CN106341226B - A kind of data encryption/decryption method and system - Google Patents
A kind of data encryption/decryption method and system Download PDFInfo
- Publication number
- CN106341226B CN106341226B CN201610887412.0A CN201610887412A CN106341226B CN 106341226 B CN106341226 B CN 106341226B CN 201610887412 A CN201610887412 A CN 201610887412A CN 106341226 B CN106341226 B CN 106341226B
- Authority
- CN
- China
- Prior art keywords
- card
- key
- data
- password
- cipher
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 29
- 238000012545 processing Methods 0.000 claims abstract description 160
- 230000001360 synchronised effect Effects 0.000 claims description 14
- 230000008439 repair process Effects 0.000 claims description 7
- 230000005540 biological transmission Effects 0.000 description 6
- 230000002159 abnormal effect Effects 0.000 description 4
- 230000006870 function Effects 0.000 description 4
- 230000004048 modification Effects 0.000 description 4
- 238000012986 modification Methods 0.000 description 4
- 230000008569 process Effects 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 3
- 241001269238 Data Species 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000002708 enhancing effect Effects 0.000 description 2
- 230000006872 improvement Effects 0.000 description 2
- 230000002085 persistent effect Effects 0.000 description 2
- 230000004888 barrier function Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 235000013399 edible fruits Nutrition 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
Abstract
The invention discloses a kind of data encryption/decryption method and systems.The system includes: processor, first password card and the second cipher card, identical first user key is stored in first password card and the second cipher card, processor is when receiving the processing request for business datum, processing request is sent to first password card, so that first password is stuck in when receiving processing request, using the first user key processing business data, obtains and return to the first processing data;Processor determines whether to receive the first processing data, if it is not, then processing request is sent to the second cipher card, so that the second cipher card, using the first user key processing business data, obtains when receiving processing request and returns to second processing data;Processor receives second processing data.Using technical solution provided by the embodiment of the present invention, may be implemented it is continuous it is continual business datum is handled, improve the reliability of crypto-operation.
Description
Technical field
The present invention relates to computer information safety technique fields, more particularly to a kind of data encryption/decryption method and system.
Background technique
With the fast development of information technology, information security is receive more and more attention.For the safety for enhancing data
Property, the data saved in application system are mostly by encryption, when needing to read data, at corresponding decryption
Reason.
In the prior art, application system is mostly to carry out encryption and decryption processing to data using monolithic cipher card, in cipher card
The significant datas such as user key backed up outside application system.
This method has some disadvantages, once password card software or hardware go wrong, technical staff is to password
When card is replaced or repaired, application system will be unable to carry out encryption and decryption processing to data, it will application system is caused to overstock
A large amount of be-encrypted data, there are security risks, alternatively, mass data is caused not read normally, influence to close with application system
The normal work of the other systems of connection.
Summary of the invention
The object of the present invention is to provide a kind of data encryption/decryption method and systems, to improve Information Security, avoid influencing
With the normal work of the associated other systems of application system, the reliability of crypto-operation is improved.
A kind of data encrypting and deciphering system, comprising: processor, first password card and the second cipher card, the processor difference
It is connect with the first password card and second cipher card, is stored with phase in the first password card and second cipher card
The first same user key, wherein
The processor, for when receiving the processing request for business datum, processing request to be sent to
The first password card;Determine whether to receive the first processing corresponding with the business datum that the first password card returns
Data;If it is not, then processing request is sent to second cipher card;Receive that second cipher card returns with institute
State the corresponding second processing data of business datum;The processing request is that encryption processing request or decryption processing are requested;
The first password card, for handling institute using first user key when receiving processing request
Business datum is stated, obtain and returns to the first processing data;
Second cipher card, for handling institute using first user key when receiving processing request
Business datum is stated, obtain and returns to the second processing data.
In a kind of specific embodiment of the invention,
The first password card is also used to generate when receiving first key and generating instruction and to save second user close
Key, and give the second user key synchronization to second cipher card.
In a kind of specific embodiment of the invention,
The first password card is specifically used for after generating the second user key, according to preset create-rule
Generate symmetric key;Using second user key described in the symmetric key encryption, first key data are obtained;Use described
Symmetric key described in the public key encryption of two cipher cards obtains the second key data;It will be comprising first key data and described
The ciphertext of second key data is sent to second cipher card;
Second cipher card, is also used to receive the ciphertext;Second key data is decrypted using the private key of oneself,
Obtain the symmetric key;Using first key data described in the symmetric key decryption, obtains and save the second user
Key.
