CN102752270A - Electronic file transfer system, mobile communication device and related deciphering device - Google Patents

Electronic file transfer system, mobile communication device and related deciphering device Download PDF

Info

Publication number
CN102752270A
CN102752270A CN2011101015034A CN201110101503A CN102752270A CN 102752270 A CN102752270 A CN 102752270A CN 2011101015034 A CN2011101015034 A CN 2011101015034A CN 201110101503 A CN201110101503 A CN 201110101503A CN 102752270 A CN102752270 A CN 102752270A
Authority
CN
China
Prior art keywords
mobile communications
communications device
response
challenge responses
file
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN2011101015034A
Other languages
Chinese (zh)
Other versions
CN102752270B (en
Inventor
林岱宏
洪伯岳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
JIEERSI CO Ltd
Original Assignee
JIEERSI CO Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by JIEERSI CO Ltd filed Critical JIEERSI CO Ltd
Priority to CN201110101503.4A priority Critical patent/CN102752270B/en
Publication of CN102752270A publication Critical patent/CN102752270A/en
Application granted granted Critical
Publication of CN102752270B publication Critical patent/CN102752270B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

The invention provides one of embodiments of a mobile communication device, which comprises a wireless communication interface, a challenge response module and a deciphering module. The wireless communication interface is used for receiving an encrypted electronic file and a challenge value. The challenge response module is used for generating a response value according to the challenge value and a challenge response algorithm. The deciphering module is used for deciphering the encrypted electronic file by using the response value. If the challenge response algorithm stored in the challenge response module does not correspond to the encryption flow of the encrypted electronic file, the received encrypted electronic file cannot be deciphered by the deciphering module.

