CN109525388A - A kind of combined ciphering method and system of cipher key separation - Google Patents

A kind of combined ciphering method and system of cipher key separation Download PDF

Info

Publication number
CN109525388A
CN109525388A CN201710848067.4A CN201710848067A CN109525388A CN 109525388 A CN109525388 A CN 109525388A CN 201710848067 A CN201710848067 A CN 201710848067A CN 109525388 A CN109525388 A CN 109525388A
Authority
CN
China
Prior art keywords
data
key
ciphertext
kdc
user terminal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710848067.4A
Other languages
Chinese (zh)
Other versions
CN109525388B (en
Inventor
王明昕
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Priority to CN201710848067.4A priority Critical patent/CN109525388B/en
Publication of CN109525388A publication Critical patent/CN109525388A/en
Application granted granted Critical
Publication of CN109525388B publication Critical patent/CN109525388B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a kind of combined ciphering method and system of cipher key separation, it is related to data safety and technical field of the computer network, its method includes: that data are divided into data first part and data Part by user terminal, and data first part is encrypted using the terminal key obtained from Key Distribution Center KDC, obtain data first part ciphertext;Data first part ciphertext and the data Part are sent to server end by the user terminal, so that server end is encrypted using data Part described in the server end key pair obtained from the KDC, obtain data Part ciphertext.

Description

A kind of combined ciphering method and system of cipher key separation
Technical field
The present invention relates to data safety and technical field of the computer network, in particular to a kind of combined ciphering of cipher key separation Method and system.
Background technique
With the fast development of mobile Internet and radio network technique, a large amount of digitized data can be all generated daily, People increasingly pay close attention to the personal secrets of data, and data encryption is one of the main means for protecting privacy.On the one hand, in order to protect Data safety is demonstrate,proved, the Encryption Algorithm used is encrypted and key becomes increasingly complex, especially when equipment computing capability is limited, such as hand Machine, set-top box etc., encryption and decryption time-consuming can be very long, affect experience;On the other hand, encryption at present is usually that a key is arranged in a side Then file is encrypted, then in encrypted data and key storage to server end or set-top box, but is worked as When key is obtained by a hacker, the sensitive information of user will be revealed, and in addition be required the calculated performance of encryption side very high.Therefore, In order to protect privacy and promote encryption and decryption efficiency, multi-party participation key generates and data encrypting and deciphering will become trend.
With the development of mobile internet, mobile phone is more more and more universal, and people can be taken pictures by mobile phone, be done shopping. But Life intravenous drip or photograph are saved when people want on server end (such as network machine top box or cloud server end etc.) When piece, in order to protect privacy, current existing method is divided into two classes, and 1, encrypted on mobile phone, then upload onto the server It is stored on end, 2, data are transferred on server end, server end carries out encryption storage.But above two method is all one Side participates in the encryption and decryption of file, especially the first, it is very high to mobile phone performance requirement, and lose when this side's key, then hidden Personal letter breath will will be leaked, and second needs server end calculated performance very strong, but in mobile internet environment, user The calculated performance at terminal and server end (being not limited to set-top box) is not very high.In addition, when user wants to share with other users When encryption data, a kind of method is exactly key to be issued other users, but will increase disclosure risk, and another method is exactly to make With new key again encrypted document, but it just will increase memory space.
Summary of the invention
The technical issues of scheme provided according to embodiments of the present invention solves is to calculate and the limited server of storage capacity End is there are data safety privacy leakage risk and stores limited.
A kind of combined ciphering method of the cipher key separation provided according to embodiments of the present invention, comprising:
Data are divided into data first part and data Part by user terminal, and are utilized from Key Distribution Center The terminal key that KDC (Key Distribution Center, Key Distribution Center) is obtained adds data first part It is close, obtain data first part ciphertext;
Data first part ciphertext and the data Part are sent to server end by the user terminal, with Just server end is encrypted using data Part described in the server end key pair obtained from the KDC, obtains data Second part ciphertext.
Preferably, data first part is being carried out using the terminal key obtained from Key Distribution Center KDC to encrypt it Before, further includes:
The user terminal receives the KDC according to institute by sending the registration request comprising server information to KDC State the terminal key of registration request return.
Preferably, data are divided into data first part and data Part by the user terminal, and are utilized from close Key Distribution Center KDC obtains terminal key and encrypts to data first part, and obtaining data first part ciphertext includes:
The user terminal by data carry out random division, obtain data first part, data Part and Data partitioning information;
The user terminal encrypts data first part using the terminal key, and it is close to obtain data first part Text.
Preferably, further includes:
When checking the data, by being utilized respectively the terminal key and the server-side data key first Point ciphertext and data Part are decrypted, and are spliced the plaintext after decryption using the data partitioning information, extensive It appears again the data.
Preferably, when the user terminal checks the data, by being utilized respectively the terminal key and the clothes Wu Duan data key first part's ciphertext and data Part are decrypted, and will be decrypted using the data partitioning information Plaintext afterwards is spliced, and is recovered the data and is included:
The user terminal receives the server end using data Part ciphertext described in the server-side key pair Plaintext second part obtained by being decrypted;
After the user terminal receives the plaintext second part, using the terminal key to the data first Point ciphertext is decrypted, and obtains plaintext first part;
The user terminal is using the data partitioning information to obtained plaintext second part and plaintext first part Spliced, recovers the data.
A kind of combined ciphering method of the cipher key separation provided according to embodiments of the present invention, comprising:
Data first part ciphertext, data Part and the data segmentation letter that received server-side user terminal is sent Breath, and encrypted using from the data Part in ciphertext component described in the server end key pair that the KDC is obtained, it obtains To data Part ciphertext;
Server end is by received data first part ciphertext, data partitioning information and obtained data second Point ciphertext is saved.
A kind of combined ciphering system of the cipher key separation provided according to embodiments of the present invention, comprising:
User terminal for data to be divided into data first part and data Part, and is distributed using from key Center KDC obtains terminal key and encrypts to data first part, after obtaining data first part ciphertext, by the data the A part of ciphertext and the data Part are sent to server end;
Server end, for being added using data Part described in the server end key pair obtained from the KDC It is close, obtain data Part ciphertext.
Preferably, the user terminal includes:
Cutting unit, for by data carry out random division, obtain data first part, data Part and Data partitioning information;
Encryption unit is utilized for the user terminal by sending the registration request comprising server information to KDC And the terminal key returned encrypts data first part, obtains data first part ciphertext.
A kind of combined ciphering equipment of the cipher key separation provided according to embodiments of the present invention, the equipment include: processor, And the memory with processor coupling;The cipher key separation that can be run on the processor is stored on the memory Combined ciphering program, when the program of the combined ciphering of the cipher key separation is executed by the processor realize include:
Data are divided into data first part and data Part, and using obtaining from Key Distribution Center KDC Terminal key encrypts data first part, obtains data first part ciphertext;
Data first part ciphertext and the data Part are sent to server end, so as to server end benefit The data Part described in the server end key pair obtained from the KDC is encrypted, and data Part ciphertext is obtained.
A kind of computer storage medium provided according to embodiments of the present invention, is stored with the journey of the combined ciphering of cipher key separation It is realized when the program of sequence, the combined ciphering of the cipher key separation is executed by processor and includes:
Receive data first part ciphertext, data Part and data partitioning information that user terminal is sent, and benefit It is encrypted with from the data Part in ciphertext component described in the server end key pair that the KDC is obtained, obtains data Second part ciphertext;
By received data first part ciphertext, data partitioning information and obtained data Part ciphertext into Row saves.
The scheme provided according to embodiments of the present invention simultaneously participates in number by user terminal and server in data encryption According to encryption, encryption and decryption efficiency can effectively improve.It is close not needing to share by increasing access control policy in ciphertext component Under the premise of key, allows multiple users to access the same encryption data, the storage capacity of server can be mitigated in this way.
Detailed description of the invention
Fig. 1 is a kind of combined ciphering method flow diagram of cipher key separation provided in an embodiment of the present invention;
Fig. 2 is a kind of combined ciphering system schematic of cipher key separation provided in an embodiment of the present invention;
Fig. 3 is the encryption flow illustraton of model of cipher key separation provided in an embodiment of the present invention;
Fig. 4 is the decryption procedural model figure of cipher key separation provided in an embodiment of the present invention;
Fig. 5 is the method flow diagram of cipher key separation provided in an embodiment of the present invention;
Fig. 6 is the data ciphering method flow chart of cipher key separation provided in an embodiment of the present invention;
Fig. 7 is the user key generation method flow chart of cipher key separation provided in an embodiment of the present invention;
Fig. 8 is the access data method flow diagram of cipher key separation provided in an embodiment of the present invention.
Specific embodiment
Below in conjunction with attached drawing to a preferred embodiment of the present invention will be described in detail, it should be understood that described below is excellent Select embodiment only for the purpose of illustrating and explaining the present invention and is not intended to limit the present invention.
Fig. 1 is a kind of combined ciphering method flow diagram of cipher key separation provided in an embodiment of the present invention, as shown in Figure 1, packet It includes:
Step S101: data are divided into data first part and data Part by user terminal, and are utilized from key The terminal key that Distribution Center KDC is obtained encrypts data first part, obtains data first part ciphertext;
Step S102: data first part ciphertext and the data Part are sent to clothes by the user terminal Business device end, so that server end is encrypted using data Part described in the server end key pair obtained from the KDC, Obtain data Part ciphertext.
Wherein, before being encrypted using the terminal key obtained from Key Distribution Center KDC to data first part, Further include: the user terminal receives the KDC according to institute by sending the registration request comprising server information to KDC State the terminal key of registration request return.
Wherein, data are divided into data first part and data Part by the user terminal, and are utilized from key Distribution Center KDC obtains terminal key and encrypts to data first part, and obtaining data first part ciphertext includes: the use Family terminal obtains data first part, data Part and data partitioning information by carrying out random division to data;Institute It states user terminal and data first part is encrypted using the terminal key, obtain data first part ciphertext.
The embodiment of the invention also includes: when checking the data, by being utilized respectively the terminal key and the clothes Wu Duan data key first part's ciphertext and data Part are decrypted, and will be decrypted using the data partitioning information Plaintext afterwards is spliced, and the data are recovered.
Wherein, when the user terminal checks the data, by being utilized respectively the terminal key and the service End data key first part ciphertext and data Part are decrypted, and will be after decryption using the data partitioning information Plaintext spliced, recovering the data includes: that the user terminal receives the server end and utilizes the server-side Plaintext second part obtained by data Part ciphertext described in key pair is decrypted;The user terminal, which receives, to be stated clearly After literary second part, data first part ciphertext is decrypted using the terminal key, obtains plaintext first part; The user terminal splices obtained plaintext second part and plaintext first part using the data partitioning information, Recover the data.
A kind of combined ciphering method of the cipher key separation provided according to embodiments of the present invention, comprising:
Data first part ciphertext, data Part and the data segmentation letter that received server-side user terminal is sent Breath, and encrypted using from the data Part in ciphertext component described in the server end key pair that the KDC is obtained, it obtains To data Part ciphertext;
Server end is by received data first part ciphertext, data partitioning information and obtained data second Point ciphertext is saved.
Fig. 2 is a kind of combined ciphering system schematic of cipher key separation provided in an embodiment of the present invention, as shown in Fig. 2, packet It includes: user terminal 201, for data to be divided into data first part and data Part, and using from key distribution Heart KDC obtains terminal key and encrypts to data first part, after obtaining data first part ciphertext, by data first part Ciphertext and the data Part are sent to server end;Server end 202, for utilizing the service obtained from the KDC Data Part described in the key pair of device end is encrypted, and data Part ciphertext is obtained.
Wherein, the user terminal 201 includes: cutting unit, for obtaining data by carrying out random division to data First part, data Part and data partitioning information;Encryption unit is utilized for the user terminal by KDC The terminal key for sending the registration request comprising server information and returning encrypts data first part, obtains data First part's ciphertext.
A kind of combined ciphering equipment of the cipher key separation provided according to embodiments of the present invention, the equipment include: processor, And the memory with processor coupling;The cipher key separation that can be run on the processor is stored on the memory Combined ciphering program, when the program of the combined ciphering of the cipher key separation is executed by the processor realize include:
Data are divided into data first part and data Part, and using obtaining from Key Distribution Center KDC Terminal key encrypts data first part, obtains data first part ciphertext;
Data first part ciphertext and the data Part are sent to server end, so as to server end benefit The data Part described in the server end key pair obtained from the KDC is encrypted, and data Part ciphertext is obtained.
A kind of computer storage medium provided according to embodiments of the present invention, is stored with the journey of the combined ciphering of cipher key separation It is realized when the program of sequence, the combined ciphering of the cipher key separation is executed by processor and includes:
Receive data first part ciphertext, data Part and data partitioning information that user terminal is sent, and benefit It is encrypted with from the data Part in ciphertext component described in the server end key pair that the KDC is obtained, obtains data Second part ciphertext;
By received data first part ciphertext, data partitioning information and obtained data Part ciphertext into Row saves.
Fig. 3 is the encryption flow illustraton of model of cipher key separation provided in an embodiment of the present invention, as shown in Figure 3, comprising: (1) uses Family endpoint to register KDC simultaneously requests key;(2) KDC distributes key;(3) the encrypted ciphertext component in part is uploaded;(4) server Request key;(5) KDC distributes key.
Fig. 4 is the decryption procedural model figure of cipher key separation provided in an embodiment of the present invention, as shown in Figure 3, comprising: (1) uses Family terminal (the ciphertext owner) requests ciphertext access;(2) the ciphertext component after the decryption of server returning part;(3) authorization terminal User requests key;(4) KDC distributes key;(5) end authorized user (ciphertext visitor) request ciphertext access;(6) server Send ciphertext access strategy;(7) KDC returns to ciphertext owner key and generates median;(8) server returns to clear data to eventually Hold authorized user.
System proposed by the present invention includes component: user terminal, authorization terminal, server end and KDC.Wherein, user Terminal includes encryption/decryption module, access strategy generation module;Authorization terminal, user terminal is not involved in encryption and access strategy generates When process, when being only involved in decrypting process, then referred to as authorization terminal;Server end includes encryption/decryption module, access strategy management Module;KDC includes key management module and access strategy management module.
Fig. 5 is the method flow diagram of cipher key separation provided in an embodiment of the present invention, as shown in Figure 5, comprising:
S1: system initialization, user terminal generates ciphertext access strategy, and sends ciphertext access strategy and application to KDC Key;
S2:KDC firstly generates user terminal key, and is sent to user terminal, is then sent using user terminal close Literary access strategy generates user key and generates median, and KDC only saves user key and generates median
S3: user terminal splits clear data, carries out encryption generation in plain text using the key pair part of KDC distribution Ciphertext, then data partitioning information, access strategy, cipher text part and clear portion are sent jointly to server end by user, User needs to save key
S4: server end receives the ciphertext component of user's transmission, then to KDC application key
S5:KDC receives the key application of server end request, then generates key to server end and is sent to server End
S6: server end receives the key of KDC distribution, encrypts to the clear portion in ciphertext component, then packet In ciphertext component storage to server end containing data partitioning information, ciphertext and access strategy, in addition server end needs to protect Deposit its key.
S7: when user terminal sends decoding request, server end first determines whether the user is the ciphertext owner, if It is then to walk S8, if access user is not the ciphertext owner, walk S9-S11
S8: server end decrypts the cipher text part of its encryption using the key that it possesses, and then ciphertext component is sent to The part of user terminal, its encryption of the key pair that then user terminal is possessed using it is decrypted, and then divides according to data Information merges recovery to data.
S9: authorized user is first to KDC application key, and when authorized user sends decoding request, server end is true first Recognize the access strategy whether authorized user meets ciphertext, if not satisfied, then rejection accesses, if meeting the access strategy of ciphertext, Its key is sent to server end by authorized user
S10: server end receives the key of authorized user, then authorized user's key and ciphertext access strategy is sent to KDC, KDC find the corresponding ciphertext owner key of the authorized user according to ciphertext access strategy and generate median, then this Value is sent to server end
S11: server end receives the median, then key, authorized user's key and the ciphertext possessed using it is all Person's key generates middleware and decrypts ciphertext, is then merged according to data partitioning information and restores clear data, is then sent to authorization User
Fig. 6 is the data ciphering method flow chart of cipher key separation provided in an embodiment of the present invention, as shown in fig. 6, encrypting When, user terminal (being not limited to mobile phone) and the not high server end (being not limited to set-top box) of performance are involved in encryption, by a KDC Carry out key distribution.KDC sends a key to user terminal and server end respectively, and user terminal is split data, Then it is encrypted using the key that it possesses, ciphertext and clear portion is then issued server end, server end makes again The key pair clear portion possessed with it is encrypted, and is then stored, and when decryption, which needs two sides to simultaneously participate in, can just be decrypted correctly. Encryption and decryption is participated in by two sides in this way, not only increases efficiency, and also preventing key from will lead to by side storage, system occur weak safely Point, improves safety.In addition, when carrying out data encryption, access control policy, access control can be arranged to data in user Mechanism transfers to server end and KDC to manage, and the access control policy set by it, key are submitted when user is to KDC application key Distribution module generates corresponding key according to the access strategy and generates median, when authorized user needs to access encryption file, Server end carries out ciphertext solution to the key that the corresponding key of KDC application generates median and authorized user according to access strategy It is close, and clear data is sent to authorized user, ensure that server end only stores a ciphertext in this way.
It is described in detail below with reference to technology contents of the Fig. 6 to Fig. 8 to the embodiment of the present invention: application scenarios: network Set-top box photo (file) is shared safely
Key generates, as shown in Figure 7:
System initialization first, user terminal (including set-top box, mobile phone etc.) are registered to Key Distribution Center KDC, And request key.
Encryption, as shown in Figure 6:
User A prepares using encryption storage is carried out in mobile phone upload pictures to set-top box, and user obtains key Ka from KDC, And chartered user's (including set-top box) list on the set-top box is obtained from Key Distribution Center, user A is arranged according to user Table formulates the access strategy (user in access strategy could access the photo of user A encryption, referred to as authorized user) of photo, Then access strategy is sent to KDC by user A, is allowed it to generate a Ka for each user in access strategy and is generated median, It is saved by KDC.Then it is respectively PT1 and PT2 that user, which generates 2 parts to picture file random division, and retains segmentation information, benefit Encryption is carried out to a portion clear data PT1 with Ka and Encryption Algorithm (being not limited to AES, DES etc.) and generates ciphertext CT1, so User A is ciphertext component (including ciphertext CT1, plaintext PT2, segmentation and encryption information, Encryption Algorithm, access strategy, user A afterwards Mark) it is sent to set-top box.The ciphertext component that set-top box receives user A transmission adds plaintext PT2 according to segmentation information It is dense at ciphertext CT2, the ciphertext component of the photo of final set top box side storage user A include ciphertext CT1, ciphertext CT2, segmentation and Encryption information, Encryption Algorithm, access strategy, user A mark.
Data are accessed, as shown in Figure 8:
1, user A checks the encryption photo CT stored on set-top box on the mobile phone of oneself:
User A to set-top box send photo access request, set-top box first determine whether user A identity tag whether with ciphertext In the owner mark it is identical, if identical, be proved to be user A, then set-top box first according to segmentation and encryption information solution The part of its close encryption, the ciphertext component after then set-top box decrypts part are sent to user A, and then user A is according to segmentation Two plaintext components are decrypted and spliced to remaining ciphertext with encryption information, finally recover photo and in cell phone client Upper display.
2, the encryption photo CT that user A is stored on the set-top box is checked
If including set-top box in the access strategy in ciphertext component, as long as inputting corresponding key on the set-top box Can check picture, process is as follows: set-top box decrypts the cipher text part of its encryption first, then its key and access strategy hair KDC is given, KDC generates the key of user A according to the key of access strategy and set-top box, is then sent to set-top box, set-top box Remaining ciphertext component is decrypted using the key of user A, the final photo for obtaining user A upload is simultaneously shown on the set-top box.
3, user B checks the encryption photo CT that user A is stored on the set-top box
User B sends the encryption photo CT that access user A is removed in request to set-top box, and whether set-top box first determines whether user B In access strategy in CT, if it was not then the access of set-top box refusal user B, if user B in access strategy, is used Key is sent to set-top box by family B, and the key and access strategy of user B are sent to KDC simultaneously by set-top box, then KDC according to The key that median generates user A is sent to set-top box, the key of key, user A that set-top box is possessed using it and segmentation Plaintext photo is acquired with encryption information decryption, and is sent to user B, end user B can check photo at the terminal.
In decrypting 2,3 situations, the key of the user A generated on set-top box be all it is interim, without storage, when being to award When power user will access the encryption photo of user A, it is to guarantee user A that selection, which allows set-top box to undertake task of decryption completely, Key is not shared with authorized user, preferably guarantees the privacy of user A, and in the case where decrypting 1, selection by set-top box with User A simultaneously participates in decryption, is to mitigate both sides' burden to improve decryption efficiency in the case where guaranteeing safety.
The scheme provided according to embodiments of the present invention is added by cipher key separation user terminal and server end collaboration It is close, and use the mode of ciphertext component and access strategy, it is ensured that a ciphertext is realized in the case where not shared key and is given Different user accesses, and under the premise of guaranteeing safety, reduces the storage overhead of set-top box and the calculating of both sides Burden.
Although describing the invention in detail above, but the invention is not restricted to this, those skilled in the art of the present technique It can be carry out various modifications with principle according to the present invention.Therefore, all to be modified according to made by the principle of the invention, all it should be understood as Fall into protection scope of the present invention.

