CN102843356B - Controllable exchange method for symmetric key-encrypted file - Google Patents
Controllable exchange method for symmetric key-encrypted file Download PDFInfo
- Publication number
- CN102843356B CN102843356B CN201210239067.1A CN201210239067A CN102843356B CN 102843356 B CN102843356 B CN 102843356B CN 201210239067 A CN201210239067 A CN 201210239067A CN 102843356 B CN102843356 B CN 102843356B
- Authority
- CN
- China
- Prior art keywords
- file
- approval
- server
- send
- examination
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The invention discloses a controllable exchange method for a symmetric key-encrypted file. The controllable exchange method comprises the following steps of: A) establishing user information at a file encryption server, wherein the information comprises private keys of all users, and the server comprises a file encryption and decryption unit, a file transceiving unit and a message transceiving unit; B) using the server to send a sending request sent by a client to a related examination and approval end for examination and approval according to the sending request sent by the client; C) using the examination and approval end to judge whether the sending request is agreed or not after examination and approval information is received, and automatically sending the examination and approval result back to the server; and D) using the server to judge whether sending is performed or not according to the examination and approval result after the examination and approval result is received. According to the controllable exchange method for the symmetric key-encrypted file, disclosed by the invention, the whole transmission can be ensured in an encrypted safety domain, the divulgence in file transmission can be prevented, and safety, controllability and convenience in exchange of the symmetric key-encrypted file can be realized.
Description
Technical field
The present invention relates to computer file ciphering field, relate in particular to one and be specially adapted to enterprises and institutions' internal file encipherment protection, and the transmission of encrypt file under controllable condition and exchange.
Background technology
Along with the development of IT application in enterprises and E-Government, increasing application system is used to the routine work of people with life.The form that various important information all have employed electronization stores, and computer documents is exactly most important information carrier.Each application system can gather, processes, exports and store a large amount of data, and therefore these units are faced with multiple challenge in file management side.In order to ensure safety, the encrypted storage of a large amount of confidential document in a computer, but the file after encryption is because the privatization of key can cause encrypt file to bring inconvenience in sharing.
Existing cryptographic algorithm is divided into two classes: symmetric key encryption algorithm and asymmetric-key encryption algorithm.Symmetric key algorithm adopts identical double secret key data to encrypt and decrypt, because its simple characteristic is efficiently widely used in the encryption of local file.Use due to symmetric key limits the propagation of key, so adopt the file of symmetric key algorithm encryption directly not share between the computers; Asymmetric key algorithm adopts double secret key (PKI and private key) to carry out encrypt and decrypt documents, and the opening because of its PKI makes the exchange of encrypt file very convenient.Such as party A-subscriber will issue party B-subscriber file, only needs to be encrypted with the PKI of party B-subscriber, and the file after encryption only has could be deciphered with the private key of party B-subscriber.Party A-subscriber also can be encrypted (signature) file with the private key of oneself simultaneously, and party B-subscriber verifies with the signature of PKI to file of party A-subscriber.If but local file also adopts asymmetric key algorithm to be encrypted solution secret meeting too loaded down with trivial details and complicated, such encryption system efficiency also can not be high.
In sum, symmetric key algorithm is applicable to the local encryption stored, and asymmetric key algorithm is applicable to the data encryption in exchange.
Summary of the invention
The object of the present invention is to provide a kind of switching method of convenient, safe symmetric key encryption algorithm file, solve between computer and computer and use the controlled of symmetric encipherment algorithm encrypt file to exchange problem.The present invention adopts the controlled switching method of symmetric key algorithm encrypt file, is to improve the new technology that the controlled mutual and controllable pair of enterprises and institutions internal files safety sends under the new situation outward.
For achieving the above object, the present invention adopts following technical scheme:
A controlled switching method for symmetric key encryption file, comprises the steps:
A) set up user profile at file encryption server, these information comprise the private cipher key of whole user; Described server include file encryption/decryption element, transmitting/receiving file unit, messaging unit;
What B) server sent according to transmitting terminal sends request, and what transmitting terminal sent by server send request being sent to relevant examination & approval end and examining;
C) judge whether after examination & approval terminate to approval information to agree to, and approval results is beamed back server automatically;
D), after server receives approval information, judge whether to send according to approval results.
Further: described step D) approval results comprise agree to send and refusal send, wherein agree to transmission comprise agree to local area network (LAN) inside send and/or wide area network outside send.
Further: if approver agree to send and be local area network (LAN) inside send, then by key conversion will take the transmission file process of sender's secret key encryption as the reception file with recipient's secret key encryption, then send it to receiving terminal; If approver agrees to send and is outside transmission, then use transmitting terminal secret key decryption file, send expressly to outer net; If not, then examination & approval refuse information is sent to transmitting terminal.
Further: described server one by one or batch transmitting terminal is sent send request and being sent to relevant examination & approval end and examining, examination & approval end by approval results one by one or batch automatically beam back server; A file is sent to multiple recipient by server, or once sends multiple file to recipient.
Further: described server sends approval information and to examining end and transmission file and the message concrete grammar to receiving terminal is:
I. first transmitting terminal file examination & approval end key is replaced by server, and encrypt file and information are together sent to examination & approval end, and approver can determine whether ratify by own key declassified document viewing files content.
II. server is sent to the file of receiving terminal, sends and is replaced by use receiving terminal key, then sent together with notification message by encrypt file if inner.Send if outside and then use transmitting terminal secret key decryption file to send cleartext information.
The controlled switching method of symmetric key encryption file of the present invention, key is that file that is that transmitting terminal or examination & approval end receive or intermediate transport is all ciphertext, all depend on file-swapping service device, ensure that whole transmission is in the security domain of an encryption, prevent divulging a secret of file transfer, solve the safety of symmetric key encryption exchange files, controlled, convenience.
Accompanying drawing explanation
Fig. 1 is the controlled switching system structural representation of symmetric key encryption file of the present invention.
Embodiment
Below in conjunction with the drawings and specific embodiments, the present invention is described in further details.
Figure 1 shows that the controlled switching system of a symmetric key encryption file, comprise client, server, file exchange program, sensitive document, transmitting-receiving instrument, examination & approval end, receiving terminal etc., some clients and receiving terminal and server and examining can be held etc. and to form local area network (LAN), also client and receiving terminal can be passed through the Internet UNICOM, form a wide area network.Its workflow is:
1. user side (comprising sender, recipient and approver) is first at server registration and acquisition individual (symmetry) key, and uses the local sensitive document of this secret key encryption.
2. transmitting terminal use transmission instrument by use the local sensitive information of personal key encryption be sent to receiving terminal (as in figure (1)).
3. file transform encrypt with sender is with the file of approver's secret key encryption by exchanging cipher key technique by server, and forward approval request information hold to examining (as in figure (2)).
4. examine end to open file with oneself key and check, and judge whether to agree to transmitting terminal this file is sent to receiving terminal (as in figure (3)).
5., after approval results send information to server, server processes encrypt file further according to approval results.
If approver agree to send and for inner send as in figure (4), then use recipient key exchange key, and encrypt file and message are together sent to receiving terminal; If agree to send and be outside transmission, then use transmitting terminal secret key decryption, send expressly arrive outer net (as in figure (6)); Refusal then send refuse information to transmitting terminal (as in figure (5)).
Server can one by one or batch transmitting terminal is sent send request and being sent to relevant examination & approval end and examining, examination & approval end by approval results one by one or batch automatically beam back server; A file is sent to multiple recipient by server, or once sends multiple file to recipient.
Server sends approval information:
I. first transmitting terminal file examination & approval end key is replaced by server, and encrypt file and information are together sent to examination & approval end, and approver can determine whether ratify by own key declassified document viewing files content.
II. server is sent to the file of receiving terminal, sends and is replaced by use receiving terminal key, then sent together with notification message by encrypt file if inner.Send if outside and then use transmitting terminal secret key decryption file to send cleartext information.
Above concrete elaboration is carried out to the controlled switching method of inventing a kind of symmetric key encryption file provided, and be explained in conjunction with specific embodiments, but the most preferred embodiment of above introduced just invention, practical range of the present invention can not be limited with this.The slight change done according to the present invention of those skilled in the art or improvement, all should belong to the scope that patent of the present invention contains in the art.
Claims (3)
1. a controlled switching method for symmetric key encryption file, comprises the steps:
A) set up user profile at file encryption server, these information comprise the private cipher key of whole user; Described server include file encryption/decryption element, transmitting/receiving file unit, messaging unit;
What B) server sent according to client sends request, and what client sent by server send request being sent to relevant examination & approval end and examining;
C) judge whether after examination & approval terminate to approval information to agree to, and approval results is beamed back server automatically;
D), after server receives approval information, judge whether to send according to approval results;
Described step D) approval results comprise agree to send and refusal send, wherein agree to transmission comprise agree to local area network (LAN) inside send and/or wide area network outside send; If approver agree to send and be local area network (LAN) inside send, then by key conversion will take the transmission file process of sender's secret key encryption as the reception file with recipient's secret key encryption, then send it to receiving terminal; If approver agrees to send and is outside transmission, then use sender's secret key decryption file, send expressly to outer net; If not, then examination & approval refuse information is sent to transmitting terminal.
2. the controlled switching method of symmetric key encryption file as claimed in claim 1, it is characterized in that: described server one by one or batch client is sent send request and being sent to relevant examination & approval end and examining, examination & approval end by approval results one by one or batch automatically beam back server; A file is sent to multiple recipient by server, or once sends multiple file to recipient.
3. the controlled switching method of symmetric key encryption file as claimed in claim 2, is characterized in that: described server sends approval information and to examining end and transmission file and the message concrete grammar to receiving terminal is:
I. first transmitting terminal file examination & approval end key is replaced by server, and encrypt file and information are together sent to examination & approval end, and approver can determine whether ratify by own key declassified document viewing files content;
II. server is sent to the file of receiving terminal, sends and is replaced by use receiving terminal key, then sent together with notification message by encrypt file if inner; Send if outside and then use transmitting terminal secret key decryption file to send cleartext information.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210239067.1A CN102843356B (en) | 2012-07-11 | 2012-07-11 | Controllable exchange method for symmetric key-encrypted file |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210239067.1A CN102843356B (en) | 2012-07-11 | 2012-07-11 | Controllable exchange method for symmetric key-encrypted file |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102843356A CN102843356A (en) | 2012-12-26 |
| CN102843356B true CN102843356B (en) | 2015-05-13 |
Family
ID=47370417
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210239067.1A Active CN102843356B (en) | 2012-07-11 | 2012-07-11 | Controllable exchange method for symmetric key-encrypted file |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102843356B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106254332A (en) * | 2016-07-29 | 2016-12-21 | 北京北信源软件股份有限公司 | Method, device and the server of a kind of safety desktop stream compression |
| CN107948123B (en) * | 2016-10-12 | 2021-01-12 | 钉钉控股(开曼)有限公司 | File transmission method and device |
| CN110365662B (en) * | 2019-06-28 | 2022-05-17 | 北京思源理想控股集团有限公司 | Business approval method and device |
| CN110399745A (en) * | 2019-08-16 | 2019-11-01 | 微位(深圳)网络科技有限公司 | The management method and device, storage medium and computer equipment of key |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1422034A (en) * | 2002-12-17 | 2003-06-04 | 胡祥义 | Utilization of symmetrical cipher for network digital signature |
| CN1889426A (en) * | 2005-06-30 | 2007-01-03 | 联想(北京)有限公司 | Method and system for realizing network safety storaging and accessing |
| CN101141244A (en) * | 2006-09-08 | 2008-03-12 | 飞塔信息科技(北京)有限公司 | Network encrypted data virus detection and elimination system, proxy server and method |
| CN101609490A (en) * | 2009-07-08 | 2009-12-23 | 北京大学 | Digital content protection method and system based on mobile memory medium |
| CN101674304A (en) * | 2009-10-15 | 2010-03-17 | 浙江师范大学 | Network identity authentication system and method |
-
2012
- 2012-07-11 CN CN201210239067.1A patent/CN102843356B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1422034A (en) * | 2002-12-17 | 2003-06-04 | 胡祥义 | Utilization of symmetrical cipher for network digital signature |
| CN1889426A (en) * | 2005-06-30 | 2007-01-03 | 联想(北京)有限公司 | Method and system for realizing network safety storaging and accessing |
| CN101141244A (en) * | 2006-09-08 | 2008-03-12 | 飞塔信息科技(北京)有限公司 | Network encrypted data virus detection and elimination system, proxy server and method |
| CN101609490A (en) * | 2009-07-08 | 2009-12-23 | 北京大学 | Digital content protection method and system based on mobile memory medium |
| CN101674304A (en) * | 2009-10-15 | 2010-03-17 | 浙江师范大学 | Network identity authentication system and method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102843356A (en) | 2012-12-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105743646B (en) | A kind of Identity based encryption method and system | |
| CN106453612B (en) | A kind of storage of data and shared system | |
| IL261137A (en) | System and method for performing secure communications | |
| CN104253694B (en) | A kind of time slot scrambling for network data transmission | |
| US11316671B2 (en) | Accelerated encryption and decryption of files with shared secret and method therefor | |
| CN104270242A (en) | Encryption and decryption device used for network data encryption transmission | |
| CN102055685B (en) | Method for encrypting webmail information | |
| CN107181584B (en) | Asymmetric completely homomorphic encryption and key replacement and ciphertext delivery method thereof | |
| US10063655B2 (en) | Information processing method, trusted server, and cloud server | |
| Alomari et al. | Efficiency of using the Diffie-Hellman key in cryptography for internet security | |
| CN204180095U (en) | A kind of ciphering and deciphering device for network data encryption transmission | |
| CN112055022A (en) | High-efficiency and high-security network file transmission double encryption method | |
| CN102843356B (en) | Controllable exchange method for symmetric key-encrypted file | |
| CN114513327B (en) | Block chain-based Internet of things private data rapid sharing method | |
| CN110191136A (en) | A kind of convenient and fast file secure transmission method and equipment | |
| WO2020042023A1 (en) | Instant messaging data encryption method and apparatus | |
| CN103916834A (en) | Short message encryption method and system allowing user to have exclusive secret key | |
| CN104301102B (en) | Widget communication means, apparatus and system | |
| CN104618355B (en) | A kind of safety storage and the method for transmission data | |
| CN103780380A (en) | Asymmetric mail security encryption realization method | |
| CN102036194A (en) | Method and system for encrypting MMS | |
| Liu et al. | Analysis of one identity-based integrity auditing and data sharing scheme | |
| TW201117041A (en) | Mutual authentication method of external storage devices | |
| Rawdhan et al. | Enhancement of Email Security Services | |
| CN111541603A (en) | Independent intelligent safety mail terminal and encryption method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |