CN102752270B - E-document transmission systems, mobile communications device and relevant decryption device - Google Patents
E-document transmission systems, mobile communications device and relevant decryption device Download PDFInfo
- Publication number
- CN102752270B CN102752270B CN201110101503.4A CN201110101503A CN102752270B CN 102752270 B CN102752270 B CN 102752270B CN 201110101503 A CN201110101503 A CN 201110101503A CN 102752270 B CN102752270 B CN 102752270B
- Authority
- CN
- China
- Prior art keywords
- mobile communications
- communications device
- challenge responses
- file
- response
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000010295 mobile communication Methods 0.000 title claims abstract description 93
- 230000005540 biological transmission Effects 0.000 title claims description 16
- 230000004044 response Effects 0.000 claims abstract description 171
- 238000004422 calculation algorithm Methods 0.000 claims abstract description 61
- 238000004891 communication Methods 0.000 claims abstract description 29
- 238000000034 method Methods 0.000 claims description 73
- PCHJSUWPFVWCPO-UHFFFAOYSA-N gold Chemical compound [Au] PCHJSUWPFVWCPO-UHFFFAOYSA-N 0.000 claims description 13
- 239000010931 gold Substances 0.000 claims description 13
- 229910052737 gold Inorganic materials 0.000 claims description 13
- 230000008569 process Effects 0.000 description 59
- 230000000875 corresponding effect Effects 0.000 description 19
- 230000006870 function Effects 0.000 description 7
- 238000004590 computer program Methods 0.000 description 5
- 230000008901 benefit Effects 0.000 description 2
- 230000008859 change Effects 0.000 description 2
- 230000002596 correlated effect Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 1
- 238000000151 deposition Methods 0.000 description 1
- 230000004069 differentiation Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 239000011159 matrix material Substances 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000000737 periodic effect Effects 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 230000001737 promoting effect Effects 0.000 description 1
Landscapes
- Storage Device Security (AREA)
Abstract
One of embodiment of the mobile communications device that the present invention proposes, includes wireless communication interface, challenge responses module and deciphering module.Wireless communication interface is used for receiving encrypted electronic file and challenging value.Challenge responses module is used for producing response according to challenging value and challenge responses algorithm.Deciphering module is used for using response to be decrypted encrypted electronic file.If the challenge responses algorithm stored in this challenge responses module not corresponds to the encryption flow of this encrypted electronic file, this deciphering module just cannot decipher received encrypted electronic file.
Description
Technical field
The relevant mobile communications device of the present invention, espespecially a kind of challenge responses module of arranging in pairs or groups carries out the mobile communications device of file decryption function.
Background technology
Along with the progress of science and technology, much information has been changed into by the mode of sending entity file to be transmitted in the mode of e-file, therefore, guarantees that information security when e-file transmits has become instant subject under discussion.Such as, when file provider is for being supplied to target receiver by e-file, for guaranteeing that the information in e-file can not be leaked, e-file is often first encrypted by file provider, again encrypted e-file (hereinafter referred to as encrypted electronic file) is supplied to target receiver, target receiver must use specific deciphering golden key encrypted electronic file decryption could be obtained information.
Some file provider can use the information relevant to the target receiver next gold of the deciphering as encrypted electronic file key, such as, use the identity card font size of target receiver, birthday, account number number or mobile phone Men Hao etc. to come as the golden key of deciphering.But, malice the third party may know the information that target receiver is correlated with and guess out easily this type of deciphering gold key, cause the information of e-file to face the risk of leakage.
Some file provider avoids above-mentioned deciphering gold key by the situation guessd out easily, then can use the deciphering gold key irrelevant with the personal information of target receiver, and send golden for deciphering key to target receiver.But, decipher the interception that golden key still may be subject to the malice third party in the process of transmission, and cause e-file to face the risk of leakage.
In addition, some file provider, in order to promote the degree of safety of information, can change the golden key of deciphering often.But the flow process of the golden key of periodic replacement deciphering is often quite loaded down with trivial details, not only adds the complexity of system, and new deciphering gold key must constantly be remembered or store to target receiver, and reduce convenience when target receiver uses.
Summary of the invention
In view of this, how promoting the fail safe of information, and increase convenience when user operates, is that industry has problem to be solved in fact.
Present description provides a kind of e-document transmission systems, include: a file generator, includes: a database, for storing a plurality of challenge responses algorithm; One processor, according to this database of an information searching of a target receiver, to determine the challenge responses algorithm corresponding to this target receiver, and according to this challenge responses algorithm, produces a corresponding challenging value and a response; One encrypting module, is encrypted as an encrypted electronic file according to this response by an e-file; And a communication interface, for this encrypted electronic file and this challenging value are sent to a mobile communications device; And this mobile communications device, include: a wireless communication interface, for receiving this encrypted electronic file and this challenging value; One challenge responses module, for storing this challenge responses algorithm, and produces this response according to this challenging value and this challenge responses algorithm; And a deciphering module, for being decrypted this encrypted electronic file according to this response.
