CN105701390A - Encryption terminal remote management method, encryption terminal and manager - Google Patents
Encryption terminal remote management method, encryption terminal and manager Download PDFInfo
- Publication number
- CN105701390A CN105701390A CN201610131161.3A CN201610131161A CN105701390A CN 105701390 A CN105701390 A CN 105701390A CN 201610131161 A CN201610131161 A CN 201610131161A CN 105701390 A CN105701390 A CN 105701390A
- Authority
- CN
- China
- Prior art keywords
- key
- encryption
- manager
- encrypted
- ciphering terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0822—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
Abstract
The invention provides an encryption terminal remote management method, an encryption terminal and a manager. The encryption terminal remote management method is applied to the encryption terminal. The encryption terminal comprises an encryption card. The encryption terminal remote management method comprises the steps that the encryption terminal acquires an encryption key and decrypts the encryption key with a private key of the encryption card, wherein the encryption key is a key obtained after an encryption key in an encryption and decryption key pair allocated by the manager is encrypted by the manager with the a public key of the encryption card; the encryption terminal encrypts a file to be encrypted with the decrypted encryption key through the encryption card; the encryption terminal sends the information of an encryption result to the manager. Remote management of the encryption terminal is achieved, in other words, files in the encryption terminal can be encrypted even when a terminal user can not operate the encryption terminal, and safety performance is high.
Description
Technical field
The present invention relates to communication technical field, particularly relate to method, ciphering terminal and manager that a kind of ciphering terminal remotely manages。
Background technology
Along with popularizing of intelligent terminal, the safety problem that mobile terminal faces is day by day serious, there is many security breaches and hiding back door in the operating systems such as Android (Android), iOS, the serious threat individual privacy of user, trade secret, wealth and national security。The demand of secure communication is increased by government, lifeblood industry and business people day by day, and the demand of mobile security has become the focus that user pays close attention to。
At present, the mode data of intelligent terminal and application being encrypted is broadly divided into soft encryption and hardware encryption two kinds。Wherein, soft encryption refers to hardware device that need not be extra, is realized the mode of encryption completely by software;Hardware encryption refers to the mode being realized encryption by hardware device such as encrypted card。And for hardware encryption mode, existing encryption intelligent terminal often adopts the hardware encryption mode of built-in encryption card, when encrypting intelligent terminal and losing, application and file cannot be encrypted by the encrypted card in intelligent terminal, therefore cannot ensure safety。
Summary of the invention
The present invention provides method, ciphering terminal and the manager that a kind of ciphering terminal remotely manages, to overcome the poor problem of safety in prior art。
First aspect, the present invention provides a kind of method that ciphering terminal remotely manages, and is applied to ciphering terminal, and described ciphering terminal includes encrypted card, and described method includes:
Ciphering terminal obtains encryption key, and by the private key of described encrypted card, described encryption key is decrypted;Described encryption key is the key after manager adopts the encryption key of encryption and decryption cipher key pair that described manager is distributed by the PKI of described encrypted card to be encrypted;
Described ciphering terminal adopts the encryption key after deciphering that the file that need to encrypt is encrypted by described encrypted card;
The information of encrypted result is sent to manager by described ciphering terminal。
Second aspect, the present invention provides a kind of method that ciphering terminal remotely manages, and is applied to ciphering terminal, and described ciphering terminal includes encrypted card, and described method includes:
Manager distribution encryption and decryption double secret key;Described encryption and decryption double secret key includes: encryption key and decruption key;
Described manager adopts the PKI of described encrypted card that described encryption key is encrypted;
Described manager sends the encryption key after encrypting to described ciphering terminal, so that described encryption key is decrypted by described ciphering terminal by described encrypted card, and adopts the encryption key after deciphering that the file that need to encrypt is encrypted by described encrypted card;
Described manager receives the information of the encrypted result that described ciphering terminal sends。
The third aspect, the present invention provides a kind of ciphering terminal, and described ciphering terminal includes encrypted card, and described ciphering terminal also includes:
Acquisition module, is used for obtaining encryption key;
Deciphering module, for being decrypted described encryption key by the private key of described encrypted card;Described encryption key is the key after manager adopts the encryption key of encryption and decryption cipher key pair that described manager is distributed by the PKI of described encrypted card to be encrypted;
Encrypting module, is encrypted the file that need to encrypt for the encryption key after adopting deciphering by described encrypted card;
Sending module, for being sent to manager by the information of encrypted result。
Fourth aspect, the present invention provides a kind of manager, including:
