CN103281299A - Encryption and decryption devices and information processing method and system - Google Patents
Encryption and decryption devices and information processing method and system Download PDFInfo
- Publication number
- CN103281299A CN103281299A CN2013101505403A CN201310150540A CN103281299A CN 103281299 A CN103281299 A CN 103281299A CN 2013101505403 A CN2013101505403 A CN 2013101505403A CN 201310150540 A CN201310150540 A CN 201310150540A CN 103281299 A CN103281299 A CN 103281299A
- Authority
- CN
- China
- Prior art keywords
- ciphertext
- information
- decryption
- policy
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides an encryption device, a decryption device, an information processing method and an information processing system. The information processing method comprises the following steps that the decryption device acquires a coded data packet, wherein the coded data packet comprises a communication text and control information for the communication text, the communication text comprises a plaintext and at least one section of ciphertext, and the control information comprises the ciphertext identification information of the ciphertext; the decryption device determines the ciphertext of the communication text according to the ciphertext identification information of the ciphertext in the control information; the decryption device acquires a decryption strategy corresponding to the ciphertext; the decryption device decrypts the obtained ciphertext by utilizing the decryption strategy to obtain character information; and the decryption device triggers the operation of outputting the character information.
Description
Technical field
The present invention relates to a kind of electronic technology field, relate in particular to a kind of ciphering and deciphering device and information processing information and system.
Background technology
Safety for communication informations such as certified mail, instant messages, transmit leg sends after can being encrypted processing to the full text of the communication information in the prior art, accordingly, after the communication information of recipient after receiving encryption, obtain the full text of this communication information by the decipherment algorithm of correspondence, just can obtain the content of the communication information.
In actual applications, usually adopt ciphering and deciphering device that the communication information is encrypted and deciphers, but when the amount of information of the communication information is excessive, for the enciphering/deciphering of the full text of the communication information handle can the cost ciphering and deciphering device plenty of time and internal memory, influence the processing speed of ciphering and deciphering device, reduced the output speed of information.
Summary of the invention
One of the present invention is intended to address the above problem/.
The invention provides following technical scheme:
A kind of information processing method, comprise: decryption device obtains coded data packet, coded data packet comprises the control information of communication text and the text of communicating by letter, and the text of wherein communicating by letter comprises expressly and at least one section ciphertext that wherein control information comprises the ciphertext identification information of ciphertext; Decryption device is determined the ciphertext of communication text according to the ciphertext identification information of ciphertext in the control information; Decryption device obtains the decryption policy of ciphertext correspondence; Decryption device utilizes decryption policy that the ciphertext that obtains is decrypted processing, obtains character information; Decryption device triggers the operation of output character information.
Wherein, the step of the operation of decryption device triggering output character information comprises: decryption device output character information; Perhaps decryption device is sent to terminal with character information, and terminal shows character information.
Wherein, control information also comprises time control information; Decryption device utilizes decryption policy that the ciphertext that obtains is decrypted processing, obtains the step of character information, comprising: the control information of decryption device acquisition time; Decryption device reads the clock information of decryption device; Decryption device is compared clock information and time control information; If comparison is passed through, then decryption device utilizes decryption policy that the ciphertext that obtains is decrypted processing, obtains character information.
Wherein, coded data packet also comprises first signed data that the communication text is signed and obtained after handling; Decryption device utilizes decryption policy that the ciphertext that obtains is decrypted processing, and the step that obtains character information also comprises before: decryption device is tested label to first signed data; Pass through if test to sign, then trigger and utilize decryption policy that the ciphertext that obtains is decrypted processing, obtain the step of character information.
A kind of information processing method comprises: terminal is obtained coded data packet, and coded data packet comprises the control information of communication text and the text of communicating by letter, and the text of wherein communicating by letter comprises expressly and at least one section ciphertext that wherein control information comprises the ciphertext identification information of ciphertext; Terminal display communication text; Terminal is after receiving decoding request, to the decryption policy of decryption device inquiry ciphertext correspondence; Decryption device is sent to terminal with decryption policy; Terminal receiving and deciphering strategy; Terminal is obtained ciphertext; Terminal utilizes decryption policy that ciphertext is decrypted processing, obtains character information; Terminal output character information.
Wherein, the step that terminal is obtained ciphertext comprises: terminal is determined the ciphertext of communication text according to start position information and the end position information of ciphertext in the control information; The perhaps ciphertext of the text of communicating by letter determined according to the start position information of ciphertext in the control information and end position information of terminal receiving and deciphering device.
Wherein, control information also comprises time control information; Decryption device utilizes decryption policy that the ciphertext that obtains is decrypted processing, obtains the step of character information, comprising: the control information of decryption device acquisition time; Decryption device reads the clock information of decryption device; Decryption device is compared clock information and time control information; If comparison is passed through, then decryption device utilizes decryption policy that the ciphertext that obtains is decrypted processing, obtains character information.
Wherein, coded data packet also comprises first signed data that the communication text is signed and obtained after handling; Also comprise before the step of terminal display communication text: terminal sends first signed data to decryption device; Detect decryption device first signed data of communication text is tested sign pass through after, the display communication text.
A kind of information processing method comprises: terminal is obtained coded data packet, and coded data packet comprises the control information of communication text and the text of communicating by letter, and the text of wherein communicating by letter comprises expressly and at least one section ciphertext that wherein control information comprises the ciphertext sign of ciphertext; Terminal display communication text; Terminal is determined the ciphertext of communication text according to the ciphertext sign of ciphertext in the control information after receiving decoding request; To the communicate by letter ciphertext of text of terminal sends to decryption device; Decryption device obtains the decryption policy of ciphertext correspondence; Decryption device utilizes decryption policy that the ciphertext that obtains is decrypted processing, obtains character information; Decryption device triggers the operation of output character information.
Wherein, the step of the operation of decryption device triggering output character information comprises: decryption device output character information; Perhaps decryption device is sent to terminal with character information, and terminal shows character information.
Wherein, control information also comprises time control information; Decryption device utilizes decryption policy that the ciphertext that obtains is decrypted processing, obtains the step of character information, comprising: the control information of decryption device acquisition time; Decryption device reads the clock information of decryption device; Decryption device is compared clock information and time control information; If comparison is passed through, then decryption device utilizes decryption policy that the ciphertext that obtains is decrypted processing, obtains character information.
Wherein, coded data packet also comprises first signed data that the communication text is signed and obtained after handling; Decryption device utilizes decryption policy that the ciphertext that obtains is decrypted processing, and the step that obtains character information also comprises before: decryption device is tested label to first signed data; Pass through if test to sign, then trigger and utilize decryption policy that the ciphertext that obtains is decrypted processing, obtain the step of character information.
A kind of information processing method comprises: encryption device obtaining communication text and the encryption request that part in the communication text is encrypted; Encryption device is determined the ciphertext identification information of character information to be encrypted and character information to be encrypted according to the request of encrypting, and according to the encryption policy that sets in advance, character information to be encrypted is encrypted processing, at least one section ciphertext of the text that obtains communicating by letter; Encryption device generates the control information of ciphertext according to the ciphertext identification information; Encryption device is exported at least one section ciphertext and control information at least.
Wherein, control information also comprises time control information.
Wherein, before the step of encryption device outputting encoded data bag, also comprise: encryption device is signed to the communication text, and generates first signed data that is used for testing label communication text; Wherein, the coded data packet of encryption device output also comprises first signed data.
A kind of decryption device, comprise: first acquisition module, be used for obtaining coded data packet, coded data packet comprises the control information of communication text and the text of communicating by letter, the text of wherein communicating by letter comprises expressly and at least one section ciphertext that wherein control information comprises the ciphertext identification information of ciphertext; Determination module links to each other with first acquisition module, is used for the ciphertext identification information according to the control information ciphertext, determines the ciphertext of communication text; Second acquisition module links to each other with first acquisition module, is used for obtaining the decryption policy of ciphertext correspondence; Deciphering module links to each other with second acquisition module with determination module, is used for utilizing decryption policy that the ciphertext that obtains is decrypted processing, obtains character information; Trigger module links to each other with deciphering module, is used for triggering the operation of output character information.
Wherein, trigger module comprises: output unit is used for output character information; Perhaps transmitting element is used for character information and is sent to terminal, shows character information by terminal.
Wherein, control information also comprises time control information; Deciphering module comprises: acquiring unit is used for the acquisition time control information; Reading unit is for the clock information that reads decryption device; Comparing unit links to each other with reading unit with acquiring unit, is used for clock information and time control information are compared; Decrypting device links to each other with comparing unit, is used for utilizing decryption policy that the ciphertext that obtains is decrypted processing when comparison is passed through, and obtains character information.
Wherein, coded data packet also comprises first signed data that the communication text is signed and obtained after handling; Decryption device also comprises: first tests the label module, links to each other with deciphering module, is used for first signed data is tested label, and passes through testing to sign, and triggers deciphering module and is decrypted processing.
Wherein, control information also comprises at least one section encryption policy and/or the indication information of encryption policy, and wherein the indication information of encryption policy and/or encryption policy is to obtain after handling by the encrypted private key of decryption device; Decryption device obtains the decryption policy of ciphertext correspondence, comprising: decryption device utilizes the private key deciphering indication information of decryption device, obtains encryption policy; Decryption device obtains the decryption policy of encryption policy correspondence.
Wherein, control information also comprises second signed data after the indication information signature of at least one section encryption policy and/or encryption policy handled; Decryption device obtains before the decryption policy of ciphertext correspondence, also comprises: decryption device is tested label to second signed data; Pass through if test to sign, then obtain the decryption policy of ciphertext correspondence.
A kind of information processing system, comprise terminal and decryption device, wherein: first acquisition module in the terminal, be used for obtaining coded data packet, coded data packet comprises the control information of communication text and the text of communicating by letter, the text of wherein communicating by letter comprises expressly and at least one section ciphertext that wherein control information comprises the ciphertext identification information of ciphertext; Display module in the terminal links to each other with first acquisition module, is used for the display communication text; Enquiry module in the terminal, display module links to each other, and is used for after receiving decoding request, to the decryption policy of decryption device inquiry ciphertext correspondence; Second acquisition module in the decryption device links to each other with enquiry module, is used for obtaining the decryption policy of ciphertext correspondence; Sending module in the decryption device links to each other with second acquisition module, is used for decryption policy is sent to terminal; Receiver module in the terminal links to each other with sending module, is used for the receiving and deciphering strategy; The 3rd acquisition module in the terminal is used for obtaining ciphertext; Deciphering module in the terminal links to each other with the 3rd acquisition module with receiver module, is used for utilizing decryption policy that ciphertext is decrypted processing, obtains character information; Output module in the terminal links to each other with deciphering module, is used for output character information.
Wherein, the 3rd acquisition module comprises:
Determining unit is used for start position information and end position information according to the control information ciphertext, determines the ciphertext of communication text; Perhaps
Receiving element is used for the ciphertext of the text of communicating by letter that the receiving and deciphering device determines according to the start position information of control information ciphertext and end position information.
Wherein, control information also comprises time control information; Deciphering module comprises: acquiring unit is used for the acquisition time control information; Reading unit is for the clock information that reads decryption device; Comparing unit links to each other with reading unit with acquiring unit, is used for clock information and time control information are compared; Decrypting device links to each other with comparing unit, is used for utilizing decryption policy that the ciphertext that obtains is decrypted processing when comparison is passed through, and obtains character information.
Wherein, coded data packet also comprises first signed data that the communication text is signed and obtained after handling; Display module comprises: transmitting element is used for sending first signed data to decryption device; Display unit, be used for detect decryption device utilize first signed data that the signature of communication text is tested to sign pass through after, the display communication text; Decryption device also comprises: first tests the label module, links to each other with transmitting element, is used for utilizing first signed data that the signature of communication text is tested label, obtains testing the label result; The 3rd transmitting element is tested and is signed module and link to each other with display unit with first, is used for transmission and tests the label result.
A kind of information processing system, comprise terminal and decryption device, wherein: first acquisition module in the terminal, be used for obtaining coded data packet, coded data packet comprises the control information of communication text and the text of communicating by letter, the text of wherein communicating by letter comprises expressly and at least one section ciphertext that wherein control information comprises the ciphertext identification information of ciphertext; Display module in the terminal links to each other with first acquisition module, is used for the display communication text;
Really cover half piece in the terminal links to each other with display module, is used for determining the ciphertext of communication text according to the ciphertext identification information of ciphertext in the control information after receiving decoding request;
Sending module in the terminal links to each other with first acquisition module with determination module, and the ciphertext of the text that is used for communicating by letter sends to decryption device; Second acquisition module in the decryption device links to each other with sending module, is used for obtaining the decryption policy of ciphertext correspondence; Deciphering module in the decryption device links to each other with second acquisition module with sending module, is used for utilizing decryption policy that the ciphertext that obtains is decrypted processing, obtains character information; Trigger module in the decryption device links to each other with deciphering module, is used for triggering the operation of output character information.
Wherein, trigger module comprises: output unit is used for output character information; Perhaps transmitting element is used for character information and is sent to terminal, shows character information by terminal.
Wherein, control information also comprises time control information; Deciphering module comprises: acquiring unit is used for the acquisition time control information; Reading unit is for the clock information that reads decryption device; Comparing unit links to each other with reading unit with acquiring unit, is used for clock information and time control information are compared; Decrypting device links to each other with comparing unit, is used for utilizing decryption policy that the ciphertext that obtains is decrypted processing when comparison is passed through, and obtains character information.
Wherein, coded data packet also comprises first signed data that the communication text is signed and obtained after handling; Decryption device also comprises: first tests the label module, links to each other with deciphering module, is used for first signed data is tested label, and passes through testing to sign, and triggers deciphering module and is decrypted processing.
Wherein, control information also comprises at least one section encryption policy and/or the indication information of encryption policy, and wherein the indication information of encryption policy and/or encryption policy is to obtain after handling by the encrypted private key of decryption device; Second acquisition module is used for utilizing the private key deciphering indication information of decryption device, obtains encryption policy, obtains the decryption policy of encryption policy correspondence again.
Wherein, control information also comprises second signed data after the indication information signature of at least one section encryption policy and/or encryption policy handled; Decryption device also comprises: second authentication module, and be used for second signed data is tested label, and pass through testing to sign, trigger the operation of the decryption policy of obtaining the ciphertext correspondence.
A kind of encryption device comprises: acquisition module, the encryption request that is used for the obtaining communication text and communication text part is encrypted; Determination module links to each other with acquisition module, is used for determining that according to the request of encryption character information to be encrypted and character information to be encrypted are in start position information and the end position information of communication text; Encrypting module links to each other with acquisition module, is used for according to the encryption policy that sets in advance character information to be encrypted being encrypted processing, at least one section ciphertext of the text that obtains communicating by letter; First generation module links to each other with encrypting module with determination module, is used for according to the control information of start position information with ending message and the employed encryption policy generation of the text of communicating by letter ciphertext; Output module links to each other with first generation module with encrypting module, is used for the outputting encoded data bag, and coded data packet comprises: the plaintext that unencryption is handled in the communication text, at least one section ciphertext and control information.
Wherein, control information also comprises time control information.
Wherein, encryption device also comprises: signature blocks is used for communication message is signed; Second generation module links to each other with output module with signature blocks, for processing that communication message is signed, obtains first signed data; Wherein, the coded data packet of output module output also comprises first signed data.
As seen from the above technical solution provided by the invention, the invention provides a kind of ciphering and deciphering device and information processing information and system, by obtaining choosing information to be encrypted in the communication text, only realize the encryption to safe information, realization is encrypted the part of communication text, thereby reduced the quantity of cryptographic object, reduced the processing pressure of cryptographic operation; In like manner, behind the communication text that obtains the part encryption, only partial content in the communication text is decrypted, has reduced the quantity of deciphering object, reduced the processing pressure of decryption oprerations.For the limited equipment of disposal ability, especially suitable as electronic signature token etc.
Description of drawings
In order to be illustrated more clearly in the technical scheme of the embodiment of the invention, the accompanying drawing of required use is done to introduce simply in will describing embodiment below, apparently, accompanying drawing in describing below only is some embodiments of the present invention, for those of ordinary skill in the art, under the prerequisite of not paying creative work, can also obtain other accompanying drawings according to these accompanying drawings.
The schematic flow sheet of the information processing method embodiment that Fig. 1 provides for the embodiment of the invention 1;
The schematic flow sheet of the information processing method embodiment that Fig. 2 provides for the embodiment of the invention 2;
The schematic flow sheet of the information processing method embodiment that Fig. 3 provides for the embodiment of the invention 3;
The schematic flow sheet of the information processing method embodiment that Fig. 4 provides for the embodiment of the invention 4;
Fig. 5 is the structural representation of a kind of decryption device embodiment provided by the invention;
Fig. 6 is the structural representation of a kind of information processing system embodiment provided by the invention;
Fig. 7 is the structural representation of another kind of information processing system embodiment provided by the invention;
Fig. 8 is the structural representation of a kind of encryption device embodiment provided by the invention.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the invention, the technical scheme in the embodiment of the invention is clearly and completely described, obviously, described embodiment only is the present invention's part embodiment, rather than whole embodiment.Based on embodiments of the invention, those of ordinary skills belong to protection scope of the present invention not making the every other embodiment that obtains under the creative work prerequisite.
In description of the invention, it will be appreciated that, term " " center "; " vertically "; " laterally "; " on "; D score; " preceding ", " back ", " left side ", " right side ", " vertically ", " level ", " top ", " end ", " interior ", close the orientation of indications such as " outward " or position is based on orientation shown in the drawings or position relation, only be that the present invention for convenience of description and simplification are described, rather than device or the element of indication or hint indication must have specific orientation, with specific orientation structure and operation, therefore can not be interpreted as limitation of the present invention.In addition, term " first ", " second " only are used for describing purpose, and can not be interpreted as indication or hint relative importance or quantity or position.
