CN104917787A - File secure sharing method and system based on group key - Google Patents

File secure sharing method and system based on group key Download PDF

Info

Publication number
CN104917787A
CN104917787A CN201410086634.3A CN201410086634A CN104917787A CN 104917787 A CN104917787 A CN 104917787A CN 201410086634 A CN201410086634 A CN 201410086634A CN 104917787 A CN104917787 A CN 104917787A
Authority
CN
China
Prior art keywords
group
key
user terminal
management
ciphertext
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201410086634.3A
Other languages
Chinese (zh)
Other versions
CN104917787B (en
Inventor
刘国荣
沈军
金华敏
冯明
汪来富
刘东鑫
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Telecom Corp Ltd
Original Assignee
China Telecom Corp Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Telecom Corp Ltd filed Critical China Telecom Corp Ltd
Priority to CN201410086634.3A priority Critical patent/CN104917787B/en
Publication of CN104917787A publication Critical patent/CN104917787A/en
Application granted granted Critical
Publication of CN104917787B publication Critical patent/CN104917787B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Storage Device Security (AREA)

Abstract

The invention discloses a file secure sharing method and system based on a group key. When a first user terminal shares an original file, the original file is encrypted by use of a work key so as to generate an encryption file, the work key is encrypted by use of the group key so as to generate key cryptograph, and the encryption file and the key cryptograph are uploaded to a shared storage server; a second user terminal downloads a specific encryption file, a key cryptograph associated with the specific encryption file, and a group identification from the shared storage server; and the second user terminal, when determining that the downloaded group identification is the group identification of a group where the second user terminal is located, decrypts the key cryptograph by use of the group key and decrypts the encryption file by use of the work key so as to obtain the original file. According to the invention, the work key is encrypted by use of the group key, the encryption file can be securely and flexibly shared with user controllability and easy key management, and the risk that a user file is leaked in a sharing process is reduced.

Description

File security based on group key shares method and system
Technical field
The present invention relates to the communications field, particularly a kind of file security based on group key shares method and system.
Background technology
Along with the fast development of internet, applications, user data is worth and constantly promotes, the fail safe of user to information services such as cloud storages is had higher requirement, how while lifting secure user data, the safe sharing realizing data becomes the main difficult technical of the service facing such as current cloud storage, and the File Sharing Technique scheme that current industry is main or system exist following problems:
1, expressly in conjunction with the secret sharing of granted access,
Because file is with stored in clear, therefore fail safe is low;
2, Cryptograph Sharing scheme:
1) server end encryption and decryption, presence server side key is divulged a secret risk, and user's control ability is not enough, especially under many tenants application scenarioss such as cloud computing, there is larger potential safety hazard;
2), there is key updating, managerial difficulty in user side encryption and decryption.
Summary of the invention
The embodiment of the present invention provides a kind of file security based on group key to share method and system.There is the problems such as user's autonomous control ability deficiency, key and shared management and group difficulty for existing safe storage scheme, propose on traditional file encryption basis, adopt group key encrypt file key, by the distribution of group administrator's differentiated control group key, the method for renewal, on the basis meeting subscriber data file storage security, flexible, that user is controlled, key is easy to management encrypt file safe sharing can be realized, reduce the risk that user file is divulged a secret in shared procedure.
According to an aspect of the present invention, provide a kind of file security based on group key to share method, comprising:
First user terminal, when shared original document, utilizes working key to be encrypted to generate encrypt file by original document, utilizes pre-configured group key to be encrypted to generate key ciphertext to working key;
Encrypt file and key ciphertext are uploaded to shared storage server by first user terminal;
Share storage server storage encryption file and key ciphertext, and the group identification of encrypt file, key ciphertext and first user terminal place group is associated;
Second user terminal, when obtaining the encrypt file of specifying, downloads the encrypt file of specifying, the key ciphertext be associated with the encrypt file of specifying and group identification from shared storage server;
Second user terminal judges that whether the group identification downloaded is the group identification of the second user terminal place group;
If the group identification downloaded is the group identification of the second user terminal place group, then the second user terminal utilizes pre-configured group key to be decrypted to obtain working key to the key ciphertext downloaded, and utilizes the working key obtained to be decrypted to obtain original document to the encrypt file downloaded.
In one embodiment, if the group identification downloaded is not the group identification of the second user terminal place group, then the key ciphertext of download and group identification are sent to the second management and group device by the second user terminal, and wherein the second management and group device is the manager of the second user terminal place group;
Second management and group device sends cipher key acquisition request to the first management and group device, and wherein the first management and group device is the manager of the first group, and the first group is associated with the group identification of described download;
First management and group device utilizes the group key of higher level's group key to the first group pre-set to be encrypted, and to obtain group key ciphertext, and group key ciphertext is sent to the second management and group device;
Second management and group device utilizes the higher level's group key pre-set to be decrypted group key ciphertext, to obtain the group key of the first group, utilize the group key of the first group to be decrypted to obtain working key to the key ciphertext downloaded, the working key obtained is sent to the second user terminal;
Second user terminal utilizes the working key received to be decrypted to obtain original document to the encrypt file downloaded.
In one embodiment, if the group identification downloaded is not the group identification of the second user terminal place group, then the key ciphertext of download and group identification are sent to the second management and group device by the second user terminal, and wherein the second management and group device is the manager of the second user terminal place group;
Second management and group device sends cipher key acquisition request to the first management and group device, and wherein cipher key acquisition request comprises the key ciphertext of download, and the first management and group device is the manager of the first group, and the first group is associated with the group identification of described download;
First management and group device utilizes the group key of the first group to be decrypted to obtain working key to key ciphertext, the higher level's group key pre-set is utilized to be encrypted the working key obtained, to obtain working key ciphertext, and working key ciphertext is sent to the second management and group device;
Second management and group device utilizes the higher level's group key pre-set to be decrypted to obtain working key to working key ciphertext, and the working key obtained is sent to the second user terminal;
Second user terminal utilizes the working key received to be decrypted to obtain original document to the encrypt file downloaded.
In one embodiment, the step that first user terminal utilizes working key to be encrypted original document to generate encrypt file comprises:
First user terminal stochastic generation working key;
First user terminal utilizes the working key of stochastic generation to be encrypted to generate encrypt file by original document.
In one embodiment, management and group device in designated group is when upgrading the group key in described designated group, to identifying with designated group the whole key ciphertexts be associated and upgrade in shared storage server be stored in, so as described whole key ciphertext only can use renewal after group key be decrypted;
Group key after described renewal is sent to each user terminal in described designated group by the management and group device in described designated group.
In one embodiment, the management and group device in designated group, when upgrading the group key in described designated group, will be stored in identifying with designated group the step that whole key ciphertexts of being associated carry out upgrading and comprise in shared storage server:
Management and group device in designated group, when upgrading the group key in described designated group, is downloaded from shared storage server and is identified with designated group the whole key ciphertexts be associated;
Utilize current group key respectively to the key ciphertext K downloaded ie is decrypted, to obtain corresponding working key K i, wherein 1≤i≤N, N is the quantity of described whole key ciphertext;
Utilize the group key after upgrading respectively to working key K ibe encrypted, to obtain the key ciphertext K after upgrading respectively ie ';
By the key ciphertext K after renewal ie ' sends to shared storage server, to share storage server the utilizing key ciphertext K after upgrading ie ' is to key ciphertext K ie upgrades.
According to a further aspect in the invention, a kind of file security shared system based on group key is provided, comprises first user terminal, the second user terminal and shared storage server, wherein:
First user terminal, for when shared original document, utilize working key to be encrypted to generate encrypt file by original document, utilize pre-configured group key to be encrypted to generate key ciphertext to working key, encrypt file and key ciphertext are uploaded to shared storage server;
Share storage server, for after receiving the encrypt file and key ciphertext that first user terminal uploads, storage encryption file and key ciphertext, and the group identification of encrypt file, key ciphertext and first user terminal place group is associated;
Second user terminal, for when obtaining the encrypt file of specifying, downloads the encrypt file of specifying, the key ciphertext be associated with the encrypt file of specifying and group identification from shared storage server; Judge that whether the group identification downloaded is the group identification of the second user terminal place group, when the group identification downloaded is the group identification of the second user terminal place group, utilize pre-configured group key to be decrypted to obtain working key to the key ciphertext downloaded, utilize the working key obtained to be decrypted to obtain original document to the encrypt file downloaded.
In one embodiment, each group has a management and group device, wherein:
Second user terminal is not also for when the group identification downloaded is the group identification of the second user terminal place group, the key ciphertext of download and group identification are sent to the second management and group device, and wherein the second management and group device is the manager of the second user terminal place group; When receiving the working key that the second management and group device sends, the working key received is utilized to be decrypted to obtain original document to the encrypt file downloaded;
Second management and group device, for sending cipher key acquisition request to the first management and group device, wherein the first management and group device is the manager of the first group, and the first group is associated with the group identification of described download; When receiving the group key ciphertext that the first management and group device sends, the higher level's group key pre-set is utilized to be decrypted group key ciphertext, to obtain the group key of the first group, utilize the group key of the first group to be decrypted to obtain working key to the key ciphertext downloaded, the working key obtained is sent to the second user terminal;
First management and group device, for utilizing the group key of higher level's group key to the first group pre-set to be encrypted, to obtain group key ciphertext, and sends to the second management and group device by group key ciphertext.
In one embodiment, second user terminal is not also for when the group identification downloaded is the group identification of the second user terminal place group, the key ciphertext of download and group identification are sent to the second management and group device, and wherein the second management and group device is the manager of the second user terminal place group; When receiving the working key that the second management and group device sends, the working key received is utilized to be decrypted to obtain original document to the encrypt file downloaded;
Second management and group device, for sending cipher key acquisition request to the first management and group device, wherein cipher key acquisition request comprises the key ciphertext of download, and the first management and group device is the manager of the first group, and the first group is associated with the group identification of described download; When receiving the working key ciphertext that the first management and group device sends, utilizing the higher level's group key pre-set to be decrypted to obtain working key to working key ciphertext, the working key obtained is sent to the second user terminal;
First management and group device, be decrypted to obtain working key to key ciphertext for utilizing the group key of the first group, the higher level's group key pre-set is utilized to be encrypted the working key obtained, to obtain working key ciphertext, and working key ciphertext is sent to the second management and group device.
In one embodiment, the concrete stochastic generation working key of first user terminal, utilizes the working key of stochastic generation to be encrypted to generate encrypt file by original document.
In one embodiment, management and group device in designated group, also for when upgrading the group key in described designated group, to identifying with designated group the whole key ciphertexts be associated and upgrade in shared storage server be stored in, so as described whole key ciphertext only can use renewal after group key be decrypted; Group key after described renewal is sent to each user terminal in described designated group.
In one embodiment, the management and group implement body in designated group, when upgrading the group key in described designated group, is downloaded from shared storage server and is identified with designated group the whole key ciphertexts be associated; Utilize current group key respectively to the key ciphertext K downloaded ie is decrypted, to obtain corresponding working key K i, wherein 1≤i≤N, N is the quantity of described whole key ciphertext; Utilize the group key after upgrading respectively to working key K ibe encrypted, to obtain the key ciphertext K after upgrading respectively ie '; By the key ciphertext K after renewal ie ' sends to shared storage server, to share storage server the utilizing key ciphertext K after upgrading ie ' is to key ciphertext K ie upgrades.
The present invention passes through first user terminal when shared original document, working key is utilized to be encrypted to generate encrypt file by original document, utilize pre-configured group key to be encrypted to generate key ciphertext to working key, encrypt file and key ciphertext are uploaded to shared storage server; Share storage server storage encryption file and key ciphertext, and the group identification of encrypt file, key ciphertext and first user terminal place group is associated; Second user terminal, when obtaining the encrypt file of specifying, downloads the encrypt file of specifying, the key ciphertext be associated with the encrypt file of specifying and group identification from shared storage server; Second user terminal is when the group identification judging to download is the group identification of the second user terminal place group, utilize pre-configured group key to be decrypted to obtain working key to the key ciphertext downloaded, utilize the working key obtained to be decrypted to obtain original document to the encrypt file downloaded.By adopting group key cryptographic work key, on the basis meeting subscriber data file storage security, flexible, that user is controlled, key is easy to management encrypt file safe sharing can be realized, reduce the risk that user file is divulged a secret in shared procedure.
Description of the invention provides in order to example with for the purpose of describing, and is not exhaustively or limit the invention to disclosed form.Many modifications and variations are obvious for the ordinary skill in the art.Selecting and describing embodiment is in order to principle of the present invention and practical application are better described, and enables those of ordinary skill in the art understand the present invention thus design the various embodiments with various amendment being suitable for special-purpose.
Accompanying drawing explanation
In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, be briefly described to the accompanying drawing used required in embodiment or description of the prior art below, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skill in the art, under the prerequisite not paying creative work, other accompanying drawing can also be obtained according to these accompanying drawings.
Fig. 1 is the schematic diagram that the file security that the present invention is based on group key shares a method embodiment.
Fig. 2 is the schematic diagram that the file security that the present invention is based on group key shares another embodiment of method.
Fig. 3 is the schematic diagram that group key of the present invention upgrades an embodiment.
Fig. 4 is the schematic diagram of the file security shared system embodiment that the present invention is based on group key.
Fig. 5 is the schematic diagram of another embodiment of file security shared system that the present invention is based on group key.
Fig. 6 is the schematic diagram that the present invention uploads a shared information embodiment.
Fig. 7 is the schematic diagram that the present invention downloads a shared information embodiment.
Fig. 8 is the schematic diagram that group key of the present invention upgrades a network architecture embodiment.
Fig. 9 is the schematic diagram of a group key differentiated control of the present invention embodiment.
Figure 10 is the schematic diagram that the present invention downloads shared another embodiment of information.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, be clearly and completely described the technical scheme in the embodiment of the present invention, obviously, described embodiment is only the present invention's part embodiment, instead of whole embodiments.Illustrative to the description only actually of at least one exemplary embodiment below, never as any restriction to the present invention and application or use.Based on the embodiment in the present invention, those of ordinary skill in the art, not making the every other embodiment obtained under creative work prerequisite, belong to the scope of protection of the invention.
Unless specifically stated otherwise, otherwise positioned opposite, the numerical expression of the parts of setting forth in these embodiments and step and numerical value do not limit the scope of the invention.
Meanwhile, it should be understood that for convenience of description, the size of the various piece shown in accompanying drawing is not draw according to the proportionate relationship of reality.
May not discuss in detail for the known technology of person of ordinary skill in the relevant, method and apparatus, but in the appropriate case, described technology, method and apparatus should be regarded as a part of authorizing specification.
In all examples with discussing shown here, any occurrence should be construed as merely exemplary, instead of as restriction.Therefore, other example of exemplary embodiment can have different values.
It should be noted that: represent similar terms in similar label and letter accompanying drawing below, therefore, once be defined in an a certain Xiang Yi accompanying drawing, then do not need to be further discussed it in accompanying drawing subsequently.
Fig. 1 is the schematic diagram that the file security that the present invention is based on group key shares a method embodiment.Wherein:
Step 101, first user terminal, when shared original document, utilizes working key to be encrypted to generate encrypt file by original document, utilizes pre-configured group key to be encrypted to generate key ciphertext to working key.
Wherein, each group is configured with group key, and this group key is only distributed to the user terminal in this group.
Preferably, first user terminal stochastic generation working key, and utilize the working key of stochastic generation to be encrypted to generate encrypt file by original document.
Step 102, encrypt file and key ciphertext are uploaded to shared storage server by first user terminal.
Step 103, shares storage server storage encryption file and key ciphertext, and is associated by the group identification of encrypt file, key ciphertext and first user terminal place group.
Step 104, the second user terminal, when obtaining the encrypt file of specifying, downloads the encrypt file of specifying, the key ciphertext be associated with the encrypt file of specifying and group identification from shared storage server.
Step 105, the second user terminal judges that whether the group identification downloaded is the group identification of the second user terminal place group.
Namely, judge whether whether the second user terminal be in same group with providing the user terminal of shared encrypt file.
Step 106, if the group identification downloaded is the group identification of the second user terminal place group, then the second user terminal utilizes pre-configured group key to be decrypted to obtain working key to the key ciphertext downloaded, and utilizes the working key obtained to be decrypted to obtain original document to the encrypt file downloaded.
The file security based on group key provided based on the above embodiment of the present invention shares method, by first user terminal when shared original document, working key is utilized to be encrypted to generate encrypt file by original document, utilize pre-configured group key to be encrypted to generate key ciphertext to working key, encrypt file and key ciphertext are uploaded to shared storage server; Share storage server storage encryption file and key ciphertext, and the group identification of encrypt file, key ciphertext and first user terminal place group is associated; Second user terminal, when obtaining the encrypt file of specifying, downloads the encrypt file of specifying, the key ciphertext be associated with the encrypt file of specifying and group identification from shared storage server; Second user terminal is when the group identification judging to download is the group identification of the second user terminal place group, utilize pre-configured group key to be decrypted to obtain working key to the key ciphertext downloaded, utilize the working key obtained to be decrypted to obtain original document to the encrypt file downloaded.By adopting group key cryptographic work key, on the basis meeting subscriber data file storage security, flexible, that user is controlled, key is easy to management encrypt file safe sharing can be realized, reduce the risk that user file is divulged a secret in shared procedure.
Fig. 2 is the schematic diagram that the file security that the present invention is based on group key shares another embodiment of method.Compared with embodiment illustrated in fig. 1, in the embodiment depicted in figure 2, the process further to the second user terminal and when providing the user terminal of shared encrypt file to be in different group is described.
Step 201, the second user terminal, when obtaining the encrypt file of specifying, downloads the encrypt file of specifying, the key ciphertext be associated with the encrypt file of specifying and group identification from shared storage server.
Step 202, the second user terminal judges that whether the group identification downloaded is the group identification of the second user terminal place group.If the group identification downloaded is the group identification of the second user terminal place group, then perform step 203; If the group identification downloaded is not the group identification of the second user terminal place group, then perform step 204.
Step 203, the second user terminal utilizes pre-configured group key to be decrypted to obtain working key to the key ciphertext downloaded, and utilizes the working key obtained to be decrypted to obtain original document to the encrypt file downloaded.Afterwards, other step of the present embodiment is no longer performed.
That is, at the second user terminal with when providing the user terminal of shared encrypt file to be in same group, the second user terminal can directly use pre-configured group key to be decrypted process.
Step 204, the key ciphertext of download and group identification are sent to the second management and group device by the second user terminal, and wherein the second management and group device is the manager of the second user terminal place group.
Step 205, the second management and group device sends cipher key acquisition request to the first management and group device, and wherein the first management and group device is the manager of the first group, and the first group is associated with the group identification of described download.
Step 206, the first management and group device utilizes the group key of higher level's group key to the first group pre-set to be encrypted, and to obtain group key ciphertext, and group key ciphertext is sent to the second management and group device.
Step 207, second management and group device utilizes the higher level's group key pre-set to be decrypted group key ciphertext, to obtain the group key of the first group, utilize the group key of the first group to be decrypted to obtain working key to the key ciphertext downloaded, the working key obtained is sent to the second user terminal.
Step 208, the second user terminal utilizes the working key received to be decrypted to obtain original document to the encrypt file downloaded.
That is, at the second user terminal with when providing the user terminal of shared encrypt file not to be in same group, second user terminal by the information interaction of the first management and group device and the second management and group device to obtain corresponding working key, and the user terminal in a group can't obtain the group key in other group, because this ensure that system safety.
In another embodiment, above-mentioned steps 205-207 also can be replaced step 205 '-207 ', wherein:
Step 205 ', second management and group device sends cipher key acquisition request to the first management and group device, wherein cipher key acquisition request comprises the key ciphertext of download, and the first management and group device is the manager of the first group, and the first group is associated with the group identification of described download.
Step 206 ', first management and group device utilizes the group key of the first group to be decrypted to obtain working key to key ciphertext, the higher level's group key pre-set is utilized to be encrypted the working key obtained, to obtain working key ciphertext, and working key ciphertext is sent to the second management and group device.
Step 207 ', the second management and group device utilizes the higher level's group key pre-set to be decrypted to obtain working key to working key ciphertext, and the working key obtained is sent to the second user terminal.
By this embodiment, can guarantee that group key can not be known by other management and group device, thus can further improve the fail safe of system.
In addition, when group member variation, group key are revealed, or according to tactful regular update requirement, need to upgrade the group key of relevant group.
Wherein, management and group device in designated group is when upgrading the group key in described designated group, to identifying with designated group the whole key ciphertexts be associated and upgrade in shared storage server be stored in, so as described whole key ciphertext only can use renewal after group key be decrypted.In addition, the group key after described renewal is sent to each user terminal in described designated group by the management and group device in described designated group.
Thus each user terminal in designated group can realize the renewal of group key, key ciphertext corresponding in shared storage server has also been carried out corresponding renewal simultaneously.
Fig. 3 is the schematic diagram that group key of the present invention upgrades an embodiment.
Step 301, the management and group device in designated group, when upgrading the group key in described designated group, is downloaded from shared storage server and is identified with designated group the whole key ciphertexts be associated.
Step 302, utilizes current group key respectively to the key ciphertext K downloaded ie is decrypted, to obtain corresponding working key K i, wherein 1≤i≤N, N is the quantity of described whole key ciphertext.
Step 303, utilizes the group key after upgrading respectively to working key K ibe encrypted, to obtain the key ciphertext K after upgrading respectively ie '.
Step 304, by the key ciphertext K after renewal ie ' sends to shared storage server, to share storage server the utilizing key ciphertext K after upgrading ie ' is to key ciphertext K ie upgrades.
Step 305, the group key after described renewal is sent to each user terminal in described designated group by the management and group device in described designated group.
Fig. 4 is the schematic diagram of the file security shared system embodiment that the present invention is based on group key.As shown in Figure 4, this system comprises multiple user terminal, and for brevity, only provide first user terminal 401 and the second user terminal 402 here, in addition, this system also comprises shared storage server 403.Wherein:
First user terminal 401, for when shared original document, utilize working key to be encrypted to generate encrypt file by original document, utilize pre-configured group key to be encrypted to generate key ciphertext to working key, encrypt file and key ciphertext are uploaded to shared storage server.
Preferably, the concrete stochastic generation working key of first user terminal, utilizes the working key of stochastic generation to be encrypted to generate encrypt file by original document.
Share storage server 403, for after receiving the encrypt file and key ciphertext that first user terminal uploads, storage encryption file and key ciphertext, and the group identification of encrypt file, key ciphertext and first user terminal place group is associated.
Second user terminal 402, for when obtaining the encrypt file of specifying, downloads the encrypt file of specifying, the key ciphertext be associated with the encrypt file of specifying and group identification from shared storage server; Judge that whether the group identification downloaded is the group identification of the second user terminal place group, when the group identification downloaded is the group identification of the second user terminal place group, utilize pre-configured group key to be decrypted to obtain working key to the key ciphertext downloaded, utilize the working key obtained to be decrypted to obtain original document to the encrypt file downloaded.
Based on the file security shared system based on group key that the above embodiment of the present invention provides,
By first user terminal when shared original document, working key is utilized to be encrypted to generate encrypt file by original document, utilize pre-configured group key to be encrypted to generate key ciphertext to working key, encrypt file and key ciphertext are uploaded to shared storage server; Share storage server storage encryption file and key ciphertext, and the group identification of encrypt file, key ciphertext and first user terminal place group is associated; Second user terminal, when obtaining the encrypt file of specifying, downloads the encrypt file of specifying, the key ciphertext be associated with the encrypt file of specifying and group identification from shared storage server; Second user terminal is when the group identification judging to download is the group identification of the second user terminal place group, utilize pre-configured group key to be decrypted to obtain working key to the key ciphertext downloaded, utilize the working key obtained to be decrypted to obtain original document to the encrypt file downloaded.By adopting group key cryptographic work key, on the basis meeting subscriber data file storage security, flexible, that user is controlled, key is easy to management encrypt file safe sharing can be realized, reduce the risk that user file is divulged a secret in shared procedure.
Fig. 5 is the schematic diagram of another embodiment of file security shared system that the present invention is based on group key.Compared with embodiment illustrated in fig. 4, in system shown in Figure 5, also comprise management and group device, wherein each group has a management and group device.For brevity, the first management and group device 501 and the second management and group device 502 is only provided here.Meanwhile, the second user terminal 402 given here is only as an example, and the configuration of this second user terminal is also applicable to other user terminal in system.Wherein:
Second user terminal 402 is not also for when the group identification downloaded is the group identification of the second user terminal place group, the key ciphertext of download and group identification are sent to the second management and group device 502, and wherein the second management and group device is the manager of the second user terminal place group; When receiving the working key that the second management and group device 502 sends, the working key received is utilized to be decrypted to obtain original document to the encrypt file downloaded.
Second management and group device 502, for sending cipher key acquisition request to the first management and group device 501, wherein the first management and group device is the manager of the first group, and the first group is associated with the group identification of described download; When receiving the group key ciphertext that the first management and group device 501 sends, the higher level's group key pre-set is utilized to be decrypted group key ciphertext, to obtain the group key of the first group, utilize the group key of the first group to be decrypted to obtain working key to the key ciphertext downloaded, the working key obtained is sent to the second user terminal 402.
First management and group device 501, for utilizing the group key of higher level's group key to the first group pre-set to be encrypted, to obtain group key ciphertext, and sends to the second management and group device by group key ciphertext.
Thus, at the second user terminal with when providing the user terminal of shared encrypt file not to be in same group, second user terminal by the information interaction of the first management and group device and the second management and group device to obtain corresponding working key, and the user terminal in a group can't obtain the group key in other group, because this ensure that system safety.
In another embodiment, second user terminal 402 is not also for when the group identification downloaded is the group identification of the second user terminal place group, the key ciphertext of download and group identification are sent to the second management and group device, and wherein the second management and group device is the manager of the second user terminal place group; When receiving the working key that the second management and group device sends, the working key received is utilized to be decrypted to obtain original document to the encrypt file downloaded.
Second management and group device 502, for sending cipher key acquisition request to the first management and group device,
Wherein cipher key acquisition request comprises the key ciphertext of download, and the first management and group device is the manager of the first group, and the first group is associated with the group identification of described download; When receiving the working key ciphertext that the first management and group device sends, utilizing the higher level's group key pre-set to be decrypted to obtain working key to working key ciphertext, the working key obtained is sent to the second user terminal.
First management and group device 501, be decrypted to obtain working key to key ciphertext for utilizing the group key of the first group, the higher level's group key pre-set is utilized to be encrypted the working key obtained, to obtain working key ciphertext, and working key ciphertext is sent to the second management and group device.
Thus, can guarantee that group key can not be known by other management and group device, thus can further improve the fail safe of system.
In addition, when group member variation, group key are revealed, or according to tactful regular update requirement, need to upgrade the group key of relevant group.Management and group device in the designated group related to below can be the management and group device in the arbitrary group in system.Wherein:
Management and group device in designated group, also for when upgrading the group key in described designated group, to identifying with designated group the whole key ciphertexts be associated and upgrade in shared storage server be stored in, so as described whole key ciphertext only can use renewal after group key be decrypted; Group key after described renewal is sent to each user terminal in described designated group.
Wherein, the management and group implement body in designated group, when upgrading the group key in described designated group, is downloaded from shared storage server and is identified with designated group the whole key ciphertexts be associated; Utilize current group key respectively to the key ciphertext K downloaded ie is decrypted, to obtain corresponding working key K i, wherein 1≤i≤N, N is the quantity of described whole key ciphertext; Utilize the group key after upgrading respectively to working key K ibe encrypted, to obtain the key ciphertext K after upgrading respectively ie '; By the key ciphertext K after renewal ie ' sends to shared storage server, to share storage server the utilizing key ciphertext K after upgrading ie ' is to key ciphertext K ie upgrades.
Below by concrete example, the present invention is specifically described.
Fig. 6 is the schematic diagram that the present invention uploads a shared information embodiment.Be described for user terminal A below.
Step 601, user terminal A when shared original document, stochastic generation working key K.
Step 602, utilizes working key to be encrypted to generate encrypt file Fe by original document F.
Step 603, utilizes pre-configured group key Kg to be encrypted to generate key ciphertext Ke to working key K.
Step 604, encrypt file Fe and key ciphertext Ke is uploaded to shared storage server by user terminal A.To share storage server storage encryption file and key ciphertext, and the group identification of encrypt file, key ciphertext and user terminal A place group is associated.
Fig. 7 is the schematic diagram that the present invention downloads a shared information embodiment.This embodiment relates to the file that user terminal B shares from shared storage server download user terminal A, and wherein user terminal B and user terminal A belong to same group G.
Step 701, user terminal B downloads the encrypt file Fe specified, the key ciphertext Ke be associated with the encrypt file Fe specified from shared storage server.
Step 702, utilizes pre-configured group key Kg to be decrypted to obtain working key K to the key ciphertext Ke downloaded.
Step 703, utilizes the working key K obtained to be decrypted to obtain original document F to the encrypt file Fe downloaded.
Fig. 8 is the schematic diagram that group key of the present invention upgrades a network architecture embodiment.
Be located in group G and there is user terminal A and B, share in storage server had in group G shared file F1e ..., Fne, corresponding key ciphertext be K1e ..., Kne, concrete upload operation can as shown in above-described embodiment.
1) the management and group device of group G downloads key ciphertext K1e from shared storage server ... Kne.
2) management and group device uses old group key Kg decruption key ciphertext K1e, and uses new group key Kg ' encryption key ciphertext, forms ciphertext K1e '.
3) group administrator decipher one by one, re-encrypted private key ciphertext, form new key ciphertext K1e ' ... Kne '.
4) group administrator is by new key ciphertext K1e ' ... Kne ' uploads to document storage system, and new and old key ciphertext K1e ... Kne.
5) new group key is distributed to all members of group by group administrator.
Fig. 7 and embodiment illustrated in fig. 8ly all relate to user terminal A and user terminal B belongs to same group G.In practical situations both, often occur that user terminal A and user terminal B belong to the situation of different group.As shown in Figure 9, in group 11, member uses group key 11, in group 1n, member uses group key 1n, when the user terminal A in group 1n wishes to access the shared information in group 11, not there is due to it group key 11 in group 11, therefore cannot the enciphered message downloaded correctly be deciphered.At this moment the group key 1 by the higher level group (group 1) in group 11 and group 1n carries out relevant treatment, thus makes the user A in group 1n when do not have in group 11 group key 11, also can successfully obtain corresponding file.Those skilled in the art are scrutable, can realize aforesaid operations, can obtain key step by step across multi-level groups, such as, can carry out corresponding operating between group 1n and group Mn between any Liang Ge group.Concrete treatment step is as shown in Figure 10 accordingly:
Step 1001, user terminal A downloads the encrypt file Fe, the key ciphertext Ke be associated with the encrypt file of specifying and group identification ID that specify from shared storage server.
Step 1002, the key ciphertext Ke of download and group identification ID, when the group identification ID judging to download is not the group identification of user terminal A place group, is sent to the management and group device A of user terminal A place group GA by user terminal A.
Step 1003, management and group device A sends cipher key acquisition request to the management and group device B be associated with group identification ID in group GB.
Step 1004, management and group device B utilizes the group key B of higher level's group key to this group pre-set to be encrypted, to obtain group key ciphertext.
Wherein higher level's group key is the group key of the upper level group comprising group GA and GB.
Step 1005, group key ciphertext is sent to management and group device A by management and group device B.
Step 1006, management and group device A utilizes the higher level's group key pre-set to be decrypted group key ciphertext, to obtain the group key KB of group GB, utilizes group key KB to be decrypted to obtain working key to the key ciphertext downloaded.
Step 1007, the working key obtained is sent to user terminal A by management and group device A.
Step 1008, user terminal A utilizes the working key received to be decrypted to obtain original document to the encrypt file downloaded.
By above-mentioned information interaction, the user terminal A in group GA, when the group key KB without the need to knowing in group GB, by the information interaction between management and group device A and management and group device B, can obtain corresponding working key.Thus ensure that system safety.
Preferably, above-mentioned steps 1003-1006 also can be replaced step 1003 '-1006 ', wherein:
Step 1003 ', management and group device A sends cipher key acquisition request to the management and group device B be associated with group identification ID in group GB, and cipher key acquisition request comprises the key ciphertext Ke of download.
Step 1004 ', management and group device B utilizes corresponding group key to be decrypted key ciphertext Ke, to obtain corresponding working key K, utilizes the higher level's group key pre-set to be encrypted working key K, to obtain working key ciphertext.
Step 1005 ', working key ciphertext is sent to management and group device A by management and group device B.
Step 1006 ', management and group device A utilizes the higher level's group key pre-set to be decrypted working key ciphertext, to obtain working key K.
Thus, can guarantee that group key can not be known by other management and group device, thus can further improve the fail safe of system.
One of ordinary skill in the art will appreciate that all or part of step realizing above-described embodiment can have been come by hardware, the hardware that also can carry out instruction relevant by program completes, described program can be stored in a kind of computer-readable recording medium, the above-mentioned storage medium mentioned can be read-only memory, disk or CD etc.

Claims (12)

1. the file security based on group key shares a method, it is characterized in that, comprising:
First user terminal, when shared original document, utilizes working key to be encrypted to generate encrypt file by original document, utilizes pre-configured group key to be encrypted to generate key ciphertext to working key;
Encrypt file and key ciphertext are uploaded to shared storage server by first user terminal;
Share storage server storage encryption file and key ciphertext, and the group identification of encrypt file, key ciphertext and first user terminal place group is associated;
Second user terminal, when obtaining the encrypt file of specifying, downloads the encrypt file of specifying, the key ciphertext be associated with the encrypt file of specifying and group identification from shared storage server;
Second user terminal judges that whether the group identification downloaded is the group identification of the second user terminal place group;
If the group identification downloaded is the group identification of the second user terminal place group, then the second user terminal utilizes pre-configured group key to be decrypted to obtain working key to the key ciphertext downloaded, and utilizes the working key obtained to be decrypted to obtain original document to the encrypt file downloaded.
2. method according to claim 1, is characterized in that,
If the group identification downloaded is not the group identification of the second user terminal place group, then the key ciphertext of download and group identification are sent to the second management and group device by the second user terminal, and wherein the second management and group device is the manager of the second user terminal place group;
Second management and group device sends cipher key acquisition request to the first management and group device, and wherein the first management and group device is the manager of the first group, and the first group is associated with the group identification of described download;
First management and group device utilizes the group key of higher level's group key to the first group pre-set to be encrypted, and to obtain group key ciphertext, and group key ciphertext is sent to the second management and group device;
Second management and group device utilizes the higher level's group key pre-set to be decrypted group key ciphertext, to obtain the group key of the first group, utilize the group key of the first group to be decrypted to obtain working key to the key ciphertext downloaded, the working key obtained is sent to the second user terminal;
Second user terminal utilizes the working key received to be decrypted to obtain original document to the encrypt file downloaded.
3. method according to claim 1, is characterized in that,
If the group identification downloaded is not the group identification of the second user terminal place group, then the key ciphertext of download and group identification are sent to the second management and group device by the second user terminal, and wherein the second management and group device is the manager of the second user terminal place group;
Second management and group device sends cipher key acquisition request to the first management and group device, and wherein cipher key acquisition request comprises the key ciphertext of download, and the first management and group device is the manager of the first group, and the first group is associated with the group identification of described download;
First management and group device utilizes the group key of the first group to be decrypted to obtain working key to key ciphertext, the higher level's group key pre-set is utilized to be encrypted the working key obtained, to obtain working key ciphertext, and working key ciphertext is sent to the second management and group device;
Second management and group device utilizes the higher level's group key pre-set to be decrypted to obtain working key to working key ciphertext, and the working key obtained is sent to the second user terminal;
Second user terminal utilizes the working key received to be decrypted to obtain original document to the encrypt file downloaded.
4. the method according to any one of claim 1-3, is characterized in that,
The step that first user terminal utilizes working key to be encrypted original document to generate encrypt file comprises:
First user terminal stochastic generation working key;
First user terminal utilizes the working key of stochastic generation to be encrypted to generate encrypt file by original document.
5. the method according to any one of claim 1-3, is characterized in that,
Management and group device in designated group is when upgrading the group key in described designated group, to identifying with designated group the whole key ciphertexts be associated and upgrade in shared storage server be stored in, so as described whole key ciphertext only can use renewal after group key be decrypted;
Group key after described renewal is sent to each user terminal in described designated group by the management and group device in described designated group.
6. method according to claim 5, is characterized in that,
Management and group device in designated group, when upgrading the group key in described designated group, will be stored in identifying with designated group the step that whole key ciphertexts of being associated carry out upgrading and comprise in shared storage server:
Management and group device in designated group, when upgrading the group key in described designated group, is downloaded from shared storage server and is identified with designated group the whole key ciphertexts be associated;
Utilize current group key respectively to the key ciphertext K downloaded ie is decrypted, to obtain corresponding working key K i, wherein 1≤i≤N, N is the quantity of described whole key ciphertext;
Utilize the group key after upgrading respectively to working key K ibe encrypted, to obtain the key ciphertext K after upgrading respectively ie ';
By the key ciphertext K after renewal ie ' sends to shared storage server, to share storage server the utilizing key ciphertext K after upgrading ie ' is to key ciphertext K ie upgrades.
7. based on a file security shared system for group key, it is characterized in that, comprise first user terminal, the second user terminal and shared storage server, wherein:
First user terminal, for when shared original document, utilize working key to be encrypted to generate encrypt file by original document, utilize pre-configured group key to be encrypted to generate key ciphertext to working key, encrypt file and key ciphertext are uploaded to shared storage server;
Share storage server, for after receiving the encrypt file and key ciphertext that first user terminal uploads, storage encryption file and key ciphertext, and the group identification of encrypt file, key ciphertext and first user terminal place group is associated;
Second user terminal, for when obtaining the encrypt file of specifying, downloads the encrypt file of specifying, the key ciphertext be associated with the encrypt file of specifying and group identification from shared storage server; Judge that whether the group identification downloaded is the group identification of the second user terminal place group, when the group identification downloaded is the group identification of the second user terminal place group, utilize pre-configured group key to be decrypted to obtain working key to the key ciphertext downloaded, utilize the working key obtained to be decrypted to obtain original document to the encrypt file downloaded.
8. system according to claim 7, is characterized in that, each group has a management and group device, wherein:
Second user terminal is not also for when the group identification downloaded is the group identification of the second user terminal place group, the key ciphertext of download and group identification are sent to the second management and group device, and wherein the second management and group device is the manager of the second user terminal place group; When receiving the working key that the second management and group device sends, the working key received is utilized to be decrypted to obtain original document to the encrypt file downloaded;
Second management and group device, for sending cipher key acquisition request to the first management and group device, wherein the first management and group device is the manager of the first group, and the first group is associated with the group identification of described download; When receiving the group key ciphertext that the first management and group device sends, the higher level's group key pre-set is utilized to be decrypted group key ciphertext, to obtain the group key of the first group, utilize the group key of the first group to be decrypted to obtain working key to the key ciphertext downloaded, the working key obtained is sent to the second user terminal;
First management and group device, for utilizing the group key of higher level's group key to the first group pre-set to be encrypted, to obtain group key ciphertext, and sends to the second management and group device by group key ciphertext.
9. system according to claim 7, is characterized in that, each group has a management and group device, wherein:
Second user terminal is not also for when the group identification downloaded is the group identification of the second user terminal place group, the key ciphertext of download and group identification are sent to the second management and group device, and wherein the second management and group device is the manager of the second user terminal place group; When receiving the working key that the second management and group device sends, the working key received is utilized to be decrypted to obtain original document to the encrypt file downloaded;
Second management and group device, for sending cipher key acquisition request to the first management and group device, wherein cipher key acquisition request comprises the key ciphertext of download, and the first management and group device is the manager of the first group, and the first group is associated with the group identification of described download; When receiving the working key ciphertext that the first management and group device sends, utilizing the higher level's group key pre-set to be decrypted to obtain working key to working key ciphertext, the working key obtained is sent to the second user terminal;
First management and group device, be decrypted to obtain working key to key ciphertext for utilizing the group key of the first group, the higher level's group key pre-set is utilized to be encrypted the working key obtained, to obtain working key ciphertext, and working key ciphertext is sent to the second management and group device.
10. the system according to any one of claim 7-9, is characterized in that,
The concrete stochastic generation working key of first user terminal, utilizes the working key of stochastic generation to be encrypted to generate encrypt file by original document.
11. systems according to claim 8 or claim 9, is characterized in that,
Management and group device in designated group, also for when upgrading the group key in described designated group, to identifying with designated group the whole key ciphertexts be associated and upgrade in shared storage server be stored in, so as described whole key ciphertext only can use renewal after group key be decrypted; Group key after described renewal is sent to each user terminal in described designated group.
12. systems according to claim 11, is characterized in that,
Management and group implement body in designated group, when upgrading the group key in described designated group, is downloaded from shared storage server and is identified with designated group the whole key ciphertexts be associated; Utilize current group key respectively to the key ciphertext K downloaded ie is decrypted, to obtain corresponding working key K i, wherein 1≤i≤N, N is the quantity of described whole key ciphertext; Utilize the group key after upgrading respectively to working key K ibe encrypted, to obtain the key ciphertext K after upgrading respectively ie '; By the key ciphertext K after renewal ie ' sends to shared storage server, to share storage server the utilizing key ciphertext K after upgrading ie ' is to key ciphertext K ie upgrades.
CN201410086634.3A 2014-03-11 2014-03-11 File security sharing method based on group key and system Active CN104917787B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410086634.3A CN104917787B (en) 2014-03-11 2014-03-11 File security sharing method based on group key and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410086634.3A CN104917787B (en) 2014-03-11 2014-03-11 File security sharing method based on group key and system

Publications (2)

Publication Number Publication Date
CN104917787A true CN104917787A (en) 2015-09-16
CN104917787B CN104917787B (en) 2018-10-23

Family

ID=54086491

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410086634.3A Active CN104917787B (en) 2014-03-11 2014-03-11 File security sharing method based on group key and system

Country Status (1)

Country Link
CN (1) CN104917787B (en)

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104980269A (en) * 2014-04-03 2015-10-14 华为技术有限公司 Secret key sharing method, device and system
CN108306880A (en) * 2018-01-31 2018-07-20 北京深思数盾科技股份有限公司 A kind of data distribution, retransmission method and device
CN109104273A (en) * 2018-07-04 2018-12-28 华为技术有限公司 Message processing method and receiving end server
CN109614792A (en) * 2018-11-29 2019-04-12 中国电子科技集团公司第三十研究所 A kind of hierarchial file structure key management method
CN109639682A (en) * 2018-12-14 2019-04-16 深圳市青葡萄科技有限公司 Sharing files method
CN109831405A (en) * 2017-11-23 2019-05-31 航天信息股份有限公司 Document protection method and device in a kind of cloud platform
CN109981663A (en) * 2019-03-31 2019-07-05 杭州复杂美科技有限公司 A kind of privacy group chat method, equipment and storage medium
WO2019184027A1 (en) * 2018-03-28 2019-10-03 华为技术有限公司 Shared data processing method, communications apparatus and communications device
CN110888853A (en) * 2019-11-26 2020-03-17 廊坊新奥燃气有限公司 Data management system and method
CN111756524A (en) * 2019-03-26 2020-10-09 深圳市网安计算机安全检测技术有限公司 Dynamic group key generation method and device, computer equipment and storage medium
CN112235289A (en) * 2020-10-13 2021-01-15 桂林微网互联信息技术有限公司 Data encryption and decryption method and device, computing equipment and storage medium
CN112532571A (en) * 2019-09-18 2021-03-19 游戏橘子数位科技股份有限公司 Method for encrypting and decrypting group message and transmitting message
CN113169862A (en) * 2018-09-13 2021-07-23 华为技术有限公司 Information processing method, terminal equipment and network system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001099333A1 (en) * 2000-06-21 2001-12-27 Sony Corporation Information processing device and processing method
CN101091172A (en) * 2005-01-19 2007-12-19 三星电子株式会社 Method of controlling content access and method of obtaining content key using the same
CN101562519A (en) * 2009-05-27 2009-10-21 广州杰赛科技股份有限公司 Digital certificate management method of user packet communication network and user terminal for accessing into user packet communication network
CN101989984A (en) * 2010-08-24 2011-03-23 北京易恒信认证科技有限公司 Electronic document safe sharing system and method thereof
CN103107992A (en) * 2013-02-04 2013-05-15 杭州师范大学 Multistage authority management method for cloud storage enciphered data sharing

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001099333A1 (en) * 2000-06-21 2001-12-27 Sony Corporation Information processing device and processing method
CN101091172A (en) * 2005-01-19 2007-12-19 三星电子株式会社 Method of controlling content access and method of obtaining content key using the same
CN101562519A (en) * 2009-05-27 2009-10-21 广州杰赛科技股份有限公司 Digital certificate management method of user packet communication network and user terminal for accessing into user packet communication network
CN101989984A (en) * 2010-08-24 2011-03-23 北京易恒信认证科技有限公司 Electronic document safe sharing system and method thereof
CN103107992A (en) * 2013-02-04 2013-05-15 杭州师范大学 Multistage authority management method for cloud storage enciphered data sharing

Cited By (22)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104980269A (en) * 2014-04-03 2015-10-14 华为技术有限公司 Secret key sharing method, device and system
CN109831405B (en) * 2017-11-23 2021-06-22 航天信息股份有限公司 File protection method and device on cloud platform
CN109831405A (en) * 2017-11-23 2019-05-31 航天信息股份有限公司 Document protection method and device in a kind of cloud platform
CN108306880A (en) * 2018-01-31 2018-07-20 北京深思数盾科技股份有限公司 A kind of data distribution, retransmission method and device
CN108306880B (en) * 2018-01-31 2019-06-11 北京深思数盾科技股份有限公司 A kind of data distribution, retransmission method and device
WO2019184027A1 (en) * 2018-03-28 2019-10-03 华为技术有限公司 Shared data processing method, communications apparatus and communications device
CN111418181B (en) * 2018-03-28 2021-09-07 华为技术有限公司 Shared data processing method, communication device and communication equipment
CN111418181A (en) * 2018-03-28 2020-07-14 华为技术有限公司 Shared data processing method, communication device and communication equipment
CN109104273B (en) * 2018-07-04 2021-03-30 华为技术有限公司 Message processing method and receiving end server
WO2020007308A1 (en) * 2018-07-04 2020-01-09 华为技术有限公司 Message processing method and receiving-end server
CN109104273A (en) * 2018-07-04 2018-12-28 华为技术有限公司 Message processing method and receiving end server
CN113169862B (en) * 2018-09-13 2022-09-23 华为技术有限公司 Information processing method, terminal equipment and network system
CN113169862A (en) * 2018-09-13 2021-07-23 华为技术有限公司 Information processing method, terminal equipment and network system
CN109614792B (en) * 2018-11-29 2022-02-08 中国电子科技集团公司第三十研究所 Hierarchical file key management method
CN109614792A (en) * 2018-11-29 2019-04-12 中国电子科技集团公司第三十研究所 A kind of hierarchial file structure key management method
CN109639682A (en) * 2018-12-14 2019-04-16 深圳市青葡萄科技有限公司 Sharing files method
CN111756524A (en) * 2019-03-26 2020-10-09 深圳市网安计算机安全检测技术有限公司 Dynamic group key generation method and device, computer equipment and storage medium
CN109981663A (en) * 2019-03-31 2019-07-05 杭州复杂美科技有限公司 A kind of privacy group chat method, equipment and storage medium
CN112532571A (en) * 2019-09-18 2021-03-19 游戏橘子数位科技股份有限公司 Method for encrypting and decrypting group message and transmitting message
CN110888853A (en) * 2019-11-26 2020-03-17 廊坊新奥燃气有限公司 Data management system and method
CN112235289A (en) * 2020-10-13 2021-01-15 桂林微网互联信息技术有限公司 Data encryption and decryption method and device, computing equipment and storage medium
CN112235289B (en) * 2020-10-13 2023-03-31 桂林微网互联信息技术有限公司 Data encryption and decryption method and device, computing equipment and storage medium

Also Published As

Publication number Publication date
CN104917787B (en) 2018-10-23

Similar Documents

Publication Publication Date Title
CN104917787A (en) File secure sharing method and system based on group key
CN110224814B (en) Block chain data sharing method and device
JP6416402B2 (en) Cloud storage method and system
EP3453135B1 (en) System and method for encryption and decryption based on quantum key distribution
CN101515319B (en) Cipher key processing method, cipher key cryptography service system and cipher key consultation method
JP6125523B2 (en) Simplified management of group secrets by group members
CN110535641B (en) Key management method and apparatus, computer device, and storage medium
CN105007577A (en) Virtual SIM card parameter management method, mobile terminal and server
CN104917723B (en) For realizing the shared methods, devices and systems of encryption file security
KR101615137B1 (en) Data access method based on attributed
KR101648364B1 (en) Method for improving encryption/decryption speed by complexly applying for symmetric key encryption and asymmetric key double encryption
CN102546580A (en) Method, system and device for updating user password
CN109005184A (en) File encrypting method and device, storage medium, terminal
JP2014530553A (en) Group secret management by group members
CN103973646A (en) Method, client device and system for storing services by aid of public cloud
CN113329041A (en) Method, apparatus, electronic device and storage medium for controlling a secure element
CN104270380A (en) End-to-end encryption method and system based on mobile network and communication client side
CN109446793B (en) Account encryption method and device based on Windows agent
CN114189337A (en) Firmware burning method, device, equipment and storage medium
US9762388B2 (en) Symmetric secret key protection
CN108933758B (en) Sharable cloud storage encryption and decryption method, device and system
US9473471B2 (en) Method, apparatus and system for performing proxy transformation
KR101374594B1 (en) Security system and the method for cloud storage
CN104796411A (en) Method for safely transmitting, storing and utilizing data in cloud and mobile terminal
WO2016078382A1 (en) Hsm enciphered message synchronization implementation method, apparatus and system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant