rd equipment 700
The secret value of Part III cipher key T 3.
In operation S3040, server 800 is based on the first to the 3rd encryption acceptance message and recovers public-key cryptography.In operation
In S3050, server 800 is by using public key encryption content.In operation S3060, it is interior that server 800 storage is encrypted
Hold.
In operation S3070a, the content of server 800 transmission encryption is to the first equipment 500.In operation S3070b, clothes
The content of business device 800 transmission encryption is to the second equipment 600.In operation S3070c, the content of server 800 transmission encryption to the
Three equipment 700.
In operation S3080a, the first equipment 500 stores the content of encryption.In operation S3080b, the second equipment 600 is deposited
The content of storage encryption.In operation S3080c, the 3rd equipment 700 stores the content of encryption.For example, the first to the 3rd equipment
500-700 can store the safety zone of the content of encryption to such as TrustZone or other hardware based safeguard construction.
The flow chart that Figure 31 shows another example of the operation of security system 20 shown in Figure 26, this example is according to ginseng
Examine the encryption key containing in the method for encrypted content of Fig. 3 explanation and the generation process of some keys is multiple with produce
The assigning process of part of key.
With reference to Figure 31, in current one exemplary embodiment, the method for encrypted content includes holding by distributing private key
The segmentation encryption method of row.The security system 20 that the method for this encrypted content is included shown in Figure 26 include first to the 3rd
The operation that equipment 500-700 is processed.It is therefore understood that can also answer with reference to the relevant explanation of the security system 20 of Figure 26 explanation
For the method for the encrypted content of present example, even if not repeating its explanation.
In operation S3110, server 800 produces the key pair being made up of public-key cryptography T and private key t.In operation
In S3120, private key t is divided at least two parts by server 800, then produces at least first and second part of key
T1 and t2.In operation S3130, server 800 encrypts private key t and the first and second part of key t1 and t2.
In operation S3140, server 800 transmits public-key cryptography with the private key of encryption to the first equipment 500.In behaviour
Make in S3150, server 800 deletes private key t.In operation S3160a, server 800 transmits public-key cryptography and encryption
Part I key is to the second equipment 600.In operation S3160b, server 800 transmits second of public-key cryptography and encryption
Divide key to the 3rd equipment 700.
In operation S3170a, the first equipment 500 stores public-key cryptography and private key t.For example, the first equipment
500 can independently using public-key cryptography T come encrypted content, and independently decipher content using private key t.
In operation S3170b, the second equipment 600 stores public-key cryptography and Part I key.In operation S3170c,
3rd equipment 700 storage public-key cryptography and Part II key.For example, second and the 3rd equipment 600 and 700 can pass through
First and second part of key of deciphering encryption are extracting the first and second part of key.
Second and the 3rd equipment 600 and 700 there is public-key cryptography T, second and the 3rd equipment 600 and 700 second and
In three user USER2 and USER3, any user can carry out encrypted content by using public-key cryptography T.But, due to the second He
3rd equipment 600 and 700 is respectively provided with the first and second part of key t1 and t2, second and the 3rd equipment 600 and 700 cannot
Independently decipher content, and only when second and the 3rd equipment 600 and 700 be located within distance adjacent to one another when can decipher in
Hold.
In current one exemplary embodiment, the content of encrypted content and storage encryption is said similar to reference to Figure 28
Bright encryption and storing process, then do not repeat its detailed description.
The flow chart that Figure 32 shows another example of the operation of security system 20 shown in Figure 26, this example is according to ginseng
Examine the encryption key containing in the method for encrypted content of Fig. 3 explanation and the generation process of some keys is multiple with produce
The assigning process of part of key.
With reference to Figure 32, in current exemplary embodiment, the method for encrypted content is included by distributing private key execution
Segmentation encryption method.The first to the 3rd equipment that the security system 20 that the method for this encrypted content is included shown in Figure 26 includes
The operation that 500-700 server 800 is processed.It is therefore understood that with reference to the relevant explanation of the security system 20 of Figure 26 explanation
The method that the encrypted content of present example can also be applied to, even if do not repeat its explanation.
In operation S3210, server 800 produces encryption key, i.e. symmetrical key.For example, server 800 can
To produce the encryption key sk of encryption.The encryption key sk producing can be additionally operable to decipher.
In operation S3220, encryption key is divided at least three parts by server 800, then produces at least first
To Part III key.For example, encryption key sk can be divided at least three parts by server 800, then produce
At least first arrives Part III key sk1-sk3.
In operation S3230, server 800 deletes encryption key.In operation S3240, server 800 encryption first is arrived
Part III key.In operation S3250a, the Part I key of server 800 transmission encryption is to the first equipment 500.In behaviour
Make in S3250b, the Part II key of server 800 transmission encryption is to the second equipment 600.In operation S3250c, server
The Part III key of 800 transmission encryptions is to the 3rd equipment 700.
In operation S3260a, the first equipment 500 stores Part I key sk1.In operation S3260b, the second equipment
600 storage Part II key sk2.In operation S3260c, the 3rd equipment 700 stores Part III key sk3.
Arrive Part III key sk1-sk3, the first to the 3rd equipment because the first to the 3rd equipment 500-700 has first
First user USER1 to the 3rd user USER3 of 500-700 cannot independently encrypted content, and only set to the 3rd when first
Standby 500-700 can be with encrypted content when being located within distance adjacent to one another.Further, since the first to the 3rd equipment 500-700 makes
With symmetric cryptography/decryption method, first user USER1 to the 3rd user USER3 of the first to the 3rd equipment 500-700 cannot
Independently decipher content, and only can decipher content when the first to the 3rd equipment 500-700 is located within distance adjacent to one another.
In current one exemplary embodiment, the content of encrypted content and storage encryption is said similar to reference to Figure 30
Bright encryption and storing process.Therefore do not provide and it is described in detail.
The flow chart that Figure 33 shows another example of the operation of security system 20 shown in Figure 26, this example is according to ginseng
The method examining the deciphering content of Figure 19 explanation.
With reference to Figure 33, in current one exemplary embodiment, the method for encrypted content includes the safety system shown in Figure 26
The operation that the first to the 3rd equipment 500-700 that system 20 includes is processed.It will thus be appreciated that the safety with reference to Figure 26 explanation
The method that the relevant explanation of system 20 can also be applied to the encrypted content of present example, even if do not repeat its explanation.
In operation S3310, server 800 determines whether the first to the 3rd equipment 500-700 is located at distance adjacent to one another
Within.
In operation S3320a, the first and second equipment 500 and 600 are connected to each other.In operation S3320b, first and the
Three equipment 500 and 700 are connected to each other.Therefore, second and the 3rd equipment 600 and 700 be connected to each other.
In operation S3330a, server 800 transmission deciphering agrees to request message to the first equipment 500.In operation
In S3330b, server 800 transmission deciphering agrees to request message to the second equipment 600.In operation S3330c, server 800
Transmission deciphering agrees to request message to the 3rd equipment 700.
In operation S3340a, the first equipment 500 transmission the first deciphering acceptance message is to server 800.For example,
One deciphering acceptance message can include the secret value Enc of the Part I key t1 of storage in the first equipment 500k1(t1).In behaviour
Make in S3340b, the second equipment 600 transmission the second deciphering acceptance message is to server 800.For example, the second deciphering agreement disappears
Breath can include the secret value Enc of the Part II key t2 of storage in the second equipment 600k2(t2).In operation S3340c, the
Three equipment 700 transmission the 3rd deciphering acceptance message is to server 800.For example, the 3rd deciphering acceptance message can include the
The secret value Enc of the Part III key t3 of storage in three equipment 700k3(t3).
In operation S3350, server 800 is based on the first to the 3rd deciphering acceptance message and recovers decruption key.Citing
For, server 800 can decipher first to Part III key t1- that acceptance message include by deciphering the first to the second
The secret value Enc of t3k1(t1)、Enck2And Enc (t2)k3(t3) (using the first to the 3rd mark public-key cryptography K1-K3) obtains the
One arrives Part III key t1-t3.Then, server 800 can recover private close based on first to Part III key t1-t3
Key t (i.e. t=t1+t2+t3).
In operation S3360, server 800 is by using the decryption key decryption encrypted content recovered.Citing comes
Say, server 800 can decipher symmetrical key s (i.e. Dec by using the private key t recoveringt(EncT(s)=s)),
And the symmetric key s by using deciphering to decipher encrypted content (i.e. AESs(m)=m).
In operation S3370, server 800 deletes at least one content of the encryption key recovering and recovery.Citing comes
Say, server 800 can delete at least one the encryption key t of recovery and content m of recovery.
With regard to the encrypting/decrypting method of reference picture 1-33 explanation, can there are multiple exemplary applications.For example, in joy
Happy field, part of key can distribute between group members.Then although any member of group can produce such as contest,
One event of little test etc., but only when the participant in members all in group is ready to, this event could be with for the moment
Quarter starts.As another example, pin or unlocking field in electronic installation, the password for turning on TV can be distributed to father and mother
Related part of key.Therefore, TV can be opened when one of father and mother are in.In addition, as another example, content is permissible
It is a unfulfilled wish of the deceased, part of key can distribute between inheritor.Therefore, only when all inheritors gather same place
This unfulfilled wish of the deceased just can be seen.As another example, content can be result of the match, and part of key can distribute between teacher.In
It is although result of the match only just can be registered when at least some teacher is gathered in same place, but any student is
Result of the match can be checked.
Figure 34 is the block diagram of the equipment 100A according to an one exemplary embodiment.
With reference to Figure 34, equipment 100A can include detector 11, key generator 12, encryption equipment 13, memorizer 14 are received and dispatched
Device 15, key recovery device 16 and decipher 17.Equipment 100A can encrypt including can share in the secure group of multiple equipment
Content, and decipher encrypted content.Equipment 100A is one of multiple equipment that secure group includes.
Equipment 100A can be used for the first to the 3rd equipment 100-300 in Fig. 1 it is also possible to be applied to shown in Figure 26
One to the 3rd equipment 500-700.Additionally, equipment 100A can execute the encrypted content of reference picture 1-33 explanation and decipher content
Method.Therefore, hereafter, the content-encrypt of equipment 100A execution and the detailed description of decryption oprerations are not repeated.
Detector 11 can determine whether the multiple equipment that secure group includes is located within distance adjacent to one another, to know
Not each other.In detail, if the multiple equipment that secure group includes is located within distance adjacent to one another so that identification each other, detects
Device 11 produces detectable signal and transmits this detectable signal to key generator 12, key recovery device 16 or server.
Figure 35 is the block diagram of the probe unit 11A of the example of detector unit 11 shown in Figure 34.
With reference to Figure 35, detector 11A can include at least one touch sensor 11a, proximity transducer 11b, NFC module
11c, bluetooth module 11d, WiFi module 11e and ZigBee module 11f.But, one exemplary embodiment not limited to this.According to another
One exemplary embodiment, detector 11 can also include the short-distance wireless communication device for communicating in every way.
Polytype touch sensor 11a (such as variable-capacity type, variable resistance type or can light-changing type) can be used for detecting
Whether multiple equipment is located within distance adjacent to one another.
Polytype proximity transducer 11b (such as higher-order of oscillation proximity type, capacitance type, magnetic-type, photoelectric type or super
Sound type) can be used for detecting whether multiple equipment is located within distance adjacent to one another.In detail, proximity transducer 11b is permissible
Determine an object before contacting another object whether just close to the sensor of other objects, for the strength using electromagnetic field
To detect presence, process, continuous flowing or the congestion of target without physical contact.
Whether NFC module 11c can be located within distance adjacent to one another by NFC marker detection multiple equipment.In detail,
NFC module 11c refer to according to NFC method operation module (by using multiple radio frequency identifications (RFID) frequency band (such as
135kHz, 13.56MHz, 433MHz, 860-960MHz, 2.45GHz etc.) in 13.56MHz).
Whether bluetooth module 11d mutually can be faced by executing communication (utilizing bluetooth approach) and to detect multiple equipment and to be located at
Within closely.Using the communication of WiFi method, WiFi module 11e can detect whether multiple equipment is located at phase by execution
Mutually close within distance.If employing WiFi module or bluetooth module, can transmit in advance and receiving various link informations, than
As Service Set Identifiers (SSID), session key etc..Then, set up communication to transmit and to connect by using link information
Receive various information.
Whether ZigBee module 11f can be detected multiple equipment and be mutually located at using the communication of ZigBee by execution faces
Within closely, this communication means be support junction service institute of electrical and electronic engineers (IEEE) 802.15.4 standard it
One.In detail, ZigBee be distance in field of wireless be (such as at home or in office) and general within 10-20m
The suitable short-range communication technology calculating.In other words, ZigBee has mobile phone or the concept of WLAN (WLAN), and
Power consumption can be reduced and but can transmit a small amount of information compared with correlation technique.
Refer again to Figure 34, key generator 12 can produce encryption key and some keys for certain content.
According to an one exemplary embodiment, if employing asymmetrical cryptographic method, key generator 12 can produce including open
The encryption key of the key pair of key and private key composition.Key generator 12 can be by splitting public-key cryptography or private close
Key is producing some keys.According to another one exemplary embodiment, if employing symmetric encryption method, key generator
12 can produce the encryption key including symmetric key.Key generator 12 can produce multiple portions by splitting symmetric key
Divide key.
Encryption equipment 13 can carry out encrypted content by using the encryption key producing.In detail, encryption equipment 13 can pass through
Using session key come encrypted content, carry out encrypted session key by using encryption key.Additionally, encryption equipment 13 can encrypt product
Raw some keys.Additionally, if one of multiple equipment is at distance in close proximity to one another, encryption equipment 13 can add again
The close content play.
According to another one exemplary embodiment, if employing asymmetrical cryptographic method, encryption equipment 13 can be by profit
With public-key cryptography come encrypted content.In detail, encryption equipment 13 can carry out encrypted content by using session key, by using public affairs
Open key and carry out encrypted session key.According to another one exemplary embodiment, if employing symmetric encryption method, encryption equipment 13 can
To carry out encrypted content by using symmetric key.In detail, encryption equipment 13 can carry out encrypted content by using session key, leads to
Cross using symmetric key come encrypted session key.
Memorizer 14 can store at least one the content of encryption and the content of deciphering.Additionally, memorizer 14 can also be deposited
Storage at least one encryption key and decruption key.According to another one exemplary embodiment, memorizer 14 may be embodied as such as Trust
Or the safety zone of other hardware based safeguard construction.After encryption equipment 13 has encrypted content, encryption key is deleted.
Transceiver 15 can transmit that some keys of key generator 12 generation include to secure group each its
Its equipment.According to another one exemplary embodiment, transceiver 15 can transmit some keys of encryption equipment 13 encryption to safety
Each miscellaneous equipment that group includes.Additionally, transceiver 15 can transmit the content of the encryption of storage in memorizer 14 to safety
At least one of miscellaneous equipment that group includes.
If receiving detectable signal from detector 11, reaching in the multiple equipment that is, secure group includes and being equal to or more than
When the equipment of the quantity of threshold value is located within distance adjacent to one another, key recovery device 16 can be from reaching equal to or more than threshold value
Some key recovery decruption keys that each of equipment of quantity is stored.Decruption key can produce corresponding to key
The encryption key that device 12 produces.
Decipher 17 can decipher encrypted content by using the decruption key recovering.According to an exemplary reality
Apply example, decipher 17 can decipher the session key of deciphering by using the decruption key recovering, and the meeting using deciphering
Talk about key to decipher encrypted content.Additionally, after decrypted encrypted content, decruption key and deciphering can be deleted
At least one content.
In current one exemplary embodiment, arrive if located at least one multiple equipment within distance in close proximity to one another
Close on outside distance, at least one key recovery device 16 and decipher 17 can stop operation, and encryption equipment 13 can add again
The content of close deciphering.
In current one exemplary embodiment, key generator 12, encryption equipment 13, key recovery device 16 and decipher 17 can
To be embodied as multiple programs and to be stored in the memorizer of equipment 100A.The control unit that so equipment 100A includes can be visited
Ask this memorizer, in the operation being carried out such as key generation, encryption, key recovery and deciphering.But other exemplary
In embodiment, key generator 12, encryption equipment 13, key recovery device 16 and decipher 17 can be with hardware, software or hardware
To implement with combining of software.Additionally, in current one exemplary embodiment, memorizer 14 may be embodied as each equipment 100A
Memorizer a part of region.Additionally, in current one exemplary embodiment, transceiver 15 may be embodied as in equipment 100A
Including communicator a part.Hereafter, the hardware one exemplary embodiment of equipment will be described with reference to Figure 36.
Figure 36 is the block diagram of the equipment 100B according to an one exemplary embodiment.
With reference to Figure 36, in current one exemplary embodiment, the structure of equipment 100B can apply to as with reference to Fig. 1 explanation
The first to the 3rd equipment 100-300 and with reference to Figure 26 explanation the first to the 3rd equipment 500-700.The structure of equipment 100B can
To be applied to plurality of devices, such as cell phone, panel computer, PDA, MP3 player, news-stand, electron album, navigation system
System, DTV, wearable device (such as watch or the display (HMD) being arranged on head) etc..
With reference to Figure 36, equipment 100B can include display 110, controller 170, memorizer 120, GPS module 125, lead to
Believe device 130, video processor 135, audio process 140, user input unit 145, mike 150, imager 155, raise one's voice
At least one of device 160 and motion detector 165.
Display 110 can include display panel 111 and the controller (not shown) for controlling display panel 111.Display panel
111 it is so structured that polytype display, such as liquid crystal display (LCD), Organic Light Emitting Diode (OLED) display,
Active matrix organic light-emitting diode (AMOLED) display or plasma display panel (PDP).Display panel 111 may be embodied as soft
Property, transparent or wearable.Display 110 and include touch pad 147 in user input unit 145 can mutual group
Close to constitute touch screen (not shown).For example, touch screen (not shown) can include being formed as the module of an entirety, should
In entirety, display panel 111 and touch pad 147 form hierarchical structure.
Memorizer 120 can include at least one of internal storage (not shown) and external memory storage (not shown).
Internal storage can include such as volatile memory (such as dynamic random access memory (DRAM), static state
Random access memory (RAM), synchronous dram (SDRAM) etc.), (such as disposable programmable is read-only to be deposited nonvolatile memory
Reservoir (OTPROM), programmable read only memory (PROM), Erasable Programmable Read Only Memory EPROM (EPROM), electric erasable can
Program read-only memory (EEPROM), mask ROM (ROM), flash ROM etc.), hard disk drive (HDD) and solid-state
Driver (SSD).According to an one exemplary embodiment, controller 170 can load from nonvolatile memory or other element
The order receiving or data to volatile memory and process this order or data.Controller 170 can preserve from another element
The data receiving or producing is in nonvolatile memory.
External memory storage can include for example compact flash memory (CF), secure digital (SD), microampere digital (micro-SD),
At least one of mini secure digital (mini-SD), extreme digital (xD) or memory stick.
Memorizer 120 can store the multiple programs data of the operation for equipment 100B.For example, memorizer
120 can temporarily or non-permanently store in key used for encrypting the contents generating routine and encipheror and/or be used for decipher
The key recovery program held and at least a portion of decryption program.As another example, memorizer 120 can be temporary transient or impermanent
At least a portion of the content of the content of ground storage encryption and/or deciphering.
Controller 170 can control display unit 110 with display-memory on display unit 110 storage one
Partial content.In other words, controller 170 can on display 110 in display-memory 120 storage a part of content.
Alternatively, if performing user action on the region of display 110, controller 170 can execute corresponding to user action
Control operation.
Controller unit 170 can include RAM171, ROM172, CPU (CPU) 173, Graphics Processing Unit
(GPU) at least one of 174 or bus 175.RAM171, ROM172, CPU173 and GPU174 can connect each other through bus 175
Connect.
CPU173 accesses memorizer 120 and executes startup by using the operating system (OS) of storage in memorizer 120.
CPU173 to execute various operations by using the various programs of storage, interior perhaps data in memorizer 120.
ROM172 stores the command set for system start-up.As example, if to the equipment as mobile terminal 1 00B
100B input is opened order and is provided power supply, then CPU173 can replicate memorizer 120 according to the order of storage in ROM172
OS to the RAM171 of middle storage, and by executing OS come activation system.When completing to start, CPU173 replicates in memorizer and deposits
The various programs of storage to RAM171 and execute the program copying to RAM171 to execute various operations.When the startup of equipment 100B is complete
Cheng Shi, GPU174 show user interface (UI) screen on a region of display unit 110.In detail, GPU174 is permissible
Produce a screen, show the e-file of the various objects including such as content, icon, menu etc. on the screen.
GPU174 calculates for each object's property value, such as coordinate figure, shape, size or color according to the design of screen.In
It is that GPU174 can produce the screen with all kinds design including an object based on calculated property value.
The screen that GPU174 produces can be provided to display unit 110 and be shown on a region of display unit 110.
GPS module 125 can receive the current location of gps signal computing device 100B from gps satellite.If employed
Navigator or the current location needing user, then control unit 170 can calculate user by using GPS module 125
Position.
Communicator 130 can be according to the communication of the execution of various types of communication means and various types of external equipments.Logical
Letter device 130 can include at least one of WiFi module 131, bluetooth module 132, wireless communication module 133 and NFC module 134.
Controller 170 can be by using the communication of communicator 120 execution and various external equipments.
WiFi module 131 and bluetooth module 132 can be utilized respectively WiFi method and bluetooth approach executes communication.If made
With WiFi module 131 or bluetooth module 132, then can transmit and receive various link informations, such as service collection in advance
Identifier (SSID), session key etc..Then, execute communication using link information so that transmission receives various information.Wirelessly
Communication module 133 refers to for according to various communication standards (such as IEEE, ZigBee, three generations (3G), three generations's Partnership Program
(3GPP) or Long Term Evolution (LTE)) execution communication module.NFC module 134 refers to the module according to the operation of NFC method, should
NFC method is using in the RFID frequency band of such as 135kHz, 13.56MHz, 433MHz, 860-960MHz, 2.45GHz etc.
13.56MHz.
Video processor 135 can process the video data including through the content that communication unit 130 receives, or storage
The video data that in device 120, the content of storage includes.Video processor 135 can execute at various images to video data
Reason, such as decoding, scaling, filter are made an uproar, frame-rate conversion or conversion of resolution.
Audio process 140 can process the voice data including through the content that communication unit 130 receives, or storage
The voice data that in device 120, the content of storage includes.Video processor 140 can execute various process to video data, all
Such as decoding, amplification or filter are made an uproar.
If performing the playback program of content of multimedia, controller 170 can be by driving video processor 135 and sound
Frequency processor 140 is playing content of multimedia.Speaker 160 can export the voice data of audio process 140 generation.
User input unit 145 can receive various order inputs from user.User input unit 145 can include key
146th, at least one of touch pad 147 and pen identification plate 148.
Key 146 can include one or more keys, and can be real by various types of keys (such as mechanical button or wheel)
Apply, key 146 can be formed at before the such as outer surface of equipment 100B or on the various regions of side.
Touch pad 147 can detect the touch input of user and export the touch event corresponding to the touch input detecting
Value.If touch pad 147 and display panel 111 are mutually combined one touch screen of composition, touch screen can be by using various types of
The touch sensor (such as capacitor type, resistor-type or piezo-electric type) of type is implementing.Touched by the part contact when user's body
The coordinate of the position detecting during the surface touching screen from the user's body micro- electricity producing and calculating touch is (using touch screen surface
Cladding dielectric material) method formed appearance type touch screen.The method when contacting touch screen by using detecting user carrys out shape
Become resistive type touch screen, resistive type touch screen includes two embedded battery lead plates, between two embedded battery lead plates
When individual electric pole plate and a bottom electrode plate contact with each other at the position that touch screen is touched, flow through by using detection
The coordinate of the position being touched of Current calculation touch screen.The touch event occurring on touch screen can be mainly by the handss of a people
Refer to produce, but can also be produced by the conductive material that can change static capacity.
Pen identification plate 148 can detect contact pen (such as pointer (stylus pen) or the handwriting input of user's use
Pen (digitizer pen)) close to input or contact input, and export the detection of contact pen close to input or to detect contact defeated
Incoming event.Pen identification plate 148 can using electromagnetic radiation (EMR) method implement and this contact pen near or contact pen identification
During plate, the Strength Changes according to electromagnetic field contact input or close to input to detect.In detail, pen identification plate 148 can include
There is the electromagnetic induction coil sensor (not shown) of web frame and alternating current (AC) letter with preset frequency is sequentially provided
Number to electromagnetic induction coil sensor each toroidal electric signal processor (not shown).If having resonance circuit
Pen be placed in pen identify plate 148 toroidal nearby, then based on the mutual electromagnetic sensing in the resonance circuit of pen, toroid
Enclose the field generating current sending.Based on this electric current, induced field can be produced from the coil of the resonance circuit of pen, and pen is known
Other plate 148 can be with the induction field in the loop coil of detectable signal reception state, by approximated position or the contact position of this induction pen
Put.Pen identification plate 148 can be placed in display panel 111 below to have certain region, for example, can cover display panel 111
Viewing area a region.
Mike 150 can be converted into voice data with receive user phonetic entry and by user speech or other sound.
Controller 170 using the user speech inputting through mike 150 in call operation, or user speech can be changed
Become voice data and store user speech in memorizer 120.
Imager 155 can be according to user's control capturing still image or moving image.Such as front photograph can be included
Machine and multiple imagers 155 of rear camera.
Armed with imager 155 and mike 150, controller 170 can be according to the user inputting through mike 150
The user action of voice or imager 155 identification carrys out executive control operation.For example, equipment 100B can be with motor control
Pattern or Voice command pattern are operating.If equipment 100B is operated with motor control pattern, controller 170 can activate
Imager 155, to capture the image of user, follows the tracks of the change in user movement, and then execution is corresponding to the change in user movement
Control operation.If equipment 100B is operated with Voice command pattern, controller 170 can be operated with speech recognition mode,
Analyze the user speech through mike 150 input, and the user speech executive control operation according to analysis in this mode.
Motion detector 165 can be with the motion of the main body of detecting devices 100B.Equipment 100B can rotate in various directions
Or tilt.Motion detector 165 can be by using multiple sensors (such as geomagnetic sensor, gyro sensor and acceleration
Sensor) at least one of detecting the motion feature of such as direction of rotation, angle or inclination.
In addition although Figure 36 does not show, according to an one exemplary embodiment, equipment 100B can also include USB connector
May be coupled to USB (universal serial bus) (USB) port thereon, the various external input terminals for being connected to various exterior terminals
Mouth (for earphone, mouse or LAN (LAN)), DMB (DMB) chip for receiving and processing DMB signal
Or various sensor.
The element of equipment 100B can be named as different names.Additionally, according to an one exemplary embodiment, equipment
100B can include one or more of above-mentioned element.It should also be understood that some elements can not include, or can also include
Other element.
Figure 37 shows the block diagram of the software arrangements of an one exemplary embodiment.
With reference to Figure 37, memorizer 120 can store the operating system of the control support for equipment 100C and be used for operating
The application program of one application.Operating system can include kernel, middleware, application programming interface (API) etc..Operating system
Can be such as ARIXTRA, iPhone operating system (iOS), Windows, Symbian, Tizen or Bada.
Kernel 121 can include at least one device driver 121-1 or system resource managers 121-2.Equipment drives
Dynamic device 121-1 can be by using the hardware of softward interview and control device 100C.For this reason, device driver 121-1 can be by
It is categorized into the single Drive Module that interface and each hardware company provide.Device driver 121-1 can include for example showing
Show device driver, camera driver, BLUETOOTH driver, shared memory drives, usb driver, keyboard driver,
At least one of WiFi driver, audio driver or Inter Process Communication driver.System resource managers 121-2 can wrap
Include at least one of process management unit, MMU and file management unit.System resource managers 121-2 is permissible
The control of execution such as system resource, the function of distributing or recall.
Middleware 122 can include the multiple modules constructing in advance, to provide the function of various application common need.Middle
Part 122 can provide One function through API123 so that application 124 can be efficiently used the resource in equipment 100C.Middleware
122 can include at least one of multiple modules, such as application manager 122-1, window manager 122-2, multimedia administration
Device 122-3, explorer 122-4, power manager 122-5, database manager 122-6, packet manager 122-7,
Connection manager 122-8, notification manager 122-9, location manager 122-10, Graph Manager 122-11 and security manager
122-12.
Application manager 122-1 can manage the life cycle of at least one application from application 124 selection.Window management
Device 122-2 can be with graphical user interface (GUI) resource of use on management screen.Multimedia administration device 122-3 can determine use
To encode in the form playing various multimedia files and by using the codec being suitable for this form or to decode multimedia
File.Explorer 122-4 can manage the resource of at least one application such as selecting from the group of application 124 composition
The resource of code, memorizer or memory space.Power manager 122-5 can operate basic input/output (BIOS)
Manage battery or power supply and the power information for operation is provided.Database manager 122-6 can manage and be ready to use in application 124
At least one application the generation of data base, search and change.Packet manager 122-7 can manage with data APMB package
Form distribution the installation of application or renewal.Connection manager 122-8 can manage and for example wirelessly connect (such as WiFi or indigo plant
Tooth).Notification manager 122-9 can show by using non-interrupted method or notify an event to user, such as reach
Message, appointment or close notice.Location manager 122-10 can be with the positional information of management equipment 100C.Graph Manager
122-11 can manage the graphical effect being supplied to user and relevant UI.Security manager 122-12 can provide system
Various security functions needed for safety or user's identification.If equipment 100C has phone call functions, middleware 122 is permissible
Also include the phone call manager (not shown) for managing user speech or video phone call.
Middleware 122 can also include run-time library 122-13 or other library module (not shown).Run-time library 122-13
It is the library module that editing machine uses, so that programmed language increases new function while application is performed.For example, transport
During row, storehouse 122-13 can execute input/output function, memory management or arithmetic function.Middleware 122 can be through above-mentioned
The combination of the function of each module and produce and use new middleware module.Middleware 122 can be according to the type of operating system
There is provided the module becomed privileged to provide the function of differentiated.Middleware 122 can dynamically be deleted some elements or increase new
Element.According to an one exemplary embodiment, above-mentioned element can not be included it is also possible to include other elements, or can
With with there are similar functions but other elements of different names element of replacing here.
API123 is one group of API programing function, can be according to operating system with different element substitutions.If in ARIXTRA or
In the case of iOS, for example, can provide API set for each platform.It is provided that such as two or many in the case of Tizen
Individual API.
Application 124 can include default installation the applications of preloaded or user use equipment 100C when can by with
The third-party application that family is installed or used.Application 124 can include for example applying return home screen homepage application 124-1,
For carrying out dialing application 124-2 of call with the opposing party, for connecing from the opposing party that can be identified using telephone number
Receive text message applications 124-3 of message, instant message (IM) applies 124-4, browser application 124-5, camera application
124-6, alert applications 124-7, for managing the telephone number of the opposing party or book applications 124-8 of address, be used for managing
The telephony recording application 124-9 of the telephone call register of user, text message transmission/receiving record or missed call record,
For receiving e-mail applications 124-10 of message, calendar application 124-11, media from the opposing party of identifying through Email
Play at least one of application 124-12, photograph album application 124-13 and clock application 124-14.According to an exemplary implementation
Example, software can include at least one of selection from above-mentioned element.Alternatively, above-mentioned some elements or can not be included
Also to include other additional elements.
Figure 38 shows the block diagram of the server 800A according to an one exemplary embodiment.
With reference to Figure 38, server 800A can include key generator 81, encryption equipment 82, memorizer 83, transceiver 84, close
Key restorer 85 and decipher 86.Server 800A can encrypt shared in Virtual Space by the secure group including multiple equipment
Content and decipher encrypted content.
Server 800A can apply to the server 800 with reference to Figure 26 explanation.Additionally, server 800A can execute ginseng
Method according to the encrypted content of Fig. 1-33 explanation and the method for deciphering content.Therefore, it can not duplicate services device 800A execution
The detailed description of the operation of encrypted content and deciphering content.
Key generator 81 can produce encryption key and multiple part of key for certain content.Demonstrated according to one
Property embodiment, if employing asymmetric encryption method, key generator 81 can produce including by public-key cryptography and private
The encryption key of the key pair that people's key is constituted.Key generator 81 can be produced by splitting public-key cryptography or private key
Some keys.According to another one exemplary embodiment, if employing symmetrical encryption method, key generator 81 can
To produce the encryption key including symmetrical key.Key generator 81 can produce some by splitting symmetric key
Key.
Encryption equipment 82 can carry out encrypted content by using produced encryption key.In detail, encryption equipment 82 can lead to
Cross using session key come encrypted content, carry out encrypted session key by using encryption key.Additionally, encryption equipment 82 can be encrypted
Produced some keys.Additionally, one of multiple equipment if located in distance adjacent to one another is departing from closing on distance, then
Encryption equipment 82 can re-encrypt the content play.
According to an one exemplary embodiment, if employing asymmetric encryption method, encryption equipment 82 can be by profit
With public-key cryptography come encrypted content.In detail, encryption equipment 82 can carry out encrypted content by using session key, close using disclosing
Key carrys out encrypted session key.According to another one exemplary embodiment, if employing symmetrical encryption method, encryption equipment 82 is permissible
Carry out encrypted content by using symmetrical key.In detail, encryption equipment 82 can carry out encrypted content by using session key, leads to
Cross using symmetrical key come encrypted session key.
Memorizer 83 can store encryption and/or deciphering content.Additionally, memorizer 83 can also store encryption key
And/or decruption key.According to an one exemplary embodiment, memorizer 83 may be embodied as safety zone, such as TrustZone or
Other hardware based safeguard constructions.After encryption equipment 82 has encrypted content, encryption key can be deleted.
Transceiver 84 can receive detectable signal from least one of multiple equipment, and this signal shows to reach in multiple equipment
It is located within distance adjacent to one another so that they can identify each other equal to or more than the equipment of the quantity of threshold value.Additionally, transmitting-receiving
Device 84 can transmit each equipment that some keys produced by key generator 81 include to secure group.According to another
One exemplary embodiment, transceiver 84 can transmit each that some keys produced by encryption equipment 82 include to secure group
Equipment.Additionally, transceiver 84 can transmit the multiple equipment that the content of the encryption of storage in memorizer 83 includes to secure group
In at least one equipment.
If receiving detectable signal from transceiver 84, if reach in the multiple equipment that is, secure group includes be equal to or
It is located within distance adjacent to one another more than the equipment of the quantity of threshold value, then key recovery device 85 can be from reaching equal to or more than threshold
Some key recovery decruption keys of storage in each equipment of quantity of value.Decruption key can produce corresponding to key
Encryption key produced by device 81.
Decipher 86 can decipher content using the decruption key recovering.According to an one exemplary embodiment, decipher
86 session keys that can decipher encryption by using the decruption key recovering, the session key using deciphering is deciphered
The content of encryption.Additionally, the content of decruption key and/or deciphering after the content that decrypted encryption, can be deleted.
In current one exemplary embodiment, depart from if located at least one multiple equipment within distance adjacent to one another
Close on distance (i.e. one of equipment is no longer within the distance adjacent to one another with miscellaneous equipment), then key recovery device 85 and/or
Decipher 86 can stop operation, and encryption equipment 82 can re-encrypt the content of deciphering.
In current one exemplary embodiment, key generator 81, encryption equipment 82, key recovery device 85 and decipher 86 can
To be embodied as multiple programs and to be stored in the memorizer of server 800A.Then, the control unit that server 800A includes
Memorizer can be accessed, then execute such as key generation, the operation of encryption, key recovery and deciphering.But, show other
In exemplary embodiment, key generator 81, encryption equipment 82, key recovery device 85 and decipher 86 can be embodied in hardware, software
In, or the combination being embodied as hardware and software.Additionally, in current one exemplary embodiment, memorizer 83 may be embodied as
A part of region of the memorizer of server 800A.Additionally, in the ongoing illustrated embodiment, transceiver 84 may be embodied as server
A part for the communication unit that 800A includes.Hereafter, the one exemplary embodiment of the hardware of equipment will be described with reference to Figure 39.
Figure 39 shows the block diagram of the server 800B according to an one exemplary embodiment.
With reference to Figure 39, in the ongoing illustrated embodiment, server 800B can include controller 810, memorizer 820 and transmitting-receiving
Device 830.But, the element shown in Figure 39 is not essential for element.Server 800B can be by than the unit shown in Figure 39
More unit usually implements element.If implemented as Cloud Server, then server 800B can be using than less shown in Figure 39
Unit usually implements.Hereafter, by order explanation each element.
Controller 810 can control all operations of server 800B.For example, at least one receiving from equipment
Content can be encrypted/decipher by executing the program (or module) of storage in memorizer 820.In detail, if in secure group
Including the first to the 3rd equipment be located at distance in close proximity to one another within so that can identify mutually, then controller 810 can be controlled
System produces encryption key and some keys encrypted content.If additionally, the first to the 3rd equipment has all agreed to deciphering
The equipment of the quantity reaching equal to or more than predetermined threshold value in the content of encryption or the first to the 3rd equipment has agreed to deciphering
Encryption content, then controller 810 can control come from encryption part of key recover decruption key and using recovery solution
Key is deciphering encrypted content.
Memorizer 820 can store program or the storage input/output data for processing and controlling controller 810,
The content that for example receives from equipment, the information with regard to equipment, analysis information with regard to content etc..Storage in memorizer 820
Program can become multiple modules with classification by function.For example, program can be categorized into key generation module 821, encryption mould
Block 822, key recovery module 823, deciphering module 824, mark public-key cryptography data base (DB) 825, content public-key cryptography DB826
Or content DB827.
Transceiver 830 can include allowing one or more elements of communication between server 800B and multiple equipment.In detail
Carefully, transceiver 830 can transmit the part of key of the content, the content of deciphering and/or encryption of encryption to multiple equipment.This
Outward, transceiver 830 can receive detectable signal from least one of multiple equipment, and this signal shows to reach in multiple equipment
In or more than threshold value quantity equipment be located at distance adjacent to one another within so that can identify each other.
Additionally, other one exemplary embodiment can also through in medium (such as computer-readable medium)/on computer can
Reading code/instruction implementing to control at least one processing elements usually to implement any one embodiment of one exemplary embodiment.Medium
Can be corresponding to the permission storage of computer readable code and/or any medium of transmission.
Computer readable code can be recorded in many ways/be sent on medium, and the example of medium includes such as magnetic
The recording medium of storage medium (such as ROM, floppy disk, hard disk etc.) and optical record medium (such as CD-ROM or DVD) and all
Transmission medium as Internet transmission medium.Therefore, according to one or more one exemplary embodiment, medium can be including or take
Band signal or determination the and measurable structure of information, such as carry the equipment of bit stream.Medium can also be distributed network,
Computer readable code stores/is forwarded to be performed thereon and in a distributed fashion.Additionally, processing element can include processor
Or computer processor, and processing element can be distributed and/or include in single equipment.
It should be appreciated that one exemplary embodiment described herein only should understand rather than in order to carry out in descriptive sense
Limit.In each one exemplary embodiment, the feature of explanation or aspect should typically be interpreted as can be used for other one exemplary embodiment
Middle other similar feature or aspect.
Although with reference to the accompanying drawings of one or more one exemplary embodiment, those skilled in the art should manage
Solution, can make the change of various forms or details on the premise of requiring, without departing from following patent, the spirit and scope limiting.
Claims (15)
1. a kind of mobile device, including:
Communicator, it is configured to and at least one external device communication;And
Controller, it is configured to determine that described mobile device is located at the distance closed on at least one external equipment described
Within, decipher the encrypted content that described mobile device and at least one external equipment described are shared.
2. mobile device according to claim 1, also includes user input unit,
Wherein said controller be configured to receive with least one external equipment described share content user input and
Encrypted content.
3. mobile device according to claim 2, also includes memorizer, and it is configured to store encrypted content.
4. mobile device according to claim 2, wherein said controller is configured to store encrypted content outer
In portion's server.
5. mobile device according to claim 2, wherein said communicator is configured to transmit encrypted content to institute
State at least one external equipment.
6. mobile device according to claim 2, wherein said controller is configured to produce the encryption for encrypted content
Key and some keys, and produced some encryption key distribution are given at least one external equipment described.
7. mobile device according to claim 6, wherein said controller is configured to encrypt the plurality of part of key simultaneously
Some encryption key distribution of encryption are given at least one external equipment described.
8. mobile device according to claim 6, also includes memorizer, and it is configured to storage from the plurality of part of key
At least one portion key or the encryption key of distributing to described mobile device of middle selection.
9. mobile device according to claim 6, wherein said controller is configured to determine outside at least one
Equipment is located within the distance closed on described mobile device, close from some distributing at least one external equipment described
Key recovers to correspond to the decruption key of described encryption key and decipher encrypted content using the decruption key recovering.
10. mobile device according to claim 9, wherein said controller is configured at least one described in determination
External equipment is not located within the distance closed on mobile device, re-encrypts the content of deciphering.
11. mobile devices according to claim 1, also include user input unit,
At least one external equipment wherein said includes the first equipment and the second equipment, and
Described controller is configured to receive the user with the first and second collaborative share contents through user input unit
Input and encrypted content, and face with described mobile device in response to determining that at least one of the first equipment and the second equipment are located at
Encrypted content is deciphered near distance.
12. mobile devices according to claim 1, wherein said communicator includes short-range wireless communication module, described short
Journey wireless communication module includes at least one of near-field communication module, bluetooth module, WiFi module and ZigBee module, and
Wherein said communicator is configured to determine whether described mobile device is located at and is closed on at least one external equipment described
Within distance.
13. mobile devices according to claim 1, also include detector, and described detector includes touch sensor and connects
At least one of nearly sensor, and described detector is configured to determine whether described mobile device is located at and described at least one
Within the distance that individual external equipment closes on.
A kind of 14. user equipmenies, including:
Controller, its be configured to determine described user equipment whether be located at the distance closed on at least one other user equipment it
Interior, and within the distance closed on described at least one other user equipment in response to determining described user equipment to be in
It is stored encrypted in the content in described user equipment;And
Communicator, it is configured to for encrypted content to distribute to described at least one other user equipment.
15. user equipmenies according to claim 14, wherein said controller is configured to add for deciphering by generation
Some keys of close content are being stored encrypted in the content in described user equipment;And
Wherein said communicator is configured to for encrypted content to distribute to described at least one other user equipment and includes institute
State at least one portion encryption key distribution to described at least one other user.
Applications Claiming Priority (5)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US201461984229P | 2014-04-25 | 2014-04-25 | |
| US61/984,229 | 2014-04-25 | ||
| KR10-2014-0052974 | 2014-04-30 | ||
| KR1020140052974A KR102154737B1 (en) | 2014-04-25 | 2014-04-30 | Method of encrypting/decrypting content |
| PCT/KR2015/004138 WO2015163735A1 (en) | 2014-04-25 | 2015-04-27 | Mobile device and method of sharing content |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106464973A true CN106464973A (en) | 2017-02-22 |
| CN106464973B CN106464973B (en) | 2020-01-17 |
Family
ID=54600129
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201580022041.3A Expired - Fee Related CN106464973B (en) | 2014-04-25 | 2015-04-27 | Mobile device and method for sharing content |
Country Status (2)
| Country | Link |
|---|---|
| KR (1) | KR102154737B1 (en) |
| CN (1) | CN106464973B (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111290884A (en) * | 2020-02-19 | 2020-06-16 | 浙江口碑网络技术有限公司 | Data backup method and device for cash register equipment |
| CN112307488A (en) * | 2019-07-31 | 2021-02-02 | 华为技术有限公司 | Authentication credential protection method and system |
| WO2021018306A1 (en) * | 2019-07-31 | 2021-02-04 | 华为技术有限公司 | Method and system for protecting authentication credentials |
| WO2022078073A1 (en) * | 2020-10-12 | 2022-04-21 | Kyndryl, Inc. | Ultrasound split key transmission for enhanced security |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20180081390A (en) * | 2017-01-06 | 2018-07-16 | 삼성전자주식회사 | Image display device and operating method for the same |
| EP3688922A4 (en) | 2017-09-27 | 2020-09-09 | Visa International Service Association | Secure shared key establishment for peer to peer communications |
| KR102142955B1 (en) * | 2019-01-18 | 2020-08-11 | 주식회사 블록체인컴퍼니 | A privatekey management method |
| WO2020235942A1 (en) * | 2019-05-21 | 2020-11-26 | 웰스트리에스지 유한회사 (영업소) | System for restoring lost private key |
| KR102377987B1 (en) * | 2020-04-03 | 2022-03-22 | 디지파이낸스(영업소) | Restoration System For Lost Private Key |
| CN111967033B (en) * | 2020-08-28 | 2024-04-05 | 深圳康佳电子科技有限公司 | Picture encryption method and device based on face recognition, terminal and storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1304604A (en) * | 1999-03-25 | 2001-07-18 | 皇家菲利浦电子有限公司 | Multi-node encryption and key delivery |
| CN1578458A (en) * | 2003-07-29 | 2005-02-09 | 松下电器产业株式会社 | Transmitting device, receiving device and transmitting/receiving system |
| US20130268774A1 (en) * | 2012-04-06 | 2013-10-10 | Security First Corp. | Systems and methods for securing and restoring virtual machines |
| US8561211B1 (en) * | 2001-07-31 | 2013-10-15 | Marvell International Ltd. | System and method for enhanced piracy protection in a wireless personal communication device |
| WO2014036689A1 (en) * | 2012-09-04 | 2014-03-13 | Nokia Corporation | Methods and apparatuses for location-based access management |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20110293093A1 (en) * | 2010-06-01 | 2011-12-01 | Rogers Communications Inc. | Method and system for identity-based key management |
-
2014
- 2014-04-30 KR KR1020140052974A patent/KR102154737B1/en active IP Right Grant
-
2015
- 2015-04-27 CN CN201580022041.3A patent/CN106464973B/en not_active Expired - Fee Related
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1304604A (en) * | 1999-03-25 | 2001-07-18 | 皇家菲利浦电子有限公司 | Multi-node encryption and key delivery |
| US8561211B1 (en) * | 2001-07-31 | 2013-10-15 | Marvell International Ltd. | System and method for enhanced piracy protection in a wireless personal communication device |
| CN1578458A (en) * | 2003-07-29 | 2005-02-09 | 松下电器产业株式会社 | Transmitting device, receiving device and transmitting/receiving system |
| US20130268774A1 (en) * | 2012-04-06 | 2013-10-10 | Security First Corp. | Systems and methods for securing and restoring virtual machines |
| WO2014036689A1 (en) * | 2012-09-04 | 2014-03-13 | Nokia Corporation | Methods and apparatuses for location-based access management |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112307488A (en) * | 2019-07-31 | 2021-02-02 | 华为技术有限公司 | Authentication credential protection method and system |
| WO2021018306A1 (en) * | 2019-07-31 | 2021-02-04 | 华为技术有限公司 | Method and system for protecting authentication credentials |
| CN111290884A (en) * | 2020-02-19 | 2020-06-16 | 浙江口碑网络技术有限公司 | Data backup method and device for cash register equipment |
| WO2022078073A1 (en) * | 2020-10-12 | 2022-04-21 | Kyndryl, Inc. | Ultrasound split key transmission for enhanced security |
| US11502830B2 (en) | 2020-10-12 | 2022-11-15 | Kyndryl, Inc. | Ultrasound split key transmission for enhanced security |
| GB2611694A (en) * | 2020-10-12 | 2023-04-12 | Kyndryl Inc | Ultrasound split key transmission for enhanced security |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106464973B (en) | 2020-01-17 |
| KR102154737B1 (en) | 2020-09-11 |
| KR20150123672A (en) | 2015-11-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP2937802B1 (en) | Mobile device and method of sharing content | |
| CN106464973A (en) | Mobile device and method of sharing content | |
| US9781123B2 (en) | Methods of providing social network service and server performing the same | |
| US10671264B2 (en) | Image display and interaction using a mobile device | |
| US11669465B1 (en) | Secure storage of data through a multifaceted security scheme | |
| US20190173878A1 (en) | Device and method of setting or removing security on content | |
| US10073985B2 (en) | Apparatus and method for trusted execution environment file protection | |
| CN112711774B (en) | Data processing method, device, equipment and storage medium | |
| WO2016045469A1 (en) | Information encryption method and mobile terminal | |
| CN105981398B (en) | Content security method and electronic device for providing content security function | |
| CN110826103B (en) | Method, device, equipment and storage medium for processing document authority based on blockchain | |
| TW201015322A (en) | Method and system for data secured data recovery | |
| TW200541289A (en) | Application-based data encryption system and method thereof | |
| EP3566415B1 (en) | Successive cryptographic techniques | |
| US11456872B2 (en) | Offline protection of secrets | |
| CN106233299B (en) | The method of social networking service is provided and executes the server of this method | |
| US11405193B2 (en) | Encrypted photographing method and system based on fingerprint recognition | |
| CN111475832A (en) | Data management method and related device | |
| CN115544586B (en) | Secure storage method for user data, electronic device and storage medium | |
| EP3486828B1 (en) | Electronic device including display and method of encrypting information | |
| CN114244565B (en) | Key distribution method, device, equipment and storage medium | |
| TWM632815U (en) | Encrypted Multimedia Information Management System | |
| JPWO2019026372A1 (en) | Information processing apparatus, information processing method, and program | |
| TW201007619A (en) | Picture encryption/decryption system and method thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20200117 |