In description of the invention, need to prove that unless clear and definite regulation and restriction are arranged in addition, term " installation ", " linking to each other ", " connection " should be done broad understanding, for example, can be fixedly connected, also can be to removably connect, or connect integratedly; Can be mechanical connection, also can be to be electrically connected; Can be directly to link to each other, also can link to each other indirectly by intermediary, can be the connection of two element internals.For the ordinary skill in the art, can concrete condition understand above-mentioned term concrete implication in the present invention.
Below in conjunction with accompanying drawing the embodiment of the invention is described in further detail.
Embodiment 1
The schematic flow sheet of the information processing method embodiment that Fig. 1 provides for the embodiment of the invention 1.Method embodiment shown in Figure 1 comprises:
Concrete, the communication text comprises two parts, and wherein a part is expressly, in addition a part of ciphertext, wherein this ciphertext can be to obtain after one section continuous character is encrypted in the communication text, also can be to obtain after the continuous character of multistage is encrypted in the communication text.
Wherein, described ciphertext identification information is for determining that information that ciphertext comprises is in the position of communication text, can be start position information and end position information, also can be some differences and the form of expression expressly, as the expression mode that font tilts or font increases the weight of, also can be that the mode that increases wave, two horizontal line or dotted line below ciphertext is represented.
Wherein, the encryption policy of described ciphertext can consult in advance, need not to notify.
Optionally, described control information comprises that also the indication information that is used to indicate encryption policy and/or encryption policy can be encryption policy itself, also can determine for being used for the identification information of encryption policy, as the numbering of encryption policy etc.Determine encryption policy if adopt identification information, the data volume of its information transmitted will be less than encryption policy itself, and because the content of transmission is identification information, after the lawless person gets access to this numbering, owing to can't know the encryption policy of this identification information correspondence, also can't obtain corresponding decryption policy, thereby can not crack this ciphertext, guarantee the information transmission safety.
Wherein, encryption policy can comprise cryptographic algorithm and/or encryption key, is used to refer to the information of manner of decryption.
Wherein, if ciphertext is made up of the multistage continuation character, then control information comprises a plurality of control clauses and subclauses, the corresponding one section continuation character of each control clauses and subclauses, each control strip purpose original position and end position information are in order to identify this section continuation character at original position and the end position of the text of communicating by letter, and encryption policy is in order to the encryption policy of this section of mark continuation character at the communication text.
Wherein, the encryption policy of all continuation character correspondences can be identical, also can use multiple encryption policy by the multistage continuation character, wherein, if the employed encryption policy of multistage continuation character has at least two kinds.Use identical encryption policy with respect to the former, the encryption policy difference that the latter uses reduces the possibility that cracks, the fail safe that has improved information.
Wherein this decryption policy can be to consult in advance with the transmit leg of the text of communicating by letter, and certainly, the encryption and decryption strategy comprises algorithm and key, wherein one of them is consulted in advance.When each communication, hold consultation carrying the part that does not consult by control information.
Concrete, described control information also comprises described at least one section encryption policy and/or the indication information of encryption policy, the indication information of wherein said encryption policy and/or encryption policy is to obtain after handling by the encrypted private key of decryption device; Described decryption device obtains the decryption policy of described ciphertext correspondence, comprising: described decryption device utilizes the private key of described decryption device to decipher described indication information, obtains encryption policy; Described decryption device obtains the decryption policy of described encryption policy correspondence, thereby guarantees the safety of encryption policy.
Wherein, described control information also comprises second signed data after the indication information signature processing of described at least one section encryption policy and/or encryption policy; Described decryption device obtains before the decryption policy of described ciphertext correspondence, also comprises: described decryption device is tested label to described second signed data; Pass through if test to sign, then obtain the decryption policy of described ciphertext correspondence.
Behind signed data, realize the further protection to encryption policy, the fail safe that further improves signed data.
Wherein, the execution sequence of step 102 and step 103 can exchange.
Wherein, preferred, control information also comprises time control information; This step comprises:
Steps A 1, the control information of decryption device acquisition time;
For example, time control information is 9:00~12:00 on March 12nd, 2013.
Steps A 2, decryption device read the clock information of decryption device;
For example, clock information is 10:45 on March 12nd, 2013.
Steps A 3, decryption device are compared clock information and time control information;
Specifically, judge this temporal information whether in the scope of this time control information record, if in this scope, then the expression comparison is passed through, and allows ciphertext is decrypted operation; Otherwise comparison is not passed through, and flow process finishes.
As seen from the above, before being decrypted operation, utilize time control information that the deciphering time of communication text is controlled, the recipient who reaches control communication text gets access to the purpose of communication text, the effectively purpose of the reading time of control communication text in the special time scope.
Wherein, the clock information of decryption device of the present invention can adopt the mode of ciphertext to dispose, when external equipment is attempted to read the clock information of decryption device, if there is not corresponding key, then namely enable to read clock information, can not distort it easily, thereby the clock information that prevents decryption device is guaranteed the safety of communication by the leakage of information of distorting and causing.
If steps A 4 comparisons are passed through, then decryption device utilizes decryption policy that the ciphertext that obtains is decrypted processing, obtains character information.
Wherein the way of output can be to play or demonstration, but is not limited thereto.
Concrete, the output function of character information can have following dual mode:
Mode one: the direct output character information of decryption device;
Mode two: decryption device is sent to terminal with character information, and terminal shows character information.
Wherein, under the low situation of the fail safe of terminal, be stolen for fear of the character information that obtains from decrypt ciphertext, preferably adopt mode one to show, the safety of guarantee information.
In mode two, in order to know complete output character information, terminal can be obtained start position information and the end position information in the control information, and according to start position information and end position information, character information is reverted in the communication text, obtain content and be communication text expressly, and output content is communication text expressly.
For example, the communication body matter is number of the account X, and the label sign indicating number of testing of paying 50 yuan is Y, and wherein X and Y are cipher-text information.Character information through the X that obtains after the deciphering is that 123456789, Y is 000, and then the terminal communication body matter that will show is updated to number of the account 123456789, and the label of testing of pay 50 yuan yard are 000.
Optionally, coded data packet also comprises the sign signature that obtains after handling of communication text is tested first signed data of label; Wherein Qian Ming object can be communicated by letter in the text expressly and in the ciphertext at least one.
Decryption device utilizes decryption policy that the ciphertext that obtains is decrypted processing, and the step that obtains character information also comprises before:
Decryption device is tested label to first signed data;
Pass through if test to sign, then trigger and utilize decryption policy that the ciphertext that obtains is decrypted processing, obtain the step of character information.
By before deciphering, the communication text being tested label, realize that other decryption devices of avoiding having identical decryption policy parse this communication text to the recipient's of communication text authentication, improve the fail safe of information.
Optionally, decryption device obtain coded data packet by with terminal after obtain, specifically comprise:
Step B1, terminal are obtained coded data packet;
Step B2, terminal display communication text;
Concrete, terminal display communication text, for example, the communication body matter is number of the account X, and the label sign indicating number of testing of paying 50 yuan is Y, and wherein X and Y are cipher-text information.
Step B3, terminal send to decryption device with coded data packet after receiving decoding request;
Wherein, terminal can link to each other by the Peripheral Interface of terminal with decryption device, as USB interface etc., also can link to each other by wireless or wired mode, as bluetooth, NFC interface, infrared etc.
Need to prove that if decryption device is the coded data packet that just gets access to, then decryption device is tested to sign to first signed data and carried out before terminal display communication text behind terminal display communication text.
The technical scheme that the embodiment of the invention 1 provides, behind the communication text that obtains the part encryption, only partial content in the communication text is decrypted, reduced the quantity of deciphering object, reduced the processing pressure of decryption oprerations, for the limited equipment of disposal ability, especially suitable as electronic signature token etc.
Embodiment 2
The schematic flow sheet of the information processing method embodiment that Fig. 2 provides for the embodiment of the invention 2.Method embodiment shown in Figure 2 comprises:
Concrete, the communication text comprises two parts, and wherein a part is expressly, in addition a part of ciphertext, wherein this ciphertext can be to obtain after one section continuous character is encrypted in the communication text, also can be to obtain after the continuous character of multistage is encrypted in the communication text.
Wherein, described ciphertext identification information is for determining that information that ciphertext comprises is in the position of communication text, can be start position information and end position information, also can be some differences and the form of expression expressly, as the expression mode that font tilts or font increases the weight of, also can be that the mode that increases wave, two horizontal line or dotted line below ciphertext is represented.
Wherein, the encryption policy of described ciphertext can consult in advance, need not to notify.
Optionally, described control information comprises that also the indication information that is used to indicate encryption policy and/or encryption policy can be encryption policy itself, also can determine for being used for the identification information of encryption policy, as the numbering of encryption policy etc.Determine encryption policy if adopt identification information, the data volume of its information transmitted will be less than encryption policy itself, and because the content of transmission is identification information, after the lawless person gets access to this numbering, owing to can't know the encryption policy of this identification information correspondence, also can't obtain corresponding decryption policy, thereby can not crack this ciphertext, guarantee the information transmission safety.
Wherein, encryption policy can comprise cryptographic algorithm and/or encryption key, is used to refer to the information of manner of decryption.
Wherein, if ciphertext is made up of the multistage continuation character, then control information comprises a plurality of control clauses and subclauses, the corresponding one section continuation character of each control clauses and subclauses, each control strip purpose original position and end position information are in order to identify this section continuation character at original position and the end position of the text of communicating by letter, and encryption policy is in order to the encryption policy of this section of mark continuation character at the communication text.
Wherein, the encryption policy of all continuation character correspondences can be identical, also can use multiple encryption policy by the multistage continuation character, wherein, if the employed encryption policy of multistage continuation character has at least two kinds.Use identical encryption policy with respect to the former, the encryption policy difference that the latter uses reduces the possibility that cracks, the fail safe that has improved information.
For example, the communication body matter is number of the account X, and the label sign indicating number of testing of paying 50 yuan is Y, and wherein X and Y are ciphertext.The encryption policy of ciphertext X and Y can be identical, also can be different.
Concrete, terminal display communication text, for example, the communication body matter is number of the account X, and the label sign indicating number of testing of paying 50 yuan is Y, and wherein X and Y are cipher-text information.
Wherein, terminal can link to each other by the Peripheral Interface of terminal with decryption device, as USB interface etc., also can link to each other by wireless or wired mode, as bluetooth, NFC interface, infrared etc.
Optionally, coded data packet also comprises first signed data that the communication text is signed and obtained after handling;
Also comprise before the step of terminal display communication text:
Terminal sends first signed data to decryption device;
Detect decryption device utilize first signed data that the signature of communication text is tested to sign pass through after, the display communication text.
By before deciphering, the communication text being tested label, realize that other decryption devices of avoiding having identical decryption policy parse this communication text to the recipient's of communication text authentication, improve the fail safe of information.
Wherein this decryption policy can be to consult in advance with the transmit leg of the text of communicating by letter, and certainly, the encryption and decryption strategy comprises algorithm and key, wherein one of them is consulted in advance.When each communication, hold consultation carrying the part that does not consult by control information.
Concrete, described control information also comprises described at least one section encryption policy and/or the indication information of encryption policy, the indication information of wherein said encryption policy and/or encryption policy is to obtain after handling by the encrypted private key of decryption device; Described decryption device obtains the decryption policy of described ciphertext correspondence, comprising: described decryption device utilizes the private key of described decryption device to decipher described indication information, obtains encryption policy; Described decryption device obtains the decryption policy of described encryption policy correspondence, thereby guarantees the safety of encryption policy.
Wherein, described control information also comprises second signed data after the indication information signature processing of described at least one section encryption policy and/or encryption policy; Described decryption device obtains before the decryption policy of described ciphertext correspondence, also comprises: described decryption device is tested label to described second signed data; Pass through if test to sign, then obtain the decryption policy of described ciphertext correspondence.
Behind signed data, realize the further protection to encryption policy, the fail safe that further improves signed data.
Wherein, the terminal step of obtaining ciphertext comprises:
Terminal is determined the ciphertext of communication text according to the ciphertext identification information of ciphertext in the control information; Perhaps
Terminal receiving and deciphering device is according to the ciphertext of the definite communication text of the ciphertext identification information of ciphertext in the control information.
Wherein, preferred, control information also comprises time control information; This step comprises:
Step C1, the control information of decryption device acquisition time;
For example, time control information is 9:00~12:00 on March 12nd, 2013.
Step C2, decryption device read the clock information of decryption device;
For example, clock information is 10:45 on March 12nd, 2013.
Step C3, decryption device are compared clock information and time control information;
Specifically, judge this temporal information whether in the scope of this time control information record, if in this scope, then the expression comparison is passed through, and allows ciphertext is decrypted operation; Otherwise comparison is not passed through, and flow process finishes.
If step C4 comparison is passed through, then decryption device utilizes decryption policy that the ciphertext that obtains is decrypted processing, obtains character information.
As seen from the above, before being decrypted operation, utilize time control information that the deciphering time of communication text is controlled, the recipient who reaches control communication text gets access to the purpose of communication text, the effectively purpose of the reading time of control communication text in the special time scope.
Wherein, the clock information of decryption device of the present invention can adopt the mode of ciphertext to dispose, when external equipment is attempted to read the clock information of decryption device, if there is not corresponding key, then namely enable to read clock information, can not distort it easily, thereby the clock information that prevents decryption device is guaranteed the safety of communication by the leakage of information of distorting and causing.
In addition, the clock information of decryption device of the present invention can adopt the mode of ciphertext to dispose, when external equipment is attempted to read the clock information of decryption device, if there is not corresponding key, then namely enable to read clock information, can not distort it easily, thereby the clock information that prevents decryption device is guaranteed the safety of communication by the leakage of information of distorting and causing.
The technical scheme that the embodiment of the invention 2 provides behind the communication text that obtains the part encryption, only is decrypted partial content in the communication text, has reduced the quantity of deciphering object, has reduced the processing pressure of decryption oprerations.
Embodiment 3
The schematic flow sheet of the information processing method embodiment that Fig. 3 provides for the embodiment of the invention 3.Method embodiment shown in Figure 3 comprises:
Concrete, the communication text comprises two parts, and wherein a part is expressly, in addition a part of ciphertext, wherein this ciphertext can be to obtain after one section continuous character is encrypted in the communication text, also can be to obtain after the continuous character of multistage is encrypted in the communication text.
Wherein, described ciphertext identification information is for determining that information that ciphertext comprises is in the position of communication text, can be start position information and end position information, also can be some differences and the form of expression expressly, as the expression mode that font tilts or font increases the weight of, also can be that the mode that increases wave, two horizontal line or dotted line below ciphertext is represented.
Wherein, the encryption policy of described ciphertext can consult in advance, need not to notify.
Optionally, described control information comprises that also the indication information that is used to indicate encryption policy and/or encryption policy can be encryption policy itself, also can determine for being used for the identification information of encryption policy, as the numbering of encryption policy etc.Determine encryption policy if adopt identification information, the data volume of its information transmitted will be less than encryption policy itself, and because the content of transmission is identification information, after the lawless person gets access to this numbering, owing to can't know the encryption policy of this identification information correspondence, also can't obtain corresponding decryption policy, thereby can not crack this ciphertext, guarantee the information transmission safety.
Wherein, encryption policy can comprise cryptographic algorithm and/or encryption key, is used to refer to the information of manner of decryption.
Wherein, if ciphertext is made up of the multistage continuation character, then control information comprises a plurality of control clauses and subclauses, the corresponding one section continuation character of each control clauses and subclauses, each control strip purpose original position and end position information are in order to identify this section continuation character at original position and the end position of the text of communicating by letter, and encryption policy is in order to the encryption policy of this section of mark continuation character at the communication text.
Wherein, the encryption policy of all continuation character correspondences can be identical, also can use multiple encryption policy by the multistage continuation character, wherein, if the employed encryption policy of multistage continuation character has at least two kinds.Use identical encryption policy with respect to the former, the encryption policy difference that the latter uses reduces the possibility that cracks, the fail safe that has improved information.
For example, the communication body matter is number of the account X, and the label sign indicating number of testing of paying 50 yuan is Y, and wherein X and Y are ciphertext.The encryption policy of ciphertext X and Y can be identical, also can be different.
Concrete, terminal display communication text, for example, the communication body matter is number of the account X, and the label sign indicating number of testing of paying 50 yuan is Y, and wherein X and Y are cipher-text information.
For example, the communication body matter is number of the account X, and the label sign indicating number of testing of paying 50 yuan is Y, and wherein X and Y are ciphertext.According to the start position information in the control information and end position information, the content of determining ciphertext is X and Y.
Optionally, coded data packet also comprises first signed data that the communication text is signed and obtained after handling;
Also comprise before the step of terminal display communication text:
Terminal sends first signed data to decryption device;
Detect decryption device utilize first signed data that the signature of communication text is tested to sign pass through after, the display communication text.
By before deciphering, the communication text being tested label, realize that other decryption devices of avoiding having identical decryption policy parse this communication text to the recipient's of communication text authentication, improve the fail safe of information.
Wherein, terminal can link to each other by the Peripheral Interface of terminal with decryption device, as USB interface etc., also can link to each other by wireless or wired mode, as bluetooth, NFC interface, infrared etc.
Wherein this decryption policy can be to consult in advance with the transmit leg of the text of communicating by letter, and certainly, the encryption and decryption strategy comprises algorithm and key, wherein one of them is consulted in advance.When each communication, hold consultation carrying the part that does not consult by control information.
Concrete, described control information also comprises described at least one section encryption policy and/or the indication information of encryption policy, the indication information of wherein said encryption policy and/or encryption policy is to obtain after handling by the encrypted private key of decryption device; Described decryption device obtains the decryption policy of described ciphertext correspondence, comprising: described decryption device utilizes the private key of described decryption device to decipher described indication information, obtains encryption policy; Described decryption device obtains the decryption policy of described encryption policy correspondence, thereby guarantees the safety of encryption policy.
Wherein, described control information also comprises second signed data after the indication information signature processing of described at least one section encryption policy and/or encryption policy; Described decryption device obtains before the decryption policy of described ciphertext correspondence, also comprises: described decryption device is tested label to described second signed data; Pass through if test to sign, then obtain the decryption policy of described ciphertext correspondence.
Behind signed data, realize the further protection to encryption policy, the fail safe that further improves signed data.
Step 306, decryption device utilize decryption policy that ciphertext is decrypted processing, obtain character information;
Wherein, preferred, control information also comprises time control information; This step comprises:
Step C1, the control information of decryption device acquisition time;
For example, time control information is 9:00~13:00 on March 13rd, 3013.
Step C3, decryption device read the clock information of decryption device;
For example, clock information is 10:45 on March 13rd, 3013.
Step C3, decryption device are compared clock information and time control information;
Specifically, judge this temporal information whether in the scope of this time control information record, if in this scope, then the expression comparison is passed through, and allows ciphertext is decrypted operation; Otherwise comparison is not passed through, and flow process finishes.
If step C4 comparison is passed through, then decryption device utilizes decryption policy that the ciphertext that obtains is decrypted processing, obtains character information.
As seen from the above, before being decrypted operation, utilize time control information that the deciphering time of communication text is controlled, the recipient who reaches control communication text gets access to the purpose of communication text, the effectively purpose of the reading time of control communication text in the special time scope.
Wherein, the clock information of decryption device of the present invention can adopt the mode of ciphertext to dispose, when external equipment is attempted to read the clock information of decryption device, if there is not corresponding key, then namely enable to read clock information, can not distort it easily, thereby the clock information that prevents decryption device is guaranteed the safety of communication by the leakage of information of distorting and causing.
Step 309, decryption device trigger the operation of output character information.
Wherein, described decryption device is exported described character information; Perhaps described decryption device is sent to terminal with described character information, and described terminal shows described character information.
In addition, the clock information of decryption device of the present invention can adopt the mode of ciphertext to dispose, when external equipment is attempted to read the clock information of decryption device, if there is not corresponding key, then namely enable to read clock information, can not distort it easily, thereby the clock information that prevents decryption device is guaranteed the safety of communication by the leakage of information of distorting and causing.
The technical scheme that the embodiment of the invention 3 provides behind the communication text that obtains the part encryption, only is decrypted partial content in the communication text, has reduced the quantity of deciphering object, has reduced the processing pressure of decryption oprerations.
Embodiment 4
The schematic flow sheet of the information processing method embodiment that Fig. 4 provides for the embodiment of the invention 4.Method embodiment shown in Figure 4 comprises:
For example, the communication text be " number of the account 124456789, pay 50 yuan to test label yard be 000.", the request of wherein encrypting is for to be encrypted " 124456789 " and " 000 ".
To communicate by letter text and the request of encrypting of step 402, terminal sends to encryption device;
Wherein, terminal can link to each other by the Peripheral Interface of terminal with encryption device, as USB interface etc., also can link to each other by wireless or wired mode, as bluetooth, NFC interface, infrared etc.
In this example, the character information that obtains is " 124456789 " and " 000 ", and above-mentioned character information is in start position information and the end position information of communication text.
In this example, character information is two sections, is respectively " 124456789 " and " 000 ", and wherein the mode of Jia Miing can be identical, also can be different.In a communication text, adopt a plurality of encryption policys, possibility that can reduction information be cracked, the fail safe of raising information.
Need to prove, if character information is at least two sections, then control information comprises a plurality of control clauses and subclauses, the corresponding one section continuation character of each control clauses and subclauses, each control strip purpose original position and end position information are in order to identify this section continuation character at original position and the end position of the text of communicating by letter, the indication information that is used to indicate encryption policy and/or encryption policy can be encryption policy itself, also can determine for being used for the identification information of encryption policy, as the numbering of encryption policy etc.Determine encryption policy if adopt identification information, the data volume of its information transmitted will be less than encryption policy itself, and because the content of transmission is identification information, after the lawless person gets access to this numbering, owing to can't know the encryption policy of this identification information correspondence, also can't obtain corresponding decryption policy, thereby can not crack this ciphertext, guarantee the information transmission safety.
Wherein, encryption policy can comprise cryptographic algorithm and/or encryption key, is used to refer to the information of manner of decryption.
Optionally, control information also comprises time control information, in order to judge whether permission according to time control information ciphertext is decrypted operation.
Wherein optional, described control information also comprises described at least one section encryption policy and/or the indication information of encryption policy, and the indication information of wherein said encryption policy and/or encryption policy is to obtain after handling by the encrypted private key of decryption device;
Wherein, described control information also comprises second signed data after the indication information signature processing of described at least one section encryption policy and/or encryption policy;
Described decryption device obtains before the decryption policy of described ciphertext correspondence, also comprises:
Described decryption device is tested label to described second signed data;
Pass through if test to sign, then obtain the decryption policy of described ciphertext correspondence.
The technical scheme that the embodiment of the invention 4 provides, by obtaining choosing information to be encrypted in the communication text, only realize the encryption to safe information, realization is encrypted the part of communication text, thereby reduced the quantity of cryptographic object, reduced the processing pressure of cryptographic operation, for the limited equipment of disposal ability, especially suitable as electronic signature token etc.
Fig. 5 is the structural representation of a kind of decryption device embodiment provided by the invention.Device embodiment shown in Figure 5 comprises:
Deciphering module 504 links to each other with second acquisition module 503 with determination module 502, is used for utilizing decryption policy that the ciphertext that obtains is decrypted processing, obtains character information;
Wherein, trigger module 505 comprises:
Output unit is used for output character information; Perhaps
Transmitting element is used for character information and is sent to terminal, shows character information by terminal.
Wherein, control information also comprises time control information;
Deciphering module 505 comprises:
Acquiring unit is used for the acquisition time control information;
Reading unit is for the clock information that reads decryption device;
Comparing unit links to each other with reading unit with acquiring unit, is used for clock information and time control information are compared;
Decrypting device links to each other with comparing unit, is used for utilizing decryption policy that the ciphertext that obtains is decrypted processing when comparison is passed through, and obtains character information.
Wherein, coded data packet also comprises first signed data that the communication text is signed and obtained after handling;
Decryption device also comprises:
First tests the label module, links to each other with deciphering module, is used for first signed data is tested label, and passes through testing to sign, and triggers deciphering module and is decrypted processing.
Wherein, described control information also comprises described at least one section encryption policy and/or the indication information of encryption policy, and the indication information of wherein said encryption policy and/or encryption policy is to obtain after handling by the encrypted private key of decryption device;
Second acquisition module is used for utilizing the private key of described decryption device to decipher described indication information, obtains encryption policy, obtains the decryption policy of described encryption policy correspondence again.
Wherein, described control information also comprises second signed data after the indication information signature processing of described at least one section encryption policy and/or encryption policy;
Described decryption device also comprises:
Second authentication module is used for described second signed data is tested label, and passes through testing to sign, and triggers the operation of the decryption policy of obtaining described ciphertext correspondence.
Device technique scheme provided by the invention behind the communication text that obtains the part encryption, only is decrypted partial content in the communication text, reduced the quantity of deciphering object, reduced the processing pressure of decryption oprerations, for the limited equipment of disposal ability, especially suitable as electronic signature token etc.
Fig. 6 is the structural representation of a kind of information processing system embodiment provided by the invention.System shown in Figure 5 embodiment comprises terminal and decryption device, wherein:
Display module 602 in the terminal links to each other with first acquisition module 601, is used for the display communication text;
Second acquisition module 604 in the decryption device links to each other with enquiry module 603, is used for obtaining the decryption policy of ciphertext correspondence;
Sending module 605 in the decryption device links to each other with second acquisition module 604, is used for decryption policy is sent to terminal;
Receiver module 606 in the terminal links to each other with sending module 606, is used for the receiving and deciphering strategy;
The 3rd acquisition module 607 in the terminal is used for obtaining ciphertext;
Deciphering module 608 in the terminal links to each other with the 3rd acquisition module 607 with receiver module 606, is used for utilizing decryption policy that ciphertext is decrypted processing, obtains character information;
Output module 609 in the terminal links to each other with deciphering module 608, is used for output character information.
Wherein, the 3rd acquisition module 607 comprises:
Determining unit is used for start position information and end position information according to the control information ciphertext, determines the ciphertext of communication text; Perhaps
Receiving element is used for the ciphertext of the text of communicating by letter that the receiving and deciphering device determines according to the start position information of control information ciphertext and end position information.
Wherein, control information also comprises time control information;
Deciphering module 608 comprises:
Acquiring unit is used for the acquisition time control information;
Reading unit is for the clock information that reads decryption device;
Comparing unit links to each other with reading unit with acquiring unit, is used for clock information and time control information are compared;
Decrypting device links to each other with comparing unit, is used for utilizing decryption policy that the ciphertext that obtains is decrypted processing when comparison is passed through, and obtains character information.
Wherein, coded data packet also comprises first signed data that the communication text is signed and obtained after handling;
Display module 602 comprises:
Transmitting element is used for sending first signed data to decryption device;
Display unit, be used for detect decryption device utilize first signed data that the signature of communication text is tested to sign pass through after, the display communication text;
Decryption device also comprises:
First tests the label module, links to each other with transmitting element, is used for utilizing first signed data that the signature of communication text is tested label, obtains testing the label result;
The 3rd transmitting element is tested and is signed module and link to each other with display unit with first, is used for transmission and tests the label result.
Wherein, described control information also comprises described at least one section encryption policy and/or the indication information of encryption policy, and the indication information of wherein said encryption policy and/or encryption policy is to obtain after handling by the encrypted private key of decryption device;
Second acquisition module is used for utilizing the private key of described decryption device to decipher described indication information, obtains encryption policy, obtains the decryption policy of described encryption policy correspondence again.
Wherein, described control information also comprises second signed data after the indication information signature processing of described at least one section encryption policy and/or encryption policy;
Described decryption device also comprises:
Second authentication module is used for described second signed data is tested label, and passes through testing to sign, and triggers the operation of the decryption policy of obtaining described ciphertext correspondence.
Information processing system provided by the invention behind the communication text that obtains the part encryption, only is decrypted partial content in the communication text, has reduced the quantity of deciphering object, has reduced the processing pressure of decryption oprerations.
Fig. 7 is the structural representation of information processing system embodiment provided by the invention.System shown in Figure 7 embodiment comprises terminal and decryption device, wherein:
First acquisition module 701 in the described terminal, be used for obtaining coded data packet, described coded data packet comprises the control information of communication text and the described text of communicating by letter, wherein said communication text comprises expressly and at least one section ciphertext that wherein said control information comprises the ciphertext identification information of described ciphertext;
Display module 702 in the described terminal links to each other with described first acquisition module 701, is used for showing described communication text;
Really cover half piece 703 in the described terminal links to each other with described display module 702, is used for determining the ciphertext of described communication text according to the ciphertext identification information of ciphertext described in the described control information after receiving decoding request;
Sending module 704 in the described terminal links to each other with described first acquisition module 701 with described determination module 703, is used for the ciphertext of described communication text is sent to described decryption device;
Second acquisition module 705 in the described decryption device links to each other with described sending module 704, is used for obtaining the decryption policy of described ciphertext correspondence;
Deciphering module 706 in the described decryption device links to each other with described second acquisition module 705 with described sending module 704, is used for utilizing described decryption policy that the described ciphertext that obtains is decrypted processing, obtains character information;
Wherein, described trigger module 707 comprises:
Output unit is used for the described character information of output; Perhaps
Transmitting element is used for described character information and is sent to terminal, shows described character information by described terminal.
Wherein, described control information also comprises time control information;
Described deciphering module 706 comprises:
Acquiring unit is used for obtaining described time control information;
Reading unit is for the clock information that reads described decryption device;
Comparing unit links to each other with described reading unit with described acquiring unit, is used for described clock information and described time control information are compared;
Decrypting device links to each other with described comparing unit, is used for utilizing described decryption policy that the described ciphertext that obtains is decrypted processing when comparison is passed through, and obtains character information.
Wherein, described coded data packet also comprises first signed data that the communication text is signed and obtained after handling;
Described decryption device also comprises:
First tests the label module, links to each other with described deciphering module, is used for described first signed data is tested label, and passes through testing to sign, and triggers deciphering module and is decrypted processing.
Wherein, described control information also comprises described at least one section encryption policy and/or the indication information of encryption policy, and the indication information of wherein said encryption policy and/or encryption policy is to obtain after handling by the encrypted private key of decryption device;
Second acquisition module is used for utilizing the private key of described decryption device to decipher described indication information, obtains encryption policy, obtains the decryption policy of described encryption policy correspondence again.
Wherein, described control information also comprises second signed data after the indication information signature processing of described at least one section encryption policy and/or encryption policy;
Described decryption device also comprises:
Second authentication module is used for described second signed data is tested label, and passes through testing to sign, and triggers the operation of the decryption policy of obtaining described ciphertext correspondence.
Information processing system provided by the invention behind the communication text that obtains the part encryption, only is decrypted partial content in the communication text, has reduced the quantity of deciphering object, has reduced the processing pressure of decryption oprerations.
Fig. 8 is the structural representation of a kind of encryption device embodiment provided by the invention.Embodiment illustrated in fig. 8 comprising:
Encrypting module 803 links to each other with acquisition module 801, is used for according to the encryption policy that sets in advance character information to be encrypted being encrypted processing, at least one section ciphertext of the text that obtains communicating by letter;
Wherein, control information also comprises time control information.
Wherein, encryption device also comprises:
Signature blocks is used for communication message is signed;
Second generation module links to each other with output module with signature blocks, for processing that described communication message is signed, obtains first signed data;
Wherein, the coded data packet of output module output also comprises first signed data.
The encryption device of the embodiment of the invention, by obtaining choosing information to be encrypted in the communication text, only realize the encryption to safe information, realization is encrypted the part of communication text, thereby reduced the quantity of cryptographic object, reduced the processing pressure of cryptographic operation, for the limited equipment of disposal ability, especially suitable as electronic signature token etc.
Describe and to be understood that in the flow chart or in this any process of otherwise describing or method, expression comprises module, fragment or the part of code of the executable instruction of the step that one or more is used to realize specific logical function or process, and the scope of preferred implementation of the present invention comprises other realization, wherein can be not according to order shown or that discuss, comprise according to related function by the mode of basic while or by opposite order, carry out function, this should be understood by the embodiments of the invention person of ordinary skill in the field.
Should be appreciated that each several part of the present invention can realize with hardware, software, firmware or their combination.In the above-described embodiment, a plurality of steps or method can realize with being stored in the memory and by software or firmware that suitable instruction execution system is carried out.For example, if realize with hardware, the same in another embodiment, in the available following technology well known in the art each or their combination realize: have for the discrete logic of data-signal being realized the logic gates of logic function, application-specific integrated circuit (ASIC) with suitable combinational logic gate circuit, programmable gate array (PGA), field programmable gate array (FPGA) etc.
Those skilled in the art are appreciated that and realize that all or part of step that above-described embodiment method is carried is to instruct relevant hardware to finish by program, program can be stored in a kind of computer-readable recording medium, this program comprises one of step or its combination of method embodiment when carrying out.
In addition, each functional unit in each embodiment of the present invention can be integrated in the processing module, also can be that the independent physics in each unit exists, and also can be integrated in the module two or more unit.Above-mentioned integrated module both can adopt the form of hardware to realize, also can adopt the form of software function module to realize.If integrated module realizes with the form of software function module and during as independently production marketing or use, also can be stored in the computer read/write memory medium.
The above-mentioned storage medium of mentioning can be read-only memory, disk or CD etc.
In the description of this specification, concrete feature, structure, material or characteristics that the description of reference term " embodiment ", " some embodiment ", " example ", " concrete example " or " some examples " etc. means in conjunction with this embodiment or example description are contained at least one embodiment of the present invention or the example.In this manual, the schematic statement to above-mentioned term not necessarily refers to identical embodiment or example.And concrete feature, structure, material or the characteristics of description can be with the suitable manner combination in any one or more embodiment or example.
Although illustrated and described embodiments of the invention above, be understandable that, above-described embodiment is exemplary, can not be interpreted as limitation of the present invention, those of ordinary skill in the art can change above-described embodiment under the situation that does not break away from principle of the present invention and aim within the scope of the invention, modification, replacement and modification.Scope of the present invention is by claims and be equal to and limit.
Claims (24)
1. an information processing method is characterized in that, comprising:
Decryption device obtains coded data packet, and described coded data packet comprises the control information of communication text and the described text of communicating by letter, and wherein said communication text comprises expressly and at least one section ciphertext that wherein said control information comprises the ciphertext identification information of described ciphertext;
Described decryption device is determined the ciphertext of described communication text according to the ciphertext identification information of ciphertext described in the described control information;
Described decryption device obtains the decryption policy of described ciphertext correspondence;
Described decryption device utilizes described decryption policy that the described ciphertext that obtains is decrypted processing, obtains character information;
Described decryption device triggers the operation of the described character information of output.
2. an information processing method is characterized in that, comprising:
Terminal is obtained coded data packet, and described coded data packet comprises the control information of communication text and the described text of communicating by letter, and wherein said communication text comprises expressly and at least one section ciphertext that wherein said control information comprises the ciphertext identification information of described ciphertext;
Described terminal shows described communication text;
Described terminal is inquired about the decryption policy of described ciphertext correspondence to described decryption device after receiving decoding request;
Described decryption device obtains the decryption policy of described ciphertext correspondence;
Described decryption device is sent to described terminal with described decryption policy;
Described terminal receives described decryption policy;
Described terminal is obtained described ciphertext;
Described terminal utilizes described decryption policy that described ciphertext is decrypted processing, obtains character information;
Described terminal is exported described character information.
3. an information processing method is characterized in that, comprising:
Terminal is obtained coded data packet, and described coded data packet comprises the control information of communication text and the described text of communicating by letter, and wherein said communication text comprises expressly and at least one section ciphertext that wherein said control information comprises the ciphertext sign of described ciphertext;
Described terminal shows described communication text;
Described terminal is determined the ciphertext of described communication text according to the ciphertext sign of ciphertext described in the described control information after receiving decoding request;
Described terminal sends to described decryption device with the ciphertext of described communication text;
Described decryption device obtains the decryption policy of described ciphertext correspondence;
Described decryption device utilizes described decryption policy that the described ciphertext that obtains is decrypted processing, obtains character information;
Described decryption device triggers the operation of the described character information of output.
4. according to each described method of claim 1 to 3, it is characterized in that,
Described control information also comprises time control information;
Described decryption device utilizes described decryption policy that the described ciphertext that obtains is decrypted processing, obtains the step of character information, comprising:
Described decryption device obtains described time control information;
Described decryption device reads the clock information of described decryption device;
Described decryption device is compared described clock information and described time control information;
If comparison is passed through, then described decryption device utilizes described decryption policy that the described ciphertext that obtains is decrypted processing, obtains character information.
5. according to each described method of claim 1 to 4, it is characterized in that,
Described coded data packet also comprises first signed data that the communication text is signed and obtained after handling;
Described decryption device utilizes described decryption policy that the described ciphertext that obtains is decrypted processing, and the step that obtains character information also comprises before:
Decryption device is tested label to described first signed data;
Pass through if test to sign, then trigger and utilize described decryption policy that the described ciphertext that obtains is decrypted processing, obtain the step of character information.
6. as each described information processing method of claim 1 to 5, it is characterized in that,
Described control information also comprises described at least one section encryption policy and/or the indication information of encryption policy, and the indication information of wherein said encryption policy and/or encryption policy is to obtain after handling by the encrypted private key of decryption device;
Described decryption device obtains the decryption policy of described ciphertext correspondence, comprising:
Described decryption device utilizes the private key of described decryption device to decipher described indication information, obtains encryption policy;
Described decryption device obtains the decryption policy of described encryption policy correspondence.
7. method according to claim 6 is characterized in that,
Described control information also comprises second signed data after the indication information signature processing of described at least one section encryption policy and/or encryption policy;
Described decryption device obtains before the decryption policy of described ciphertext correspondence, also comprises:
Described decryption device is tested label to described second signed data;
Pass through if test to sign, then obtain the decryption policy of described ciphertext correspondence.
8. an information processing method is characterized in that, comprising:
Encryption device obtaining communication text and the encryption request that part in the described communication text is encrypted;
Described encryption device is determined the ciphertext identification information of character information to be encrypted and described character information to be encrypted according to described encryption request, and according to the encryption policy that sets in advance, described character information to be encrypted is encrypted processing, obtains at least one section ciphertext of described communication text;
Described encryption device generates the control information of described ciphertext according to described ciphertext identification information;
Described encryption device is exported at least one section described ciphertext and described control information at least.
9. method according to claim 8 is characterized in that,
Described control information also comprises time control information.
10. method according to claim 9 is characterized in that, before the step of described encryption device outputting encoded data bag, also comprises:
Described encryption device is signed to described communication text, and generates first signed data that is used for testing the described communication text of label;
Wherein, the coded data packet of described encryption device output also comprises described first signed data.
11. a decryption device is characterized in that, comprising:
First acquisition module, be used for obtaining coded data packet, described coded data packet comprises the control information of communication text and the described text of communicating by letter, and wherein said communication text comprises expressly and at least one section ciphertext that wherein said control information comprises the ciphertext identification information of described ciphertext;
Determination module links to each other with described first acquisition module, is used for the ciphertext identification information according to ciphertext described in the described control information, determines the ciphertext of described communication text;
Second acquisition module links to each other with described first acquisition module, is used for obtaining the decryption policy of described ciphertext correspondence;
Deciphering module links to each other with second acquisition module with described determination module, is used for utilizing described decryption policy that the described ciphertext that obtains is decrypted processing, obtains character information;
Trigger module links to each other with described deciphering module, is used for triggering the operation of the described character information of output.
12. device according to claim 11 is characterized in that
Described control information also comprises time control information;
Described deciphering module comprises:
Acquiring unit is used for obtaining described time control information;
Reading unit is for the clock information that reads described decryption device;
Comparing unit links to each other with described reading unit with described acquiring unit, is used for described clock information and described time control information are compared;
Decrypting device links to each other with described comparing unit, is used for utilizing described decryption policy that the described ciphertext that obtains is decrypted processing when comparison is passed through, and obtains character information.
13. according to claim 11 or 12 described devices, it is characterized in that,
Described coded data packet also comprises first signed data that the communication text is signed and obtained after handling;
Described decryption device also comprises:
First tests the label module, links to each other with described deciphering module, is used for described first signed data is tested label, and passes through testing to sign, and triggers deciphering module and is decrypted processing.
14. as each described device of claim 11 to 13, it is characterized in that,
Described control information also comprises described at least one section encryption policy and/or the indication information of encryption policy, and the indication information of wherein said encryption policy and/or encryption policy is to obtain after handling by the encrypted private key of decryption device;
Second acquisition module is used for utilizing the private key of described decryption device to decipher described indication information, obtains encryption policy, obtains the decryption policy of described encryption policy correspondence again.
15. according to the arbitrary described device of claim 11 to 14, it is characterized in that,
Described control information also comprises second signed data after the indication information signature processing of described at least one section encryption policy and/or encryption policy;
Described decryption device also comprises:
Second authentication module is used for described second signed data is tested label, and passes through testing to sign, and triggers the operation of the decryption policy of obtaining described ciphertext correspondence.
16. an information processing system is characterized in that, comprises terminal and decryption device, wherein:
First acquisition module in the described terminal, be used for obtaining coded data packet, described coded data packet comprises the control information of communication text and the described text of communicating by letter, and wherein said communication text comprises expressly and at least one section ciphertext that wherein said control information comprises the ciphertext identification information of described ciphertext;
Display module in the described terminal links to each other with described first acquisition module, is used for showing described communication text;
Enquiry module in the described terminal links to each other with described display module, is used for inquiring about the decryption policy of described ciphertext correspondence to described decryption device after receiving decoding request;
Second acquisition module in the described decryption device links to each other with described enquiry module, is used for obtaining the decryption policy of described ciphertext correspondence;
Sending module in the described decryption device links to each other with described second acquisition module, is used for described decryption policy is sent to described terminal;
Receiver module in the described terminal links to each other with described sending module, is used for receiving described decryption policy;
The 3rd acquisition module in the described terminal is used for obtaining described ciphertext;
Deciphering module in the described terminal links to each other with the 3rd acquisition module with described receiver module, is used for utilizing described decryption policy that described ciphertext is decrypted processing, obtains character information;
Output module in the described terminal links to each other with described deciphering module, is used for the described character information of output.
17. an information processing system is characterized in that, comprises terminal and decryption device, wherein:
First acquisition module in the described terminal, be used for obtaining coded data packet, described coded data packet comprises the control information of communication text and the described text of communicating by letter, and wherein said communication text comprises expressly and at least one section ciphertext that wherein said control information comprises the ciphertext identification information of described ciphertext;
Display module in the described terminal links to each other with described first acquisition module, is used for showing described communication text;
Really cover half piece in the described terminal links to each other with described display module, is used for determining the ciphertext of described communication text according to the ciphertext identification information of ciphertext described in the described control information after receiving decoding request;
Sending module in the described terminal links to each other with described first acquisition module with described determination module, is used for the ciphertext of described communication text is sent to described decryption device;
Second acquisition module in the described decryption device links to each other with described sending module, is used for obtaining the decryption policy of described ciphertext correspondence;
Deciphering module in the described decryption device links to each other with described second acquisition module with described sending module, is used for utilizing described decryption policy that the described ciphertext that obtains is decrypted processing, obtains character information.
18. according to claim 16 or 17 described systems, it is characterized in that
Described control information also comprises time control information;
Described deciphering module comprises:
Acquiring unit is used for obtaining described time control information;
Reading unit is for the clock information that reads described decryption device;
Comparing unit links to each other with described reading unit with described acquiring unit, is used for described clock information and described time control information are compared;
Decrypting device links to each other with described comparing unit, is used for utilizing described decryption policy that the described ciphertext that obtains is decrypted processing when comparison is passed through, and obtains character information.
19. according to each described system of claim 16 to 18, it is characterized in that,
Described coded data packet also comprises first signed data that the communication text is signed and obtained after handling;
Described decryption device also comprises:
First tests the label module, links to each other with described deciphering module, is used for described first signed data is tested label, and passes through testing to sign, and triggers deciphering module and is decrypted processing.
20. as each described system of claim 16 to 19, it is characterized in that,
Described control information also comprises described at least one section encryption policy and/or the indication information of encryption policy, and the indication information of wherein said encryption policy and/or encryption policy is to obtain after handling by the encrypted private key of decryption device;
Second acquisition module is used for utilizing the private key of described decryption device to decipher described indication information, obtains encryption policy, obtains the decryption policy of described encryption policy correspondence again.
21. according to the arbitrary described system of claim 16 to 20, it is characterized in that,
Described control information also comprises second signed data after the indication information signature processing of described at least one section encryption policy and/or encryption policy;
Described decryption device also comprises:
Second authentication module is used for described second signed data is tested label, and passes through testing to sign, and triggers the operation of the decryption policy of obtaining described ciphertext correspondence.
22. an encryption device is characterized in that, comprising:
Acquisition module, the encryption request that is used for the obtaining communication text and described communication text part is encrypted;
Determination module links to each other with described acquisition module, is used for determining according to described encryption request the ciphertext identification information of character information to be encrypted and described character information to be encrypted;
Encrypting module links to each other with described acquisition module, is used for according to the encryption policy that sets in advance described character information to be encrypted being encrypted processing, obtains at least one section ciphertext of described communication text;
First generation module links to each other with described encrypting module with described determination module, is used for generating according to described ciphertext identification information the control information of described ciphertext;
Output module links to each other with described first generation module with described encrypting module, is used for exporting at least at least one section described ciphertext and described control information.
23. device according to claim 22 is characterized in that,
Described control information also comprises time control information.
24. according to claim 22 or 23 described devices, it is characterized in that described encryption device also comprises:
Signature blocks is used for described communication message is signed;
Second generation module links to each other with described output module with described signature blocks, for processing that described communication message is signed, obtains first signed data;
Wherein, the coded data packet of described output module output also comprises described first signed data.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310150540.3A CN103281299B (en) | 2013-04-26 | 2013-04-26 | A kind of ciphering and deciphering device and information processing method and system |
| PCT/CN2014/075933 WO2014173288A1 (en) | 2013-04-26 | 2014-04-22 | Encryption/decryption device and information processing method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310150540.3A CN103281299B (en) | 2013-04-26 | 2013-04-26 | A kind of ciphering and deciphering device and information processing method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103281299A true CN103281299A (en) | 2013-09-04 |
| CN103281299B CN103281299B (en) | 2016-12-28 |
Family
ID=49063746
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310150540.3A Active CN103281299B (en) | 2013-04-26 | 2013-04-26 | A kind of ciphering and deciphering device and information processing method and system |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN103281299B (en) |
| WO (1) | WO2014173288A1 (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2014173288A1 (en) * | 2013-04-26 | 2014-10-30 | 天地融科技股份有限公司 | Encryption/decryption device and information processing method and system |
| CN106161762A (en) * | 2015-04-24 | 2016-11-23 | 神讯电脑(昆山)有限公司 | The decryption method of video data |
| CN107248951A (en) * | 2017-08-10 | 2017-10-13 | 北京明朝万达科技股份有限公司 | A kind of post-processing system, method and device |
| CN108055127A (en) * | 2017-12-14 | 2018-05-18 | 吉旗(成都)科技有限公司 | It calculates and supports heat update Encryption Algorithm and key data encryption method with data separating |
| CN110601814A (en) * | 2019-09-24 | 2019-12-20 | 深圳前海微众银行股份有限公司 | Federal learning data encryption method, device, equipment and readable storage medium |
| CN111212068A (en) * | 2019-12-31 | 2020-05-29 | 熵加网络科技(北京)有限公司 | Method for encrypting and decrypting characters by input method |
| CN112153078A (en) * | 2020-10-26 | 2020-12-29 | 广州欧赛斯信息科技有限公司 | Encryption method and system based on time release |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108028748A (en) * | 2016-02-27 | 2018-05-11 | 华为技术有限公司 | For handling the method, equipment and system of VXLAN messages |
| CN112888024B (en) * | 2019-11-29 | 2023-03-21 | 腾讯科技(深圳)有限公司 | Data processing method, data processing device, storage medium and electronic equipment |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1604640A (en) * | 2004-10-28 | 2005-04-06 | 武汉大学 | A video information encrypting-decrypting method |
| CN101997880A (en) * | 2010-12-01 | 2011-03-30 | 湖南智源信息网络技术开发有限公司 | Method and device for verifying security of network page or interface |
| CN102254127A (en) * | 2011-08-11 | 2011-11-23 | 华为技术有限公司 | Method, device and system for encrypting and decrypting files |
| CN102739406A (en) * | 2012-07-17 | 2012-10-17 | 飞天诚信科技股份有限公司 | Method for securely transmitting equipment information |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| GB0325527D0 (en) * | 2003-11-01 | 2003-12-03 | Hewlett Packard Development Co | Identifier-based signcryption |
| US7634085B1 (en) * | 2005-03-25 | 2009-12-15 | Voltage Security, Inc. | Identity-based-encryption system with partial attribute matching |
| CN103281299B (en) * | 2013-04-26 | 2016-12-28 | 天地融科技股份有限公司 | A kind of ciphering and deciphering device and information processing method and system |
-
2013
- 2013-04-26 CN CN201310150540.3A patent/CN103281299B/en active Active
-
2014
- 2014-04-22 WO PCT/CN2014/075933 patent/WO2014173288A1/en active Application Filing
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1604640A (en) * | 2004-10-28 | 2005-04-06 | 武汉大学 | A video information encrypting-decrypting method |
| CN101997880A (en) * | 2010-12-01 | 2011-03-30 | 湖南智源信息网络技术开发有限公司 | Method and device for verifying security of network page or interface |
| CN102254127A (en) * | 2011-08-11 | 2011-11-23 | 华为技术有限公司 | Method, device and system for encrypting and decrypting files |
| CN102739406A (en) * | 2012-07-17 | 2012-10-17 | 飞天诚信科技股份有限公司 | Method for securely transmitting equipment information |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2014173288A1 (en) * | 2013-04-26 | 2014-10-30 | 天地融科技股份有限公司 | Encryption/decryption device and information processing method and system |
| CN106161762A (en) * | 2015-04-24 | 2016-11-23 | 神讯电脑(昆山)有限公司 | The decryption method of video data |
| CN107248951A (en) * | 2017-08-10 | 2017-10-13 | 北京明朝万达科技股份有限公司 | A kind of post-processing system, method and device |
| CN107248951B (en) * | 2017-08-10 | 2018-12-04 | 北京明朝万达科技股份有限公司 | A kind of post-processing system, method and device |
| CN108055127A (en) * | 2017-12-14 | 2018-05-18 | 吉旗(成都)科技有限公司 | It calculates and supports heat update Encryption Algorithm and key data encryption method with data separating |
| CN110601814A (en) * | 2019-09-24 | 2019-12-20 | 深圳前海微众银行股份有限公司 | Federal learning data encryption method, device, equipment and readable storage medium |
| CN110601814B (en) * | 2019-09-24 | 2021-08-27 | 深圳前海微众银行股份有限公司 | Federal learning data encryption method, device, equipment and readable storage medium |
| CN111212068A (en) * | 2019-12-31 | 2020-05-29 | 熵加网络科技(北京)有限公司 | Method for encrypting and decrypting characters by input method |
| CN112153078A (en) * | 2020-10-26 | 2020-12-29 | 广州欧赛斯信息科技有限公司 | Encryption method and system based on time release |
| CN112153078B (en) * | 2020-10-26 | 2021-07-27 | 广州欧赛斯信息科技有限公司 | Encryption method and system based on time release |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2014173288A1 (en) | 2014-10-30 |
| CN103281299B (en) | 2016-12-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103281299A (en) | Encryption and decryption devices and information processing method and system | |
| CN110460439A (en) | Information transferring method, device, client, server-side and storage medium | |
| CN101720071B (en) | Short message two-stage encryption transmission and secure storage method based on safety SIM card | |
| CN103546289B (en) | USB (universal serial bus) Key based secure data transmission method and system | |
| CN103220280A (en) | Dynamic password token and data transmission method and system for dynamic password token | |
| CN105245505A (en) | Data transmitting method and device, data receiving method and device, and receiving-transmitting system | |
| CN104618115A (en) | Identity card information obtaining method and system | |
| CN104243451A (en) | Information interaction method and system and smart key equipment | |
| CA2441392A1 (en) | Encrypting apparatus | |
| CN101325485A (en) | A method for processing information in an electronic device, a system, an electronic device and a processing block | |
| CN109343515A (en) | Car fault diagnosis method, system, equipment and computer readable storage medium | |
| CN104941302A (en) | Water purification device, filter core as well as anti-counterfeit device and method of filter core | |
| CN103281183B (en) | Conversion equipment and display system | |
| CN103269271A (en) | Method and system for back-upping private key in electronic signature token | |
| CN103326862A (en) | Electronically signing method and system | |
| CN103248491A (en) | Method and system for backing up electronic signed token private key | |
| CN105357007A (en) | Encryption communication method and communication terminal | |
| CN109635610A (en) | The read-write system and method for RFID tag data | |
| CN103914662A (en) | Access control method and device of file encrypting system on the basis of partitions | |
| CN102970676A (en) | Method for processing original data, internet of thing system and terminal | |
| CN105376059A (en) | Method and system for performing application signature based on electronic key | |
| CN104639542A (en) | Method and system for obtaining identity card information | |
| Kilcoyne et al. | Tire pressure monitoring system encryption to improve vehicular security | |
| CN101841785B (en) | Method for sending encrypted message by cellphone and system thereof | |
| CN102082669A (en) | Security certification method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |