CN103701596A - Document access method, system and equipment and document access request response method, system and equipment - Google Patents

Document access method, system and equipment and document access request response method, system and equipment Download PDF

Info

Publication number
CN103701596A
CN103701596A CN201210366938.6A CN201210366938A CN103701596A CN 103701596 A CN103701596 A CN 103701596A CN 201210366938 A CN201210366938 A CN 201210366938A CN 103701596 A CN103701596 A CN 103701596A
Authority
CN
China
Prior art keywords
receiving terminal
pki
file
key
terminal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201210366938.6A
Other languages
Chinese (zh)
Inventor
刘勇
张胜
陈世俊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Siemens AG
Original Assignee
Siemens AG
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Siemens AG filed Critical Siemens AG
Priority to CN201210366938.6A priority Critical patent/CN103701596A/en
Publication of CN103701596A publication Critical patent/CN103701596A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

The invention provides a document access method. According to the method, a document is encrypted with a dynamically generated temporary secret key which is saved in a receiving terminal and encrypted with a public key saved in the receiving terminal, the receiving terminal sends out an access request for the document to a sending terminal when a user needs to access the document off line, an access response that the receiving terminal receives from the sending terminal contains information for user authentication, and user authentication is performed according to the information and a password input by the user; the temporary secret key can be decrypted only after the authentication succeeds, and then the document is decrypted. Compared with the prior art in which user authentication is performed only by using a password, the method provided by the invention has higher authentication strength and thus improves the safety of the document; besides, the method adopts double encryption and decryption, that is, the document is encrypted with the dynamically generated temporary secret key, the temporary secret key is encrypted by the saved public key, the temporary secret key is decrypted with a public key in the access response, and the document is decrypted with a temporary secret key obtained by decryption.

Description

The method of file access and response file access request, system and equipment
Technical field
The present invention relates to computer safety field, relate in particular to method, system and the equipment of a kind of file access and response file access request.
Background technology
Universal along with network technology, the access of information, shares and issue becomes more and more convenient, but has also increased the danger that important information is revealed simultaneously.At present; protect the major technique of important electronic document to comprise file encryption storage and strict user access control; for the offline e file (file that has departed from document security system; the e-file that has for example departed from enterprise security network) safeguard protection, current solution is that user authenticates with file encryption and stores.
The security protection technology of existing offline e file is that user selects correct method to read the electronic document in document security client; this client is downloaded encryption key from document security system server automatically; and use temporary key encrypted electronic document, thereby reach the object of the safeguard protection of offline e document.
But there is following defect in prior art: the temporary key of the static password protection off-line files that user arranges, static password can not change during off-line, and fail safe is lower, thereby is easily cracked.
Summary of the invention
The embodiment of the present invention provides method, system and the equipment of a kind of file access and response file access request, for improving the fail safe of the file on receiving terminal.
The embodiment of the present invention provides a kind of file access method, and the method comprises:
When the file of the interim password encryption dynamically generating is used in needs access, receiving terminal sends the request of access file to transmitting terminal, and wherein, described interim password is kept at the receiving terminal of described encrypt file the public key encryption of being preserved by described receiving terminal; Then the PKI that comprises dynamic generation that receiving terminal receiving end/sending end returns and the response of private key, the static password that the PKI that described transmitting terminal returns and private key are set in advance by user is encrypted;
PKI and private key that the password of receiving terminal user input returns described transmitting terminal are decrypted, if Decryption failures, authentification failure; If successful decryption, the PKI obtaining according to deciphering determines with the PKI of preserving at receiving terminal whether authentication is passed through, if authentification failure forbids that user accesses described file; If authentication is passed through,
The private key that the described transmitting terminal that receiving terminal is used deciphering to obtain returns is decrypted described interim password, and the interim password that uses deciphering to obtain is decrypted described file;
The PKI that the public-key substitution that receiving terminal returns with transmitting terminal is preserved at receiving terminal, and generate new interim password; When receiving terminal need to be closed described file, with described new interim password, file is carried out to re-encrypted, then the PKI that uses transmitting terminal to preserve is encrypted described new temporary key, and the interim password of preserving at receiving terminal with the interim Coden replacement after encrypting.
Preferably, the receiving terminal in said method comprises mobile subscriber terminal (for example mobile phone).The access response that can utilize mobile subscriber terminal transmission access request and/or receiving end/sending end to return, in said method, other operation can have traditional receiving device (such as computer) to implement.Add the execution mode meeting after mobile subscriber terminal safer.
In embodiments of the present invention, file is encrypted with the temporary key dynamically generating, and the public key encryption that temporary key is kept at receiving terminal and is preserved by receiving terminal, when user needs offline access this document at every turn, to transmitting terminal, send the access request to this document, the information authenticating for user comprising in the access response that receiving terminal acquisition transmitting terminal returns, carries out user according to the password of this information and user's input and authenticates; After authentication is passed through, could decipher temporary key, and then file is decrypted; Carry out user and authenticate and compare with only accessing to your password in prior art, the authentication strength in embodiment of the present invention is larger, thereby has improved the fail safe of file; And, this programme adopts double-encryption and deciphering, use the temporary key encrypt file dynamically generating, the public key encryption temporary key that uses preservation, and the PKI in use access response to temporary key deciphering, use temporary key that deciphering obtains to file decryption, double-encryption and deciphering have further improved the fail safe that departs from the file of document security system.
Preferably, before receiving terminal sends access request to transmitting terminal, further comprise:
The described static password that receiving terminal arranges user sends to transmitting terminal;
The transmitting terminal that receiving terminal receiving end/sending end returns is encrypted the file encryption key that described file is used, and receiving terminal is encrypted used PKI to the temporary key of dynamic generation;
Receiving terminal is used the described file encryption key receiving to be decrypted described file, the file after being deciphered;
Receiving terminal is being used the temporary key dynamically generating to carry out after re-encrypted file, use described receiving terminal to be encrypted used PKI to the temporary key of dynamic generation, temporary key to described dynamic generation is encrypted, and temporary key and this PKI after encrypting are preserved.
In embodiment of the present invention, the static password that receiving terminal arranges user in advance sends to transmitting terminal, then receiving end/sending end returns file encryption key and PKI, receiving terminal can be used the first declassified document of file encryption key, and after using the dynamic temporary key generating to file re-encrypted, can use this PKI to be encrypted the temporary key generating.
Preferably, described receiving terminal is encrypted used PKI for comprising from h that transmitting terminal use hash algorithm produces to the temporary key of dynamic generation 0(X) to h n(X), in the hash chain of a n+1 cryptographic Hash, n is greater than 0 integer; PKI in described access response is h n-i(X), the private key in described access response is sh n-i+1(X), s is system private key, and the value of i is the number of times that transmitting terminal receives described access request;
The described PKI obtaining according to deciphering determines that with the PKI of preserving at receiving terminal whether authentication is passed through, and specifically comprises:
Use the cryptographic Hash of the PKI that described hash algorithm secure processing device encrypts obtains, according to the cryptographic Hash calculating and the cryptographic Hash of the PKI of preserving at receiving terminal, determine whether authentication is passed through.
In embodiment of the present invention, utilize in the hash chain that hash algorithm produces cryptographic Hash to carry out user and authenticate, can further improve the fail safe that user authenticates.
The embodiment of the present invention also provides a kind of method of response file access request, and the method comprises:
Transmitting terminal receives the access request of the file that the temporary key with dynamically generating is encrypted; Wherein, the public key encryption that described temporary key is kept at receiving terminal and is preserved by described receiving terminal;
Transmitting terminal returns to the PKI that comprises dynamic generation and the access response of private key, and the static password that the PKI comprising in described access response and private key are set in advance by user is encrypted.
In embodiment of the present invention, transmitting terminal, after receiving the access request of file, need to return to the relevant information authenticating for user, thereby guarantee the fail safe of the file on receiving terminal.
Preferably, before transmitting terminal receives described access request, further comprise:
Transmitting terminal receives the described static password of user's setting of receiving terminal transmission;
Transmitting terminal returns to transmitting terminal to receiving terminal and encrypts the file encryption key that described file is used, and receiving terminal is encrypted used PKI to the temporary key of dynamic generation.
In embodiment of the present invention, transmitting terminal receives the static password that receiving terminal sends in advance, and to receiving terminal backspace file encryption key and PKI, make receiving terminal can use the first declassified document of file encryption key, and after using the dynamic temporary key generating to file re-encrypted, can use this PKI to be encrypted the temporary key generating.
Preferably, described receiving terminal is encrypted used PKI to the temporary key of dynamic generation and is: transmitting terminal is used comprising from h that hash algorithm produces 0(X) to h n(X) hash chain of a n+1 cryptographic Hash, n is greater than 0 integer; PKI in described access response is h n-i(X), the private key in described access response is sh n-i+1(X), s is system private key, and the value of i is the number of times that transmitting terminal receives described access request.
In embodiment of the present invention, utilize in the hash chain that hash algorithm produces cryptographic Hash to carry out user and authenticate, can further improve the fail safe that user authenticates.
Preferably, after transmitting terminal receives described access request, return to described access response before, further comprise:
Transmitting terminal determines whether the access times of described file are surpassed to the access times maximum that user sets in advance;
Described transmitting terminal returns to the PKI that comprises dynamic generation and the access response of private key, specifically comprises:
Described transmitting terminal determining when the access times of described file are not surpassed to the access times maximum that user sets in advance, and returns to the PKI that comprises dynamic generation and the access response of private key.
In embodiment of the present invention, by the access times maximum to the file on receiving terminal is set, make the user can not unlimited access file, thus the fail safe that can further improve file.
The embodiment of the present invention provides a kind of file access system, and this system comprises receiving terminal and transmitting terminal,
Wherein receiving terminal is used for, after the access request of the file of encrypting with the temporary key dynamically generating on sending receiving terminal to civilian transmitting terminal, PKI and the private key of the dynamic generation comprising in the access response that acquisition transmitting terminal returns, the static password that the PKI comprising in described access response and private key are set in advance by user is encrypted; Wherein, the public key encryption that described temporary key is kept at receiving terminal and is preserved by described receiving terminal;
The password of user's input is decrypted the PKI comprising in described access response and private key, if Decryption failures, authentification failure; If successful decryption, the PKI obtaining according to deciphering determines with the PKI of preserving at receiving terminal whether authentication is passed through, if authentification failure forbids that user accesses described file; If authentication is passed through,
The private key comprising in the described access response of using deciphering to obtain is decrypted described temporary key, and the temporary key that uses deciphering to obtain is decrypted described file;
The PKI that the public-key substitution comprising in the described access response obtaining with deciphering is preserved at receiving terminal, and generate new temporary key; When receiving terminal need to be closed described file, with this new temporary key, file is carried out to re-encrypted, then the PKI that uses receiving terminal to preserve is encrypted described newly-generated temporary key, and replaces with the temporary key after encrypting the temporary key of preserving at receiving terminal;
Transmitting terminal, for after receiving described access request, returns to the PKI that comprises dynamic generation and the access response of private key, and the static password that the PKI comprising in described access response and private key are set in advance by user is encrypted.
In embodiment of the present invention, temporary key encrypt file with dynamic generation, and the public key encryption that temporary key is kept at receiving terminal and is preserved by receiving terminal, when user needs offline access this document at every turn, to transmitting terminal, send the access request to this document, receiving terminal obtains the information authenticating for user comprising in the access response that transmitting terminal returns, and carries out user authenticate according to the password of this information and user's input; After authentication is passed through, could decipher temporary key, and then file is decrypted; Carry out user and authenticate and compare with only accessing to your password in prior art, authentication strength is larger, thereby has improved the fail safe of file; And, this embodiment of the present invention adopts double-encryption and deciphering, use the temporary key encrypt file dynamically generating, the public key encryption temporary key that uses preservation, and the PKI in use access response to temporary key deciphering, use temporary key that deciphering obtains to file decryption, the fail safe that double-encryption and deciphering have further improved file.
The embodiment of the present invention provides a kind of receiving terminal, and this receiving terminal comprises:
Obtain unit, after access request for file from receiving terminal to transmitting terminal that encrypt with the temporary key dynamically generating on sending receiving terminal at, PKI and the private key of the dynamic generation comprising in the access response that acquisition transmitting terminal returns, the static password that the PKI comprising in described access response and private key are set in advance by user is encrypted; Wherein, the public key encryption that described temporary key is kept at receiving terminal and is preserved by described receiving terminal;
Decryption unit, PKI and private key that the password of inputting for user comprises described access response are decrypted, if Decryption failures, authentification failure; If successful decryption, the PKI obtaining according to deciphering determines with the PKI of preserving at receiving terminal whether authentication is passed through, if authentification failure forbids that user accesses described file; If authentication is passed through,
The private key comprising in the described access response of using deciphering to obtain is decrypted described temporary key, and the temporary key that uses deciphering to obtain is decrypted described file;
The PKI that the public-key substitution comprising in the described access response obtaining with deciphering is preserved at receiving terminal, and generate new temporary key; When receiving terminal need to be closed described file, with this new temporary key, file is carried out to re-encrypted, then the PKI that uses receiving terminal to preserve is encrypted described newly-generated temporary key, and replaces with the temporary key after encrypting the temporary key of preserving at receiving terminal.
In embodiment of the present invention, file on receiving terminal is encrypted with the temporary key dynamically generating, and the public key encryption that temporary key is kept at receiving terminal and is preserved by receiving terminal, when user needs offline access this document at every turn, to transmitting terminal, send the access request to this document, receiving terminal obtains the information authenticating for user comprising in the access response that transmitting terminal returns, and carries out user authenticate according to the password of this information and user's input; After authentication is passed through, could decipher temporary key, and then file is decrypted; Carry out user and authenticate and compare with only accessing to your password in prior art, authentication strength is larger, thereby has improved the fail safe of file; And, this programme adopts double-encryption and deciphering, use the temporary key encrypt file dynamically generating, the public key encryption temporary key that uses preservation, and the PKI in use access response to temporary key deciphering, use temporary key that deciphering obtains to file decryption, the fail safe that double-encryption and deciphering have further improved file.
The embodiment of the present invention provides a kind of transmitting terminal, and this transmitting terminal comprises:
Receiving element, the access request to the file of the temporary key encryption with dynamically generating sending for receiving user; Wherein, the public key encryption that described temporary key is kept at receiving terminal and is preserved by described receiving terminal;
Response unit, for returning to the PKI that comprises dynamic generation and the access response of private key, the static password that the PKI comprising in described access response and private key are set in advance by user is encrypted.
In embodiment of the present invention, transmitting terminal, after receiving the access request of above-mentioned file, need to return to the relevant information authenticating for user, thereby has guaranteed the fail safe of file.Especially for example, when file has departed from after safety system (when file has downloaded in its employee's computer from the safety database of enterprise), use this execution mode of the present invention can to limit the propagation of file, protected file.
Preferably, this transmitting terminal also comprises:
Transmitting element, before receiving described access request at receiving element, receives the described static password that user arranges; And return to transmitting terminal and encrypt the file encryption key that described file is used, and the temporary key of dynamic generation is encrypted to used PKI.
In embodiment of the present invention, transmitting terminal receives the static password that receiving terminal sends in advance, and to receiving terminal backspace file encryption key and PKI, make receiving terminal can use the first declassified document of file encryption key, and after using the dynamic temporary key generating to file re-encrypted, can use this PKI to be encrypted the temporary key generating.
Preferably, described transmitting element also for:
Using hash algorithm to produce comprises from h 0(X) to h n(X) hash chain of a n+1 cryptographic Hash, the cryptographic Hash that correspondence is each is encrypted used PKI as receiving terminal to the temporary key of dynamic generation, and n is greater than 0 integer;
Described response unit is by h n-i(X) as the PKI in access response, by sh n-i+1(X) as the private key in access response, s is system private key, and the value of i is the number of times that transmitting terminal receives access request.
In embodiment of the present invention, utilize in the hash chain that hash algorithm produces cryptographic Hash to carry out user and authenticate, can further improve the fail safe that user authenticates.
Preferably, described response unit also for:
Before returning to described access response, determine whether the access times of described file are surpassed to the access times maximum that user sets in advance; Determining when the access times of described file are not surpassed to the access times maximum that user sets in advance, to receiving terminal, returning to the PKI that comprises dynamic generation and the access response of private key.
In embodiment of the present invention, by the access times maximum to the file on receiving terminal is set, make the user can not unlimited access file, thus the fail safe that can further improve file.
Accompanying drawing explanation
Below by the mode with clearly understandable by the explanation of preferred implementation come by reference to the accompanying drawings the above-mentioned characteristic of the present invention, technical characterictic, advantage and execution mode thereof to be further described, wherein:
Fig. 1 is the schematic flow sheet of the file access method of embodiment of the present invention;
Fig. 2 is the schematic flow sheet of the response file access request method of embodiment of the present invention;
Fig. 3 is the mutual overall flow schematic diagram of the receiving terminal of embodiment of the present invention and transmitting terminal;
Fig. 4 is the structural representation of the file access system of embodiment of the present invention;
Fig. 5 is the structural representation of the receiving terminal of embodiment of the present invention;
Fig. 6 is the structural representation of the transmitting terminal of embodiment of the present invention.
Embodiment
Embodiment mono-:
Referring to Fig. 1, the file access method of the present embodiment comprises the following steps:
Step 10: send to transmitting terminal after the access request of the file that the temporary key with dynamically generating is encrypted, PKI and the private key of the dynamic generation comprising in the access response that receiving terminal acquisition transmitting terminal returns, the static password that the PKI comprising in this access response and private key are set in advance by user is encrypted; Wherein, the public key encryption that the temporary key dynamically generating is kept at receiving terminal and is preserved by receiving terminal;
Step 11: the password of receiving terminal user input is decrypted the PKI comprising in access response and private key, if Decryption failures arrives step 12; If successful decryption, arrives step 13;
Step 12, determines authentification failure, and this flow process finishes;
Step 13: the PKI obtaining according to deciphering determines with the PKI of preserving at receiving terminal whether authentication is passed through, if authentification failure arrives step 14, if authentication is passed through, arrives step 15;
Step 14: forbid that user accesses this document, this flow process finishes;
Step 15: the private key comprising in the access response of using deciphering to obtain is decrypted described temporary key, and the temporary key that uses deciphering to obtain is decrypted this document;
The PKI that the public-key substitution comprising in the access response obtaining with deciphering is preserved at receiving terminal, and generate new temporary key; When receiving terminal need to be closed this document, with this new temporary key, file is carried out to re-encrypted, the PKI that then uses receiving terminal to preserve is encrypted newly-generated temporary key, and replaces with the temporary key after encrypting the temporary key of preserving at receiving terminal.
Preferably, before step 10, the static password that receiving terminal can arrange user sends to transmitting terminal; The transmitting terminal that receiving terminal receiving end/sending end returns is encrypted the file encryption key that this document is used, and receiving terminal is encrypted used PKI to the temporary key of dynamic generation; Receiving terminal is used the file encryption key receiving to be decrypted this document, the file after being deciphered; Then receiving terminal is being used the temporary key dynamically generating to carry out after re-encrypted this document, use receiving terminal to be encrypted used PKI to the temporary key of dynamic generation, temporary key to dynamic generation is encrypted, and temporary key and this PKI after encrypting are preserved.
Preferably, receiving terminal is when the static password k that user is arranged sends to transmitting terminal, and the access times maximum n that can also simultaneously user be arranged sends to transmitting terminal.Receiving terminal, when static password k is sent to transmitting terminal, can also send to transmitting terminal by this user's user name, filename etc. simultaneously.
Preferably, receiving terminal is encrypted used PKI to the temporary key of dynamic generation and can is: transmitting terminal is used comprising from h that hash algorithm produces 0(X) to h n(X) hash chain of a n+1 cryptographic Hash, n is greater than 0 integer; PKI in access response is h n-i(X), the private key in access response is sh n-i+1(X), s is system private key, and the value of i is the number of times that transmitting terminal receives access request; Accordingly, the PKI that in step 13, receiving terminal obtains according to deciphering determines with the PKI of preserving at receiving terminal whether authentication is passed through, specific implementation can be: the cryptographic Hash of the PKI that use hash algorithm secure processing device encrypts obtains, according to the cryptographic Hash calculating and the cryptographic Hash of the PKI of preserving at receiving terminal, determine whether authentication is passed through.
In this embodiment, receiving terminal can be the computer that user often uses, and is completed the work of receiving terminal by PC.Receiving terminal also can comprise computer that user uses and the mobile subscriber terminal as mobile phone.The access response of utilizing mobile phone transmission access request receiving end/sending end to return.Being used in combination computer and mobile communication terminal can be safer.
Embodiment bis-:
Referring to Fig. 2, the method for the response file access request that the present embodiment provides for transmitting terminal, comprises the following steps:
Step 20: transmitting terminal receives the access request of the file that the temporary key with dynamically generating is encrypted; Wherein, the public key encryption that this temporary key dynamically generating is kept at receiving terminal and is preserved by receiving terminal;
Step 21: transmitting terminal returns to the PKI that comprises dynamic generation and the access response of private key to user terminal, and the static password that the PKI comprising in described access response and private key are set in advance by user is encrypted.
Preferably, before step 20, transmitting terminal receives the static password of user's setting of receiving terminal transmission; Transmitting terminal returns to transmitting terminal to receiving terminal and encrypts the file encryption key that this document is used, and receiving terminal is encrypted used PKI to the temporary key of dynamic generation.
Preferably, receiving terminal is encrypted used PKI to the temporary key of dynamic generation and can is: transmitting terminal is used comprising from h that hash algorithm produces 0(X) to h n(X) hash chain of a n+1 cryptographic Hash, n is greater than 0 integer; PKI in access response is h n-i(X), the private key in access response is sh n-i+1(X), s is system private key, and the value of i is the number of times that transmitting terminal receives access request.
Preferably, after transmitting terminal receives access request and before backward reference response, transmitting terminal determines whether the access times of this document are surpassed to the access times maximum that user sets in advance; Determining when the access times of this document are not surpassed to the access times maximum that user sets in advance, returning to the PKI that comprises dynamic generation and the access response of private key.
Embodiment tri-:
Referring to Fig. 3, the overall flow that the receiving terminal that the present embodiment provides and transmitting terminal are mutual, comprises the following steps:
Step 30: the static password k that receiving terminal arranges user sends to transmitting terminal;
Step 31: transmitting terminal receives and preserve the static password k that receiving terminal is sent, the file encryption key K that transmitting terminal encrypt file is used and receiving terminal are for the temporary key K to dynamic generation ibe encrypted and need the PKI using to send to receiving terminal; Here the initial value of i is that 1(represents user's access file for the first time);
Step 32: receiving terminal is used the file encryption key K receiving to be decrypted file, the file after being deciphered;
Step 33: receiving terminal is being used the random temporary key K generating ifile is carried out after re-encrypted to the PKI and the temporary key K of asymmetric arithmetic to generation that use transmitting terminal to send ibe encrypted, by the temporary key K after encrypting ipreserve with this PKI;
Step 34: when user need to access the file on the receiving terminal in off-line state, can send access request to transmitting terminal by user terminal; User terminal can be mobile phone etc.;
Step 35: transmitting terminal, after receiving the access request that user terminal sends, returns to the PKI h that comprises dynamic generation n-iand private key sh (X) n-i+1(X) access response, the PKI h comprising in access response n-iand private key sh (X) n-i+1(X) the static password k being set in advance by user encrypts;
Step 36: at user terminal, receive after the access response that transmitting terminal sends, user to receiving terminal input for to accessing sound
The PKI h that the static password k that the user who comprises in the password that information in answering is decrypted and access response sets in advance encrypts n-iand private key sh (X) n-i+1(X);
Step 37: the password of receiving terminal user input is to the PKI h that uses static password k to encrypt n-iand private key sh (X) n-i+1(X) be decrypted, if Decryption failures, authentification failure; If successful decryption, the PKI h obtaining according to deciphering n-i(X) determine with the PKI of preserving at receiving terminal whether authentication is passed through, if authentification failure is forbidden user's access file; If authentication is passed through, the private key sh that uses deciphering to obtain n-i+1(X) to the temporary key K after the encryption of preserving ibe decrypted, and the temporary key K that uses deciphering to obtain ifile is decrypted to the file after being deciphered;
Step 38: the PKI h that receiving terminal obtains with deciphering n-i(X) replace the PKI of preserving at receiving terminal, and generate at random new temporary key K i+1; When receiving terminal need to be closed this document, with this new temporary key K i+1file is carried out to re-encrypted, the PKI h that then uses receiving terminal to preserve n-i(X) to newly-generated temporary key K i+1be encrypted, and with the temporary key K after encrypting i+1the temporary key K that replacement is preserved at receiving terminal i, when user need to access this document again, the value of i is added to 1, and returns to step 34.
Preferably, in step 30, receiving terminal is when the static password k that user is arranged sends to transmitting terminal, and the access times maximum n that can also simultaneously user be arranged sends to transmitting terminal.So, after in step 35, transmitting terminal receives access request and before backward reference response, first transmitting terminal can determine whether user surpasses this access times maximum to the access times of file; When definite user does not surpass this access times maximum to the access times of file, backward reference response.Otherwise, refuse this access request.Receiving terminal, when static password k is sent to transmitting terminal, can also send to transmitting terminal by this user's user name, filename etc. simultaneously.
Preferably, in step 31, receiving terminal is to the temporary key K generating ibe encrypted used PKI h n(X) can be: transmitting terminal is used comprising from h of hash algorithm generation 0(X) to h n(X) hash chain of a n+1 cryptographic Hash, n is greater than 0 integer; PKI in the access response that step 35 transmitting terminal returns is h n-i(X), the private key in this access response is sh n-i+1(X), s is the random system private key of selecting of transmitting terminal, the value of i is the number of times that transmitting terminal receives access request, for example, if transmitting terminal is to receive for the first time the access request to this document that this user terminal sends in step 35, the value of i is 1, if transmitting terminal is to receive for the second time the access request to this document that this user terminal sends in step 35, the value of i is 2, and the rest may be inferred.Here, the value of n can be the access times maximum of user's setting.
Accordingly, the PKI h obtaining according to deciphering in step 37 n-i(X) determine with the PKI of preserving at receiving terminal whether authentication is passed through, and specific implementation can be as follows: the PKI h that receiving terminal is used hash algorithm secure processing device encrypts to obtain n-i(X) cryptographic Hash, determines to authenticate according to the PKI of the cryptographic Hash calculating and preservation and passes through, otherwise, authentification failure.
Preferably, in step 32, after the file after being deciphered, can open this document, for user, access this document.
Preferably, in step 33, receiving terminal can for example be closed after this document after user completes the access of this document, uses the temporary key K generating ifile is carried out to re-encrypted.Simultaneously can also be by the temporary key K after encrypting ibe kept in the extendfile head of file with PKI.
Preferably, in step 34, transmitting terminal in the access request that user terminal sends, can comprise this user's user name, the information such as filename of file, so that can find static password k that this user sets in advance for this document and the hash chain of generation according to this user name, filename in step 35.
Take below and use for the first time and for the second time method in the present embodiment how to implement as example explanation the present embodiment.In the present embodiment, user accesses the file on receiving terminal for the first time, and its idiographic flow is as follows:
Step 301: the static password k that receiving terminal arranges user sends to transmitting terminal;
Step 311: transmitting terminal receives and preserve the static password k that receiving terminal is sent, the file encryption key K that transmitting terminal encrypt file is used and receiving terminal are for the temporary key K to dynamic generation 1be encrypted the PKI h that needs use n(X) send to receiving terminal;
Step 321: receiving terminal is used the file encryption key K receiving to be decrypted file, the file after being deciphered;
Step 331: receiving terminal is being used the random temporary key K generating 1file is carried out after re-encrypted to the PKI h that uses transmitting terminal to send n(X) and asymmetric arithmetic to the temporary key K generating 1be encrypted, by the temporary key K after encrypting 1with this PKI h n(X) preserve;
Step 341: when user need to access the file on the receiving terminal in off-line state, can be by user terminal to sending out
Sending end sends access request; User terminal can be mobile phone etc.;
Step 351: transmitting terminal, after receiving the access request that user terminal sends, returns to the PKI that comprises dynamic generation
H n-1and private key sh (X) n(X) access response, the PKI h comprising in access response n-1and private key sh (X) n(X) the static password k being set in advance by user encrypts;
Step 361: receive after the access response that transmitting terminal sends the PKI h that the static password k that user sets in advance for the user who comprises in password that the information of access response is decrypted and access response to receiving terminal input encrypts at user terminal n-1and private key sh (X) n(X);
Step 371: the password of receiving terminal user input is to the PKI h that uses static password k to encrypt n-1and private key sh (X) n(X) be decrypted, if Decryption failures, authentification failure; If successful decryption, the PKI h obtaining according to hash algorithm secure processing device encrypts n-1(X) the PKI h that cryptographic Hash and receiving terminal are preserved n(X) determine whether authentication is passed through.If the two is inconsistent, determine authentification failure, forbid user's access file; If the two is consistent, determines to authenticate and pass through, the private key sh that uses deciphering to obtain n(X) to the temporary key K after the encryption of preserving 1be decrypted, and the temporary key K that uses deciphering to obtain 1file is decrypted to the file after being deciphered;
Step 381: the PKI h that receiving terminal obtains with deciphering n-1(X) replace the PKI h preserving at receiving terminal n(X), and at random generate new temporary key K 2; When receiving terminal need to be closed this document, with this new temporary key K 2file is carried out to re-encrypted, the PKI h that then uses receiving terminal to preserve n-1(X) to newly-generated temporary key K 2be encrypted, and with the temporary key K after encrypting 2the temporary key K that replacement is preserved at receiving terminal 1.
When user needs back-call this document, idiographic flow is as follows:
Step 342: user can send access request to transmitting terminal again by user terminal; User terminal can be mobile phone etc.;
Step 352: transmitting terminal, after receiving the access request that user terminal sends, returns to the PKI h that comprises dynamic generation n-2and private key sh (X) n-1(X) access response, the PKI h comprising in access response n-2and private key sh (X) n-1(X) the static password k being set in advance by user encrypts;
Step 362: receive after the access response that transmitting terminal sends the PKI h that the static password k that user sets in advance for the user who comprises in password that the information of access response is decrypted and access response to receiving terminal input encrypts at user terminal n-2and private key sh (X) n-1(X);
Step 372: the password of receiving terminal user input is to the PKI h that uses static password k to encrypt n-2and private key sh (X) n-1(X) be decrypted, if Decryption failures, authentification failure; If successful decryption, the PKI h obtaining according to hash algorithm secure processing device encrypts n-2(X) the PKI h that cryptographic Hash and receiving terminal are preserved n-1(X) determine whether authentication is passed through.If the two is inconsistent, determine authentification failure, forbid user's access file; If consistent, determine to authenticate and pass through, the private key sh that uses deciphering to obtain n-1(X) to the temporary key K after the encryption of preserving 2be decrypted, and the temporary key K that uses deciphering to obtain 2file is decrypted to the file after being deciphered;
Step 382: the PKI h that receiving terminal obtains with deciphering n-2(X) replace the PKI h preserving at receiving terminal n-1(X), and at random generate new temporary key K 3; When receiving terminal need to be closed this document, with this new temporary key K 3file is carried out to re-encrypted, the PKI h that then uses receiving terminal to preserve n-2(X) to newly-generated temporary key K 3be encrypted, and with the temporary key K after encrypting 3the temporary key K that replacement is preserved at receiving terminal 2.
Embodiment tetra-:
Referring to Fig. 4, the present embodiment provides a kind of file access system, and this system comprises:
Receiving terminal 40, for sending to transmitting terminal after the access request of the file that the temporary key with dynamically generating is encrypted, PKI and the private key of the dynamic generation comprising in the access response that acquisition transmitting terminal returns, the static password that the PKI comprising in described access response and private key are set in advance by user is encrypted; Wherein, the public key encryption that described temporary key is kept at receiving terminal and is preserved by described receiving terminal;
The password of user's input is decrypted the PKI comprising in described access response and private key, if Decryption failures, authentification failure; If successful decryption, the PKI obtaining according to deciphering determines with the PKI of preserving at receiving terminal whether authentication is passed through, if authentification failure forbids that user accesses described file; If authentication is passed through,
The private key comprising in the described access response of using deciphering to obtain is decrypted described temporary key, and the temporary key that uses deciphering to obtain is decrypted described file;
The PKI that the public-key substitution comprising in the described access response obtaining with deciphering is preserved at receiving terminal, and generate new temporary key; When receiving terminal need to be closed described file, with this new temporary key, file is carried out to re-encrypted, then the PKI that uses receiving terminal to preserve is encrypted described newly-generated temporary key, and replaces with the temporary key after encrypting the temporary key of preserving at receiving terminal;
Preferably receiving terminal 40 also comprises for example mobile phone of user terminal 41(), for need to access the file of encrypting with the temporary key dynamically generating on receiving terminal user time, to transmitting terminal, send access request;
Transmitting terminal 42, for after receiving the access request that user terminal sends, returns to the PKI that comprises dynamic generation and the access response of private key to user terminal, and the static password that the PKI comprising in this access response and private key are set in advance by user is encrypted.
Further, receiving terminal 40 also for: before user terminal sends access request to transmitting terminal, the described static password that user is arranged sends to transmitting terminal; The transmitting terminal that receiving end/sending end returns is encrypted the file encryption key that described file is used, and receiving terminal is encrypted used PKI to the temporary key of dynamic generation; The described file encryption key that use receives is decrypted described file, the file after being deciphered; Using the temporary key dynamically generating to carry out after re-encrypted file, use described receiving terminal to be encrypted used PKI to the temporary key of dynamic generation, temporary key to described dynamic generation is encrypted, and temporary key and this PKI after encrypting are preserved.
Further, the temporary keys that 40 pairs of receiving terminals dynamically generate are encrypted used PKI and are: transmitting terminal is used comprising from h that hash algorithm produces 0(X) to h n(X) hash chain of a n+1 cryptographic Hash, n is greater than 0 integer; PKI in described access response is h n-i(X), the private key in described access response is sh n-i+1(X), s is system private key, and the value of i is the number of times that transmitting terminal receives described access request;
Receiving terminal 40 determines whether authentication is passed through as follows: according to the cryptographic Hash of the PKI obtaining by described hash algorithm secure processing device encrypts and the cryptographic Hash of the PKI of preserving at receiving terminal, determine whether authentication is passed through.
Further, transmitting terminal 42 also for:
Before receiving described access request, receive the described static password of user's setting of receiving terminal transmission; To receiving terminal, returning to transmitting terminal encrypts file encryption key and the receiving terminal that described file uses the temporary key of dynamic generation is encrypted to used PKI.
Further, transmitting terminal 42 also for:
After receiving access request and before backward reference response, determine whether the access times of described file are surpassed to the access times maximum that user sets in advance; Determining when the access times of described file are not surpassed to the access times maximum that user sets in advance, to user terminal, returning to the PKI that comprises dynamic generation and the access response of private key.
Preferably receiving terminal comprises mobile subscriber terminal 41, for example mobile phone.For example, by using mobile communication terminal to send the access request mode of mobile phone short message (with) and receive the PKI that comprises dynamic generation and the access response information of private key to transmitting terminal; Transmitting terminal 42 also can respond by the mode backward reference of short message.
Embodiment five:
Referring to Fig. 5, the present embodiment provides a kind of receiving terminal, and this receiving terminal comprises:
Obtain unit 50, after access request for file from mobile subscriber terminal to transmitting terminal that encrypt with the temporary key dynamically generating on sending receiving terminal at, PKI and the private key of the dynamic generation comprising in the access response that acquisition transmitting terminal returns to mobile subscriber terminal, the static password that the PKI comprising in described access response and private key are set in advance by user is encrypted; Wherein, the public key encryption that described temporary key is kept at receiving terminal and is preserved by described receiving terminal;
Decryption unit 51, PKI and private key that the password of inputting for user comprises described access response are decrypted, if Decryption failures, authentification failure; If successful decryption, the PKI obtaining according to deciphering determines with the PKI of preserving at receiving terminal whether authentication is passed through, if authentification failure forbids that user accesses described file; If authentication is passed through,
The private key comprising in the described access response of using deciphering to obtain is decrypted described temporary key, and the temporary key that uses deciphering to obtain is decrypted described file;
The PKI that the public-key substitution comprising in the described access response obtaining with deciphering is preserved at receiving terminal, and generate new temporary key; When receiving terminal need to be closed described file, with this new temporary key, file is carried out to re-encrypted, then the PKI that uses receiving terminal to preserve is encrypted described newly-generated temporary key, and replaces with the temporary key after encrypting the temporary key of preserving at receiving terminal.
Further, receiving terminal also comprises:
Ciphering unit 52, sends to transmitting terminal for the described static password that user is arranged; The transmitting terminal that receiving end/sending end returns is encrypted file encryption key and the receiving terminal that described file uses the temporary key of dynamic generation is encrypted to used PKI; The described file encryption key that use receives is decrypted described file, the file after being deciphered; Using the temporary key dynamically generating to carry out after re-encrypted file, use described receiving terminal to be encrypted used PKI to the temporary key of dynamic generation, temporary key to described dynamic generation is encrypted, and temporary key and this PKI after encrypting are preserved.
Further, 52 pairs of temporary keys that dynamically generate of ciphering unit are encrypted used PKI for comprising from h that transmitting terminal use hash algorithm produces 0(X) to h n(X) hash chain of a n+1 cryptographic Hash, n is greater than 0 integer; PKI in access response is h n-i(X), the private key in access response is sh n-i+1(X), s is system private key, and the value of i is the number of times that transmitting terminal receives access request;
Decryption unit 51 determines for: the PKI obtaining according to deciphering as follows and the PKI of preserving at receiving terminal whether authentication is passed through: the cryptographic Hash of using the PKI that described hash algorithm secure processing device encrypts obtains, whether the cryptographic Hash relatively calculating is consistent with the PKI of preserving at receiving terminal, if consistent, authentication is passed through, otherwise, authentification failure.
Embodiment six:
Referring to Fig. 6, the present embodiment provides a kind of transmitting terminal, and this transmitting terminal comprises:
Receiving element 60, the access request to the file of encrypting with the temporary key dynamically generating on receiving terminal sending for receiving mobile subscriber terminal; Wherein, the public key encryption that described temporary key is kept at receiving terminal and is preserved by described receiving terminal;
Response unit 61, for return to the PKI that comprises dynamic generation and the access response of private key to mobile subscriber terminal, the static password that the PKI comprising in described access response and private key are set in advance by user is encrypted.
Further, this transmitting terminal also comprises: transmitting element 62, before receiving described access request at receiving element, receives the described static password of user's setting of receiving terminal transmission; To receiving terminal, returning to transmitting terminal encrypts file encryption key and the receiving terminal that described file uses the temporary key of dynamic generation is encrypted to used PKI.
Further, transmitting element 62 is used hash algorithm generation to comprise from h 0(X) to h n(X) hash chain of a n+1 cryptographic Hash, the cryptographic Hash that correspondence is each is encrypted used PKI as receiving terminal to the temporary key of dynamic generation, and n is greater than 0 integer;
Described response unit 61 is by h n-i(X) as the PKI in access response, by sh n-i+1(X) as the private key in access response, s is system private key, and the value of i is the number of times that transmitting terminal receives access request.
Further, response unit 61 also for:
Before returning to described access response, determine whether the access times of described file are surpassed to the access times maximum that user sets in advance; Determining when the access times of described file are not surpassed to the access times maximum that user sets in advance, to mobile subscriber terminal, returning to the PKI that comprises dynamic generation and the access response of private key.
Further, response unit 61 for: by short message backward reference, respond.
By accompanying drawing and preferred embodiment, the present invention has been carried out to detail display and explanation above, yet the invention is not restricted to the embodiment that these have disclosed, other schemes that those skilled in the art therefrom derive are also within protection scope of the present invention.

Claims (15)

1. a file access method, is characterized in that, the method comprises:
When the file of the interim password encryption dynamically generating is used in needs access, receiving terminal sends the request of access file to transmitting terminal, and wherein, described interim password is kept at the receiving terminal of described encrypt file the public key encryption of being preserved by described receiving terminal; Then the PKI that comprises dynamic generation that receiving terminal receiving end/sending end returns and the response of private key, the static password that the PKI that described transmitting terminal returns and private key are set in advance by user is encrypted;
PKI and private key that the password of receiving terminal user input returns described transmitting terminal are decrypted, if Decryption failures, authentification failure; If successful decryption, the PKI obtaining according to deciphering determines with the PKI of preserving at receiving terminal whether authentication is passed through, if authentification failure forbids that user accesses described file; If authentication is passed through,
The private key that the described transmitting terminal that receiving terminal is used deciphering to obtain returns is decrypted described interim password, and the interim password that uses deciphering to obtain is decrypted described file;
The PKI that the public-key substitution that receiving terminal returns with transmitting terminal is preserved at receiving terminal, and generate new interim password; When receiving terminal need to be closed described file, with described new interim password, file is carried out to re-encrypted, then the PKI that uses transmitting terminal to preserve is encrypted described new temporary key, and the interim password of preserving at receiving terminal with the interim Coden replacement after encrypting.
2. the method for claim 1, is characterized in that, before sending described access request to transmitting terminal, further comprises the receiving terminal of described encrypt file:
The described static password that user is arranged sends to transmitting terminal;
File encryption key and receiving terminal that the transmitting terminal that receiving end/sending end returns is encrypted described file use are encrypted used PKI to the temporary key of described dynamic generation;
The described file encryption key that use receives is decrypted described file, the file after being deciphered;
Use the temporary key dynamically generating to carry out re-encrypted to described file, re-use receiving terminal and the temporary key of described dynamic generation is encrypted to used PKI the temporary key of described dynamic generation is encrypted, and preserve temporary key and this PKI after encrypting.
3. method as claimed in claim 1 or 2, is characterized in that, described receiving terminal is encrypted used PKI for comprising from h that transmitting terminal use hash algorithm produces to the temporary key of dynamic generation 0(X) to h n(X) hash chain of a n+1 cryptographic Hash, n is greater than 0 integer; PKI in the response that described transmitting terminal returns is h n-i(X), private key is sh n-i+1(X), s is system private key, and the value of i is the number of times that transmitting terminal receives described access request;
The described PKI obtaining according to deciphering determines that with the PKI of preserving at receiving terminal whether authentication is by specifically comprising:
Use the cryptographic Hash of the PKI that described hash algorithm secure processing device encrypts obtains, according to the described cryptographic Hash calculating and the cryptographic Hash of the PKI of preserving at receiving terminal, determine whether authentication is passed through.、
4. method as claimed in claim 1 or 2, is characterized in that, described receiving terminal comprises customer mobile terminal.
5. a method for response file access request, is characterized in that, the method comprises:
Transmitting terminal receives the access request to the file of encrypting with the dynamic temporary key generating that receiving terminal sends; Wherein, the public key encryption that described temporary key is kept at receiving terminal and is preserved by described receiving terminal;
Transmitting terminal returns to the PKI that comprises dynamic generation and the access response of private key to receiving terminal, and the static password that the PKI comprising in described access response and private key are set in advance by user is encrypted.
6. method as claimed in claim 5, is characterized in that, before transmitting terminal receives described access request, further comprises:
Transmitting terminal receives the static password that user arranges;
Transmitting terminal returns to transmitting terminal to receiving terminal and encrypts file encryption key that described file uses and receiving terminal and be used for the temporary key of dynamic generation to be encrypted and to need the PKI that uses.
7. method as claimed in claim 6, is characterized in that, transmitting terminal is used hash algorithm generation to comprise from h 0(X) to h n(X) hash chain of n+1 cryptographic Hash, the cryptographic Hash that correspondence is each is encrypted used PKI as receiving terminal to the temporary key of dynamic generation, and wherein n is greater than 0 integer; PKI in the described access response that transmitting terminal returns is h n-i(X), the private key in described access response is sh n-i+1(X), s is system private key, and the value of i is the number of times that transmitting terminal receives described access request.
8. the method as described in claim 5 or 6 or 7, is characterized in that, after transmitting terminal receives described access request and before returning to described response, further comprises:
Transmitting terminal determines whether user surpasses to the access times of described file the access times maximum that user sets in advance;
Described transmitting terminal returns to the PKI that comprises dynamic generation and the access response of private key specifically comprises to receiving terminal:
Described transmitting terminal, when determining the access times maximum that user does not set in advance over user the access times of described file, comprises the response of PKI and the private key of dynamic generation described in returning.
9. a file access system, is characterized in that, this system comprises receiving terminal and transmitting terminal, wherein,
When receiving terminal sends the access request of the file that the temporary key with dynamically generating is encrypted to transmitting terminal, PKI and the private key of the dynamic generation comprising in the access response that receiving terminal acquisition transmitting terminal returns, the static password that the PKI comprising in described access response and private key are set in advance by user is encrypted; Wherein, the public key encryption that described temporary key is kept at receiving terminal and is preserved by described receiving terminal;
The password of receiving terminal user input is decrypted the PKI comprising in described access response and private key, if Decryption failures, authentification failure; If successful decryption, the PKI obtaining according to deciphering determines with the PKI of preserving at receiving terminal whether authentication is passed through, if authentification failure forbids that user accesses described file; If authentication is passed through,
The private key comprising in the described response that receiving terminal is used deciphering to obtain is decrypted described temporary key, and the temporary key that uses deciphering to obtain is decrypted described file;
The PKI that the public-key substitution comprising in the access response that receiving terminal obtains with deciphering is preserved at receiving terminal, and generate new temporary key; When needs are closed described file, receiving terminal carries out re-encrypted with this new temporary key to file, then the PKI that uses receiving terminal to preserve is encrypted described newly-generated temporary key, and replaces with the temporary key after encrypting the temporary key of preserving at receiving terminal;
Transmitting terminal is used for receiving the described access request of receiving terminal to the file of the temporary key encryption with dynamically generating, and after receiving described access request, returns to described access response.
10. a kind of file access system as claimed in claim 9, it is characterized in that, described receiving terminal also comprises mobile subscriber terminal, when user need to access the file of encrypting with the temporary key dynamically generating, by described mobile subscriber terminal, to transmitting terminal, send the response that access request receiving end/sending end return.
11. 1 kinds of receiving terminals, is characterized in that, this receiving terminal comprises:
Obtain unit, for when sending the access request of the file that the temporary key with dynamically generating is encrypted to transmitting terminal, the PKI that comprises dynamic generation that receiving end/sending end returns and the access response of private key, the static password that the PKI comprising in described access response and private key are set in advance by user is encrypted; Wherein, the public key encryption that described temporary key is kept at receiving terminal and is preserved by described receiving terminal;
Decryption unit, PKI and private key that the password of inputting for user comprises described access response are decrypted, if Decryption failures, authentification failure; If successful decryption, the PKI obtaining according to deciphering determines with the PKI of preserving at receiving terminal whether authentication is passed through, if authentification failure forbids that user accesses described file; If authentication is passed through,
The private key comprising in the described access response of using deciphering to obtain is decrypted described temporary key, and the temporary key that uses deciphering to obtain is decrypted described file;
The PKI that the public-key substitution comprising in the described access response obtaining with deciphering is preserved at receiving terminal, and generate new temporary key; When receiving terminal need to be closed described file, with described new temporary key, file is carried out to re-encrypted, then the PKI that uses receiving terminal to preserve is encrypted described new temporary key, and replaces with the temporary key after encrypting the temporary key of preserving at receiving terminal.
12. 1 kinds of transmitting terminals, is characterized in that, this transmitting terminal comprises:
Receiving element, for receiving the access request of receiving terminal to the file of the temporary key encryption with dynamically generating; Wherein, described temporary key is kept at the receiving terminal of described encrypt file the public key encryption of being preserved by described receiving terminal;
Response unit, for return to the PKI that comprises dynamic generation and the access response of private key to described receiving terminal, the static password that the PKI comprising in described access response and private key are set in advance by user is encrypted.
13. transmitting terminals as claimed in claim 12, is characterized in that, this transmitting terminal also comprises:
Transmitting element, before receiving described access request at receiving element, receives the described static password that user arranges; To receiving terminal, returning to transmitting terminal encrypts file encryption key and the described receiving terminal that described file uses the temporary key of dynamic generation is encrypted to used PKI.
14. transmitting terminals as claimed in claim 13, is characterized in that, described transmitting element also for:
Using hash algorithm to produce comprises from h 0(X) to h n(X) hash chain of n+1 cryptographic Hash, the cryptographic Hash that correspondence is each is encrypted used PKI as receiving terminal to the temporary key of dynamic generation, and wherein n is greater than 0 integer;
Described response unit is by h n-i(X) as the PKI in access response, by sh n-i+1(X) as the private key in access response, s is system private key, and the value of i is the number of times that transmitting terminal receives access request.
15. transmitting terminals as described in any one in claim 12 to 14, is characterized in that, described response unit also for:
Before returning to described access response, determine whether the access times of described file are surpassed to the access times maximum that user sets in advance; Determining when the access times of described file are not surpassed to the access times maximum that user sets in advance, returning to the PKI that comprises dynamic generation and the access response of private key.
CN201210366938.6A 2012-09-27 2012-09-27 Document access method, system and equipment and document access request response method, system and equipment Pending CN103701596A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201210366938.6A CN103701596A (en) 2012-09-27 2012-09-27 Document access method, system and equipment and document access request response method, system and equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201210366938.6A CN103701596A (en) 2012-09-27 2012-09-27 Document access method, system and equipment and document access request response method, system and equipment

Publications (1)

Publication Number Publication Date
CN103701596A true CN103701596A (en) 2014-04-02

Family

ID=50363002

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201210366938.6A Pending CN103701596A (en) 2012-09-27 2012-09-27 Document access method, system and equipment and document access request response method, system and equipment

Country Status (1)

Country Link
CN (1) CN103701596A (en)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106664206A (en) * 2014-06-18 2017-05-10 维萨国际服务协会 Efficient methods for authenticated communication
CN106682520A (en) * 2016-11-17 2017-05-17 精硕科技(北京)股份有限公司 Data exchange method and system
WO2018053844A1 (en) * 2016-09-26 2018-03-29 华为技术有限公司 Security authentication method, integrated circuit and system
CN108268797A (en) * 2017-01-04 2018-07-10 珠海金山办公软件有限公司 A kind of offline document operation duration method for limiting and device
CN108521419A (en) * 2018-04-04 2018-09-11 广州赛姆科技资讯股份有限公司 Access processing method, device and the computer equipment of observation system file
CN108537052A (en) * 2018-04-04 2018-09-14 广州赛姆科技资讯股份有限公司 The access response method, apparatus and internal control safety monitor system of observation system file
CN111586062A (en) * 2020-05-11 2020-08-25 广州中科智巡科技有限公司 Method and system for label management
CN112437044A (en) * 2020-11-03 2021-03-02 建信金融科技有限责任公司 Instant messaging method and device
CN113221134A (en) * 2021-04-09 2021-08-06 北京复兴华创技术有限公司 Offline security data exchange method and device
CN117411728A (en) * 2023-12-14 2024-01-16 成都极数链科技有限公司 Personnel resume privatization management method, computer equipment and storage medium

Cited By (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11394697B2 (en) 2014-06-18 2022-07-19 Visa International Service Association Efficient methods for authenticated communication
US10574633B2 (en) 2014-06-18 2020-02-25 Visa International Service Association Efficient methods for authenticated communication
CN106664206A (en) * 2014-06-18 2017-05-10 维萨国际服务协会 Efficient methods for authenticated communication
US12021850B2 (en) 2014-06-18 2024-06-25 Visa International Service Association Efficient methods for authenticated communication
WO2018053844A1 (en) * 2016-09-26 2018-03-29 华为技术有限公司 Security authentication method, integrated circuit and system
CN106682520A (en) * 2016-11-17 2017-05-17 精硕科技(北京)股份有限公司 Data exchange method and system
CN108268797A (en) * 2017-01-04 2018-07-10 珠海金山办公软件有限公司 A kind of offline document operation duration method for limiting and device
CN108268797B (en) * 2017-01-04 2021-12-03 珠海金山办公软件有限公司 Offline document operation duration limiting method and device
CN108521419A (en) * 2018-04-04 2018-09-11 广州赛姆科技资讯股份有限公司 Access processing method, device and the computer equipment of observation system file
CN108537052A (en) * 2018-04-04 2018-09-14 广州赛姆科技资讯股份有限公司 The access response method, apparatus and internal control safety monitor system of observation system file
CN111586062A (en) * 2020-05-11 2020-08-25 广州中科智巡科技有限公司 Method and system for label management
CN112437044A (en) * 2020-11-03 2021-03-02 建信金融科技有限责任公司 Instant messaging method and device
CN112437044B (en) * 2020-11-03 2022-12-13 建信金融科技有限责任公司 Instant messaging method and device
CN113221134B (en) * 2021-04-09 2024-03-22 北京复兴华创技术有限公司 Offline secure data exchange method and device
CN113221134A (en) * 2021-04-09 2021-08-06 北京复兴华创技术有限公司 Offline security data exchange method and device
CN117411728A (en) * 2023-12-14 2024-01-16 成都极数链科技有限公司 Personnel resume privatization management method, computer equipment and storage medium
CN117411728B (en) * 2023-12-14 2024-02-13 成都极数链科技有限公司 Personnel resume privatization management method, computer equipment and storage medium

Similar Documents

Publication Publication Date Title
CN110855671B (en) Trusted computing method and system
CN107251035B (en) Account recovery protocol
CN103701596A (en) Document access method, system and equipment and document access request response method, system and equipment
CN106104562B (en) System and method for securely storing and recovering confidential data
JP6399382B2 (en) Authentication system
CN104660605B (en) A kind of multiple-factor auth method and its system
CN103237305B (en) Password protection method for smart card on facing moving terminal
CN107920052B (en) Encryption method and intelligent device
CN109684129B (en) Data backup recovery method, storage medium, encryption machine, client and server
CN101815091A (en) Cipher providing equipment, cipher authentication system and cipher authentication method
US11438316B2 (en) Sharing encrypted items with participants verification
CN101621794A (en) Method for realizing safe authentication of wireless application service system
CN108809936B (en) Intelligent mobile terminal identity verification method based on hybrid encryption algorithm and implementation system thereof
CN107181589B (en) Bastion machine private key management method and device
CN105553654A (en) Key information query processing method and device and key information management system
US20160021101A1 (en) Method for backing up a user secret and method for recovering a user secret
CN102404337A (en) Data encryption method and device
CN113411187A (en) Identity authentication method and system, storage medium and processor
CN106656955A (en) Communication method and system and user terminal
CN101924635A (en) Method and device for user identity authentication
KR101358375B1 (en) Prevention security system and method for smishing
CN108737087B (en) Protection method for mailbox account password and computer readable storage medium
CN106257859A (en) A kind of password using method
CN103685239A (en) Real-time encryption and decryption system and real-time encryption and decryption method for mobile products
CN100561913C (en) A kind of method of access code equipment

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20140402