In a kind of specific embodiment of the invention,
The processor is also used to not receive the corresponding with the business datum of the first password card return determining
The first processing data when, by the first password card labeled as bad card.
In a kind of specific embodiment of the invention,
The processor, is also used to detect whether the first password card repairs completion at set time intervals;Such as
Fruit is then the instruction of the second key synchronization to be sent to second cipher card, so that second cipher card is currently stored by its
User key is synchronized to the first password card.
A kind of data encryption/decryption method, be applied to processor, the processor respectively with first password card and the second password
Card connects, and is stored with identical first user key in the first password card and second cipher card, the data add solution
Decryption method includes:
The processing received for business datum is requested, and the processing request is that encryption processing request or decryption processing are asked
It asks;
Processing request is sent to the first password card, so that the first password, which is stuck in, receives the processing
When request, the business datum is handled using first user key, obtains and returns to the first processing data;
Determine whether to receive the first processing data;
If it is not, then processing request is sent to second cipher card, so that second cipher card is receiving
To when processing request, the business datum is handled using first user key, obtains and returns to the second processing
Data;
Receive the second processing data.
In a kind of specific embodiment of the invention, further includes:
First key is sent to the first password card and generates instruction, so that the first password, which is stuck in, receives described the
When one key generates instruction, second user key is generated and saves, and the second user key synchronization is close to described second
Code card.
In a kind of specific embodiment of the invention, further includes:
First key synchronic command is sent to the first password card, so that the first password is stuck in generation described second
After user key, symmetric key is generated according to preset create-rule;Use second user described in the symmetric key encryption
Key obtains first key data;Symmetric key described in public key encryption using second cipher card obtains the second cipher key number
According to;Ciphertext comprising the first key data and second key data is sent to second cipher card;So that institute
It states the second cipher card and decrypts second key data using the private key of oneself, obtain the symmetric key;Using described symmetrical
Key decrypts the first key data, obtains and saves the second user key.
In a kind of specific embodiment of the invention, further includes:
When determining that not receiving described first handles data, by the first password card labeled as bad card.
In a kind of specific embodiment of the invention, further includes:
Detect whether the first password card repairs completion at set time intervals;
If it is, to second cipher card send the second key synchronization instruction so that second cipher card by its
Currently stored user key is synchronized to the first password card.
Using technical solution provided by the embodiment of the present invention, using system provided by the embodiment of the present invention, in hardware
Level carries out the hot standby of the significant datas such as user key using Double-puzzle card, can be with when one of cipher card breaks down
Directly business datum is encrypted using another cipher card or decryption processing, it can be continuous continual to business
Data are handled, and avoid overstocking a large amount of be-encrypted data in application system, improve Information Security, while can be to avoid
Encrypted transaction data can not be read for a long time, influenced the normal work with the associated other systems of application system, improved close
The reliability of code operation.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below
There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this
Some embodiments of invention for those of ordinary skill in the art without creative efforts, can be with
It obtains other drawings based on these drawings.
Fig. 1 is a kind of structural schematic diagram of data encrypting and deciphering system in the embodiment of the present invention;
Fig. 2 is a kind of implementation flow chart of data encryption/decryption method in the embodiment of the present invention.
Specific embodiment
In order to enable those skilled in the art to better understand the solution of the present invention, with reference to the accompanying drawings and detailed description
The present invention is described in further detail.Obviously, described embodiments are only a part of the embodiments of the present invention, rather than
Whole embodiments.Based on the embodiments of the present invention, those of ordinary skill in the art are not making creative work premise
Under every other embodiment obtained, shall fall within the protection scope of the present invention.
It is shown in Figure 1, it is a kind of structural schematic diagram of data encrypting and deciphering system provided by the embodiment of the present invention.This is
System include processor 110, first password card 120 and the second cipher card 130, the processor 110 respectively with the first password
Card 120 and second cipher card 130 connect, and are stored in the first password card 120 and second cipher card 130 identical
The first user key, wherein
The processor 110, for when receiving the processing request for business datum, the processing being requested to send
To the first password card 120;Determine whether to receive the corresponding with the business datum of the return of first password card 120
First processing data;If it is not, then processing request is sent to second cipher card 130;Receive second password
The second processing data corresponding with the business datum that card 130 returns;The processing request is encryption processing request or decryption
Processing request;
The first password card 120, for being handled using first user key when receiving processing request
The business datum obtains and returns to the first processing data;
Second cipher card 130, for being handled using first user key when receiving processing request
The business datum obtains and returns to the second processing data.
Data encrypting and deciphering system provided by the embodiment of the present invention is close comprising processor 110, first password card 120 and second
Code card 130.Processor 110 is connect with first password card 120 and the second cipher card 130 respectively, and first password card 120 and second is close
Code card 130 can be stored with identical first user key in first password card 120 and the second cipher card 130 with mutual backup card.
Processor 110 may include several api interfaces with different function, when processor 110 need with first password card 120 or
It, can be by calling corresponding api interface to realize communication when second cipher card 130 communicates.First password card 120 and the second password
Card 130 is specifically as follows PCI-E (PCI Express, bus interface of new generation) cipher card.
Data encrypting and deciphering system provided by the embodiment of the present invention can be docked with application system.It include number in application system
According to server, data server is connect with processor 110.Data server can receive defeated from other systems or user
The business datum entered.First password can be passed through before saving to business datum to enhance the safety of business datum
Business datum is encrypted in card 120 or the second cipher card 130, alternatively, having protected needing to read by encryption
When the business datum deposited, business datum is decrypted by first password card 120 or the second cipher card 130.
Processor 110, which can receive, is directed to business number from what the requesting parties such as data server or other users sent
According to processing request, the processing request can be encryption processing request or decryption processing request.For business to be encrypted
Data, processing request are encryption processing request, and for encrypted transaction data to be read, processing request is decryption processing
Request.
It is close can be sent to first when receiving the processing request for business datum by processor 110 for processing request
Code card 120.In practical applications, processor 110 can be randomly selected a cipher card and respond processing request.Alternatively, close
When code card initialization, a label is set for each cipher card in advance, first password card 120 is such as labeled as main card, by second
Cipher card 130 is labeled as from card.In this way, can will locate when processor 110 is when receiving the processing request for business datum
Reason request is sent to the first password card 120 with main card label.
First password card 120 is when receiving processing request, if first password card 120 is in normal operating conditions,
It can be used the first user key and handles the business datum, obtains and returns to the first processing data.If processing request is to add
Close request, then first password card 120 is encrypted the business datum using the first user key, and the first processing data are
For the business datum Jing Guo encryption.If processing request is decoding request, first password card 120 is close using the first user
The business datum is decrypted in key, and the first processing data are to pass through the business datum of decryption processing.
If first password card 120 has currently broken down, it will be unable to handle business datum, for the industry
Business data can not return to any information to processor 110, or return to abnormal data, such as messy code.
Processor 110 will processing request be sent to first password card 120 after, can in the time interval for reaching setting,
Determine whether that receiving corresponding with business datum the first of the return of first password card 120 handles data.
If receiving the first processing data, the first processing data can be returned into requesting party.
If not receiving the first processing data, or abnormal data is had received, then can determine first password card 120
It has currently broken down, first password card 120 cannot have been reused, business datum is handled.In this case, processor
Processing request can be sent to the second cipher card 130 by 110.
The first user stored in the first user key and first password card 120 stored in the second cipher card 130 of cause is close
Key is identical.Second cipher card 130 receive processing request when, that is, can be used the first user key to business datum at
Reason obtains second processing data, and second processing data is returned to processor 110.
After processor 110 receives second processing data, second processing data can be returned into requesting party.To complete
Encryption or decryption processing to business datum.
It is important using Double-puzzle card progress user key etc. in hardware view using system provided by the embodiment of the present invention
Data it is hot standby, when one of cipher card break down when, can directly using another cipher card to business datum carry out
Encryption or decryption processing continuously continual can be handled business datum, avoid overstocking in application system big
The be-encrypted data of amount improves Information Security, while can not read encrypted transaction data to avoid long-time, influences
With the normal work of the associated other systems of application system, the reliability of crypto-operation is improved.
It should be noted that data encrypting and deciphering system provided by the embodiment of the present invention can also include more passwords
Card, multiple cipher cards are mutually redundant, and ensure the encryption and decryption of business datum.
In one embodiment of the invention, first password card 120 is also used to:
When receiving first key generation instruction, second user key is generated and saves, and the second user is close
Key is synchronized to second cipher card 130.
In practical applications, it is the safety for enhancing data, user key can be regularly updated.
First password card 120 is when the first key for receiving the transmissions such as processor 110 or user generates instruction, Ke Yisheng
At and save second user key.Specifically, first password card 120 can be generated according to preset user key create-rule
Second user key.When first password card 120 receives new business datum to be encrypted, it is close that the second user can be used
New business datum is encrypted in key.
Similarly, the first user key can also generate by this way.
User key create-rule can be preset, and such as be generated according to current date, or the pass specified according to user
Keyword generation etc., the embodiment of the present invention is without limitation.
After first password card 120 generates second user key, second user key synchronization can be given to the second cipher card
130, so that the user key in first password card 120 and the second cipher card 130 is consistent.Alternatively, receiving processor
When 110 key synchronization instruction, second user key synchronization is given to the second cipher card 130.
In one embodiment of the invention, it can realize that first password card 120 is close by second user by following steps
Key is synchronized to the process of the second cipher card 130:
Step 1: first password card 120 generates after generating the second user key according to preset create-rule
Symmetric key.For example random generation symmetric key, the symmetric key were used for encrypting the second user key being currently generated
It is i.e. discardable afterwards.
Step 2: first password card 120 obtains first key using second user key described in the symmetric key encryption
Data.
Step 3: symmetric key described in public key encryption of the first password card 120 using second cipher card 130 obtains
Second key data.First password card 120 and the second cipher card 130 can generate unsymmetrical key in initialization respectively, and
The public key of unsymmetrical key is supplied to other side.The public key of second cipher card 130 is that the second cipher card 130 is raw in initialization
At unsymmetrical key in public key.
Step 4: first password card 120 will include the first key data and the ciphertext of second key data hair
Give second cipher card 130.
Step 5: the second cipher card 130 receives the ciphertext.First key data and second close can be obtained in ciphertext
Key data.
Step 6: the second cipher card 130 decrypts second key data using the private key of oneself, obtains described symmetrical close
Key.Because the second key data is generated, the second password using the public key encryption symmetric key of the second cipher card 130
Card 130 can decrypt the second key data using the private key of oneself, obtain the symmetric key.
Step 7: the second cipher card 130 is obtained using first key data described in the symmetric key decryption and is saved institute
State second user key.
In this way, first password card 120 and the second cipher card 130 realize the synchronizing process of second user key.
User key can be effectively ensured in transmission process in the synchronization that user key is carried out by this digital envelope mode
In safety, reduce and be trapped the risk of modification in transmission process.
Certainly, those skilled in the art can also realize first password card 120 and the second cipher card 130 by other methods
User key synchronization, such as directly transmit, the embodiment of the present invention is without limitation.
In one embodiment of the invention, processor 110 is also used to not receive the first password card 120 in determination
When the first processing data corresponding with the business datum returned, by the first password card 120 labeled as bad card.
Processor 110 can determine that first password card 120 has currently occurred when determination does not receive the first processing data
Failure, can be by first password card 120 labeled as bad card.In this way, when processor 110 receives the processing for business datum again
When request, processing request directly can be sent to the second cipher card 130, realize persistent service.
If 120 initial markers of first password card are main card, 130 initial markers of the second cipher card are to work as processor from card
It can be bad card by the flag update of first password card 120, by the second password when 110 determining first password cards 120 break down
The flag update of card 130 is main card.
In one embodiment of the invention, processor 110 is also used to detect described first at set time intervals
Whether cipher card 120 repairs completion;If it is, the instruction of the second key synchronization is sent to second cipher card 130, so that institute
It states the second cipher card 130 and its currently stored user key is synchronized to the first password card 120.
In embodiments of the present invention, whether processor 110 can detect at set time intervals first password card 120
It repairs and completes, completed if detecting that first password card 120 is repaired, the bad card label of first password card 120 can be removed, or
The flag update of first password card 120 is to be set to the standby card of the second cipher card 130 from card by person.
Meanwhile processor 110 can send the instruction of the second key synchronization to the second cipher card 130.Second cipher card 130
It is instructed according to the second key synchronization, its currently stored user key can be synchronized to first password card 120.In this way, when second
When cipher card 130 breaks down, first password card 120 can be continued to use, business datum is handled, realized continual
Encryption and decryption service.
It is close that user key can be synchronized to second with reference to the above first password card 120 by specific user key synchronous method
The process of code card 130, details are not described herein.
Corresponding to the system above embodiment, the embodiment of the invention also provides a kind of data encryption/decryption method, this method
Applied to processor, the processor is connect with first password card and the second cipher card respectively, the first password card and described
Identical first user key is stored in second cipher card.
It is shown in Figure 2, the data encryption/decryption method the following steps are included:
S210: the processing received for business datum is requested, and the processing request is at encryption processing request or decryption
Reason request.
Processor, which can receive, is directed to business datum from what the requesting parties such as data server or other users sent
Processing request, the processing request can be encryption processing request or decryption processing request.For business number to be encrypted
According to processing request is encryption processing request, and for encrypted transaction data to be read, processing request is asked for decryption processing
It asks.
S220: processing request is sent to the first password card, so that the first password, which is stuck in, receives institute
When stating processing request, the business datum is handled using first user key, obtains and returns to the first processing data.
Processing request can be sent to first password when receiving the processing request for business datum by processor
Card.In practical applications, processor can be randomly selected a cipher card and respond processing request.Alternatively, initial in cipher card
When change, a label is set for each cipher card in advance, first password card is such as labeled as main card, the second cipher card is labeled as
From card.In this way, can be sent to processing request has master when processor is when receiving the processing request for business datum
Block the first password card of label.
First password is stuck in when receiving processing request, can be with if first password card is in normal operating conditions
The business datum is handled using the first user key, obtain and returns to the first processing data.If processing request is CIPHERING REQUEST,
Then first password card is encrypted the business datum using the first user key, and the first processing data are by encryption
The business datum of processing.If processing request is decoding request, first password card is using the first user key to the business number
According to being decrypted, the first processing data are to pass through the business datum of decryption processing.
If first password card has currently broken down, it will be unable to handle business datum, for the business
Data can not return to any information to processor, or return to abnormal data, such as messy code.
S230: determine whether to receive the first processing data.
, can be in the time interval for reaching setting after processing request is sent to first password card by processor, determination is
No the first processing data corresponding with business datum for receiving the return of first password card.
If receiving the first processing data, the first processing data can be returned into requesting party.
If not receiving the first processing data, or abnormal data is had received, then can determine that first password card is worked as
It is preceding to have broken down, first password card cannot be reused, business datum is handled.In such a case, it is possible to execute step
The operation of S240.
S240: processing request is sent to second cipher card, so that second cipher card is receiving
When stating processing request, the business datum is handled using first user key, obtains and returns to the second processing data.
Processing request can be sent to the second cipher card when determination does not receive the first processing data by processor.Cause
The first user key stored in second cipher card and the first user key stored in first password card are identical.Second cipher card
When receiving processing request, that is, the first user key can be used to handle business datum, obtains second processing data, and
Second processing data are returned into processor.
S250: the second processing data are received.
After processor receives second processing data, second processing data can be returned into requesting party.So as to complete
Encryption or decryption processing to business datum.
It is important using Double-puzzle card progress user key etc. in hardware view using method provided by the embodiment of the present invention
Data it is hot standby, when one of cipher card break down when, can directly using another cipher card to business datum carry out
Encryption or decryption processing continuously continual can be handled business datum, avoid overstocking in application system big
The be-encrypted data of amount improves Information Security, while can not read encrypted transaction data to avoid long-time, influences
With the normal work of the associated other systems of application system, the reliability of crypto-operation is improved.
In one embodiment of the invention, further includes:
First key is sent to the first password card and generates instruction, so that the first password, which is stuck in, receives described the
When one key generates instruction, second user key is generated and saves, and the second user key synchronization is close to described second
Code card.
Processor can be sent when reaching preset trigger condition, or receiving user instruction to first password card
First key generates instruction.
When first password is stuck in the first key generation instruction for receiving processor transmission, it can be generated and save the second use
Family key.Specifically, first password card can generate second user key according to preset user key create-rule.When
When one cipher card receives new business datum to be encrypted, the new business datum of the second user key pair can be used and carry out
Encryption.
Similarly, the first user key can also generate by this way.
User key create-rule can be preset, and such as be generated according to current date, or the pass specified according to user
Keyword generation etc., the embodiment of the present invention is without limitation.
After first password card generates second user key, second user key synchronization can be given to the second cipher card, so that
User key in first password card and the second cipher card is consistent.Alternatively, in the key synchronization instruction for receiving processor
When, give second user key synchronization to the second cipher card.
In one embodiment of the invention, further includes:
First key synchronic command is sent to the first password card, so that the first password is stuck in generation described second
After user key, symmetric key is generated according to preset create-rule;Use second user described in the symmetric key encryption
Key obtains first key data;Symmetric key described in public key encryption using second cipher card obtains the second cipher key number
According to;Ciphertext comprising the first key data and second key data is sent to second cipher card;So that institute
It states the second cipher card and decrypts second key data using the private key of oneself, obtain the symmetric key;Using described symmetrical
Key decrypts the first key data, obtains and saves the second user key.
User key can be effectively ensured in transmission process in the synchronization that user key is carried out by this digital envelope mode
In safety, reduce and be trapped the risk of modification in transmission process.
In one embodiment of the invention, further includes:
When determining that not receiving described first handles data, by the first password card labeled as bad card.
Processor can determine that first password card has currently broken down when determination does not receive the first processing data,
It can be by first password card labeled as bad card.In this way, when processor receives the processing request for business datum again, it can be with
Processing request is directly sent to the second cipher card, realizes persistent service.
If first password card initial markers are main card, the second cipher card initial markers are from card, when processor determines the
It can be bad card by the flag update of first password card when one cipher card breaks down, the flag update by the second cipher card is
Main card.
In one embodiment of the invention, further includes:
First step: detecting whether the first password card repairs completion at set time intervals, if it is,
Execute second step;
Second step: sending the instruction of the second key synchronization to second cipher card, so that second cipher card will
Its currently stored user key is synchronized to the first password card.
In embodiments of the present invention, processor can detect at set time intervals whether first password card has been repaired
At if detecting that first password card reparation is completed, the bad card label of first password card can be removed, or by first password
The flag update of card is to be set to the standby card of the second cipher card from card.
Meanwhile processor can send the instruction of the second key synchronization to the second cipher card.Second cipher card is close according to second
Its currently stored user key can be synchronized to first password card by key synchronic command.In this way, when there is event in the second cipher card
When barrier, first password card can be continued to use, business datum is handled, realize continual encryption and decryption service.
User key can be synchronized to the second password with reference to the above first password card by specific user key synchronous method
The process of card, details are not described herein.
Each embodiment in this specification is described in a progressive manner, the highlights of each of the examples are with it is other
The difference of embodiment, same or similar part may refer to each other between each embodiment.For side disclosed in embodiment
For method, since it is corresponding with system disclosed in embodiment, so being described relatively simple, related place is referring to components of system as directed
Explanation.
Professional further appreciates that, unit described in conjunction with the examples disclosed in the embodiments of the present disclosure
And algorithm steps, can be realized with electronic hardware, computer software, or a combination of the two, in order to clearly demonstrate hardware and
The interchangeability of software generally describes each exemplary composition and step according to function in the above description.These
Function is implemented in hardware or software actually, the specific application and design constraint depending on technical solution.Profession
Technical staff can use different methods to achieve the described function each specific application, but this realization is not answered
Think beyond the scope of this invention.
The step of method described in conjunction with the examples disclosed in this document or algorithm, can directly be held with hardware, processor
The combination of capable software module or the two is implemented.Software module can be placed in random access memory (RAM), memory, read-only deposit
Reservoir (ROM), electrically programmable ROM, electrically erasable ROM, register, hard disk, moveable magnetic disc, CD-ROM or technology
In any other form of storage medium well known in field.
Used herein a specific example illustrates the principle and implementation of the invention, and above embodiments are said
It is bright to be merely used to help understand technical solution of the present invention and its core concept.It should be pointed out that for the common of the art
, without departing from the principle of the present invention, can be with several improvements and modifications are made to the present invention for technical staff, these
Improvement and modification are also fallen within the protection scope of the claims of the present invention.
Claims (6)
1. a kind of data encrypting and deciphering system characterized by comprising processor, first password card and the second cipher card, the place
Reason device is connect with the first password card and second cipher card respectively, in the first password card and second cipher card
It is stored with identical first user key, wherein
The processor, for processing request being sent to described when receiving the processing request for business datum
First password card;Determine whether to receive the first processing number corresponding with the business datum that the first password card returns
According to;If it is not, then processing request is sent to second cipher card;Receive that second cipher card returns with it is described
The corresponding second processing data of business datum;The processing request is that encryption processing request or decryption processing are requested;
The first password card, for handling the industry using first user key when receiving processing request
Business data obtain and return to the first processing data;
Second cipher card, for handling the industry using first user key when receiving processing request
Business data, obtain and return to the second processing data;
The processor is also used to determining do not receive that the first password card returns corresponding with the business datum the
When one processing data, by the first password card labeled as bad card;It is also used to detect described first at set time intervals
Whether cipher card repairs completion;If it is, the instruction of the second key synchronization is sent to second cipher card, so that described second
Its currently stored user key is synchronized to the first password card by cipher card.
2. data encrypting and deciphering system according to claim 1, which is characterized in that
The first password card is also used to generate and save second user key when receiving first key generation instruction, and
Give the second user key synchronization to second cipher card.
3. data encrypting and deciphering system according to claim 2, which is characterized in that
The first password card is specifically used for after generating the second user key, is generated according to preset create-rule
Symmetric key;Using second user key described in the symmetric key encryption, first key data are obtained;It is close using described second
Symmetric key described in the public key encryption of code card, obtains the second key data;It will include the first key data and described second
The ciphertext of key data is sent to second cipher card;
Second cipher card, is also used to receive the ciphertext;Second key data is decrypted using the private key of oneself, is obtained
The symmetric key;Using first key data described in the symmetric key decryption, obtains and save the second user key.
4. a kind of data encryption/decryption method, which is characterized in that be applied to processor, the processor respectively with first password card and
Second cipher card connects, and is stored with identical first user key in the first password card and second cipher card, described
Data encryption/decryption method includes:
The processing received for business datum is requested, and the processing request is that encryption processing request or decryption processing are requested;
Processing request is sent to the first password card, so that the first password, which is stuck in, receives the processing request
When, the business datum is handled using first user key, obtains and returns to the first processing data;
Determine whether to receive the first processing data;
If it is not, then processing request is sent to second cipher card, so that second cipher card is receiving
When stating processing request, the business datum is handled using first user key, obtains and returns to second processing data;It receives
The second processing data;
When determining that not receiving described first handles data, by the first password card labeled as bad card;According to setting when
Between interval detect whether the first password card repairs completion;If it is, it is same to send the second key to second cipher card
Step instruction, so that its currently stored user key is synchronized to the first password card by second cipher card.
5. data encryption/decryption method according to claim 4, which is characterized in that further include:
First key is sent to the first password card and generates instruction, so that the first password is stuck in, to receive described first close
When key generates instruction, second user key is generated and saves, and give the second user key synchronization to second cipher card.
6. data encryption/decryption method according to claim 5, which is characterized in that further include:
First key synchronic command is sent to the first password card, so that the first password, which is stuck in, generates the second user
After key, symmetric key is generated according to preset create-rule;Using second user key described in the symmetric key encryption,
Obtain first key data;Symmetric key described in public key encryption using second cipher card obtains the second key data;It will
Ciphertext comprising the first key data and second key data is sent to second cipher card;So that described second
Cipher card decrypts second key data using the private key of oneself, obtains the symmetric key;Use the symmetric key solution
The close first key data obtain and save the second user key.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610887412.0A CN106341226B (en) | 2016-10-11 | 2016-10-11 | A kind of data encryption/decryption method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610887412.0A CN106341226B (en) | 2016-10-11 | 2016-10-11 | A kind of data encryption/decryption method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106341226A CN106341226A (en) | 2017-01-18 |
| CN106341226B true CN106341226B (en) | 2018-12-18 |
Family
ID=57839809
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610887412.0A Active CN106341226B (en) | 2016-10-11 | 2016-10-11 | A kind of data encryption/decryption method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106341226B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111492353B (en) | 2018-08-15 | 2023-07-18 | 华为技术有限公司 | Safe data transfer device, system and method |
| CN113515387B (en) * | 2021-09-13 | 2022-03-15 | 渔翁信息技术股份有限公司 | Data processing method and device and electronic device |
| CN117077123A (en) * | 2023-08-18 | 2023-11-17 | 长春吉大正元信息技术股份有限公司 | Service processing method and device for multiple password cards and electronic equipment |
| CN117834137A (en) * | 2024-03-04 | 2024-04-05 | 深圳市纽创信安科技开发有限公司 | Password card switching method, device, computer equipment and storage medium |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1365214A (en) * | 2001-01-09 | 2002-08-21 | 深圳市中兴集成电路设计有限责任公司 | Cipher key managing method based on public cipher key system |
| CN102932140A (en) * | 2012-11-20 | 2013-02-13 | 成都卫士通信息产业股份有限公司 | Key backup method for enhancing safety of cipher machine |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100490372C (en) * | 2005-03-15 | 2009-05-20 | 联想(北京)有限公司 | A method for backup and recovery of encryption key |
-
2016
- 2016-10-11 CN CN201610887412.0A patent/CN106341226B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1365214A (en) * | 2001-01-09 | 2002-08-21 | 深圳市中兴集成电路设计有限责任公司 | Cipher key managing method based on public cipher key system |
| CN102932140A (en) * | 2012-11-20 | 2013-02-13 | 成都卫士通信息产业股份有限公司 | Key backup method for enhancing safety of cipher machine |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106341226A (en) | 2017-01-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10178074B2 (en) | Key generation and broadcasting | |
| CN106341226B (en) | A kind of data encryption/decryption method and system | |
| US20180341556A1 (en) | Data backup method and device, storage medium and server | |
| EP3598714A1 (en) | Method, device, and system for encrypting secret key | |
| CN112104627B (en) | Block chain-based data transmission method and device, electronic equipment and storage medium | |
| JP2009199195A (en) | Computer system and terminal | |
| US20200358613A1 (en) | Improvements in and relating to remote authentication devices | |
| EP2722787A1 (en) | Method and apparatus for writing and reading encrypted hard disk data | |
| EP2631833A1 (en) | Method, device and system for verifying binding data card and mobile host | |
| CN111104691A (en) | Sensitive information processing method and device, storage medium and equipment | |
| US20200356989A1 (en) | Transferring digital assets possession over a unidirectional connection | |
| US20160080329A1 (en) | Mobile terminal and method thereof | |
| CN102346716B (en) | Encryption method and decryption method of hard disk storage device and encryption and decryption system used for hard disk storage device | |
| CN115473722A (en) | Data encryption method and device, electronic equipment and storage medium | |
| CN112463454B (en) | Data recovery method, server, terminal device and storage medium | |
| JP2007020065A (en) | Decryption backup method, decryption restoration method, attestation device, individual key setting machine, user terminal, backup equipment, encryption backup program, decryption restoration program | |
| CN115129518B (en) | Backup and recovery method, device, equipment and medium for TEE (trusted execution environment) internal storage data | |
| CN109639688B (en) | Internet of things safety protection system and protection method thereof | |
| CN109409112A (en) | A kind of disk binding method and device | |
| JP4721737B2 (en) | Data backup method, backup processing system, and computer program | |
| CN114625756A (en) | Data query method and device and server | |
| CN106534112B (en) | Tax control key and communication protocol management method thereof | |
| CN204613946U (en) | A kind of safe USBHUB and SD/TF card reader equipment complex | |
| CN110287718B (en) | Encrypted data processing method and device based on U-lock binding | |
| CN112804053B (en) | Data recovery method, encryption device, terminal device and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: A data encryption and decryption method and system Effective date of registration: 20210823 Granted publication date: 20181218 Pledgee: Bank of China Limited Weihai Branch Pledgor: SHANDONG FISHERMAN INFORMATION TECHNOLOGY Co.,Ltd. Registration number: Y2021980008117 |
|
| PE01 | Entry into force of the registration of the contract for pledge of patent right | ||
| CP03 | Change of name, title or address | ||
| CP03 | Change of name, title or address |
Address after: 264200 No. 12-1, Chuhe North Road, chucun Town, gaoqu District, Weihai City, Shandong Province Patentee after: Yuweng Information Technology Co.,Ltd. Address before: No.12, Chuhe North Road, gaoqu District, Weihai City, Shandong Province Patentee before: SHANDONG FISHERMAN INFORMATION TECHNOLOGY Co.,Ltd. |
|
| PC01 | Cancellation of the registration of the contract for pledge of patent right | ||
| PC01 | Cancellation of the registration of the contract for pledge of patent right |
Date of cancellation: 20221227 Granted publication date: 20181218 Pledgee: Bank of China Limited Weihai Branch Pledgor: SHANDONG FISHERMAN INFORMATION TECHNOLOGY CO.,LTD. Registration number: Y2021980008117 |
|
| PE01 | Entry into force of the registration of the contract for pledge of patent right | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: A Data Encryption and Decryption Method and System Effective date of registration: 20221227 Granted publication date: 20181218 Pledgee: Bank of China Limited Weihai Branch Pledgor: Yuweng Information Technology Co.,Ltd. Registration number: Y2022980029248 |