CN102185691A - Method for encrypting information of comprehensive service card based on digital home - Google Patents
Method for encrypting information of comprehensive service card based on digital home Download PDFInfo
- Publication number
- CN102185691A CN102185691A CN2011100809760A CN201110080976A CN102185691A CN 102185691 A CN102185691 A CN 102185691A CN 2011100809760 A CN2011100809760 A CN 2011100809760A CN 201110080976 A CN201110080976 A CN 201110080976A CN 102185691 A CN102185691 A CN 102185691A
- Authority
- CN
- China
- Prior art keywords
- key
- digital home
- rsa
- des
- user side
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a method for encrypting information of a comprehensive service card based on a digital home. The method comprises the following steps: a digital home client A and an operation management background B generate a respective RSA (Remote Subscriber Area) key pair, wherein the digital home client is a comprehensive service card; public keys in the RSA key pairs are transmitted to the other party respectively; the digital home client A generates a DES (Data Encryption Standard) key, encrypts the generated DES key by using the RSA public key of the operation management background B and transmits the encrypted DES key to the operation management background B; the digital home client A encrypts a file to be transmitted by using the generated DES key; the digital home client A evaluates the MD5 (Message Digest 5) value of a file abstract by using an MD5 algorithm; the digital home client A encrypts the MD5 value by using a generated RSA private key to form a final encrypt file and an encrypted MD5 value; and the digital home client A transmits the final encrypt file and the encrypted MD5 value to the operation management background B. By adopting the method, the speed and the security are ensured.
Description
Technical field
The present invention relates to digital home technical field, be specifically related to a kind of integrated service card information encryption method based on digital home.
Background technology
In recent years, China's Digital Television develops rapidly.Formulated " Chinese digital home action plan " in 2007, proposed construction " south of the Five Ridges characteristic " digital home's development model " with the cable TV network is the main channel; with the Digital Television is " center ", realize with the 3C terminal to interconnect with the interaction of media information and service be the integration of three networks service of principal character.
Along with the continuous propelling and the in-depth of digital home's action plan, carrying out digital home's electronic transaction by the broadcast television transmissions passage has become inevitable.And along with the development of digital home's industry, offer the function that the user of digital home selects will get more and more, for example: sponsored program etc. is paid, selected to the paying of charges for water and electricity, bank transfer, telephone charges.And these functions all relate to the payment function of expense, have therefore impelled the birth of integrated service card.And under the trend of the integration of three networks, the use of integrated service card certainly will become the trend of digital home's industry development, and it will make things convenient for the user's of digital home life greatly.
Therefore, in the use of integrated service card, the fail safe of integrated service card information becomes a problem of can not ignore.
Summary of the invention
The technical problem to be solved in the present invention provides a kind of integrated service card information encryption method based on digital home, can satisfy the demand of the Zhi Fuyu of digital home clearing, guarantees the fail safe based on the relevant information of digital home's integrated service card.
Technical scheme provided by the invention is as follows:
The invention provides a kind of integrated service card information encryption method, comprise step based on digital home:
The RSA key of the user side A of digital home and each self-generating of B of operation management backstage oneself is right, and described digital home user side is the integrated service card;
The PKI of the RSA key centering that user side A of digital home and operation management backstage B will produce is respectively issued the other side;
The user side A of digital home generates a DES key, and the DES key that generates of the RSA public key encryption oneself that sends with operation management backstage B, and this DES key is sent to operation management backstage B;
The file that the user side A of digital home will send with the DES secret key encryption that generates;
The user side A of digital home obtains this document summary MD5 value with the MD5 algorithm;
The user side A of digital home encrypts the MD5 value with the RSA private key that generates, and forms the final encrypt file and the MD5 value of encryption;
The user side A of digital home sends to operation management backstage B with the encryption MD5 value of final encrypt file and generation;
The DES secret key decryption original that operation management backstage B sends with the user side A of digital home, use the signature file of the RSA PKI reduction MD5 value summary of the user side A of digital home again, if identical, illustrate that then this document is authentic and valid and is to send from the user side A of digital home really.
Optionally, the described user side A of digital home comprises the key of the PKI of asymmetric encryption and private key module, symmetric cryptography to module, RSA underlying algorithm module, and RSA underlying algorithm module comprises encrypting module, generates summarization module; Described operation management backstage B comprises the decryption verification module.
Optionally, in the PKI and private key module of asymmetric encryption, key is provided PKI then to being encapsulated in after creating in the KeyPair class.
Optionally, the key of symmetric cryptography to module in, use the 3DES algorithm, generate the DES key, provide the key that generates DES again.
Optionally, when providing the DES key, use the RSA PKI that the DES key is encrypted earlier, operating procedure is:
Generate the DES key;
Encrypt with the other side RSA PKI;
Provide encrypted DES key.
Technique scheme as can be seen, the present invention has following beneficial effect:
The method that the inventive method has taked public key cryptography to combine with symmetric cryptosystem; promptly with fireballing symmetric encipherment algorithm data are encrypted earlier; and then the higher public key encryption algorithm of safety in utilization carries out method of encrypting to symmetric key; make like this and guaranteed speed on the one hand; guaranteed fail safe on the other hand; satisfied the demand of the Zhi Fuyu of digital home clearing, guaranteed fail safe based on the relevant information of digital home's integrated service card.
Description of drawings
In order to be illustrated more clearly in the embodiment of the invention or technical scheme of the prior art, to do to introduce simply to the accompanying drawing of required use in embodiment or the description of the Prior Art below, apparently, accompanying drawing in describing below only is some embodiments of the present invention, for those of ordinary skills, under the prerequisite of not paying creative work, can also obtain other accompanying drawing according to these accompanying drawings.
Fig. 1 is the logic module schematic diagram that the present invention uses;
Fig. 2 is the encryption flow figure of integrated service card information encryption method of the present invention.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the invention, the technical scheme in the embodiment of the invention is clearly and completely described, obviously, described embodiment only is the present invention's part embodiment, rather than whole embodiment.Based on the embodiment among the present invention, those of ordinary skills belong to the scope of protection of the invention not making all other embodiment that obtained under the creative work prerequisite.
The invention provides a kind of integrated service card information encryption method, can satisfy the demand of the Zhi Fuyu of digital home clearing, guarantee fail safe based on the relevant information of digital home's integrated service card based on digital home.
The inventive method considers that public key cryptography speed is fast but fail safe is lower, asymmetric encryption techniques is the slow but higher characteristics of fail safe of speed then, therefore consider advantage in conjunction with two kinds of cryptographic algorithm, remedy shortcoming each other, the method of having taked public key cryptography to combine with symmetric cryptosystem, promptly with fireballing symmetric encipherment algorithm data are encrypted earlier, and then the higher public key encryption algorithm of safety in utilization carries out method of encrypting to symmetric key.The method that this public key cryptography combines with symmetric cryptosystem has guaranteed speed on the one hand, has guaranteed fail safe on the other hand.
Below from aspects such as logical construction and encryption flow the inventive method is elaborated respectively.
Be the logic module schematic diagram that the present invention uses as shown in Figure 1;
(1) the main thought of this information ciphering method is to realize confidentiality digital signature to any file comprising 4 modules as shown in the figure by JAVA encryption function storehouse: the key that is arranged on the PKI of asymmetric encryption of transmitting terminal and private key module, symmetric cryptography is to module, RSA underlying algorithm module; Be arranged on the decryption verification module of receiving terminal.Here the transmitting terminal of saying mainly is meant the integrated service card.
(2) in the PKI and private key module of asymmetric encryption, because providing, the KeyPairGenerator class of Java creates the right method of key, key is to being encapsulated in after creating in the KeyPair class.Provide PKI then.This module is mainly called java class automatically by system and is realized.
(3) the key of symmetric cryptography to module in, use the 3DES algorithm, generate the DES key, provide the key that generates DES again.When providing the DES key, use the RSA PKI that the DES key is encrypted earlier.Its operating procedure is:
Generate the DES key->with the other side RSA PKI encrypt->the encrypted DES key of granting.
(4) be divided into encrypting module, deciphering module, generation summarization module totally three modules in the RSA underlying algorithm module, encrypting module is mainly used in file encryption, and wherein the decryption activity that deciphering module carried out is the inverse process of encrypting module.In RSA underlying algorithm module, mainly contain three steps
A) at first use the RSA private key to encrypt:
Wherein use integer to carry out cryptographic calculation, in the RSA PKI, comprised PKI e and mould n, for cryptographic calculation formula c=m^e mod n expressly.Concrete execution in step is:
Obtain the PKI parameter that the other side produces (e, n)--→ select plaintext m--of own transmission → utilize class BigInteger to carry out the generation of ciphertext---→ send to the other side.
B) use the RSA private key to be decrypted:
This process is the inverse operation of ciphering process, operating procedure:
Read ciphertext-->take from oneself the private key parameter (d, n)-->use same class BigInteger be decrypted computing--->be converted to the form of corresponding character string.
C) signer uses MD5 that raw information is generated summary, uses own RSA private key signature, and signature and original plaintext link use the DES key to encrypt together, and ciphertext is transferred to the other side.Its operating procedure is:
Use MD5 generate the original plaintext summary->utilize own RSA private key signature summary->with DES secret key encryption summary and original plaintext->send ciphertext
(5) decryption verification module
Receiving terminal is arranged on receiving terminal, and this module is used for receiving terminal and is decrypted, and certifying signature mainly compares by the MD5 value that generates.Its operating procedure is:
Read by the key of RSA public key encryption->utilize own RSA private key to be decrypted to obtain key->with DES secret key decryption summary and original plaintext->use MD5 to generate original plaintext to make a summary->utilize transmit leg RSA PKI to verify.
The inventive method has been used symmetric cryptosystem earlier, and the symmetric cryptosystem characteristics are that encryption key and decruption key are same key.The content that to be transmit leg need send with secret key encryption is to the recipient, and the recipient needs go deciphering with same key, and transmit leg and recipient need know key in advance.
The inventive method is in the process of using symmetric cryptosystem, used public key cryptography simultaneously, the topmost characteristics of public key algorithm are that the algorithm of encryption key and decruption key needs different, the algorithm of conservative solution decryption key and algorithm that can public encipherment key, be that transmit leg is encrypted sending content with public-key cryptography, then the recipient needs to be decrypted with private key.
The present invention has not only guaranteed its fail safe by adopting this method, has guaranteed its speed again.
Its encryption flow is the following stated:
(1) set a transmit leg A and recipient B, the RSA key of each self-generating of A and B both sides oneself is right; A, B issue the other side with the PKI of middle generation respectively;
(2) transmit leg A is with the DES key of the RSA public key encryption oneself of B generation, and this DES key is sent to recipient B;
(3) the transmit leg A file that will send with the DES secret key encryption that generates; It is the MD5 value that transmit leg A obtains this document summary with the MD5 algorithm; Transmit leg A encrypts the MD5 value that generates with the RSA private key that (1) generates, and forms the final encrypt file and the MD5 value of encryption;
(4) transmit leg A sends to recipient B with the encryption MD5 value of final encrypt file and generation.
Specifically as shown in Figure 2, Fig. 2 is the encryption flow figure of integrated service card information encryption method of the present invention;
(1) setting the user side A of digital home need carry out the exchange of information with operation management background end B, as query-related information or carry out associative operation.Setting a digital domestic consumer, to hold A be that transmit leg, operation management backstage are recipient B, and the RSA key of each self-generating of A and B both sides oneself is right, shown in flow process 1; Here the user side A of digital home that says mainly refers to integrated service card A.
(2) digital home's user side A and operation management backstage B issue the other side with the PKI of the RSA key centering of generation in (1) respectively, shown in flow process 2;
(3) digital home's user side A is that transmit leg generates a DES key, and the DES key of RSA public key encryption oneself generation of sending with operation management backstage B, shown in flow process 3, and this DES key is sent to operation management backstage B;
(4) digital home's user side A is the file that transmit leg will send with the DES secret key encryption that generates in (3).Shown in flow process 4;
(5) to be transmit leg obtain this document summary with the MD5 algorithm to digital home's user side A is the MD5 value, shown in flow process 5;
(6) digital home's user side A is that transmit leg is encrypted the MD5 value that (5) generate with the RSA private key that (1) generates, and forms the final encrypt file and the MD5 value of encryption, shown in flow process 6;
(7) to send to receiving terminal be operation management backstage B to digital home's user side A encryption MD5 value that to be transmit leg produce final encrypt file and (6), shown in flow process 7;
(8) operation management background end is the DES secret key decryption original that recipient B sends with the user side A of digital home, again the signature file of making a summary with the RSA PKI reduction MD5 value of transmit leg A.If identical, illustrate that then this document is authentic and valid and sends from A really, shown in flow process 8.
Technique scheme as can be seen, the present invention has following beneficial effect:
The method that the inventive method has taked public key cryptography to combine with symmetric cryptosystem; promptly with fireballing symmetric encipherment algorithm data are encrypted earlier; and then the higher public key encryption algorithm of safety in utilization carries out method of encrypting to symmetric key; make like this and guaranteed speed on the one hand; guaranteed fail safe on the other hand; satisfied the demand of the Zhi Fuyu of digital home clearing, guaranteed fail safe based on the relevant information of digital home's integrated service card.
More than to a kind of integrated service card information encryption method that the embodiment of the invention provided based on digital home, be described in detail, used specific case herein principle of the present invention and execution mode are set forth, the explanation of above embodiment just is used for helping to understand method of the present invention and core concept thereof; Simultaneously, for one of ordinary skill in the art, according to thought of the present invention, the part that all can change in specific embodiments and applications, in sum, this description should not be construed as limitation of the present invention.
Claims (5)
1. integrated service card information encryption method based on digital home is characterized in that:
The RSA key of the user side A of digital home and each self-generating of B of operation management backstage oneself is right, and described digital home user side is the integrated service card;
The PKI of the RSA key centering that user side A of digital home and operation management backstage B will produce is respectively issued the other side;
The user side A of digital home generates a DES key, and the DES key that generates of the RSA public key encryption oneself that sends with operation management backstage B, and this DES key is sent to operation management backstage B;
The file that the user side A of digital home will send with the DES secret key encryption that generates;
The user side A of digital home obtains this document summary MD5 value with the MD5 algorithm;
The user side A of digital home encrypts the MD5 value with the RSA private key that generates, and forms the final encrypt file and the MD5 value of encryption;
The user side A of digital home sends to operation management backstage B with the encryption MD5 value of final encrypt file and generation;
The DES secret key decryption original that operation management backstage B sends with the user side A of digital home, use the signature file of the RSA PKI reduction MD5 value summary of the user side A of digital home again, if identical, illustrate that then this document is authentic and valid and is to send from the user side A of digital home really.
2. the integrated service card information encryption method based on digital home according to claim 1 is characterized in that:
The described user side A of digital home comprises the key of the PKI of asymmetric encryption and private key module, symmetric cryptography to module, RSA underlying algorithm module, and RSA underlying algorithm module comprises encrypting module, generates summarization module;
Described operation management backstage B comprises the decryption verification module.
3. the integrated service card information encryption method based on digital home according to claim 1 and 2 is characterized in that:
In the PKI and private key module of asymmetric encryption, key is provided PKI then to being encapsulated in after creating in the KeyPair class.
4. the integrated service card information encryption method based on digital home according to claim 1 and 2 is characterized in that:
The key of symmetric cryptography to module in, use the 3DES algorithm, generate the DES key, provide the key that generates DES again.
5. the integrated service card information encryption method based on digital home according to claim 4 is characterized in that:
When providing the DES key, use the RSA PKI that the DES key is encrypted earlier, operating procedure is:
Generate the DES key;
Encrypt with the other side RSA PKI;
Provide encrypted DES key.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2011100809760A CN102185691A (en) | 2011-03-31 | 2011-03-31 | Method for encrypting information of comprehensive service card based on digital home |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2011100809760A CN102185691A (en) | 2011-03-31 | 2011-03-31 | Method for encrypting information of comprehensive service card based on digital home |
Publications (1)
Publication Number | Publication Date |
---|---|
CN102185691A true CN102185691A (en) | 2011-09-14 |
Family
ID=44571765
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN2011100809760A Pending CN102185691A (en) | 2011-03-31 | 2011-03-31 | Method for encrypting information of comprehensive service card based on digital home |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN102185691A (en) |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102333093A (en) * | 2011-09-28 | 2012-01-25 | 深圳市赛格导航科技股份有限公司 | Data encryption transmission method and system |
CN103001763A (en) * | 2012-11-23 | 2013-03-27 | 山东电力集团公司 | Encryption method for maintenance of power distribution terminals |
CN105119888A (en) * | 2015-07-10 | 2015-12-02 | 小米科技有限责任公司 | Plug-in installation package uploading method, plug-in installation package installing method and plug-in installation package uploading device |
CN105162607A (en) * | 2015-10-12 | 2015-12-16 | 武汉瑞纳捷电子技术有限公司 | Authentication method and system of payment bill voucher |
CN106686002A (en) * | 2017-02-28 | 2017-05-17 | 北京潘达互娱科技有限公司 | Data transmission and reception methods and device |
CN109257347A (en) * | 2018-09-10 | 2019-01-22 | 中国建设银行股份有限公司 | Communication means and relevant apparatus, storage medium suitable for data interaction between bank |
CN110198295A (en) * | 2018-04-18 | 2019-09-03 | 腾讯科技(深圳)有限公司 | Safety certifying method and device and storage medium |
CN110602058A (en) * | 2019-08-22 | 2019-12-20 | 卓尔智联(武汉)研究院有限公司 | Chip activation device, method and computer readable storage medium |
CN113438238A (en) * | 2021-06-25 | 2021-09-24 | 北京八分量信息科技有限公司 | User information anti-theft automatic alarm system based on decentralization |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1472914A (en) * | 2003-06-27 | 2004-02-04 | 武汉理工大学 | High performance and quick public pin encryption |
CN101262341A (en) * | 2008-02-22 | 2008-09-10 | 北京航空航天大学 | A mixed encryption method in session system |
-
2011
- 2011-03-31 CN CN2011100809760A patent/CN102185691A/en active Pending
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1472914A (en) * | 2003-06-27 | 2004-02-04 | 武汉理工大学 | High performance and quick public pin encryption |
CN101262341A (en) * | 2008-02-22 | 2008-09-10 | 北京航空航天大学 | A mixed encryption method in session system |
Cited By (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102333093A (en) * | 2011-09-28 | 2012-01-25 | 深圳市赛格导航科技股份有限公司 | Data encryption transmission method and system |
CN103001763A (en) * | 2012-11-23 | 2013-03-27 | 山东电力集团公司 | Encryption method for maintenance of power distribution terminals |
CN105119888A (en) * | 2015-07-10 | 2015-12-02 | 小米科技有限责任公司 | Plug-in installation package uploading method, plug-in installation package installing method and plug-in installation package uploading device |
CN105119888B (en) * | 2015-07-10 | 2019-02-12 | 小米科技有限责任公司 | Plug-in unit installation kit method for uploading, installation method and device |
CN105162607A (en) * | 2015-10-12 | 2015-12-16 | 武汉瑞纳捷电子技术有限公司 | Authentication method and system of payment bill voucher |
CN106686002A (en) * | 2017-02-28 | 2017-05-17 | 北京潘达互娱科技有限公司 | Data transmission and reception methods and device |
CN110198295A (en) * | 2018-04-18 | 2019-09-03 | 腾讯科技(深圳)有限公司 | Safety certifying method and device and storage medium |
CN109257347A (en) * | 2018-09-10 | 2019-01-22 | 中国建设银行股份有限公司 | Communication means and relevant apparatus, storage medium suitable for data interaction between bank |
CN110602058A (en) * | 2019-08-22 | 2019-12-20 | 卓尔智联(武汉)研究院有限公司 | Chip activation device, method and computer readable storage medium |
CN110602058B (en) * | 2019-08-22 | 2020-10-30 | 卓尔智联(武汉)研究院有限公司 | Chip activation device, method and computer readable storage medium |
CN113438238A (en) * | 2021-06-25 | 2021-09-24 | 北京八分量信息科技有限公司 | User information anti-theft automatic alarm system based on decentralization |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN102185691A (en) | Method for encrypting information of comprehensive service card based on digital home | |
CN106533656B (en) | A kind of key multilayer mixing method for encryption/decryption based on WSN | |
CN103618610A (en) | Information safety algorithm based on energy information gateway in smart power grid | |
CN104821944A (en) | Hybrid encrypted network data security method and system | |
CN102025505A (en) | Advanced encryption standard (AES) algorithm-based encryption/decryption method and device | |
CN101170404B (en) | Method for secret key configuration based on specified group | |
CN104901935A (en) | Bilateral authentication and data interaction security protection method based on CPK (Combined Public Key Cryptosystem) | |
CN101286849A (en) | Authentication system and method of a third party based on engagement arithmetic | |
CN104901803A (en) | Data interaction safety protection method based on CPK identity authentication technology | |
CN101056176A (en) | End-to-end encryption method and control device for the mobile phone SMS | |
CN102111416A (en) | Real time data encryption transmission method for voice over internet protocol (VoIP) | |
CN103067166A (en) | Grading mixing encryption method and device of intelligent family system | |
CN102088352B (en) | Data encryption transmission method and system for message-oriented middleware | |
CN103167494B (en) | Method for sending information and system | |
CN101931623B (en) | Safety communication method suitable for remote control with limited capability at controlled end | |
CN103179514A (en) | Cell phone safe group-sending method and device for sensitive message | |
CN101562519B (en) | Digital certificate management method of user packet communication network and user terminal for accessing into user packet communication network | |
CN107249002B (en) | Method, system and device for improving safety of intelligent electric energy meter | |
CN102404120A (en) | Encryption method and encryption system for electronic documents | |
CN103023646A (en) | Signcryption method capable of gathering signcryption texts | |
CN102958021A (en) | Short message encryption and decryption communication system and communication method thereof | |
CN101882996A (en) | Information encryption and decryption method in distributed system based on identity | |
CN101515853B (en) | Information terminal and information safety device thereof | |
CN104320249B (en) | A kind of elastoresistance leakage encryption method of identity-based | |
KR101760376B1 (en) | Terminal and method for providing secure messenger service |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
DD01 | Delivery of document by public notice |
Addressee: Shenzhen Research Institute of Sun Yat-Sen University Luo Jieli Document name: Notification of Passing Preliminary Examination of the Application for Invention |
|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C12 | Rejection of a patent application after its publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20110914 |