Claims (10)

1. a kind of combined ciphering method of cipher key separation, comprising:
Data are divided into data first part and data Part by user terminal, and are utilized and obtained from Key Distribution Center KDC The terminal key taken encrypts data first part, obtains data first part ciphertext;
Data first part ciphertext and the data Part are sent to server end by the user terminal, with housecoat Business device end is encrypted using data Part described in the server end key pair obtained from the KDC, obtains data second Part ciphertext.
2. according to the method described in claim 1, using the terminal key that is obtained from Key Distribution Center KDC to data first Before part is encrypted, further includes:
The user terminal receives the KDC according to the note by sending the registration request comprising server information to KDC The terminal key that volume request returns.
3. according to the method described in claim 2, data are divided into data first part and data second by the user terminal Part, and data first part is encrypted using terminal key is obtained from Key Distribution Center KDC, obtain data first Point ciphertext includes:
The user terminal obtains data first part, data Part and data by carrying out random division to data Segmentation information;
The user terminal encrypts data first part using the terminal key, obtains data first part ciphertext.
4. according to the method described in claim 3, further include:
It is close by being utilized respectively the terminal key and server-side data key first part when checking the data Text and data Part are decrypted, and are spliced the plaintext after decryption using the data partitioning information, recover The data.
5. according to the method described in claim 4, when the user terminal checks the data, by being utilized respectively the end End key and server-side data key first part's ciphertext and data Part are decrypted, and utilize the data Segmentation information splices the plaintext after decryption, recovers the data and includes:
The user terminal is received the server end and is carried out using data Part ciphertext described in the server-side key pair Plaintext second part obtained by decrypting;
It is close to the data first part using the terminal key after the user terminal receives the plaintext second part Text is decrypted, and obtains plaintext first part;
The user terminal carries out obtained plaintext second part and plaintext first part using the data partitioning information Splicing, recovers the data.
6. a kind of combined ciphering method of cipher key separation, comprising:
Data first part ciphertext, data Part and the data partitioning information that received server-side user terminal is sent, And encrypted using from the data Part in ciphertext component described in the server end key pair that the KDC is obtained, it obtains Data Part ciphertext;
Server end is close by received data first part ciphertext, data partitioning information and obtained data Part Text is saved.
7. a kind of combined ciphering system of cipher key separation, comprising:
User terminal for data to be divided into data first part and data Part, and is utilized from Key Distribution Center KDC obtains terminal key and encrypts to data first part, after obtaining data first part ciphertext, by the data first Point ciphertext and the data Part are sent to server end;
Server end is obtained for being encrypted using data Part described in the server end key pair obtained from the KDC To data Part ciphertext.
8. system according to claim 7, the user terminal include:
Cutting unit, for obtaining data first part, data Part and data by carrying out random division to data Segmentation information;
Encryption unit returns and utilizing for the user terminal and include the registration request of server information by sending to KDC The terminal key returned encrypts data first part, obtains data first part ciphertext.
9. a kind of combined ciphering equipment of cipher key separation, the equipment include: processor, and are deposited with what the processor coupled Reservoir;The program of the combined ciphering for the cipher key separation that can be run on the processor is stored on the memory, it is described close The program of the combined ciphering of key separation is realized when being executed by the processor
Data are divided into data first part and data Part, and utilize the terminal obtained from Key Distribution Center KDC Data key first part is encrypted, and data first part ciphertext is obtained;
Data first part ciphertext and the data Part are sent to server end, so as to server end utilize from Data Part described in the server end key pair that the KDC is obtained is encrypted, and data Part ciphertext is obtained.
10. a kind of computer storage medium, is stored with the program of the combined ciphering of cipher key separation, the combination of the cipher key separation adds It is realized when close program is executed by processor and includes:
Receive user terminal send data first part ciphertext, data Part and data partitioning information, and using from Data Part in ciphertext component described in the server end key pair that the KDC is obtained is encrypted, and data second are obtained Part ciphertext;
Received data first part ciphertext, data partitioning information and obtained data Part ciphertext are protected It deposits.
CN201710848067.4A 2017-09-19 2017-09-19 Combined encryption method and system with separated keys Active CN109525388B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710848067.4A CN109525388B (en) 2017-09-19 2017-09-19 Combined encryption method and system with separated keys

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710848067.4A CN109525388B (en) 2017-09-19 2017-09-19 Combined encryption method and system with separated keys

Publications (2)

Publication Number Publication Date
CN109525388A true CN109525388A (en) 2019-03-26
CN109525388B CN109525388B (en) 2022-07-15

Family

ID=65769397

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710848067.4A Active CN109525388B (en) 2017-09-19 2017-09-19 Combined encryption method and system with separated keys

Country Status (1)

Country Link
CN (1) CN109525388B (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109977919A (en) * 2019-04-10 2019-07-05 厦门一通灵信息科技有限公司 Data processing method, medium, equipment and device based on recognition of face
CN112187757A (en) * 2020-09-21 2021-01-05 上海同态信息科技有限责任公司 Multilink privacy data circulation system and method
CN112866288A (en) * 2021-03-01 2021-05-28 上海海事大学 Data symmetric encryption method for double-plaintext transmission
CN114285609A (en) * 2021-12-10 2022-04-05 中国联合网络通信集团有限公司 Encryption method, device, equipment and storage medium
CN116599768A (en) * 2023-07-13 2023-08-15 北京奇立软件技术有限公司 Data encryption method for private data

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101471942A (en) * 2007-12-26 2009-07-01 冲电气工业株式会社 Encryption device and medium, decryption device and method, data delivery device, data receiving device, and data delivery system
CN102611711A (en) * 2012-04-09 2012-07-25 中山爱科数字科技股份有限公司 Cloud data safe storing method
CN102664928A (en) * 2012-04-01 2012-09-12 南京邮电大学 Data secure access method used for cloud storage and user terminal system
EP2165284A4 (en) * 2007-05-25 2012-12-19 Splitstreem Oy Method and apparatus for securing data in memory device
CN103595793A (en) * 2013-11-13 2014-02-19 华中科技大学 Cloud data safe deleting system and method without support of trusted third party
CN103685162A (en) * 2012-09-05 2014-03-26 中国移动通信集团公司 File storing and sharing method
CN104182697A (en) * 2014-08-15 2014-12-03 小米科技有限责任公司 File encryption method and device
CN104901942A (en) * 2015-03-10 2015-09-09 重庆邮电大学 Distributed access control method for attribute-based encryption
CN106713508A (en) * 2017-02-24 2017-05-24 重庆第二师范学院 Data access method and system based on cloud server

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2165284A4 (en) * 2007-05-25 2012-12-19 Splitstreem Oy Method and apparatus for securing data in memory device
CN101471942A (en) * 2007-12-26 2009-07-01 冲电气工业株式会社 Encryption device and medium, decryption device and method, data delivery device, data receiving device, and data delivery system
CN102664928A (en) * 2012-04-01 2012-09-12 南京邮电大学 Data secure access method used for cloud storage and user terminal system
CN102611711A (en) * 2012-04-09 2012-07-25 中山爱科数字科技股份有限公司 Cloud data safe storing method
CN103685162A (en) * 2012-09-05 2014-03-26 中国移动通信集团公司 File storing and sharing method
CN103595793A (en) * 2013-11-13 2014-02-19 华中科技大学 Cloud data safe deleting system and method without support of trusted third party
CN104182697A (en) * 2014-08-15 2014-12-03 小米科技有限责任公司 File encryption method and device
CN104901942A (en) * 2015-03-10 2015-09-09 重庆邮电大学 Distributed access control method for attribute-based encryption
CN106713508A (en) * 2017-02-24 2017-05-24 重庆第二师范学院 Data access method and system based on cloud server

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109977919A (en) * 2019-04-10 2019-07-05 厦门一通灵信息科技有限公司 Data processing method, medium, equipment and device based on recognition of face
CN109977919B (en) * 2019-04-10 2022-03-04 厦门一通灵信息科技有限公司 Data processing method, medium, equipment and device based on face recognition
CN112187757A (en) * 2020-09-21 2021-01-05 上海同态信息科技有限责任公司 Multilink privacy data circulation system and method
CN112866288A (en) * 2021-03-01 2021-05-28 上海海事大学 Data symmetric encryption method for double-plaintext transmission
CN114285609A (en) * 2021-12-10 2022-04-05 中国联合网络通信集团有限公司 Encryption method, device, equipment and storage medium
CN114285609B (en) * 2021-12-10 2024-02-13 中国联合网络通信集团有限公司 Encryption method, device, equipment and storage medium
CN116599768A (en) * 2023-07-13 2023-08-15 北京奇立软件技术有限公司 Data encryption method for private data
CN116599768B (en) * 2023-07-13 2023-09-26 北京奇立软件技术有限公司 Data encryption method for private data

Also Published As

Publication number Publication date
CN109525388B (en) 2022-07-15

Similar Documents

Publication Publication Date Title
CN103327002B (en) Based on the cloud memory access control system of attribute
CN109525388A (en) A kind of combined ciphering method and system of cipher key separation
Moffat et al. A survey on ciphertext-policy attribute-based encryption (CP-ABE) approaches to data security on mobile devices and its application to IoT
CN103763319B (en) Method for safely sharing mobile cloud storage light-level data
CN110474893A (en) A kind of isomery is across the close state data safety sharing method of trust domain and system
US20180144341A1 (en) Encryption system, encryption key wallet and method
CN103179114A (en) Fine-grained access control method for data in cloud storage
Samanthula et al. An efficient and secure data sharing framework using homomorphic encryption in the cloud
CN111448779A (en) System, device and method for hybrid secret sharing
CN106612271A (en) Encryption and access control method for cloud storage
KR20180101870A (en) Method and system for data sharing using attribute-based encryption in cloud computing
CN103152322A (en) Method of data encryption protection and system thereof
Sethia et al. CP-ABE for selective access with scalable revocation: A case study for mobile-based healthfolder.
Almuzaini et al. Key aggregation cryptosystem and double encryption method for cloud-based intelligent machine learning techniques-based health monitoring systems
Tong et al. Towards auditable cloud-assisted access of encrypted health data
CN107959725A (en) The Publish-subscribe class service agreement of consideration privacy of user based on elliptic curve
KR101760376B1 (en) Terminal and method for providing secure messenger service
Somorovsky et al. SeC2: Secure Mobile Solution for Distributed Public Cloud Storages.
CN110474873A (en) It is a kind of based on know range encryption electronic document access control method and system
Agrawal et al. Access control framework using dynamic attributes encryption for mobile cloud environment
EP2680486A1 (en) Key management
CN109639417A (en) The more authorization encryption methods of high security
Sans et al. A decentralized mnemonic backup system for non-custodial cryptocurrency wallets
CN212115339U (en) Movable key supplement device and system based on quantum key
CN112671729B (en) Internet of vehicles oriented anonymous key leakage resistant authentication method, system and medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant