CN103457735A - Method capable of preventing information of shelter hospital individual solider handheld intelligent terminal from being leaked - Google Patents
Method capable of preventing information of shelter hospital individual solider handheld intelligent terminal from being leaked Download PDFInfo
- Publication number
- CN103457735A CN103457735A CN2013103725287A CN201310372528A CN103457735A CN 103457735 A CN103457735 A CN 103457735A CN 2013103725287 A CN2013103725287 A CN 2013103725287A CN 201310372528 A CN201310372528 A CN 201310372528A CN 103457735 A CN103457735 A CN 103457735A
- Authority
- CN
- China
- Prior art keywords
- data
- intelligent terminal
- hand
- individual soldier
- held intelligent
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Storage Device Security (AREA)
Abstract
The invention provides a method capable of preventing information of a shelter hospital individual solider handheld intelligent terminal from being leaked. Classified data are protected by a public key encryption algorithm to be distributed to the individual solider handheld intelligent terminal. When the data of the individual solider handheld intelligent terminal are used, the identity of safety firmware of the individual solider handheld intelligent terminal is authenticated by a shelter hospital CA center to acquire private keys of the data from the shelter hospital CA center, the private keys are protected by the public keys of the safety firmware in a transmission process, and the data are dynamically decrypted in a used process. Pirate users cannot acquire the private keys for decrypting the data if not authenticated by the shelter hospital CA center. Thus, plaintexts of the individual solider handheld intelligent terminal cannot be acquired, and the data of the individual solider handheld intelligent terminal cannot be leaked.
Description
Technical field
The present invention relates to the fields such as shelter hospital, cryptography, data security, specifically, the present invention has provided a kind of method that prevents the individual soldier of shelter hospital hand-held intelligent terminal leakage of information, can effectively prevent the generation of individual soldier's hand-held intelligent terminal leakage of information behavior.
Background technology
Rise along with shelter hospital, tele-medicine and individual soldier's intelligent terminal, in shelter hospital, adopt more and more intelligent terminal as the medical care platform, in order to improve professional ability separately, each shelter hospital side of undertaking the construction of all drops into huge fund and develops various mobile service software.
Yet Intelligent terminal data leaks and to become the respectively a great problem of the side of application, if can not effectively address this problem, at security requirements, in higher shelter hospital, adopt individual soldier's intelligent terminal also can be subject to serious impact.
The symmetric key cipher algorithm is the key algorithm that encryption key is identical with decruption key, is usually used in large data are encrypted.
The unsymmetrical key cipher key technique is the cryptographic algorithm that has PKI and two keys of private key; the ciphertext formed through public key encryption; only have with private key and could decipher; the key formed through encrypted private key; only have with PKI and could decipher; be commonly used to protect symmetric key, also be used for signing and key distribution etc.
Summary of the invention
The present invention proposes a kind of method that prevents the individual soldier of shelter hospital hand-held intelligent terminal leakage of information; confidential data is distributed to individual soldier's hand-held intelligent terminal after the public key encryption algorithm protection again; in individual soldier's hand-held intelligent terminal data when being used; the secure firmware of individual soldier's hand-held intelligent terminal is after the authentication at the CA of shelter hospital center; obtain the private key of data from the CA of shelter hospital center; private key is subject to the protection of secure firmware PKI in the process of transmission, in the process then be used in data, dynamically data are decrypted.Pirate user, not by the authentication with the CA of shelter hospital center, can't obtain the needed private key of data deciphering, therefore can't obtain the clear data of individual soldier's hand-held intelligent terminal, thereby prevent the data leak of individual soldier's hand-held intelligent terminal.The specific works mode is as follows:
(1) the shelter hospital that adopts this method to carry out the data protection of individual soldier's hand-held intelligent terminal need to set up the CA center of oneself, is responsible for safety device the key management support is provided;
(2) the individual soldier's hand-held intelligent terminal that carries out the anti-data-leakage protection possesses secure firmware, this secure firmware is the one section software code that is stored in the boot memory block of intelligent terminal, and secure firmware can carry out high-speed symmetric encryption and decryption and asymmetric encryption and decryption simultaneously;
(3) each piece of data of individual soldier's hand-held intelligent terminal of protecting through the present invention, a PKI PK who all there is the CA of shelter hospital central dispense
pscorresponding private key PK with it
ss, PK
ssbe stored in the CA of shelter hospital center, PK
psfor the protection of the symmetric key that individual soldier's hand-held intelligent terminal data are encrypted;
(4), before individual soldier's hand-held intelligent terminal data distributing, every part of individual soldier's hand-held intelligent terminal data S is by symmetric key SK
sencryption obtains data ciphertext S
s, SK
sthrough PK
psencrypt SK
sform SK
ss, S
s, SK
ssbroken into encrypted packets with data label and issued, in encrypted packets, also can be comprised PK
ps;
(5) the PKI PK at the CA of shelter hospital center
phprivate key PK with secure firmware
sdbe written in secure firmware PK
sdalso can independently be generated by secure firmware, with PK
sdcorresponding PKI PK
pdbe stored in the CA of shelter hospital center, the private key PK of secure firmware
sdcan not read;
(6) when individual soldier's hand-held intelligent terminal encrypted packets is used, secure firmware first carries out bidirectional identity authentication with the CA of shelter hospital center, after both sides confirm identity, inquire the private key PK of shelter individual soldier hand-held intelligent terminal enciphered data from the CA of shelter hospital center
ss, PK
ssby PK
sdencrypt and form PK
sssafter be transferred in secure firmware, secure firmware PK
pdto PK
sssobtain PK after being decrypted
ss, and by PK
ssstore PK
sskey can not be read out;
(7) at individual soldier's hand-held intelligent terminal data ciphertext S
sin the process be used, secure firmware reads the SK in installation kit
ss, and use PK
ssto SK
ssbe decrypted and obtain SK
s, then use SK
sthe data ciphertext is decrypted to obtain to data plaintext S;
(8) secure firmware is to individual soldier's hand-held intelligent terminal data ciphertext S
sdecryption oprerations, according to the difference to individual soldier's hand-held intelligent terminal data confidentiality degree, can appear at data ciphertext S
swhile from a kind of storage medium, transferring to another kind of storage medium, when also can appear at data and shift in the same medium.
The accompanying drawing explanation
Nothing.
Embodiment
By technical scheme of the present invention, can strictly each piece of data encrypted packet be tied on individual soldier's hand-held intelligent terminal of appointment, thereby effectively prevent the generation of data leak problem, specific embodiments is as described below:
(1), when individual soldier's hand-held intelligent terminal data distributing, the key tube module generates a PKI PK to each piece of data
pscorresponding private key PK with it
ss, PK
ssbe stored in the CA of shelter hospital center, and then generate a symmetric key SK
s, by data distribution systems SK
sdata S is encrypted and obtains S
s, and then use PK
psto SK
sencrypt and form SK
ss, and by S
sand SK
ssbreak into encrypted packets, in encrypted packets, also can comprise PK
ps;
(2) before secure firmware is used, by first making system by key management module PKI PK
phprivate key PK with secure firmware
sdwrite in secure firmware PK
sdalso can independently be generated by secure firmware PK
sdonce just can not be modified again and can not be read out after generating or writing, with PK
sdcorresponding PKI PK
pdbe stored in the CA of shelter hospital center;
(3), when individual soldier's hand-held intelligent terminal encrypted packets is used, secure firmware first carries out bidirectional identity authentication with authentication module, after both sides confirm identity, by the PKI PK of enciphered data
psinquire corresponding with it private key PK to the CA of shelter hospital center
ss, the CA of shelter hospital center PK
dsto PK
ssobtain PK after encryption
sss, then by PK
sssbe transferred in secure firmware, secure firmware is to PK
sssobtain PK after being decrypted
ss, and by PK
ssstore PK
sskey can not be read out, thereby the binding of the data of completing and secure firmware is the binding of data and individual soldier's hand-held intelligent terminal, thereby has effectively prevented the generation of data leak problem;
(4), in the process be used in individual soldier's hand-held intelligent terminal data, secure firmware reads the SK in encrypted packets
ss, and adopt PK
ssto SK
ssbe decrypted and obtain SK
s, then use SK
senciphered data is decrypted, obtains clear data.
Claims (7)
1. a method that prevents the individual soldier of shelter hospital hand-held intelligent terminal leakage of information; confidential data is distributed to individual soldier's hand-held intelligent terminal after the public key encryption algorithm protection again; in individual soldier's hand-held intelligent terminal data when being used; the secure firmware of individual soldier's hand-held intelligent terminal is after the authentication at the CA of shelter hospital center; obtain the private key of data from the CA of shelter hospital center; private key is subject to the protection of secure firmware PKI in the process of transmission, in the process then be used in data, dynamically data are decrypted.
2. pirate user, not by the authentication with the CA of shelter hospital center, can't obtain the needed private key of data deciphering, therefore can't obtain the clear data of individual soldier's hand-held intelligent terminal, thereby prevent the data leak of individual soldier's hand-held intelligent terminal.
3. method according to claim 1, the shelter hospital that adopts this method to carry out the data protection of individual soldier's hand-held intelligent terminal need to set up the CA center of oneself.
4. method according to claim 1, through each piece of data of individual soldier's hand-held intelligent terminal of the present invention's protection, a PKI PK who all has the CA of shelter hospital central dispense
pscorresponding private key PK with it
ss, PK
ssbe stored in the CA of shelter hospital center, PK
psfor the protection of the symmetric key that individual soldier's hand-held intelligent terminal data are encrypted;
Method according to claim 1, before individual soldier's hand-held intelligent terminal data distributing, every part of individual soldier's hand-held intelligent terminal data S is by symmetric key SK
sencryption obtains data ciphertext S
s, SK
sthrough PK
psencrypt SK
sform SK
ss, S
s, SK
ssbroken into encrypted packets with data label and issued, in encrypted packets, also can be comprised PK
ps;
Method according to claim 1, the PKI PK at the CA of shelter hospital center
phprivate key PK with secure firmware
sdbe written in secure firmware PK
sdalso can independently be generated by secure firmware, with PK
sdcorresponding PKI PK
pdbe stored in the CA of shelter hospital center, the private key PK of secure firmware
sdcan not read.
5. method according to claim 1, when individual soldier's hand-held intelligent terminal encrypted packets is used, secure firmware first carries out bidirectional identity authentication with the CA of shelter hospital center, after both sides confirm identity, inquires the private key PK of shelter individual soldier hand-held intelligent terminal enciphered data from the CA of shelter hospital center
ss, PK
ssby PK
sdencrypt and form PK
sssafter be transferred in secure firmware, secure firmware PK
pdto PK
sssobtain PK after being decrypted
ss, and by PK
ssstore PK
sskey can not be read out.
6. method according to claim 1, at individual soldier's hand-held intelligent terminal data ciphertext S
sin the process be used, secure firmware reads the SK in installation kit
ss, and use PK
ssto SK
ssbe decrypted and obtain SK
s, then use SK
sthe data ciphertext is decrypted to obtain to data plaintext S.
7. method according to claim 1, method according to claim 1, secure firmware is to individual soldier's hand-held intelligent terminal software ciphertext S
sdecryption oprerations, according to the difference to the software privacy degree, can appear at software ciphertext S
swhile from a kind of storage medium, transferring to another kind of storage medium, when also can appear at software and shift in the same medium.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2013103725287A CN103457735A (en) | 2013-08-25 | 2013-08-25 | Method capable of preventing information of shelter hospital individual solider handheld intelligent terminal from being leaked |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2013103725287A CN103457735A (en) | 2013-08-25 | 2013-08-25 | Method capable of preventing information of shelter hospital individual solider handheld intelligent terminal from being leaked |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103457735A true CN103457735A (en) | 2013-12-18 |
Family
ID=49739726
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2013103725287A Pending CN103457735A (en) | 2013-08-25 | 2013-08-25 | Method capable of preventing information of shelter hospital individual solider handheld intelligent terminal from being leaked |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103457735A (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101072099A (en) * | 2007-06-22 | 2007-11-14 | 苏盛辉 | Public key encryption method based on nonuniform super-increasing sequence |
| CN101188616A (en) * | 2007-12-12 | 2008-05-28 | 四川长虹电器股份有限公司 | Method for terminal to apply for certificate |
| CN101465728A (en) * | 2008-12-17 | 2009-06-24 | 成都市华为赛门铁克科技有限公司 | Method, system and device for distributing cipher key |
| US20110120026A1 (en) * | 2009-09-21 | 2011-05-26 | One 4 Haul Trans4mer Ltd. | Mobile multi-functional shelter unit |
| CN103164990A (en) * | 2013-02-08 | 2013-06-19 | 中国人民武装警察部队后勤学院附属医院 | Square cabin hospital remote teaching consultation system |
-
2013
- 2013-08-25 CN CN2013103725287A patent/CN103457735A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101072099A (en) * | 2007-06-22 | 2007-11-14 | 苏盛辉 | Public key encryption method based on nonuniform super-increasing sequence |
| CN101188616A (en) * | 2007-12-12 | 2008-05-28 | 四川长虹电器股份有限公司 | Method for terminal to apply for certificate |
| CN101465728A (en) * | 2008-12-17 | 2009-06-24 | 成都市华为赛门铁克科技有限公司 | Method, system and device for distributing cipher key |
| US20110120026A1 (en) * | 2009-09-21 | 2011-05-26 | One 4 Haul Trans4mer Ltd. | Mobile multi-functional shelter unit |
| CN103164990A (en) * | 2013-02-08 | 2013-06-19 | 中国人民武装警察部队后勤学院附属医院 | Square cabin hospital remote teaching consultation system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100468438C (en) | Encryption and decryption method for realizing hardware and software binding | |
| US11874935B2 (en) | Protecting data from brute force attack | |
| CN103488915B (en) | The resource encryption decryption method of the double secret key encryption that a kind of software and hardware combines | |
| CN102624522A (en) | Key encryption method based on file attribution | |
| CN105009597A (en) | Master key encryption functions for transmitter-receiver pairing as countermeasure to thwart key recovery attacks | |
| CN103618607A (en) | Method for data security transmission and key exchange | |
| CN104202158A (en) | Data symmetric and asymmetric hybrid encryption and decryption method based on cloud computing | |
| CN102082790A (en) | Method and device for encryption/decryption of digital signature | |
| CN101808089A (en) | Secret data transmission protection method based on isomorphism of asymmetrical encryption algorithm | |
| CN104239808A (en) | Method and device for encryption transmission of data | |
| CN102647279A (en) | Encryption method, encryption card, terminal equipment and machine-card interlocking device | |
| CN103179514A (en) | Cell phone safe group-sending method and device for sensitive message | |
| CN103177225B (en) | A kind of data managing method and system | |
| KR101991775B1 (en) | Method for data encryption and decryption based on fpga | |
| US11550933B2 (en) | Enhanced security systems and methods using a hybrid security solution | |
| CN101047945B (en) | Mobile communication system and customer temporary identity distribution method | |
| CN103177224A (en) | Data protection method and device used for terminal external storage card | |
| CN117424699A (en) | AES symmetric encryption optimization method and system based on CBC encryption mode | |
| CN101964039A (en) | Encryption protection method and system of copyright object | |
| CN101296077A (en) | Identity authentication system based on bus type topological structure | |
| CN101325486B (en) | Method and apparatus for transferring field permission cryptographic key | |
| CN102546152A (en) | Method for achieving multi-stage encryption and decryption of data | |
| KR101262844B1 (en) | Apparatus for relaying remote meter data for controlling network access and method thereof | |
| CN201408416Y (en) | Mobile storage device with key splitting and storing mechanism | |
| CN103457734A (en) | Safety device capable of preventing data copy of shelter hospital individual soldier handheld intelligent terminal |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20131218 |
|
| WD01 | Invention patent application deemed withdrawn after publication |