This specification separately provides a kind of embodiment of deciphering golden key generation device, after receiving an encrypted electronic file and a challenging value, perform one for allowing a mobile communications device to decipher golden key and produce computing, it is characterized in that, this deciphering gold key generation device includes: for the device utilizing an input interface of this mobile communications device to receive an input value; For the device utilizing a communication interface of this mobile communications device this input value to be sent to a challenge responses module; And for utilizing this communication interface to receive the device of the response corresponding to this input value from this challenge responses module; If wherein this input value equals this challenging value, then this mobile communications device uses this response to be decrypted this encrypted electronic file.
This specification additionally provides a kind of embodiment of decryption device, after receiving an encrypted electronic file and a challenging value, a decrypt operation is performed for allowing a mobile communications device, it is characterized in that, this decryption device includes: for the device utilizing a communication interface of this mobile communications device this challenging value to be sent to a challenge responses module; The device of the response corresponding to this challenging value is received from this challenge responses module for utilizing this communication interface; And for utilizing a deciphering module of this mobile communications device, the device this encrypted electronic file is decrypted with this response.
This specification further provides a kind of embodiment of e-file generator, it includes: for determining under a challenge responses algorithm of a target receiver of an e-file, one challenging value of mutual correspondence and the device of a response, wherein this challenging value differs from this response; For the device using this response to be encrypted to produce an encrypted electronic file to this e-file; And for transmitting this encrypted electronic file and this challenging value device to this target receiver one or more device accessible.
This specification separately provides a kind of embodiment of mobile communications device, includes: wireless communication interface, is used for receiving encrypted electronic file and challenging value; Challenge responses module, is used for producing response according to challenging value and challenge responses algorithm; And deciphering module, be used for using response to be decrypted encrypted electronic file.
This specification further provides the embodiment of another kind of decryption device, after receiving an encrypted electronic file and a challenging value for allowing a mobile communications device, perform a decrypt operation, it is characterized in that, this decryption device includes: during for receiving a deciphering gold key generation instruction, utilize a display interface of this mobile communications device to show a challenging value input request; One first input value is received for the input interface by this mobile communications device; If can be inserted this mobile communications device to removal formula for the external storage device storing a challenge responses algorithm, and this first input value equals this challenging value, then utilize a display interface of this mobile communications device to show the device of a response; For utilizing this input interface to receive the device of one second input value; And if equal this response for this second input value, then utilize a deciphering module of this mobile communications device to decipher the device of this encrypted electronic file.
One of advantage of above-described embodiment is the fail safe that can promote information transmission.In addition, to be to allow user operate more convenient for another advantage of above-described embodiment.
Accompanying drawing explanation
Fig. 1 is the functional-block diagram after an embodiment of e-document transmission systems of the present invention simplifies.
One embodiment flow chart of the file providing method performed by file generator that Fig. 2 is Fig. 1.
Flow chart after first embodiment simplification of the file access method of Fig. 3 performed by the mobile communications device of Fig. 1.
Flow chart after second embodiment simplification of the file access method of Fig. 4 performed by the mobile communications device of Fig. 1.
Embodiment
Below cooperation correlative type is illustrated the embodiment of the present invention.In these are graphic, identical label system represents same or similar element.
Some vocabulary is employed to censure specific element in the middle of specification and follow-up claim.Person with usual knowledge in their respective areas should understand, and same element may be called with different nouns.This specification and follow-up claim are not used as the mode of distinguish one element from another with the difference of title, but are used as the benchmark of differentiation with element difference functionally." comprising " mentioned in the middle of specification and follow-up claim is in the whole text an open term, therefore should be construed to " comprise but be not limited to ... ".
Fig. 1 is the functional-block diagram after the e-document transmission systems 100 of one embodiment of the invention simplifies.E-document transmission systems 100 includes file generator 110, network 130, mobile communications device 150_1 ~ 150_K and challenge responses module 170_1 ~ 170_K.The built-in function square frame of mobile communications device 150_K is only depicted with simplified illustration in Fig. 1.In addition, mobile communications device 150_1 ~ 150_K and challenge responses module 170_1 ~ 170_K can adopt identical, similar or different devices respectively.
File generator 110 can be server, and its owner (hereinafter referred to as file provider) can be government, financial institution, hospital, utility company or relevant DPA data processing activity etc.Mobile communications device 150_1 ~ 150_K can be mobile phone, panel computer, personal digital assistant or various portable apparatus, and its owner (hereinafter referred to as target receiver) can be client, the supplier or affiliate etc. of file provider.130, network can be world-wide web, mobile communications network and/or various wired or wireless information transmission media.
Specific e-file (not illustrating in figure) can be sent to the mobile communications device 150_K of target receiver by file generator 110 by network 130.The content of aforesaid e-file can be the information etc. that the tax information of target receiver, Transaction Information, electronic bill, electronic bill, medical record data or other and individual privacy or secret are relevant.For preventing the maliciously third party from stealing the information in e-file, file generator 110 can first be encrypted to produce encrypted electronic file to e-file, then by encrypted electronic document backup to mobile communications device 150_K.After mobile communications device 150_K receives encrypted electronic file, then need to be decrypted encrypted electronic file just can present information in e-file to target user.
Before starting the service providing e-file to transmit, the challenge responses module that file provider can provide each target receiver one exclusive, has a challenge responses algorithm (challengeresponsealgorithm) in challenge responses module.The challenge responses module that its mobile communications device and file provider are allotted must be arranged in pairs or groups and be used by target receiver, just can untie the content of the encrypted electronic file that file provider sends.Aforesaid challenge responses algorithm can adopt various cryptographic algorithm, to produce corresponding response according to challenging value.Therefore, when the third party does not know challenge responses algorithm, even if achieve challenging value, also response cannot be drawn according to this.In addition, even if the third party achieves challenging value and the response of minority, be also difficult to derive challenge responses algorithm.In the present embodiment, challenge responses algorithm is set to the response that can not produce numerical value identical with challenging value.In another embodiment, the identical numerical value that the response that challenge responses algorithm can be set to meeting generating portion has with challenging value.
In implementation, can Stochastic choice challenging value or select challenging value according to specific order, then by selected challenging value according to challenge responses algorithm to produce response.Or, the challenging value that challenging value or employing according to certain frequency repetition can not repeat can be adopted.
As shown in Figure 1, file generator 110 includes processor 112, database 114, encrypting module 116 and communication interface 118.Database 114 can be various forms of storage device, for storing the data such as the information of cryptographic algorithm or target user.Have many group mobile communications devices and challenge responses module (for K group in Fig. 1) in e-document transmission systems 100, often group mobile communications device and challenge responses module belong to a target receiver.The pair relationhip between each target receiver with corresponding challenge responses algorithm can be stored in the database 114 of file generator 110.Encrypting module 116 can adopt software, hardware or software to coordinate the mode of hardware to be encrypted e-file.Communication interface 118 can adopt various wired or wireless communication interface, so that file generator 110 is connected to network 130.
Mobile communications device 150_K includes processor 152_K, wireless communication interface 154_K, display interface 156_K, user's input interface 158_K, communication interface 162_K and deciphering module 164_K.Wireless communication interface 154_K can be used to mobile communications device 150_K to be connected to network 130.Display interface 156_K is used for information displaying to user.User's input interface 158_K can be the various input units such as keyboard, contactor control device, image input interface, phonetic entry module, is used for allowing user input information to mobile communications device 150_K or to assign instruction.Communication interface 162_K can adopt various wired or wireless interface to realize, such as memory card interface, 1394 interfaces, universal serial bus (USB) interface or can with user's identity module (subscriberidentitymodule of mobile communications device, SIM) interface etc. of data is transmitted, to be coupled to challenge responses module 170_K.Deciphering module 164_K can adopt software, hardware or software to coordinate the mode of hardware to be decrypted encrypted electronic file.
In the present embodiment, challenge responses module 170_K is the microcircuit with operational capability, the computing of the challenge responses algorithm of energy performance objective receiver.Such as, challenge responses module 170_K can be the thin circuit board that file provider is supplied to target receiver, for being attached at user's identity module of target receiver, and stores the challenge responses algorithm that file provider is assigned to target receiver.Challenge responses algorithm can produce the response of a correspondence according to a challenging value, therefore, challenge responses module 170_K can store challenge responses algorithm and/or store the various correspondence combinations of challenging value and response.After the user's identity module posting thin circuit board is installed in mobile communications device 150_K by target receiver, mobile communications device 150_K can access challenge responses module 170_K.
Do in fact, the multiple function square frames in mobile communications device 150_K can be merged into single element to realize according to design consideration, or simple function square frame is realized with multiple element.Such as, display interface 156_K and user's input interface 158_K can be integrated into single Touch Screen.
In the e-document transmission systems of Fig. 1, file generator 110 uses response to encrypt e-file, and the mobile communications device 150_K of target user is then decrypted encrypted electronic file according to response.Such as, the mobile communications device 150_K of the target user response that can be used alone is decrypted encrypted electronic file.Or, also can adopt the modes such as response collocation password, private key, voice and/or image, encrypted electronic file is decrypted.Therefore, even if the third party obtains encrypted electronic file and challenging value, but when cannot learn the challenge responses algorithm of response or target user, the third party still cannot read the information in encrypted electronic file, and can promote the fail safe of e-file in information transmission.
In one embodiment, file provider can arrange the challenge responses algorithm of a correspondence for target receiver, and among the database 114 being stored in file generator 110 and the challenge responses module 170_K being supplied to target receiver.File generator 110 and challenge responses module 170_K use same challenge responses algorithm, and other users or the undelegated third party can not know the details of this challenge responses algorithm.Therefore, when file generator 110 should send the mobile communications device that the challenging value of mobile communications device 150_K and encrypted electronic file misinformate to other users to, the mobile communications device of other users can because do not have corresponding challenge responses module 170_K can to arrange in pairs or groups computing, and correct response cannot be obtained to decipher this e-file, the information can guaranteeing in encrypted electronic file to be by this difficult to read by other people.
In another embodiment, several communicator can be configured such that with identical challenge responses algorithm by file provider, to reduce the required challenge responses algorithm number stored in database 114.In addition, also according to design consideration, more Security mechanisms can be set to above-mentioned function square frame.Such as, in one embodiment, target receiver can set mobile communications device 150_K, make anyone all first must input personal status's code (Personalidentificationnumber of the user's identity module in mobile communications device 150_K, PIN) challenge responses module 170_K could be accessed after, so that the risk that challenge responses module 170_K is usurped by other undelegated third parties can be reduced further.
Below by the flow chart of collocation Fig. 2 to Fig. 4, further illustrate the function mode of the e-document transmission systems 100 in Fig. 1.
Flow chart after one embodiment simplification of the file providing method of Fig. 2 performed by Fig. 1 file generator 110.File generator 110 can perform the method for Fig. 2, e-file is supplied to the mobile communications device 150_K of target receiver.
In flow process 210, the challenge responses algorithm that database 114 decides to correspond to target receiver searched by processor 112.Processor 112 can search database 114 according to the information of target receiver, to determine the challenge responses algorithm corresponding to target receiver.Such as, processor 112 can search database 114 according to information such as the name of target receiver, account number, telephone number or e-mail addresses.
In flow process 220, processor 112, according to the challenge responses algorithm corresponding to target receiver, produces one group of corresponding challenging value and response.In the present embodiment, in database 114, store the challenge responses algorithm of target receiver, processor 112 according to the challenge responses algorithm of target receiver and challenging value, to produce corresponding response.In another embodiment, the combination of the challenging value that the challenge responses algorithm storing based target receiver in database 114 produces and response, processor 112 can choose one group of mutually corresponding challenging value and response to carry out follow-up computing.
In flow process 230, encrypting module 116 is using response as the golden key of encryption, and the cryptographic algorithm of appropriate mix is encrypted e-file, to produce encrypted electronic file.Such as, encrypting module 116 can adopt various symmetry encryption algorithm or unsymmetrical tridiagonal matrix algorithm to be encrypted e-file.
In flow process 240, encrypted electronic file and challenging value, by communication interface 118 and network 130, are sent to the mobile communications device 150_K of target receiver by file generator 110.Mobile communications device 150_K can utilize challenge responses module 170_K to produce the golden key of deciphering according to challenging value, and is decrypted by encrypted electronic file.In the present embodiment, can be used to the response of deciphering for preventing the undelegated third party from obtaining, response can't send by file generator 110.
In the flow process 240 of an embodiment, encrypted electronic file and challenging value can be placed among single electronic information, such as, leave among single Email or multimedia messages.Encrypted electronic file can be the attachment files of this electronic information entrained with, challenging value then can be shown in electronic information title, herein and/or among the file name of annex, or to deposit in another annex of electronic information.In another embodiment, encrypted electronic file and challenging value can be deposited in multiple electronic information and send target receiver to by file generator 110.
Flow chart after one embodiment simplification of the file access method of Fig. 3 performed by the mobile communications device 150_K in Fig. 1.
In flow process 305, mobile communications device 150_K contains the electronic information of challenging value and encrypted electronic file by wireless communication interface 154_K receiving package.
In flow process 310, processor 152_K utilizes user's input interface 158_K to the instruction of the unlocking electronic information receiving user and assign.
In flow process 315, processor 152_K utilizes display interface 156_K to show document graphical representation or the word of challenging value and encrypted electronic file.
In flow process 320, the deciphering gold key generation instruction that processor 152_K utilizes user's input interface 158_K to assign to receive user.Before starting to be decrypted the related procedure that golden key produces, processor 152_K can be introduced into flow process 325 couples of users and carry out status checking.
In flow process 325, processor 152_K first utilizes display interface 156_K to show the picture of user's status checking request.Such as, processor 152_K can first utilize display interface 156_K to show Password Input request, phonetic entry request and/or image input request etc., require that user inputs personal status's code of user's identity module, the personal voice of input user and/or carries out the mode such as finger scan, iris scan, to confirm the status of user.
In flow process 330, utilize the information that user's input interface 158_K inputs to receive user, with the status of authentication of user.When being proved to be successful, representing user for the user authorized, namely entering flow process 340.Work as authentication failed, representing user is not the user authorized, then enter flow process 335.
In flow process 335, processor 152_K utilizes display interface 156_K to show the information of status authentication error, and can get back to the flow process that flow process 325 repeats status checking.
In flow process 340, processor 152_K utilizes display interface 156_K to show challenging value input request, requires that user inputs challenging value.In another embodiment, by voice mode, processor 152_K requires that user inputs challenging value.
In flow process 345, the input value that processor 152_K utilizes user's input interface 158_K to provide to receive user.User can utilize user's input interface 158_K to input challenging value in modes such as word, voice and/or images, or the optional annex of depositing challenging value got in electronic information of user is in the mode as input challenging value.
In flow process 350, processor 152_K utilizes communication interface 162_K to send the input value received in flow process 345 to challenge responses module 170_K.In the present embodiment, challenge responses module 170_K can according to the challenge responses algorithm of stored target receiver, and using received input value as challenging value, to produce corresponding response.
In flow process 355, the response that processor 152_K utilizes communication interface 162_K to return to receive challenge responses module 170_K.
In flow process 360, processor 152_K utilizes display interface 156_K to show the response being received from challenge responses module 170_K.The user of mobile communications device 150_K learns response by display interface 156_K.
In flow process 365, the decryption instructions that processor 152_K utilizes user's input interface 158_K to assign to receive user, to be decrypted encrypted electronic file.For example, user assigns this instruction by the mode of the document graphical representation clicking encrypted electronic file.Processor 152_K can carry out the decrypt operation of flow process 370 ~ 380 according to this instruction.
In flow process 370, processor 152_K utilizes display interface 156_K to show the golden key input request of deciphering, requires that user inputs response shown in flow process 360.
In flow process 375, the input value that processor 152_K utilizes user's input interface 158_K reception user to provide, user can utilize user's input interface 158_K to input in modes such as word, voice and/or images.
In flow process 380, processor 152_K utilizes deciphering module 164_K, is decrypted using the input value that flow process 375 receives as the golden key of deciphering to encrypted electronic file.If successful decryption, processor 152_K can use deciphering module 164_K or other soft or hards/part module to open the content of the e-file deciphered.If this e-file includes word and/or pictorial information, then processor 152_K can use display interface 156_K to show word in e-file and/or pictorial information.If decipher unsuccessfully, such as, when the input value received in flow process 375 and the response shown by flow process 360 are not inconsistent, processor 152_K can utilize display interface 156_K to show deciphering failure information.
In other words, if challenge responses module 170_K is attached in user's identity module of mobile communications device 150_K, and the input value that processor 152_K receives in flow process 345 equals challenging value, then challenge responses module 170_K just receives challenging value by communication interface 162_K, and calculate response according to built-in challenge responses algorithm, and response is returned to processor 152_K by communication interface 162_K, make processor 152_K be carried out follow-up flow process 360.
Flow chart after another embodiment simplification of the file access method of Fig. 4 performed by the mobile communications device 150_K in Fig. 1.Except the flow process 305,310,315,325,330,335 and 355 identical with Fig. 3, Fig. 4 separately includes flow process 420,450 and 490.Below be only described for flow process 420,450 and 490.
In flow process 420, the decryption instructions that processor 152_K utilizes user's input interface 158_K to assign to receive user.For example, user, by clicking the mode of the document graphical representation of encrypted electronic file, assigns decryption instructions.Before starting to be decrypted the related procedure of instruction, processor 152_K can be introduced into flow process 325 couples of users and carry out status checking.
In flow process 450, processor 152_K utilizes communication interface 162_K to send the challenging value in electronic information to challenge responses module 170_K.Challenge responses module 170_K according to stored challenge responses algorithm, and using received input value as challenging value, to produce corresponding response.
In flow process 490, processor 152_K directly can capture the response that challenge responses module 170_K is returned by communication interface 162_K, and utilizes deciphering module 164_K to be decrypted encrypted electronic file using this response as the golden key of deciphering.
The all or part of flow process of Fig. 3 and Fig. 4 can be compiled into computer program by programmer, and when mobile communications device 150_K performs this computer program, processor 152_K just can perform all or part of flow process of Fig. 3 and Fig. 4.For example, the deciphering gold key that this computer program can include flow process 340 ~ 360 in Fig. 3 produces the decrypt operation etc. of flow process 450,355 and 380 in computing and/or Fig. 4.
In another embodiment, the execution sequence of the flow process 325 and 330 of authentication of user identity can be adjusted, such as, before moving to flow process 305.Thus, processor 152_K first can perform flow process 325 and 330 when mobile communications device 150_K starts shooting, if user is the user authorized, could use mobile communications device 150_K.When starting execute file access method after a while, then can not need the flow process repeating authentication of user identity.
In another embodiment, mobile communications device 150_K can omit the flow process of authentication of user identity, and directly carries out follow-up flow process.Such as, mobile communications device 150_K can omit the flow process 325,330 and 335 in Fig. 3 or Fig. 4, and directly performs flow process 340 or 450.
In implementation, processor 152_K can when the errors number of aforesaid status proving program arrives number of times (such as 3 times) preset, the flow process that ends file access program and not proceeding is correlated with.In another embodiment, processor 152_K can after the number of times of status authentication error arrives the number of times preset, file access program, mobile communications device 150_K and/or challenge responses module 170_K etc. being locked, being verified by status by constantly attempting to prevent the third party of malice.
In aforesaid embodiment illustrates, challenge responses module 170_K is the microcircuit with operational capability, the computing of the challenge responses algorithm of energy performance objective receiver.This is one embodiment of the invention, but not the actual execution mode of limitation this case.In practical application, file provider also by corresponding to the challenge responses algorithm of target receiver, can be stored in the internal storage device of mobile communications device 150_K in advance, or is stored in one independently in storage device, and is supplied to target receiver.Such as, file provider can be stored in memory card, USB storage device by corresponding to the challenge responses algorithm of target receiver or adopt in the storage device of other communication interfaces and be supplied to target receiver and can be inserted in mobile communications device 150_K to removal formula by this external storage device by target receiver and use.This storage device can be designed to the storage device only reading type by file provider, is altered to avoid the challenge responses algorithm of its internal memory.In the case, the calculation function of aforementioned challenges respond module 170_K can be replaced by processor 152_K.Such as, aforesaid flow process 350 and 355 can be omitted by processor 152_K, and after flow process 345 receives the challenging value that user provides, reads the challenge responses algorithm stored in challenge responses module 170_K, and produce response according to challenging value and challenge responses algorithm, and carry out follow-up flow process.In other words, the challenge responses module 170_K in previous embodiment is that the combination being supplied to the storage device of target receiver by processor 152_K and file provider realizes in the present embodiment.
Note that the part in some the device claim in following claims is corresponding consistent with the operation workflow content of aforesaid computer program.Therefore, the computer program that these device claims in claims should be understood to record mainly through specification realizes the functional module group framework of foregoing solutions, and not should be understood to the entity apparatus realizing this solution mainly through hardware mode.
From aforementioned explanation, the algorithm of Fig. 3 needs more user to get involved, and needs to carry out more interactive operation between user and mobile communications device 150_K, and the third party can be avoided to carry out far-end manipulation mobile communications device 150_K by the program of malice.And the file access method in Fig. 4 needs less user to get involved, such as user does not need first to read and inputs challenging value again, also do not need first to read to input response again, therefore the method for Fig. 4 is advantageously for user, and the mistake that can reduce manual operation occurs.Therefore, the mode of operation required for user can be adjusted according to design consideration.
In above each embodiment, file generator 110 sends in the electronic information of mobile communications device 150_K only can include encrypted electronic file and challenging value, but can not response be included, and challenging value also cannot directly be used for being decrypted encrypted electronic file, only has the challenge responses algorithm using and correspond to target receiver, way is just had to draw correct response, to be decrypted encrypted electronic file according to challenging value.And except leaving in except among database 114, challenge responses algorithm corresponding to target receiver only can leave among challenge responses module 170_K, even if therefore the device beyond mobile communications device 150_K have received aforesaid electronic information, still cannot be decrypted encrypted electronic file, and the fail safe of information transmission can be promoted.
In addition, if file generator 110 has multiple e-file to need encryption to send mobile communications device 150_K to, file generator 110 can be avoided using identical response to be encrypted to different e-files.Thus, even if therefore malice the third party achieve a used response, also only have a corresponding e-file to have the risk of leakage, other e-file can be still safe.
And use the thin circuit board of particular design and realize the combination of challenge responses module 170_K and mobile communications device 150_K respectively with user's identity module, significantly can promote the fail safe of information transmission.Such as, thin circuit board is designed to after being pasted to user's identity module, namely under the mode not undermining thin circuit board, both cannot be separated.Therefore, though the unwarranted third party stolen thin circuit board and with user's identity module, this unwarranted third party still cannot pull down thin circuit board and is pasted to another user's identity module and uses.
In addition, target receiver can arrange further safety prevention measure to mobile communications device 150_K, such as, is set to the personage of the personal status's code only knowing user's identity module, could uses challenge responses module 170_K.Therefore, even if the malice third party steals or usurp mobile communications device 150_K, still cannot show that correct response is decrypted encrypted electronic file.Therefore, several groups of passwords of minority can only be remembered and preserve to target receiver, and must the clear crytpographic key of manual replacing e-file often, thus can promote the convenience of user.
The foregoing is only the preferred embodiment of the present invention, all equalizations done according to the present patent application the scope of the claims change and modify, and all should belong to the covering scope of the present invention.
Claims (8)
1. an e-document transmission systems, is characterized in that, includes:
One file generator, includes:
One database, for storing a plurality of challenge responses algorithm;
One processor, according to this database of an information searching of a target receiver, to determine the challenge responses algorithm corresponding to this target receiver, and according to this challenge responses algorithm, produces a corresponding challenging value and a response;
One encrypting module, is encrypted as an encrypted electronic file according to this response by an e-file; And
One communication interface, for being sent to a mobile communications device by this encrypted electronic file and this challenging value; And
This mobile communications device, includes:
One wireless communication interface, for receiving this encrypted electronic file and this challenging value;
One challenge responses module, for storing this challenge responses algorithm, and produces this response according to this challenging value and this challenge responses algorithm; And
One deciphering module, for being decrypted this encrypted electronic file according to this response.
2. decipher a golden key generation device, performing one and deciphering golden key and produce computing, it is characterized in that for allowing a mobile communications device after receiving an encrypted electronic file and a challenging value, the golden key generation device of this deciphering includes:
For the device utilizing an input interface of this mobile communications device to receive an input value;
For the device utilizing a communication interface of this mobile communications device this input value to be sent to a challenge responses module; And
The device of the response corresponding to this input value is received from this challenge responses module for utilizing this communication interface;
If wherein this input value equals this challenging value, then this mobile communications device uses this response to be decrypted this encrypted electronic file.
3. the golden key generation device of deciphering as claimed in claim 2, is characterized in that, this deciphering gold key generation device separately includes:
For by one first input value of user and one preset word, one preset voice and one preset image at least one of them is compared, to verify the device of user's status of this mobile communications device.
4. the golden key generation device of deciphering as claimed in claim 3, is characterized in that, this deciphering gold key generation device includes:
For the device utilizing a display interface of this mobile communications device to show a Password Input request;
For the device utilizing this input interface to receive an input password; And
For judging whether this input password equals the device of a preset password.
5. the golden key generation device of deciphering as claimed in claim 4, it is characterized in that, this preset password is personal status's code of the user's identity module card be installed in this mobile communications device.
6. an e-file generator, it includes:
For determining under a challenge responses algorithm of a target receiver of an e-file, a mutually corresponding challenging value and the device of a response, wherein this challenging value differs from this response;
For the device using this response to be encrypted to produce an encrypted electronic file to this e-file;
For transmitting this encrypted electronic file and this challenging value device to this target receiver one or more device accessible; And
For using the information of this target receiver to search a database to determine the device of this challenge responses algorithm, wherein this data-base recording has the pair relationhip between a plurality of receiver and a plurality of challenge responses algorithm.
7. a decryption device, after receiving an encrypted electronic file and a challenging value for allowing a mobile communications device, perform a decrypt operation, it is characterized in that, this decryption device includes:
During for receiving a deciphering gold key generation instruction, a display interface of this mobile communications device is utilized to show the device of a challenging value input request;
For being received the device of one first input value by an input interface of this mobile communications device;
If can be inserted this mobile communications device to removal formula for the external storage device storing a challenge responses algorithm, and this first input value equals this challenging value, then utilize a display interface of this mobile communications device to show the device of a response;
For utilizing this input interface to receive the device of one second input value; And
If equal this response for this second input value, then utilize a deciphering module of this mobile communications device to decipher the device of this encrypted electronic file.
8. a decryption method, after receiving an encrypted electronic file and a challenging value for allowing a mobile communications device, perform a decrypt operation, it is characterized in that, this decryption method includes:
When receiving a deciphering gold key generation instruction, a display interface of this mobile communications device is utilized to show a challenging value input request;
One first input value is received by an input interface of this mobile communications device;
If the external storage device storing a challenge responses algorithm can be inserted this mobile communications device to removal formula, and this first input value equals this challenging value, then utilize a display interface of this mobile communications device to show a response;
Utilize this input interface to receive the device of one second input value; And
If this second input value equals this response, then utilize a deciphering module of this mobile communications device to decipher this encrypted electronic file.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110101503.4A CN102752270B (en) | 2011-04-22 | 2011-04-22 | E-document transmission systems, mobile communications device and relevant decryption device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110101503.4A CN102752270B (en) | 2011-04-22 | 2011-04-22 | E-document transmission systems, mobile communications device and relevant decryption device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102752270A CN102752270A (en) | 2012-10-24 |
| CN102752270B true CN102752270B (en) | 2015-11-11 |
Family
ID=47032171
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110101503.4A Expired - Fee Related CN102752270B (en) | 2011-04-22 | 2011-04-22 | E-document transmission systems, mobile communications device and relevant decryption device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102752270B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1503504A (en) * | 2002-10-31 | 2004-06-09 | ���µ�����ҵ��ʽ���� | Communication device, communication system, and cryptographic algorithm selection method |
| CN101123495A (en) * | 2007-09-07 | 2008-02-13 | 农革 | A data encryption, decryption system and method |
| CN101147377A (en) * | 2005-02-04 | 2008-03-19 | 高通股份有限公司 | Secure bootstrapping for wireless communications |
| CN101281495A (en) * | 2007-04-02 | 2008-10-08 | 北京华旗资讯数码科技有限公司 | Method for ciphering file using movable storage apparatus |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| GB0910897D0 (en) * | 2009-06-24 | 2009-08-05 | Vierfire Software Ltd | Authentication method and system |
| US8458788B2 (en) * | 2010-05-04 | 2013-06-04 | Synaptics Incorporated | System and method for authentication of input devices |
-
2011
- 2011-04-22 CN CN201110101503.4A patent/CN102752270B/en not_active Expired - Fee Related
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1503504A (en) * | 2002-10-31 | 2004-06-09 | ���µ�����ҵ��ʽ���� | Communication device, communication system, and cryptographic algorithm selection method |
| CN101147377A (en) * | 2005-02-04 | 2008-03-19 | 高通股份有限公司 | Secure bootstrapping for wireless communications |
| CN101281495A (en) * | 2007-04-02 | 2008-10-08 | 北京华旗资讯数码科技有限公司 | Method for ciphering file using movable storage apparatus |
| CN101123495A (en) * | 2007-09-07 | 2008-02-13 | 农革 | A data encryption, decryption system and method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102752270A (en) | 2012-10-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10380361B2 (en) | Secure transaction method from a non-secure terminal | |
| US20220353085A1 (en) | Secure distributed information system for public device authentication | |
| US8485438B2 (en) | Mobile computing device authentication using scannable images | |
| CN101300808B (en) | Method and arrangement for secure autentication | |
| CN101815091A (en) | Cipher providing equipment, cipher authentication system and cipher authentication method | |
| AU2016217549A1 (en) | Systems and methods for securely managing biometric data | |
| CN110417750A (en) | File based on block chain technology is read and method, terminal device and the storage medium of storage | |
| CN114070614B (en) | Identity authentication method, apparatus, device, storage medium and computer program product | |
| CN106060073B (en) | Channel key machinery of consultation | |
| CN106101150A (en) | The method and system of AES | |
| US20100005519A1 (en) | System and method for authenticating one-time virtual secret information | |
| JP2010011109A (en) | Authentication unit, authentication terminal, authentication system, authentication method, and program | |
| US9336376B2 (en) | Multi-touch methods and devices | |
| CN109302442A (en) | A kind of data storage method of proof and relevant device | |
| CN109740319A (en) | Digital identity verification method and server | |
| US7715560B2 (en) | Systems and methods for hiding a data group | |
| CN112636914B (en) | Identity verification method, identity verification device and smart card | |
| CN201717885U (en) | Code providing equipment and code identification system | |
| TWI428752B (en) | Electronic file delivering system, portable communication apparatus with decryption functionality, and related computer program product | |
| CN105072136B (en) | A kind of equipment room safety certifying method and system based on virtual drive | |
| CN114389802B (en) | Information decryption method and device, electronic equipment and readable storage medium | |
| CN102752270B (en) | E-document transmission systems, mobile communications device and relevant decryption device | |
| US11394545B2 (en) | Communication system, server device, user device, method, and computer program | |
| US20200084035A1 (en) | Transmission and reception system, transmission device, reception device, method, and computer program | |
| CN110176997A (en) | Based on unsymmetrical key pond to and digital signature quantum communications service station AKA cryptographic key negotiation method and system, computer equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20151111 |