Distribution module, is used for distributing encryption and decryption double secret key;Described encryption and decryption double secret key includes: encryption key and decruption key;
Encrypting module, for adopting the PKI of described encrypted card that described encryption key is encrypted;
Sending module, for the encryption key after sending encryption to described ciphering terminal, so that described encryption key is decrypted by described ciphering terminal by described encrypted card, and is encrypted the file that need to encrypt by the encryption key after the employing deciphering of described encrypted card;
Receiver module, for receiving the information of the encrypted result that described ciphering terminal sends。
Method, ciphering terminal and the manager that ciphering terminal of the present invention remotely manages, is obtained encryption key by ciphering terminal, and by the private key of described encrypted card, described encryption key is decrypted;Described encryption key is the key after manager adopts the encryption key of encryption and decryption cipher key pair that described manager is distributed by the PKI of described encrypted card to be encrypted;Ciphering terminal adopts the encryption key after deciphering that the file that need to encrypt is encrypted by described encrypted card;The information of encrypted result is sent to manager by ciphering terminal, achieve the long-range management to ciphering terminal, namely when ciphering terminal cannot be operated by terminal use, it is also possible to the file in ciphering terminal is encrypted, compared to existing technologies, safety is higher。
Accompanying drawing explanation
In order to be illustrated more clearly that the embodiment of the present invention or technical scheme of the prior art, the accompanying drawing used required in embodiment or description of the prior art will be briefly described below, apparently, accompanying drawing in the following describes is some embodiments of the present invention, for those of ordinary skill in the art, under the premise not paying creative work, it is also possible to obtain other accompanying drawing according to these accompanying drawings。
Fig. 1 is the schematic flow sheet of method one embodiment that ciphering terminal of the present invention remotely manages;
Fig. 2 is the network topological diagram of the inventive method embodiment;
Fig. 3 is the interaction flow schematic diagram one of the inventive method embodiment;
Fig. 4 is the interaction flow schematic diagram two of the inventive method embodiment;
Fig. 5 is the interaction flow schematic diagram of another embodiment of the inventive method;
Fig. 6 is the schematic flow sheet of another embodiment of method that ciphering terminal of the present invention remotely manages;
Fig. 7 is the structural representation of ciphering terminal one embodiment of the present invention;
Fig. 8 is the structural representation of manager one embodiment of the present invention。
Detailed description of the invention
For making the purpose of the embodiment of the present invention, technical scheme and advantage clearly, below in conjunction with the accompanying drawing in the embodiment of the present invention, technical scheme in the embodiment of the present invention is clearly and completely described, obviously, described embodiment is a part of embodiment of the present invention, rather than whole embodiments。Based on the embodiment in the present invention, the every other embodiment that those of ordinary skill in the art obtain under not making creative work premise, broadly fall into the scope of protection of the invention。
Fig. 1 is the schematic flow sheet of method one embodiment that ciphering terminal of the present invention remotely manages。Fig. 2 is the network topological diagram of the inventive method embodiment。Fig. 3 is the interaction flow schematic diagram one of the inventive method embodiment。Fig. 4 is the interaction flow schematic diagram two of the inventive method embodiment。As it is shown in figure 1, the method for the present embodiment, being applied to ciphering terminal, this ciphering terminal includes encrypted card, and the executive agent of the present embodiment is ciphering terminal, and described method includes:
Step 101, ciphering terminal obtain encryption key, and by the private key of described encrypted card, described encryption key are decrypted;Described encryption key is the key after manager adopts the encryption key of encryption and decryption cipher key pair that described manager is distributed by the PKI of described encrypted card to be encrypted;
Step 102, described ciphering terminal adopt the encryption key after deciphering that the file that need to encrypt is encrypted by described encrypted card;
The information of encrypted result is sent to manager by step 103, described ciphering terminal;
Wherein, the information of described encrypted result may include that the identification information of encryption times, the identification information of described encrypted card, described ciphering terminal。
Specifically, if need the application in ciphering terminal or file are encrypted, such as ciphering terminal is lost, or when after ciphering terminal loss, user needs to report the loss, such as Fig. 3, shown in Fig. 4, ciphering terminal obtains encryption key, can be such as that ciphering terminal sends key request to manager, or, manager is initiated request by terminal use, and after the authentication of this terminal use passed through by manager, manager distribution encryption and decryption double secret key, this encryption and decryption double secret key includes encryption key and decruption key, encryption key after the public key encryption of the described encrypted card of employing is handed down to ciphering terminal with the form of note (or network data transmission) by manager, ciphering terminal is decrypted by the private key pair encryption key of encrypted card, and adopt the encryption key after deciphering that the file that need to encrypt is encrypted, thus the data protected in ciphering terminal。The encryption key that manager issues is encrypted by adopting the PKI in ciphering terminal, it is possible to effectively prevent key to be intercepted in transmitting procedure, thus ensureing to issue the safety of key。
Ciphering terminal obtain key mode can also by ciphering terminal timing or keep in real time one the mode such as to be connected with manager long obtaining key, by advance key storage to encrypted card being realized the encryption to file。
Encrypting after successfully, the information of encrypted result can be returned to manager by ciphering terminal, and manager can store the scrambled record of the information including encrypted result, and this scrambled record can also include the encryption and decryption double secret key of manager distribution。
Wherein, in actual applications, as it is shown on figure 3, before described ciphering terminal acquisition encryption key, also include:
The identity of terminal use is verified by described ciphering terminal by described encrypted card;
If checking is not passed through, then send key request, encryption key described in acquisition request to manager。
Specifically, when subscriber authentication uses the encryption application in ciphering terminal and file for user every time, if subscriber authentication failure, now ciphering terminal is likely to lose, in order to ensure the safety of data in ciphering terminal, therefore ciphering terminal sends key request to administrative center, obtains the encryption key file to needing encryption in ciphering terminal and is encrypted。
Wherein, in actual applications, as shown in Figure 4, described ciphering terminal obtains encryption key, including:
When described manager is to after being verified of user identity, described ciphering terminal receives the described encryption key that described manager sends。
Specifically, manager is sometimes for remotely controlling encryption application and file in ciphering terminal, for instance the file in ciphering terminal is encrypted。Such as when needing after user encryption lost terminal to report the loss or needing, after authentication failure, situations such as reactivating, at this moment, manager has only to the identification card number by terminal use, phone number, or the Back ground Information such as service password checking identity is (different to the requirement of security performance according to reality, checking information and mode are not limited to these several), when being verified, remotely the encryption application in ciphering terminal and file can be encrypted, information according to terminal use and the information of encrypted card, distribution encryption and decryption double secret key, it is sent to ciphering terminal after being encrypted by the encryption key of encryption and decryption cipher key pair, after encryption key is decrypted by ciphering terminal, utilize this encryption key that the file that need to encrypt is encrypted, thus realizing the long-range management to ciphering terminal。
Authentication is except above-mentioned mode, for instance can also by being connected the formal verification user identity such as comparison identity card picture and bio-identification (such as fingerprint, face) with user video。
The method that the ciphering terminal that the present embodiment provides remotely manages, is obtained encryption key by ciphering terminal, and by the private key of described encrypted card, described encryption key is decrypted;Described encryption key is the key after manager adopts the encryption key of encryption and decryption cipher key pair that described manager is distributed by the PKI of described encrypted card to be encrypted;Ciphering terminal adopts the encryption key after deciphering that the file that need to encrypt is encrypted by described encrypted card;The information of encrypted result is sent to manager by ciphering terminal, achieve the long-range management to ciphering terminal, namely when ciphering terminal cannot be operated by terminal use, it is also possible to the file in ciphering terminal is encrypted, compared to existing technologies, safety is higher。
Fig. 5 is the interaction flow schematic diagram of another embodiment of the inventive method。On the embodiment basis shown in Fig. 1, in actual applications, the method for the present embodiment, also include:
Described ciphering terminal obtains decruption key, and by the private key of described encrypted card, described decruption key is decrypted;Described decruption key is the key after manager adopts the decruption key of encryption and decryption cipher key pair that described manager is distributed by the PKI of described encrypted card to be encrypted;
Described ciphering terminal adopts the decruption key after deciphering that the file that need to decipher is decrypted by described encrypted card;
The information of decrypted result is sent to manager by described ciphering terminal;
Wherein, the information of described decrypted result includes: decryption time, the identification information of described encrypted card, described ciphering terminal identification information。
Wherein, in actual applications, described ciphering terminal obtains decruption key, including:
When described manager is to after being verified of user identity, described ciphering terminal receives the described decruption key that described manager sends。
