CN110995685B - Data encryption and decryption method, device, system and storage medium - Google Patents
Data encryption and decryption method, device, system and storage medium Download PDFInfo
- Publication number
- CN110995685B CN110995685B CN201911174966.6A CN201911174966A CN110995685B CN 110995685 B CN110995685 B CN 110995685B CN 201911174966 A CN201911174966 A CN 201911174966A CN 110995685 B CN110995685 B CN 110995685B
- Authority
- CN
- China
- Prior art keywords
- key
- signature
- data
- decryption
- ciphertext
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 100
- 238000012795 verification Methods 0.000 claims description 55
- 238000004422 calculation algorithm Methods 0.000 claims description 21
- 238000004590 computer program Methods 0.000 claims description 17
- 238000004364 calculation method Methods 0.000 claims description 8
- 238000009434 installation Methods 0.000 claims description 7
- 239000004973 liquid crystal related substance Substances 0.000 claims 1
- 238000012545 processing Methods 0.000 abstract description 9
- 238000010586 diagram Methods 0.000 description 18
- 230000005540 biological transmission Effects 0.000 description 17
- 230000008569 process Effects 0.000 description 14
- 238000011161 development Methods 0.000 description 8
- 238000004891 communication Methods 0.000 description 6
- 230000006870 function Effects 0.000 description 3
- 230000008901 benefit Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 238000007792 addition Methods 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000001010 compromised effect Effects 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0822—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Abstract
The application provides a data encryption and decryption method, device, system and storage medium, and relates to the technical field of data processing. The data encryption method comprises the following steps: generating and transmitting a temporary key to a decryption device; receiving a first key ciphertext sent by the decryption device, wherein the first key ciphertext is a ciphertext obtained by the decryption device encrypting a first key by using a temporary key; decrypting the first key ciphertext by using the temporary key to obtain a first key, encrypting the second key, the data to be encrypted and the first signature by using the first key to obtain a target ciphertext, wherein the first signature is a signature of the second key and the data to be encrypted, which are obtained according to a third key and subjected to obfuscation operation; acquiring a fourth key, and acquiring a second signature of the target ciphertext according to the fourth key; and generating an encrypted file comprising the target ciphertext and the second signature. By the aid of the technical scheme, safety of data protection can be improved.
Description
Technical Field
The invention belongs to the technical field of data processing, and particularly relates to a data encryption and decryption method, device and system.
Background
With the development of network technology, the information transmission is facilitated by using the network to transmit data. During data transmission, data may be leaked or tampered. Sensitive data exists in the transmitted data, and the sensitive data is not expected to be leaked or tampered. Therefore, transmission of data including sensitive data has a high requirement for transmission security.
At present, the encryption device encrypts data, i.e., plaintext, and transmits the encrypted data, i.e., ciphertext, to the decryption device, and the decryption device decrypts the ciphertext to obtain the plaintext. The ciphertext may be tampered during the transmission process of the ciphertext, and the security of data protection is still low.
Disclosure of Invention
The application provides a data encryption and decryption method, device, system and storage medium, which can improve the security of data protection.
In a first aspect, an embodiment of the present application provides a data encryption method, which is applied to an encryption device, and the method includes: generating and transmitting a temporary key to a decryption device; receiving a first key ciphertext sent by the decryption device, wherein the first key ciphertext is a ciphertext obtained by the decryption device encrypting the first key by using the temporary key; decrypting the first key ciphertext by using the temporary key to obtain a first key, encrypting the second key, the data to be encrypted and the first signature by using the first key to obtain a target ciphertext, wherein the first signature is a signature for obtaining first obfuscating operation result data according to a third key, and the first obfuscating operation result data is data obtained by performing obfuscating operation on the second key and the data to be encrypted; acquiring a fourth key, and acquiring a second signature of the target ciphertext according to the fourth key; and generating an encrypted file comprising the target ciphertext and the second signature.
In a second aspect, an embodiment of the present application provides a method for decrypting data, which is applied to a decryption apparatus, and the method includes: generating a first key and a sixth key which are paired, receiving a temporary key sent by an encryption device, encrypting the first key by using the temporary key to obtain a first key ciphertext and sending the first key ciphertext to the encryption device; receiving an encrypted file which is sent by the encryption device and comprises a target ciphertext and a second signature, wherein the second signature is a signature of the target ciphertext obtained by the encryption device according to a fourth key; decrypting the target ciphertext by using the sixth key to obtain a second key, data to be encrypted and a first signature; verifying the target ciphertext and the second signature by using a seventh secret key paired with the fourth secret key; and performing the same obfuscation operation as that in the encryption device on the decrypted second key and the data to be encrypted to obtain second obfuscation operation result data, and verifying the second obfuscation operation result data and the first signature by using an eighth key paired with the third key, wherein the first signature is a signature of the first obfuscation operation result data obtained by the encryption device according to the third key.
In a third aspect, an embodiment of the present application provides an encryption apparatus, including: the key management module is used for generating a temporary key and acquiring a fourth key; a sending module, configured to send the temporary key to the decryption apparatus; the receiving module is used for receiving a first key ciphertext sent by the decryption device, wherein the first key ciphertext is a ciphertext obtained by the decryption device encrypting the first key by using the temporary key; the encryption and decryption module is used for decrypting the first key ciphertext by using the temporary key to obtain a first key, encrypting the second key, the data to be encrypted and the first signature by using the first key to obtain a target ciphertext, wherein the first signature is a signature of first obfuscating operation result data obtained according to the third key, and the first obfuscating operation result data is data obtained after obfuscating operation is performed on the second key and the data to be encrypted; the signature module is used for obtaining a second signature of the target ciphertext according to the fourth key; and the encrypted file generating module is used for generating an encrypted file comprising the target ciphertext and the second signature.
In a fourth aspect, an embodiment of the present application provides an apparatus for decrypting data, including: the key management module is used for generating a first key and a sixth key which are paired; the receiving module is used for receiving the temporary secret key sent by the encryption device and receiving an encrypted file which is sent by the encryption device and comprises a target ciphertext and a second signature, and the second signature is a signature of the target ciphertext obtained by the encryption device according to a fourth secret key; the encryption and decryption module is used for encrypting the first key by using the temporary key to obtain a first key ciphertext and decrypting the target ciphertext by using the sixth key to obtain a second key, data to be encrypted and a first signature; the sending module is used for sending the first key ciphertext to the encryption device; and the signature verification module is used for verifying the target ciphertext and the second signature by using a seventh key paired with the fourth key, performing the same obfuscation operation as that in the encryption device on the decrypted second key and the data to be encrypted to obtain second obfuscation operation result data, and verifying the second obfuscation operation result data and the first signature by using an eighth key paired with the third key, wherein the first signature is the signature of the first obfuscation operation result data obtained by the encryption device according to the third key.
In a fifth aspect, an embodiment of the present application provides a data encryption and decryption system, including the encryption apparatus in the technical solution of the third aspect and the decryption apparatus in the technical solution of the fourth aspect.
In a sixth aspect, an embodiment of the present application provides an encryption apparatus, which includes a processor, a memory, and a computer program that is stored on the memory and is executable on the processor, and when the computer program is executed by the processor, the encryption apparatus implements the data encryption method in the technical solution of the first aspect.
In a seventh aspect, an embodiment of the present application provides an encryption apparatus, including a processor, a memory, and a computer program stored on the memory and capable of running on the processor, where the computer program, when executed by the processor, implements the method for decrypting data in the technical solution of the second aspect.
In an eighth aspect, an embodiment of the present application provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements a method for encrypting data in the technical solution of the first aspect or a method for decrypting data in the technical solution of the second aspect.
An encryption device generates and transmits a temporary key to a decryption device so that the decryption device encrypts a first key with the temporary key. The encryption device decrypts the received first key ciphertext with the temporary key to obtain a first key for encrypting the second key, the data to be encrypted, and the first signature. The data to be encrypted and the key required by encryption are processed through multiple layers of protection such as confusion, signature, encryption and re-signature, encryption of the key used for encryption in the transmission process and the like. The encrypted file received by the decryption device comprises a target ciphertext and a second signature, the target ciphertext is decrypted by using a sixth key paired with the first key, and the first key used for obtaining the target ciphertext through encryption is encrypted in the transmission process, so that the risk coefficient of data protection is reduced, and the safety of data protection is improved.
Drawings
The present invention will be better understood from the following description of specific embodiments thereof taken in conjunction with the accompanying drawings, in which like or similar reference characters designate like or similar features.
Fig. 1 is a schematic view of a scenario in which a data encryption and decryption method according to an embodiment of the present application is applied;
fig. 2 is a flowchart of a method for encrypting data according to an embodiment of the present application;
fig. 3 is a schematic diagram of an encrypted file structure visible to a user according to an embodiment of the present application;
fig. 4 is a schematic diagram of a plaintext structure corresponding to the encrypted file structure shown in fig. 3 according to an embodiment of the present application;
fig. 5 is a schematic diagram of an encrypted file generation form according to an embodiment of the present application;
FIG. 6 is a flowchart of a method for encrypting data according to another embodiment of the present invention;
FIG. 7 is a flowchart of a method for decrypting data according to an embodiment of the present application;
FIG. 8 is a flowchart of a method for decrypting data according to another embodiment of the present application;
fig. 9 is a flowchart of a data encryption and decryption method according to an embodiment of the present application;
fig. 10 is a schematic structural diagram of an encryption apparatus according to an embodiment of the present application;
fig. 11 is a schematic structural diagram of an encryption apparatus according to another embodiment of the present application;
fig. 12 is a schematic structural diagram of a decryption apparatus according to an embodiment of the present application;
fig. 13 is a schematic structural diagram of a decryption apparatus according to an embodiment of the present application;
FIG. 14 is a schematic diagram of a security component according to an embodiment of the present application;
fig. 15 is a schematic structural diagram of an encryption apparatus according to an embodiment of the present application.
Detailed Description
Features and exemplary embodiments of various aspects of the present invention will be described in detail below. In the following detailed description, numerous specific details are set forth in order to provide a thorough understanding of the present invention. It will be apparent, however, to one skilled in the art that the present invention may be practiced without some of these specific details. The following description of the embodiments is merely intended to provide a better understanding of the present invention by illustrating examples of the present invention. The present invention is in no way limited to any specific configuration and algorithm set forth below, but rather covers any modification, replacement or improvement of elements, components or algorithms without departing from the spirit of the invention. In the drawings and the following description, well-known structures and techniques are not shown in order to avoid unnecessarily obscuring the present invention.
The application provides a data encryption and decryption method, device, system and storage medium, which can be applied to data encryption so as to facilitate secure transmission. Fig. 1 is a schematic view of a scenario in which a data encryption and decryption method according to an embodiment of the present application is applied. As shown in fig. 1, the encryption and decryption method of data in the present application can be applied to an encryption device 10 and a decryption device 20. The encryption device 10 is used for executing an encryption method of data in the embodiment of the present application. The decryption apparatus 20 is used for executing the decryption method of the data in the embodiment of the present application.
In this application, the encryption device may transmit a temporary key for encrypting the first key to the decryption device, so that the decryption device may encrypt the first key using the temporary key. The encryption device decrypts the received encrypted first key to obtain the first key. The encryption device performs four-layer protection processing of confusion, signature, encryption and re-signature on data to be encrypted, namely plaintext. The encryption protection processing needs to utilize the first secret key, and the first secret key is encrypted and transmitted between the encryption device and the decryption device, so that the possibility of leakage of the first secret key is reduced. Moreover, the four layers of protection processing are combined, so that the data is difficult to be tampered in the transmission process, or if the data is tampered, the decryption device can timely and accurately find the problem that the data is tampered in the decryption process, namely the verification process, so that the safety of the data is improved.
Fig. 2 is a flowchart of a data encryption method according to an embodiment of the present application. The encryption method of the data is applicable to an encryption device. As shown in fig. 2, the encryption method of the data may include steps S301 to S305.
In step S301, a temporary key is generated and transmitted to the decryption apparatus.
Wherein the encryption device may send the temporary key to the decryption device in an online or offline manner. The temporary key may be a temporary key randomly generated by the encryption device or an input temporary key received by the encryption device. In some examples, the temporary key is a public key or a symmetric key, which is not limited herein.
In step S302, the first key ciphertext transmitted by the decryption apparatus is received.
The first key ciphertext is a ciphertext obtained by encrypting the first key by the decryption apparatus using the temporary key.
In step S303, the temporary key is used to decrypt the first key ciphertext to obtain the first key, and the first key is used to encrypt the second key, the data to be encrypted, and the first signature to obtain the target ciphertext.
The temporary key is used for the decryption device to encrypt the first key. The temporary key may also be used by the encryption device to decrypt the first key ciphertext. The life cycle of the temporary key can be set according to specific working scenes and working requirements. For example, after the encryption device decrypts the first key ciphertext using the temporary key, the lifetime of the temporary key ends. The lifetime of the temporary key is used to characterize the period of time for which the temporary key is valid.
The data to be encrypted may be data that is not expected to be revealed and tampered with, for example, the data to be encrypted may be sensitive data. The kind, number, and size of data to be encrypted are not limited herein.
The first signature is a signature of the first obfuscated operation result data obtained according to the third key. The first obfuscation operation result data is data obtained by obfuscating the second secret key and the data to be encrypted. Specifically, the obfuscating operation may be performed on the second key and the data to be encrypted to obtain first obfuscated operation result data. And signing the first confusion operation result data according to the third key to obtain a first signature. And encrypting the second key, the data to be encrypted and the first signature by using the first key to obtain a target ciphertext.
In some examples, the second key is a public key. The second key may be a randomly generated key or a key of an input received by the encryption device.
In step S304, a fourth key is obtained, and a second signature of the target ciphertext is obtained according to the fourth key.
The second signature is a signature for the target ciphertext. In particular, in some examples, the second key is a public key and the third key and/or the fourth key is a private key corresponding to the second key. That is, the second key and the third key may be a pair of public and private keys. The fourth key and the second key may be a pair of public and private keys. Further, the third key may be the same as the fourth key.
In step S305, an encrypted file including the target ciphertext and the second signature is generated.
And generating an encrypted file by using the target ciphertext and the second signature, wherein the encrypted file comprises the target ciphertext and the second signature. It should be noted that the encrypted file may also include public data that is not obfuscated, signed, or encrypted, and is not limited herein.
For example, fig. 3 is a schematic diagram of an encrypted file structure visible to a user according to an embodiment of the present application. As shown in fig. 3, after the encrypted file is opened, the user can see the publicable data such as the publicable contents description information, the target ciphertext and the second signature without decryption processing. Fig. 4 is a schematic diagram of a plaintext structure corresponding to the encrypted file structure shown in fig. 3 according to an embodiment of the present application. As shown in fig. 4, assuming that the data to be encrypted includes sensitive data 1, sensitive data 2, and sensitive data 3, the plaintext structure corresponding to the encrypted file structure specifically includes the public data such as public content description information and the like, the second key, the sensitive data 1, the sensitive data 2, the sensitive data 3, the first signature, and the second signature.
The four-layer protection process of obfuscation, signing, encryption and re-signing in the above embodiments is illustrated more intuitively for convenience. Fig. 5 is a schematic diagram of an encrypted file generation form according to an embodiment of the present application. As shown in fig. 5, performing an obfuscation operation on the second key and the data to be encrypted; signing the obfuscated second secret key and the data to be encrypted to obtain a signature 1; encrypting the second key, the data to be encrypted and the signature 1, and signing the encrypted second key, the data to be encrypted and the signature 1 to obtain a signature 2; and finally obtaining the encrypted file.
In the embodiment of the present application, the encryption apparatus generates and transmits the temporary key to the decryption apparatus to cause the decryption apparatus to encrypt the first key with the temporary key. The encryption device decrypts the received first key ciphertext using the temporary key to obtain a first key used to encrypt the second key, the data to be encrypted, and the first signature. Through the multilayer protection of confusion, signature, encryption and re-signature, encryption of a key used for encryption in the transmission process and the like, the data to be encrypted and the key required for encryption are processed, the risk coefficient of data protection is reduced, and the safety of data protection is improved.
For example, if the target ciphertext is replaced, decryption failure or obtaining of error data may occur in a subsequent decryption process, and the verification of the second signature may not be successful under the condition that decryption failure or obtaining of error data occurs. Similarly, if the second signature is replaced, the verification of the second signature will not be successful. If the data to be encrypted is tampered due to the fact that the secret key is leaked in the process of transmitting the encrypted file, the first signature is obtained by signing the first secret key and the data to be encrypted after being confused, and the obfuscating algorithm is not disclosed to the outside, therefore, in the subsequent decryption process, verification of the tampered data to be encrypted and the first signature cannot be successful, and safety of the data is improved.
In some examples, one or more of the temporary key, the second key, the third key, and the fourth key may be generated by an encryption device. For example, the data encryption method may further include a step of generating a third key and a fourth key, which is not limited herein. Further, the third key, the fourth key and the second key may be a pair of public and private keys, and the third key and the fourth key are the same key, so that the encryption apparatus may generate the second key, the third key and the fourth key together. The first key may be generated by the decryption device. That is to say, the data encryption method in the embodiment of the present application relies on that the decryption device provides very few keys, which may be as few as one key, and the key may be an open public key, so as to reduce the development workload that the decryption device needs to bear, and improve the security of protection for the encryption device, the data to be encrypted, and the decryption device.
Fig. 6 is a flowchart of a data encryption method according to another embodiment of the present invention. Fig. 6 differs from fig. 2 in that step S301 in fig. 2 can be subdivided into steps S3011 to S3013 in fig. 6; the encryption method of data shown in fig. 6 may further include step S306.
In step S3011, the fifth key generated by the decryption apparatus is acquired.
The encryption device may obtain the fifth key from the decryption device in an online or offline manner. In some examples, the fifth key may be a public key or a symmetric key, which is not limited herein.
In step S3012, a temporary key is generated, and the temporary key is encrypted with a fifth key to obtain a second key ciphertext.
The second key ciphertext is the encrypted temporary key.
In step S3013, the second key ciphertext is transmitted to the decryption apparatus.
The encryption apparatus transmits the second key ciphertext to the decryption apparatus. The decryption apparatus may decrypt the second key ciphertext with the self-generated fifth key to obtain the temporary key, thereby encrypting the first key with the temporary key.
In the process of transmitting the temporary key between the encryption device and the decryption device, the temporary key can be encrypted, so that the risk of leakage of the temporary key is reduced, the transmission safety of the temporary key is ensured, and the safety of data protection to be encrypted is further ensured.
In step S306, the security component is generated and transmitted to the decryption apparatus, so that the decryption apparatus can decrypt and verify the encrypted file by using the security component.
The security component comprises a first program for realizing decryption of a target ciphertext, a second program for realizing signature verification and a third program for realizing obfuscation operation. In some examples, the security component may be implemented as a library of functions, etc., without limitation.
Wherein the encryption device is capable of writing the first program, the second program, and the third program into the secure component. In particular, the first program, the second program, and the third program may be compiled into the secure component by way of source code and/or variables.
In some examples, where the first key is a symmetric key, the security component may include the first key, i.e., the first key is compiled into the security component by way of source code and/or variables. The first key may not be compiled into the security component.
In some examples, the security component may further include a fourth program for determining whether the decryption device has the license right. The encryption device may write the fourth program to the security component. In particular, the fourth program may be compiled into the secure component by means of source code and/or variables.
The security component generated by the encryption device can be installed in the decryption device, and the decryption device can call the security component to complete decryption, verification and other processes. The decryption device does not need to finish decryption, verification and other processes, development workload born by the decryption device is reduced, excessive security algorithms and related protocols do not need to be arranged in the decryption device, and therefore the risk of data and secret key leakage after the decryption device is broken is reduced, and the security of data protection is further improved.
In still other embodiments of the present application, the data encryption method may further include the step of generating and transmitting a check value of the encrypted file to the decryption apparatus based on the encrypted file. The decryption device can verify whether the encrypted file is replaced or tampered according to the check value, so that the security of protection of the encrypted file is further improved. Wherein, if the encryption device generates the security component, the security component is a static security component or a dynamic security component.
Alternatively, the data encryption method may further include the step of generating and transmitting a check value of the encrypted file and the secret component to the decryption apparatus based on the encrypted file and the secret component. The check value is calculated based on the encrypted file and the security component. The decryption device can verify whether the encrypted file and the confidential component are replaced or tampered according to the check value, so that the security of protection of the encrypted file and the confidential component is further improved. Wherein, the security component is a dynamic security component.
In the above embodiment, the encryption device may randomly generate the check factor, and calculate the check value of the encrypted file by using the check factor, or calculate the check value of the encrypted file and the secret component. The specific check value calculation method may use an MD5 message digest algorithm or other algorithms, which is not limited herein. Correspondingly, the encryption device can also send the check value calculation method and the check factor to the decryption device in an online or offline manner.
In some embodiments, the above data encryption method may further include a step of generating an obfuscation algorithm for obfuscating the operation, and randomly generating an obfuscation factor in the obfuscation algorithm. In the above embodiment, the first signature is a signature of the first obfuscating operation result data obtained according to the third key. And the first confusion operation result data is data obtained by carrying out confusion operation on the second secret key and the data to be encrypted. The obfuscating algorithms involved in each obfuscating operation may be different, for example, an obfuscating factor is randomly generated each time, and the obfuscating factor may affect a local variable in the obfuscating algorithm, so that each obfuscating operation is different, and an attacker cannot accurately obtain the obfuscating algorithm of each obfuscating operation, so that it is difficult to obtain the data to be encrypted, or tamper the data to be encrypted, thereby further improving the security of data protection. In some examples, the obfuscation algorithm may be compiled into the security component as part of the source code in the security component. In some examples, the obfuscation factor may be the second key in the above embodiments.
In some embodiments, the encryption device may obtain input data to be encrypted. Specifically, the data to be encrypted can be input into the encryption device in a man-machine interaction manner. For example, the data to be encrypted can be written into the encryption device according to Key, that is, Key, and Value, that is, Value mode. On the basis, other attribute items such as an expiration date and the like can be added, which is not limited herein. Under the condition of adopting the storage mode, the Value corresponding to the Key word Key of the query can be obtained by extracting the data to be encrypted through the interface. For example, the Value corresponding to the Key "Key _ string" is obtained through the getElement ("Key _ string") interface.
Fig. 7 is a flowchart of a method for decrypting data according to an embodiment of the present application. The decryption method of the data is applicable to a decryption apparatus. As shown in fig. 7, the method for decrypting the data may include steps S401 to S405.
In step S401, a pair of a first key and a sixth key is generated, the temporary key transmitted by the encryption apparatus is received, the first key is encrypted by the temporary key, and a first key ciphertext is obtained and transmitted to the encryption apparatus.
The first key ciphertext is the encrypted first key. The temporary key is used for encrypting the first key, so that the safety of the first key in the transmission process is improved.
In some examples, the first key is a public key or a symmetric key, which is not limited herein. If the first key is a public key, the sixth key is a private key paired with the first key. If the first key is a symmetric key, the sixth key and the first key are the same key.
In step S402, an encrypted file including the target ciphertext and the second signature transmitted by the encryption apparatus is received.
And the second signature is a signature of a target ciphertext obtained by the encryption device according to the fourth secret key. The target ciphertext is a ciphertext obtained by encrypting the second key, the data to be encrypted and the first signature by the encryption device by using the first key. It should be noted that, when the encrypted file in the embodiment of the present application is already transmitted, the target ciphertext and the second signature may be tampered during the transmission process.
In some examples, the encrypted file may also include other data, such as publicly available data, and the like.
In step S403, the sixth key is used to decrypt the target ciphertext to obtain the second key, the data to be encrypted, and the first signature.
In step S404, the target ciphertext and the second signature are verified using a seventh key paired with the fourth key.
The decryption device can verify the target ciphertext and the second signature, and if the target ciphertext and the second signature are successfully verified, the target ciphertext and the second signature are not tampered.
In some examples, the second key is a public key, the fourth key is a private key corresponding to the second key, and the seventh key is the second key obtained by decrypting the target ciphertext.
In step S405, the same obfuscating operation as that in the encryption apparatus is performed on the decrypted second key and the data to be encrypted to obtain second obfuscating operation result data, and the second obfuscating operation result data and the first signature are verified by using an eighth key paired with the third key.
And the first signature is a signature of the first obfuscated operation result data obtained by the encryption device according to the third key. The decryption device can verify the obtained second obfuscating operation result data and the first signature, and if the obtained second obfuscating operation result data and the first signature are verified successfully, the data to be encrypted, the second secret key and the first signature are not tampered.
In some examples, the second key is a public key, the third key is a private key corresponding to the second key, and the eighth key is the second key obtained by decrypting the target ciphertext. Further, the seventh key and the eighth key may be the same.
In the embodiment of the present application, the decryption apparatus generates the first key, encrypts the first key using the temporary key transmitted from the encryption apparatus to transmit the encrypted first key to the encryption apparatus, and encrypts the key used for encrypting the encryption apparatus during the transfer. The encrypted file received by the decryption device comprises a target ciphertext and a second signature, and the target ciphertext is decrypted by using a sixth key. The first key used for encrypting the target ciphertext is encrypted in the transmission process, so that the risk coefficient of data protection is reduced, and the security of data protection is improved.
Specifically, if the verification of the target ciphertext and the second signature is successful, and the verification of the second obfuscating operation result data and the first signature is successful, it is determined that the encrypted file is not tampered.
Fig. 8 is a flowchart of a method for decrypting data according to another embodiment of the present application. Fig. 8 is different from fig. 7 in that step S401 in fig. 7 may be subdivided into step S4011 to step S4014 in fig. 8, and the decryption method of data shown in fig. 8 may further include step S406 to step S408; correspondingly, step S403 in fig. 7 may be subdivided into step S4031 in fig. 8, step S404 in fig. 7 may be subdivided into step S4041 in fig. 8, and step S405 in fig. 7 may be subdivided into step S4051 and step S4052 in fig. 8.
In step S4011, a pair of a first key and a sixth key is generated.
In step S4012, a pair of a fifth key and a ninth key is generated, and the fifth key is transmitted to the encryption apparatus.
In some examples, the fifth key may be a public key or a symmetric key, which is not limited herein. And if the fifth secret key is a public key, the ninth secret key is a private key paired with the fifth secret key. If the fifth key is a symmetric key, the ninth key and the fifth key are the same key. The fifth key is used for the encryption device to encrypt the temporary key. The decryption device may send the fifth key to the confidential device either online or offline.
In step S4013, the second key ciphertext transmitted by the encryption apparatus is received, and the ninth key is used to decrypt the second key ciphertext, so as to obtain the temporary key.
The encryption device encrypts the temporary key by using the fifth key to obtain a second key ciphertext. I.e., the second key ciphertext is a temporary key encrypted with the fifth key. The decryption device may decrypt the second key ciphertext using the self-generated ninth key to obtain the temporary key.
In some examples, to further reduce the possibility of the fifth key being compromised, it is provided that after the second key ciphertext is decrypted using the ninth key, the life cycles of the fifth key and the ninth key end. The life cycle of the fifth key and the ninth key ends, i.e. the fifth key and the ninth key expire.
In step S4014, the first key is encrypted using the temporary key, and a first key ciphertext is obtained and sent to the encryption apparatus.
In step S406, the security component transmitted by the encryption apparatus is received and installed.
The security component includes a first program for implementing decryption of a target ciphertext, a second program for implementing signature verification, and a third program for implementing an obfuscation operation. In some examples, the security component may be implemented as a library of functions, etc., without limitation.
Wherein the encryption device is capable of writing the first program, the second program, and the third program into the security component. In particular, the first program, the second program, and the third program may be compiled into the secure component by way of source code and/or variables.
In some examples, where the first key is a symmetric key, the secure component may include a sixth key, i.e., the sixth key is compiled into the secure component by way of source code and/or variables. The sixth key may also be provided directly by the decryption device when it is required to use the sixth key, without compiling it into the security component.
In step S407, a request is made to the security component to acquire at least part of the data to be encrypted after the target ciphertext is decrypted.
The decryption device can perform processes such as decryption and verification on the encrypted file through the security component. After the encryption and verification processes of the encrypted file are finished through the security component, the security component can directly provide the data to be encrypted to the decryption device. That is, the decryption device may request the security component for all or part of the data to be encrypted after the target ciphertext is decrypted through an interface preset by the security component, which is not limited herein.
In step S408, at least a part of the data to be encrypted after the target ciphertext fed back by the security component is decrypted is received.
After receiving the request of the decryption device, the security component can feed back all or part of the data to be encrypted, which is requested to be obtained by the decryption device, to the decryption device. The decryption device can receive at least part of decrypted data to be encrypted fed back by the security component through an interface preset by the security component.
In some examples, the security component may further include a fourth program for determining whether the decryption device has the permission. The fourth program may be pre-compiled into the secure component by means of source code and/or variables. In order to further improve the validity and reliability of the data acquired by the decryption apparatus, step S408 may be specifically subdivided into: calling a fourth program in the security component to determine whether the decryption device has the permission in the security component; and if the decryption device is determined to have the permission, receiving at least part of the data to be encrypted after the target ciphertext fed back by the security component is decrypted.
For example, the fourth program may be for detecting whether the validity period of the encrypted file has expired. If the validity period of the encrypted file is not expired, the decryption device is considered to have permission, the security component can feed back at least part of to-be-encrypted data after the target ciphertext is decrypted, and the decryption device can receive at least part of to-be-encrypted data after the target ciphertext is decrypted, wherein the target ciphertext is fed back by the security component. If the validity period of the encrypted file is expired, the decryption device is considered to have no permission, the security component does not feed back at least part of the data to be encrypted after the target ciphertext is decrypted, and the decryption device cannot receive at least part of the data to be encrypted after the target ciphertext fed back by the security component is decrypted.
The fourth program may also be configured to detect whether an installation environment of the security component meets an effective condition, for example, whether an installation time, a number of Central Processing units (cpus), a memory size, a network card physical address, a host Internet Protocol (IP) address, and the like meet the effective condition. If the installation environment of the security component meets the effective condition, the decryption device is considered to have permission, the security component can feed back at least part of to-be-encrypted data after the target ciphertext is decrypted, and the decryption device can receive at least part of to-be-encrypted data after the target ciphertext fed back by the security component is decrypted. If the installation environment of the secret component does not meet the effective condition, the decryption device is considered to have no permission, the secret component does not feed back at least part of the data to be encrypted after the target ciphertext is decrypted, and the decryption device cannot receive at least part of the data to be encrypted after the target ciphertext fed back by the secret component is decrypted.
In step S4031, the first program in the security component is called, and the target ciphertext is decrypted in the security component using the sixth key, so as to obtain the second key, the data to be encrypted, and the first signature.
In some examples, the decryption device may decrypt the target ciphertext in the security component using a sixth key in the decryption device by calling a first program in the security component through an interface preset by the security component. The decryption device does not need to decrypt the target ciphertext, so that the development workload of the decryption device is reduced, and the security of protection of the encryption device, the data to be encrypted and the decryption device is improved.
In other examples, the decryption device may not invoke the security component, and the decryption device itself may complete decryption of the target ciphertext, which is not limited herein.
In step S4041, a second program in the security component is called, and the target ciphertext and the second signature are verified in the security component using the decrypted second key.
Wherein the seventh key is the same as the second key. In some examples, the decryption apparatus may verify the target ciphertext and the second signature in the security component by calling a second program in the security component by calling an interface preset by the security component, and using a second key obtained by calling the first program to decrypt the target ciphertext. The decryption device does not need to verify the target ciphertext and the second signature, so that the development workload of the decryption device is reduced, and the safety of protection of the encryption device, the data to be encrypted and the decryption device is improved.
In other examples, the decryption device may not invoke the security component, and the decryption device itself may perform the verification on the target ciphertext and the second signature, which is not limited herein.
In step S4051, a third program in the security component is called, and the obfuscating operation is performed on the decrypted second key and the data to be encrypted in the security component to obtain second obfuscated operation result data.
In some examples, the decryption apparatus may call a third program in the security component by calling an interface preset by the security component, and perform an obfuscation operation on the decrypted second key and the data to be encrypted in the security component to obtain second obfuscated operation result data. The decryption device does not need to perform confusion operation on the decrypted second secret key and the data to be encrypted, so that the development workload of the decryption device is reduced, and the security of protection of the encryption device, the data to be encrypted and the decryption device is improved.
In other examples, the decryption apparatus may not invoke the security component, and the decryption apparatus performs an obfuscating operation on the decrypted second key and the data to be encrypted, which is not limited herein.
In step S4052, a second program in the security component is called, and the second obfuscated operation result data and the first signature are verified in the security component using the decrypted second key.
Wherein the eighth key is the same as the second key. In some examples, the decryption apparatus may perform the verification of the second obfuscating operation result data and the first signature in the security component by calling an interface preset by the security component, calling a second program in the security component, and using a second key obtained by calling the first program to decrypt the target ciphertext. The decryption device does not need to verify the second obfuscated operation result data and the first signature, so that development workload of the decryption device is reduced, and the security of protection of the encryption device, the data to be encrypted and the decryption device is improved.
In other examples, the decryption device may not invoke the security component, and the decryption device itself may perform the verification of the second obfuscated operation result data and the first signature, which is not limited herein.
The decryption device can call the security component to complete decryption, verification and other processes, and the decryption device does not need to complete the decryption, verification and other processes. The development workload born by the decryption device is reduced, and the decryption device does not need to embed excessive security algorithms and related protocols, so that the risk of data and key leakage after the decryption device is broken is reduced, and the security of data protection is further improved.
In still other embodiments of the present application, the method for decrypting data may further include the step of receiving a check value of the encrypted file sent by the decryption device, and checking the encrypted file by using the check value. The decryption means may verify whether the encrypted file is replaced or tampered with based on the check value. Wherein, if the encryption device generates the security component, the security component is a static security component or a dynamic security component.
Or, the data decryption method may further include the step of receiving a check value of the encrypted file and the security component sent by the decryption device, and checking the encrypted file and the security component with the check value, where the check value is calculated based on the encrypted file and the security component. The decryption device can verify whether the encrypted file and the confidential component are replaced or tampered according to the check value, so that the security of protection of the encrypted file and the confidential component is further improved. Wherein, the secret component is a dynamic secret component.
Fig. 9 is a flowchart of a data encryption and decryption method according to an embodiment of the present application. The data encryption and decryption method is applicable to an encryption and decryption system for data including an encryption device and a decryption device. As shown in fig. 9, the data encryption and decryption method may include steps S501 to S513.
In step S501, the decryption apparatus generates and transmits a fifth key to the encryption apparatus.
In step S502, the encryption apparatus generates a temporary key, and encrypts the temporary key with the fifth key to obtain a second key ciphertext.
In step S503, the encryption apparatus transmits the second key ciphertext to the decryption apparatus.
In step S504, the decryption apparatus decrypts the received second key ciphertext using the ninth key, so as to obtain a temporary key.
In step S505, the decryption apparatus generates a pair of the first key and the sixth key, and encrypts the first key using the temporary key to obtain a first key ciphertext.
In step S506, the decryption apparatus transmits the first key ciphertext to the encryption apparatus.
In step S507, the encryption apparatus decrypts the first key ciphertext using the temporary key to obtain a first key, and encrypts the second key, the data to be encrypted, and the first signature using the first key to obtain a target ciphertext.
In step S508, the encryption apparatus obtains a second signature of the target ciphertext according to the fourth key.
In step S509, the encryption apparatus generates and transmits an encrypted file including the target ciphertext and the second signature to the decryption apparatus.
In step S510, the decryption device decrypts the target ciphertext in the received encrypted file by using the sixth key, so as to obtain the second key, the data to be encrypted, and the first signature.
In step S511, the target ciphertext and the second signature are verified using a seventh key paired with the fourth key.
In step S512, the same obfuscating operation as that in the encryption apparatus is performed on the decrypted second key and the data to be encrypted, so as to obtain second obfuscating operation result data.
In step S513, the second garbled operation result data and the first signature are verified with an eighth key paired with the third key.
In the embodiment of the application, through the protection measure of encrypting the transmitted secret key between the encryption device and the decryption device and the multi-layer protection processing of obfuscating, signing, encrypting and re-signing on the data to be encrypted by the encryption device, the risks of leakage, tampering and secret key leakage of the data to be encrypted are reduced, and the safety of data protection is improved.
For other contents of the data encryption and decryption method provided in the embodiment of the present application, reference may also be made to the data encryption method and the data decryption method in the above embodiments, which are not described herein again.
Fig. 10 is a schematic structural diagram of an encryption apparatus according to an embodiment of the present application. As shown in fig. 10, the encryption apparatus 10 may include a key management module 101, a transmission module 102, a reception module 103, an encryption/decryption module 104, a signature module 105, and an encrypted file generation module 106.
A key management module 101, configured to generate a temporary key and obtain a fourth key.
A sending module 102, configured to send the temporary key to the decryption apparatus.
The receiving module 103 is configured to receive the first key ciphertext sent by the decryption apparatus.
The first key ciphertext is a ciphertext obtained by encrypting the first key by the decryption apparatus using the temporary key.
And the encryption and decryption module 104 is configured to decrypt the first key ciphertext by using the temporary key to obtain a first key, and encrypt the second key, the data to be encrypted, and the first signature by using the first key to obtain a target ciphertext.
And the first signature is the signature of the first obfuscated operation result data obtained according to the third secret key. The first obfuscation operation result data is data obtained by obfuscating the second secret key and the data to be encrypted.
And the signature module 105 is configured to obtain a second signature of the target ciphertext according to the fourth key.
And an encrypted file generating module 106, configured to generate an encrypted file that includes the target ciphertext and the second signature.
In the embodiment of the present application, the encryption apparatus generates and transmits the temporary key to the decryption apparatus, so that the decryption apparatus encrypts the first key with the temporary key. The encryption device decrypts the received first key ciphertext using the temporary key to obtain a first key used to encrypt the second key, the data to be encrypted, and the first signature. Through the multilayer protection of confusion, signature, encryption and re-signature, encryption of a key used for encryption in the transmission process and the like, the data to be encrypted and the key required for encryption are processed, the risk coefficient of data protection is reduced, and the safety of data protection is improved.
In some examples, the receiving module 103 is further configured to obtain a fifth key generated by the decryption apparatus.
The encryption and decryption module 104 is further configured to encrypt the temporary key with the fifth key to obtain a second key ciphertext.
The sending module 102 is further configured to send the second key ciphertext to the decryption apparatus.
In some examples, the second key is a public key, and the third key and the fourth key are the same and are both private keys corresponding to the second key. The key management module 101 is further configured to generate a second key, a third key, and a fourth key together.
Fig. 11 is a schematic structural diagram of an encryption apparatus according to another embodiment of the present application. Fig. 11 is different from fig. 10 in that the encryption apparatus shown in fig. 11 may further include a component generation module 107, an obfuscation operation module 108, a secret information input module 109, and a verification calculation module 110.
And the component generating module 107 is used for generating and sending the security component to the decryption device, so that the decryption device can use the security component to decrypt and verify the encrypted file.
The security component comprises a first program for realizing decryption of a target ciphertext, a second program for realizing signature verification and a third program for realizing obfuscation operation.
In other examples, the security component further comprises a fourth program for determining whether the decryption device has the permission.
And the obfuscation operation module 108 is configured to generate an obfuscation algorithm for obfuscation operation, randomly generate an obfuscation factor in the obfuscation algorithm, and perform obfuscation operation on the second key and the data to be encrypted.
And the secret information input module 109 is used for acquiring the input data to be encrypted.
A verification calculation module 110, configured to generate and send a verification value of the encrypted file to the decryption apparatus based on the encrypted file; or generating and sending the check value of the encrypted file and the secret component to the decryption device based on the encrypted file and the secret component.
Fig. 12 is a schematic structural diagram of a decryption apparatus according to an embodiment of the present application. As shown in fig. 12, the decryption apparatus 20 may include a key management module 201, a receiving module 202, an encryption/decryption module 203, a transmitting module 204, and a signature verification module 205.
A key management module 201, configured to generate a pair of a first key and a sixth key.
The receiving module 202 is configured to receive the temporary key sent by the encryption apparatus, and receive an encrypted file that includes the target ciphertext and the second signature and is sent by the encryption apparatus.
And the second signature is a signature of a target ciphertext obtained by the encryption device according to the fourth secret key.
And the encryption and decryption module 203 is configured to encrypt the first key with the temporary key to obtain a first key ciphertext, and decrypt the target ciphertext with the sixth key to obtain a second key, the data to be encrypted, and the first signature.
A sending module 204, configured to send the first key ciphertext to the encryption apparatus.
And the signature verification module 205 is configured to verify the target ciphertext and the second signature by using a seventh key paired with the fourth key, perform the same obfuscation operation as that in the encryption apparatus on the decrypted second key and the data to be encrypted to obtain second obfuscated operation result data, and verify the second obfuscated operation result data and the first signature by using an eighth key paired with the third key.
And the first signature is the signature of the first obfuscated operation result data obtained by the encryption device according to the third secret key.
In the embodiment of the present application, the decryption apparatus generates the first key, encrypts the first key using the temporary key transmitted from the encryption apparatus to transmit the encrypted first key to the encryption apparatus, and encrypts the key used for encrypting the encryption apparatus during the transfer. The encrypted file received by the decryption device comprises a target ciphertext and a second signature, the target ciphertext is decrypted by using the sixth key, and the first key used for encrypting the target ciphertext is encrypted in the transmission process, so that the risk coefficient of data protection is reduced, and the security of data protection is improved.
In some examples, the signature verification module 205 is further configured to determine that the encrypted file has not been tampered with if the target ciphertext and the second signature are successfully verified and the second obfuscated operation result and the first signature are successfully verified.
In some examples, the key management module 201 is further configured to generate a pair of a fifth key and a ninth key.
The sending module 204 is further configured to send the fifth key to the encryption apparatus.
The receiving module 202 is further configured to receive a second key ciphertext sent by the encryption apparatus.
The encryption and decryption module 203 is further configured to decrypt the second key ciphertext with the ninth key to obtain the temporary key.
Fig. 13 is a schematic structural diagram of a decryption apparatus according to an embodiment of the present application. Fig. 13 differs from fig. 12 in that the decryption apparatus 20 shown in fig. 13 may further include a component installation module 206, a secret information acquisition module 207, and a verification calculation module 208.
And the component installation module 206 is used for receiving and installing the confidential components sent by the encryption device.
The security component comprises a first program for realizing decryption of a target ciphertext, a second program for realizing signature verification and a third program for realizing obfuscation operation.
In some examples, the security component further comprises a sixth key. The encryption and decryption module 203 is specifically configured to invoke the first program and the sixth key in the security component, and decrypt the target ciphertext in the security component to obtain the second key, the data to be encrypted, and the first signature.
In other examples, the seventh key is the same as the second key. The signature verification module 205 is specifically configured to invoke a second program in the security component, and verify the target ciphertext and the second signature in the security component by using the second key obtained through decryption.
In still other examples, the eighth key is the same as the second key. The signature verification module 205 is specifically configured to invoke a third program in the security component, perform obfuscation operation on the decrypted second key and the data to be encrypted in the security component to obtain second obfuscated operation result data, and invoke a second program in the security component, and verify the second obfuscated operation result data and the first signature in the security component by using the decrypted second key.
The secret information obtaining module 207 is configured to request the secret component to obtain at least part of the data to be encrypted after the target ciphertext is decrypted, and is configured to receive at least part of the data to be encrypted after the target ciphertext is decrypted, where the data is fed back by the secret component.
In some examples, the security component further comprises a fourth program for determining whether the decryption device has the permission. The secret information obtaining module 207 is specifically configured to invoke a fourth program in the secret component, determine, in the secret component, whether the decryption device has the permission, and receive, if it is determined that the decryption device has the permission, at least part of the to-be-encrypted data after the target ciphertext fed back by the secret component is decrypted.
And the verification calculation module 208 is configured to receive the verification value of the encrypted file sent by the decryption apparatus and verify the encrypted file by using the verification value, or receive the verification value of the encrypted file and the verification value of the security component sent by the decryption apparatus and verify the encrypted file and the security component by using the verification value.
It should be noted that fig. 14 is a schematic structural diagram of a security component according to an embodiment of the present application. As shown in fig. 14, the security component 60 may include a decryption unit 601, a signature verification unit 602, and an obfuscation operation unit 603 corresponding to the first program, the second program, and the third program in the security component. The security component may further include a security information extraction unit 604 and an authority self-checking module 605, corresponding to the security information acquisition module 207 and the fourth program of the decryption apparatus 20.
The decryption unit 601 may store a first program for decrypting the target ciphertext with the sixth key.
The signature verification unit 602 may store a second program for verifying the target ciphertext and the second signature based on the seventh key, and for verifying the second garbled operation result data and the first signature using the eighth key.
The obfuscating operation unit 603 stores a third program, which is used to perform an obfuscating operation on the decrypted second key and the data to be encrypted to obtain second obfuscating operation result data.
The secret information extracting unit 604 is used for being called by the decrypting apparatus 20 so that the decrypting apparatus 20 obtains at least part of the data to be encrypted after the target ciphertext is decrypted.
The authority self-checking module 605 stores a fourth program for determining whether the decryption apparatus has the permission authority, and if the decryption apparatus has the permission authority, allowing the security component to feed back at least part of the data to be encrypted after the target ciphertext is decrypted.
Wherein, the seventh key and the eighth key may be the same as the second key.
An embodiment of the present application may also provide a data encryption and decryption system, and the structure of the data encryption and decryption system may be as shown in fig. 1. For details of the encryption device 10, reference may be made to the related description of the encryption device 10 in the above embodiments, and details are not repeated herein. For the details of the decryption apparatus 20, reference may be made to the related description of the decryption apparatus 20 in the above embodiments, and further description is omitted here.
Fig. 15 is a schematic structural diagram of an encryption apparatus according to an embodiment of the present application. As shown in fig. 15, the encryption device 70 includes a memory 701, a processor 702, and a computer program stored on the memory 701 and executable on the processor 702.
In one example, the processor 702 may include a Central Processing Unit (CPU), or an Application Specific Integrated Circuit (ASIC), or may be configured to implement one or more integrated circuits of embodiments of the present application.
Memory 701 may include mass storage for data or instructions. By way of example, and not limitation, memory 701 may include an HDD, floppy disk drive, flash memory, optical disk, magneto-optical disk, magnetic tape, or a Universal Serial Bus (USB) drive or a combination of two or more of these. Memory 701 may include removable or non-removable (or fixed) media, where appropriate. The memory 701 may, where appropriate, be internal or external to the encryption device 70 at the terminal hotspot. In a particular embodiment, the memory 701 is non-volatile solid-state memory. In a particular embodiment, the memory 701 includes Read Only Memory (ROM). Where appropriate, the ROM may be mask-programmed ROM, Programmable ROM (PROM), Erasable PROM (EPROM), Electrically Erasable PROM (EEPROM), electrically rewritable ROM (EAROM), or flash memory or a combination of two or more of these.
The processor 702 runs a computer program corresponding to the executable program code by reading the executable program code stored in the memory 701 for implementing the encryption method of data in the above-described embodiments.
In one example, the encryption device 70 may also include a communication interface 703 and a bus 704. As shown in fig. 15, the memory 701, the processor 702, and the communication interface 703 are connected via a bus 704 to complete communication therebetween.
The communication interface 703 is mainly used for implementing communication between modules, apparatuses, units and/or devices in this embodiment of the application. Input devices and/or output devices may also be accessed through communications interface 703.
The bus 704 includes hardware, software, or both to couple the components of the encryption apparatus 70 to one another. By way of example, and not limitation, the bus 704 may include an Accelerated Graphics Port (AGP) or other graphics bus, an Enhanced Industry Standard Architecture (EISA) bus, a Front Side Bus (FSB), a Hyper Transport (HT) interconnect, an Industry Standard Architecture (ISA) bus, an infiniband interconnect, a Low Pin Count (LPC) bus, a memory bus, a Micro Channel Architecture (MCA) bus, a Peripheral Component Interconnect (PCI) bus, a PCI-Express (PCI-X) bus, a Serial Advanced Technology Attachment (SATA) bus, a video electronics standards association local (VLB) bus, or other suitable bus, or a combination of two or more of these. Bus 704 may include one or more buses, where appropriate. Although specific buses are described and shown in the embodiments of the application, any suitable buses or interconnects are contemplated by the application.
The embodiment of the present application may also provide a decryption apparatus, and the specific structure of the decryption apparatus may be referred to as the encryption apparatus 70 shown in fig. 15. It should be noted that the processor in the decryption apparatus runs the computer program corresponding to the executable program code by reading the executable program code stored in the memory, so as to implement the decryption method of the data in the foregoing embodiment, and the rest of the contents may refer to the relevant description in the foregoing embodiment, which is not described herein again.
An embodiment of the present application further provides a computer-readable storage medium, on which a computer program is stored, and when the computer program is executed by a processor, the computer program can implement the data encryption method or the data decryption method in the above-mentioned embodiments.
It should be clear that the embodiments in this specification are described in a progressive manner, and the same or similar parts in the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. For apparatus embodiments, system embodiments, and computer-readable storage medium embodiments, reference may be made in the descriptive section to method embodiments. The present application is not limited to the particular steps and structures described above and shown in the drawings. Those skilled in the art may make various changes, modifications and additions or change the order between the steps after appreciating the spirit of the present application. Also, a detailed description of known process techniques is omitted herein for the sake of brevity.
It will be appreciated by persons skilled in the art that the above embodiments are illustrative and not restrictive. Different features which are present in different embodiments may be combined to advantage. Other variations to the disclosed embodiments can be understood and effected by those skilled in the art upon studying the drawings, the specification, and the claims. In the claims, the term "comprising" does not exclude other means or steps; the indefinite article "a" does not exclude a plurality; the terms "first" and "second" are used to denote a name and not to denote any particular order. Any reference signs in the claims shall not be construed as limiting the scope. The functions of the various parts appearing in the claims may be implemented by a single hardware or software module. The mere fact that certain measures are recited in mutually different dependent claims does not indicate that a combination of these measures cannot be used to advantage.
Claims (43)
1. A method for encrypting data, the method being applied to an encryption apparatus, the method comprising:
generating and transmitting a temporary key to a decryption device;
receiving a first key ciphertext sent by the decryption device, wherein the first key ciphertext is a ciphertext obtained by encrypting a first key by the decryption device by using the temporary key;
decrypting the first key ciphertext by using the temporary key to obtain the first key, and encrypting a second key, data to be encrypted and a first signature by using the first key to obtain a target ciphertext, wherein the first signature is a signature of first obfuscating operation result data obtained according to a third key, and the first obfuscating operation result data is data obtained by performing obfuscating operation on the second key and the data to be encrypted;
acquiring a fourth key, and acquiring a second signature of the target ciphertext according to the fourth key;
generating the encrypted file comprising the target ciphertext and the second signature;
the method further comprises the following steps:
and generating a confusion algorithm of the confusion operation, and randomly generating a confusion factor in the confusion algorithm.
2. The method of claim 1, wherein generating and sending the temporary key to the decryption device comprises:
acquiring a fifth key generated by the decryption device;
generating the temporary key, and encrypting the temporary key by using the fifth key to obtain a second key ciphertext;
and sending the second key ciphertext to the decryption device.
3. The method of claim 1, wherein a lifetime of the ephemeral key is terminated after the first key ciphertext is decrypted using the ephemeral key.
4. The method of claim 1, further comprising:
and generating and sending a secret component to a decryption device, wherein the secret component comprises a first program for realizing decryption of the target ciphertext, a second program for realizing signature verification and a third program for realizing the obfuscation operation, so that the decryption device can call the secret component to decrypt and verify the encrypted file.
5. The method of claim 4, wherein the security component further comprises a fourth program for determining whether the decryption device has a license right.
6. The method of claim 4, further comprising:
generating and sending a check value of the encrypted file to the decryption device based on the encrypted file;
alternatively, the first and second electrodes may be,
and generating and sending the check value of the encrypted file and the secret component to the decryption device based on the encrypted file and the secret component.
7. The method of claim 1, further comprising:
and acquiring the input data to be encrypted.
8. The method of claim 1, wherein the first key is a public key or a symmetric key.
9. The method of claim 1, wherein the second key is a public key, and the third key and/or the fourth key is a private key corresponding to the second key.
10. The method of claim 1, wherein the third key is the same as the fourth key.
11. A method for decrypting data, applied to a decryption apparatus, the method comprising:
generating a first key and a sixth key which are paired, receiving a temporary key sent by an encryption device, encrypting the first key by using the temporary key to obtain a first key ciphertext and sending the first key ciphertext to the encryption device;
receiving an encrypted file which is sent by the encryption device and comprises a target ciphertext and a second signature, wherein the second signature is a signature of the target ciphertext, which is obtained by the encryption device according to a fourth key;
decrypting the target ciphertext by using the sixth key to obtain a second key, data to be encrypted and a first signature;
verifying the target ciphertext and the second signature using a seventh key that is paired with the fourth key;
and performing the same obfuscation operation as that in the encryption device on the decrypted second key and the data to be encrypted to obtain second obfuscation operation result data, and verifying the second obfuscation operation result data and the first signature by using an eighth key paired with a third key, wherein the first signature is a signature of the first obfuscation operation result data obtained by the encryption device according to the third key, and an obfuscation algorithm of the obfuscation operation comprises an obfuscation factor randomly generated by the encryption device.
12. The method of claim 11, further comprising:
and if the verification of the target ciphertext and the second signature is successful and the verification of the second obfuscating operation result data and the first signature is successful, determining that the encrypted file is not tampered.
13. The method of claim 11, wherein the receiving the temporary key sent by the encryption device comprises:
generating a fifth key and a ninth key in pair, and transmitting the fifth key to the encryption apparatus;
and receiving a second key ciphertext sent by the encryption device, and decrypting the second key ciphertext by using the ninth key to obtain the temporary key.
14. The method of claim 13, wherein the life cycle of the fifth key and the ninth key is terminated after the second key ciphertext is decrypted using the ninth key.
15. The method of claim 11, further comprising:
receiving and installing a security component sent by the encryption device, wherein the security component comprises a first program for realizing decryption of the target ciphertext, a second program for realizing signature verification and a third program for realizing the obfuscation operation;
requesting the security component to acquire at least part of to-be-encrypted data decrypted by the target ciphertext;
and receiving at least part of data to be encrypted after the target ciphertext fed back by the security component is decrypted.
16. The method of claim 15, wherein decrypting the target ciphertext using the sixth key to obtain a second key, data to be encrypted, and a first signature comprises:
and calling the first program in the security component, and decrypting the target ciphertext in the security component by using the sixth key to obtain a second key, data to be encrypted and a first signature.
17. The method of claim 15, wherein the seventh key is the same as the second key,
the verifying the target ciphertext and the second signature using a seventh key paired with the fourth key comprises:
and calling the second program in the security component, and verifying the target ciphertext and the second signature in the security component by using the second key obtained by decryption.
18. The method of claim 15, wherein the eighth key is the same as the second key,
the performing the same obfuscation operation as that in the encryption device on the decrypted second key and the data to be encrypted to obtain second obfuscation operation result data, and verifying the second obfuscation operation result data and the first signature by using an eighth key paired with a third key includes:
calling the third program in the security component, and performing obfuscation operation on the second key obtained by decryption and the data to be encrypted in the security component to obtain second obfuscation operation result data;
and calling the second program in the security component, and verifying the second obfuscated operation result data and the first signature in the security component by using the second key obtained by decryption.
19. The method of claim 15, wherein the security component further comprises a fourth program for determining whether the decryption device has a license,
the receiving of at least part of the data to be encrypted after the target ciphertext fed back by the security component is decrypted includes:
invoking said fourth program in said secure component, determining in said secure component whether said decryption device has a permission;
and if the decryption device is determined to have the permission, receiving at least part of the data to be encrypted after the target ciphertext fed back by the security component is decrypted.
20. The method of claim 15, further comprising:
receiving a check value of the encrypted file sent by the decryption device, and checking the encrypted file by using the check value;
alternatively, the first and second liquid crystal display panels may be,
and receiving the encrypted file and the check value of the confidential component sent by the decryption device, and checking the encrypted file and the confidential component by using the check value.
21. The method of claim 11, wherein the first key is a public key or a symmetric key.
22. The method according to claim 11, wherein the second key is a public key, and the seventh key and/or the eighth key is the same as the second key.
23. The method of claim 11, wherein the third key is the same as the fourth key.
24. An encryption apparatus, comprising:
the key management module is used for generating a temporary key and acquiring a fourth key;
a sending module, configured to send the temporary key to a decryption apparatus;
a receiving module, configured to receive a first key ciphertext sent by the decryption apparatus, where the first key ciphertext is a ciphertext obtained by the decryption apparatus encrypting a first key by using the temporary key;
the encryption and decryption module is used for decrypting the first key ciphertext by using the temporary key to obtain the first key, encrypting a second key, data to be encrypted and a first signature by using the first key to obtain a target ciphertext, wherein the first signature is a signature of first obfuscating operation result data obtained according to a third key, and the first obfuscating operation result data is data obtained after obfuscating operation is performed on the second key and the data to be encrypted;
the signature module is used for obtaining a second signature of the target ciphertext according to a fourth key;
an encrypted file generating module, configured to generate the encrypted file that includes the target ciphertext and the second signature;
and the confusion operation module is used for generating a confusion algorithm of the confusion operation and randomly generating a confusion factor in the confusion algorithm.
25. The apparatus of claim 24,
the receiving module is further configured to obtain a fifth key generated by the decryption apparatus;
the encryption and decryption module is further configured to encrypt the temporary key by using the fifth key to obtain a second key ciphertext;
the sending module is further configured to send a second key ciphertext to the decryption apparatus.
26. The apparatus of claim 24, further comprising:
and the component generation module is used for generating and sending a secret component to a decryption device, wherein the secret component comprises a first program for realizing decryption of the target ciphertext, a second program for realizing signature verification and a third program for realizing the obfuscation operation, so that the decryption device can call the secret component to decrypt and verify the encrypted file.
27. The apparatus of claim 26, wherein the security component further comprises a fourth program for determining whether the decryption device has a licensing authority.
28. The apparatus of claim 26, further comprising:
the verification calculation module is used for generating and sending a verification value of the encrypted file to the decryption device based on the encrypted file; or, the decryption device is configured to generate and send a check value of the encrypted file and the secret component to the decryption apparatus based on the encrypted file and the secret component.
29. The apparatus of claim 24, further comprising:
and the confusion operation module is also used for carrying out confusion operation on the second secret key and the data to be encrypted.
30. The apparatus of claim 24, further comprising:
and the secret information input module is used for acquiring the input data to be encrypted.
31. An apparatus for decrypting data, comprising:
the key management module is used for generating a first key and a sixth key which are paired;
the receiving module is used for receiving the temporary secret key sent by the encryption device and receiving the encrypted file which is sent by the encryption device and comprises a target ciphertext and a second signature, wherein the second signature is a signature of the target ciphertext obtained by the encryption device according to a fourth secret key;
the encryption and decryption module is used for encrypting the first key by using the temporary key to obtain a first key ciphertext and decrypting the target ciphertext by using the sixth key to obtain a second key, data to be encrypted and a first signature;
a sending module, configured to send the first key ciphertext to the encryption apparatus;
the signature verification module is configured to verify the target ciphertext and the second signature by using a seventh key paired with the fourth key, perform the same obfuscating operation as that performed in the encryption device on the second key and the data to be encrypted obtained by decryption to obtain second obfuscated operation result data, and verify the second obfuscated operation result data and the first signature by using an eighth key paired with the third key, where the first signature is a signature of first obfuscated operation result data obtained by the encryption device according to the third key, and an obfuscating algorithm of the obfuscating operation includes an obfuscating factor randomly generated by the encryption device.
32. The apparatus of claim 31, further comprising:
the signature verification module is further configured to determine that the encrypted file is not tampered if the target ciphertext and the second signature are successfully verified and the second obfuscating operation result data and the first signature are successfully verified.
33. The apparatus of claim 31,
the key management module is further configured to generate a fifth key and a ninth key in pair;
the sending module is further configured to send the fifth key to the encryption apparatus;
the receiving module is further configured to receive a second key ciphertext sent by the encryption apparatus;
the encryption and decryption module is further configured to decrypt the second key ciphertext with the ninth key to obtain the temporary key.
34. The apparatus of claim 31, further comprising:
the component installation module is used for receiving and installing a secret component sent by the encryption device, and the secret component comprises a first program for realizing decryption of the target ciphertext, a second program for realizing signature verification and a third program for realizing the obfuscation operation;
and the secret information acquisition module is used for requesting the secret component to acquire at least part of the data to be encrypted after the target ciphertext is decrypted, and is used for receiving at least part of the data to be encrypted after the target ciphertext is decrypted, and the data is fed back by the secret component.
35. The apparatus of claim 34,
the encryption and decryption module is specifically configured to invoke the first program in the security component, and decrypt the target ciphertext in the security component by using the sixth key to obtain a second key, data to be encrypted, and a first signature.
36. The apparatus of claim 34, wherein the seventh key is the same as the second key,
the signature verification module is specifically configured to invoke the second program in the security component, and verify the target ciphertext and the second signature in the security component by using the second key obtained through decryption.
37. The apparatus of claim 34, wherein the eighth key is the same as the second key,
the signature verification module is specifically configured to invoke the third program in the security component, perform obfuscation operation on the second key obtained by decryption and the data to be encrypted in the security component to obtain second obfuscated operation result data, invoke the second program in the security component, and verify the second obfuscated operation result data and the first signature in the security component by using the second key obtained by decryption.
38. The apparatus according to claim 34, wherein said security component further comprises a fourth program for determining whether said decryption means has a license right,
the secret information obtaining module is specifically configured to invoke the fourth program in the secret component, determine, in the secret component, whether the decryption device has the permission, and receive, if it is determined that the decryption device has the permission, at least part of the data to be encrypted after the target ciphertext fed back by the secret component is decrypted.
39. The apparatus of claim 34, further comprising:
and the verification calculation module is used for receiving the verification value of the encrypted file sent by the decryption device and verifying the encrypted file by using the verification value, or is used for receiving the verification value of the encrypted file and the verification value of the confidential component sent by the decryption device and verifying the encrypted file and the confidential component by using the verification value.
40. A system for encrypting and decrypting data, comprising the encryption apparatus according to any one of claims 24 to 30 and the decryption apparatus according to any one of claims 31 to 39.
41. An encryption apparatus comprising a processor, a memory and a computer program stored on the memory and executable on the processor, the computer program, when executed by the processor, implementing a method of encrypting data as claimed in any one of claims 1 to 10.
42. An encryption apparatus comprising a processor, a memory and a computer program stored on the memory and executable on the processor, the computer program when executed by the processor implementing a method of decrypting data according to any one of claims 11 to 23.
43. A computer-readable storage medium, on which a computer program is stored, which, when executed by a processor, implements a method of encrypting data according to any one of claims 1 to 10 or a method of decrypting data according to any one of claims 11 to 23.
Priority Applications (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911174966.6A CN110995685B (en) | 2019-11-26 | 2019-11-26 | Data encryption and decryption method, device, system and storage medium |
| TW109126455A TWI813894B (en) | 2019-11-26 | 2020-08-05 | Data encryption and decryption method, device, system and storage medium |
| PCT/CN2020/124933 WO2021103921A1 (en) | 2019-11-26 | 2020-10-29 | Methods and devices for data encryption and decryption, system, and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911174966.6A CN110995685B (en) | 2019-11-26 | 2019-11-26 | Data encryption and decryption method, device, system and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110995685A CN110995685A (en) | 2020-04-10 |
| CN110995685B true CN110995685B (en) | 2022-07-19 |
Family
ID=70086982
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911174966.6A Active CN110995685B (en) | 2019-11-26 | 2019-11-26 | Data encryption and decryption method, device, system and storage medium |
Country Status (3)
| Country | Link |
|---|---|
| CN (1) | CN110995685B (en) |
| TW (1) | TWI813894B (en) |
| WO (1) | WO2021103921A1 (en) |
Families Citing this family (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110995685B (en) * | 2019-11-26 | 2022-07-19 | 中国银联股份有限公司 | Data encryption and decryption method, device, system and storage medium |
| CN112235111B (en) * | 2020-12-17 | 2021-03-09 | 腾讯科技(深圳)有限公司 | Key generation method, device, equipment and computer readable storage medium |
| CN112685781A (en) * | 2020-12-31 | 2021-04-20 | 上海玳鸽信息技术有限公司 | Private data exchange method, system, electronic equipment and storage medium |
| CN113779598A (en) * | 2021-08-27 | 2021-12-10 | 北京达佳互联信息技术有限公司 | Data processing method, device, server and storage medium |
| CN114499871B (en) * | 2021-12-23 | 2024-01-09 | 成都卫士通信息产业股份有限公司 | Signature encryption method, device and system and computer readable storage medium |
| CN115481419B (en) * | 2022-09-13 | 2023-04-14 | 北京海泰方圆科技股份有限公司 | File processing method and device, computer equipment and readable storage medium |
| CN116455892B (en) * | 2023-04-19 | 2023-10-27 | 惠州市乐亿通科技有限公司 | File transmission method, file transmission device and terminal equipment |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106712932A (en) * | 2016-07-20 | 2017-05-24 | 腾讯科技(深圳)有限公司 | Secret key management method, device and system |
| CN108418817A (en) * | 2018-02-14 | 2018-08-17 | 华为技术有限公司 | A kind of encryption method and device |
| CN109462472A (en) * | 2017-09-06 | 2019-03-12 | 阿里巴巴集团控股有限公司 | The methods, devices and systems of data encryption and decryption |
| CN109657479A (en) * | 2017-10-11 | 2019-04-19 | 厦门雅迅网络股份有限公司 | Data leakage prevention method and computer readable storage medium |
| CN109889344A (en) * | 2019-01-31 | 2019-06-14 | 深圳中兴飞贷金融科技有限公司 | The transmission method and computer readable storage medium of terminal, data |
Family Cites Families (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP4427693B2 (en) * | 1998-10-02 | 2010-03-10 | ソニー株式会社 | Data processing apparatus and method, and data decoding processing apparatus and method |
| US8719954B2 (en) * | 2006-10-11 | 2014-05-06 | Bassilic Technologies Llc | Method and system for secure distribution of selected content to be protected on an appliance-specific basis with definable permitted associated usage rights for the selected content |
| US20080092239A1 (en) * | 2006-10-11 | 2008-04-17 | David H. Sitrick | Method and system for secure distribution of selected content to be protected |
| CN102087605B (en) * | 2011-01-28 | 2014-05-07 | 宇龙计算机通信科技(深圳)有限公司 | Android-based platform application installation control method and system |
| TWI486808B (en) * | 2013-06-26 | 2015-06-01 | Taiwan Ca Inc | System for validating electronic insurance policy with certificate and method thereof |
| US11368445B2 (en) * | 2018-05-21 | 2022-06-21 | Amazon Technologies, Inc. | Local encryption for single sign-on |
| CN110995685B (en) * | 2019-11-26 | 2022-07-19 | 中国银联股份有限公司 | Data encryption and decryption method, device, system and storage medium |
-
2019
- 2019-11-26 CN CN201911174966.6A patent/CN110995685B/en active Active
-
2020
- 2020-08-05 TW TW109126455A patent/TWI813894B/en active
- 2020-10-29 WO PCT/CN2020/124933 patent/WO2021103921A1/en active Application Filing
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106712932A (en) * | 2016-07-20 | 2017-05-24 | 腾讯科技(深圳)有限公司 | Secret key management method, device and system |
| CN109462472A (en) * | 2017-09-06 | 2019-03-12 | 阿里巴巴集团控股有限公司 | The methods, devices and systems of data encryption and decryption |
| CN109657479A (en) * | 2017-10-11 | 2019-04-19 | 厦门雅迅网络股份有限公司 | Data leakage prevention method and computer readable storage medium |
| CN108418817A (en) * | 2018-02-14 | 2018-08-17 | 华为技术有限公司 | A kind of encryption method and device |
| CN109889344A (en) * | 2019-01-31 | 2019-06-14 | 深圳中兴飞贷金融科技有限公司 | The transmission method and computer readable storage medium of terminal, data |
Also Published As
| Publication number | Publication date |
|---|---|
| TWI813894B (en) | 2023-09-01 |
| TW202121866A (en) | 2021-06-01 |
| CN110995685A (en) | 2020-04-10 |
| WO2021103921A1 (en) | 2021-06-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110995685B (en) | Data encryption and decryption method, device, system and storage medium | |
| CN110519309B (en) | Data transmission method, device, terminal, server and storage medium | |
| CN110891061B (en) | Data encryption and decryption method and device, storage medium and encrypted file | |
| CN111708991A (en) | Service authorization method, service authorization device, computer equipment and storage medium | |
| JP2013516685A (en) | System and method for enforcing computer policy | |
| CN102077213A (en) | Techniques for ensuring authentication and integrity of communications | |
| US8774407B2 (en) | System and method for executing encrypted binaries in a cryptographic processor | |
| US20110202772A1 (en) | Networked computer identity encryption and verification | |
| CN105099705A (en) | Safety communication method and system based on USB protocol | |
| JP2017011491A (en) | Authentication system | |
| CN106992978B (en) | Network security management method and server | |
| CN108848094B (en) | Data security verification method, device, system, computer equipment and storage medium | |
| KR20140071775A (en) | Cryptography key management system and method thereof | |
| JP2019009728A (en) | Secure element, computer program, device, server, and secure element authentication method | |
| CN114024702A (en) | Information security protection method and computing device | |
| CN113676326A (en) | TDDI chip | |
| CN113508380A (en) | Method for terminal entity authentication | |
| CN114244522B (en) | Information protection method, device, electronic equipment and computer readable storage medium | |
| CN113132107B (en) | License encryption method and device, license decryption method and device and equipment | |
| CN113872769B (en) | Device authentication method and device based on PUF, computer device and storage medium | |
| WO2023145240A1 (en) | Information processing device and information processing system | |
| CN114244522A (en) | Information protection method and device, electronic equipment and computer readable storage medium | |
| JP6053582B2 (en) | Cryptographic processing apparatus, cryptographic processing method, cryptographic processing program, and authentication method | |
| CN117061127A (en) | Digital signature generation method and system, device, electronic equipment and storage medium | |
| CN117591407A (en) | Information processing method, device, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| REG | Reference to a national code |
Ref country code: HK Ref legal event code: DE Ref document number: 40021036 Country of ref document: HK |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |