CN102843356A - Controllable exchange method for symmetric key-encrypted file - Google Patents
Controllable exchange method for symmetric key-encrypted file Download PDFInfo
- Publication number
- CN102843356A CN102843356A CN2012102390671A CN201210239067A CN102843356A CN 102843356 A CN102843356 A CN 102843356A CN 2012102390671 A CN2012102390671 A CN 2012102390671A CN 201210239067 A CN201210239067 A CN 201210239067A CN 102843356 A CN102843356 A CN 102843356A
- Authority
- CN
- China
- Prior art keywords
- file
- server
- transmission
- send
- examining
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Information Transfer Between Computers (AREA)
- Storage Device Security (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a controllable exchange method for a symmetric key-encrypted file. The controllable exchange method comprises the following steps of: A) establishing user information at a file encryption server, wherein the information comprises private keys of all users, and the server comprises a file encryption and decryption unit, a file transceiving unit and a message transceiving unit; B) using the server to send a sending request sent by a client to a related examination and approval end for examination and approval according to the sending request sent by the client; C) using the examination and approval end to judge whether the sending request is agreed or not after examination and approval information is received, and automatically sending the examination and approval result back to the server; and D) using the server to judge whether sending is performed or not according to the examination and approval result after the examination and approval result is received. According to the controllable exchange method for the symmetric key-encrypted file, disclosed by the invention, the whole transmission can be ensured in an encrypted safety domain, the divulgence in file transmission can be prevented, and safety, controllability and convenience in exchange of the symmetric key-encrypted file can be realized.
Description
Technical field
The present invention relates to the computer file ciphering field, relate in particular to a kind ofly be specially adapted to enterprises and institutions' internal file encipherment protection, and transmission and the exchange of encrypt file under controllable condition.
Background technology
Along with the continuous development of IT application in enterprises and E-Government, increasing application system is used in people's the routine work and life.Various important informations have all adopted electronic form to store, and computer documents is exactly a most important information carrier.Lot of data all can be gathered, handles, exports and stored to each application system, so these units are faced with multiple challenge in file management side.In order to guarantee safety, confidential document is encrypted in a large number is stored in the computer, but the file after encrypting is because the privatization meeting of key causes encrypt file aspect sharing, to bring inconvenience.
Existing AES is divided into two types: symmetric key encryption algorithm and asymmetric-key encryption algorithm.Symmetric key algorithm adopts identical key that data are carried out encryption and decryption, is widely used in the encryption of local file because of its advantages of simplicity and high efficiency characteristic.Because the use of symmetric key has limited the propagation of key, so the file that adopts symmetric key algorithm to encrypt can not directly be shared between computer; Asymmetric key algorithm adopts key that (PKI and private key) come encrypt and decrypt documents, because of the opening of its PKI makes that the exchange of encrypt file is very convenient.For example the party A-subscriber will issue the party B-subscriber to file, only need encrypt with party B-subscriber's PKI, and the file after the encryption has only with party B-subscriber's private key and could decipher.The party A-subscriber also can encrypt (signature) to file with the private key of oneself simultaneously, and the party B-subscriber verifies the signature of file with party A-subscriber's PKI.If but local file also adopt asymmetric key algorithm to carry out encrypting and decrypting can be too loaded down with trivial details and complicated, such encryption system efficient can be not high yet.
In sum, symmetric key algorithm is fit to the encryption of local storage, and asymmetric key algorithm is applicable to the data encryption in the exchange.
Summary of the invention
The object of the present invention is to provide a kind of switching method of convenient, safe symmetric key encryption algorithm file, solve controlled the exchangeing problem of using the symmetric encipherment algorithm encrypt file between computer and the computer.The present invention adopts the controlled switching method of symmetric key algorithm encrypt file, is to improve the controlled mutual and outer new technology of sending of controllable pair of enterprises and institutions' internal file safety under the new situation.
For realizing above-mentioned purpose, the present invention adopts following technical scheme:
A kind of controlled switching method of symmetric key encryption file comprises the steps:
A) set up user profile at the file encryption server, these information comprise whole users' private cipher key; Described server include file encryption/decryption element, transmitting/receiving file unit, information receiving and transmitting unit;
B) server is according to the transmission request of transmitting terminal transmission, and the transmission request that server sends transmitting terminal sends to the relevant end of examining and examines;
C) examine to terminate to and judge whether behind the approval information to agree, and will examine the result and beam back server automatically;
D) after server is received approval information, judge whether to send according to examining the result.
Further: the result that examines described step D) comprises agreement transmission and refusal transmission, agrees that wherein transmission comprises inner transmission of agreement local area network (LAN) and/or the outside transmission of wide area network.
Further: if the person of examining agrees to send and to be that LAN is inner send, will be with the transmission file process of sender's secret key encryption then, and send it to receiving terminal then with the reception file of recipient's secret key encryption by the key conversion; If the person of examining agrees to send and be outside the transmission, then use transmitting terminal secret key decryption file, send expressly to outer net; If not, then transmission is examined refuse information to transmitting terminal.
Further: said server one by one or the transmission request that transmitting terminal is sent in batches send to the relevant end of examining and examine, examine end and will examine the result and beam back server one by one or in batches automatically; Server sends to a plurality of recipients with a file, perhaps once sends a plurality of files and gives the recipient.
Further: said server sends approval information and to examining end and transmission file and the message concrete grammar to receiving terminal is:
I. server at first with the transmitting terminal file with examining end key replacement, together send to encrypt file and information and examine end, the approver can determine whether ratify through self secret key decryption file viewing files content.
II. server sends to the file of receiving terminal, if inner transmission will use the receiving terminal key to replace, then encrypt file and notification message is sent together.If outside the transmission then uses transmitting terminal secret key decryption file to send cleartext information.
The controlled switching method of symmetric key encryption file of the present invention; Key is transmitting terminal or examines end file that receive or intermediate transport all is ciphertext, all depends on the exchange files server, has guaranteed in the whole security domain that is transmitted in an encryption; Prevented divulging a secret of file transfer; Solved the safety of symmetric key encryption exchange files, controlled, convenience.
Description of drawings
Fig. 1 is the controlled switching system structural representation of symmetric key encryption file of the present invention.
Embodiment
Below in conjunction with accompanying drawing and specific embodiment the present invention is explained further details.
Shown in Figure 1 is the controlled switching system of a symmetrical secret key encryption file; Comprise client, server, file exchange program, sensitive document, transmitting-receiving instrument, examine end, receiving terminal etc.; Can and examine end and wait the composition local area network (LAN) plurality of client end and receiving terminal and server; Also can client and receiving terminal be passed through the Internet UNICOM, form a wide area network.Its workflow is:
User side (comprising sender, recipient and the person of examining) at first server registration with obtain individual's (symmetry) key, and use the local sensitive document of this secret key encryption.
2. transmitting terminal uses the transmission instrument will use the local sensitive information of personal key encryption to send to receiving terminal (like ⑴ among the figure).
3. server will be the file with the person's of examining secret key encryption with the file conversion that the sender encrypts through the interchange key technology, and transmit and examine solicited message to examining end (like ⑵ among the figure).
4. examine end and can open file with own key and check, and judge whether to agree that transmitting terminal sends to receiving terminal (like ⑶ among the figure) with this document.
5. examine after the result send information to server, server is according to examining the further processing encrypted file of result.
6., then use recipient's key change key, and encrypt file and message are together sent to receiving terminal if the person of examining agrees to send and sends like ⑷ among the figure for inner; If agree to send and be outside the transmission, then use the transmitting terminal secret key decryption, send expressly to outer net (like ⑹ in scheming); Refusal then sends refuse information to transmitting terminal (like ⑸ among the figure).
Server can be one by one or the transmission request that transmitting terminal is sent in batches send to the relevant end of examining and examine, examine end and will examine the result and beam back server one by one or in batches automatically; Server sends to a plurality of recipients with a file, perhaps once sends a plurality of files and gives the recipient.
Server sends approval information:
I. server at first with the transmitting terminal file with examining end key replacement, together send to encrypt file and information and examine end, the approver can determine whether ratify through self secret key decryption file viewing files content.
II. server sends to the file of receiving terminal, if inner transmission will use the receiving terminal key to replace, then encrypt file and notification message is sent together.If outside the transmission then uses transmitting terminal secret key decryption file to send cleartext information.
More than the controlled switching method of a kind of symmetric key encryption file that invention is provided carried out concrete elaboration, and combine specific embodiment explain, but the above most preferred embodiment of introducing of just inventing can not limit practical range of the present invention with this.Those skilled in the art are done according to the present invention in the present technique field slight change or improvement all should belong to the scope that patent of the present invention contains.
Claims (5)
1. the controlled switching method of a symmetric key encryption file comprises the steps:
A) set up user profile at the file encryption server, these information comprise whole users' private cipher key; Described server include file encryption/decryption element, transmitting/receiving file unit, information receiving and transmitting unit;
B) server is according to the transmission request of client transmission, and the transmission request that server sends client sends to the relevant end of examining and examines;
C) examine to terminate to and judge whether behind the approval information to agree, and will examine the result and beam back server automatically;
D) after server is received approval information, judge whether to send according to examining the result.
2. the controlled switching method of symmetric key encryption file as claimed in claim 1; It is characterized in that: the result that examines described step D) comprises agreement transmission and refusal transmission, agrees that wherein transmission comprises inner transmission of agreement local area network (LAN) and/or the outside transmission of wide area network.
3. the controlled switching method of symmetric key encryption file as claimed in claim 2; It is characterized in that: if the person of examining agrees to send and to be that LAN is inner send; To be with the transmission file process of sender's secret key encryption then, send it to receiving terminal then with the reception file of recipient's secret key encryption by the key conversion; If the person of examining agrees to send and be outside the transmission, then use sender's secret key decryption file, send expressly to outer net; If not, then transmission is examined refuse information to transmitting terminal.
4. the controlled switching method of symmetric key encryption file as claimed in claim 3; It is characterized in that: said server one by one or the transmission request that client is sent in batches send to the relevant end of examining and examine, examine end and will examine the result and beam back server one by one or in batches automatically; Server sends to a plurality of recipients with a file, perhaps once sends a plurality of files and gives the recipient.
5. the controlled switching method of symmetric key encryption file as claimed in claim 4 is characterized in that: said server sends approval information and to examining end and transmission file and the message concrete grammar to receiving terminal is:
I. server at first with the transmitting terminal file with examining end key replacement, together send to encrypt file and information and examine end, the approver can determine whether ratify through self secret key decryption file viewing files content.
II. server sends to the file of receiving terminal, if inner transmission will use the receiving terminal key to replace, then encrypt file and notification message is sent together.If outside the transmission then uses transmitting terminal secret key decryption file to send cleartext information.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210239067.1A CN102843356B (en) | 2012-07-11 | 2012-07-11 | Controllable exchange method for symmetric key-encrypted file |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210239067.1A CN102843356B (en) | 2012-07-11 | 2012-07-11 | Controllable exchange method for symmetric key-encrypted file |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102843356A true CN102843356A (en) | 2012-12-26 |
| CN102843356B CN102843356B (en) | 2015-05-13 |
Family
ID=47370417
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210239067.1A Active CN102843356B (en) | 2012-07-11 | 2012-07-11 | Controllable exchange method for symmetric key-encrypted file |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102843356B (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106254332A (en) * | 2016-07-29 | 2016-12-21 | 北京北信源软件股份有限公司 | Method, device and the server of a kind of safety desktop stream compression |
| WO2018068643A1 (en) * | 2016-10-12 | 2018-04-19 | 阿里巴巴集团控股有限公司 | File transmission method and apparatus |
| CN110365662A (en) * | 2019-06-28 | 2019-10-22 | 北京思源互联科技有限公司 | Business approval method and device |
| CN110399745A (en) * | 2019-08-16 | 2019-11-01 | 微位(深圳)网络科技有限公司 | The management method and device, storage medium and computer equipment of key |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1422034A (en) * | 2002-12-17 | 2003-06-04 | 胡祥义 | Utilization of symmetrical cipher for network digital signature |
| CN1889426A (en) * | 2005-06-30 | 2007-01-03 | 联想(北京)有限公司 | Method and system for realizing network safety storaging and accessing |
| CN101141244A (en) * | 2006-09-08 | 2008-03-12 | 飞塔信息科技(北京)有限公司 | Network encrypted data virus detection and elimination system, proxy server and method |
| CN101609490A (en) * | 2009-07-08 | 2009-12-23 | 北京大学 | Digital content protection method and system based on mobile memory medium |
| CN101674304A (en) * | 2009-10-15 | 2010-03-17 | 浙江师范大学 | Network identity authentication system and method |
-
2012
- 2012-07-11 CN CN201210239067.1A patent/CN102843356B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1422034A (en) * | 2002-12-17 | 2003-06-04 | 胡祥义 | Utilization of symmetrical cipher for network digital signature |
| CN1889426A (en) * | 2005-06-30 | 2007-01-03 | 联想(北京)有限公司 | Method and system for realizing network safety storaging and accessing |
| CN101141244A (en) * | 2006-09-08 | 2008-03-12 | 飞塔信息科技(北京)有限公司 | Network encrypted data virus detection and elimination system, proxy server and method |
| CN101609490A (en) * | 2009-07-08 | 2009-12-23 | 北京大学 | Digital content protection method and system based on mobile memory medium |
| CN101674304A (en) * | 2009-10-15 | 2010-03-17 | 浙江师范大学 | Network identity authentication system and method |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106254332A (en) * | 2016-07-29 | 2016-12-21 | 北京北信源软件股份有限公司 | Method, device and the server of a kind of safety desktop stream compression |
| WO2018068643A1 (en) * | 2016-10-12 | 2018-04-19 | 阿里巴巴集团控股有限公司 | File transmission method and apparatus |
| CN107948123A (en) * | 2016-10-12 | 2018-04-20 | 阿里巴巴集团控股有限公司 | Document transmission method and device |
| CN107948123B (en) * | 2016-10-12 | 2021-01-12 | 钉钉控股(开曼)有限公司 | File transmission method and device |
| US11375001B2 (en) | 2016-10-12 | 2022-06-28 | Alibaba Group Holding Limited | File transmission method and apparatus |
| CN110365662A (en) * | 2019-06-28 | 2019-10-22 | 北京思源互联科技有限公司 | Business approval method and device |
| CN110365662B (en) * | 2019-06-28 | 2022-05-17 | 北京思源理想控股集团有限公司 | Business approval method and device |
| CN110399745A (en) * | 2019-08-16 | 2019-11-01 | 微位(深圳)网络科技有限公司 | The management method and device, storage medium and computer equipment of key |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102843356B (en) | 2015-05-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105743646B (en) | A kind of Identity based encryption method and system | |
| CN104253694B (en) | A kind of time slot scrambling for network data transmission | |
| CN114513327B (en) | Block chain-based Internet of things private data rapid sharing method | |
| US20130339726A1 (en) | File server apparatus and file server system | |
| CN102333093A (en) | Data encryption transmission method and system | |
| CN104821874A (en) | Method employing quantum secret key for IOT (Internet of Things) data encryption transmission | |
| CN208986966U (en) | A kind of ciphering terminal and corresponding data transmission system | |
| CN101150533B (en) | A secure system and method for multi-point mail push | |
| CN105072107A (en) | System and method for enhancing data transmission and storage security | |
| CN103338437A (en) | Encryption method and system of mobile instant message | |
| CN112055022A (en) | High-efficiency and high-security network file transmission double encryption method | |
| CN104270242A (en) | Encryption and decryption device used for network data encryption transmission | |
| CN204180095U (en) | A kind of ciphering and deciphering device for network data encryption transmission | |
| CN102055685A (en) | Method for encrypting webmail information | |
| CN102843356B (en) | Controllable exchange method for symmetric key-encrypted file | |
| CN110191136A (en) | A kind of convenient and fast file secure transmission method and equipment | |
| CN101984626B (en) | Method and system for safely exchanging files | |
| CN102611681A (en) | Enterprise and public institution information leakage preventing method based on cloud architecture | |
| Sumathi et al. | Using Artificial Intelligence (AI) and Internet of Things (IoT) for Improving Network Security by Hybrid Cryptography Approach | |
| Zhu | Research of hybrid cipher algorithm application to hydraulic information transmission | |
| CN104301102B (en) | Widget communication means, apparatus and system | |
| CN111541603B (en) | Independent intelligent safety mail terminal and encryption method | |
| CN104618355B (en) | A kind of safety storage and the method for transmission data | |
| CN103780380A (en) | Asymmetric mail security encryption realization method | |
| Pry et al. | Energy consumption cost analysis of mobile data encryption and decryption |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |