CN103679036A - Internet-based implement method for building trust between mobile encryption devices - Google Patents

Internet-based implement method for building trust between mobile encryption devices Download PDF

Info

Publication number
CN103679036A
CN103679036A CN201310571157.5A CN201310571157A CN103679036A CN 103679036 A CN103679036 A CN 103679036A CN 201310571157 A CN201310571157 A CN 201310571157A CN 103679036 A CN103679036 A CN 103679036A
Authority
CN
China
Prior art keywords
usb
mobile encrypted
encrypted equipment
trusted
trust
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201310571157.5A
Other languages
Chinese (zh)
Inventor
赵彬
沈宁
罗鸣
陈波
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Anhui Yun Dun Information Technology Co Ltd
Original Assignee
Anhui Yun Dun Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Anhui Yun Dun Information Technology Co Ltd filed Critical Anhui Yun Dun Information Technology Co Ltd
Priority to CN201310571157.5A priority Critical patent/CN103679036A/en
Publication of CN103679036A publication Critical patent/CN103679036A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • G06F21/445Program or device authentication by mutual authentication, e.g. between devices or programs
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention relates to an internet-based implement method for building trust between mobile encryption devices. A pair of asymmetrical secret keys are generated on each USB mobile encryption device and stored in an internal nonvolatile storage area, private keys cannot be exported, and public keys can be exported; a liquid crystal display panel and a plurality of buttons are arranged on the USB mobile encryption device; a user can check the MD5 value of the public key of the current encryption device; the income MD5 value of the public key of the encryption device to be trusted is checked, and trust operation and distrust operation are conducted; the MD5 value, stored in the current encryption device, of the public key of each trusted encryption device is checked. The internet-based implement method for building trust between mobile encryption devices has the advantages that the trust relation can be built between every two hardware encryption devices, encryption files can be shared by client terminals, and a hacker can be prevented from hostile attack and from building trust relation with the non-I encryption device in the process where the trust relation is built between the encryption devices.

Description

The implementation method that a kind of mobile encrypted equipment room based on internet breaks the wall of mistrust
Technical field
The present invention relates to the technical field that mobile encrypted equipment room breaks the wall of mistrust, the implementation method that especially a kind of mobile encrypted equipment room based on internet breaks the wall of mistrust.
Background technology
In adding Miyun dish implementation procedure, user's scene and the problem that need to separate are: a user has many clients (PC or mobile device), is inserted with a hardware encipher equipment (USB or TF card interface form) in every client; Each encryption device is no initializtion state when consigning to user, needs user to complete its initialization.The file of encrypting in any client of a user can both be decrypted on need to other clients this user; If can break the wall of mistrust relation between each hardware encipher equipment, just can realize sharing of encrypt file between each client.The method of the relation that breaks the wall of mistrust has multiple, and wherein a kind of method is: current encryption device is saved in the PKI of being trusted encryption device own inner.In the process of the relation that breaks the wall of mistrust, need to prevent hacker's malicious attack between encryption device, and the relation that breaks the wall of mistrust between non-my encryption device.
Summary of the invention
The present invention will solve the shortcoming of above-mentioned prior art, the implementation method that provides a kind of mobile encrypted equipment room based on internet to break the wall of mistrust.
The present invention solves the technical scheme that its technical matters adopts: the implementation method that this mobile encrypted equipment room based on internet breaks the wall of mistrust, on the mobile encrypted equipment of each USB, after user's initialization operation, generate a pair of unsymmetrical key, be kept in inner non-volatile memory district, private key wherein cannot be exported, and PKI spoon can be exported; On the mobile encrypted equipment of USB, be provided with a LCDs and some buttons; User can, by checking liquid crystal display and operation push-button, check the MD5 value of current encryption device PKI; Check that the wait of importing into trusted the MD5 value of the PKI of encryption device, and carry out " trust " and " distrust " operation; Check that each of preserving current encryption device the inside trusted the MD5 value of encryption device PKI; The method comprises the steps:
1., the mobile encrypted equipment of each USB is in one of following three kinds of states:
1. no initializtion: the state while just dispatching from the factory;
2. do not trusted:, by user's initialization, produced unsymmetrical key pair, but also do not obtained the trust of the mobile encrypted equipment of other USB;
3. trusted: through user's confirmation, the mobile encrypted equipment of other USB has been trusted the mobile encrypted equipment of this USB;
2. the mobile encrypted equipment of USB that mobile encrypted device just of the USB not trusted will have been trusted by any one is confirmed to trust after operation, just becomes and is trusted the mobile encrypted equipment of USB;
3. the mobile encrypted equipment of each USB is used by client for the first time, and while signing in to cloud dish server, " sequence number " of the mobile encrypted equipment of USB+" MD5 of PKI " value can be uploaded to cloud dish server;
4. a user's the mobile encrypted equipment of first USB signs in to while adding Miyun dish for the first time by client, automatically becomes and is trusted the mobile encrypted equipment of USB;
5. the follow-up mobile encrypted equipment of other USB signs in to while adding Miyun dish by client, just " sequence number "+" MD5 of PKI " is uploaded to cloud dish server, and waits for that the mobile encrypted equipment of USB of having been trusted is confirmed to trust to it and operate; Before confirming that trust has operated, use the mobile encrypted equipment of this USB cannot access any encrypt file on cloud dish;
6. user uses the mobile encrypted device logs of USB of having been trusted to add after Miyun dish server, add Miyun dish client and can obtain from server " the encryption device list that wait acknowledge is trusted " if list the inside is meaningful, point out user, the mobile encrypted equipment of each USB in list is confirmed to trust operation;
7. adding Miyun dish client can write the mobile encrypted equipment of the current USB having been trusted by the PKI of the mobile encrypted equipment of USB of wait acknowledge trust, and points out user on " LCDs and the button accessory device " of the mobile encrypted equipment of USB, to confirm operation;
8. in LCDs, can show the PKI MD5 value of the mobile encrypted equipment of trust USB to be confirmed;
9. user can insert the mobile encrypted equipment of the USB of trust to be confirmed the USB mouth of computer or USB charger, the MD5 value of checking its PKI by LCDs and button;
10., if two MD5 values are in full accord, user can carry out confirmation letter and appoints operation on the LCDs of the mobile encrypted equipment of USB of having been trusted and button;
11. users use while being just believed to the mobile encrypted equipment of USB of appointing and adding Miyun dish client sign in to cloud dish server, can access the content adding in Miyun dish.
Further, the combination of described LCDs and button, as an individual components, is connected on the mobile encrypted equipment of USB by pluggable cable.
Further, the PKI of the mobile encrypted equipment of other USB operating by " trust " can be saved to the mobile encrypted equipment of current USB, or carries out key delivery processing.
Further, TF card encryption equipment, by a converter, is converted to the mobile encrypted equipment of USB that can confirm to trust operation, confirms to trust operation.
The effect that the present invention is useful is: the relation that can break the wall of mistrust between each hardware encipher equipment, just can realize sharing of encrypt file between each client.And can prevent hacker malicious attack in the process of the relation that breaks the wall of mistrust between encryption device, and the relation that breaks the wall of mistrust between non-my encryption device.
Embodiment
Below in conjunction with embodiment, the invention will be further described:
The implementation method that this mobile encrypted equipment room based on internet breaks the wall of mistrust, on each USB encryption device, after user's initialization operation, can generate a pair of unsymmetrical key, is kept in inner non-volatile memory district.Private key wherein cannot be exported, and PKI spoon is to be exported.On USB encryption unit, be attached with a LCDs and some buttons.The combination of LCDs and button can be used as an individual components, by pluggable cable, is connected on USB encryption unit.User can, by checking liquid crystal display and operation push-button, realize: the MD5 value of checking current encryption device PKI; Check that the wait of importing into trusted the MD5 value of the PKI of encryption device, and can carry out " trust " and " distrust " operation.The PKI of other encryption devices that operate by " trust " can be saved to current encryption device, or carries out key delivery processing.Check that each of preserving current encryption device the inside trusted the MD5 value of encryption device PKI; TF card encryption equipment can pass through a special converter, is converted to the USB encryption device that can confirm to trust operation, confirms to trust operation.
1. each encryption device is in one of following three kinds of states:
1. no initializtion: the state while just dispatching from the factory
2. do not trusted:, by user's initialization, produced unsymmetrical key pair, but also do not obtained the trust of other encryption device
3. trusted: through user's confirmation, other encryption devices have been trusted this encryption device
2. the encryption device that encryption device of not trusted only need to have been trusted by any one is confirmed to trust after operation, just becomes and is trusted encryption device
3. each encryption device is used by client for the first time, and while signing in to cloud dish server, " sequence number " of encryption device+" MD5 of PKI " value can be uploaded to cloud dish server.
4. first encryption device of a user signs in to while adding Miyun dish for the first time by client, automatically becomes and is trusted encryption device.
5. other follow-up encryption devices sign in to while adding Miyun dish by client, just " sequence number "+" MD5 of PKI " are uploaded to cloud dish server, and wait for that the encryption device of having been trusted is confirmed to trust to it and operate.Before confirming that trust has operated, use this encryption device cannot access any encrypt file on cloud dish.
6. user uses the encryption device login of having been trusted to add after Miyun dish server, add Miyun dish client software and can obtain from server " the encryption device list that wait acknowledge is trusted " if list the inside is meaningful, point out user, each encryption device in list is confirmed to trust operation.
7. adding Miyun dish client can write current encryption device of having been trusted by the PKI of the encryption device of wait acknowledge trust, and points out user on " LCDs and the button accessory device " of encryption device, to confirm operation.
8. in LCDs, can show the PKI MD5 value of trust encryption device to be confirmed.
9. user can insert the encryption device of trust to be confirmed the USB mouth of computer or USB charger, the MD5 value of checking its PKI by LCDs and button.This step operation also can be completed by user in advance, and records by effective mode.
10., if two MD5 values are in full accord, user can carry out confirmation letter and appoints operation on " LCDs and the button accessory device " of the encryption device of having been trusted.
11. users use while being just believed to the encryption device of appointing and adding Miyun dish client sign in to cloud dish server, can access the content adding in Miyun dish.
In addition to the implementation, the present invention can also have other embodiments.All employings are equal to the technical scheme of replacement or equivalent transformation formation, all drop on the protection domain of requirement of the present invention.

Claims (4)

1. the implementation method that the mobile encrypted equipment room based on internet breaks the wall of mistrust, it is characterized in that: on the mobile encrypted equipment of each USB, after user's initialization operation, generate a pair of unsymmetrical key, be kept in inner non-volatile memory district, private key wherein cannot be exported, and PKI spoon can be exported; On the mobile encrypted equipment of USB, be provided with a LCDs and some buttons; User can, by checking liquid crystal display and operation push-button, check the MD5 value of current encryption device PKI; Check that the wait of importing into trusted the MD5 value of the PKI of encryption device, and carry out " trust " and " distrust " operation; Check that each of preserving current encryption device the inside trusted the MD5 value of encryption device PKI; The method comprises the steps:
(1), the mobile encrypted equipment of each USB is in one of following three kinds of states:
1. no initializtion: the state while just dispatching from the factory;
2. do not trusted:, by user's initialization, produced unsymmetrical key pair, but also do not obtained the trust of the mobile encrypted equipment of other USB;
3. trusted: through user's confirmation, the mobile encrypted equipment of other USB has been trusted the mobile encrypted equipment of this USB;
The mobile encrypted equipment of USB that (2) mobile encrypted device just of the USB not trusted will have been trusted by any one is confirmed to trust after operation, just becomes and is trusted the mobile encrypted equipment of USB;
(3) the mobile encrypted equipment of each USB is used by client for the first time, and while signing in to cloud dish server, " sequence number " of the mobile encrypted equipment of USB+" MD5 of PKI " value can be uploaded to cloud dish server;
(4) users' the mobile encrypted equipment of first USB signs in to while adding Miyun dish for the first time by client, automatically becomes and is trusted the mobile encrypted equipment of USB;
(5) the follow-up mobile encrypted equipment of other USB signs in to while adding Miyun dish by client, just " sequence number "+" MD5 of PKI " is uploaded to cloud dish server, and waits for that the mobile encrypted equipment of USB of having been trusted is confirmed to trust to it and operate; Before confirming that trust has operated, use the mobile encrypted equipment of this USB cannot access any encrypt file on cloud dish;
(6) user uses the mobile encrypted device logs of USB of having been trusted to add after Miyun dish server, add Miyun dish client and can obtain from server " the encryption device list that wait acknowledge is trusted " if list the inside is meaningful, point out user, the mobile encrypted equipment of each USB in list is confirmed to trust operation;
(7) adding Miyun dish client can write the mobile encrypted equipment of the current USB having been trusted by the PKI of the mobile encrypted equipment of USB of wait acknowledge trust, and points out user on " LCDs and the button accessory device " of the mobile encrypted equipment of USB, to confirm operation;
(8) in LCDs, can show the PKI MD5 value of the mobile encrypted equipment of trust USB to be confirmed;
(9) user inserts the mobile encrypted equipment of the USB of trust to be confirmed the USB mouth of computer or USB charger, the MD5 value of checking its PKI by LCDs and button;
(10), if two MD5 values are in full accord, user carries out confirmation letter and appoints operation on the LCDs of the mobile encrypted equipment of USB of having been trusted and button;
(11) user uses while being just believed to the mobile encrypted equipment of USB of appointing and adding Miyun dish client sign in to cloud dish server, can access the content adding in Miyun dish.
2. the implementation method that the mobile encrypted equipment room based on internet according to claim 1 breaks the wall of mistrust, it is characterized in that: the combination of described LCDs and button, as an individual components, is connected on the mobile encrypted equipment of USB by pluggable cable.
3. the implementation method that the mobile encrypted equipment room based on internet according to claim 1 breaks the wall of mistrust, it is characterized in that: the PKI of the mobile encrypted equipment of other USB operating by " trust " can be saved to the mobile encrypted equipment of current USB, or carries out key delivery processing.
4. the implementation method that the mobile encrypted equipment room based on internet according to claim 1 breaks the wall of mistrust, it is characterized in that: TF card encryption equipment is by a converter, be converted to the mobile encrypted equipment of USB that can confirm to trust operation, confirm to trust operation.
CN201310571157.5A 2013-11-13 2013-11-13 Internet-based implement method for building trust between mobile encryption devices Pending CN103679036A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201310571157.5A CN103679036A (en) 2013-11-13 2013-11-13 Internet-based implement method for building trust between mobile encryption devices

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310571157.5A CN103679036A (en) 2013-11-13 2013-11-13 Internet-based implement method for building trust between mobile encryption devices

Publications (1)

Publication Number Publication Date
CN103679036A true CN103679036A (en) 2014-03-26

Family

ID=50316546

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201310571157.5A Pending CN103679036A (en) 2013-11-13 2013-11-13 Internet-based implement method for building trust between mobile encryption devices

Country Status (1)

Country Link
CN (1) CN103679036A (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1661959A (en) * 2004-02-27 2005-08-31 微软公司 Security associations for devices
CN1294720C (en) * 1999-10-27 2007-01-10 艾利森电话股份有限公司 Method and arrangement in communication network
CN101102180A (en) * 2006-07-03 2008-01-09 联想(北京)有限公司 Inter-system binding and platform integrity verification method based on hardware security unit
US20090185685A1 (en) * 2008-01-18 2009-07-23 International Business Machines Corporation Trust session management in host-based authentication
CN101881997A (en) * 2009-05-04 2010-11-10 同方股份有限公司 Trusted safe mobile storage device

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1294720C (en) * 1999-10-27 2007-01-10 艾利森电话股份有限公司 Method and arrangement in communication network
CN1661959A (en) * 2004-02-27 2005-08-31 微软公司 Security associations for devices
CN101102180A (en) * 2006-07-03 2008-01-09 联想(北京)有限公司 Inter-system binding and platform integrity verification method based on hardware security unit
US20090185685A1 (en) * 2008-01-18 2009-07-23 International Business Machines Corporation Trust session management in host-based authentication
CN101881997A (en) * 2009-05-04 2010-11-10 同方股份有限公司 Trusted safe mobile storage device

Similar Documents

Publication Publication Date Title
EP3605989B1 (en) Information sending method, information receiving method, apparatus, and system
US10469469B1 (en) Device-based PIN authentication process to protect encrypted data
US10142107B2 (en) Token binding using trust module protected keys
EP3289723B1 (en) Encryption system, encryption key wallet and method
KR101894232B1 (en) Method and apparatus for cloud-assisted cryptography
EP2639997B1 (en) Method and system for secure access of a first computer to a second computer
US8984295B2 (en) Secure access to electronic devices
CN109587101B (en) Digital certificate management method, device and storage medium
US10601590B1 (en) Secure secrets in hardware security module for use by protected function in trusted execution environment
EP3082123B1 (en) File storage system, file storage apparatus, and user terminal
CN102638568A (en) Cloud storage system and data management method thereof
CN109756329A (en) Anti- quantum calculation shared key machinery of consultation and system based on private key pond
CN110708291B (en) Data authorization access method, device, medium and electronic equipment in distributed network
CN108199847B (en) Digital security processing method, computer device, and storage medium
WO2023174038A1 (en) Data transmission method and related device
CN115001841A (en) Identity authentication method, identity authentication device and storage medium
WO2021098152A1 (en) Blockchain-based data processing method, device, and computer apparatus
CN102999710A (en) Method, equipment and system for safely sharing digital content
CN109510711B (en) Network communication method, server, client and system
US9473471B2 (en) Method, apparatus and system for performing proxy transformation
Shahzad Safe haven in the cloud: Secure access controlled file encryption (safe) system
Pradeep et al. Survey on the key management for securing the cloud
WO2020177109A1 (en) Lot-drawing processing method, trusted chip, node, storage medium and electronic device
CN111181906A (en) Data sharing method, device, equipment, system and storage medium
CN112400295B (en) Managing central secret keys for multiple user devices associated with a single public key

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20140326