CN107800535A - A kind of processing method and processing device of data safety - Google Patents
A kind of processing method and processing device of data safety Download PDFInfo
- Publication number
- CN107800535A CN107800535A CN201610802566.5A CN201610802566A CN107800535A CN 107800535 A CN107800535 A CN 107800535A CN 201610802566 A CN201610802566 A CN 201610802566A CN 107800535 A CN107800535 A CN 107800535A
- Authority
- CN
- China
- Prior art keywords
- key
- encryption
- business cipher
- server
- business
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0478—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0822—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
Abstract
The present invention provides a kind of processing method and processing device of data safety, applied to including:Business cipher key encryption and decryption server, business datum encryption and decryption server data safety processing system;The processing method of the data safety includes:Business cipher key encryption and decryption server receives the business cipher key encryption request message that business datum encryption and decryption server is sent;Business cipher key encryption and decryption server obtains the first encryption key;Business cipher key encryption and decryption server obtains and business cipher key is encrypted, obtain the ciphertext of business cipher key according to the first encryption key;Business cipher key encryption and decryption server sends the ciphertext of business cipher key to business datum encryption and decryption server, to cause business datum encryption and decryption server to receive and store the ciphertext of the business cipher key of key encryption and decryption server transmission.When business datum encryption and decryption server stores the ciphertext of business cipher key to database, the security of the data stored in database can be increased, and then increase the security of data.
Description
Technical field
The present invention relates to technical field of data security, more particularly to a kind of processing method and processing device of data safety.
Background technology
In the epoch of this information explosion instantly, information security has become very popular topic.And present information is pacified
Full technology, in terms of guarding network attack, that has done is quite outstanding.Identity identifying technology, fire wall, router technology, peace
Full monitoring and audit technique, ensure that the safety of information in a network to greatest extent.
In order to prevent business datum from not stolen in communication process by other people, it is necessary to which business datum is encrypted.
And different business datums, its corresponding encryption key are not quite similar.Encryption device is adding business datum using encryption key
, it is necessary to which encryption key and corresponding decruption key are stored into database after the close ciphertext into business.Now, if being deposited in database
Other people do not steal for the data of storage, then other people can get the encryption key and correspondingly of each business datum stored in database
Decruption key, and then business ciphertext can be intercepted and captured, using the business datum stored in database encryption key and
Corresponding decruption key, business ciphertext is decrypted into the plaintext of business datum, so as to cause business datum to be revealed.
Therefore, need a kind of method that safeguard protection is carried out to the data stored in database badly in the prior art, increase number
According to security.
The content of the invention
In view of the above the shortcomings that prior art, it is an object of the invention to provide a kind of processing method of data safety
And device, for the security of the data stored by increasing in database, so as to improve the security of data.
In order to achieve the above objects and other related objects, the present invention provides a kind of processing method of data safety, is applied to
The processing system of data safety, the processing system of the data safety include:Business cipher key encryption and decryption server, business datum add
Decrypt server;The processing method of the data safety includes:The business cipher key encryption and decryption server receives the business number
The business cipher key encryption request message sent according to encryption and decryption server;Business is carried in the business cipher key encryption request message
Key, the business cipher key are the keys for carrying out encryption and decryption to business datum;The business cipher key encryption and decryption server obtains
Take the first encryption key;The business cipher key encryption and decryption server obtains close to the business according to first encryption key
Key is encrypted, and obtains the ciphertext of business cipher key;The business cipher key encryption and decryption server is by the close of the business cipher key
Text is sent to the business datum encryption and decryption server, described to cause the business datum encryption and decryption server to receive and store
The ciphertext for the business cipher key that key encryption and decryption server is sent.
In one embodiment of the invention, the processing system of the data safety also includes:Dynamic key server;It is described
First encryption key includes:First dynamic key;It is specific that the business cipher key encryption and decryption server obtains dynamic first encryption key
Including:The business cipher key encryption and decryption server receives first dynamic key that the dynamic key server is sent;Its
In, first dynamic key is periodically moved by the dynamic key server according to the second of the transmission of at least one authorisation device
State key updating.
In one embodiment of the invention, the processing system of the data safety also includes:Manage key server;It is described
First encryption key includes:Manage the plaintext of key;The business cipher key encryption and decryption server, which obtains the first encryption key, to be included:
When the management key of the business cipher key encryption and decryption server storage is manages the ciphertext of key, the business cipher key encryption and decryption
Server sends the decoding request message of management key to the management key encryption and decryption server;The decryption of the management key
The ciphertext of the management key is carried in request message;The business cipher key encryption and decryption server receives the management key and added
Decrypt the plaintext for the management key that server is sent.
In one embodiment of the invention, in addition to:The business cipher key encryption and decryption server adds to the management key
Decrypt server and send management key encryption request message;Management key is carried in the management key encryption request message,
To cause the management key encryption and decryption server that the management key is encrypted;The business cipher key encryption and decryption clothes
Business device receives and stored the ciphertext for the management key that the management key encryption and decryption server is sent.
In one embodiment of the invention, in addition to:The business cipher key encryption and decryption server receives the business datum
The decoding request message for the business cipher key that encryption and decryption server is sent;Carried in the decoding request message of the business cipher key
State the ciphertext of business cipher key;The business cipher key encryption and decryption server is according to the management key, to the close of the business cipher key
Processing is decrypted in text, obtains the plaintext of business cipher key;The business cipher key encryption and decryption server is by the bright of the business cipher key
Text is sent to the business datum encryption and decryption server.
In one embodiment of the invention, in addition to:The business cipher key encryption and decryption server receives the dynamic key
The ciphertext for the newly-generated management key that server is sent, and updated according to the ciphertext of the newly-generated management key of reception with
The ciphertext of the management key of storage.
Further, the present invention provides a kind of processing method of data safety, applied to the processing system of data safety, institute
Stating the processing system of data safety includes:Business cipher key encryption and decryption server, business datum encryption and decryption server;The data peace
Full processing method includes:The business datum encryption and decryption server is close to business cipher key encryption and decryption server transmission business
Key encryption request message;Carry business cipher key in the business cipher key encryption request message, the business cipher key is to be used for pair
Business datum carries out the key of encryption and decryption;The business datum encryption and decryption server receives and stores the key encryption and decryption service
The ciphertext for the business cipher key that device is sent.
Further, the present invention provides a kind of processing method of data safety, applied to the processing system of data safety, institute
Stating the processing system of data safety includes:Business cipher key encryption and decryption server, business datum encryption and decryption server, dynamic key clothes
Business device;The processing method of the data safety includes:The dynamic key server is periodically according at least one authorisation device
The second dynamic key sent updates first dynamic key;The dynamic key server is to the business cipher key encryption and decryption
Server sends first dynamic key.
Further, the present invention provides a kind of processing method of data safety, applied to the processing system of data safety, institute
Stating the processing system of data safety includes:Business cipher key encryption and decryption server, business datum encryption and decryption server, dynamic key clothes
Business device, management key encryption and decryption server;The processing method of the data safety includes:The dynamic key server is periodically
The second dynamic key sent according at least one authorisation device updates first dynamic key;The dynamic key server
First dynamic key is sent to the management key encryption and decryption server.
In one embodiment of the invention, periodically sent out in the dynamic key server according at least one authorisation device
After the second dynamic key sent updates first dynamic key, in addition to:The dynamic key server is from the business
The ciphertext of management key is obtained in key encryption and decryption server, and using the first dynamic key before renewal to the management key
Ciphertext be decrypted processing, obtain the plaintext of the management key;The dynamic key server is according to first after renewal
Dynamic key, the plaintext of the management key is encrypted, generates the ciphertext of the management key;The dynamic key
Server sends the ciphertext of newly-generated management key to the business cipher key encryption and decryption server.
Further, the present invention provides a kind of processing method of data safety, applied to the processing system of data safety, institute
Stating the processing system of data safety includes:Business cipher key encryption and decryption server, business datum encryption and decryption server, dynamic key clothes
Business device, management key encryption and decryption server;The processing method of the data safety includes:The management key encryption and decryption server
Receive the first dynamic key that the dynamic key server is sent;The management key encryption and decryption server receives the business
The management secret key decryption request message that key encryption and decryption server is sent;Carried in the decoding request message of the management key
The ciphertext of the management key;The first dynamic key is to the management key described in the management key encryption and decryption server by utilizing
Ciphertext be decrypted processing, obtain the plaintext of the management key;The key encryption and decryption server that manages is by the management
The plaintext of key is sent to the business cipher key encryption and decryption server.
In one embodiment of the invention, the dynamic key server is received in the management key encryption and decryption server
After the first dynamic key sent, in addition to:The management key encryption and decryption server receives the business cipher key encryption and decryption
The management key encryption request message that server is sent;Management key is carried in the management key encryption request message;Institute
State the first dynamic key described in management key encryption and decryption server by utilizing the management key is encrypted, obtain management
The ciphertext of key;The management key encryption and decryption server, which sends the ciphertext of the management key to the business cipher key, adds solution
Close server.
Further, the present invention provides a kind of business cipher key ciphering and deciphering device, applied to including business cipher key encryption and decryption
Server, in the business cipher key encryption and decryption server in the processing system of the data safety of business datum encryption and decryption server;Institute
Stating business cipher key ciphering and deciphering device includes:Receiving unit, the business sent for receiving the business datum encryption and decryption server
Key encryption request message;Business cipher key is carried in the business cipher key encryption request message, the business cipher key is to be used for
The key of encryption and decryption is carried out to business datum;Processing unit, for obtaining the first encryption key;The processing unit, is additionally operable to
According to first encryption key, obtain and the business cipher key is encrypted, obtain the ciphertext of business cipher key;Send single
Member, for the ciphertext of the business cipher key to be sent to the business datum encryption and decryption server, to cause the business datum
Encryption and decryption server receives and stored the ciphertext for the business cipher key that the key encryption and decryption server is sent.
Further, the present invention provides a kind of business datum ciphering and deciphering device, applied to including business cipher key encryption and decryption
Server, in the business datum encryption and decryption server in the processing system of the data safety of business datum encryption and decryption server;Institute
Stating business datum ciphering and deciphering device includes:Transmitting element, for sending business cipher key to the business cipher key encryption and decryption server
Encryption request message;Business cipher key is carried in the business cipher key encryption request message, the business cipher key is used for industry
Data of being engaged in carry out the key of encryption and decryption;Receiving unit, the business cipher key sent for receiving the key encryption and decryption server
Ciphertext;Memory cell, for storing the ciphertext of the business cipher key.
Further, the present invention provides a kind of dynamic key device, applied to including business cipher key encryption and decryption server,
Business datum encryption and decryption server, in the dynamic key server in the processing system of the data safety of dynamic key server;
The dynamic key device includes:Processing unit, the second dynamic sent for periodicity according at least one authorisation device are close
Key updates first dynamic key;Transmitting element, for sending first dynamic key to key encryption and decryption server.
Further, the present invention provides a kind of dynamic key device, applied to including business cipher key encryption and decryption server,
Business datum encryption and decryption server, dynamic key server, the processing system of the data safety of management key encryption and decryption server
In dynamic key server in;The dynamic key device includes:Processing unit, for periodicity according at least one mandate
The second dynamic key that equipment is sent updates first dynamic key;Transmitting element, for managing key encryption and decryption to described
Server sends first dynamic key.
Further, the present invention provides a kind of management key device, applied to including business cipher key encryption and decryption server,
Business datum encryption and decryption server, dynamic key server, the processing system of the data safety of management key encryption and decryption server
In management key encryption and decryption server in;The management key device includes:Receiving unit, for receiving the dynamic key
The first dynamic key that server is sent;The receiving unit, it is additionally operable to receive the business cipher key encryption and decryption server transmission
Management secret key decryption request message;The ciphertext of the management key is carried in the decoding request message of the management key;
The processing unit, for processing to be decrypted to the ciphertext of the management key using first dynamic key, obtain institute
State the plaintext of management key;Transmitting element, taken for the plaintext of the management key to be sent to the business cipher key encryption and decryption
Business device.
As described above, a kind of processing method and processing device of data safety of the present invention, has the advantages that:Key adds
Decrypt server and obtain the first dynamic key, business datum encryption and decryption server sends business cipher key to key encryption and decryption server
Business cipher key is encrypted according to the first dynamic key for encryption request message, key encryption and decryption server, obtains business
The ciphertext of key, key encryption and decryption server send the ciphertext of business cipher key to business datum encryption and decryption server, business number
Received according to encryption and decryption server and store the ciphertext of the business cipher key of key encryption and decryption server generation.So, key adds
Place can be encrypted according to the first dynamic key to the business cipher key for carrying out encryption and decryption to business datum by decrypting server
Reason, and then the ciphertext of business cipher key is obtained, and the ciphertext of this business cipher key is sent to business datum encryption and decryption server, by industry
Business data encrypting and deciphering server storage so that the business cipher key of business datum encryption and decryption server storage is close for business cipher key
Text, so as to add the security of business cipher key, so as to store the ciphertext of business cipher key in business datum encryption and decryption server
During to database, the security of the data stored in database can be increased, and then increase the security of data.
Brief description of the drawings
Fig. 1 is shown as a kind of the first flow of the processing method of data safety provided by the invention in an embodiment and shown
It is intended to.
Fig. 2 is shown as a kind of second flow of the processing method of data safety provided by the invention in an embodiment and shown
It is intended to.
Fig. 3 is shown as a kind of the third flow of the processing method of data safety provided by the invention in an embodiment and shown
It is intended to.
Fig. 4 is shown as a kind of four kind flow of the processing method of data safety provided by the invention in an embodiment and shown
It is intended to.
Fig. 5 is shown as a kind of five kind flow of the processing method of data safety provided by the invention in an embodiment and shown
It is intended to.
Fig. 6 is shown as a kind of six kind flow of the processing method of data safety provided by the invention in an embodiment and shown
It is intended to.
Fig. 7 is shown as a kind of seven kind flow of the processing method of data safety provided by the invention in an embodiment and shown
It is intended to.
Fig. 8 is shown as a kind of a kind of structural representation of the business cipher key ciphering and deciphering device provided by the invention in an embodiment
Figure.
Fig. 9 is shown as a kind of another structure of the business cipher key ciphering and deciphering device provided by the invention in an embodiment and shown
It is intended to.
Figure 10 is shown as a kind of a kind of structure of the business datum ciphering and deciphering device provided by the invention in an embodiment and shown
It is intended to.
Figure 11 is shown as a kind of a kind of structural representation of the dynamic key device provided by the invention in an embodiment.
Figure 12 is shown as a kind of a kind of structural representation of the dynamic key device provided by the invention in another embodiment.
Figure 13 is shown as a kind of a kind of structure for managing key ciphering and deciphering device in an embodiment provided by the invention and shown
It is intended to.
Figure 14 is shown as a kind of a kind of structure of the processing system of data safety provided by the invention in an embodiment and shown
It is intended to.
Component label instructions
801 receiving units
802 processing units
803 transmitting elements
804 memory cell
901 transmitting elements
902 receiving units
903 memory cell
1001 processing units
1002 transmitting elements
1101 processing units
1102 transmitting elements
1201 receiving units
1201 processing units
1203 transmitting elements
1301 business cipher key encryption and decryption servers
1302 business datum encryption and decryption servers
1303 dynamic key servers
1304 management key encryption and decryption servers
S101~S104 steps
S201~S202 steps
S301~S302 steps
S401~S402 steps
S501~S504 steps
S601~S608 steps
S701~S719 steps
Embodiment
Illustrate embodiments of the present invention below by way of specific instantiation, those skilled in the art can be by this specification
Disclosed content understands other advantages and effect of the present invention easily.The present invention can also pass through specific realities different in addition
The mode of applying is embodied or practiced, the various details in this specification can also be based on different viewpoints with application, without departing from
Various modifications or alterations are carried out under the spirit of the present invention.It should be noted that in the case where not conflicting, following examples and implementation
Feature in example can be mutually combined.
It should be noted that the diagram provided in following examples only illustrates the basic structure of the present invention in a schematic way
Think, only show the component relevant with the present invention in schema then rather than according to component count, shape and the size during actual implement
Draw, kenel, quantity and the ratio of each component can be a kind of random change during its actual implementation, and its assembly layout kenel
It is likely more complexity.
In the prior art, in order to increase the security of business datum, it is necessary to business datum utilize business cipher key carry out
Encryption, and business cipher key is stored into database.But it is by industry when business cipher key is stored into database
It is engaged in what key was stored with the plaintext version of business cipher key, when so causing the leaking data stored in database, business can be influenceed
The security of data.Therefore, in the present invention, business cipher key is encrypted using the first encryption key, and then obtained
To the ciphertext of business cipher key, the ciphertext of business cipher key is stored, adds the security of business datum.
It is applied to the processing system of data safety in the embodiment of the present invention, the processing system of the data safety includes business
Key encryption and decryption server, business datum encryption and decryption server.Wherein, business cipher key encryption and decryption server can utilize what is obtained
Business cipher key is encrypted first encryption key, and close to the business after encryption by business datum encryption and decryption server
Key is stored, and then is realized to being stored to the ciphertext of business cipher key, adds the security of business datum.
Below in conjunction with the accompanying drawings and specific embodiment the present invention will be further described in detail.
As described in Figure 1, the embodiments of the invention provide a kind of processing method of data safety, the place applied to data safety
Reason system, the processing system of data safety include:Business cipher key encryption and decryption server, business datum encryption and decryption server.Data
The processing method of safety includes:
Step S101, business cipher key encryption and decryption server receives the business cipher key that business datum encryption and decryption server is sent and added
Close request message.
Wherein, business cipher key is carried in business cipher key encryption request message, business cipher key is to be used to enter business datum
The key of row encryption and decryption.
Specifically, in order to improve the security of the business cipher key of business datum encryption and decryption server storage, it is necessary to business
The business cipher key stored in data encrypting and deciphering server is encrypted, and therefore, business datum encryption and decryption server can incite somebody to action
The business cipher key for needing to encrypt is added in business cipher key encryption request message, and is sent to key encryption and decryption server.Now,
After business cipher key encryption and decryption server receives business cipher key encryption request message, parse this business cipher key encryption request message and obtain
Take this business cipher key.
Step S102, business cipher key encryption and decryption server obtains the first encryption key.
Wherein, the first encryption key is used key when carrying out encryption and decryption to business cipher key.
Specifically, business cipher key encryption and decryption server carries out encryption and decryption processing to business cipher key, it is therefore desirable to which industry is gone in acquisition
Business key carries out the key of encryption and decryption processing.In order to increase the security of business cipher key encryption and decryption, it is necessary to regularly update to industry
Business key carries out the key of encryption and decryption processing, so, what business cipher key encryption and decryption server obtained is used to carry out business cipher key
The key of encryption and decryption is the first encryption key.
Step S103, place is encrypted to the business cipher key according to the first encryption key in business cipher key encryption and decryption server
Reason, obtain the ciphertext of business cipher key.
Specifically, business cipher key encryption and decryption server is after business cipher key is parsed, can be according to the first dynamic key pair
Business cipher key is encrypted, and then obtains the ciphertext of business cipher key.
It should be noted that when business cipher key is encrypted business cipher key encryption and decryption server, it is used to add
Close algorithm can be set in advance, can be symmetric encipherment algorithm or rivest, shamir, adelman, can also be unidirectional
AES or signature and verification algorithm, the invention is not limited in this regard.
Step S104, business cipher key encryption and decryption server sends the ciphertext of business cipher key to business datum encryption and decryption service
Device, to cause business datum encryption and decryption server to receive and store the ciphertext of the business cipher key of key encryption and decryption server transmission.
Specifically, completing the encryption to business cipher key in business cipher key encryption and decryption server, the close of business cipher key is got
Wen Shi, response message that can be using the ciphertext of this business cipher key as business cipher key encryption request message are sent to business datum
In encryption and decryption server.Business datum encryption and decryption server receives the ciphertext for the business cipher key that key encryption and decryption server is sent,
And store the ciphertext of so far business cipher key.
It should be noted that business datum encryption and decryption server can store the ciphertext of business cipher key to number corresponding to it
According in storehouse.
So, business cipher key encryption and decryption server can be according to the first encryption key, to for entering to business datum
The business cipher key of row encryption and decryption is encrypted, and then obtains the ciphertext of business cipher key, and the ciphertext of this business cipher key is sent out
Business datum encryption and decryption server is delivered to, by business datum encryption and decryption server storage so that business datum encryption and decryption server
The business cipher key of storage is the ciphertext of business cipher key, so as to add the security of business cipher key, so as to add solution in business datum
When close server stores the ciphertext of business cipher key to database, the security of the data stored in database can be increased, entered
And increase the security of data.
As shown in Fig. 2 the embodiments of the invention provide a kind of processing method of data safety, the place applied to data safety
Reason system, the processing system of data safety include:Business cipher key encryption and decryption server, business datum encryption and decryption server.Data
The processing method of safety includes:
Step S201, business datum encryption and decryption server sends business cipher key encryption to business cipher key encryption and decryption server and asked
Seek message.
Wherein, business cipher key is carried in business cipher key encryption request message, business cipher key is to be used to enter business datum
The key of row encryption and decryption.
Specifically, storing business cipher key in business datum encryption and decryption server, and then business cipher key can be utilized to industry
Data of being engaged in carry out encryption and decryption processing.In order to improve the security of the business cipher key of business datum encryption and decryption server storage, it is necessary to
The business cipher key stored in business datum encryption and decryption server is encrypted, due to business datum encryption and decryption server without
Directly business cipher key is encrypted for method, and the business cipher key encryption and decryption server for needing business cipher key can be encrypted is to business
Key is encrypted, and therefore, the business cipher key for needing to encrypt can be added to business by business datum encryption and decryption server
In key encryption request message, and send to key encryption and decryption server.
Step S202, business datum encryption and decryption server receives and stores the business cipher key of key encryption and decryption server transmission
Ciphertext.
So, it is close by business cipher key encryption and decryption server can to get business for business datum encryption and decryption server
The ciphertext of key, and the ciphertext of storage service key, the security of business cipher key is added, so as in business datum encryption and decryption service
When device stores the ciphertext of business cipher key to database, the security of the data stored in database can be increased, and then increase
The security of data.
As shown in figure 3, the embodiments of the invention provide a kind of processing method of data safety, the place applied to data safety
Reason system, the processing system of data safety include:Business cipher key encryption and decryption server, business datum encryption and decryption server, dynamic
Key server.The processing method of data safety includes:
Step S301, dynamic key server periodically according at least one authorisation device send the second dynamic key more
New first dynamic key.
Specifically, keeper can generate one section and move by least one authorisation device by generating dynamic key program
State key is the second dynamic key, and sends the second dynamic key to dynamic key server, and dynamic key server can be with
Dynamical Secret Key Building Algorithm is utilized according to the second dynamic key, generates the first new dynamic key.
Step S302, dynamic key server sends first dynamic key to business cipher key encryption and decryption server.
Specifically, when the first encryption key includes the first dynamic key, illustrate business cipher key encryption and decryption server needs
, it is necessary to obtain the first dynamic key when business cipher key is encrypted, now, dynamic key server is generating the first dynamic
During key, the first newly-generated dynamic key can be sent to business cipher key encryption and decryption server.
It should be noted that because dynamic key server need to periodically update the first dynamic key, therefore, need to be dynamic
After state key server has updated the first dynamic key every time, it is both needed to send to business cipher key encryption and decryption server, so as to business
The first newest dynamic key of key encryption and decryption server by utilizing carries out encryption and decryption to business cipher key.
So, dynamic key server sends the first dynamic key to business cipher key encryption and decryption server, makes
Obtaining business cipher key encryption and decryption server can be close to the business for carrying out encryption and decryption to business datum according to the first dynamic key
Key is encrypted, and then obtains the ciphertext of business cipher key, and the ciphertext of this business cipher key is sent to business datum and adds solution
Close server, by business datum encryption and decryption server storage so that the business cipher key of business datum encryption and decryption server storage is
The ciphertext of business cipher key, so as to add the security of business cipher key, so as in business datum encryption and decryption server that business is close
When the ciphertext of key is stored to database, the security of the data stored in database can be increased, and then increase the safety of data
Property.
Although business cipher key can be carried out using the first dynamic key by above-described embodiment business encryption and decryption server
Encryption and decryption, but because the first dynamic key need to periodically update, therefore business cipher key need to be carried out periodically to utilize renewal
The first dynamic key the processing of encrypted cipher text is updated to business cipher key.And business cipher key corresponding to different business datums
It is different, it is therefore desirable to which that the business cipher key quantity of encryption is more, needs that periodically the ciphertext of each business cipher key is decrypted, and profit
Each business cipher key is encrypted with the first newest dynamic key, causes the work of business cipher key encryption and decryption server
Amount greatly increases.Therefore, in embodiments of the present invention, in order to reduce the workload of business cipher key encryption and decryption, it can utilize and not exist
The management key of renewal carries out encryption and decryption to each business cipher key, and in order to not reduce the security of business cipher key, can be by pipe
Reason key is encrypted using the first dynamic key.Therefore, the processing system of data safety in embodiments of the present invention
Including:Business cipher key encryption and decryption server, business datum encryption and decryption server, dynamic key server, management key encryption and decryption
Server.
As shown in figure 4, the embodiments of the invention provide a kind of processing method of data safety, the place applied to data safety
Reason system, the processing system of data safety include:Business cipher key encryption and decryption server, business datum encryption and decryption server, dynamic
Key server, management key encryption and decryption server.The processing method of data safety includes:
Step S401, dynamic key server periodically according at least one authorisation device send the second dynamic key more
New first dynamic key.
Specifically, with reference to step S301, will not be repeated here.
Step S402, dynamic key server sends the first dynamic key to management key encryption and decryption server.
Entered specifically, the embodiment of the present invention is applied to business cipher key by business cipher key encryption and decryption server by utilizing management key
Row encryption and decryption, and manage key and encryption and decryption is carried out by the first dynamic key of management key encryption and decryption server by utilizing.Therefore, dynamic
Key server need to be sent into management key encryption and decryption server in the first new dynamic key of generation.
So, business cipher key encryption and decryption server can be according to management key, to for adding to business datum
The business cipher key of decryption is encrypted, and then obtains the ciphertext of business cipher key, and by the ciphertext of this business cipher key send to
Business datum encryption and decryption server, by business datum encryption and decryption server storage so that business datum encryption and decryption server storage
Business cipher key be business cipher key ciphertext, the security of business cipher key is added, so as in business datum encryption and decryption server
When the ciphertext of business cipher key is stored to database, the security of the data stored in database can be increased, and then increase number
According to security.Also, when business cipher key encryption and decryption server by utilizing manages key to business cipher key progress encryption and decryption, without week
Phase property changes management key, and can be entered by managing key encryption and decryption server by key is managed using the first dynamic key
Row encryption, realize while the workload of business cipher key encryption and decryption is not increased, do not reduce the safety of business cipher key
Property.
As shown in figure 5, the embodiments of the invention provide a kind of processing method of data safety, the place applied to data safety
Reason system, the processing system of data safety include:Business cipher key encryption and decryption server, business datum encryption and decryption server, dynamic
Key server, management key encryption and decryption server.
Business cipher key encryption and decryption server needs to add business cipher key using managing key in embodiments of the present invention
Decryption processing.And in order to increase the security of data, business cipher key encryption and decryption server is to pass through pipe in storage management key
Reason key encryption and decryption server will be managed after key is encrypted, the ciphertext of storage management key.Therefore, in business cipher key plus solution
, it is necessary to be carried out using the plaintext for managing key to business cipher key at encryption and decryption when close server needs that business cipher key is encrypted
Reason.The ciphertext of management key in business cipher key encryption and decryption server storage, therefore, business cipher key encryption and decryption server needs elder generation
The ciphertext for managing key is decrypted by managing key.Based on this, the processing method of data safety includes:
Step S501, manage key encryption and decryption server and receive the first dynamic key that dynamic key server is sent.
Specifically, the management key that management key encryption and decryption server can be sent to business cipher key encryption and decryption server enters
Row encryption and decryption, and key encryption and decryption server is managed when carrying out encryption and decryption to management key, the first dynamic key need to be used, because
This can receive the first dynamic key of dynamic key server transmission.
Step S502, manage key encryption and decryption server and receive the management key solution that business cipher key encryption and decryption server is sent
Close request message.
Wherein, the ciphertext that management key is carried in the decoding request message of key is managed.
Specifically, when business cipher key encryption and decryption server need to be using key be managed to business cipher key progress encryption and decryption, in industry
The ciphertext of management key is stored in business key encryption and decryption server, it is necessary to manage key encryption and decryption server to management key
Ciphertext is decrypted.Now, business cipher key encryption and decryption server will manage key ciphertext added to management key decryption please
Ask in message, send into management key encryption and decryption server.Management key encryption and decryption server receives the solution of this management key
In close request message, and the decoding request message of this management key is parsed, the decoding request for parsing management key disappears
The ciphertext of the management key carried in breath.
Step S503, the first dynamic key of key encryption and decryption server by utilizing is managed the ciphertext for managing key is decrypted
Processing, obtain the plaintext of management key.
Specifically, management key encryption and decryption server can utilize the first dynamic when parsing the ciphertext of management key
Processing is decrypted to the ciphertext of this management key in key, the plaintext of the management key after being decrypted.
It should be noted that when processing is decrypted to management key in management key encryption and decryption server, used solution
Close algorithm is corresponding with AES, can be set in advance.Can be that symmetric encipherment algorithm or asymmetric encryption are calculated
Method, it can also be signature and verification algorithm etc., the invention is not limited in this regard.
It should be noted that management key of the management key encryption and decryption server to different business key encryption and decryption server
The first dynamic key being encrypted can be identical, and now, corresponding decruption key is also identical.So, manage close
Key encryption and decryption server carries out a kind of first dynamic key of storage and corresponding decruption key.And in management key encryption and decryption service
When management key is encrypted using cryptographic symmetrical algorithm for device, also through this first dynamic key to the close of management key
Processing is decrypted in text.
Further, the management key of different business key encryption and decryption server is entered in management key encryption and decryption server
First dynamic key of row encryption not exclusively simultaneously, can be each for different business cipher key encryption and decryption server storages in storage
Individual first dynamic key and corresponding decruption key.As, by business cipher key encryption and decryption server and the first dynamic key and right
The corresponding storage of decruption key answered.Now, business cipher key encryption and decryption server is sending business cipher key encryption request message and industry
During business secret key decryption request message, it is both needed to carry the identification information of business cipher key encryption and decryption server, adds solution to manage key
Close server can determine each business cipher key encryption and decryption server according to the identification information of business cipher key encryption and decryption server
Management key corresponding to the first dynamic key and corresponding decruption key, and then carry out corresponding encryption and decryption processing.
It should be noted that the identification information of business cipher key encryption and decryption server is to refer to uniquely indicate business cipher key
The information of encryption and decryption server.
Step S504, key encryption and decryption server is managed to send the plaintext for managing key to business cipher key encryption and decryption service
Device.
Specifically, after management key encryption and decryption server manages the plaintext of key at decryption, can be by this management key
Plaintext be sent directly in business cipher key encryption and decryption server, make it that business cipher key encryption and decryption server is close according to this management
The plaintext of key carries out corresponding encryption and decryption processing to business cipher key.
So, management key is decrypted by managing key encryption and decryption server, obtains the bright of management key
Text, and then the plaintext for managing key is sent to business encryption and decryption server so that business cipher key encryption and decryption server can root
According to management key, the business cipher key for carrying out encryption and decryption to business datum is encrypted, and then obtain business cipher key
Ciphertext, and the ciphertext of this business cipher key is sent to business datum encryption and decryption server, by business datum encryption and decryption server
Storage so that the business cipher key of business datum encryption and decryption server storage is the ciphertext of business cipher key, adds business cipher key
Security, so as to which when business datum encryption and decryption server stores the ciphertext of business cipher key to database, data can be increased
The security of the data stored in storehouse, and then increase the security of data.
As shown in fig. 6, the embodiments of the invention provide a kind of processing method of data safety, the place applied to data safety
Reason system, the processing system of data safety include:Business cipher key encryption and decryption server, business datum encryption and decryption server, dynamic
Key server.The processing method of data safety includes:
Step S601, dynamic key server periodically according at least one authorisation device send the second dynamic key more
New first dynamic key.
Specifically, with reference to step S301, will not be repeated here.
Step S602, dynamic key server sends the first dynamic key to business cipher key encryption and decryption server.Business is close
Key encryption and decryption server receives the first dynamic key that dynamic key server is sent.
Wherein, the first dynamic key by dynamic key server periodically according at least one authorisation device send second
Dynamic key updates.
Specifically, with reference to step S302, will not be repeated here.
Now, the first encryption key that business cipher key encryption and decryption server obtains is the first dynamic key.
Step S603, business datum encryption and decryption server sends business cipher key encryption to business cipher key encryption and decryption server and asked
Seek message.Business cipher key encryption and decryption server receives the business cipher key CIPHERING REQUEST that business datum encryption and decryption server is sent and disappeared
Breath.
Wherein, business cipher key is carried in business cipher key encryption request message, business cipher key is to be used to enter business datum
The key of row encryption and decryption.
Specifically, with reference to step S201 and step S101, will not be repeated here.
It should be noted that the embodiment of the present invention is not limited to the order between step S602 and step S603.Can first it hold
Row step S602, performing step S603;Step S603 can also be first carried out, is performing step S602,;It can also perform simultaneously
Step S602 and step S603.A kind of situation is only represented in the example shown.
Step S604, business cipher key encryption and decryption server obtains and business cipher key is encrypted according to the first dynamic key
Processing, obtain the ciphertext of business cipher key.
Specifically, with reference to step S103, will not be repeated here.
Step S605, business cipher key encryption and decryption server sends the ciphertext of business cipher key to business datum encryption and decryption service
Device.Business datum encryption and decryption server receives and stored the ciphertext for the business cipher key that the key encryption and decryption server is sent.
Specifically, with reference to step S104 and step S202, will not be repeated here.
Further, when the ciphertext of business cipher key need to be decrypted for business datum encryption and decryption server, can perform
Following step.
Step S606, business datum encryption and decryption server sends the decoding request of business cipher key to business encryption and decryption server
Message.Business cipher key adds the decoding request message of the business cipher key of solution business device reception business datum encryption and decryption server transmission.
Wherein, the ciphertext of business cipher key is carried in the decoding request message of business cipher key
Specifically, when storing the ciphertext of business cipher key in business datum encryption and decryption server, business datum encryption and decryption
Directly business datum can not be encrypted using this business cipher key for server.Now, business datum encryption and decryption server
Need first business cipher key to be decrypted processing, because business cipher key encryption and decryption server can carry out encryption and decryption to business cipher key
Processing and business datum encryption and decryption server can not direct decryption services key ciphertext, therefore, business datum encryption and decryption service
Device is needed to be added to the ciphertext of business cipher key in the decoding request message of business cipher key, and the decoding request of this business cipher key is disappeared
Breath is sent into business cipher key encryption and decryption server.
Step S607, place is decrypted to the ciphertext of business cipher key according to management key in business cipher key encryption and decryption server
Reason, obtain the plaintext of business cipher key.
Specifically, business cipher key encryption and decryption server after the decoding request message of business cipher key is received, parses this industry
The decoding request message of business key, so as to parse the ciphertext of business cipher key., can after the ciphertext of business cipher key is parsed
So that processing is decrypted to the ciphertext of this business cipher key according to the management key for encrypting this business cipher key, and then obtain business cipher key
Plaintext.
It should be noted that business cipher key encryption and decryption server solves according to management key to the ciphertext of business cipher key
Close processing, the process of the plaintext of business cipher key is obtained, with management key encryption and decryption server according to the first dynamic key to management
Processing is decrypted in the ciphertext of key, and the process of the plaintext of acquisition management key is similar, will not be repeated here.
Step S608, business cipher key encryption and decryption server sends the plaintext of business cipher key to business datum encryption and decryption service
Device.Business datum encryption and decryption server receives the plaintext for the business cipher key that business cipher key encryption and decryption server is sent.
Specifically, business cipher key encryption and decryption server sends it to business number after the plaintext of business cipher key is parsed
According to encryption and decryption server.Now, business datum encryption and decryption server receives the business of this business cipher key encryption and decryption server transmission
The plaintext of key, and handled using the encryption and decryption of the corresponding business datum of plaintext progress of this business cipher key.
So, business cipher key encryption and decryption server can be according to the first dynamic key, to for entering to business datum
The business cipher key of row encryption and decryption is encrypted, and then obtains the ciphertext of business cipher key, and the ciphertext of this business cipher key is sent out
Business datum encryption and decryption server is delivered to, by business datum encryption and decryption server storage so that business datum encryption and decryption server
The business cipher key of storage is the ciphertext of business cipher key, adds the security of business cipher key, so as to be taken in business datum encryption and decryption
When business device stores the ciphertext of business cipher key to database, the security of the data stored in database, Jin Erzeng can be increased
The security of addend evidence.
The embodiments of the invention provide a kind of processing method of data safety, applied to the processing system of data safety, number
Include according to the processing system of safety:Business cipher key encryption and decryption server, business datum encryption and decryption server, dynamic key service
Device, management key encryption and decryption server.
It should be noted that in embodiments of the present invention, different business datums corresponds to different business cipher keys, to industry
During key progress encryption and decryption of being engaged in, if using the first dynamic key, because the first dynamic key need to periodically update, now, need
Encryption and decryption processing is re-started to each business cipher key, because business cipher key is more, frequently business cipher key is carried out plus solved
Close processing, workload is larger, and data safe processing efficiency is low.In order to reduce workload, and it can guarantee that business cipher key can be added
It is close, and the first dynamic key periodically updated can be utilized, encryption and decryption can be carried out to business cipher key by management key.I.e.
To carry out encryption and decryption to management key using the first dynamic key, business cipher key is encrypted using key is managed, such one
Come, it is only necessary to encryption and decryption is carried out when needed to business cipher key, without every time renewal the first dynamic key when, again to each industry
Key of being engaged in carries out encryption and decryption processing, and then only needs to carry out encryption and decryption processing to management key.Because the quantity for managing key is less than
Business cipher key, therefore workload can be reduced, improve data safe processing efficiency.
As shown in fig. 7, the processing method of data safety includes:
Step S701, the second dynamic key that dynamic key server is periodically sent according at least one authorisation device is given birth to
Into the first dynamic key.
Specifically, keeper can generate one section and move by least one authorisation device by generating dynamic key program
State key is the second dynamic key, and sends the second dynamic key to dynamic key server, and dynamic key server can be with
Dynamical Secret Key Building Algorithm is utilized according to the second dynamic key, generates the first dynamic key.
Further, in order to strengthen the security of the first dynamic key production, now, dynamic key server periodicity root
The second dynamic key sent according at least one authorisation device, which updates first dynamic key, to be included:Dynamic key server week
The second dynamic key that phase property is sent according to three authorisation devices updates the first dynamic key.
As, three keepers generate one section respectively respectively by the dynamic key production program in three authorisation devices
Dynamic key, one section of dynamic key of generation is the second dynamic key in as each authorisation device, and every authorisation device
The second dynamic key that itself is generated is sent to dynamic key server.Now, dynamic key server receives three
Two dynamic key, and then three the second dynamic key can be formed by the first dynamic key according to Dynamical Secret Key Building Algorithm.
It should be noted that the number that dynamic key server generates the second dynamic key needed for the first dynamic key can
To pre-set according to the actual requirements, the invention is not limited in this regard.
Step S702, dynamic key server sends the first dynamic key to management key encryption and decryption server.Manage close
Key encryption and decryption server receives the first dynamic key that dynamic key server is sent.
Specifically, referring to step S402 and step S501, will not be repeated here.
Step S703, business cipher key encryption and decryption server sends management key encryption to management key encryption and decryption server and asked
Seek message.Management key encryption and decryption server receives the management key CIPHERING REQUEST that business cipher key encryption and decryption server is sent and disappeared
Breath.
Wherein, manage in key encryption request message and carry management key, to manage key encryption and decryption server
Management key is encrypted.
Specifically, when business cipher key encryption and decryption server needs storage management key, need that first management key is encrypted
Processing, and in order to improve security, business cipher key encryption and decryption server needs to carry out management key by other equipment plus solution
The management key that need to be encrypted can be added to management key CIPHERING REQUEST by close processing, now, business cipher key encryption and decryption server
In message.Management key encryption and decryption server receives this management key encryption request message.
Step S704, the first dynamic key of key encryption and decryption server by utilizing is managed management key is encrypted,
Obtain the ciphertext of management key.
Specifically, key encryption and decryption server is managed after management key encryption request message is received, can be with analytic tube
Key encryption request message is managed, gets management key.Management key encryption and decryption server, can be with after management key is got
Management key is encrypted using the first dynamic key, obtains managing the ciphertext of key.Manage key encryption and decryption service
Device can will manage response of the ciphertext as management key encryption request message of key after the ciphertext of management key is got
Message is sent into business cipher key encryption and decryption server.
It should be noted that when management key is encrypted management key encryption and decryption server, it is used to add
Close algorithm can be set in advance, can be symmetric encipherment algorithm or rivest, shamir, adelman, can also be unidirectional
AES or signature and verification algorithm, the invention is not limited in this regard.
It should be noted that after management key is encrypted management key encryption and decryption server, management key adds
Decryption server memory contains its corresponding decruption key, when the ciphertext that manage key need to be decrypted, need to pass through management
Processing is decrypted in key encryption and decryption server.
Step S705, key encryption and decryption server is managed to send the ciphertext for managing key to business cipher key encryption and decryption service
Device.The ciphertext for the management key that business cipher key encryption and decryption server is received and storage management key encryption and decryption server is sent.
Specifically, management key encryption and decryption server is sent to industry after it will manage key and be encrypted to the ciphertext of management key
Business key encryption and decryption server.Now, business cipher key encryption and decryption server is receiving the server transmission of management key encryption and decryption
Management key ciphertext after, stored into corresponding database.
Further, when the business cipher key for needing to be stored in business datum encryption and decryption server is encrypted, it is necessary to
Encryption and decryption processing is carried out to business cipher key by business cipher key encryption and decryption server.Now business can be carried out by following step
The encryption process of key.
Step S706, business datum encryption and decryption server sends business cipher key encryption to business cipher key encryption and decryption server and asked
Seek message.Business cipher key encryption and decryption server receives the business cipher key CIPHERING REQUEST that business datum encryption and decryption server is sent and disappeared
Breath.
Wherein, business cipher key is carried in business cipher key encryption request message, business cipher key is to be used to enter business datum
The key of row encryption and decryption.
Specifically, referring to step S201 and step S101, will not be repeated here.
It should be noted that business cipher key encryption and decryption server after business cipher key encryption request message is received, it is necessary to
Business cipher key is encrypted using key is managed, now, the management key stored in business cipher key encryption and decryption server
It is probably the management key of the plaintext, as unencryption that manage key, it is also possible to the ciphertext of key is managed, after as encrypting
Manage key, now, business cipher key encryption and decryption server is different according to the type of the management key of its memory storage, progress it is following
Step is different.Add when business cipher key encryption and decryption server memory has stored up the ciphertext of management key, it is necessary to first pass through management key
The ciphertext for managing key is decrypted decryption server, after obtaining the plaintext of management key, could utilize and manage the bright of key
Business cipher key is encrypted text, now performs step S707- steps S710;In business cipher key encryption and decryption server memory
When having stored up the plaintext of management key, step S710 can be directly performed.
Step S707, when the management key of business cipher key encryption and decryption server storage is manages the ciphertext of key, business
Key encryption and decryption server sends the decoding request message of management key to management key encryption and decryption server.Management key adds solution
Close server receives the management secret key decryption request message that business cipher key encryption and decryption server is sent.
Wherein, the ciphertext that management key is carried in the decoding request message of key is managed.
Specifically, when the management key stored in business cipher key encryption and decryption server is manages the ciphertext of key, explanation
The management key after encryption is stored in business cipher key encryption and decryption server, business cipher key encryption and decryption server can not be utilized directly
Business cipher key is encrypted this management key.Now, business cipher key encryption and decryption server needs first to enter management key
Row decryption processing, due to management key encryption and decryption server can to management key carry out encryption and decryption processing and business cipher key adds solution
Close server can not directly decrypt the ciphertext of management key, and therefore, business cipher key encryption and decryption server needs that key will be managed
Ciphertext is added in the decoding request message of management key, and decoding request message of this management key is sent to management key and added
Decrypt in server.
Wherein, the management secret key decryption that key encryption and decryption server reception business cipher key encryption and decryption server is sent is managed to ask
Ask the process of message to may be referred to step S502, will not be repeated here.
Step S708, the first dynamic key of key encryption and decryption server by utilizing is managed the ciphertext for managing key is decrypted
Processing, obtain the plaintext of management key.
Specifically, may be referred to step S503, will not be repeated here.
Step S709, key encryption and decryption server is managed to send the plaintext for managing key to business cipher key encryption and decryption service
Device.Business cipher key encryption and decryption server receives the plaintext for the management key that management key encryption and decryption server is sent.
Specifically, may be referred to step S504, will not be repeated here.
Step S710, business cipher key encryption and decryption server obtains and business cipher key is added according to the plaintext of management key
Close processing, obtain the ciphertext of business cipher key.
Specifically, may be referred to step S103, will not be repeated here.
Step S711, business cipher key encryption and decryption server sends the ciphertext of business cipher key to business datum encryption and decryption service
Device.Business datum encryption and decryption server receives and stores the ciphertext of the business cipher key of key encryption and decryption server transmission.
Specifically, may be referred to step S104 and step S202, will not be repeated here.
Further, business datum encryption and decryption server is after the ciphertext of business cipher key is stored, if desired business cipher key
Plaintext when, processing the ciphertext of business cipher key can not be directly decrypted, it is necessary to which business is close in business datum encryption and decryption server
Processing is decrypted to the ciphertext of business cipher key in key encryption and decryption server.Now perform following step.
Step S712, business datum encryption and decryption server sends the decoding request of business cipher key to business encryption and decryption server
Message.The decoding request that business cipher key encryption and decryption server receives the business cipher key that business datum encryption and decryption server is sent disappears
Breath.
Specifically, referring to step S606, will not be repeated here.
Step S713, place is decrypted to the ciphertext of business cipher key according to management key in business cipher key encryption and decryption server
Reason, obtain the plaintext of business cipher key.
Specifically, referring to step S607, will not be repeated here.
Step S714, business cipher key encryption and decryption server sends the plaintext of business cipher key to business datum encryption and decryption service
Device.Business datum encryption and decryption server receives the plaintext for the business cipher key that business cipher key encryption and decryption server is sent.
Specifically, referring to step S608, will not be repeated here.
It should be noted that the embodiment of the present invention is between step S701- step S711, with step S712- steps S714
Order is limited.Step S701- step S711 can be first carried out, are performing step S712- steps S714;Step can also be first carried out
Rapid S712- step S714, performing step S701- steps S711;Step S701- step S711 can also be performed simultaneously, with step
Rapid S712- steps S714.A kind of situation is only represented in the example shown.
Further, because the first dynamic key needs periodically renewal, can now be carried out more by following step
Newly.
Step S715, dynamic key server periodically according at least one authorisation device send the second dynamic key more
New first dynamic key.
Specifically, the process of the dynamic key of dynamic key server update first and dynamic key server generation first are dynamic
The process of state key is identical, refers to step S701, will not be repeated here.
Step S716, dynamic key server sends the first dynamic key to management key encryption and decryption server.Manage close
Key encryption and decryption server receives the first dynamic key that dynamic key server is sent.
Specifically, referring to step S701, will not be repeated here.
It should be noted that key encryption and decryption server is managed after the first dynamic key is received, can be current by itself
First dynamic key of storage is deleted, and stores the first newest dynamic key.
Step S717, dynamic key server obtains the ciphertext of management key from business cipher key encryption and decryption server, and
Processing is decrypted to the ciphertext for managing key using the first dynamic key before renewal, obtains the plaintext of management key.
Specifically, dynamic key server is after it have updated the first dynamic key, can be to business cipher key encryption and decryption service
Device sends the request message of the ciphertext of management key, and now, business cipher key encryption and decryption server is receiving the close of management key
After the request message of text, the ciphertext of the management key of its memory storage can be sent into dynamic key server.Dynamic key
After server receives the ciphertext of management key of business cipher key encryption and decryption server transmission, first before renewal can be utilized to move
State key, to processing is decrypted, obtains managing the plaintext of key to the ciphertext for managing key.
Step S718, dynamic key server is carried out according to the first dynamic key after renewal to the plaintext for managing key
Encryption, the ciphertext of generation management key.
Specifically, dynamic key server after the plaintext of management key is parsed, can utilize first after renewal to move
The plaintext for managing key is encrypted state key, retrieves the ciphertext of management key.
It should be noted that place is encrypted to the plaintext for managing key in the dynamic key of dynamic key server by utilizing first
The process phase that management key is encrypted with management the first dynamic key of key encryption and decryption server by utilizing for the process of reason
Together.
Step S719, the ciphertext of newly-generated management key is sent to business cipher key encryption and decryption and taken by dynamic key server
Business device.The ciphertext for the newly-generated management key that business cipher key encryption server reception dynamic key server is sent, and according to
The ciphertext for the management key that the ciphertext of the newly-generated management key received updates to have stored.
Specifically, when dynamic key server sends the ciphertext of management key to business cipher key encryption and decryption server, industry
Its of key encryption and decryption of being engaged in server reception dynamic key server transmission is obtained using the first dynamic key encryption after renewal
Management key ciphertext, and will stored in its corresponding database management key ciphertext delete, will be from dynamic key
The ciphertext of the management key received in server is stored into its corresponding database.As, the newly-generated pipe of reception is utilized
The ciphertext for the management key that the ciphertext of reason key updates to have stored.
Because the first dynamic key stored in management key encryption and decryption server is after dynamic key server update
First dynamic key, after the ciphertext renewal of the management key stored in business cipher key encryption and decryption server, manage key encryption and decryption
Server is that the ciphertext of the management key in business cipher key encryption and decryption server is carried out using the first dynamic key of renewal
Decryption processing, and then obtain managing the plaintext of key.
So, business cipher key encryption and decryption server can be according to management key, to for adding to business datum
The business cipher key of decryption is encrypted, and then obtains the ciphertext of business cipher key, and by the ciphertext of this business cipher key send to
Business datum encryption and decryption server, by business datum encryption and decryption server storage so that business datum encryption and decryption server storage
Business cipher key be business cipher key ciphertext, the security of business cipher key is added, so as in business datum encryption and decryption server
When the ciphertext of business cipher key is stored to database, the security of the data stored in database can be increased, and then increase number
According to security.
As shown in figure 8, the embodiments of the invention provide a kind of business cipher key ciphering and deciphering device, it is close applied to business is included
Key encryption and decryption server, the business cipher key encryption and decryption service in the processing system of the data safety of business datum encryption and decryption server
In device;Business cipher key ciphering and deciphering device includes:
Receiving unit 801, for receiving the business cipher key encryption request message of business datum encryption and decryption server transmission.
Wherein, business cipher key is carried in business cipher key encryption request message, business cipher key is to be used to enter business datum
The key of row encryption and decryption.
Processing unit 802, for obtaining the first encryption key.
Specifically, the first encryption key includes:First dynamic key, now, processing unit 802 are specifically used for, and receive dynamic
The first dynamic key that state key server is sent.
Wherein, first dynamic key is periodically sent out by the dynamic key server according at least one authorisation device
The the second dynamic key renewal sent.
Or first encryption key includes:Manage the plaintext of key.Now, processing unit 802 triggers transmitting element
803 send the decoding request message of management key to management key encryption and decryption server.
Wherein, the ciphertext that the management key is carried in the decoding request message of key is managed.
Receiving unit 801, it is additionally operable to receive the plaintext for the management key that management key encryption and decryption server is sent.
Processing unit 802, it is additionally operable to, according to the first encryption key, obtain and business cipher key is encrypted, obtains industry
The ciphertext of business key.
Transmitting element 803, for the ciphertext of business cipher key to be sent to business datum encryption and decryption server, to cause business
Data encrypting and deciphering server receives and stores the ciphertext of the business cipher key of key encryption and decryption server transmission.
Further, above-mentioned business cipher key ciphering and deciphering device, as shown in figure 9, also including:Memory cell 804.
Transmitting element 803, it is additionally operable to send management key encryption request message to management key encryption and decryption server.
Wherein, manage in key encryption request message and carry management key, to manage key encryption and decryption server
Management key is encrypted.
Receiving unit 801, it is additionally operable to receive the ciphertext for the management key that reason key encryption and decryption server is sent.
Memory cell 804, the ciphertext for storage management key.
Further, receiving unit 801, it is additionally operable to receive the solution for the business cipher key that business datum encryption and decryption server is sent
Close request message.
Wherein, the ciphertext of business cipher key is carried in the decoding request message of business cipher key.
Processing unit 802, is additionally operable to according to management key, and processing is decrypted to the ciphertext of business cipher key, obtains business
The plaintext of key.
Transmitting element 803, it is additionally operable to send the plaintext of business cipher key to business datum encryption and decryption server.
Further, receiving unit 801, it is additionally operable to receive the newly-generated management key that institute's dynamic key server is sent
Ciphertext.
Memory cell 804, it is additionally operable to update the management to have stored according to the ciphertext of the newly-generated management key of reception
The ciphertext of key.
So, business cipher key ciphering and deciphering device can be according to the first encryption key, to for being carried out to business datum
The business cipher key of encryption and decryption is encrypted, and then obtains the ciphertext of business cipher key, and the ciphertext of this business cipher key is sent
To business datum encryption and decryption server, by business datum encryption and decryption server storage so that business datum encryption and decryption server is deposited
The business cipher key of storage is the ciphertext of business cipher key, adds the security of business cipher key, so as in business datum encryption and decryption service
When device stores the ciphertext of business cipher key to database, the security of the data stored in database can be increased, and then increase
The security of data.
As shown in Figure 10, the embodiments of the invention provide a kind of business datum ciphering and deciphering device, applied to including business
Key encryption and decryption server, the business datum encryption and decryption clothes in the processing system of the data safety of business datum encryption and decryption server
It is engaged in device;The business datum ciphering and deciphering device includes:
Transmitting element 901, for sending business cipher key encryption request message to business cipher key encryption and decryption server.
Wherein, business cipher key is carried in business cipher key encryption request message, business cipher key is to be used to enter business datum
The key of row encryption and decryption.
Receiving unit 902, the ciphertext of the business cipher key for receiving the transmission of key encryption and decryption server.
Memory cell 903, the ciphertext for storage service key.
Further, above-mentioned transmitting element 901, it is additionally operable to the business cipher key sent to business cipher key encryption and decryption server
Decoding request message.
Wherein, the ciphertext of business cipher key is carried in the decoding request message of business cipher key.
Receiving unit 902, it is additionally operable to receive the plaintext for the business cipher key that business cipher key encryption and decryption server is sent.
So, business datum ciphering and deciphering device can get business cipher key by business cipher key encryption and decryption server
Ciphertext, and the ciphertext of storage service key, the security of business cipher key is added, so as in business datum encryption and decryption server
When the ciphertext of business cipher key is stored to database, the security of the data stored in database can be increased, and then increase number
According to security.
As shown in figure 11, the embodiments of the invention provide a kind of dynamic key device, add applied to business cipher key is included
Decrypt server, business datum encryption and decryption server, the dynamic in the processing system of the data safety of dynamic key server is close
In key server.The dynamic key device includes:
Processing unit 1001, for periodicity according to the second dynamic key renewal that at least one authorisation device is sent
First dynamic key.
Transmitting element 1002, for sending the first dynamic key to key encryption and decryption server.
So, dynamic key device sends the first dynamic key to business cipher key encryption and decryption server so that
Business cipher key encryption and decryption server can be according to the first dynamic key, to the business cipher key for carrying out encryption and decryption to business datum
It is encrypted, and then obtains the ciphertext of business cipher key, and the ciphertext of this business cipher key is sent to business datum encryption and decryption
Server, by business datum encryption and decryption server storage so that the business cipher key of business datum encryption and decryption server storage is industry
Be engaged in the ciphertext of key, so as to add the security of business cipher key, so as in business datum encryption and decryption server by business cipher key
Ciphertext when storing to database, the security of the data stored in database can be increased, and then increase the security of data.
As shown in figure 12, the embodiments of the invention provide a kind of dynamic key device, add applied to business cipher key is included
Decrypt server, business datum encryption and decryption server, the dynamic in the processing system of the data safety of dynamic key server is close
In key server.The dynamic key device includes:
Processing unit 1101, the second dynamic key renewal first sent for periodicity according at least one authorisation device
Dynamic key.
Transmitting element 1102, for sending the first dynamic key to management key encryption and decryption server.
Further, processing unit 1101, it is additionally operable to obtain the close of management key from business cipher key encryption and decryption server
Text, and processing is decrypted to the ciphertext for managing key using the first dynamic key before renewal, obtain the plaintext of management key.
Processing unit 1101, it is additionally operable to according to the first dynamic key after renewal, the plaintext for managing key is encrypted
Processing, the ciphertext of generation management key.
Transmitting element 1102, it is additionally operable to send the ciphertext of newly-generated management key to business cipher key encryption and decryption service
Device.
So, dynamic key ciphering and deciphering device can send the first dynamic key to management key encryption and decryption service
In device, management key encryption and decryption server can be made to carry out encryption and decryption processing to management key according to the first dynamic key, so as to
So that the management key of business cipher key encryption and decryption server storage is the ciphertext of business cipher key, the safety of management key is added
Property, so as to increase the security of the data stored in database, and then increase the security of data.
As shown in figure 13, the embodiment of the present invention has passed through a kind of management key device, adds applied to business cipher key is included
Decrypt server, business datum encryption and decryption server, dynamic key server, the data safety of management key encryption and decryption server
Processing system in management key encryption and decryption server in.Management key device includes:
Receiving unit 1201, for receiving the first dynamic key of dynamic key server transmission.
Receiving unit 1201, the management secret key decryption request for being additionally operable to receive the transmission of business cipher key encryption and decryption server disappear
Breath.
Wherein, the ciphertext that management key is carried in the decoding request message of key is managed.
Processing unit 1202, for processing to be decrypted to the ciphertext for managing key using the first dynamic key, obtain pipe
Manage the plaintext of key.
Transmitting element 1203, for the plaintext for managing key to be sent to business cipher key encryption and decryption server.
Further, receiving unit 1201, the management key for being additionally operable to receive the transmission of business cipher key encryption and decryption server add
Close request message.
Wherein, manage in key encryption request message and carry management key.
Processing unit 1202, it is additionally operable to that management key is encrypted using the first dynamic key, it is close obtains management
The ciphertext of key.
Transmitting element 1203, it is additionally operable to send the ciphertext for managing key to business cipher key encryption and decryption server.
So, manage key to be encrypted key is managed by the first dynamic key, business cipher key adds solution
Close server, to being encrypted for the business cipher key that encryption and decryption is carried out to business datum, can enter according to management key
And the ciphertext of business cipher key is obtained, and the ciphertext of this business cipher key is sent to business datum encryption and decryption server, by business number
According to encryption and decryption server storage so that the business cipher key of business datum encryption and decryption server storage is the ciphertext of business cipher key, is increased
The security of business cipher key is added, so as to store the ciphertext of business cipher key to database in business datum encryption and decryption server
When, the security of the data stored in database can be increased, and then increase the security of data.Also, business cipher key adds solution
When close server by utilizing management key carries out encryption and decryption to business cipher key, key is managed without periodic replacement, and can lead to
Cross management key encryption and decryption server and be encrypted key is managed using the first dynamic key, realizing is not increasing industry
While the workload for key encryption and decryption of being engaged in, the security of business cipher key is not reduced.So the present invention effectively overcome it is existing
Various shortcoming in technology and have high industrial utilization.
As shown in figure 14, the embodiments of the invention provide a kind of processing system of data safety, including business cipher key plus solution
Close server 1301, business datum encryption and decryption server 1302, dynamic key server 1303, manage key encryption and decryption server
1304。
Wherein, the business cipher key encryption and decryption dress described in above-described embodiment is included in business cipher key encryption and decryption server 1301
Put.
Include the business datum ciphering and deciphering device described in above-described embodiment in business datum encryption and decryption server 1302.
Include the dynamic key device described in above-described embodiment in dynamic key server 1303.
Include the management key ciphering and deciphering device described in above-described embodiment in management key encryption and decryption server 1304.
The above-described embodiments merely illustrate the principles and effects of the present invention, not for the limitation present invention.It is any ripe
Know the personage of this technology all can carry out modifications and changes under the spirit and scope without prejudice to the present invention to above-described embodiment.Cause
This, those of ordinary skill in the art is complete without departing from disclosed spirit and institute under technological thought such as
Into all equivalent modifications or change, should by the present invention claim be covered.
Claims (17)
- A kind of 1. processing method of data safety, it is characterised in that applied to the processing system of data safety, the data safety Processing system include:Business cipher key encryption and decryption server, business datum encryption and decryption server;The processing side of the data safety Method includes:The business cipher key encryption and decryption server receives the business cipher key encryption that the business datum encryption and decryption server is sent please Seek message;Business cipher key is carried in the business cipher key encryption request message, the business cipher key is used for business datum Carry out the key of encryption and decryption;The business cipher key encryption and decryption server obtains the first encryption key;The business cipher key encryption and decryption server obtains and place is encrypted to the business cipher key according to first encryption key Reason, obtain the ciphertext of business cipher key;The business cipher key encryption and decryption server sends the ciphertext of the business cipher key to the business datum encryption and decryption service Device, to cause the business datum encryption and decryption server to receive and store the business cipher key of the key encryption and decryption server transmission Ciphertext.
- 2. the processing method of data safety according to claim 1, it is characterised in that the processing system of the data safety Also include:Dynamic key server;First encryption key includes:First dynamic key;The business cipher key encryption and decryption server obtains dynamic first encryption key and specifically included:The business cipher key encryption and decryption server receives first dynamic key that the dynamic key server is sent;Its In, first dynamic key is periodically moved by the dynamic key server according to the second of the transmission of at least one authorisation device State key updating.
- 3. the processing method of data safety according to claim 2, it is characterised in that the processing system of the data safety Also include:Manage key server;First encryption key includes:Manage the plaintext of key;The business cipher key encryption and decryption server, which obtains the first encryption key, to be included:When the management key of the business cipher key encryption and decryption server storage is manages the ciphertext of key, the business cipher key adds Decrypt the decoding request message that server sends management key to the management key encryption and decryption server;The management key The ciphertext of the management key is carried in decoding request message;The business cipher key encryption and decryption server receives the plaintext for the management key that the management key encryption and decryption server is sent.
- 4. the processing method of data safety according to claim 3, it is characterised in that also include:The business cipher key encryption and decryption server sends management key CIPHERING REQUEST to the management key encryption and decryption server and disappeared Breath;Management key is carried in the management key encryption request message, to cause the management key encryption and decryption server pair The management key is encrypted;The business cipher key encryption and decryption server receives and stored the management key that the management key encryption and decryption server is sent Ciphertext.
- 5. the processing method of data safety according to claim 1, it is characterised in that also include:The business cipher key encryption and decryption server receives the decryption for the business cipher key that the business datum encryption and decryption server is sent Request message;The ciphertext of the business cipher key is carried in the decoding request message of the business cipher key;Place is decrypted to the ciphertext of the business cipher key according to the management key in the business cipher key encryption and decryption server Reason, obtain the plaintext of business cipher key;The business cipher key encryption and decryption server sends the plaintext of the business cipher key to the business datum encryption and decryption service Device.
- 6. the processing method of the data safety according to claim any one of 3-5, it is characterised in that also include:The business cipher key encryption and decryption server receives the close of the newly-generated management key that the dynamic key server is sent Text, and update according to the ciphertext of the newly-generated management key of reception the ciphertext of the management key to have stored.
- A kind of 7. processing method of data safety, it is characterised in that applied to the processing system of data safety, the data safety Processing system include:Business cipher key encryption and decryption server, business datum encryption and decryption server;The processing side of the data safety Method includes:The business datum encryption and decryption server sends business cipher key CIPHERING REQUEST to the business cipher key encryption and decryption server and disappeared Breath;Business cipher key is carried in the business cipher key encryption request message, the business cipher key is to be used to carry out business datum The key of encryption and decryption;The business datum encryption and decryption server receives and stored the close of the business cipher key that the key encryption and decryption server is sent Text.
- A kind of 8. processing method of data safety, it is characterised in that applied to the processing system of data safety, the data safety Processing system include:Business cipher key encryption and decryption server, business datum encryption and decryption server, dynamic key server;It is described The processing method of data safety includes:The second dynamic key renewal that the dynamic key server is periodically sent according at least one authorisation device described the One dynamic key;The dynamic key server sends first dynamic key to the business cipher key encryption and decryption server.
- A kind of 9. processing method of data safety, it is characterised in that applied to the processing system of data safety, the data safety Processing system include:Business cipher key encryption and decryption server, business datum encryption and decryption server, dynamic key server, management Key encryption and decryption server;The processing method of the data safety includes:The second dynamic key renewal that the dynamic key server is periodically sent according at least one authorisation device described the One dynamic key;The dynamic key server sends first dynamic key to the management key encryption and decryption server.
- 10. the processing method of data safety according to claim 9, it is characterised in that in the dynamic key server After the second dynamic key periodically sent according at least one authorisation device updates first dynamic key, in addition to:The dynamic key server obtains the ciphertext of management key from the business cipher key encryption and decryption server, and using more Processing is decrypted to the ciphertext of the management key in the first dynamic key before new, obtains the plaintext of the management key;Place is encrypted to the plaintext of the management key according to the first dynamic key after renewal in the dynamic key server Reason, generate the ciphertext of the management key;The dynamic key server sends the ciphertext of newly-generated management key to the business cipher key encryption and decryption server.
- A kind of 11. processing method of data safety, it is characterised in that applied to the processing system of data safety, the data peace Full processing system includes:Business cipher key encryption and decryption server, business datum encryption and decryption server, dynamic key server, pipe Manage key encryption and decryption server;The processing method of the data safety includes:The management key encryption and decryption server receives the first dynamic key that the dynamic key server is sent;The management key encryption and decryption server receives the management secret key decryption that the business cipher key encryption and decryption server is sent please Seek message;The ciphertext of the management key is carried in the decoding request message of the management key;The ciphertext of the management key is decrypted the first dynamic key described in the management key encryption and decryption server by utilizing Processing, obtain the plaintext of the management key;The management key encryption and decryption server sends the plaintext of the management key to the business cipher key encryption and decryption service Device.
- 12. the processing method of data safety according to claim 11, it is characterised in that in the management key encryption and decryption After server receives the first dynamic key that the dynamic key server is sent, in addition to:The management key encryption and decryption server receives the management key encryption that the business cipher key encryption and decryption server is sent please Seek message;Management key is carried in the management key encryption request message;The management key is encrypted the first dynamic key described in the management key encryption and decryption server by utilizing, obtains Take the ciphertext of management key;The management key encryption and decryption server sends the ciphertext of the management key to the business cipher key encryption and decryption service Device.
- 13. a kind of business cipher key ciphering and deciphering device, it is characterised in that applied to including business cipher key encryption and decryption server, industry In business cipher key encryption and decryption server in the processing system of the data safety of business data encrypting and deciphering server;The business cipher key Ciphering and deciphering device includes:Receiving unit, the business cipher key encryption request message sent for receiving the business datum encryption and decryption server;It is described Business cipher key is carried in business cipher key encryption request message, the business cipher key is for carrying out encryption and decryption to business datum Key;Processing unit, for obtaining the first encryption key;The processing unit, it is additionally operable to, according to first encryption key, obtain and the business cipher key is encrypted, obtain Take the ciphertext of business cipher key;Transmitting element, for the ciphertext of the business cipher key to be sent to the business datum encryption and decryption server, to cause State the ciphertext that business datum encryption and decryption server received and stored the business cipher key that the key encryption and decryption server is sent.
- 14. a kind of business datum ciphering and deciphering device, it is characterised in that applied to including business cipher key encryption and decryption server, industry In business datum encryption and decryption server in the processing system of the data safety of business data encrypting and deciphering server;The business datum Ciphering and deciphering device includes:Transmitting element, for sending business cipher key encryption request message to the business cipher key encryption and decryption server;The business Business cipher key is carried in key encryption request message, the business cipher key is for carrying out the close of encryption and decryption to business datum Key;Receiving unit, the ciphertext of the business cipher key sent for receiving the key encryption and decryption server;Memory cell, for storing the ciphertext of the business cipher key.
- 15. a kind of dynamic key device, it is characterised in that applied to including business cipher key encryption and decryption server, business datum Encryption and decryption server, in the dynamic key server in the processing system of the data safety of dynamic key server;The dynamic Key device includes:Processing unit, the second dynamic key renewal first dynamic sent for periodicity according at least one authorisation device Key;Transmitting element, for sending first dynamic key to key encryption and decryption server.
- 16. a kind of dynamic key device, it is characterised in that applied to including business cipher key encryption and decryption server, business datum Encryption and decryption server, dynamic key server, manage key encryption and decryption server data safety processing system in dynamic In key server;The dynamic key device includes:Processing unit, the second dynamic key renewal first dynamic sent for periodicity according at least one authorisation device Key;Transmitting element, for sending first dynamic key to the management key encryption and decryption server.
- 17. one kind management key device, it is characterised in that applied to including business cipher key encryption and decryption server, business datum Encryption and decryption server, dynamic key server, manage key encryption and decryption server data safety processing system in management In key encryption and decryption server;The management key device includes:Receiving unit, the first dynamic key sent for receiving the dynamic key server;The receiving unit, the management secret key decryption request for being additionally operable to receive the business cipher key encryption and decryption server transmission disappear Breath;The ciphertext of the management key is carried in the decoding request message of the management key;The processing unit, for processing to be decrypted to the ciphertext of the management key using first dynamic key, obtain Take the plaintext of the management key;Transmitting element, for the plaintext of the management key to be sent to the business cipher key encryption and decryption server.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610802566.5A CN107800535A (en) | 2016-09-05 | 2016-09-05 | A kind of processing method and processing device of data safety |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610802566.5A CN107800535A (en) | 2016-09-05 | 2016-09-05 | A kind of processing method and processing device of data safety |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107800535A true CN107800535A (en) | 2018-03-13 |
Family
ID=61529835
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610802566.5A Pending CN107800535A (en) | 2016-09-05 | 2016-09-05 | A kind of processing method and processing device of data safety |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107800535A (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111008400A (en) * | 2019-11-29 | 2020-04-14 | 恩亿科(北京)数据科技有限公司 | Data processing method, device and system |
CN111327616A (en) * | 2020-02-25 | 2020-06-23 | 上海东普信息科技有限公司 | Key management method, device, equipment and computer readable storage medium |
CN112100639A (en) * | 2020-11-03 | 2020-12-18 | 广州市玄武无线科技股份有限公司 | Data encryption transmission method and system based on metadata service information |
CN114095152A (en) * | 2020-08-03 | 2022-02-25 | 天翼电子商务有限公司 | Method, system, medium and apparatus for updating key and encrypting and decrypting data |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1374474A2 (en) * | 2001-03-09 | 2004-01-02 | Arcot Systems, Inc. | Method and apparatus for cryptographic key storage wherein key servers are authenticated by possession and secure distribution of stored keys |
CN101064598A (en) * | 2006-04-28 | 2007-10-31 | 腾讯科技(深圳)有限公司 | Method for encrypting and deciphering client instant communication data |
CN101141246A (en) * | 2006-09-05 | 2008-03-12 | 华为技术有限公司 | Service key obtaining method and subscription management server |
CN101282208A (en) * | 2007-04-05 | 2008-10-08 | 华为技术有限公司 | Method for updating safety connection incident master key as well as server and network system |
CN101939947A (en) * | 2008-02-29 | 2011-01-05 | 三菱电机株式会社 | Key management server, terminal, key sharing system, key distribution program, key reception program, key distribution method, and key reception method |
CN105320896A (en) * | 2015-10-21 | 2016-02-10 | 成都卫士通信息产业股份有限公司 | Cloud storage encryption and ciphertext retrieval methods and systems |
-
2016
- 2016-09-05 CN CN201610802566.5A patent/CN107800535A/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1374474A2 (en) * | 2001-03-09 | 2004-01-02 | Arcot Systems, Inc. | Method and apparatus for cryptographic key storage wherein key servers are authenticated by possession and secure distribution of stored keys |
CN101064598A (en) * | 2006-04-28 | 2007-10-31 | 腾讯科技(深圳)有限公司 | Method for encrypting and deciphering client instant communication data |
CN101141246A (en) * | 2006-09-05 | 2008-03-12 | 华为技术有限公司 | Service key obtaining method and subscription management server |
CN101282208A (en) * | 2007-04-05 | 2008-10-08 | 华为技术有限公司 | Method for updating safety connection incident master key as well as server and network system |
CN101939947A (en) * | 2008-02-29 | 2011-01-05 | 三菱电机株式会社 | Key management server, terminal, key sharing system, key distribution program, key reception program, key distribution method, and key reception method |
CN105320896A (en) * | 2015-10-21 | 2016-02-10 | 成都卫士通信息产业股份有限公司 | Cloud storage encryption and ciphertext retrieval methods and systems |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111008400A (en) * | 2019-11-29 | 2020-04-14 | 恩亿科(北京)数据科技有限公司 | Data processing method, device and system |
CN111327616A (en) * | 2020-02-25 | 2020-06-23 | 上海东普信息科技有限公司 | Key management method, device, equipment and computer readable storage medium |
CN114095152A (en) * | 2020-08-03 | 2022-02-25 | 天翼电子商务有限公司 | Method, system, medium and apparatus for updating key and encrypting and decrypting data |
CN112100639A (en) * | 2020-11-03 | 2020-12-18 | 广州市玄武无线科技股份有限公司 | Data encryption transmission method and system based on metadata service information |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109495274B (en) | Decentralized intelligent lock electronic key distribution method and system | |
CA3166915A1 (en) | Deanonymization method and system using blockchain-based and secret sha ring technologies | |
CN105610793B (en) | A kind of outsourcing data encryption storage and cryptogram search system and its application process | |
US20110158405A1 (en) | Key management method for scada system | |
CN110880972A (en) | Block chain key management system based on safe multiparty calculation | |
JP2020535771A (en) | Encrypted data storage system and method based on key remote storage | |
CN103414682A (en) | Method for cloud storage of data and system | |
WO2020192285A1 (en) | Key management method, security chip, service server and information system | |
Saroj et al. | Threshold cryptography based data security in cloud computing | |
CN106416123A (en) | Password-based authentication | |
CN107800535A (en) | A kind of processing method and processing device of data safety | |
CN109586908A (en) | A kind of safe packet transmission method and its system | |
JP2016158189A (en) | Change direction with key control system and change direction with key control method | |
WO2017061950A1 (en) | Data security system and method for operation thereof | |
WO2019119238A1 (en) | Data exchange method and system based on unmanned aerial vehicle, and ground control terminal and server | |
CN110061957A (en) | Data encryption, decryption method, user terminal, server and data management system | |
CN110460436A (en) | Hardware device key management method, system, storage medium and computer equipment | |
CN108882030A (en) | A kind of monitor video classification encryption and decryption method and system based on time-domain information | |
CN110378128A (en) | Data ciphering method, device and terminal device | |
JP6302851B2 (en) | Re-encryption method, re-encryption system, and re-encryption device | |
CN108599928A (en) | key management method and device | |
CN105681253A (en) | Data encryption transmission method, equipment and gateway in centralized network | |
CN107659405B (en) | The encrypting and decrypting method of data communication between a kind of substation boss station | |
CN116340331A (en) | Large instrument experimental result evidence-storing method and system based on blockchain | |
CN107534552A (en) | The distribution and checking of transaction integrality key |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
CB02 | Change of applicant information |
Address after: 200082 room 901-908, East Daming Road, Hongkou District, Shanghai, 901-908 Applicant after: SHANGHAI MOBANKER INFORMATION TECHNOLOGY Co.,Ltd. Address before: 200080, room 1050, 901-908 Daming Road, Shanghai, Hongkou District Applicant before: SHANGHAI MOBANKER FINANCE INFORMATION SERVICE Co.,Ltd. |
|
CB02 | Change of applicant information | ||
AD01 | Patent right deemed abandoned |
Effective date of abandoning: 20211022 |
|
AD01 | Patent right deemed abandoned |