Specifically, manager is sometimes for remotely controlling encryption application and file in ciphering terminal, for instance the file in ciphering terminal is decrypted。Such as when needing to reactivate situations such as (as when forgetting Password) after user encryption lost terminal is given for change again or after authentication failure, at this moment, as shown in Figure 5, manager receives the request that encryption application or file are decrypted that terminal use sends, and manager is by Back ground Information checking user identity such as the identification card number of terminal use, phone number, service passwords;After authentication success, the information such as the binding of subscriber phone number, the ID of encrypted card, encrypted card and ciphering terminal and this user encryption application enciphering/deciphering record are inquired about by administrative center;By a up-to-date scrambled record, the encryption and decryption key used during manager inquiry encryption;Manager uses the PKI of encrypted card that decruption key is encrypted, and obtains a new decruption key, is handed down to and the ciphering terminal of encrypted card binding with the form of note (or network data transmission) by this decruption key;This decruption key that ciphering terminal receiving management device issues, and adopt the private key of encrypted card that this decruption key is decrypted;And use the file that the need in ciphering terminal are deciphered by the decruption key after deciphering to be decrypted;After successful decryption, the information of decrypted result being returned to manager, manager stores this deciphering record。
Ciphering terminal obtain key mode can also by ciphering terminal timing or keep in real time one the mode such as to be connected with manager long obtaining key, by advance key storage to encrypted card being realized the deciphering to file。
In above-mentioned detailed description of the invention, ciphering terminal obtains decruption key, and by the private key of described encrypted card, described decruption key is decrypted;Described decruption key is the key after manager adopts the decruption key of encryption and decryption cipher key pair that described manager is distributed by the PKI of described encrypted card to be encrypted;Ciphering terminal adopts the decruption key after deciphering that the file that need to decipher is decrypted by described encrypted card, achieve the long-range management to ciphering terminal, not only need to reactivate situations such as (as forgetting Password) when user encryption lost terminal but also after giving for change or after authentication failure, when ciphering terminal cannot be operated by terminal use, it is also possible to the file in ciphering terminal is decrypted。
Fig. 6 is the schematic flow sheet of another embodiment of method that ciphering terminal of the present invention remotely manages。As shown in Figure 6, the method for the present embodiment is applied to ciphering terminal, and described ciphering terminal includes encrypted card, and the executive agent of the present embodiment is manager, and described method includes:
Step 601, manager distribution encryption and decryption double secret key;Described encryption and decryption double secret key includes: encryption key and decruption key;
Step 602, described manager adopt the PKI of described encrypted card that described encryption key is encrypted;
Step 603, described manager send the encryption key after encrypting to described ciphering terminal, so that described encryption key is decrypted by described ciphering terminal by described encrypted card, and adopt the encryption key after deciphering that the file that need to encrypt is encrypted by described encrypted card;
Step 604, described manager receive the information of the encrypted result that described ciphering terminal sends;
Wherein, the information of described encrypted result includes: encryption times, the identification information of described encrypted card, described ciphering terminal identification information。
Specifically, if need the application in ciphering terminal or file are encrypted, such as ciphering terminal is lost, or when after ciphering terminal loss, user needs to report the loss, such as Fig. 3, shown in Fig. 4, ciphering terminal obtains encryption key, can be such as that ciphering terminal sends key request to manager, or, manager is initiated request by terminal use, and after the authentication of this terminal use passed through by manager, manager distribution encryption and decryption double secret key, this encryption and decryption double secret key includes encryption key and decruption key, encryption key after the public key encryption of the described encrypted card of employing is handed down to ciphering terminal with the form of note (or network data transmission) by manager, ciphering terminal is decrypted by the private key pair encryption key of encrypted card, and adopt the encryption key after deciphering that the file that need to encrypt is encrypted, thus the data protected in ciphering terminal。The encryption key that manager issues is encrypted by adopting the PKI in ciphering terminal, it is possible to effectively prevent key to be intercepted in transmitting procedure, thus ensureing to issue the safety of key。
Encrypting after successfully, the information of encrypted result can be returned to manager by ciphering terminal, and manager can store the scrambled record of the information including encrypted result, and this scrambled record can also include the encryption and decryption double secret key of manager distribution。
Wherein, in actual applications, described manager storage scrambled record;Described scrambled record includes: the information of described encrypted result, described encryption and decryption double secret key。
Wherein, in actual applications, before described manager distribution encryption and decryption double secret key, also include:
The identity of the user of described ciphering terminal is verified。
On the embodiment basis shown in Fig. 6, in actual applications, the method for the present embodiment, also include:
The encryption and decryption double secret key used in described scrambled record inquired about by described manager;Described encryption and decryption double secret key includes: encryption key and decruption key;
Described manager adopts the PKI of described encrypted card that described decruption key is encrypted;
Described manager sends the decruption key after encrypting to described ciphering terminal, so that described decruption key is decrypted by described ciphering terminal by the private key of described encrypted card, and adopt the decruption key after deciphering that the file that need to decipher is decrypted by described encrypted card;
Described manager receives the information of the decrypted result that described ciphering terminal sends;
Wherein, the information of described decrypted result includes: decryption time, the identification information of described encrypted card, described ciphering terminal identification information。
Wherein, in actual applications, described manager storage deciphering record;Described deciphering record includes: the information of described decrypted result, described encryption and decryption double secret key。
Specifically, as it is shown in figure 5, manager receives the request that encryption application or file are decrypted that terminal use sends, manager is by Back ground Information checking user identity such as the identification card number of terminal use, phone number, service passwords;After authentication success, the information such as the binding of subscriber phone number, the ID of encrypted card, encrypted card and ciphering terminal and this user encryption application enciphering/deciphering record are inquired about by administrative center;By a up-to-date scrambled record, the encryption and decryption key used during manager inquiry encryption;Manager uses the PKI of encrypted card that decruption key is encrypted, and obtains a new decruption key, is handed down to and the ciphering terminal of encrypted card binding with the form of note (or network data transmission) by this decruption key;This decruption key that ciphering terminal receiving management device issues, and adopt the private key of encrypted card that this decruption key is decrypted;And use the file that the need in ciphering terminal are deciphered by the decruption key after deciphering to be decrypted;After successful decryption, the information of decrypted result being returned to manager, manager stores this deciphering record。
It should be noted that for the embodiment of the method for manager side, owing to it essentially corresponds to the embodiment of the method for ciphering terminal side, so relevant part illustrates referring to the part of the embodiment of the method for ciphering terminal side。
Fig. 7 is the structural representation of ciphering terminal one embodiment of the present invention。As it is shown in fig. 7, the ciphering terminal of the present embodiment includes encrypted card (not shown), also include: acquisition module 701, deciphering module 702, encrypting module 703 and sending module 704;
Wherein, acquisition module 701, it is used for obtaining encryption key;
Deciphering module 702, for being decrypted described encryption key by the private key of described encrypted card;Described encryption key is the key after manager adopts the encryption key of encryption and decryption cipher key pair that described manager is distributed by the PKI of described encrypted card to be encrypted;
Encrypting module 703, is encrypted the file that need to encrypt for the encryption key after adopting deciphering by described encrypted card;
Sending module 704, for being sent to manager by the information of encrypted result。
Alternatively, as a kind of enforceable mode, described acquisition module 701, it is additionally operable to obtain decruption key;
Described deciphering module 702, is additionally operable to the private key by described encrypted card and described decruption key is decrypted;Described decruption key is the key after manager adopts the decruption key of encryption and decryption cipher key pair that described manager is distributed by the PKI of described encrypted card to be encrypted;
Described deciphering module 702, is additionally operable to the decruption key after adopting deciphering by described encrypted card and the file that need to decipher is decrypted;
Described sending module 704, is additionally operable to the information of decrypted result is sent to manager。
Alternatively, as a kind of enforceable mode, also include:
Authentication module, for being verified the identity of terminal use by described encrypted card;
If checking is not passed through, then sending module 704 is for sending key request, encryption key described in acquisition request to manager。
Alternatively, as a kind of enforceable mode, described acquisition module 701, specifically for:
When described manager is to after being verified of the identity of terminal use, described ciphering terminal receives the described encryption key that described manager sends。
Alternatively, as a kind of enforceable mode, described acquisition module 701, specifically for:
When described manager is to after being verified of user identity, described ciphering terminal receives the described decruption key that described manager sends。
It should be noted that for the embodiment of ciphering terminal, owing to it essentially corresponds to the embodiment of the method for ciphering terminal side, so relevant part illustrates referring to the part of the embodiment of the method for ciphering terminal side。
Fig. 8 is the structural representation of manager one embodiment of the present invention。As shown in Figure 8, the manager of the present embodiment, including: distribution module 801, encrypting module 802, sending module 803 and receiver module 804;
Wherein, distribute module 801, be used for distributing encryption and decryption double secret key;Described encryption and decryption double secret key includes: encryption key and decruption key;
Encrypting module 802, for adopting the PKI of described encrypted card that described encryption key is encrypted;
Sending module 803, for the encryption key after sending encryption to described ciphering terminal, so that described encryption key is decrypted by described ciphering terminal by described encrypted card, and adopt the encryption key after deciphering that the file that need to encrypt is encrypted by described encrypted card;
Receiver module 804, for receiving the information of the encrypted result that described ciphering terminal sends。
Alternatively, as a kind of enforceable mode, also include:
Memory module, is used for storing scrambled record;Described scrambled record includes: the information of described encrypted result, described encryption and decryption double secret key。
Alternatively, as a kind of enforceable mode, also include:
Acquisition module, for obtaining the encryption and decryption double secret key used in described scrambled record;Described encryption and decryption double secret key includes: encryption key and decruption key;
Described encrypting module 802, is additionally operable to the PKI adopting described encrypted card and described decruption key is encrypted;
Described sending module 803, it is additionally operable to the decruption key after sending encryption to described ciphering terminal, so that described decruption key is decrypted by described ciphering terminal by the private key of described encrypted card, and adopt the decruption key after deciphering that the file that need to decipher is decrypted by described encrypted card;
Described receiver module 804, is additionally operable to receive the information of the decrypted result that described ciphering terminal sends。
Alternatively, as a kind of enforceable mode, described memory module, it is additionally operable to storage deciphering record;Described deciphering record includes: the information of described decrypted result, described encryption and decryption double secret key。
Alternatively, as a kind of enforceable mode, also include:
Authentication module, for being verified the identity of the user of described ciphering terminal。
It should be noted that for the embodiment of manager, owing to it essentially corresponds to the embodiment of the method for manager side, so relevant part illustrates referring to the part of the embodiment of the method for manager side。
One of ordinary skill in the art will appreciate that: all or part of step realizing said method embodiment can be completed by the hardware that programmed instruction is relevant, aforesaid program can be stored in a computer read/write memory medium, this program upon execution, performs to include the step of said method embodiment;And aforesaid storage medium includes: the various media that can store program code such as ROM, RAM, magnetic disc or CDs。
Last it is noted that various embodiments above is only in order to illustrate technical scheme, it is not intended to limit;Although the present invention being described in detail with reference to foregoing embodiments, it will be understood by those within the art that: the technical scheme described in foregoing embodiments still can be modified by it, or wherein some or all of technical characteristic is carried out equivalent replacement;And these amendments or replacement, do not make the essence of appropriate technical solution depart from the scope of various embodiments of the present invention technical scheme。
Claims (15)
1. the method that a ciphering terminal remotely manages, it is characterised in that be applied to ciphering terminal, described ciphering terminal includes encrypted card, and described method includes:
Ciphering terminal obtains encryption key, and by the private key of described encrypted card, described encryption key is decrypted;Described encryption key is the key after manager adopts the encryption key of encryption and decryption cipher key pair that described manager is distributed by the PKI of described encrypted card to be encrypted;
Described ciphering terminal adopts the encryption key after deciphering that the file that need to encrypt is encrypted by described encrypted card;
The information of encrypted result is sent to manager by described ciphering terminal。
2. method according to claim 1, it is characterised in that also include:
Described ciphering terminal obtains decruption key, and by the private key of described encrypted card, described decruption key is decrypted;Described decruption key is the key after manager adopts the decruption key of encryption and decryption cipher key pair that described manager is distributed by the PKI of described encrypted card to be encrypted;
Described ciphering terminal adopts the decruption key after deciphering that the file that need to decipher is decrypted by described encrypted card;
The information of decrypted result is sent to manager by described ciphering terminal。
3. method according to claim 1 and 2, it is characterised in that described ciphering terminal also includes before obtaining encryption key:
The identity of terminal use is verified by described ciphering terminal by described encrypted card;
If checking is not passed through, then send key request, encryption key described in acquisition request to manager。
4. method according to claim 1 and 2, it is characterised in that described ciphering terminal obtains encryption key, including:
When described manager is to after being verified of the identity of terminal use, described ciphering terminal receives the described encryption key that described manager sends。
5. method according to claim 2, it is characterised in that described ciphering terminal obtains decruption key, including:
When described manager is to after being verified of user identity, described ciphering terminal receives the described decruption key that described manager sends。
6. the method that a ciphering terminal remotely manages, it is characterised in that be applied to ciphering terminal, described ciphering terminal includes encrypted card, and described method includes:
Manager distribution encryption and decryption double secret key;Described encryption and decryption double secret key includes: encryption key and decruption key;
Described manager adopts the PKI of described encrypted card that described encryption key is encrypted;
Described manager sends the encryption key after encrypting to described ciphering terminal, so that described encryption key is decrypted by described ciphering terminal by described encrypted card, and adopts the encryption key after deciphering that the file that need to encrypt is encrypted by described encrypted card;
Described manager receives the information of the encrypted result that described ciphering terminal sends。
7. method according to claim 6, it is characterised in that described manager storage scrambled record;Described scrambled record includes: the information of described encrypted result, described encryption and decryption double secret key。
8. method according to claim 7, it is characterised in that also include:
Described manager obtains the encryption and decryption double secret key used in described scrambled record;Described encryption and decryption double secret key includes: encryption key and decruption key;
Described manager adopts the PKI of described encrypted card that described decruption key is encrypted;
Described manager sends the decruption key after encrypting to described ciphering terminal, so that described decruption key is decrypted by described ciphering terminal by the private key of described encrypted card, and adopt the decruption key after deciphering that the file that need to decipher is decrypted by described encrypted card;
Described manager receives the information of the decrypted result that described ciphering terminal sends。
9. method according to claim 8, it is characterised in that described manager storage deciphering record;Described deciphering record includes: the information of described decrypted result, described encryption and decryption double secret key。
10. the method according to any one of claim 6-9, it is characterised in that before described manager distribution encryption and decryption double secret key, also include:
The identity of the user of described ciphering terminal is verified。
11. a ciphering terminal, it is characterised in that described ciphering terminal includes encrypted card, and described ciphering terminal also includes:
Acquisition module, is used for obtaining encryption key;
Deciphering module, for being decrypted described encryption key by the private key of described encrypted card;Described encryption key is the key after manager adopts the encryption key of encryption and decryption cipher key pair that described manager is distributed by the PKI of described encrypted card to be encrypted;
Encrypting module, is encrypted the file that need to encrypt for the encryption key after adopting deciphering by described encrypted card;
Sending module, for being sent to manager by the information of encrypted result。
12. ciphering terminal according to claim 11, it is characterised in that
Described acquisition module, is additionally operable to obtain decruption key;
Described deciphering module, is additionally operable to the private key by described encrypted card and described decruption key is decrypted;Described decruption key is the key after manager adopts the decruption key of encryption and decryption cipher key pair that described manager is distributed by the PKI of described encrypted card to be encrypted;
Described deciphering module, is additionally operable to the decruption key after adopting deciphering by described encrypted card and the file that need to decipher is decrypted;
Described sending module, is additionally operable to the information of decrypted result is sent to manager。
13. a manager, it is characterised in that including:
Distribution module, is used for distributing encryption and decryption double secret key;Described encryption and decryption double secret key includes: encryption key and decruption key;
Encrypting module, for adopting the PKI of described encrypted card that described encryption key is encrypted;
Sending module, for the encryption key after sending encryption to described ciphering terminal, so that described encryption key is decrypted by described ciphering terminal by described encrypted card, and is encrypted the file that need to encrypt by the encryption key after the employing deciphering of described encrypted card;
Receiver module, for receiving the information of the encrypted result that described ciphering terminal sends。
14. manager according to claim 13, it is characterised in that also include:
Memory module, is used for storing scrambled record;Described scrambled record includes: the information of described encrypted result, described encryption and decryption double secret key。
15. manager according to claim 14, it is characterised in that also include:
Acquisition module, for obtaining the encryption and decryption double secret key used in described scrambled record;Described encryption and decryption double secret key includes: encryption key and decruption key;
Described encrypting module, is additionally operable to the PKI adopting described encrypted card and described decruption key is encrypted;
Described sending module, it is additionally operable to the decruption key after sending encryption to described ciphering terminal, so that described decruption key is decrypted by described ciphering terminal by the private key of described encrypted card, and adopt the decruption key after deciphering that the file that need to decipher is decrypted by described encrypted card;
Described receiver module, is additionally operable to receive the information of the decrypted result that described ciphering terminal sends。
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610131161.3A CN105701390A (en) | 2016-03-08 | 2016-03-08 | Encryption terminal remote management method, encryption terminal and manager |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610131161.3A CN105701390A (en) | 2016-03-08 | 2016-03-08 | Encryption terminal remote management method, encryption terminal and manager |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105701390A true CN105701390A (en) | 2016-06-22 |
Family
ID=56221029
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610131161.3A Pending CN105701390A (en) | 2016-03-08 | 2016-03-08 | Encryption terminal remote management method, encryption terminal and manager |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105701390A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106656510A (en) * | 2017-01-04 | 2017-05-10 | 天地融科技股份有限公司 | Encryption key acquisition method and system |
| CN106682521A (en) * | 2016-11-28 | 2017-05-17 | 北京计算机技术及应用研究所 | File transparent encryption and decryption system and method based on driver layer |
| CN107181589A (en) * | 2017-04-11 | 2017-09-19 | 北京奇艺世纪科技有限公司 | A kind of fort machine private key management method and device |
| CN111314062A (en) * | 2020-01-14 | 2020-06-19 | 支付宝(杭州)信息技术有限公司 | Smart card data issuing method and device, electronic equipment and storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050144439A1 (en) * | 2003-12-26 | 2005-06-30 | Nam Je Park | System and method of managing encryption key management system for mobile terminals |
| CN101115060A (en) * | 2007-08-09 | 2008-01-30 | 上海格尔软件股份有限公司 | Method for protecting user encryption key in asymmetric cipher key transmitting process of user key management system |
| CN103067160A (en) * | 2013-01-14 | 2013-04-24 | 江苏智联天地科技有限公司 | Method and system of generation of dynamic encrypt key of encryption secure digital memory card (SD) |
| CN103259651A (en) * | 2013-05-30 | 2013-08-21 | 成都欣知科技有限公司 | Encryption and decryption method and system of terminal data |
| CN105187640A (en) * | 2015-08-21 | 2015-12-23 | 上海斐讯数据通信技术有限公司 | Anti-theft method and system of mobile terminal |
-
2016
- 2016-03-08 CN CN201610131161.3A patent/CN105701390A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050144439A1 (en) * | 2003-12-26 | 2005-06-30 | Nam Je Park | System and method of managing encryption key management system for mobile terminals |
| CN101115060A (en) * | 2007-08-09 | 2008-01-30 | 上海格尔软件股份有限公司 | Method for protecting user encryption key in asymmetric cipher key transmitting process of user key management system |
| CN103067160A (en) * | 2013-01-14 | 2013-04-24 | 江苏智联天地科技有限公司 | Method and system of generation of dynamic encrypt key of encryption secure digital memory card (SD) |
| CN103259651A (en) * | 2013-05-30 | 2013-08-21 | 成都欣知科技有限公司 | Encryption and decryption method and system of terminal data |
| CN105187640A (en) * | 2015-08-21 | 2015-12-23 | 上海斐讯数据通信技术有限公司 | Anti-theft method and system of mobile terminal |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106682521A (en) * | 2016-11-28 | 2017-05-17 | 北京计算机技术及应用研究所 | File transparent encryption and decryption system and method based on driver layer |
| CN106682521B (en) * | 2016-11-28 | 2020-02-07 | 北京计算机技术及应用研究所 | File transparent encryption and decryption system and method based on driver layer |
| CN106656510A (en) * | 2017-01-04 | 2017-05-10 | 天地融科技股份有限公司 | Encryption key acquisition method and system |
| CN106656510B (en) * | 2017-01-04 | 2019-07-30 | 天地融科技股份有限公司 | A kind of encryption key acquisition methods and system |
| CN107181589A (en) * | 2017-04-11 | 2017-09-19 | 北京奇艺世纪科技有限公司 | A kind of fort machine private key management method and device |
| CN107181589B (en) * | 2017-04-11 | 2020-09-22 | 北京奇艺世纪科技有限公司 | Bastion machine private key management method and device |
| CN111314062A (en) * | 2020-01-14 | 2020-06-19 | 支付宝(杭州)信息技术有限公司 | Smart card data issuing method and device, electronic equipment and storage medium |
| CN111314062B (en) * | 2020-01-14 | 2022-10-18 | 支付宝(杭州)信息技术有限公司 | Smart card data issuing method and device, electronic equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107358441B (en) | Payment verification method and system, mobile device and security authentication device | |
| CN103179086B (en) | Remote storage processing method and the system of data | |
| CN101950347B (en) | Method and system for encrypting data | |
| CN106227503A (en) | Safety chip COS firmware update, service end, terminal and system | |
| CN105653986B (en) | A kind of data guard method and device based on microSD card | |
| CN110868291B (en) | Data encryption transmission method, device, system and storage medium | |
| CN101783800A (en) | Embedded system safety communication method, device and system | |
| CN102123027A (en) | Information security processing method and mobile terminal | |
| CN102801730A (en) | Information protection method and device for communication and portable devices | |
| CN107547203B (en) | Anti-counterfeiting tracing method and system | |
| CN104200176A (en) | System and method for carrying out transparent encryption and decryption on file in intelligent mobile terminal | |
| CN101771680B (en) | Method for writing data to smart card, system and remote writing-card terminal | |
| CN111970114B (en) | File encryption method, system, server and storage medium | |
| CN103248476A (en) | Data encryption key management method, system and terminal | |
| CN108809936B (en) | Intelligent mobile terminal identity verification method based on hybrid encryption algorithm and implementation system thereof | |
| CN102866960A (en) | Method for realizing encryption in storage card, decrypting method and device | |
| CN105701390A (en) | Encryption terminal remote management method, encryption terminal and manager | |
| CN113472793A (en) | Personal data protection system based on hardware password equipment | |
| CN103577769A (en) | File content safety management method and management system | |
| CN103177225B (en) | A kind of data managing method and system | |
| CN112507296A (en) | User login verification method and system based on block chain | |
| CN104796399A (en) | Key negotiation method of data encryption transmission | |
| CN103207976A (en) | Mobile storage file leakage-preventing method and confidential U-disk based on same | |
| KR20190134935A (en) | System for protecting personal stored file securely in cloud environment | |
| CN103577763A (en) | Mobile terminal device with data protection function and data protection method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20160622 |
|
| RJ01 | Rejection of invention patent application after publication |