CN109525388A - A kind of combined ciphering method and system of cipher key separation - Google Patents
A kind of combined ciphering method and system of cipher key separation Download PDFInfo
- Publication number
- CN109525388A CN109525388A CN201710848067.4A CN201710848067A CN109525388A CN 109525388 A CN109525388 A CN 109525388A CN 201710848067 A CN201710848067 A CN 201710848067A CN 109525388 A CN109525388 A CN 109525388A
- Authority
- CN
- China
- Prior art keywords
- data
- key
- ciphertext
- kdc
- user terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/083—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of combined ciphering method and system of cipher key separation, it is related to data safety and technical field of the computer network, its method includes: that data are divided into data first part and data Part by user terminal, and data first part is encrypted using the terminal key obtained from Key Distribution Center KDC, obtain data first part ciphertext;Data first part ciphertext and the data Part are sent to server end by the user terminal, so that server end is encrypted using data Part described in the server end key pair obtained from the KDC, obtain data Part ciphertext.
Description
Technical field
The present invention relates to data safety and technical field of the computer network, in particular to a kind of combined ciphering of cipher key separation
Method and system.
Background technique
With the fast development of mobile Internet and radio network technique, a large amount of digitized data can be all generated daily,
People increasingly pay close attention to the personal secrets of data, and data encryption is one of the main means for protecting privacy.On the one hand, in order to protect
Data safety is demonstrate,proved, the Encryption Algorithm used is encrypted and key becomes increasingly complex, especially when equipment computing capability is limited, such as hand
Machine, set-top box etc., encryption and decryption time-consuming can be very long, affect experience;On the other hand, encryption at present is usually that a key is arranged in a side
Then file is encrypted, then in encrypted data and key storage to server end or set-top box, but is worked as
When key is obtained by a hacker, the sensitive information of user will be revealed, and in addition be required the calculated performance of encryption side very high.Therefore,
In order to protect privacy and promote encryption and decryption efficiency, multi-party participation key generates and data encrypting and deciphering will become trend.
With the development of mobile internet, mobile phone is more more and more universal, and people can be taken pictures by mobile phone, be done shopping.
But Life intravenous drip or photograph are saved when people want on server end (such as network machine top box or cloud server end etc.)
When piece, in order to protect privacy, current existing method is divided into two classes, and 1, encrypted on mobile phone, then upload onto the server
It is stored on end, 2, data are transferred on server end, server end carries out encryption storage.But above two method is all one
Side participates in the encryption and decryption of file, especially the first, it is very high to mobile phone performance requirement, and lose when this side's key, then hidden
Personal letter breath will will be leaked, and second needs server end calculated performance very strong, but in mobile internet environment, user
The calculated performance at terminal and server end (being not limited to set-top box) is not very high.In addition, when user wants to share with other users
When encryption data, a kind of method is exactly key to be issued other users, but will increase disclosure risk, and another method is exactly to make
With new key again encrypted document, but it just will increase memory space.
Summary of the invention
The technical issues of scheme provided according to embodiments of the present invention solves is to calculate and the limited server of storage capacity
End is there are data safety privacy leakage risk and stores limited.
A kind of combined ciphering method of the cipher key separation provided according to embodiments of the present invention, comprising:
Data are divided into data first part and data Part by user terminal, and are utilized from Key Distribution Center
The terminal key that KDC (Key Distribution Center, Key Distribution Center) is obtained adds data first part
It is close, obtain data first part ciphertext;
Data first part ciphertext and the data Part are sent to server end by the user terminal, with
Just server end is encrypted using data Part described in the server end key pair obtained from the KDC, obtains data
Second part ciphertext.
Preferably, data first part is being carried out using the terminal key obtained from Key Distribution Center KDC to encrypt it
Before, further includes:
The user terminal receives the KDC according to institute by sending the registration request comprising server information to KDC
State the terminal key of registration request return.
Preferably, data are divided into data first part and data Part by the user terminal, and are utilized from close
Key Distribution Center KDC obtains terminal key and encrypts to data first part, and obtaining data first part ciphertext includes:
The user terminal by data carry out random division, obtain data first part, data Part and
Data partitioning information;
The user terminal encrypts data first part using the terminal key, and it is close to obtain data first part
Text.
Preferably, further includes:
When checking the data, by being utilized respectively the terminal key and the server-side data key first
Point ciphertext and data Part are decrypted, and are spliced the plaintext after decryption using the data partitioning information, extensive
It appears again the data.
Preferably, when the user terminal checks the data, by being utilized respectively the terminal key and the clothes
Wu Duan data key first part's ciphertext and data Part are decrypted, and will be decrypted using the data partitioning information
Plaintext afterwards is spliced, and is recovered the data and is included:
The user terminal receives the server end using data Part ciphertext described in the server-side key pair
Plaintext second part obtained by being decrypted;
After the user terminal receives the plaintext second part, using the terminal key to the data first
Point ciphertext is decrypted, and obtains plaintext first part;
The user terminal is using the data partitioning information to obtained plaintext second part and plaintext first part
Spliced, recovers the data.
A kind of combined ciphering method of the cipher key separation provided according to embodiments of the present invention, comprising:
Data first part ciphertext, data Part and the data segmentation letter that received server-side user terminal is sent
Breath, and encrypted using from the data Part in ciphertext component described in the server end key pair that the KDC is obtained, it obtains
To data Part ciphertext;
Server end is by received data first part ciphertext, data partitioning information and obtained data second
Point ciphertext is saved.
A kind of combined ciphering system of the cipher key separation provided according to embodiments of the present invention, comprising:
User terminal for data to be divided into data first part and data Part, and is distributed using from key
Center KDC obtains terminal key and encrypts to data first part, after obtaining data first part ciphertext, by the data the
A part of ciphertext and the data Part are sent to server end;
Server end, for being added using data Part described in the server end key pair obtained from the KDC
It is close, obtain data Part ciphertext.
Preferably, the user terminal includes:
Cutting unit, for by data carry out random division, obtain data first part, data Part and
Data partitioning information;
Encryption unit is utilized for the user terminal by sending the registration request comprising server information to KDC
And the terminal key returned encrypts data first part, obtains data first part ciphertext.
A kind of combined ciphering equipment of the cipher key separation provided according to embodiments of the present invention, the equipment include: processor,
And the memory with processor coupling;The cipher key separation that can be run on the processor is stored on the memory
Combined ciphering program, when the program of the combined ciphering of the cipher key separation is executed by the processor realize include:
Data are divided into data first part and data Part, and using obtaining from Key Distribution Center KDC
Terminal key encrypts data first part, obtains data first part ciphertext;
Data first part ciphertext and the data Part are sent to server end, so as to server end benefit
The data Part described in the server end key pair obtained from the KDC is encrypted, and data Part ciphertext is obtained.
A kind of computer storage medium provided according to embodiments of the present invention, is stored with the journey of the combined ciphering of cipher key separation
It is realized when the program of sequence, the combined ciphering of the cipher key separation is executed by processor and includes:
Receive data first part ciphertext, data Part and data partitioning information that user terminal is sent, and benefit
It is encrypted with from the data Part in ciphertext component described in the server end key pair that the KDC is obtained, obtains data
Second part ciphertext;
By received data first part ciphertext, data partitioning information and obtained data Part ciphertext into
Row saves.
The scheme provided according to embodiments of the present invention simultaneously participates in number by user terminal and server in data encryption
According to encryption, encryption and decryption efficiency can effectively improve.It is close not needing to share by increasing access control policy in ciphertext component
Under the premise of key, allows multiple users to access the same encryption data, the storage capacity of server can be mitigated in this way.
Detailed description of the invention
Fig. 1 is a kind of combined ciphering method flow diagram of cipher key separation provided in an embodiment of the present invention;
Fig. 2 is a kind of combined ciphering system schematic of cipher key separation provided in an embodiment of the present invention;
Fig. 3 is the encryption flow illustraton of model of cipher key separation provided in an embodiment of the present invention;
Fig. 4 is the decryption procedural model figure of cipher key separation provided in an embodiment of the present invention;
Fig. 5 is the method flow diagram of cipher key separation provided in an embodiment of the present invention;
Fig. 6 is the data ciphering method flow chart of cipher key separation provided in an embodiment of the present invention;
Fig. 7 is the user key generation method flow chart of cipher key separation provided in an embodiment of the present invention;
Fig. 8 is the access data method flow diagram of cipher key separation provided in an embodiment of the present invention.
Specific embodiment
Below in conjunction with attached drawing to a preferred embodiment of the present invention will be described in detail, it should be understood that described below is excellent
Select embodiment only for the purpose of illustrating and explaining the present invention and is not intended to limit the present invention.
Fig. 1 is a kind of combined ciphering method flow diagram of cipher key separation provided in an embodiment of the present invention, as shown in Figure 1, packet
It includes:
Step S101: data are divided into data first part and data Part by user terminal, and are utilized from key
The terminal key that Distribution Center KDC is obtained encrypts data first part, obtains data first part ciphertext;
Step S102: data first part ciphertext and the data Part are sent to clothes by the user terminal
Business device end, so that server end is encrypted using data Part described in the server end key pair obtained from the KDC,
Obtain data Part ciphertext.
Wherein, before being encrypted using the terminal key obtained from Key Distribution Center KDC to data first part,
Further include: the user terminal receives the KDC according to institute by sending the registration request comprising server information to KDC
State the terminal key of registration request return.
Wherein, data are divided into data first part and data Part by the user terminal, and are utilized from key
Distribution Center KDC obtains terminal key and encrypts to data first part, and obtaining data first part ciphertext includes: the use
Family terminal obtains data first part, data Part and data partitioning information by carrying out random division to data;Institute
It states user terminal and data first part is encrypted using the terminal key, obtain data first part ciphertext.
The embodiment of the invention also includes: when checking the data, by being utilized respectively the terminal key and the clothes
Wu Duan data key first part's ciphertext and data Part are decrypted, and will be decrypted using the data partitioning information
Plaintext afterwards is spliced, and the data are recovered.
Wherein, when the user terminal checks the data, by being utilized respectively the terminal key and the service
End data key first part ciphertext and data Part are decrypted, and will be after decryption using the data partitioning information
Plaintext spliced, recovering the data includes: that the user terminal receives the server end and utilizes the server-side
Plaintext second part obtained by data Part ciphertext described in key pair is decrypted;The user terminal, which receives, to be stated clearly
After literary second part, data first part ciphertext is decrypted using the terminal key, obtains plaintext first part;
The user terminal splices obtained plaintext second part and plaintext first part using the data partitioning information,
Recover the data.
A kind of combined ciphering method of the cipher key separation provided according to embodiments of the present invention, comprising:
Data first part ciphertext, data Part and the data segmentation letter that received server-side user terminal is sent
Breath, and encrypted using from the data Part in ciphertext component described in the server end key pair that the KDC is obtained, it obtains
To data Part ciphertext;
Server end is by received data first part ciphertext, data partitioning information and obtained data second
Point ciphertext is saved.
Fig. 2 is a kind of combined ciphering system schematic of cipher key separation provided in an embodiment of the present invention, as shown in Fig. 2, packet
It includes: user terminal 201, for data to be divided into data first part and data Part, and using from key distribution
Heart KDC obtains terminal key and encrypts to data first part, after obtaining data first part ciphertext, by data first part
Ciphertext and the data Part are sent to server end;Server end 202, for utilizing the service obtained from the KDC
Data Part described in the key pair of device end is encrypted, and data Part ciphertext is obtained.
Wherein, the user terminal 201 includes: cutting unit, for obtaining data by carrying out random division to data
First part, data Part and data partitioning information;Encryption unit is utilized for the user terminal by KDC
The terminal key for sending the registration request comprising server information and returning encrypts data first part, obtains data
First part's ciphertext.
A kind of combined ciphering equipment of the cipher key separation provided according to embodiments of the present invention, the equipment include: processor,
And the memory with processor coupling;The cipher key separation that can be run on the processor is stored on the memory
Combined ciphering program, when the program of the combined ciphering of the cipher key separation is executed by the processor realize include:
Data are divided into data first part and data Part, and using obtaining from Key Distribution Center KDC
Terminal key encrypts data first part, obtains data first part ciphertext;
Data first part ciphertext and the data Part are sent to server end, so as to server end benefit
The data Part described in the server end key pair obtained from the KDC is encrypted, and data Part ciphertext is obtained.
A kind of computer storage medium provided according to embodiments of the present invention, is stored with the journey of the combined ciphering of cipher key separation
It is realized when the program of sequence, the combined ciphering of the cipher key separation is executed by processor and includes:
Receive data first part ciphertext, data Part and data partitioning information that user terminal is sent, and benefit
It is encrypted with from the data Part in ciphertext component described in the server end key pair that the KDC is obtained, obtains data
Second part ciphertext;
By received data first part ciphertext, data partitioning information and obtained data Part ciphertext into
Row saves.
Fig. 3 is the encryption flow illustraton of model of cipher key separation provided in an embodiment of the present invention, as shown in Figure 3, comprising: (1) uses
Family endpoint to register KDC simultaneously requests key;(2) KDC distributes key;(3) the encrypted ciphertext component in part is uploaded;(4) server
Request key;(5) KDC distributes key.
Fig. 4 is the decryption procedural model figure of cipher key separation provided in an embodiment of the present invention, as shown in Figure 3, comprising: (1) uses
Family terminal (the ciphertext owner) requests ciphertext access;(2) the ciphertext component after the decryption of server returning part;(3) authorization terminal
User requests key;(4) KDC distributes key;(5) end authorized user (ciphertext visitor) request ciphertext access;(6) server
Send ciphertext access strategy;(7) KDC returns to ciphertext owner key and generates median;(8) server returns to clear data to eventually
Hold authorized user.
System proposed by the present invention includes component: user terminal, authorization terminal, server end and KDC.Wherein, user
Terminal includes encryption/decryption module, access strategy generation module;Authorization terminal, user terminal is not involved in encryption and access strategy generates
When process, when being only involved in decrypting process, then referred to as authorization terminal;Server end includes encryption/decryption module, access strategy management
Module;KDC includes key management module and access strategy management module.
Fig. 5 is the method flow diagram of cipher key separation provided in an embodiment of the present invention, as shown in Figure 5, comprising:
S1: system initialization, user terminal generates ciphertext access strategy, and sends ciphertext access strategy and application to KDC
Key;
S2:KDC firstly generates user terminal key, and is sent to user terminal, is then sent using user terminal close
Literary access strategy generates user key and generates median, and KDC only saves user key and generates median
S3: user terminal splits clear data, carries out encryption generation in plain text using the key pair part of KDC distribution
Ciphertext, then data partitioning information, access strategy, cipher text part and clear portion are sent jointly to server end by user,
User needs to save key
S4: server end receives the ciphertext component of user's transmission, then to KDC application key
S5:KDC receives the key application of server end request, then generates key to server end and is sent to server
End
S6: server end receives the key of KDC distribution, encrypts to the clear portion in ciphertext component, then packet
In ciphertext component storage to server end containing data partitioning information, ciphertext and access strategy, in addition server end needs to protect
Deposit its key.
S7: when user terminal sends decoding request, server end first determines whether the user is the ciphertext owner, if
It is then to walk S8, if access user is not the ciphertext owner, walk S9-S11
S8: server end decrypts the cipher text part of its encryption using the key that it possesses, and then ciphertext component is sent to
The part of user terminal, its encryption of the key pair that then user terminal is possessed using it is decrypted, and then divides according to data
Information merges recovery to data.
S9: authorized user is first to KDC application key, and when authorized user sends decoding request, server end is true first
Recognize the access strategy whether authorized user meets ciphertext, if not satisfied, then rejection accesses, if meeting the access strategy of ciphertext,
Its key is sent to server end by authorized user
S10: server end receives the key of authorized user, then authorized user's key and ciphertext access strategy is sent to
KDC, KDC find the corresponding ciphertext owner key of the authorized user according to ciphertext access strategy and generate median, then this
Value is sent to server end
S11: server end receives the median, then key, authorized user's key and the ciphertext possessed using it is all
Person's key generates middleware and decrypts ciphertext, is then merged according to data partitioning information and restores clear data, is then sent to authorization
User
Fig. 6 is the data ciphering method flow chart of cipher key separation provided in an embodiment of the present invention, as shown in fig. 6, encrypting
When, user terminal (being not limited to mobile phone) and the not high server end (being not limited to set-top box) of performance are involved in encryption, by a KDC
Carry out key distribution.KDC sends a key to user terminal and server end respectively, and user terminal is split data,
Then it is encrypted using the key that it possesses, ciphertext and clear portion is then issued server end, server end makes again
The key pair clear portion possessed with it is encrypted, and is then stored, and when decryption, which needs two sides to simultaneously participate in, can just be decrypted correctly.
Encryption and decryption is participated in by two sides in this way, not only increases efficiency, and also preventing key from will lead to by side storage, system occur weak safely
Point, improves safety.In addition, when carrying out data encryption, access control policy, access control can be arranged to data in user
Mechanism transfers to server end and KDC to manage, and the access control policy set by it, key are submitted when user is to KDC application key
Distribution module generates corresponding key according to the access strategy and generates median, when authorized user needs to access encryption file,
Server end carries out ciphertext solution to the key that the corresponding key of KDC application generates median and authorized user according to access strategy
It is close, and clear data is sent to authorized user, ensure that server end only stores a ciphertext in this way.
It is described in detail below with reference to technology contents of the Fig. 6 to Fig. 8 to the embodiment of the present invention: application scenarios: network
Set-top box photo (file) is shared safely
Key generates, as shown in Figure 7:
System initialization first, user terminal (including set-top box, mobile phone etc.) are registered to Key Distribution Center KDC,
And request key.
Encryption, as shown in Figure 6:
User A prepares using encryption storage is carried out in mobile phone upload pictures to set-top box, and user obtains key Ka from KDC,
And chartered user's (including set-top box) list on the set-top box is obtained from Key Distribution Center, user A is arranged according to user
Table formulates the access strategy (user in access strategy could access the photo of user A encryption, referred to as authorized user) of photo,
Then access strategy is sent to KDC by user A, is allowed it to generate a Ka for each user in access strategy and is generated median,
It is saved by KDC.Then it is respectively PT1 and PT2 that user, which generates 2 parts to picture file random division, and retains segmentation information, benefit
Encryption is carried out to a portion clear data PT1 with Ka and Encryption Algorithm (being not limited to AES, DES etc.) and generates ciphertext CT1, so
User A is ciphertext component (including ciphertext CT1, plaintext PT2, segmentation and encryption information, Encryption Algorithm, access strategy, user A afterwards
Mark) it is sent to set-top box.The ciphertext component that set-top box receives user A transmission adds plaintext PT2 according to segmentation information
It is dense at ciphertext CT2, the ciphertext component of the photo of final set top box side storage user A include ciphertext CT1, ciphertext CT2, segmentation and
Encryption information, Encryption Algorithm, access strategy, user A mark.
Data are accessed, as shown in Figure 8:
1, user A checks the encryption photo CT stored on set-top box on the mobile phone of oneself:
User A to set-top box send photo access request, set-top box first determine whether user A identity tag whether with ciphertext
In the owner mark it is identical, if identical, be proved to be user A, then set-top box first according to segmentation and encryption information solution
The part of its close encryption, the ciphertext component after then set-top box decrypts part are sent to user A, and then user A is according to segmentation
Two plaintext components are decrypted and spliced to remaining ciphertext with encryption information, finally recover photo and in cell phone client
Upper display.
2, the encryption photo CT that user A is stored on the set-top box is checked
If including set-top box in the access strategy in ciphertext component, as long as inputting corresponding key on the set-top box
Can check picture, process is as follows: set-top box decrypts the cipher text part of its encryption first, then its key and access strategy hair
KDC is given, KDC generates the key of user A according to the key of access strategy and set-top box, is then sent to set-top box, set-top box
Remaining ciphertext component is decrypted using the key of user A, the final photo for obtaining user A upload is simultaneously shown on the set-top box.
3, user B checks the encryption photo CT that user A is stored on the set-top box
User B sends the encryption photo CT that access user A is removed in request to set-top box, and whether set-top box first determines whether user B
In access strategy in CT, if it was not then the access of set-top box refusal user B, if user B in access strategy, is used
Key is sent to set-top box by family B, and the key and access strategy of user B are sent to KDC simultaneously by set-top box, then KDC according to
The key that median generates user A is sent to set-top box, the key of key, user A that set-top box is possessed using it and segmentation
Plaintext photo is acquired with encryption information decryption, and is sent to user B, end user B can check photo at the terminal.
In decrypting 2,3 situations, the key of the user A generated on set-top box be all it is interim, without storage, when being to award
When power user will access the encryption photo of user A, it is to guarantee user A that selection, which allows set-top box to undertake task of decryption completely,
Key is not shared with authorized user, preferably guarantees the privacy of user A, and in the case where decrypting 1, selection by set-top box with
User A simultaneously participates in decryption, is to mitigate both sides' burden to improve decryption efficiency in the case where guaranteeing safety.
The scheme provided according to embodiments of the present invention is added by cipher key separation user terminal and server end collaboration
It is close, and use the mode of ciphertext component and access strategy, it is ensured that a ciphertext is realized in the case where not shared key and is given
Different user accesses, and under the premise of guaranteeing safety, reduces the storage overhead of set-top box and the calculating of both sides
Burden.
Although describing the invention in detail above, but the invention is not restricted to this, those skilled in the art of the present technique
It can be carry out various modifications with principle according to the present invention.Therefore, all to be modified according to made by the principle of the invention, all it should be understood as
Fall into protection scope of the present invention.
Claims (10)
1. a kind of combined ciphering method of cipher key separation, comprising:
Data are divided into data first part and data Part by user terminal, and are utilized and obtained from Key Distribution Center KDC
The terminal key taken encrypts data first part, obtains data first part ciphertext;
Data first part ciphertext and the data Part are sent to server end by the user terminal, with housecoat
Business device end is encrypted using data Part described in the server end key pair obtained from the KDC, obtains data second
Part ciphertext.
2. according to the method described in claim 1, using the terminal key that is obtained from Key Distribution Center KDC to data first
Before part is encrypted, further includes:
The user terminal receives the KDC according to the note by sending the registration request comprising server information to KDC
The terminal key that volume request returns.
3. according to the method described in claim 2, data are divided into data first part and data second by the user terminal
Part, and data first part is encrypted using terminal key is obtained from Key Distribution Center KDC, obtain data first
Point ciphertext includes:
The user terminal obtains data first part, data Part and data by carrying out random division to data
Segmentation information;
The user terminal encrypts data first part using the terminal key, obtains data first part ciphertext.
4. according to the method described in claim 3, further include:
It is close by being utilized respectively the terminal key and server-side data key first part when checking the data
Text and data Part are decrypted, and are spliced the plaintext after decryption using the data partitioning information, recover
The data.
5. according to the method described in claim 4, when the user terminal checks the data, by being utilized respectively the end
End key and server-side data key first part's ciphertext and data Part are decrypted, and utilize the data
Segmentation information splices the plaintext after decryption, recovers the data and includes:
The user terminal is received the server end and is carried out using data Part ciphertext described in the server-side key pair
Plaintext second part obtained by decrypting;
It is close to the data first part using the terminal key after the user terminal receives the plaintext second part
Text is decrypted, and obtains plaintext first part;
The user terminal carries out obtained plaintext second part and plaintext first part using the data partitioning information
Splicing, recovers the data.
6. a kind of combined ciphering method of cipher key separation, comprising:
Data first part ciphertext, data Part and the data partitioning information that received server-side user terminal is sent,
And encrypted using from the data Part in ciphertext component described in the server end key pair that the KDC is obtained, it obtains
Data Part ciphertext;
Server end is close by received data first part ciphertext, data partitioning information and obtained data Part
Text is saved.
7. a kind of combined ciphering system of cipher key separation, comprising:
User terminal for data to be divided into data first part and data Part, and is utilized from Key Distribution Center
KDC obtains terminal key and encrypts to data first part, after obtaining data first part ciphertext, by the data first
Point ciphertext and the data Part are sent to server end;
Server end is obtained for being encrypted using data Part described in the server end key pair obtained from the KDC
To data Part ciphertext.
8. system according to claim 7, the user terminal include:
Cutting unit, for obtaining data first part, data Part and data by carrying out random division to data
Segmentation information;
Encryption unit returns and utilizing for the user terminal and include the registration request of server information by sending to KDC
The terminal key returned encrypts data first part, obtains data first part ciphertext.
9. a kind of combined ciphering equipment of cipher key separation, the equipment include: processor, and are deposited with what the processor coupled
Reservoir;The program of the combined ciphering for the cipher key separation that can be run on the processor is stored on the memory, it is described close
The program of the combined ciphering of key separation is realized when being executed by the processor
Data are divided into data first part and data Part, and utilize the terminal obtained from Key Distribution Center KDC
Data key first part is encrypted, and data first part ciphertext is obtained;
Data first part ciphertext and the data Part are sent to server end, so as to server end utilize from
Data Part described in the server end key pair that the KDC is obtained is encrypted, and data Part ciphertext is obtained.
10. a kind of computer storage medium, is stored with the program of the combined ciphering of cipher key separation, the combination of the cipher key separation adds
It is realized when close program is executed by processor and includes:
Receive user terminal send data first part ciphertext, data Part and data partitioning information, and using from
Data Part in ciphertext component described in the server end key pair that the KDC is obtained is encrypted, and data second are obtained
Part ciphertext;
Received data first part ciphertext, data partitioning information and obtained data Part ciphertext are protected
It deposits.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710848067.4A CN109525388B (en) | 2017-09-19 | 2017-09-19 | Combined encryption method and system with separated keys |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710848067.4A CN109525388B (en) | 2017-09-19 | 2017-09-19 | Combined encryption method and system with separated keys |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109525388A true CN109525388A (en) | 2019-03-26 |
CN109525388B CN109525388B (en) | 2022-07-15 |
Family
ID=65769397
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710848067.4A Active CN109525388B (en) | 2017-09-19 | 2017-09-19 | Combined encryption method and system with separated keys |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109525388B (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109977919A (en) * | 2019-04-10 | 2019-07-05 | 厦门一通灵信息科技有限公司 | Data processing method, medium, equipment and device based on recognition of face |
CN112187757A (en) * | 2020-09-21 | 2021-01-05 | 上海同态信息科技有限责任公司 | Multilink privacy data circulation system and method |
CN112866288A (en) * | 2021-03-01 | 2021-05-28 | 上海海事大学 | Data symmetric encryption method for double-plaintext transmission |
CN114285609A (en) * | 2021-12-10 | 2022-04-05 | 中国联合网络通信集团有限公司 | Encryption method, device, equipment and storage medium |
CN116599768A (en) * | 2023-07-13 | 2023-08-15 | 北京奇立软件技术有限公司 | Data encryption method for private data |
Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101471942A (en) * | 2007-12-26 | 2009-07-01 | 冲电气工业株式会社 | Encryption device and medium, decryption device and method, data delivery device, data receiving device, and data delivery system |
CN102611711A (en) * | 2012-04-09 | 2012-07-25 | 中山爱科数字科技股份有限公司 | Cloud data safe storing method |
CN102664928A (en) * | 2012-04-01 | 2012-09-12 | 南京邮电大学 | Data secure access method used for cloud storage and user terminal system |
EP2165284A4 (en) * | 2007-05-25 | 2012-12-19 | Splitstreem Oy | Method and apparatus for securing data in memory device |
CN103595793A (en) * | 2013-11-13 | 2014-02-19 | 华中科技大学 | Cloud data safe deleting system and method without support of trusted third party |
CN103685162A (en) * | 2012-09-05 | 2014-03-26 | 中国移动通信集团公司 | File storing and sharing method |
CN104182697A (en) * | 2014-08-15 | 2014-12-03 | 小米科技有限责任公司 | File encryption method and device |
CN104901942A (en) * | 2015-03-10 | 2015-09-09 | 重庆邮电大学 | Distributed access control method for attribute-based encryption |
CN106713508A (en) * | 2017-02-24 | 2017-05-24 | 重庆第二师范学院 | Data access method and system based on cloud server |
-
2017
- 2017-09-19 CN CN201710848067.4A patent/CN109525388B/en active Active
Patent Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP2165284A4 (en) * | 2007-05-25 | 2012-12-19 | Splitstreem Oy | Method and apparatus for securing data in memory device |
CN101471942A (en) * | 2007-12-26 | 2009-07-01 | 冲电气工业株式会社 | Encryption device and medium, decryption device and method, data delivery device, data receiving device, and data delivery system |
CN102664928A (en) * | 2012-04-01 | 2012-09-12 | 南京邮电大学 | Data secure access method used for cloud storage and user terminal system |
CN102611711A (en) * | 2012-04-09 | 2012-07-25 | 中山爱科数字科技股份有限公司 | Cloud data safe storing method |
CN103685162A (en) * | 2012-09-05 | 2014-03-26 | 中国移动通信集团公司 | File storing and sharing method |
CN103595793A (en) * | 2013-11-13 | 2014-02-19 | 华中科技大学 | Cloud data safe deleting system and method without support of trusted third party |
CN104182697A (en) * | 2014-08-15 | 2014-12-03 | 小米科技有限责任公司 | File encryption method and device |
CN104901942A (en) * | 2015-03-10 | 2015-09-09 | 重庆邮电大学 | Distributed access control method for attribute-based encryption |
CN106713508A (en) * | 2017-02-24 | 2017-05-24 | 重庆第二师范学院 | Data access method and system based on cloud server |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109977919A (en) * | 2019-04-10 | 2019-07-05 | 厦门一通灵信息科技有限公司 | Data processing method, medium, equipment and device based on recognition of face |
CN109977919B (en) * | 2019-04-10 | 2022-03-04 | 厦门一通灵信息科技有限公司 | Data processing method, medium, equipment and device based on face recognition |
CN112187757A (en) * | 2020-09-21 | 2021-01-05 | 上海同态信息科技有限责任公司 | Multilink privacy data circulation system and method |
CN112866288A (en) * | 2021-03-01 | 2021-05-28 | 上海海事大学 | Data symmetric encryption method for double-plaintext transmission |
CN114285609A (en) * | 2021-12-10 | 2022-04-05 | 中国联合网络通信集团有限公司 | Encryption method, device, equipment and storage medium |
CN114285609B (en) * | 2021-12-10 | 2024-02-13 | 中国联合网络通信集团有限公司 | Encryption method, device, equipment and storage medium |
CN116599768A (en) * | 2023-07-13 | 2023-08-15 | 北京奇立软件技术有限公司 | Data encryption method for private data |
CN116599768B (en) * | 2023-07-13 | 2023-09-26 | 北京奇立软件技术有限公司 | Data encryption method for private data |
Also Published As
Publication number | Publication date |
---|---|
CN109525388B (en) | 2022-07-15 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103327002B (en) | Based on the cloud memory access control system of attribute | |
CN109525388A (en) | A kind of combined ciphering method and system of cipher key separation | |
Moffat et al. | A survey on ciphertext-policy attribute-based encryption (CP-ABE) approaches to data security on mobile devices and its application to IoT | |
CN103763319B (en) | Method for safely sharing mobile cloud storage light-level data | |
CN110474893A (en) | A kind of isomery is across the close state data safety sharing method of trust domain and system | |
US20180144341A1 (en) | Encryption system, encryption key wallet and method | |
CN103179114A (en) | Fine-grained access control method for data in cloud storage | |
Samanthula et al. | An efficient and secure data sharing framework using homomorphic encryption in the cloud | |
CN111448779A (en) | System, device and method for hybrid secret sharing | |
CN106612271A (en) | Encryption and access control method for cloud storage | |
KR20180101870A (en) | Method and system for data sharing using attribute-based encryption in cloud computing | |
CN103152322A (en) | Method of data encryption protection and system thereof | |
Sethia et al. | CP-ABE for selective access with scalable revocation: A case study for mobile-based healthfolder. | |
Almuzaini et al. | Key aggregation cryptosystem and double encryption method for cloud-based intelligent machine learning techniques-based health monitoring systems | |
Tong et al. | Towards auditable cloud-assisted access of encrypted health data | |
CN107959725A (en) | The Publish-subscribe class service agreement of consideration privacy of user based on elliptic curve | |
KR101760376B1 (en) | Terminal and method for providing secure messenger service | |
Somorovsky et al. | SeC2: Secure Mobile Solution for Distributed Public Cloud Storages. | |
CN110474873A (en) | It is a kind of based on know range encryption electronic document access control method and system | |
Agrawal et al. | Access control framework using dynamic attributes encryption for mobile cloud environment | |
EP2680486A1 (en) | Key management | |
CN109639417A (en) | The more authorization encryption methods of high security | |
Sans et al. | A decentralized mnemonic backup system for non-custodial cryptocurrency wallets | |
CN212115339U (en) | Movable key supplement device and system based on quantum key | |
CN112671729B (en) | Internet of vehicles oriented anonymous key leakage resistant authentication method, system and medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |