CN106341226A - Data encryption and decryption method and system - Google Patents
Data encryption and decryption method and system Download PDFInfo
- Publication number
- CN106341226A CN106341226A CN201610887412.0A CN201610887412A CN106341226A CN 106341226 A CN106341226 A CN 106341226A CN 201610887412 A CN201610887412 A CN 201610887412A CN 106341226 A CN106341226 A CN 106341226A
- Authority
- CN
- China
- Prior art keywords
- card
- key
- data
- password
- cipher
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 102
- 238000012545 processing Methods 0.000 claims abstract description 100
- 230000008569 process Effects 0.000 claims abstract description 71
- 230000001360 synchronised effect Effects 0.000 claims description 14
- 238000002372 labelling Methods 0.000 description 6
- 230000005540 biological transmission Effects 0.000 description 5
- 230000002159 abnormal effect Effects 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 4
- 230000006870 function Effects 0.000 description 3
- 238000005728 strengthening Methods 0.000 description 3
- 238000004891 communication Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000002085 persistent effect Effects 0.000 description 2
- 241001269238 Data Species 0.000 description 1
- 239000000654 additive Substances 0.000 description 1
- 230000000996 additive effect Effects 0.000 description 1
- 230000004888 barrier function Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 235000013399 edible fruits Nutrition 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a data encryption and decryption method and system. The system comprises a processor, a first cipher card and a second cipher card. The first cipher card and the second cipher card store the same first user secret keys, and the processor, when receiving a processing request for service data, sends the processing request to the first cipher card to enable the first cipher card to process the service data by use of the first user secret key when receiving the processing request and to obtain and return first processing data; the processor determines whether the first processing data is received, if not, sends the processing request to the second cipher card so as to enable the second cipher card to process the service data by use of the first user secret key when receiving the processing request and to obtain and return second processing data; and the processor receives the second processing data. By use of the technical scheme provided by the embodiments of the invention, the service data can be continuously processed, and thus the reliability of cipher operation is improved.
Description
Technical field
The present invention relates to computer information safety technique field, more particularly to a kind of data encryption/decryption method and system.
Background technology
With the fast development of information technology, information security is of increased attention.For strengthening the safety of data
Property, mostly the data preserving in application system is through encryption, when needing to read data, then at corresponding deciphering
Reason.
In the prior art, mostly application system is to carry out encryption and decryption process using monolithic cipher card to data, in cipher card
The significant data such as user key backed up outside application system.
This method haves the shortcomings that certain, once password card software or hardware go wrong, technical staff is to password
When card is changed or repaired, application system will be unable to carry out encryption and decryption process to data, it will leads to application system to overstock
, there is security risk in substantial amounts of be-encrypted data, or, lead to mass data cannot normally read, impact is closed with application system
The normal work of the other system of connection.
Content of the invention
It is an object of the invention to provide a kind of data encryption/decryption method and system, to improve Information Security, it is to avoid impact
The normal work of the other system associating with application system, improves the reliability of crypto-operation.
A kind of data encrypting and deciphering system, comprising: processor, first password card and the second cipher card, described processor is respectively
It is connected with described first password card and described second cipher card, be stored with described first password card and described second cipher card phase
Same first user key, wherein,
Described processor, for when receiving the process request for business datum, described process request being sent to
Described first password card;Determine whether to receive first process corresponding with described business datum that described first password card returns
Data;If it is not, then described process request is sent to described second cipher card;Receive described second cipher card return with institute
State business datum corresponding second processing data;Described process is asked as encryption processing request or decryption processing request;
Described first password card, for when receiving described process request, using described first user key handling institute
State business datum, obtain and return described first processing data;
Described second cipher card, for when receiving described process request, using described first user key handling institute
State business datum, obtain and return described second processing data.
In a kind of specific embodiment of the present invention,
Described first password card, is additionally operable to, when receiving first key and generating instruction, generate and to preserve second user close
Key, and described second user key synchronization is given described second cipher card.
In a kind of specific embodiment of the present invention,
Described first password card, specifically for after generating described second user key, according to default create-rule
Generate symmetric key;Using second user key described in described symmetric key encryption, obtain first key data;Using described
Symmetric key described in the public key encryption of two cipher cards, obtains the second key data;Described first key data and described will be comprised
The ciphertext of the second key data is sent to described second cipher card;
Described second cipher card, is additionally operable to receive described ciphertext;Decipher described second key data using the private key of oneself,
Obtain described symmetric key;Using first key data described in described symmetric key decryption, obtain and preserve described second user
Key.
In a kind of specific embodiment of the present invention,
Described processor, is additionally operable to not receive the corresponding with described business datum of described first password card return in determination
The first processing data when, described first password card is labeled as bad the card.
In a kind of specific embodiment of the present invention,
Described processor, is additionally operable to detect whether described first password card is repaired at set time intervals and completes;As
Fruit is then to send the second key synchronization instruction to described second cipher card, so that described second cipher card is currently stored by it
User key is synchronized to described first password card.
A kind of data encryption/decryption method, is applied to processor, described processor respectively with first password card and the second password
Card connects, and be stored with described first password card and described second cipher card identical first user key, and described data adds solution
Decryption method includes:
Receive the process request for business datum, described process request is encryption processing request or decryption processing please
Ask;
Described process request is sent to described first password card, so that described first password is stuck in receives described process
During request, using business datum described in described first user key handling, obtain and return the first processing data;
Determine whether to receive described first processing data;
If it is not, then described process request is sent to described second cipher card, so that described second cipher card is receiving
To during described process request, using business datum described in described first user key handling, obtain and return described second processing
Data;
Receive described second processing data.
In a kind of specific embodiment of the present invention, also include:
Send first key to described first password card and generate instruction, so that described first password is stuck in receives described the
When one key generates instruction, generate and preserve second user key, and described second user key synchronization is close to described second
Code card.
In a kind of specific embodiment of the present invention, also include:
Send first key synchronic command to described first password card, so that described first password is stuck in generation described second
After user key, symmetric key is generated according to default create-rule;Using second user described in described symmetric key encryption
Key, obtains first key data;Using the symmetric key described in public key encryption of described second cipher card, obtain the second cipher key number
According to;The ciphertext comprising described first key data and described second key data is sent to described second cipher card;So that institute
Stating the second cipher card uses the private key of oneself to decipher described second key data, obtains described symmetric key;Using described symmetrical
First key data described in secret key decryption, obtains and preserves described second user key.
In a kind of specific embodiment of the present invention, also include:
When determination does not receive described first processing data, described first password card is labeled as bad the card.
In a kind of specific embodiment of the present invention, also include:
Detect whether described first password card is repaired at set time intervals to complete;
If it is, to described second cipher card send second key synchronization instruction so that described second cipher card by its
Currently stored user key is synchronized to described first password card.
The technical scheme that the application embodiment of the present invention is provided, the system that the application embodiment of the present invention is provided, in hardware
Aspect carries out the hot standby of the significant datas such as user key using Double-puzzle card, when one of cipher card breaks down, permissible
Directly business datum is encrypted or decryption processing using another cipher card, can continuously continual to business
Data is processed, it is to avoid overstocks substantial amounts of be-encrypted data in application system, improves Information Security, can avoid simultaneously
Encrypted transaction data, the normal work of the other system that impact is associated with application system cannot be read for a long time, improve close
The reliability of code computing.
Brief description
In order to be illustrated more clearly that the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing
Have technology description in required use accompanying drawing be briefly described it should be apparent that, drawings in the following description be only this
Some embodiments of invention, for those of ordinary skill in the art, on the premise of not paying creative work, acceptable
Other accompanying drawings are obtained according to these accompanying drawings.
Fig. 1 is a kind of structural representation of data encrypting and deciphering system in the embodiment of the present invention;
Fig. 2 is a kind of implementing procedure figure of data encryption/decryption method in the embodiment of the present invention.
Specific embodiment
In order that those skilled in the art more fully understand the present invention program, with reference to the accompanying drawings and detailed description
The present invention is described in further detail.Obviously, described embodiment is only a part of embodiment of the present invention, rather than
Whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art are not making creative work premise
Lower obtained every other embodiment, broadly falls into the scope of protection of the invention.
Shown in Figure 1, a kind of structural representation of the data encrypting and deciphering system being provided by the embodiment of the present invention.This is
System include processor 110, first password card 120 and the second cipher card 130, described processor 110 respectively with described first password
Card 120 and described second cipher card 130 connect, and are stored with identical in described first password card 120 and described second cipher card 130
First user key, wherein,
Described processor 110, for when receiving the process request for business datum, processing request transmission by described
To described first password card 120;Determine whether to receive the corresponding with described business datum of described first password card 120 return
First processing data;If it is not, then described process request is sent to described second cipher card 130;Receive described second password
The second processing data corresponding with described business datum of card 130 return;Described process asks to be encryption processing request or deciphering
Process request;
Described first password card 120, for when receiving described process request, using described first user key handling
Described business datum, obtains and returns described first processing data;
Described second cipher card 130, for when receiving described process request, using described first user key handling
Described business datum, obtains and returns described second processing data.
It is close that the data encrypting and deciphering system that the embodiment of the present invention is provided comprises processor 110, first password card 120 and second
Code card 130.Processor 110 is connected with first password card 120 and the second cipher card 130 respectively, and first password card 120 and second is close
Code card 130 can standby card each other, be stored with first password card 120 and the second cipher card 130 identical first user key.
Processor 110 can comprise the api interface that several have difference in functionality, when processor 110 need with first password card 120 or
During the second cipher card 130 communication, communication can be realized by calling corresponding api interface.First password card 120 and the second password
Card 130 is specifically as follows pci-e (pci express, the EBI of a new generation) cipher card.
The data encrypting and deciphering system that the embodiment of the present invention is provided can be docked with application system.Application system includes number
According to server, data server is connected with processor 110.Data server can receive and come from other system or user is defeated
The business datum entering.For strengthening the safety of business datum, before business datum is preserved, first password can be passed through
Card 120 or the second cipher card 130 are encrypted to business datum, or, protect through encryption needing to read
During the business datum deposited, process is decrypted to business datum by first password card 120 or the second cipher card 130.
Processor 110 can receive come from the requesting parties such as data server or other users transmission for business number
According to process request, this process request can be encryption processing request, or decryption processing request.For business to be encrypted
Data, this process is asked as encryption processing request, and for encrypted transaction data to be read, this process is asked as decryption processing
Request.
Process request, when receiving the process request for business datum, can be sent to first close by processor 110
Code card 120.In actual applications, processor 110 can randomly choose a cipher card and respond this process request.Or, close
During code card initialization, set a labelling for each cipher card in advance, such as first password card 120 is labeled as main card, by second
Cipher card 130 is labeled as from card.So, when processor 110 is when receiving the process request for business datum, can will locate
Reason request is sent to the first password card 120 with main card labelling.
First password card 120 receive process request when, if first password card 120 is in normal operating conditions,
It can use this business datum of first user key handling, obtains and return the first processing data.If processing request for adding
Close request, then first password card 120 using first user key, this business datum is encrypted, the first processing data is
It is the business datum through encryption.If processing request is decoding request, first password card 120 uses first user close
Key is decrypted process to this business datum, and the first processing data is the business datum through decryption processing.
If first password card 120 currently breaks down, it will be unable to business datum is processed, for this industry
Business data, can not return any information to processor 110, or returns abnormal data, such as mess code etc..
Processor 110 by process request be sent to after first password card 120, can when reaching the time interval of setting,
Determine whether to receive first processing data corresponding with business datum of first password card 120 return.
If receiving the first processing data, the first processing data can be returned to requesting party.
If not receiving the first processing data, or have received abnormal data, then can determine first password card 120
Current having broken down is processed it is impossible to reuse first password card 120 to business datum.In this case, processor
110 can be sent to the second cipher card 130 by processing request.
In the first user key storing in cause the second cipher card 130 and first password card 120, the first user of storage is close
Key is identical.Second cipher card 130 receive process request when, you can using first user key to business datum at
Reason, obtains second processing data, and second processing data is returned to processor 110.
After processor 110 receives second processing data, second processing data can be returned to requesting party.Thus completing
Encryption to business datum or decryption processing.
The system that the application embodiment of the present invention is provided, carries out user key etc. in hardware view using Double-puzzle card important
Data hot standby, when one of cipher card breaks down, can directly using another cipher card, business datum be carried out
Encryption or decryption processing, can continuously continual be processed to business datum, it is to avoid overstock big in application system
The be-encrypted data of amount, improves Information Security, can avoid cannot reading for a long time encrypted transaction data simultaneously, impact
The normal work of the other system associating with application system, improves the reliability of crypto-operation.
It should be noted that the data encrypting and deciphering system that the embodiment of the present invention is provided can also include more passwords
Card, multiple cipher cards are mutually redundant, and ensure the encryption and decryption of business datum.
In one embodiment of the invention, first password card 120 is additionally operable to:
When receiving first key generation instruction, generate and preserve second user key, and will be close for described second user
Key is synchronized to described second cipher card 130.
In actual applications, for strengthening the safety of data, user key can be regularly updated.
First password card 120 receive the transmissions such as processor 110 or user first key generate instruction when, Ke Yisheng
Become and preserve second user key.Specifically, first password card 120 can generate according to default user key create-rule
Second user key.When first password card 120 receives new business datum to be encrypted, it is possible to use this second user is close
Key is encrypted to new business datum.
In the same manner, first user key can also generate by this way.
User key create-rule can preset, and is such as generated according to current date, or the pass specified according to user
Keyword generation etc., the embodiment of the present invention is without limitation.
After first password card 120 generates second user key, you can give the second cipher card by second user key synchronization
130, so that the user key in first password card 120 and the second cipher card 130 is consistent.Or, receiving processor
During 110 key synchronization instruction, second user key synchronization is given the second cipher card 130.
In one embodiment of the invention, first password card 120 can be realized by following steps second user is close
Key is synchronized to the process of the second cipher card 130:
Step one: first password card 120, after generating described second user key, generates according to default create-rule
Symmetric key.Such as generate symmetric key at random, this symmetric key is used for the second user key that encryption is currently generated, using
I.e. discardable afterwards.
Step 2: first password card 120 uses second user key described in described symmetric key encryption, obtains first key
Data.
Step 3: first password card 120 uses the symmetric key described in public key encryption of described second cipher card 130, obtains
Second key data.First password card 120 and the second cipher card 130 can generate unsymmetrical key respectively in initialization, and
The public key of unsymmetrical key is supplied to other side.The public key of the second cipher card 130 is the life in initialization of the second cipher card 130
Public key in the unsymmetrical key becoming.
Step 4: the ciphertext comprising described first key data and described second key data is sent out by first password card 120
Give described second cipher card 130.
Step 5: the second cipher card 130 receives described ciphertext.First key data and second close can be obtained in ciphertext
Key data.
Step 6: the second cipher card 130 uses the private key of oneself to decipher described second key data, obtains described symmetrically close
Key.Because the second key data is to be generated, the second password using the public key encryption symmetric key of the second cipher card 130
Card 130 can decipher the second key data using the private key of oneself, obtains described symmetric key.
Step 7: the second cipher card 130 uses first key data described in described symmetric key decryption, obtains and preserve institute
State second user key.
So, first password card 120 and the second cipher card 130 achieve the synchronizing process of second user key.
Carry out the synchronization of user key by this digital envelope mode, user key can be effectively ensured in transmitting procedure
In safety, reduce and be trapped the risk of modification in transmitting procedure.
Certainly, those skilled in the art can also realize first password card 120 and the second cipher card 130 by additive method
User key synchronization, such as directly transmit etc., the embodiment of the present invention is without limitation.
In one embodiment of the invention, processor 110 is additionally operable to not receive described first password card 120 in determination
During first processing data corresponding with described business datum returning, described first password card 120 is labeled as bad the card.
Processor 110 is not when determination receives the first processing data it may be determined that first password card 120 currently occurs
First password card 120 can be labeled as bad the card by fault.So, when processor 110 receives the process for business datum again
During request, directly can be sent to the second cipher card 130 by processing request, realize persistent service.
If first password card 120 initial markers are main card, the second cipher card 130 initial markers are from card, work as processor
When 110 determination first password cards 120 break down, the flag update of first password card 120 can be bad card, by the second password
The flag update of card 130 is main card.
In one embodiment of the invention, processor 110 is additionally operable to detect described first at set time intervals
Whether cipher card 120 is repaired and is completed;If it is, send the second key synchronization instruction to described second cipher card 130, so that institute
State the second cipher card 130 and its currently stored user key is synchronized to described first password card 120.
In embodiments of the present invention, processor 110 can detect first password card 120 whether at set time intervals
Reparation completes, and completes if first password card 120 is detected and repairing, can remove the bad card labelling of first password card 120, or
The flag update of first password card 120 is from card by person, is set to the standby card of the second cipher card 130.
Meanwhile, processor 110 can send the second key synchronization instruction to the second cipher card 130.Second cipher card 130
Instruct according to the second key synchronization, its currently stored user key can be synchronized to first password card 120.So, when second
When cipher card 130 breaks down, first password card 120 can be continuing with business datum is processed, realize continual
Encryption and decryption services.
Specific user key synchronous method may be referred to above first password card 120, and that user key is synchronized to second is close
The process of code card 130, will not be described here.
Corresponding to the system above embodiment, the embodiment of the present invention additionally provides a kind of data encryption/decryption method, the method
It is applied to processor, described processor is connected with first password card and the second cipher card respectively, described first password card and described
The identical that is stored with second cipher card first user key.
Shown in Figure 2, this data encryption/decryption method comprises the following steps:
S210: receive the process request for business datum, described process is asked at for encryption processing request or deciphering
Reason request.
Processor can receive come from the requesting parties such as data server or other users transmission for business datum
Process request, this process request can be encryption processing request, or decryption processing request.For business number to be encrypted
Ask as encryption processing request according to, this process, for encrypted transaction data to be read, this process is asked please for decryption processing
Ask.
S220: described process request is sent to described first password card, so that described first password is stuck in receives institute
When stating process request, using business datum described in described first user key handling, obtain and return the first processing data.
Processor, when receiving the process request for business datum, can be sent to first password by processing request
Card.In actual applications, processor can randomly choose a cipher card and respond this process request.Or, initial in cipher card
During change, set a labelling for each cipher card in advance, such as first password card is labeled as main card, the second cipher card is labeled as
From card.So, when processor is when receiving the process request for business datum, can be sent to processing request with master
The first password card of card labelling.
First password is stuck in when receiving process request, if first password card is in normal operating conditions, it is permissible
Using this business datum of first user key handling, obtain and return the first processing data.If processing request is CIPHERING REQUEST,
Then first password card is encrypted to this business datum using first user key, and the first processing data is through encryption
The business datum processing.If processing request is decoding request, first password card uses first user key to this business number
According to being decrypted process, the first processing data is the business datum through decryption processing.
If first password card currently breaks down, it will be unable to business datum is processed, for this business
Data, can not return any information to processor, or returns abnormal data, such as mess code etc..
S230: determine whether to receive described first processing data.
Processor is sent to after first password card by processing request, can be when reaching the time interval of setting, and determination is
No first processing data corresponding with business datum receiving the return of first password card.
If receiving the first processing data, the first processing data can be returned to requesting party.
If not receiving the first processing data, or have received abnormal data, then can determine that first password card is worked as
Front having broken down is processed it is impossible to reuse first password card to business datum.In such a case, it is possible to execution step
The operation of s240.
S240: described process request is sent to described second cipher card, so that described second cipher card is receiving
When stating process request, using business datum described in described first user key handling, obtain and return described second processing data.
Processor, when determination does not receive the first processing data, can be sent to the second cipher card by processing request.Cause
In second cipher card, the first user key of storage is identical with the first user key of storage in first password card.Second cipher card
When receiving process request, you can using first user key, business datum is processed, obtain second processing data, and
Second processing data is returned to processor.
S250: receive described second processing data.
After processor receives second processing data, second processing data can be returned to requesting party.Thus completing
Encryption to business datum or decryption processing.
The method that the application embodiment of the present invention is provided, carries out user key etc. in hardware view using Double-puzzle card important
Data hot standby, when one of cipher card breaks down, can directly using another cipher card, business datum be carried out
Encryption or decryption processing, can continuously continual be processed to business datum, it is to avoid overstock big in application system
The be-encrypted data of amount, improves Information Security, can avoid cannot reading for a long time encrypted transaction data simultaneously, impact
The normal work of the other system associating with application system, improves the reliability of crypto-operation.
In one embodiment of the invention, also include:
Send first key to described first password card and generate instruction, so that described first password is stuck in receives described the
When one key generates instruction, generate and preserve second user key, and described second user key synchronization is close to described second
Code card.
Processor is reaching default trigger condition, or when receiving user instruction, can send to first password card
First key generates instruction.
When first password is stuck in the first key generation instruction receiving processor transmission, can generate and preserve the second use
Family key.Specifically, first password card can generate second user key according to default user key create-rule.When
When one cipher card receives new business datum to be encrypted, it is possible to use this second user key is carried out to new business datum
Encryption.
In the same manner, first user key can also generate by this way.
User key create-rule can preset, and is such as generated according to current date, or the pass specified according to user
Keyword generation etc., the embodiment of the present invention is without limitation.
After first password card generates second user key, you can give the second cipher card by second user key synchronization, so that
User key in first password card and the second cipher card is consistent.Or, instruct in the key synchronization receiving processor
When, second user key synchronization is given the second cipher card.
In one embodiment of the invention, also include:
Send first key synchronic command to described first password card, so that described first password is stuck in generation described second
After user key, symmetric key is generated according to default create-rule;Using second user described in described symmetric key encryption
Key, obtains first key data;Using the symmetric key described in public key encryption of described second cipher card, obtain the second cipher key number
According to;The ciphertext comprising described first key data and described second key data is sent to described second cipher card;So that institute
Stating the second cipher card uses the private key of oneself to decipher described second key data, obtains described symmetric key;Using described symmetrical
First key data described in secret key decryption, obtains and preserves described second user key.
Carry out the synchronization of user key by this digital envelope mode, user key can be effectively ensured in transmitting procedure
In safety, reduce and be trapped the risk of modification in transmitting procedure.
In one embodiment of the invention, also include:
When determination does not receive described first processing data, described first password card is labeled as bad the card.
Processor determine do not receive the first processing data when it may be determined that first password card currently breaks down,
First password card can be labeled as bad the card.So, when the process that processor receives for business datum again is asked, permissible
Directly it is sent to the second cipher card by processing request, realize persistent service.
If first password card initial markers are main card, the second cipher card initial markers are from card, when processor determines the
When one cipher card breaks down, the flag update of first password card can be bad card, the flag update by the second cipher card is
Main card.
In one embodiment of the invention, also include:
First step: detect whether described first password card is repaired at set time intervals and complete, if it is,
Execution second step;
Second step: send the second key synchronization instruction to described second cipher card, so that described second cipher card will
Its currently stored user key is synchronized to described first password card.
In embodiments of the present invention, processor can detect whether first password card has been repaired at set time intervals
Becoming, if first password card reparation is detected completed, the bad card labelling of first password card can be removed, or by first password
The flag update of card is from card, is set to the standby card of the second cipher card.
Meanwhile, processor can send the second key synchronization instruction to the second cipher card.Second cipher card is close according to second
Its currently stored user key can be synchronized to first password card by key synchronic command.So, when event in the second cipher card
During barrier, first password card can be continuing with business datum is processed, realize continual encryption and decryption service.
Specific user key synchronous method may be referred to above first password card and user key be synchronized to the second password
The process of card, will not be described here.
In this specification, each embodiment is described by the way of going forward one by one, and what each embodiment stressed is and other
The difference of embodiment, between each embodiment same or similar partly mutually referring to.For side disclosed in embodiment
For method, because it is corresponding with system disclosed in embodiment, so description is fairly simple, referring to components of system as directed in place of correlation
Illustrate.
Professional further appreciates that, in conjunction with the unit of each example of the embodiments described herein description
And algorithm steps, can with electronic hardware, computer software or the two be implemented in combination in, in order to clearly demonstrate hardware and
The interchangeability of software, generally describes composition and the step of each example in the above description according to function.These
Function to be executed with hardware or software mode actually, the application-specific depending on technical scheme and design constraint.Specialty
Technical staff can use different methods to each specific application realize described function, but this realization should
Think beyond the scope of this invention.
The step of the method in conjunction with the embodiments described herein description or algorithm can directly be held with hardware, processor
The software module of row, or the combination of the two is implementing.Software module can be placed in random access memory (ram), internal memory, read-only deposit
Reservoir (rom), electrically programmable rom, electrically erasable rom, depositor, hard disk, moveable magnetic disc, cd-rom or technology
In known any other form of storage medium in field.
Specific case used herein is set forth to the principle of the present invention and embodiment, the saying of above example
Bright it is only intended to help and understands technical scheme and its core concept.It should be pointed out that it is common for the art
For technical staff, under the premise without departing from the principles of the invention, the present invention can also be carried out with some improvement and modify, these
Improve and modify and also fall in the protection domain of the claims in the present invention.
Claims (10)
1. a kind of data encrypting and deciphering system is it is characterised in that include: processor, first password card and the second cipher card, described place
Reason device is connected with described first password card and described second cipher card, in described first password card and described second cipher card respectively
The identical that is stored with first user key, wherein,
Described processor, for when receiving the process request for business datum, described process request being sent to described
First password card;Determine whether to receive the first process number corresponding with described business datum that described first password card returns
According to;If it is not, then described process request is sent to described second cipher card;Receive described second cipher card return with described
Business datum corresponding second processing data;Described process is asked as encryption processing request or decryption processing request;
Described first password card, for when receiving described process request, using industry described in described first user key handling
Business data, obtains and returns described first processing data;
Described second cipher card, for when receiving described process request, using industry described in described first user key handling
Business data, obtains and returns described second processing data.
2. data encrypting and deciphering system according to claim 1 it is characterised in that
Described first password card, is additionally operable to, when receiving first key generation instruction, generate and preserve second user key, and
Described second user key synchronization is given described second cipher card.
3. data encrypting and deciphering system according to claim 2 it is characterised in that
Described first password card, specifically for, after generating described second user key, generating according to default create-rule
Symmetric key;Using second user key described in described symmetric key encryption, obtain first key data;Close using described second
The symmetric key described in public key encryption of code card, obtains the second key data;Described first key data and described second will be comprised
The ciphertext of key data is sent to described second cipher card;
Described second cipher card, is additionally operable to receive described ciphertext;Decipher described second key data using the private key of oneself, obtain
Described symmetric key;Using first key data described in described symmetric key decryption, obtain and preserve described second user key.
4. the data encrypting and deciphering system according to any one of claims 1 to 3 it is characterised in that
Described processor, is additionally operable to determining do not receive that described first password card returns corresponding with described business datum the
During one processing data, described first password card is labeled as bad the card.
5. data encrypting and deciphering system according to claim 4 it is characterised in that
Described processor, is additionally operable to detect whether described first password card is repaired at set time intervals and completes;If it is,
Then send the second key synchronization instruction to described second cipher card, so that described second cipher card will be close for its currently stored user
Key is synchronized to described first password card.
6. a kind of data encryption/decryption method is it is characterised in that be applied to processor, described processor respectively with first password card and
Second cipher card connects, and be stored with described first password card and described second cipher card identical first user key, described
Data encryption/decryption method includes:
Receive the process request for business datum, described process is asked as encryption processing request or decryption processing request;
Described process request is sent to described first password card, so that described first password is stuck in receives described process request
When, using business datum described in described first user key handling, obtain and return the first processing data;
Determine whether to receive described first processing data;
If it is not, then described process request is sent to described second cipher card, so that described second cipher card is receiving
When stating process request, using business datum described in described first user key handling, obtain and return described second processing data;
Receive described second processing data.
7. data encryption/decryption method according to claim 6 is it is characterised in that also include:
Send first key to described first password card and generate instruction, to receive described first close so that described first password is stuck in
When key generates instruction, generate and preserve second user key, and described second user key synchronization is given described second cipher card.
8. data encryption/decryption method according to claim 7 is it is characterised in that also include:
Send first key synchronic command to described first password card, so that described first password is stuck in the described second user of generation
After key, symmetric key is generated according to default create-rule;Using second user key described in described symmetric key encryption,
Obtain first key data;Using the symmetric key described in public key encryption of described second cipher card, obtain the second key data;Will
Comprise described first key data and the ciphertext of described second key data is sent to described second cipher card;So that described second
Cipher card uses the private key of oneself to decipher described second key data, obtains described symmetric key;Using described symmetric key solution
Close described first key data, obtains and preserves described second user key.
9. the data encryption/decryption method according to any one of claim 6 to 8 is it is characterised in that also include:
When determination does not receive described first processing data, described first password card is labeled as bad the card.
10. data encryption/decryption method according to claim 9 is it is characterised in that also include:
Detect whether described first password card is repaired at set time intervals to complete;
If it is, sending the second key synchronization instruction to described second cipher card, so that described second cipher card is current by it
The user key of storage is synchronized to described first password card.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610887412.0A CN106341226B (en) | 2016-10-11 | 2016-10-11 | A kind of data encryption/decryption method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610887412.0A CN106341226B (en) | 2016-10-11 | 2016-10-11 | A kind of data encryption/decryption method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106341226A true CN106341226A (en) | 2017-01-18 |
| CN106341226B CN106341226B (en) | 2018-12-18 |
Family
ID=57839809
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610887412.0A Active CN106341226B (en) | 2016-10-11 | 2016-10-11 | A kind of data encryption/decryption method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106341226B (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2020034118A1 (en) * | 2018-08-15 | 2020-02-20 | 华为技术有限公司 | Secure data transfer apparatus, system and method |
| CN113515387A (en) * | 2021-09-13 | 2021-10-19 | 渔翁信息技术股份有限公司 | Data processing method and device and electronic device |
| CN117077123A (en) * | 2023-08-18 | 2023-11-17 | 长春吉大正元信息技术股份有限公司 | Service processing method and device for multiple password cards and electronic equipment |
| CN117834137A (en) * | 2024-03-04 | 2024-04-05 | 深圳市纽创信安科技开发有限公司 | Password card switching method, device, computer equipment and storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1365214A (en) * | 2001-01-09 | 2002-08-21 | 深圳市中兴集成电路设计有限责任公司 | Cipher key managing method based on public cipher key system |
| US20080192940A1 (en) * | 2005-03-15 | 2008-08-14 | Beijing Lenovo Software Ltd. | Method for Backing Up and Restoring an Encryption Key |
| CN102932140A (en) * | 2012-11-20 | 2013-02-13 | 成都卫士通信息产业股份有限公司 | Key backup method for enhancing safety of cipher machine |
-
2016
- 2016-10-11 CN CN201610887412.0A patent/CN106341226B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1365214A (en) * | 2001-01-09 | 2002-08-21 | 深圳市中兴集成电路设计有限责任公司 | Cipher key managing method based on public cipher key system |
| US20080192940A1 (en) * | 2005-03-15 | 2008-08-14 | Beijing Lenovo Software Ltd. | Method for Backing Up and Restoring an Encryption Key |
| CN102932140A (en) * | 2012-11-20 | 2013-02-13 | 成都卫士通信息产业股份有限公司 | Key backup method for enhancing safety of cipher machine |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2020034118A1 (en) * | 2018-08-15 | 2020-02-20 | 华为技术有限公司 | Secure data transfer apparatus, system and method |
| US11888827B2 (en) | 2018-08-15 | 2024-01-30 | Huawei Technologies Co., Ltd. | Secure data transfer apparatus, system, and method |
| CN113515387A (en) * | 2021-09-13 | 2021-10-19 | 渔翁信息技术股份有限公司 | Data processing method and device and electronic device |
| CN117077123A (en) * | 2023-08-18 | 2023-11-17 | 长春吉大正元信息技术股份有限公司 | Service processing method and device for multiple password cards and electronic equipment |
| CN117834137A (en) * | 2024-03-04 | 2024-04-05 | 深圳市纽创信安科技开发有限公司 | Password card switching method, device, computer equipment and storage medium |
| CN117834137B (en) * | 2024-03-04 | 2024-05-14 | 深圳市纽创信安科技开发有限公司 | Password card switching method, device, computer equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106341226B (en) | 2018-12-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112988764B (en) | Data storage method, device, equipment and storage medium | |
| EP3598714A1 (en) | Method, device, and system for encrypting secret key | |
| CN113190584B (en) | Concealed trace query method based on oblivious transmission protocol | |
| US11831753B2 (en) | Secure distributed key management system | |
| CN104995621A (en) | Server device, private search program, recording medium, and private search system | |
| CN106341226A (en) | Data encryption and decryption method and system | |
| US20200358613A1 (en) | Improvements in and relating to remote authentication devices | |
| CN111104691A (en) | Sensitive information processing method and device, storage medium and equipment | |
| US20130262876A1 (en) | Method, Apparatus, and System for Performing Authentication on Bound Data Card and Mobile Host | |
| CN103973715B (en) | Cloud computing security system and method | |
| CN110175475B (en) | Smart card data processing method and device and computer readable storage medium | |
| CN112688972B (en) | Method and system for protecting account security | |
| CN106778292B (en) | A kind of quick restoring method of Word encrypted document | |
| US20170091483A1 (en) | Method and Device for Protecting Address Book, and Communication System | |
| CN115473722A (en) | Data encryption method and device, electronic equipment and storage medium | |
| CN115982761A (en) | Sensitive information processing method and device, electronic equipment and storage medium | |
| CN108092764A (en) | A kind of cipher management method, equipment and the device with store function | |
| CN105183402A (en) | Data storage method | |
| CN105224262A (en) | Data processing method | |
| CN115129518B (en) | Backup and recovery method, device, equipment and medium for TEE (trusted execution environment) internal storage data | |
| JP2007020065A (en) | Decryption backup method, decryption restoration method, attestation device, individual key setting machine, user terminal, backup equipment, encryption backup program, decryption restoration program | |
| CN110110533B (en) | Method, system and medium for batch encryption and unloading of electronic files with automatic identity identification | |
| CN105407091A (en) | Data processing method | |
| CN117499159B (en) | Block chain-based data transaction method and device and electronic equipment | |
| CN105426783A (en) | Multi-backup data storage method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: A data encryption and decryption method and system Effective date of registration: 20210823 Granted publication date: 20181218 Pledgee: Bank of China Limited Weihai Branch Pledgor: SHANDONG FISHERMAN INFORMATION TECHNOLOGY Co.,Ltd. Registration number: Y2021980008117 |
|
| CP03 | Change of name, title or address |
Address after: 264200 No. 12-1, Chuhe North Road, chucun Town, gaoqu District, Weihai City, Shandong Province Patentee after: Yuweng Information Technology Co.,Ltd. Address before: No.12, Chuhe North Road, gaoqu District, Weihai City, Shandong Province Patentee before: SHANDONG FISHERMAN INFORMATION TECHNOLOGY Co.,Ltd. |
|
| CP03 | Change of name, title or address | ||
| PC01 | Cancellation of the registration of the contract for pledge of patent right |
Date of cancellation: 20221227 Granted publication date: 20181218 Pledgee: Bank of China Limited Weihai Branch Pledgor: SHANDONG FISHERMAN INFORMATION TECHNOLOGY CO.,LTD. Registration number: Y2021980008117 |
|
| PC01 | Cancellation of the registration of the contract for pledge of patent right | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: A Data Encryption and Decryption Method and System Effective date of registration: 20221227 Granted publication date: 20181218 Pledgee: Bank of China Limited Weihai Branch Pledgor: Yuweng Information Technology Co.,Ltd. Registration number: Y2022980029248 |
|
| PE01 | Entry into force of the registration of the contract for pledge of patent right |