CN104361279A - Data encryption method and device - Google Patents
Data encryption method and device Download PDFInfo
- Publication number
- CN104361279A CN104361279A CN201410658053.2A CN201410658053A CN104361279A CN 104361279 A CN104361279 A CN 104361279A CN 201410658053 A CN201410658053 A CN 201410658053A CN 104361279 A CN104361279 A CN 104361279A
- Authority
- CN
- China
- Prior art keywords
- encryption
- data
- file
- decruption key
- cryptographic algorithm
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 17
- 238000013479 data entry Methods 0.000 claims description 12
- 235000012364 Peperomia pellucida Nutrition 0.000 claims description 5
- 240000007711 Peperomia pellucida Species 0.000 claims description 5
- 239000002131 composite material Substances 0.000 claims description 5
- 238000005192 partition Methods 0.000 claims description 5
- 238000005516 engineering process Methods 0.000 description 7
- 238000012546 transfer Methods 0.000 description 5
- 238000010586 diagram Methods 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 230000008859 change Effects 0.000 description 2
- 239000002775 capsule Substances 0.000 description 1
- 230000008878 coupling Effects 0.000 description 1
- 238000010168 coupling process Methods 0.000 description 1
- 238000005859 coupling reaction Methods 0.000 description 1
- 230000007123 defense Effects 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
Abstract
The invention provides a data encryption method and device. The method comprises the following steps: generating an encryption algorithm file and a corresponding decryption key file; loading the encryption algorithm file to an encryption data inlet and loading the corresponding decryption key file to an externally connected USBKey encryption device; selecting the encryption algorithm file for encrypting the to-be-encrypted data by the encryption data inlet; if the data operation is to be performed on the encrypted data, calling for the corresponding decryption key file in the USBKey encryption device for decrypting the encrypted data by the encryption data inlet. According to the invention, on the basis of different high-strength encryption algorithms, a one-algorithm one-key mode is utilized to encrypt and decrypt user data, so that the safety of the encryption data is increased.
Description
Technical field
The present invention relates to technical field of data security, particularly relate to a kind of data ciphering method and device.
Background technology
Along with the fast development of computer networking technology, infotech, the digitizing industries such as such as ecommerce just worldwide emerge rapidly.That government, enterprise or individual rely on Computer Storage information gradually, and by network delivery, exchange capsule information and negotiating business.No matter these information are personal information or department information, no matter be military information or business information, will be stored in the form of electronic document on unit, server or network in any client computer before carrying out processing and transmit, therefore the safe storage of electronic document becomes the most important condition realizing information security.
Generally needs are all encrypted at the significant data file of transmission over networks, maintaining secrecy on the one hand in order to transfer files between Logistics networks, even if on the other hand also in order to ensure that transfer files does not leak important information wherein after stolen yet.
Along with people increase the dependence of Computer Storage, transmission of information, the level of security needed can be more and more higher, the all safe precaution measure of network design, but most of safety product only supports the weak encryption algorithm of less than 40, for some malicious persons, still likely understood how to break through these safe precaution measures by them, walk around last line of defense, steal confidential data, cause damage.
Summary of the invention
In order to solve the problems of the technologies described above, the invention provides a kind of data ciphering method and device, the security of data can be improved.
In order to reach the object of the invention, the invention provides a kind of data ciphering method, comprising: generate cryptographic algorithm file and corresponding decruption key file; By described cryptographic algorithm files loading to enciphered data entrance, by the decruption key files loading of described correspondence to USBKey encryption device; Described enciphered data entrance Choice encryption algorithm file is to needing being encrypted of the data of encryption; If need to carry out data manipulation to the data of encryption, the data of encrypting described in decruption key file decryption corresponding in described enciphered data entry call USBKey encryption device.
Further, described generation cryptographic algorithm file and corresponding decruption key file, comprising: generate cryptographic algorithm file and corresponding decruption key file by high strength encrypting algorithm; Wherein, the cryptographic algorithm file that described high strength encrypting algorithm generates at every turn is not identical with corresponding decruption key file, and described cryptographic algorithm file and corresponding decruption key file are man-to-man corresponding relations.
Further, described enciphered data entrance Choice encryption algorithm file, to needing being encrypted of the data of encryption, comprising: described enciphered data entrance selects the data of needs encryption, and data rank is file, file, disk partition or monoblock disk; Described enciphered data entrance comprises at least one cryptographic algorithm file, and Choice encryption algorithm file is encrypted needing the data of encryption.
Further, described Choice encryption algorithm file is encrypted needing the data of encryption, comprise: select a cryptographic algorithm file to encrypt separately the data that needs are encrypted, or select multiple cryptographic algorithm file to carry out complex encryption to needing the data of encryption; After the data of described Choice encryption algorithm file to needs encryption are encrypted, comprising: encrypted the rear data hiding described encryption.
Further, the data of encrypting described in decruption key file decryption corresponding in described enciphered data entry call USBKey encryption device, comprise: if the file of encryption separately, the data of encrypting described in a decruption key file decryption corresponding in described enciphered data entry call USBKey encryption device; If the file of complex encryption, multiple decruption key files corresponding in described enciphered data entry call USBKey encryption device, and the data of described encryption are deciphered according to composite strategy.
A kind of data encryption device, comprising: generation module, for generating cryptographic algorithm file and corresponding decruption key file; Registering modules, for by described cryptographic algorithm files loading to enciphered data entrance, by the decruption key files loading of described correspondence to USBKey encryption device; Encrypting module, for Choice encryption algorithm file to needing being encrypted of the data of encryption; Deciphering module, for connecting described USBKey encryption device, if need to carry out data manipulation to the data of encryption, calls the data of encrypting described in decruption key file decryption corresponding in USBKey encryption device.
Further, generation module, specifically for generating cryptographic algorithm file and corresponding decruption key file by high strength encrypting algorithm; Wherein, the cryptographic algorithm file that described high strength encrypting algorithm generates at every turn is not identical with corresponding decruption key file, and described cryptographic algorithm file and corresponding decruption key file are man-to-man corresponding relations.
Further, described encrypting module, specifically for: select the data needing encryption, data rank is file, file, disk partition or monoblock disk; Described encrypting module comprises at least one cryptographic algorithm file, and Choice encryption algorithm file is encrypted needing the data of encryption, has encrypted the rear data hiding described encryption.
Further, described encrypting module, specifically for: select a cryptographic algorithm file to encrypt separately needing the data of encryption, or select multiple cryptographic algorithm file to carry out complex encryption to needing the data of encryption.
Further, described deciphering module, specifically for if the file of encryption separately, calls the data of encrypting described in a decruption key file decryption corresponding in USBKey encryption device; If the file of complex encryption, call multiple decruption key files corresponding in USBKey encryption device, and decipher the data of described encryption according to composite strategy.
Compared with prior art, the present invention includes: generate cryptographic algorithm file and corresponding decruption key file; By described cryptographic algorithm files loading to enciphered data entrance, by the decruption key files loading of described correspondence to USBKey encryption device; Described enciphered data entrance Choice encryption algorithm file is to needing being encrypted of the data of encryption; If need to carry out data manipulation to the data of encryption, the data of encrypting described in decruption key file decryption corresponding in described enciphered data entry call USBKey encryption device.The present invention is based on USBKey technology, by different high strength encrypting algorithms, utilize the mode of algorithm one key to encrypt and decrypt user data, improve the security of enciphered data.When Missing data or hardware device are sold, lease, during transfer, does not have USBKey encryption device can ensure can not operating of data yet, further increases the security of data.
Accompanying drawing explanation
Fig. 1 is the schematic flow sheet of data ciphering method of the present invention.
Fig. 2 is that cryptographic algorithm of the present invention generates and registration schematic diagram.
Fig. 3 is the schematic diagram that the present invention is encrypted data.
Fig. 4 is the schematic diagram of the present invention to decrypt data.
Fig. 5 is the structural representation of data encryption device of the present invention.
Embodiment
Below in conjunction with accompanying drawing, the present invention is described in further detail.By these exemplifying embodiments of enough detailed description, those skilled in the art are made to put into practice the present invention.Without departing from the spirit and scope in the present invention, can to implement to make logic, realize and other change.
Hardware digital certificate carrier USBKey is the hardware device of a kind of USB (universal serial bus) (USB, Universal SerialBus) interface.Its built-in single-chip microcomputer or intelligent card chip, has certain storage space, can store private key and the digital certificate of user, and the public key algorithm utilizing USBKey built-in realizes the certification to user identity.Because private key for user is kept in coded lock, make in theory all cannot read in any way, therefore ensure that the security of user authentication.
The present invention is based on USBKey technology and realize data encryption and decryption, Fig. 1 is the schematic flow sheet of data ciphering method of the present invention, as shown in Figure 1, comprising:
Step 11, generates cryptographic algorithm file and corresponding decruption key (key) file by cryptographic algorithm.
In this step, can referring to shown in Fig. 2, the high strength encrypting algorithm provided by cryptographic algorithm generator program generates cryptographic algorithm file and corresponding decruption key file, and this cryptographic algorithm file is used for being encrypted data, and decruption key file is used for decrypt data.
The cryptographic algorithm file that high strength encrypting algorithm generates at every turn is not identical with corresponding decruption key file, cryptographic algorithm file and decruption key file are man-to-man relations, namely the algorithm that cryptographic algorithm file provides is encrypted needing the data of encryption, and the key only having corresponding decruption key file to provide could to the decrypt data of this encryption.
Step 12, by cryptographic algorithm files loading to enciphered data entrance, by the decruption key files loading of correspondence to external USBKey encryption device.
In this step, cryptographic algorithm file and decruption key file are all sightless for user, after the decruption key file generated of cryptographic algorithm file and correspondence, can referring to shown in Fig. 2, in the catalogue of cryptographic algorithm files loading being specified to enciphered data entrance by cryptographic algorithm accreditation process, by decruption key files loading in the storage area of USBKey encryption device.
Step 13, enciphered data entrance Choice encryption algorithm file, to needing being encrypted of the data of encryption, has encrypted the rear data hiding this encryption.
In this step, can referring to shown in Fig. 3, select by enciphered data entrance the data needing encryption, data rank can be file, file, disk partition or monoblock disk.
Enciphered data entrance comprises at least one cryptographic algorithm file, Choice encryption algorithm file is encrypted needing the data of encryption, namely a cryptographic algorithm file can being selected to encrypt separately needing the data of encryption, multiple cryptographic algorithm file also can be selected to carry out complex encryption to needing the data of encryption.
Automatically hide after data encryption completes, user is invisible under an operating system, and the sole inlet of encrypt file is enciphered data entrance.
Step 14, if need to carry out data manipulation to the data of encryption, the data of this encryption of decruption key file decryption corresponding in enciphered data entry call USBKey encryption device.
In this step, can referring to shown in Fig. 4, if need to carry out data manipulation to the data of encryption, the data needing the encryption carrying out data manipulation are selected by enciphered data entrance, automatically decruption key file corresponding in USBKey encryption device is searched, data manipulation can be carried out to enciphered data after coupling, comprise check, move, copy, the operation such as deletion.
If the file of encryption separately, the data of this encryption of a decruption key file decryption corresponding in enciphered data entry call USBKey encryption device.If the file of complex encryption, multiple decruption key files corresponding in enciphered data entry call USBKey encryption device, and the data of this encryption are deciphered according to composite strategy.
The present invention is based on USBKey technology, by different high strength encrypting algorithms, utilize the mode of algorithm one key to encrypt and decrypt user data, improve the security of enciphered data.When Missing data or hardware device are sold, lease, during transfer, does not have USBKey encryption device can ensure can not operating of data yet, further increases the security of data.
Fig. 5 is the structural representation of data encryption device of the present invention, as shown in Figure 5, comprising:
Generation module, for generating cryptographic algorithm file and corresponding decruption key file by cryptographic algorithm;
Registering modules, for by cryptographic algorithm files loading to enciphered data entrance, by the decruption key files loading of correspondence to external USBKey encryption device;
Encrypting module, for Choice encryption algorithm file to needing being encrypted of the data of encryption, has encrypted the rear data hiding this encryption;
Deciphering module, for connecting USBKey encryption device, if need to carry out data manipulation to the data of encryption, calls the data of this encryption of decruption key file decryption corresponding in USBKey encryption device.
Device and the data ciphering method of data encryption and decryption of the present invention are corresponding, and therefore, the concrete details that realizes referring to data ciphering method, can be not repeated herein.
The present invention is based on USBKey technology, by different high strength encrypting algorithms, utilize the mode of algorithm one key to encrypt and decrypt user data, improve the security of enciphered data.When Missing data or hardware device are sold, lease, during transfer, does not have USBKey encryption device can ensure can not operating of data yet, further increases the security of data.
Be to be understood that, although this instructions is described according to embodiment, but not each embodiment only comprises an independently technical scheme, this narrating mode of instructions is only for clarity sake, those skilled in the art should by instructions integrally, technical scheme in each embodiment also through appropriately combined, can form other embodiments that it will be appreciated by those skilled in the art that.
A series of detailed description listed is above only illustrating for feasibility embodiment of the present invention; they are not for limiting the scope of the invention, all do not depart from equivalent implementations that skill of the present invention spirit does or change all should be included within protection scope of the present invention.
Claims (10)
1. a data ciphering method, is characterized in that, comprising:
Generate cryptographic algorithm file and corresponding decruption key file;
By described cryptographic algorithm files loading to enciphered data entrance, by the decruption key files loading of described correspondence to external USBKey encryption device;
Described enciphered data entrance Choice encryption algorithm file is to needing being encrypted of the data of encryption;
If need to carry out data manipulation to the data of encryption, the data of encrypting described in decruption key file decryption corresponding in described enciphered data entry call USBKey encryption device.
2. method according to claim 1, is characterized in that, described generation cryptographic algorithm file and corresponding decruption key file, comprising:
Cryptographic algorithm file and corresponding decruption key file is generated by high strength encrypting algorithm;
Wherein, the cryptographic algorithm file that described high strength encrypting algorithm generates at every turn is not identical with corresponding decruption key file, and described cryptographic algorithm file and corresponding decruption key file are man-to-man corresponding relations.
3. method according to claim 1 and 2, is characterized in that, described enciphered data entrance Choice encryption algorithm file, to needing being encrypted of the data of encryption, comprising:
Described enciphered data entrance selects the data needing encryption, and data rank is file, file, disk partition or monoblock disk;
Described enciphered data entrance comprises at least one cryptographic algorithm file, and Choice encryption algorithm file is encrypted needing the data of encryption.
4. method according to claim 3, is characterized in that, described Choice encryption algorithm file is encrypted needing the data of encryption, comprising:
Select a cryptographic algorithm file to encrypt separately needing the data of encryption, or select multiple cryptographic algorithm file to carry out complex encryption to needing the data of encryption;
After the data of described Choice encryption algorithm file to needs encryption are encrypted, comprising: encrypted the rear data hiding described encryption.
5. method according to claim 4, is characterized in that, the data of encrypting described in decruption key file decryption corresponding in described enciphered data entry call USBKey encryption device, comprising:
If the file of encryption separately, the data of encrypting described in a decruption key file decryption corresponding in described enciphered data entry call USBKey encryption device;
If the file of complex encryption, multiple decruption key files corresponding in described enciphered data entry call USBKey encryption device, and the data of described encryption are deciphered according to composite strategy.
6. a data encryption device, is characterized in that, comprising:
Generation module, for generating cryptographic algorithm file and corresponding decruption key file;
Registering modules, for by described cryptographic algorithm files loading to enciphered data entrance, by the decruption key files loading of described correspondence to external USBKey encryption device;
Encrypting module, for Choice encryption algorithm file to needing being encrypted of the data of encryption;
Deciphering module, for connecting described USBKey encryption device, if need to carry out data manipulation to the data of encryption, calls the data of encrypting described in decruption key file decryption corresponding in USBKey encryption device.
7. device according to claim 6, is characterized in that, described generation module, specifically for generating cryptographic algorithm file and corresponding decruption key file by high strength encrypting algorithm; Wherein, the cryptographic algorithm file that described high strength encrypting algorithm generates at every turn is not identical with corresponding decruption key file, and described cryptographic algorithm file and corresponding decruption key file are man-to-man corresponding relations.
8. the device according to claim 6 or 7, is characterized in that, described encrypting module, specifically for: select the data needing encryption, data rank is file, file, disk partition or monoblock disk; Described encrypting module comprises at least one cryptographic algorithm file, and Choice encryption algorithm file is encrypted needing the data of encryption, has encrypted the rear data hiding described encryption.
9. device according to claim 8, it is characterized in that, described encrypting module, specifically for: select a cryptographic algorithm file to encrypt separately needing the data of encryption, or select multiple cryptographic algorithm file to carry out complex encryption to needing the data of encryption.
10. device according to claim 9, is characterized in that, described deciphering module, specifically for if the file of encryption separately, calls the data of encrypting described in a decruption key file decryption corresponding in USBKey encryption device; If the file of complex encryption, call multiple decruption key files corresponding in USBKey encryption device, and decipher the data of described encryption according to composite strategy.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410658053.2A CN104361279A (en) | 2014-11-18 | 2014-11-18 | Data encryption method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410658053.2A CN104361279A (en) | 2014-11-18 | 2014-11-18 | Data encryption method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104361279A true CN104361279A (en) | 2015-02-18 |
Family
ID=52528538
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410658053.2A Pending CN104361279A (en) | 2014-11-18 | 2014-11-18 | Data encryption method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104361279A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106411500A (en) * | 2016-10-18 | 2017-02-15 | 林少忠 | Data encryption method in communication process |
| CN106446697A (en) * | 2016-07-26 | 2017-02-22 | 邬超 | Method and device for saving private data |
| CN112434324A (en) * | 2020-12-17 | 2021-03-02 | 合肥大唐存储科技有限公司 | Data processing equipment |
| CN114598466A (en) * | 2022-03-08 | 2022-06-07 | 山东云海国创云计算装备产业创新中心有限公司 | Production data processing method and device, computer equipment and storage medium |
-
2014
- 2014-11-18 CN CN201410658053.2A patent/CN104361279A/en active Pending
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106446697A (en) * | 2016-07-26 | 2017-02-22 | 邬超 | Method and device for saving private data |
| CN106411500A (en) * | 2016-10-18 | 2017-02-15 | 林少忠 | Data encryption method in communication process |
| CN112434324A (en) * | 2020-12-17 | 2021-03-02 | 合肥大唐存储科技有限公司 | Data processing equipment |
| CN112434324B (en) * | 2020-12-17 | 2024-03-19 | 合肥大唐存储科技有限公司 | Data processing equipment |
| CN114598466A (en) * | 2022-03-08 | 2022-06-07 | 山东云海国创云计算装备产业创新中心有限公司 | Production data processing method and device, computer equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10305688B2 (en) | Method, apparatus, and system for cloud-based encryption machine key injection | |
| US10187200B1 (en) | System and method for generating a multi-stage key for use in cryptographic operations | |
| US11063754B2 (en) | Systems, devices, and methods for hybrid secret sharing | |
| CN100490372C (en) | A method for backup and recovery of encryption key | |
| US9166793B2 (en) | Efficient authentication for mobile and pervasive computing | |
| CN105760764B (en) | Encryption and decryption method and device for embedded storage device file and terminal | |
| CN103138939B (en) | Based on the key access times management method of credible platform module under cloud memory module | |
| CN102710414B (en) | Randomized document block encryption method | |
| Rezaeighaleh et al. | New secure approach to backup cryptocurrency wallets | |
| CN110059458B (en) | User password encryption authentication method, device and system | |
| CN103580855B (en) | Usbkey management method based on sharing technology | |
| CN105100076A (en) | Cloud data security system based on USB Key | |
| CN104868996A (en) | Data encryption and decryption method, device thereof, and terminal | |
| JP7160605B2 (en) | Method and system for secure data transfer | |
| CN107453880B (en) | Cloud data secure storage method and system | |
| US11424919B2 (en) | Protecting usage of key store content | |
| CN102236756A (en) | File encryption method based on TCM (trusted cryptography module) and USBkey | |
| CN105072107A (en) | System and method for enhancing data transmission and storage security | |
| CN102025744A (en) | Import and export system of virtual machine image in cloud computing | |
| CN111970114B (en) | File encryption method, system, server and storage medium | |
| CN103378971A (en) | Data encryption system and method | |
| CN103544453A (en) | USB (universal serial bus) KEY based virtual desktop file protection method and device | |
| CN102726028A (en) | Encryption method, decryption method, and corresponding device and system | |
| CN104866784A (en) | BIOS encryption-based safety hard disk, and data encryption and decryption method | |
| CN104361279A (en) | Data encryption method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20150218 |
|
| WD01 | Invention patent application deemed withdrawn after publication |