Description

E-document transmission systems, mobile communications device and relevant decryption device
Technical field
The relevant mobile communications device of the present invention refers to that especially a kind of challenge responses module of arranging in pairs or groups carries out the mobile communications device of file decryption function.
Background technology
Along with the progress of science and technology, many information have been changed into the mode of e-file by the mode of sending entity file to be transmitted, and therefore, the information security when guaranteeing the e-file transmission has become instant subject under discussion.For example; When file supplier desire offers the target receiver with e-file; Can not leak for guaranteeing the information in the e-file; The file supplier is normal to encrypt e-file earlier, more encrypted e-file (to call the encrypted electronic file in the following text) is offered the target receiver, and the target receiver is essential to use the specific deciphering gold key could be with the encrypted electronic file decryption and acquired information.
Some file supplier can use the information relevant with the target receiver to come the deciphering gold key as the encrypted electronic file, for example uses identity card font size, birthday, account number number or the mobile phone Men Hao of target receiver to wait as the golden key of deciphering.Yet the third party of malice possibly know the information that the target receiver is relevant and guess out this type of deciphering gold key easily, causes the information of e-file to face the risk of leakage.
Some file supplier is a situation of avoiding above-mentioned deciphering gold key to be guessd out easily, then can use the deciphering gold key irrelevant with the personal information of target receiver, and will decipher golden key and send the target receiver to.Yet, decipher golden key and still possibly in the process of transmission, receive the malice third party's interception, and cause e-file to face the risk of leakage.
In addition, some file supplier can change the golden key of deciphering often in order to promote the degree of safety of information.Yet the flow process of the golden key of periodic replacement deciphering often is quite loaded down with trivial details, has not only increased the complexity of system, and the target receiver must constantly remember or store new deciphering gold key, and the convenience when reducing the target receiver and using.
Summary of the invention
In view of this, how to promote the fail safe of information, and the convenience when increasing the user and operating, be that industry has problem to be solved in fact.
This specification provides a kind of e-document transmission systems, includes: a file generator includes: a database is used to store a plurality of challenge responses algorithms; One processor according to this database of an information searching of a target receiver, with the challenge responses algorithm of decision corresponding to this target receiver, and according to this challenge responses algorithm, produces corresponding a challenging value and a response; One encrypting module is encrypted as an encrypted electronic file according to this response with an e-file; And a communication interface, be used for this encrypted electronic file and this challenging value are sent to a mobile communications device; And this mobile communications device, include: a wireless communication interface is used to receive this encrypted electronic file and this challenging value; One challenge responses module is used to store this challenge responses algorithm, and produces this response according to this challenging value and this challenge responses algorithm; And a deciphering module, be used for this encrypted electronic file being deciphered according to this response.
This specification provides a kind of embodiment that deciphers golden key generation device in addition; Be used to allow a mobile communications device after receiving an encrypted electronic file and a challenging value, to carry out the golden key of a deciphering and produce computing; It is characterized in that this is deciphered golden key generation device and includes: be used to utilize an input interface of this mobile communications device to receive the device of an input value; Be used to utilize a communication interface of this mobile communications device this input value to be sent to the device of a challenge responses module; And be used to utilize this communication interface to receive device corresponding to a response of this input value from this challenge responses module; Wherein if this input value equals this challenging value, then this mobile communications device uses this response to come this encrypted electronic file is deciphered.
This specification also provides a kind of embodiment of decryption device; Be used to allow a mobile communications device after receiving an encrypted electronic file and a challenging value, to carry out a decrypt operation; It is characterized in that this decryption device includes: be used to utilize a communication interface of this mobile communications device this challenging value to be sent to the device of a challenge responses module; Be used to utilize this communication interface to receive device corresponding to a response of this challenging value from this challenge responses module; And a deciphering module that is used to utilize this mobile communications device, come the device that this encrypted electronic file is deciphered with this response.
This specification provides a kind of embodiment of e-file generator again; It includes: be used to determine under a challenge responses algorithm of a target receiver of an e-file; A corresponding each other challenging value and the device of a response, wherein this challenging value differs from this response; Be used to use this response to come this e-file is encrypted to produce the device of an encrypted electronic file; And the device that is used to transmit this encrypted electronic file and this challenging value to accessible one or more device of this target receiver.
This specification provides a kind of embodiment of mobile communications device in addition, includes: wireless communication interface is used for receiving encrypted electronic file and challenging value; The challenge responses module is used for producing response according to challenging value and challenge responses algorithm; And deciphering module, be used for using response to come the encrypted electronic file is deciphered.
This specification provides the embodiment of another kind of decryption device again; After being used to allow a mobile communications device to receive an encrypted electronic file and a challenging value; Carry out a decrypt operation; It is characterized in that this decryption device includes: be used to receive the golden key of a deciphering and produce when instructing, utilize a display interface of this mobile communications device to show challenging value input request; Be used for receiving one first input value through an input interface of this mobile communications device; Be used for if but the external storage device that stores a challenge responses algorithm is inserted this mobile communications device by removal formula ground, and this first input value equals this challenging value, then utilize a display interface of this mobile communications device to show the device of a response; Be used to utilize this input interface to receive the device of one second input value; And be used for if this second input value equals this response, then utilize a deciphering module of this mobile communications device to decipher the device of this encrypted electronic file.
One of advantage of the foregoing description is to promote the fail safe of message transmission.In addition, another advantage of the foregoing description is to let the user operate facility more.
Description of drawings
Fig. 1 is the functional-block diagram after an embodiment of e-document transmission systems of the present invention simplifies.
Fig. 2 provides an embodiment flow chart of method for the performed file of file generator of Fig. 1.
Fig. 3 is the flow chart after first embodiment of the performed file access method of the mobile communications device of Fig. 1 simplifies.
Fig. 4 is the flow chart after second embodiment of the performed file access method of the mobile communications device of Fig. 1 simplifies.
Embodiment
Below will cooperate correlative type that the present invention's embodiment is described.In these are graphic, the identical identical or similar elements of label system expression.
In the middle of specification and follow-up claim, used some vocabulary to censure specific element.Having common knowledge the knowledgeable in the affiliated field should understand, and same element may be called with different nouns.This specification and follow-up claim are not used as distinguishing the mode of element with the difference of title, but the benchmark that is used as distinguishing with the difference of element on function.Be an open term mentioned " comprising " in the middle of specification and the follow-up claim in the whole text, so should be construed to " comprise but be not limited to ... ".
Fig. 1 is the functional-block diagram after the e-document transmission systems 100 of one embodiment of the invention is simplified.E-document transmission systems 100 includes file generator 110, network 130, mobile communications device 150_1~150_K and challenge responses module 170_1~170_K.The built-in function square frame that has only illustrated mobile communications device 150_K among Fig. 1 is with simplified illustration.In addition, mobile communications device 150_1~150_K can adopt identical, similar or different devices respectively with challenge responses module 170_1~170_K.
File generator 110 can be a server, and its owner (to call the file supplier in the following text) can be government, financial institution, hospital, utility company or relevant DPA data processing activity etc.Mobile communications device 150_1~150_K can be mobile phone, panel computer, personal digital assistant or various portable apparatus, and its owner (to call the target receiver in the following text) can be file supplier's client, supplier or affiliate etc.130 on network can be world-wide web, mobile communications network and/or various wired or wireless information transmission media.
File generator 110 can send specific e-file (not illustrating among the figure) to the mobile communications device 150_K of target receiver through network 130.The content of aforesaid e-file can be tax information, Transaction Information, electronic bill, electronic bill, medical record data or other information relevant with individual privacy or secret etc. of target receiver.For preventing that the malice third party from stealing the information in the e-file, file generator 110 can be encrypted to produce the encrypted electronic file e-file earlier, sends the encrypted electronic file to mobile communications device 150_K again.Mobile communications device 150_K receives after the encrypted electronic file, needs that then the encrypted electronic file is deciphered the information that just can appear in the e-file and gives the target user.
Before beginning that the service of e-file transmission is provided, the file supplier can provide each target receiver an exclusive challenge responses module, has a challenge responses algorithm (challenge response algorithm) in the challenge responses module.The target receiver must use the challenge responses module collocation that its mobile communications device and file supplier allot, and just can separate the content of the encrypted electronic file that the open file supplier sends.Aforesaid challenge responses algorithm can adopt various AESs, to produce the corresponding response value according to challenging value.Therefore, when the third party does not know the challenge responses algorithm,, also can't draw response according to this even obtained challenging value.In addition, even the third party has obtained the challenging value and the response of minority, also be difficult to derive the challenge responses algorithm.In the present embodiment, the challenge responses algorithm is set to can not to produce the response with the identical numerical value of challenging value.In another embodiment, the identical numerical value that the response that can the challenge responses algorithm be set to produce part and challenging value have.
On real the work, can select challenging value at random or select challenging value according to specific order, again with selected challenging value according to the challenge responses algorithm to produce response.Perhaps, can adopt the challenging value that repeats according to certain frequency perhaps to adopt the challenging value that can not repeat.
As shown in Figure 1, file generator 110 includes processor 112, database 114, encrypting module 116, reaches communication interface 118.Database 114 can be various forms of storage devices, is used to store AES or target user's data such as information.Many group mobile communications devices and challenge responses module (among Fig. 1 be example with the K group) are arranged in the e-document transmission systems 100, and every group of mobile communications device and challenge responses module belong to a target receiver.Can store the pair relationhip between each target receiver and corresponding challenge responses algorithm in the database 114 of file generator 110.Encrypting module 116 can adopt software, hardware or software to cooperate hardware mode that e-file is encrypted.Communication interface 118 can adopt various wired or wireless communication interfaces, so that file generator 110 is connected to network 130.
Mobile communications device 150_K includes processor 152_K, wireless communication interface 154_K, display interface 156_K, user's input interface 158_K, communication interface 162_K, reaches deciphering module 164_K.Wireless communication interface 154_K can be used to mobile communications device 150_K is connected to network 130.Display interface 156_K is used for information is shown to the user.User's input interface 158_K can be various input units such as keyboard, contactor control device, image input interface, phonetic entry module, is used for letting the user to mobile communications device 150_K input information or assign instruction.Communication interface 162_K can adopt various wired or wireless interfaces to realize; For example memory card interface, 1394 interfaces, universal serial bus (USB) interface or can with user's identity module (subscriber identity module of mobile communications device; SIM) interface etc. of transmission data is to be coupled to challenge responses module 170_K.Deciphering module 164_K can adopt software, hardware or software to cooperate hardware mode that the encrypted electronic file is deciphered.
In the present embodiment, challenge responses module 170_K is the microcircuit with operational capability, can carry out the computing of the challenge responses algorithm of target receiver.For example, challenge responses module 170_K can be the slim circuit board that the file supplier offers the target receiver, is used to be attached at user's identity module of target receiver, and stores the file supplier and specify the challenge responses algorithm to the target receiver.The challenge responses algorithm can produce the response of a correspondence according to a challenging value, and therefore, challenge responses module 170_K can store the challenge responses algorithm and/or store the various corresponding combination of challenging value and response.After user's identity module that the target receiver will post slim circuit board was installed in mobile communications device 150_K, mobile communications device 150_K can access challenge responses module 170_K.
Do in fact, can a plurality of function square frames among the mobile communications device 150_K be merged into single element according to design consideration and realize, perhaps the simple function square frame is realized with a plurality of elements.For example, can display interface 156_K and user's input interface 158_K be integrated into single Touch Screen.
In the e-document transmission systems of Fig. 1, file generator 110 uses response that e-file is encrypted, and target user's mobile communications device 150_K then deciphers the encrypted electronic file according to response.For example, target user's mobile communications device 150_K can use response that the encrypted electronic file is deciphered separately.Perhaps, also can adopt modes such as response collocation password, private key, voice and/or image, the encrypted electronic file is deciphered.Therefore; Even the third party obtains encrypted electronic file and challenging value; But in the time of can't learning response or target user's challenge responses algorithm, the information of the third party in still can't the reading encrypted e-file, and can promote the fail safe of e-file on message transmission.
In one embodiment, the file supplier can be provided with a corresponding challenge responses algorithm for the target receiver, and is stored in the database 114 of file generator 110 and offers among the challenge responses module 170_K of target receiver.File generator 110 uses same challenge responses algorithm with challenge responses module 170_K, and other users or the undelegated third party can not know the details of this challenge responses algorithm.Therefore; When challenging value and the encrypted electronic file that should send mobile communications device 150_K to when file generator 110 misinformated to other users' mobile communications device; Other users' mobile communications device can be because there be the corresponding challenge responses module 170_K computing of can arranging in pairs or groups; Decipher this e-file and can't obtain correct response, can guarantee that by this information in the encrypted electronic file is difficult to read by other people.
In another embodiment, the file supplier can be configured such that several communicators with identical challenge responses algorithm, to reduce the challenge responses algorithm number of required storage in the database 114.In addition, also can be according to design consideration, to the more security protection mechanism of above-mentioned function square frame setting.For example; In one embodiment; The target receiver can be set mobile communications device 150_K; Make anyone all earlier personal status's sign indicating number of the user's identity module among input mobile communications device 150_K (Personal identification number could access challenge responses module 170_K after PIN), can reduce the risk that challenge responses module 170_K is usurped by other undelegated third parties with further.
Below will the arrange in pairs or groups flow chart of Fig. 2 to Fig. 4 further specifies the function mode of the e-document transmission systems 100 among Fig. 1.
Fig. 2 provides the flow chart after an embodiment of method simplifies for Fig. 1 file generator 110 performed files.But the method for file generator 110 execution graphs 2 offers e-file the mobile communications device 150_K of target receiver.
In flow process 210, processor 112 is searched database 114 and is decided the challenge responses algorithm corresponding to the target receiver.Processor 112 can be searched database 114 according to the information of target receiver, with the challenge responses algorithm of decision corresponding to the target receiver.For example, processor 112 can be searched database 114 according to the information such as name, account number, telephone number or e-mail address of target receiver.
In flow process 220, processor 112 produces one group of corresponding challenging value and response according to the pairing challenge responses algorithm of target receiver.In the present embodiment, store the challenge responses algorithm of target receiver in the database 114, processor 112 is according to the challenge responses algorithm and the challenging value of target receiver, to produce the corresponding response value.In another embodiment, store the challenging value that the challenge responses algorithm of based target receiver produced and the combination of response in the database 114, processor 112 can be chosen one group of challenging value and the response of mutual correspondence to carry out subsequent operation.
In flow process 230, as encrypting golden key, and encrypt e-file by the AES of appropriate mix with response for encrypting module 116, to produce the encrypted electronic file.For example, encrypting module 116 can adopt various symmetrical expression AESs or asymmetric AES that e-file is encrypted.
In flow process 240, file generator 110 is through communication interface 118 and network 130, encrypted electronic file and challenging value sent to the mobile communications device 150_K of target receiver.Mobile communications device 150_K challenge responses module capable of using 170_K produces the golden key of deciphering according to challenging value, and the encrypted electronic file is deciphered.In the present embodiment, obtain the response that can be used to decipher for preventing the undelegated third party, file generator 110 can't send response.
In the flow process 240 of an embodiment, encrypted electronic file and challenging value can be placed among single the electronic information, for example, leave among single Email or the multimedia messages.The encrypted electronic file can be the attachment files that this electronic information is carried secretly, and challenging value then can be shown among the file name of title, this paper and/or annex of electronic information, or deposits in another annex of electronic information.In another embodiment, file generator 110 can be deposited in encrypted electronic file and challenging value and send the target receiver in a plurality of electronic information to.
Fig. 3 is the flow chart after an embodiment of the performed file access method of the mobile communications device 150_K among Fig. 1 simplifies.
In flow process 305, mobile communications device 150_K receives the electronic information that includes challenging value and encrypted electronic file through wireless communication interface 154_K.
In flow process 310, processor 152_K utilizes user's input interface 158_K to receive the unlocking electronic information instruction that the user assigns.
In flow process 315, processor 152_K utilizes display interface 156_K to show the document graphical representation or the literal of challenging value and encrypted electronic file.
In flow process 320, processor 152_K utilizes user's input interface 158_K to receive the deciphering gold key generation instruction that the user assigns.Before beginning to decipher the related procedure of golden key generation, processor 152_K can be introduced into 325 couples of users of flow process and carry out the status checking.
In flow process 325, processor 152_K utilizes display interface 156_K to show the picture of user's status checking request earlier.For example; Processor 152_K can utilize display interface 156_K display password input request, phonetic entry request and/or image input request etc. earlier; Require the user import user's identity module personal status's sign indicating number, input user personal voice and/or carry out modes such as finger scan, iris scan, to confirm user's status.
In flow process 330, utilize user's input interface 158_K to receive the information that the user imports, with checking user's status.When verifying successfully, represent the user of user for authorizing, promptly get into flow process 340.Work as authentication failed, representing the user is not the user who authorizes, and then gets into flow process 335.
In flow process 335, processor 152_K utilizes display interface 156_K to show the information of status authentication error, and can get back to the flow process that flow process 325 repeats the status checking.
In flow process 340, processor 152_K utilizes display interface 156_K to show challenging value input request, requires the user to import challenging value.In another embodiment, processor 152_K can require the user to import challenging value through voice mode.
In flow process 345, processor 152_K utilizes user's input interface 158_K to receive the input value that the user provides.User's user's input interface capable of using 158_K imports challenging value with modes such as literal, voice and/or images, and the annex of perhaps depositing challenging value in the sub-information of the optional power taking of user is with the mode as the input challenging value.
In flow process 350, processor 152_K utilizes communication interface 162_K to send the input value of receiving in the flow process 345 to challenge responses module 170_K.In the present embodiment, challenge responses module 170_K can be according to the challenge responses algorithm of stored target receiver, and with the input value that received as challenging value, to produce the corresponding response value.
In flow process 355, processor 152_K utilizes communication interface 162_K to receive the response that challenge responses module 170_K is returned.
In flow process 360, processor 152_K utilizes display interface 156_K to show the response that is received from challenge responses module 170_K.The user of mobile communications device 150_K can learn response through display interface 156_K.
In flow process 365, processor 152_K utilizes user's input interface 158_K to receive the decryption instructions that the user assigns, so that the encrypted electronic file is deciphered.The mode of the document graphical representation that for instance, the user can be through clicking the encrypted electronic file is assigned this instruction.Processor 152_K can carry out the decrypt operation of flow process 370~380 according to this instruction.
In flow process 370, processor 152_K utilizes display interface 156_K to show the golden key input of deciphering request, requires the user to import the response that is shown in the flow process 360.
In flow process 375, processor 152_K utilizes user's input interface 158_K to receive the input value that the user provided, and user's user's input interface capable of using 158_K imports with modes such as literal, voice and/or images.
In flow process 380, processor 152_K utilizes deciphering module 164_K, comes the encrypted electronic file is deciphered as the golden key of deciphering with the input value that flow process 375 is received.If successful decryption, processor 152_K can use deciphering module 164_K or other soft or hards/part module to open the content of the e-file of having deciphered.If this e-file includes literal and/or pictorial information, then processor 152_K can use display interface 156_K to show literal and/or pictorial information in the e-file.If the deciphering failure, when the response that input value of for example in flow process 375, receiving and flow process 360 are shown was not inconsistent, processor 152_K display interface 156_K capable of using showed the deciphering failure information.
In other words; If challenge responses module 170_K is attached on user's identity module of mobile communications device 150_K; And processor 152_K equals challenging value in the input value that flow process 345 receives, and then challenge responses module 170_K just can receive challenging value through communication interface 162_K, and the challenge responses algorithm computation of building in the foundation response; And response returned to processor 152_K through communication interface 162_K, make processor 152_K be able to carry out follow-up flow process 360.
Fig. 4 is the flow chart after another embodiment of the performed file access method of the mobile communications device 150_K among Fig. 1 simplifies.Except the flow process identical 305,310,315,325,330,335 with Fig. 3, and 355, Fig. 4 includes flow process 420,450 and 490 in addition.Below only describe to flow process 420,450 and 490.
In flow process 420, processor 152_K utilizes user's input interface 158_K to receive the decryption instructions that the user assigns.For instance, the user can pass through the mode of the document graphical representation of click encrypted electronic file, assigns decryption instructions.Before beginning to carry out the related procedure of decryption instructions, processor 152_K can be introduced into 325 couples of users of flow process and carry out the status checking.
In flow process 450, processor 152_K utilizes communication interface 162_K to send the challenging value in the electronic information to challenge responses module 170_K.Challenge responses module 170_K is according to stored challenge responses algorithm, and with the input value that received as challenging value, to produce the corresponding response value.
In flow process 490, processor 152_K can directly capture the response that challenge responses module 170_K is returned through communication interface 162_K, and utilizes deciphering module 164_K to come the encrypted electronic file is deciphered as the golden key of deciphering with this response.
The programmer can be compiled into computer program with all or part of flow process of Fig. 3 and Fig. 4, and when mobile communications device 150_K carried out this computer program, processor 152_K just can execution graph 3 and all or part of flow process of Fig. 4.For instance, this computer program deciphering gold key that can include flow process 340~360 among Fig. 3 produces the decrypt operation of flow process 450,355 among computing and/or Fig. 4 and 380 etc.
In another embodiment, can adjust the flow process 325 of checking user identity and 330 execution sequence, for example move to before the flow process 305.Thus, processor 152_K can carry out flow process 325 and 330 earlier when mobile communications device 150_K starts shooting, if the user is the user who authorizes, could use mobile communications device 150_K.When beginning the execute file access method after a while, then can not need repeat to verify the flow process of user's identity.
In another embodiment, mobile communications device 150_K can omit the flow process of checking user identity, and directly carries out follow-up flow process.For example, mobile communications device 150_K can omit the flow process 325,330 and 335 among Fig. 3 or Fig. 4, and directly carries out flow process 340 or 450.
On real the work, when processor 152_K can arrive preset number of times (for example 3 times) in the errors number of aforesaid status proving program, the flow process that ends file access program and not proceeding is correlated with.In another embodiment; After processor 152_K can arrive preset number of times in the number of times of status authentication error; File access program, mobile communications device 150_K and/or challenge responses module 170_K etc. are locked, verify through constantly attempting passing through status with the third party who prevents malice.
In aforesaid embodiment explanation, challenge responses module 170_K is the microcircuit with operational capability, can carry out the computing of the challenge responses algorithm of target receiver.This is one embodiment of the invention, but not the actual execution mode of limitation this case.In practical application, the file supplier also can be with the challenge responses algorithm corresponding to the target receiver, be stored in advance mobile communications device 150_K in build in the storage device, or be stored in one independently in the storage device, and offer the target receiver.For example, but the file supplier can the challenge responses algorithm corresponding to the target receiver be stored in memory card, USB storage device or adopt in the storage device of other communication interfaces and offer the target receiver and by the target receiver this outside storage device removal formula ground is inserted among mobile communications device 150_K and use.The file supplier can be designed to this storage device only to read the storage device of type, is altered with the challenge responses algorithm of avoiding its internal memory.In the case, the calculation function of aforementioned challenges respond module 170_K can be replaced by processor 152_K.For example; Processor 152_K can omit aforesaid flow process 350 and 355, and after flow process 345 is received the challenging value that the user provides, reads the challenge responses algorithm that stores among the challenge responses module 170_K; And according to challenging value and challenge responses algorithm generation response, and carry out follow-up flow process.In other words, the challenge responses module 170_K in the previous embodiment is realized by the combination that processor 152_K and file supplier offer the storage device of target receiver.
Note that the part in some the device claim in follow-up claims is corresponding consistent with the operation workflow content of aforesaid computer program.Therefore; These device claims in claims are to be understood that to mainly realizing the functional module group framework of aforementioned solution through the computer program of specification record, and are not to be understood that to be the main entity apparatus of realizing this solution through hardware mode.
Can know that by above stated specification the algorithm of Fig. 3 needs more user to get involved, and need carry out more interactive operation between user and mobile communications device 150_K, can avoid the third party to come far-end to control mobile communications device 150_K through the program of malice.And the file access method among Fig. 4 needs less user to get involved; For example the user does not need to read earlier and imports challenging value again; Also do not need to read earlier to import response again, so the method for Fig. 4 is comparatively easily for the user, and the mistake that can reduce manual operation takes place.Therefore, can adjust user's necessary operations mode according to design consideration.
In above each embodiment; File generator 110 sends in the electronic information of mobile communications device 150_K only can include encrypted electronic file and challenging value; But can not include response, and challenging value also can't be used for directly the encrypted electronic file is deciphered, and has only the challenge responses algorithm of use corresponding to the target receiver; Just there is way to draw correct response, so that the encrypted electronic file is deciphered according to challenging value.And among leaving database 114 in; The pairing challenge responses algorithm of target receiver only can leave among the challenge responses module 170_K; So even the device beyond the mobile communications device 150_K has received aforesaid electronic information; Still can't decipher, and can promote the fail safe of message transmission the encrypted electronic file.
In addition, send mobile communications device 150_K to if file generator 110 has a plurality of e-files to encrypt, file generator 110 can be avoided using identical response to encrypt to different e-files.Thus, so even the third party of malice has obtained a used response, also have only a corresponding e-file to have the risk of leakage, other e-file still can be safe.
And use the slim circuit board of particular design and come to realize respectively the combination of challenge responses module 170_K and mobile communications device 150_K can significantly promote the fail safe of message transmission with user's identity module.For example, slim board design for after being pasted to user's identity module, promptly can't be separated both under the mode that does not undermine slim circuit board.Therefore, though the unwarranted third party stolen slim circuit board and with user's identity module, this unwarranted third party still can't pull down slim circuit board and be pasted to another user's identity module and use.
In addition, the target receiver can be provided with further safety prevention measure to mobile communications device 150_K, for example, sets the personage of personal status's sign indicating number of only knowing user's identity module for, could use challenge responses module 170_K.Therefore, even the malice third party steals or usurp mobile communications device 150_K, still can't draw correct response and come the encrypted electronic file is deciphered.Therefore, several groups of passwords of minority can only remembered and preserve to the target receiver, and the clear crytpographic key of manual replacing e-file that must be not often, thereby can promote user's convenience.
The above is merely the present invention's preferred embodiment, and all equalizations of doing according to claim of the present invention change and modify, and all should belong to the present invention's covering scope.

Claims (15)

1. an e-document transmission systems is characterized in that, includes:
One file generator includes:
One database is used to store a plurality of challenge responses algorithms;
One processor according to this database of an information searching of a target receiver, with the challenge responses algorithm of decision corresponding to this target receiver, and according to this challenge responses algorithm, produces corresponding a challenging value and a response;
One encrypting module is encrypted as an encrypted electronic file according to this response with an e-file; And
One communication interface is used for this encrypted electronic file and this challenging value are sent to a mobile communications device; And
This mobile communications device includes:
One wireless communication interface is used to receive this encrypted electronic file and this challenging value;
One challenge responses module is used to store this challenge responses algorithm, and produces this response according to this challenging value and this challenge responses algorithm; And
One deciphering module is used for according to this response this encrypted electronic file being deciphered.
2. the golden key generation device of deciphering is used to allow a mobile communications device after receiving an encrypted electronic file and a challenging value, to carry out the golden key of a deciphering and produces computing, it is characterized in that this is deciphered golden key generation device and includes:
Be used to utilize an input interface of this mobile communications device to receive the device of an input value;
Be used to utilize a communication interface of this mobile communications device this input value to be sent to the device of a challenge responses module; And
Be used to utilize this communication interface to receive device corresponding to a response of this input value from this challenge responses module;
Wherein if this input value equals this challenging value, then this mobile communications device uses this response to come this encrypted electronic file is deciphered.
3. the golden key generation device of deciphering as claimed in claim 2 is characterized in that, this is deciphered golden key generation device and includes in addition:
Be used for user's one first input value and a preset literal, preset voice and a preset image one of them is compared at least, with the device of user's status of verifying this mobile communications device.
4. the golden key generation device of deciphering as claimed in claim 3 is characterized in that, this is deciphered golden key generation device and includes:
Be used to utilize a display interface of this mobile communications device to show the device that password input is asked;
Be used to utilize this input interface to receive the device of an input password; And
Be used to judge whether this input password equals the device of a preset password.
5. the golden key generation device of deciphering as claimed in claim 4 is characterized in that, this preset password is the personal status's sign indicating number that is installed on the user's identity module card in this mobile communications device.
6. a decryption device is used to allow a mobile communications device after receiving an encrypted electronic file and a challenging value, to carry out a decrypt operation, it is characterized in that this decryption device includes:
Be used to utilize a communication interface of this mobile communications device this challenging value to be sent to the device of a challenge responses module;
Be used to utilize this communication interface to receive device corresponding to a response of this challenging value from this challenge responses module; And
Be used to utilize a deciphering module of this mobile communications device, come the device that this encrypted electronic file is deciphered with this response.
7. decryption device as claimed in claim 6 is characterized in that, this decryption device includes in addition:
Be used for user's one first input value and a preset literal, preset voice and a preset image one of them is compared at least, with the device of user's status of verifying this mobile communications device.
8. decryption device as claimed in claim 7 is characterized in that, this decryption device includes:
Be used to utilize a display interface of this mobile communications device to show the device that password input is asked;
Be used to utilize this input interface to receive the device of an input password; And
Be used to judge whether this input password equals the device of a preset password.
9. decryption device as claimed in claim 8 is characterized in that, this preset password is the personal status's sign indicating number that is installed on the user's identity module card in this mobile communications device.
10. e-file generator, it includes:
Be used to determine under a challenge responses algorithm of a target receiver of an e-file, a corresponding each other challenging value and the device of a response, wherein this challenging value differs from this response;
Be used to use this response to come this e-file is encrypted to produce the device of an encrypted electronic file; And
Be used to transmit the device of this encrypted electronic file and this challenging value to accessible one or more device of this target receiver.
11. e-file generator as claimed in claim 10 is characterized in that, this e-file generator includes:
Be used to use the information of this target receiver to search a database to determine the device of this challenge responses algorithm, wherein this data-base recording has the pair relationhip between a plurality of receivers and a plurality of challenge responses algorithm.
12. a mobile communications device is characterized in that, includes:
One wireless communication interface is used for receiving an encrypted electronic file and a challenging value;
One challenge responses module is used for producing a response according to this challenging value and a challenge responses algorithm; And
One deciphering module is used for using this response to come this encrypted electronic file is deciphered.
13. mobile communications device as claimed in claim 12 is characterized in that, this challenge responses module is the storage device that is attached on the subscriber identify module card of this mobile communications device, and has this challenge responses algorithm.
14. mobile communications device as claimed in claim 13 is characterized in that, this storage device is a circuit board.
15. a decryption device, be used to allow a mobile communications device to receive an encrypted electronic file and a challenging value after, carry out a decrypt operation, it is characterized in that this decryption device includes:
Be used to receive the golden key of a deciphering and produce when instructing, utilize a display interface of this mobile communications device to show challenging value input request;
Be used for receiving one first input value through an input interface of this mobile communications device;
Be used for if but the external storage device that stores a challenge responses algorithm is inserted this mobile communications device by removal formula ground, and this first input value equals this challenging value, then utilize a display interface of this mobile communications device to show the device of a response;
Be used to utilize this input interface to receive the device of one second input value; And
Be used for if this second input value equals this response, then utilize a deciphering module of this mobile communications device to decipher the device of this encrypted electronic file.
CN201110101503.4A 2011-04-22 2011-04-22 E-document transmission systems, mobile communications device and relevant decryption device Expired - Fee Related CN102752270B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201110101503.4A CN102752270B (en) 2011-04-22 2011-04-22 E-document transmission systems, mobile communications device and relevant decryption device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201110101503.4A CN102752270B (en) 2011-04-22 2011-04-22 E-document transmission systems, mobile communications device and relevant decryption device

Publications (2)

Publication Number Publication Date
CN102752270A true CN102752270A (en) 2012-10-24
CN102752270B CN102752270B (en) 2015-11-11

Family

ID=47032171

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201110101503.4A Expired - Fee Related CN102752270B (en) 2011-04-22 2011-04-22 E-document transmission systems, mobile communications device and relevant decryption device

Country Status (1)

Country Link
CN (1) CN102752270B (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1503504A (en) * 2002-10-31 2004-06-09 ���µ�����ҵ��ʽ���� Communication device, communication system, and cryptographic algorithm selection method
CN101123495A (en) * 2007-09-07 2008-02-13 农革 A data encryption, decryption system and method
CN101147377A (en) * 2005-02-04 2008-03-19 高通股份有限公司 Secure bootstrapping for wireless communications
CN101281495A (en) * 2007-04-02 2008-10-08 北京华旗资讯数码科技有限公司 Method for ciphering file using movable storage apparatus
US20100332841A1 (en) * 2009-06-24 2010-12-30 Vierfire Software Ltd. Authentication Method and System
US20110277030A1 (en) * 2010-05-04 2011-11-10 Synaptics Incorporated System and method for authentication of input devices

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1503504A (en) * 2002-10-31 2004-06-09 ���µ�����ҵ��ʽ���� Communication device, communication system, and cryptographic algorithm selection method
CN101147377A (en) * 2005-02-04 2008-03-19 高通股份有限公司 Secure bootstrapping for wireless communications
CN101281495A (en) * 2007-04-02 2008-10-08 北京华旗资讯数码科技有限公司 Method for ciphering file using movable storage apparatus
CN101123495A (en) * 2007-09-07 2008-02-13 农革 A data encryption, decryption system and method
US20100332841A1 (en) * 2009-06-24 2010-12-30 Vierfire Software Ltd. Authentication Method and System
US20110277030A1 (en) * 2010-05-04 2011-11-10 Synaptics Incorporated System and method for authentication of input devices

Also Published As

Publication number Publication date
CN102752270B (en) 2015-11-11

Similar Documents

Publication Publication Date Title
US10380361B2 (en) Secure transaction method from a non-secure terminal
US20190260747A1 (en) Securing a transaction performed from a non-secure terminal
EP3257194B1 (en) Systems and methods for securely managing biometric data
US8661254B1 (en) Authentication of a client using a mobile device and an optical link
CN107273736B (en) Cipher-code input method, device, computer equipment and storage medium
CN103380592A (en) Method, server and system for authentication of a person
CN112636914B (en) Identity verification method, identity verification device and smart card
CN102801724A (en) Identity authentication method combining graphic image with dynamic password
US20100005519A1 (en) System and method for authenticating one-time virtual secret information
JP2010011109A (en) Authentication unit, authentication terminal, authentication system, authentication method, and program
JP7124988B2 (en) AUTHENTICATION SERVER, AUTHENTICATION SYSTEM, AUTHENTICATION SERVER CONTROL METHOD AND PROGRAM
JP7375918B2 (en) Authentication server, authentication system, authentication server control method and program
US7715560B2 (en) Systems and methods for hiding a data group
TWI428752B (en) Electronic file delivering system, portable communication apparatus with decryption functionality, and related computer program product
CN102752270B (en) E-document transmission systems, mobile communications device and relevant decryption device
US11394545B2 (en) Communication system, server device, user device, method, and computer program
US20200084035A1 (en) Transmission and reception system, transmission device, reception device, method, and computer program
JP2006302116A (en) Authentication system, authentication server, terminal device, authentication method and program
US20220278974A1 (en) System, device and methods for secure exchange of text messages
KR101247521B1 (en) Security apparatus for mobile device
CN206672135U (en) A kind of Quick Response Code generates display device
CN106506148A (en) A kind of date storage method based on mobile fingerprint
Fujita et al. Design and Implementation of a multi-factor web authentication system with MyNumberCard and WebUSB
Jubur On the Security and Usability of New Paradigms of Web Authentication
CN114531236A (en) Key processing method and device and electronic equipment

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20151111

CF01 Termination of patent right due to non-payment of annual fee