CN106789963A - Asymmetric whitepack cipher encrypting method and device and equipment - Google Patents
Asymmetric whitepack cipher encrypting method and device and equipment Download PDFInfo
- Publication number
- CN106789963A CN106789963A CN201611101864.8A CN201611101864A CN106789963A CN 106789963 A CN106789963 A CN 106789963A CN 201611101864 A CN201611101864 A CN 201611101864A CN 106789963 A CN106789963 A CN 106789963A
- Authority
- CN
- China
- Prior art keywords
- message
- encryption
- terminal
- public key
- group
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Information Transfer Between Computers (AREA)
Abstract
This application discloses a kind of asymmetric whitepack cipher encrypting method and device and equipment.The method includes:Receive encryption message, the encryption serial number that terminal is sent from message;Request in response to obtaining message content, the encryption message and encryption serial number that correspondence is preserved are sent to authentication center, the identity of message receiving terminal is authenticated so as to authentication center and after certification passes through, message packet scheme corresponding with the encryption serial number for receiving, encrypted public key are searched, encryption message is decrypted according to the encryption key corresponding to the message packet scheme and encrypted public key corresponding with each group;From the message content that authentication center's receiving and deciphering is obtained.The application remains to realize information security when attacker can be obtained to encryption data operation, the control of storage environment.
Description
Technical field
The disclosure relates generally to field of computer technology, and in particular to information processing security fields, more particularly to a kind of non-
Symmetrical whitepack cipher encrypting method and device.
Background technology
In data transfer and storage, in order to information security considers, it usually needs to data encryption.Current encryption is main
It is assumed that the environment of encryption operation cannot be touched to the attacker of data, the environment that encryption data can not be controlled to store, also without
Algorithm and key during method contact encryption.That is, the storage of the process and encryption data of encryption exists as a black box, it is impossible to
Known by attacker.
However, in fact, in some cases, the attacker of data is the environment that can touch encryption operation, very
Can extremely obtain to data encryption, the control of encryption data storage environment.So, they are easy to by data encryption, encryption
Some intermediate data, environmental data in data storage environment etc. deduce AES and key etc. in the way of reverse engineering,
So as to attack data.Therefore, it is proposed to when attacker can be obtained to data encryption, the control of encryption data storage environment such as
What realizes the demand of information security, i.e., in the case where the storage of the process and encryption data of encryption is regarded as " whitepack ", how
Realize information security.
The content of the invention
In view of drawbacks described above of the prior art or deficiency, expect that providing one kind can obtain to encryption data in attacker
The scheme of information security is realized when operation, the control of storage environment, i.e., is regarded as " whitepack " the operation and storage of encryption data
In the case of, realize the scheme of information security.
In a first aspect, the embodiment of the present application provides a kind of asymmetric whitepack cipher encrypting method, methods described includes:Connect
Encryption message, the encryption serial number that terminal is sent from message are received, wherein, encryption message is that message sends terminal according in certification
The heart return message packet scheme and with each corresponding encrypted public key of group, by message be divided into group and for each group with the group
What corresponding encrypted public key encryption was obtained, the authentication center is sending terminal return message packet scheme and is encrypting public to message
Encryption serial number is also returned while key;The encryption message that will be received is corresponding with encryption serial number to be preserved;In response to obtaining message
The request of content, the encryption message that correspondence is preserved and encryption serial number are sent to authentication center, so that authentication center is to message
After the identity of receiving terminal is authenticated and certification passes through, terminal is sent to message according to authentication center and returns to message packet side
Case, encrypted public key and encryption serial number corresponding record, search message packet scheme corresponding with the encryption serial number for receiving,
Encrypted public key, according to the encryption key corresponding to the message packet scheme and encrypted public key corresponding with each group to encryption message solution
It is close;From the message content that authentication center's receiving and deciphering is obtained.
Second aspect, the embodiment of the present application provides a kind of asymmetric whitepack cipher encrypting method, and methods described includes:Connect
The encryption message from message sink terminal, encryption serial number are received, wherein, encryption message is that message sends terminal according in certification
The heart return message packet scheme and with each corresponding encrypted public key of group, by message be divided into group and for each group with the group
Corresponding encrypted public key encryption is obtained and is sent to message sink terminal, and the authentication center is sending terminal return to message
Encryption serial number is also returned while message packet scheme and encrypted public key, so as to message sink terminal by the encryption serial number with
Encryption message issues authentication center together;Identity to message receiving terminal is authenticated;If certification passes through, according to message
Send the corresponding record of message packet scheme, encrypted public key and encryption serial number that terminal is returned, the encryption searched and receive
The corresponding message packet scheme of serial number, encrypted public key;According to the message packet scheme for finding and encryption corresponding with each group
Encryption key corresponding to public key is to encryption message decryption;Send the message content that obtains of decryption to message sink terminal.
The third aspect, the embodiment of the present application provides a kind of asymmetric whitepack cipher encrypting method, and methods described includes:To
Authentication center sends message packet scheme and encrypted public key request;If the authentication that authentication center sends terminal to message is led to
Cross, receive message packet scheme and each corresponding encrypted public key of group and encryption serial number from authentication center;According to
Authentication center return message packet scheme and with each corresponding encrypted public key of group, by message be divided into group and for each group use
Encrypted public key encryption corresponding with the group, obtains encrypting message;Encryption message is sent to message sink together with encryption serial number
Terminal.
Fourth aspect, the embodiment of the present application provides a kind of asymmetric whitepack password encryption device, and described device includes:The
One receiving unit, is configured to receive encryption message, the encryption serial number for sending terminal from message, wherein, encryption message is
Message send the message packet scheme that is returned according to authentication center of terminal and with each corresponding encrypted public key of group, message is divided into
Group simultaneously encrypts what is obtained for each group with encrypted public key corresponding with the group, and the authentication center returns to message transmission terminal
Encryption serial number is also returned while returning message packet scheme and encrypted public key;First storage unit, is configured to reception
Encryption message is corresponding with encryption serial number to be preserved;First transmitting element, is configured to the request in response to obtaining message content, will
The encryption message and encryption serial number that correspondence is preserved are sent to authentication center, so that authentication center is to the identity of message receiving terminal
It is authenticated and after certification passes through, sending terminal to message according to authentication center returns to message packet scheme, encrypted public key and add
The corresponding record of close serial number, searches message packet scheme corresponding with the encryption serial number for receiving, encrypted public key, according to this
Encryption key corresponding to message packet scheme and encrypted public key corresponding with each group is to encryption message decryption;Second receives single
Unit, is configured to the message content obtained from authentication center's receiving and deciphering.
5th aspect, the embodiment of the present application provides a kind of asymmetric whitepack password encryption device, and described device includes:The
Three receiving units, are configured to receive the encryption message from message sink terminal, encryption serial number, wherein, encryption message is
Message send the message packet scheme that is returned according to authentication center of terminal and with each corresponding encrypted public key of group, message is divided into
Group is simultaneously obtained and is sent to message sink terminal for each group with encrypted public key corresponding with group encryption, in the certification
The heart also returns to encryption serial number while terminal return message packet scheme and encrypted public key is sent to message, so that message connects
Receive terminal and the encryption serial number is issued into authentication center together with encryption message;First authentication unit, is configured to connect message
The identity for receiving terminal is authenticated;Searching unit, if be configured to certification passed through, disappearing for terminal return is sent according to message
The corresponding record of breath packet scheme, encrypted public key and encryption serial number, searches message corresponding with the encryption serial number for receiving
Packet scheme, encrypted public key;Decryption unit, is configured to according to the message packet scheme for finding and encryption corresponding with each group
Encryption key corresponding to public key is to encryption message decryption;Second transmitting element, is configured to send in the message that decryption is obtained
Hold message sink terminal.
6th aspect, the embodiment of the present application provides a kind of asymmetric whitepack password encryption device, and described device includes:The
Five transmitting elements, are configured to send message packet scheme to authentication center and encrypted public key are asked;5th receiving unit, configuration
If passed through to the authentication that message sends terminal for authentication center, message packet scheme of the reception from authentication center,
With each corresponding encrypted public key of group and encryption serial number;Ciphering unit, is configured to the message returned according to authentication center
Packet scheme and with each corresponding encrypted public key of group, message is divided into group and public with encryption corresponding with the group for each group
Key is encrypted, and obtains encrypting message;6th transmitting element, is configured to that encryption message is sent to message and is connect together with encryption serial number
Receive terminal.
7th aspect, the embodiment of the present application provides a kind of equipment, including processor, memory and display;It is described to deposit
Reservoir is included can be by the instruction of the computing device to cause the computing device:Receive and send adding for terminal from message
Close message, encryption serial number, wherein, encryption message be message send message packet scheme that terminal returns according to authentication center with
With each corresponding encrypted public key of group, message is divided into group and is obtained with encrypted public key corresponding with group encryption for each group
, the authentication center also returns to encryption flowing water while terminal return message packet scheme and encrypted public key is sent to message
Number;The encryption message that will be received is corresponding with encryption serial number to be preserved;Request in response to obtaining message content, correspondence is preserved
Encryption message and encryption serial number are sent to authentication center, so that authentication center is authenticated simultaneously to the identity of message receiving terminal
After certification passes through, terminal is sent to message according to authentication center and returns to message packet scheme, encrypted public key and encryption serial number
Corresponding record, searches message packet scheme corresponding with the encryption serial number for receiving, encrypted public key, according to the message packet side
Encryption key corresponding to case and encrypted public key corresponding with each group is to encryption message decryption;From authentication center, receiving and deciphering is obtained
Message content.
Eighth aspect, the embodiment of the present application provides a kind of equipment, including processor, memory and display:It is described to deposit
Reservoir is included can be by the instruction of the computing device to cause the computing device:Receive adding from message sink terminal
Close message, encryption serial number, wherein, encryption message be message send message packet scheme that terminal returns according to authentication center with
With each corresponding encrypted public key of group, message is divided into group and is obtained with encrypted public key corresponding with group encryption for each group
And message sink terminal is sent to, the authentication center is sending terminal return message packet scheme and encrypted public key to message
While also return to encryption serial number, so that the encryption serial number is issued certification by message sink terminal together with encryption message
The heart;Identity to message receiving terminal is authenticated;If certification passes through, the message packet that terminal is returned is sent according to message
The corresponding record of scheme, encrypted public key and encryption serial number, searches message packet side corresponding with the encryption serial number for receiving
Case, encrypted public key;According to the encryption key pair corresponding to the message packet scheme for finding and encrypted public key corresponding with each group
Encryption message decryption;Send the message content that obtains of decryption to message sink terminal.
9th aspect, the embodiment of the present application provides a kind of equipment, including processor, memory and display;It is described to deposit
Reservoir is included can be by the instruction of the computing device to cause the computing device:Message packet side is sent to authentication center
Case and encrypted public key are asked;If authentication center passes through to the authentication that message sends terminal, receive from authentication center
Message packet scheme and each corresponding encrypted public key of group and encryption serial number;The message returned according to authentication center is grouped
Scheme and with each corresponding encrypted public key of group, message is divided into group and is added with encrypted public key corresponding with the group for each group
It is close, obtain encrypting message;Encryption message is sent to message sink terminal together with encryption serial number.
In the embodiment of the present application, it is not preserve the encryption key for encrypting message in message sink terminal, or even message
Receiving terminal does not also know encryption key, because decryption is carried out by authentication center.In message sink terminal storage is to receive
Encryption message and encryption serial number.So, even if attacker can be obtained to encryption data operation, the control of storage environment, its
Also encryption data cannot be decrypted.In addition, encryption message is encrypted with single key, but message sends terminal according to certification
Center return message packet scheme and with each corresponding encrypted public key of group, by message be divided into group and for each group with this
The corresponding encrypted public key encryption of group is obtained, and it is related to for message to be divided into multiple groups, and is respectively adopted for each group respective
Encrypted public key, even if so complicated encryption method also enables that attacker is obtained to encryption data operation, storage environment
Control, it is also difficult to packet scheme and each encrypted public key are cracked out by reverse engineering, and then encryption message cannot be decrypted.And disappearing
Can be the message after being decrypted when breath receiving terminal wonders the content of message.Now, message sink terminal will be encrypted
Message and corresponding encryption serial number are sent to authentication center.Authentication center is sending terminal distribution message packet scheme for message
During with each encrypted public key, be by packet scheme, each encrypted public key (may also have the corresponding each encryption key of encrypted public key) and
Encryption serial number corresponding record.So, authentication center is authenticated and after certification passes through to the identity of message receiving terminal, root
According to the corresponding record, it is possible to find message packet scheme corresponding with the encryption serial number for receiving, encrypted public key, press
According to the encryption key corresponding to the message packet scheme and encrypted public key corresponding with each group to encryption message decryption, and to message
Receiving terminal returns to the encryption message after decryption.The key component of decryption is all carried out in authentication center.Even if attacker can take
Must be to encryption data operation, the control of storage environment, it also only cannot carry out reverse engineering and crack encryption with an encryption serial number
Message.If attacker obtains encrypting serial number, being also to the data after authentication center's request decryption can not possibly be successful, because
Certification that cannot be by authentication center to requestor's identity.And message sink terminal can be by certification, therefore, it is possible to ask
Data after to decryption.In this way, even if can be obtained to encryption data operation, the control of storage environment in attacker
In the case of, remain to realize information security.
Brief description of the drawings
By the detailed description made to non-limiting example made with reference to the following drawings of reading, the application other
Feature, objects and advantages will become more apparent upon:
Fig. 1 is shown in which that the exemplary system architecture of the embodiment of the present application can be applied;
Fig. 2 shows the asymmetric whitepack password encryption side in message sink end side according to the application one embodiment
The exemplary process diagram of method;
Fig. 3 shows the asymmetric whitepack cipher encrypting method in authentication center side according to the application one embodiment
Exemplary process diagram;
Fig. 4 shows the asymmetric whitepack password encryption side that end side is sent in message according to the application one embodiment
The exemplary process diagram of method;
Fig. 5 shows and filled according to the asymmetric whitepack password encryption in message sink end side of the application one embodiment
The exemplary block diagram put;
Fig. 6 shows the asymmetric whitepack password encryption device in authentication center side according to the application one embodiment
Exemplary block diagram;
Fig. 7 shows the asymmetric whitepack password encryption dress that end side is sent in message according to the application one embodiment
The exemplary block diagram put;
Fig. 8 shows the structural representation of the computer system for being suitable to the message sink terminal for realizing the embodiment of the present application
Figure.
Fig. 9 shows the structural representation of the computer system for being suitable to the authentication center for realizing the embodiment of the present application.
Figure 10 shows that the structure for being suitable to the computer system that the message for realizing the embodiment of the present application sends terminal is shown
It is intended to.
Specific embodiment
The application is described in further detail with reference to the accompanying drawings and examples.It is understood that this place is retouched
The specific embodiment stated is used only for explaining related invention, rather than the restriction to the invention.It also should be noted that, in order to
It is easy to description, the part related to invention is illustrate only in accompanying drawing.
It should be noted that in the case where not conflicting, the feature in embodiment and embodiment in the application can phase
Mutually combination.Describe the application in detail below with reference to the accompanying drawings and in conjunction with the embodiments.
Fig. 1 is refer to, it illustrates the exemplary system architecture that can apply the embodiment of the present application.
As shown in figure 1, system architecture can include that message sends terminal 102, authentication center 101, message sink terminal
103.Message sends terminal 102 and refers to the terminal for sending message.Message sink terminal 103 refers to the terminal for receiving message.Terminal can be with
Refer to a hardware for entity, such as mobile unit, mobile phone, it is also possible to refer to an element inside hardware, such as ECU in vehicle.
Authentication center 101 refers to that the identity of the terminal to sending, receiving message is authenticated and is the encryption assignment messages packet side of message
Case and each corresponding encrypted public key of group, encryption key, the center for encrypting serial number.It may be located at server side, such as cloud clothes
On business device, it is also possible to as a part for hardware, such as in the case of the ECU authentications in vehicle, it can be as
A part for vehicle is located on vehicle.
As mentioned in the background art, current encryption is main assumes that the attacker of data cannot be touched encryption operation
Environment, can not control encryption data store environment, cannot also contact the algorithm and key during encryption.That is, the mistake of encryption
The storage of journey and encryption data exists as a black box, it is impossible to known by attacker.However, in fact, in certain situation
Under, the attacker of data is the environment that can touch encryption operation, or even can obtain data encryption, encryption data are deposited
Store up the control of environment.So, they are easy to by some intermediate data, the ring in data encryption, encryption data storage environment
Border data etc. deduce AES and key etc. in the way of reverse engineering, so as to attack data.Therefore, it is proposed in attacker
The demand that information security how is realized during to data encryption, the control of encryption data storage environment can be obtained, i.e., encryption
Process and encryption data storage regard " whitepack " as in the case of, how to realize information security.
In the embodiment of the present application, it is not preserve the encryption key for encrypting message in message sink terminal, or even message
Receiving terminal does not also know encryption key, because decryption is carried out by authentication center.In message sink terminal storage is to receive
Encryption message and encryption serial number.So, even if attacker can be obtained to encryption data operation, the control of storage environment, its
Also encryption data cannot be decrypted.In addition, encryption message is encrypted with single key, but message sends terminal according to certification
Center return message packet scheme and with each corresponding encrypted public key of group, by message be divided into group and for each group with this
The corresponding encrypted public key encryption of group is obtained, and it is related to for message to be divided into multiple groups, and is respectively adopted for each group respective
Encrypted public key, even if so complicated encryption method also enables that attacker is obtained to encryption data operation, storage environment
Control, it is also difficult to packet scheme and each encrypted public key are cracked out by reverse engineering, and then encryption message cannot be decrypted.And disappearing
Can be the message after being decrypted when breath receiving terminal wonders the content of message.Now, message sink terminal will be encrypted
Message and corresponding encryption serial number are sent to authentication center.Authentication center is sending terminal distribution message packet scheme for message
During with each encrypted public key, be by packet scheme, each encrypted public key (may also have the corresponding each encryption key of encrypted public key) and
Encryption serial number corresponding record.So, authentication center is authenticated and after certification passes through to the identity of message receiving terminal, root
According to the corresponding record, it is possible to find message packet scheme corresponding with the encryption serial number for receiving, encrypted public key, press
According to the encryption key corresponding to the message packet scheme and encrypted public key corresponding with each group to encryption message decryption, and to message
Receiving terminal returns to the encryption message after decryption.The key component of decryption is all carried out in authentication center.Even if attacker can take
Must be to encryption data operation, the control of storage environment, it also only cannot carry out reverse engineering and crack encryption with an encryption serial number
Message.If attacker obtains encrypting serial number, being also to the data after authentication center's request decryption can not possibly be successful, because
Certification that cannot be by authentication center to requestor's identity.And message sink terminal can be by certification, therefore, it is possible to ask
Data after to decryption.In this way, even if can be obtained to encryption data operation, the control of storage environment in attacker
In the case of, remain to realize information security.
With reference to Fig. 2, it illustrates the exemplary of the asymmetric whitepack cipher encrypting method according to the application one embodiment
Flow chart.Method shown in Fig. 2 can be in Fig. 1 message sink terminal 103 perform.The concept of " whitepack " has hereinbefore been retouched
State." asymmetric " refers to the encryption technology being engaged using public key and private key.In general, public key and private key are used as a key
It is right.For example, in the case of with public key encryption, being decrypted with corresponding private key.
As shown in Fig. 2 in step 210, receiving encryption message, the encryption serial number that terminal is sent from message.
Encryption message is that message sends the message packet scheme that is returned according to authentication center of terminal and corresponding with each group
Encrypted public key, is divided into message group and encrypts what is obtained with encrypted public key corresponding with the group for each group, in the certification
The heart also returns to encryption serial number while terminal return message packet scheme and encrypted public key is sent to message.
Message sends terminal and wants to send message, first has to send message packet scheme to authentication center and encrypted public key please
Ask.Authentication center first has to the identity that the certification message sends terminal, certification pass through after could be its transmission message packet scheme
And encrypted public key.Certification message send terminal identity can take the initiative query messages send terminal mark method, because
If to allow message to send the mark of terminal to report oneself, a message for unauthorized sends terminal and may know that another has been awarded
The message of power sends the mark of terminal and the mark that another message for having authorized sends terminal disguises oneself as the mark of oneself
Authentication center is reported, " is got by under false pretences " in this way, by certification.Therefore, authentication center wants active inquiry message to send out
Make arrangements for his funeral the mark at end.In general, the communication protocol of terminal and authentication center is sent according to message, message sends terminal to recognizing
When card center sends message, the mark that message sends terminal be according to communication protocol be automatically loaded transmission message certain is specific
Field, this field can not be changed artificially, be exclusively used in showing the identity of sender of the message.Therefore, authentication center can obtain
The message that message is sent in the specific fields in the message exchanged between terminal and authentication center sends terminal iidentification.In the field
Mark can not be tampered, therefore, in this way, inquired exactly message send terminal mark.Then, by this
Message sends terminal iidentification and compares with authorization terminal identification list.The terminal as the sender of message can be trusted
Mark is all registered in the identification list of authorization terminal of authentication center in advance.If the message sends terminal iidentification and is authorizing
In terminal identification list, then certification passes through.If the message sends terminal iidentification not in authorization terminal identification list, recognize
Card failure.
If authentication center passes through to the authentication that message sends terminal, authentication center sends terminal distribution simultaneously to message
Message packet scheme is sent with each corresponding encrypted public key of group and encryption serial number.Message packet scheme is in order to disappearing
How groups of to message point encryption for information is.For example, specifying in message packet scheme 1, message is divided into three groups:Group
A1, organizes B1, organizes C2.Specify in message packet scheme 2, by message according to 2:1:1 ratio is divided into three groups:Group A2, organizes B2,
Group C2.Assignment messages packet scheme can be taken and specify some message packet schemes in advance, and one is then randomly assigned wherein
Mode.For example, regulation has 10 message packet schemes in advance:Message packet scheme 1, message packet scheme 2 ..., message point
Prescription case 10.When needing assignment messages to be grouped scheme, a message packet scheme is therefrom randomly assigned.It is corresponding with each group
Then encrypted public key can also wherein be randomly assigned the mode of using one encrypted public key set of regulation in advance.For example,
There are 100 public keys (its 100 private key of correspondence) in encrypted public key set.What is be generally noted above message is divided equally A1, group in groups
In B1, the message packet scheme 1 of group C2, an encrypted public key k1 is randomly assigned in 100 public keys for group A1, for a group A2
An encrypted public key k2 is randomly assigned in 100 public keys, an encrypted public key is randomly assigned in 100 public keys for group A3
k3.Encryption serial number is to represent that current encryption is different from other sequence number of encryption.Authentication center often sends terminal and sends out to message
A message packet scheme and each corresponding encrypted public key of group are sent, just one encryption serial number of distribution.In general, every time
The encryption serial number of distribution is different.So, terminal return message packet side is subsequently being sent to message according to authentication center
The corresponding record lookup message packet scheme corresponding with the encryption serial number for receiving of case, encrypted public key and encryption serial number,
During encrypted public key, unique message packet scheme and encrypted public key can be just found.
Then, message sends message packet scheme and the encryption public affairs corresponding with each group that terminal is returned according to authentication center
Key, is divided into message group and is encrypted with encrypted public key corresponding with the group for each group, obtains encrypting message.Then, message
Send terminal and encryption message is sent to message sink terminal together with encryption serial number.
For example, it is assumed that authentication center return message packet scheme be message packet scheme 1, will message divide equally in groups
A1, group B1, group C2, are k1 with 1 corresponding encrypted public key of group, are k2 with 2 corresponding encrypted public keys of group, with 3 corresponding encryptions of group
Public key is k3.Message sends terminal and message first is divided into 3 groups, is combined to be sent to and disappears after being encrypted with k1, k2, k3 respectively
Breath receiving terminal.
In a step 220, the encryption message that will be received is corresponding with encryption serial number to be preserved.
In the embodiment of the present application, it is not preserve the encryption key for encrypting message in message sink terminal, or even message
Receiving terminal does not also know encryption key, because decryption is carried out by authentication center.In message sink terminal storage is to receive
Encryption message and encryption serial number.So, even if attacker can be obtained to encryption data operation, the control of storage environment, its
Also encryption data cannot be decrypted.In addition, encryption message is encrypted with single key, but message sends terminal according to certification
Center return message packet scheme and with each corresponding encrypted public key of group, by message be divided into group and for each group with this
The corresponding encrypted public key encryption of group is obtained, and it is related to for message to be divided into multiple groups, and is respectively adopted for each group respective
Encrypted public key, even if so complicated encryption method also enables that attacker is obtained to encryption data operation, storage environment
Control, it is also difficult to packet scheme and each encrypted public key are cracked out by reverse engineering, and then encryption message cannot be decrypted.
In step 230, in response to the request of acquisition message content, by the encryption message of correspondence preservation and encryption serial number
Authentication center is sent to, the identity of message receiving terminal is authenticated so as to authentication center and after certification passes through, according to certification
Center sends the corresponding record that terminal returns to message packet scheme, encrypted public key and encryption serial number to message, searches and receives
The corresponding message packet scheme of encryption serial number, the encrypted public key for arriving, according to the message packet scheme and it is corresponding with each group plus
Encryption key corresponding to the key of Migong is to encryption message decryption.
As it was previously stated, for the sake of information security, message is encryption storage in message sink terminal all the time.Connect in message
Terminal is received when wondering the content of message, the request in response to obtaining message content, message sink terminal will encrypt message and right
The encryption serial number answered is sent to authentication center.Then, authentication center is authenticated to the identity of message receiving terminal.Certification disappears
Cease receiving terminal identity can take the initiative query messages receiving terminal mark method, because if allowing message sink end
End reports the mark of oneself, and a message sink terminal for unauthorized (being probably attacker) may know that what another had been authorized
The mark of message sink terminal and the mark of another message sink terminal for the having authorized mark of oneself that disguises oneself as is reported
To authentication center, " get by under false pretences " in this way, by certification.Therefore, authentication center wants active inquiry message sink end
The mark at end.In general, according to message sink terminal and the communication protocol of authentication center, message sink terminal is in certification
When the heart sends message, the mark of message sink terminal is certain specific fields for the message that transmission is automatically loaded according to communication protocol
, this field can not be changed artificially, be exclusively used in showing the identity with authentication center correspondent.Therefore, authentication center can obtain
Take the message sink terminal iidentification in the specific fields in the message exchanged between message receiving terminal and authentication center.The field
In mark can not be tampered, therefore, in this way, the mark of message sink terminal has been inquired exactly.Then, will
The message sink terminal iidentification is compared with authorization terminal identification list.The terminal mark for securely communicating can be trusted
Knowledge is all registered in the identification list of authorization terminal of authentication center in advance.If the message sink terminal iidentification is authorizing end
In the identification list of end, then certification passes through.If the message sink terminal iidentification is not in authorization terminal identification list, certification
Failure.
Authentication center, when sending terminal distribution to message and sending message packet scheme and each encrypted public key, is to be grouped
Scheme, each encrypted public key (may also have the corresponding each encryption key of encrypted public key) and encryption serial number corresponding record.This
Sample, after authentication center is authenticated to the identity of message receiving terminal and certification passes through, according to the corresponding record, it is possible to look into
Find message packet scheme corresponding with the encryption serial number for receiving, encrypted public key.Because encrypted public key and encryption key are
Generate in pairs, when encrypted public key is generated, actual also generation has corresponding encryption key.Can also be by packet scheme, each encryption
The corresponding each encryption key of public key, each encrypted public key and encryption serial number corresponding record.Authentication center is grouped according to the message
Encryption key corresponding to scheme and encrypted public key corresponding with each group is to encryption message decryption.
Due to decrypt key component all carried out in authentication center, even if attacker can obtain to encryption data operation,
The control of storage environment, it also only cannot carry out reverse engineering and crack encryption message with an encryption serial number.If attacker obtains
To encryption serial number, being also to the data after authentication center's request decryption can not possibly be successful, because cannot be by authentication center
Certification to requestor's identity.And message sink terminal can be by certification, therefore, it is possible to ask the data after decryption.It is logical
This mode is crossed, even if in the case where attacker can be obtained to encryption data operation, the control of storage environment, remaining to realize
Information security.
In step 240, the message content for being obtained from authentication center's receiving and deciphering.
With reference to Fig. 3, it illustrates the exemplary of the asymmetric whitepack cipher encrypting method according to the application one embodiment
Flow chart.Method shown in Fig. 3 can be in Fig. 1 authentication center 101 perform.The concept of " whitepack " is described above.
" asymmetric " refers to the encryption technology being engaged using public key and private key.In general, public key and private key are used as a key pair.
For example, in the case of with public key encryption, being decrypted with corresponding private key.
As shown in figure 3, in the step 310, receiving the encryption message from message sink terminal, encryption serial number.
Encryption message is that message sends the message packet scheme that is returned according to authentication center of terminal and corresponding with each group
Encrypted public key, is divided into message group and is obtained and be sent to message with encrypted public key corresponding with group encryption for each group to connect
Receive terminal.The authentication center also returns while terminal return message packet scheme and encrypted public key is sent to message and adds
Close serial number, so that the encryption serial number is issued authentication center by message sink terminal together with encryption message.
In fact, before step 310, methods described also includes:Receive the message packet side that terminal is sent from message
Case and encrypted public key are asked;The identity that message sends terminal is authenticated;If certification passes through, generation message packet scheme,
With each corresponding encrypted public key of group and encryption serial number;The message packet scheme is sent with each corresponding encryption of group
Public key, encryption serial number to message send terminal.
Specifically, message sends terminal and wants to send message, first has to send message packet scheme to authentication center and adds
Migong key request.Authentication center first has to the identity that the certification message sends terminal, certification pass through after could be its transmission message
Packet scheme and encrypted public key.The identity query messages that can take the initiative that certification message sends terminal send the mark of terminal
Method, because if allowing message to send the mark of terminal to report oneself, a message for unauthorized sends terminal and may know that separately
One message for having authorized sends the mark of terminal and the mark that another message for having authorized sends terminal disguises oneself as certainly
Oneself mark reports authentication center, " gets by under false pretences " in this way, by certification.Therefore, authentication center will actively look into
Ask the mark that message sends terminal.In general, the communication protocol of terminal and authentication center is sent according to message, message sends eventually
When message is sent to authentication center, the mark that message sends terminal is the message that transmission is automatically loaded according to communication protocol at end
Certain specific fields, this field can not be changed artificially, be exclusively used in showing the identity of sender of the message.Therefore, authentication center
The message that can be obtained in the specific fields during message sends the message exchanged between terminal and authentication center sends terminal iidentification.
Mark in the field can not be tampered, therefore, in this way, the mark that message sends terminal has been inquired exactly.
Then, message transmission terminal iidentification is compared with authorization terminal identification list.Can be trusted as the hair of message
The terminal iidentification of the side of sending all is registered in the identification list of authorization terminal of authentication center in advance.If the message sends terminal mark
Know in authorization terminal identification list, then certification passes through.If the message sends terminal iidentification and is not identified in authorization terminal
In list, then authentification failure.If authentication center passes through to the authentication that message sends terminal, authentication center sends to message
Terminal distribution simultaneously sends message packet scheme with each corresponding encrypted public key of group and encryption serial number.Message packet scheme
I.e. in order to how groups of to message point be to message encryption.For example, specifying in message packet scheme 1, message is divided into
Three groups:Group A1, organizes B1, organizes C2.Specify in message packet scheme 2, by message according to 2:1:1 ratio is divided into three groups:
Group A2, organizes B2, organizes C2.Assignment messages packet scheme can be taken and specify some message packet schemes in advance, then wherein with
Machine specifies the mode of.For example, regulation has 10 message packet schemes in advance:Message packet scheme 1, message packet scheme
2 ..., message packet scheme 10.When needing assignment messages to be grouped scheme, a message packet scheme is therefrom randomly assigned.With
Then each corresponding encrypted public key of group can also wherein be randomly assigned one using one encrypted public key set of regulation in advance
Mode.For example, there is 100 public keys (its 100 private key of correspondence) in encrypted public key set.What is be generally noted above is equal by message
It is divided into a group A1, group B1, the message packet scheme 1 of group C2, an encrypted public key is randomly assigned in 100 public keys for group A1
K1, an encrypted public key k2 is randomly assigned for group A2 in 100 public keys, is randomly assigned in 100 public keys for group A3
One encrypted public key k3.Encryption serial number is to represent that current encryption is different from other sequence number of encryption.Authentication center is often to disappearing
Breath sends terminal and sends a message packet scheme and each corresponding encrypted public key of group, just one encryption serial number of distribution.One
As for, per sub-distribution encryption serial number it is different.So, terminal return is subsequently being sent to message according to authentication center
The corresponding record of message packet scheme, encrypted public key and encryption serial number searches message corresponding with the encryption serial number for receiving
During packet scheme, encrypted public key, unique message packet scheme and encrypted public key can be just found.
In one embodiment, methods described also includes after the identity that terminal is sent to message is authenticated:Generation
The encryption key with corresponding to each corresponding encrypted public key of group;The message packet scheme that will be generated is corresponding with each group
Encrypted public key and corresponding encryption key and encryption serial number accordingly preserve.
In asymmetric encryption techniques, because encrypted public key and encryption key are generations in pairs, in generation encrypted public key
Shi Shiji has also generated corresponding encryption key.Can also by packet scheme, each encrypted public key, each encrypted public key it is corresponding respectively plus
Close private key and encryption serial number corresponding record.In the follow-up message decryption to encryption of authentication center, encryption key is used
Rather than encrypted public key, therefore, by packet scheme, each encrypted public key, the corresponding each encryption key of each encrypted public key and encryption
Serial number corresponding record, in subsequent process, authentication center could according to the corresponding message packet scheme of encryption serial number and
Encryption key corresponding to encrypted public key corresponding with each group is to encryption message decryption.
Then, message sends message packet scheme and the encryption public affairs corresponding with each group that terminal is returned according to authentication center
Key, is divided into message group and is encrypted with encrypted public key corresponding with the group for each group, obtains encrypting message.Then, message
Send terminal and encryption message is sent to message sink terminal together with encryption serial number.Message sink terminal disappears the encryption of reception
Breath is corresponding with encryption serial number to be preserved, and when needing to obtain message content, the encryption message and encryption flowing water that correspondence is preserved
Number it is sent to authentication center.
In step 320, the identity to message receiving terminal is authenticated.
The identity of certification message sink terminal can take the initiative query messages receiving terminal mark method because such as
Fruit allows the message sink terminal to report mark of oneself, and a message sink terminal for unauthorized (being probably attacker) may know that
The mark of the message sink terminal that another has been authorized and the mark of another message sink terminal for having authorized is disguised oneself as
The mark of oneself reports authentication center, " gets by under false pretences " in this way, by certification.Therefore, authentication center will be actively
The mark of query messages receiving terminal.In general, according to message sink terminal and the communication protocol of authentication center, message sink
When message is sent to authentication center, the mark of message sink terminal is the message that transmission is automatically loaded according to communication protocol to terminal
Certain specific fields, this field can not be changed artificially, be exclusively used in showing the identity with authentication center correspondent.Therefore,
Authentication center can obtain the message sink in the specific fields in the message exchanged between message sink terminal and authentication center
Terminal iidentification.Mark in the field can not be tampered, therefore, in this way, message sink end has been inquired exactly
The mark at end.Then, the message sink terminal iidentification is compared with authorization terminal identification list.Can be trusted is carried out
The terminal iidentification of secure communication is all registered in the identification list of authorization terminal of authentication center in advance.If the message sink end
In authorization terminal identification list, then certification passes through end mark.If the message sink terminal iidentification is not in authorization terminal
In identification list, then authentification failure.
In a step 330, if certification passes through, message packet scheme, the encryption public affairs that terminal is returned are sent according to message
The corresponding record of key and encryption serial number, searches message packet scheme corresponding with the encryption serial number for receiving, encrypted public key.
Authentication center, when sending terminal distribution to message and sending message packet scheme and each encrypted public key, is to be grouped
Scheme, each encrypted public key (may also have the corresponding each encryption key of encrypted public key) and encryption serial number corresponding record.This
Sample, after authentication center is authenticated to the identity of message receiving terminal and certification passes through, according to the corresponding record, it is possible to look into
Find message packet scheme corresponding with the encryption serial number for receiving, encrypted public key.
In step 340, according to adding corresponding to the message packet scheme for finding and encrypted public key corresponding with each group
Close private key pair encryption message decryption.
Because encrypted public key and encryption key are generations in pairs, when encrypted public key is generated, actual also generation has corresponding
Encryption key.Can also be by packet scheme, each encrypted public key, the corresponding each encryption key of each encrypted public key and encryption flowing water
Number corresponding record.Then, authentication center is according to the encryption corresponding to the message packet scheme and encrypted public key corresponding with each group
Private key pair encryption message is decrypted.
In another embodiment, encrypted public key and the encryption key table of comparisons are set in addition.Authentication center is in the table of comparisons
Corresponding encryption key is obtained according to the encrypted public key for finding, then, according to the message packet scheme for finding and and each group
Encryption key corresponding to corresponding encrypted public key is to encryption message decryption.
In step 350, the message content that obtains of decryption to message sink terminal is sent.
In one embodiment, methods described also includes:If authentification failure, authentification failure is sent to message sink terminal
Message.
With reference to Fig. 4, it illustrates the exemplary of the asymmetric whitepack cipher encrypting method according to the application one embodiment
Flow chart.Method shown in Fig. 4 can be in Fig. 1 message send terminal 102 perform.The concept of " whitepack " has hereinbefore been retouched
State." asymmetric " refers to the encryption technology being engaged using public key and private key.In general, public key and private key are used as a key
It is right.For example, in the case of with public key encryption, being decrypted with corresponding private key.
As shown in figure 4, in step 410, sending message packet scheme to authentication center and encrypted public key being asked.
That is, message sends terminal and wants to send message, first has to send message packet scheme to authentication center and encryption is public
Key is asked.
At step 420, if authentication center passes through to the authentication that message sends terminal, receive and come from authentication center
Message packet scheme and each corresponding encrypted public key of group and encryption serial number.
After authentication center receives request, first have to the identity that the certification message sends terminal, certification pass through after could be
It sends message packet scheme and encrypted public key.The identity that certification message sends terminal can take the initiative query messages transmission eventually
The method of the mark at end, because if allowing message to send the mark of terminal to report oneself, a message for unauthorized sends terminal
May know that message that another has authorized to send the mark of terminal and another message for having authorized is sent the mark of terminal
Know the mark of oneself that disguises oneself as and report authentication center, " get by under false pretences " in this way, by certification.Therefore, in certification
The heart wants active inquiry message to send the mark of terminal.In general, the communication protocol of terminal and authentication center is sent according to message,
Message sends terminal when message is sent to authentication center, and the mark that message sends terminal is to be automatically loaded hair according to communication protocol
Certain specific fields of the message sent.This field can not be changed artificially, be exclusively used in showing the identity of sender of the message.Cause
This, authentication center can obtain the message hair in the specific fields during message sends the message exchanged between terminal and authentication center
Send terminal iidentification.Mark in the field can not be tampered, therefore, in this way, message transmission has been inquired exactly
The mark of terminal.Then, message transmission terminal iidentification is compared with authorization terminal identification list.Work can be trusted
For the terminal iidentification of the sender of message is all registered in the identification list of authorization terminal of authentication center in advance.If the message
Terminal iidentification is sent in authorization terminal identification list, then certification passes through.If the message sends terminal iidentification and is not awarding
In power terminal identification list, then authentification failure.If authentication center passes through to the authentication that message sends terminal, authentication center
Terminal distribution is sent to message and send message packet scheme with each corresponding encrypted public key of group and encryption serial number.Disappear
Breath packet scheme is to how groups of to message point be to message encryption.Encryption serial number is to represent that current crypto is different from
Other sequence number of encryption.It is corresponding with each group that authentication center often sends a terminal message packet scheme of transmission to message
Serial number is encrypted in encrypted public key, just distribution one.In general, the encryption serial number per sub-distribution is different.So, rear
It is continuous to be looked into the corresponding record that message sends terminal return message packet scheme, encrypted public key and encryption serial number according to authentication center
During looking for message packet scheme corresponding with the encryption serial number for receiving, encrypted public key, unique message point can be just found
Prescription case and encrypted public key.
In asymmetric encryption techniques, because encrypted public key and encryption key are generations in pairs, in generation encrypted public key
Shi Shiji has also generated corresponding encryption key.Can also by packet scheme, each encrypted public key, each encrypted public key it is corresponding respectively plus
Close private key and encryption serial number corresponding record.In the follow-up message decryption to encryption of authentication center, encryption key is used
Rather than encrypted public key, therefore, by packet scheme, each encrypted public key, the corresponding each encryption key of each encrypted public key and encryption
Serial number corresponding record, in subsequent process, authentication center could according to the corresponding message packet scheme of encryption serial number and
Encryption key corresponding to encrypted public key corresponding with each group is to encryption message decryption.
In step 430, according to authentication center return message packet scheme and with each corresponding encrypted public key of group, general
Message is divided into group and is encrypted with encrypted public key corresponding with the group for each group, obtains encrypting message.
In step 440, encryption message is sent to message sink terminal together with encryption serial number.
Message sends terminal and encryption message is sent into message sink terminal together with encryption serial number.Then, message sink
The encryption message that terminal will be received is corresponding with encryption serial number to be preserved, and when needing to obtain message content, correspondence is preserved
Encryption message and encryption serial number are sent to authentication center.Authentication center is authenticated to the identity of message receiving terminal.
The identity of certification message sink terminal can take the initiative query messages receiving terminal mark method because such as
Fruit allows the message sink terminal to report mark of oneself, and a message sink terminal for unauthorized (being probably attacker) may know that
The mark of the message sink terminal that another has been authorized and the mark of another message sink terminal for having authorized is disguised oneself as
The mark of oneself reports authentication center, " gets by under false pretences " in this way, by certification.Therefore, authentication center will be actively
The mark of query messages receiving terminal.In general, according to message sink terminal and the communication protocol of authentication center, message sink
When message is sent to authentication center, the mark of message sink terminal is the message that transmission is automatically loaded according to communication protocol to terminal
Certain specific fields, this field can not be changed artificially, be exclusively used in showing the identity with authentication center correspondent.Therefore,
Authentication center can obtain the message sink in the specific fields in the message exchanged between message sink terminal and authentication center
Terminal iidentification.Mark in the field can not be tampered, therefore, in this way, message sink end has been inquired exactly
The mark at end.Then, the message sink terminal iidentification is compared with authorization terminal identification list.Can be trusted is carried out
The terminal iidentification of secure communication is all registered in the identification list of authorization terminal of authentication center in advance.If the message sink end
In authorization terminal identification list, then certification passes through end mark.If the message sink terminal iidentification is not in authorization terminal
In identification list, then authentification failure.
Authentication center, when sending terminal distribution to message and sending message packet scheme and each encrypted public key, is to be grouped
Scheme, each encrypted public key, each encrypted public key corresponding each encryption key and encryption serial number corresponding record.So, certification
After center is authenticated to the identity of message receiving terminal and certification passes through, according to the corresponding record, it is possible to find with
The corresponding message packet scheme of encryption serial number, the corresponding encryption key of encrypted public key that receive, then according to finding
Encryption key corresponding to message packet scheme and encrypted public key corresponding with each group is to encryption message decryption.Then, in certification
The heart sends the message content that obtains of decryption to message sink terminal.
It should be noted that although the operation of the inventive method is described with particular order in the accompanying drawings, this is not required that
Or imply that these must be performed according to the particular order operates, or the operation having to carry out shown in whole could realize the phase
The result of prestige.Conversely, the step of describing in flow chart can change execution sequence.Additionally or alternatively, it is convenient to omit some
Multiple steps are merged into a step and performed, and/or a step is decomposed into execution of multiple steps by step.
With further reference to Fig. 5, it illustrates the asymmetric whitepack password encryption device 500 according to the application one embodiment
Exemplary block diagram.
As shown in figure 5, the asymmetric whitepack password encryption device 500 includes:First receiving unit 510, is configured to
Encryption message, the encryption serial number that terminal is sent from message are received, wherein, encryption message is that message sends terminal according to certification
Center return message packet scheme and with each corresponding encrypted public key of group, by message be divided into group and for each group with this
The corresponding encrypted public key encryption of group is obtained, and the authentication center is sending terminal return message packet scheme and encryption to message
Encryption serial number is also returned while public key;First storage unit 520, is configured to encryption message and the encryption flowing water that will be received
Number correspondence preserve;First transmitting element 530, is configured to the request in response to obtaining message content, the encryption that correspondence is preserved
Message and encryption serial number are sent to authentication center, so that authentication center is authenticated and certification to the identity of message receiving terminal
By rear, the correspondence that terminal returns to message packet scheme, encrypted public key and encryption serial number is sent to message according to authentication center
Record, searches message packet scheme corresponding with the encryption serial number for receiving, encrypted public key, according to the message packet scheme and
Encryption key corresponding to encrypted public key corresponding with each group is to encryption message decryption;Second receiving unit 540, be configured to from
The message content that authentication center's receiving and deciphering is obtained.
Alternatively, it is by obtaining message sink terminal and recognizing that authentication center is authenticated to the identity of message receiving terminal
Between card center exchange message in specific fields in message sink terminal iidentification, and by the message sink terminal iidentification with
Authorization terminal identification list compares what is carried out.
Alternatively, if the message sink terminal iidentification is in authorization terminal identification list, certification passes through.
With further reference to Fig. 6, it illustrates the asymmetric whitepack password encryption device 600 according to the application one embodiment
Exemplary block diagram.
As shown in fig. 6, the asymmetric whitepack password encryption device 600 includes:3rd receiving unit 610, is configured to
The encryption message from message sink terminal, encryption serial number are received, wherein, encryption message is that message sends terminal according to certification
Center return message packet scheme and with each corresponding encrypted public key of group, by message be divided into group and for each group with this
The corresponding encrypted public key encryption of group is obtained and is sent to message sink terminal, and the authentication center returns to message transmission terminal
Encryption serial number is also returned to while returning message packet scheme and encrypted public key, so that message sink terminal is by the encryption serial number
Authentication center is issued together with encryption message;First authentication unit 620, is configured to recognize the identity of message receiving terminal
Card;Searching unit 630, if be configured to certification passed through, message packet scheme, the encryption that terminal is returned is sent according to message
The corresponding record of public key and encryption serial number, searches message packet scheme corresponding with the encryption serial number for receiving, encryption public affairs
Key;Decryption unit 640, is configured to according to corresponding to the message packet scheme for finding and encrypted public key corresponding with each group
Encryption key is to encryption message decryption;Second transmitting element 650, is configured to send the message content that obtains of decryption and is connect to message
Receive terminal.
Alternatively, described device includes:3rd transmitting element, if being configured to authentification failure, to message sink terminal
Send authentification failure message.
Alternatively, described device also includes:4th receiving unit, is configured to receive the message for sending terminal from message
Packet scheme and encrypted public key are asked;Second authentication unit, is configured to be authenticated the identity that message sends terminal;First
Generation unit, if be configured to certification passed through, generates message packet scheme and each the corresponding encrypted public key of group, Yi Jijia
Close serial number;4th transmitting element, be configured to send the message packet scheme and each corresponding encrypted public key of group, plus
Close serial number sends terminal to message.
Alternatively, described device also includes:Second generation unit, is configured to generation described with each corresponding encryption of group
Encryption key corresponding to public key;Second storage unit, is configured to the message packet scheme for generating is corresponding with each group
Encrypted public key and corresponding encryption key and encryption serial number are accordingly preserved.
Alternatively, first authentication unit is further configured to:Obtain between message sink terminal and authentication center
Message sink terminal iidentification in specific fields in the message of exchange;By the message sink terminal iidentification and authorization terminal mark
Know list to compare.
Alternatively, second authentication unit is further configured to:Message is obtained to send between terminal and authentication center
Message in specific fields in the message of exchange sends terminal iidentification;The message is sent into terminal iidentification with authorization terminal mark
Know list to compare.
With further reference to Fig. 7, it illustrates the asymmetric whitepack password encryption device 700 according to the application one embodiment
Exemplary block diagram.
As shown in fig. 7, the asymmetric whitepack password encryption device 700 includes:5th transmitting element 710, is configured to
Message packet scheme is sent to authentication center and encrypted public key is asked;5th receiving unit 720, if being configured to authentication center
The authentication that message sends terminal is passed through, message packet scheme of the reception from authentication center is corresponding with each group to be added
Migong key and encryption serial number;Ciphering unit 730, be configured to according to authentication center return message packet scheme and with
Each corresponding encrypted public key of group, is divided into message group and is encrypted with encrypted public key corresponding with the group for each group, obtains
Encryption message;6th transmitting element 740, is configured to for encryption message to be sent to message sink terminal together with encryption serial number.
It should be appreciated that the systems or unit described in Fig. 5-7 and each step in the method for reference Fig. 2-Fig. 4 descriptions
It is rapid corresponding.Thus, the operation and feature above with respect to method description is equally applicable to Fig. 5-7 and the unit for wherein including,
This is repeated no more.
Below with reference to Fig. 8, it illustrates the department of computer science for being suitable to the message sink terminal for realizing the embodiment of the present application
The structural representation of system 800.
As shown in figure 8, computer system 800 includes CPU (CPU) 801, it can be according to storage read-only
Program in memory (ROM) 802 or be loaded into program in random access storage device (RAM) 803 from storage part 808 and
Perform various appropriate actions and treatment.In RAM 803, the system that is also stored with 800 operates required various programs and data.
CPU 801, ROM 802 and RAM 803 are connected with each other by bus 804.Input/output (I/O) interface 805 is also connected to always
Line 804.
I/O interfaces 805 are connected to lower component:Including the importation 806 of keyboard, mouse etc.;Penetrated including such as negative electrode
The output par, c 807 of spool (CRT), liquid crystal display (LCD) etc. and loudspeaker etc.;Storage part 808 including hard disk etc.;
And the communications portion 809 of the NIC including LAN card, modem etc..Communications portion 809 via such as because
The network of spy's net performs communication process.Driver 810 is also according to needing to be connected to I/O interfaces 805.Detachable media 811, such as
Disk, CD, magneto-optic disk, semiconductor memory etc., as needed on driver 810, in order to read from it
Computer program be mounted into as needed storage part 808.
Below with reference to Fig. 9, it illustrates the computer system 900 for being suitable to the authentication center for realizing the embodiment of the present application
Structural representation.
As shown in figure 9, computer system 900 includes CPU (CPU) 901, it can be according to storage read-only
Program in memory (ROM) 902 or be loaded into program in random access storage device (RAM) 903 from storage part 908 and
Perform various appropriate actions and treatment.In RAM 903, the system that is also stored with 900 operates required various programs and data.
CPU 901, ROM 902 and RAM 903 are connected with each other by bus 904.Input/output (I/O) interface 905 is also connected to always
Line 904.
I/O interfaces 905 are connected to lower component:Including the importation 906 of keyboard, mouse etc.;Penetrated including such as negative electrode
The output par, c 907 of spool (CRT), liquid crystal display (LCD) etc. and loudspeaker etc.;Storage part 908 including hard disk etc.;
And the communications portion 909 of the NIC including LAN card, modem etc..Communications portion 909 via such as because
The network of spy's net performs communication process.Driver 910 is also according to needing to be connected to I/O interfaces 905.Detachable media 911, such as
Disk, CD, magneto-optic disk, semiconductor memory etc., as needed on driver 910, in order to read from it
Computer program be mounted into as needed storage part 908.
Below with reference to Figure 10, it illustrates the department of computer science for being suitable to the message sink terminal for realizing the embodiment of the present application
The structural representation of system 1000.
As shown in Figure 10, computer system 1000 includes CPU (CPU) 1001, and it can be according to storage only
Read the program in memory (ROM) 1002 or be loaded into random access storage device (RAM) 1003 from storage part 1008
Program and perform various appropriate actions and treatment.In RAM 1003, the system that is also stored with 1000 operates required various journeys
Sequence and data.CPU 1001, ROM 1002 and RAM 1003 are connected with each other by bus 1004.Input/output (I/O) interface
1005 are also connected to bus 1004.
I/O interfaces 1005 are connected to lower component:Including the importation 1006 of keyboard, mouse etc.;Including such as negative electrode
The output par, c 1007 of ray tube (CRT), liquid crystal display (LCD) etc. and loudspeaker etc.;Storage part including hard disk etc.
1008;And the communications portion 1009 of the NIC including LAN card, modem etc..Communications portion 1009 is passed through
Communication process is performed by the network of such as internet.Driver 1010 is also according to needing to be connected to I/O interfaces 1005.It is detachable to be situated between
Matter 1011, such as disk, CD, magneto-optic disk, semiconductor memory etc., as needed on driver 1010, so as to
Storage part 1008 is mounted into as needed in the computer program for reading from it.
Especially, in accordance with an embodiment of the present disclosure, the process above with reference to Fig. 2-Fig. 4 descriptions may be implemented as computer
Software program.For example, embodiment of the disclosure includes a kind of computer program product, it includes being tangibly embodied in machine readable
Computer program on medium, program code of the computer program comprising the method for performing Fig. 2-Fig. 4.Such
In embodiment, the computer program can be downloaded and installed by communications portion 809,909,1009 from network, and/or from
Detachable media 811,911,1011 is mounted.
Flow chart and block diagram in accompanying drawing, it is illustrated that according to the system of various embodiments of the invention, method and computer journey
The architectural framework in the cards of sequence product, function and operation.At this point, each square frame in flow chart or block diagram can generation
One part for module, program segment or code of table a, part for the module, program segment or code includes one or more
Executable instruction for realizing the logic function of regulation.It should also be noted that in some realizations as replacement, institute in square frame
The function of mark can also occur with different from the order marked in accompanying drawing.For example, two square frame reality for succeedingly representing
On can perform substantially in parallel, they can also be performed in the opposite order sometimes, and this is depending on involved function.Also
It is noted that the combination of the square frame in each square frame and block diagram and/or flow chart in block diagram and/or flow chart, Ke Yiyong
Perform the function of regulation or the special hardware based system of operation to realize, or can be referred to computer with specialized hardware
The combination of order is realized.
Being described in unit involved in the embodiment of the present application or module can be realized by way of software, it is also possible to
Realized by way of hardware.Described unit or module can also be set within a processor.These units or module
Title does not constitute the restriction to the unit or module in itself under certain conditions.
As on the other hand, present invention also provides a kind of computer-readable recording medium, the computer-readable storage medium
Matter can be the computer-readable recording medium included in device described in above-described embodiment;Can also be individualism, not
It is fitted into the computer-readable recording medium in equipment.Computer-readable recording medium storage has one or more than one journey
Sequence, described program is used for performing the formula input method for being described in the application by one or more than one processor.
Above description is only the preferred embodiment and the explanation to institute's application technology principle of the application.People in the art
Member is it should be appreciated that involved invention scope in the application, however it is not limited to the technology of the particular combination of above-mentioned technical characteristic
Scheme, while should also cover in the case where the inventive concept is not departed from, is carried out by above-mentioned technical characteristic or its equivalent feature
Other technical schemes for being combined and being formed.Such as features described above has similar work(with (but not limited to) disclosed herein
The technical scheme that the technical characteristic of energy is replaced mutually and formed.
Claims (23)
1. a kind of asymmetric whitepack cipher encrypting method, it is characterised in that methods described includes:
Receive from message send terminal encryption message, encryption serial number, wherein, encryption message be message send terminal according to
Authentication center return message packet scheme and with each corresponding encrypted public key of group, by message be divided into group and for each group use
The encryption of corresponding with group encrypted public key is obtained, the authentication center to message send terminal return message packet scheme and
Encryption serial number is also returned while encrypted public key;
The encryption message that will be received is corresponding with encryption serial number to be preserved;
Request in response to obtaining message content, the encryption message that correspondence is preserved and encryption serial number are sent to authentication center,
The identity of message receiving terminal is authenticated so as to authentication center and after certification passes through, is sent eventually to message according to authentication center
End returns to the corresponding record of message packet scheme, encrypted public key and encryption serial number, the encryption serial number pair searched and receive
Message packet scheme, the encrypted public key answered, according to adding corresponding to the message packet scheme and encrypted public key corresponding with each group
Close private key pair encryption message decryption;
From the message content that authentication center's receiving and deciphering is obtained.
2. method according to claim 1, it is characterised in that authentication center is authenticated to the identity of message receiving terminal
It is by obtaining the message sink terminal mark in the specific fields in the message exchanged between message sink terminal and authentication center
Know, and the message sink terminal iidentification is compared what is carried out with authorization terminal identification list.
3. method according to claim 2, it is characterised in that if the message sink terminal iidentification is in authorization terminal mark
Know in list, then certification passes through.
4. a kind of asymmetric whitepack cipher encrypting method, it is characterised in that methods described includes:
Receive the encryption message from message sink terminal, encryption serial number, wherein, encryption message be message send terminal according to
Authentication center return message packet scheme and with each corresponding encrypted public key of group, by message be divided into group and for each group use
Encrypted public key encryption corresponding with the group is obtained and is sent to message sink terminal, and the authentication center sends eventually to message
End also returns to encryption serial number while returning to message packet scheme and encrypted public key, so that message sink terminal is by the encryption stream
Water number issues authentication center together with encryption message;
Identity to message receiving terminal is authenticated;
If certification passes through, message packet scheme, encrypted public key and encryption serial number that terminal is returned are sent according to message
Corresponding record, searches message packet scheme corresponding with the encryption serial number for receiving, encrypted public key;
According to the encryption key corresponding to the message packet scheme for finding and encrypted public key corresponding with each group to encryption message
Decryption;
Send the message content that obtains of decryption to message sink terminal.
5. method according to claim 4, it is characterised in that methods described includes:
If authentification failure, authentification failure message is sent to message sink terminal.
6. method according to claim 4, it is characterised in that methods described is receiving the encryption from message sink terminal
Also include before message, encryption serial number:
Receive message packet scheme and the encrypted public key request that terminal is sent from message;
The identity that message sends terminal is authenticated;
If certification passes through, message packet scheme and each corresponding encrypted public key of group and encryption serial number are generated;
Send the message packet scheme and send terminal with each corresponding encrypted public key of group, encryption serial number to message.
7. method according to claim 6, it is characterised in that methods described is recognized in the identity that terminal is sent to message
Also include after card:
With the encryption key corresponding to each corresponding encrypted public key of group described in generation;
The message packet scheme that will be generated and each corresponding encrypted public key of group and corresponding encryption key and encryption stream
Water number is accordingly preserved.
8. method according to claim 4, it is characterised in that the identity to message receiving terminal is authenticated bag
Include:
Obtain the message sink terminal iidentification in the specific fields in the message exchanged between message sink terminal and authentication center;
The message sink terminal iidentification is compared with authorization terminal identification list.
9. method according to claim 6, it is characterised in that described that bag is authenticated to the identity that message sends terminal
Include:
The message obtained in the specific fields during message sends the message exchanged between terminal and authentication center sends terminal iidentification;
Message transmission terminal iidentification is compared with authorization terminal identification list.
10. a kind of asymmetric whitepack cipher encrypting method, it is characterised in that methods described includes:
Message packet scheme is sent to authentication center and encrypted public key is asked;
If authentication center passes through to the authentication that message sends terminal, message packet scheme of the reception from authentication center,
With each corresponding encrypted public key of group and encryption serial number;
According to authentication center return message packet scheme and with each corresponding encrypted public key of group, message is divided into group and is directed to
Each group is encrypted with encrypted public key corresponding with the group, obtains encrypting message;
Encryption message is sent to message sink terminal together with encryption serial number.
11. a kind of asymmetric whitepack password encryption devices, it is characterised in that described device includes:
First receiving unit, is configured to receive encryption message, the encryption serial number for sending terminal from message, wherein, encryption
Message be message send the message packet scheme that is returned according to authentication center of terminal and with each corresponding encrypted public key of group, will disappear
Breath is divided into group and encrypts what is obtained with encrypted public key corresponding with the group for each group, and the authentication center sends to message
Terminal also returns to encryption serial number while returning to message packet scheme and encrypted public key;
First storage unit, is configured to the encryption message preservation corresponding with encryption serial number that will be received;
First transmitting element, is configured to the request in response to obtaining message content, by the encryption message of correspondence preservation and encryption
Serial number is sent to authentication center, the identity of message receiving terminal is authenticated so as to authentication center and after certification passes through, root
The corresponding record that terminal returns to message packet scheme, encrypted public key and encryption serial number is sent to message according to authentication center, is searched
Message packet scheme corresponding with the encryption serial number for receiving, encrypted public key, according to the message packet scheme and with each group pair
The encryption key corresponding to encrypted public key answered is to encryption message decryption;
Second receiving unit, is configured to the message content obtained from authentication center's receiving and deciphering.
12. devices according to claim 11, it is characterised in that authentication center is recognized the identity of message receiving terminal
Card is by obtaining the message sink terminal in the specific fields in the message exchanged between message sink terminal and authentication center
Mark, and the message sink terminal iidentification is compared what is carried out with authorization terminal identification list.
13. devices according to claim 12, it is characterised in that if the message sink terminal iidentification is in authorization terminal
In identification list, then certification passes through.
14. a kind of asymmetric whitepack password encryption devices, it is characterised in that described device includes:
3rd receiving unit, is configured to receive the encryption message from message sink terminal, encryption serial number, wherein, encryption
Message be message send the message packet scheme that is returned according to authentication center of terminal and with each corresponding encrypted public key of group, will disappear
Breath is divided into group and is obtained and be sent to message sink terminal with encrypted public key corresponding with group encryption for each group, described
Authentication center also returns to encryption serial number while terminal return message packet scheme and encrypted public key is sent to message, so as to
The encryption serial number is issued authentication center by message sink terminal together with encryption message;
First authentication unit, is configured to be authenticated the identity of message receiving terminal;
Searching unit, if be configured to certification passed through, message packet scheme, the encryption public affairs that terminal is returned is sent according to message
The corresponding record of key and encryption serial number, searches message packet scheme corresponding with the encryption serial number for receiving, encrypted public key;
Decryption unit, was configured to according to adding corresponding to the message packet scheme for finding and encrypted public key corresponding with each group
Close private key pair encryption message decryption;
Second transmitting element, is configured to send the message content that obtains of decryption to message sink terminal.
15. devices according to claim 14, it is characterised in that described device includes:
3rd transmitting element, if being configured to authentification failure, authentification failure message is sent to message sink terminal.
16. devices according to claim 14, it is characterised in that described device also includes:
4th receiving unit, is configured to receive message packet scheme and the encrypted public key request for sending terminal from message;
Second authentication unit, is configured to be authenticated the identity that message sends terminal;
First generation unit, if be configured to certification passed through, the encryption corresponding with each group of generation message packet scheme is public
Key and encryption serial number;
4th transmitting element, is configured to send the message packet scheme with each corresponding encrypted public key of group, encryption flowing water
Number to message send terminal.
17. devices according to claim 16, it is characterised in that described device also includes:
Second generation unit, is configured to generation described with the encryption key corresponding to each corresponding encrypted public key of group;
Second storage unit, is configured to message packet scheme and each the corresponding encrypted public key of group that will generate and corresponding
Encryption key and encryption serial number accordingly preserve.
18. devices according to claim 14, it is characterised in that first authentication unit is further configured to:
Obtain the message sink terminal iidentification in the specific fields in the message exchanged between message sink terminal and authentication center;
The message sink terminal iidentification is compared with authorization terminal identification list.
19. devices according to claim 16, it is characterised in that second authentication unit is further configured to:
The message obtained in the specific fields during message sends the message exchanged between terminal and authentication center sends terminal iidentification;
Message transmission terminal iidentification is compared with authorization terminal identification list.
20. a kind of asymmetric whitepack password encryption devices, it is characterised in that described device includes:
5th transmitting element, is configured to send message packet scheme to authentication center and encrypted public key is asked;
5th receiving unit, if be configured to authentication center passed through the authentication that message sends terminal, receives to accept as unavoidable
The message packet scheme at card center and each corresponding encrypted public key of group and encryption serial number;
Ciphering unit, be configured to according to authentication center return message packet scheme and with each corresponding encrypted public key of group,
Message is divided into group and is encrypted with encrypted public key corresponding with the group for each group, obtain encrypting message;
6th transmitting element, is configured to for encryption message to be sent to message sink terminal together with encryption serial number.
A kind of 21. equipment, including processor, memory and display;It is characterized in that:
The memory is included can be by the instruction of the computing device to cause the computing device:
Receive from message send terminal encryption message, encryption serial number, wherein, encryption message be message send terminal according to
Authentication center return message packet scheme and with each corresponding encrypted public key of group, by message be divided into group and for each group use
The encryption of corresponding with group encrypted public key is obtained, the authentication center to message send terminal return message packet scheme and
Encryption serial number is also returned while encrypted public key;
The encryption message that will be received is corresponding with encryption serial number to be preserved;
Request in response to obtaining message content, the encryption message that correspondence is preserved and encryption serial number are sent to authentication center,
The identity of message receiving terminal is authenticated so as to authentication center and after certification passes through, is sent eventually to message according to authentication center
End returns to the corresponding record of message packet scheme, encrypted public key and encryption serial number, the encryption serial number pair searched and receive
Message packet scheme, the encrypted public key answered, according to adding corresponding to the message packet scheme and encrypted public key corresponding with each group
Close private key pair encryption message decryption;
From the message content that authentication center's receiving and deciphering is obtained.
A kind of 22. equipment, including processor, memory and display;It is characterized in that:
The memory is included can be by the instruction of the computing device to cause the computing device:
Receive the encryption message from message sink terminal, encryption serial number, wherein, encryption message be message send terminal according to
Authentication center return message packet scheme and with each corresponding encrypted public key of group, by message be divided into group and for each group use
Encrypted public key encryption corresponding with the group is obtained and is sent to message sink terminal, and the authentication center sends eventually to message
End also returns to encryption serial number while returning to message packet scheme and encrypted public key, so that message sink terminal is by the encryption stream
Water number issues authentication center together with encryption message;
Identity to message receiving terminal is authenticated;
If certification passes through, message packet scheme, encrypted public key and encryption serial number that terminal is returned are sent according to message
Corresponding record, searches message packet scheme corresponding with the encryption serial number for receiving, encrypted public key;
According to the encryption key corresponding to the message packet scheme for finding and encrypted public key corresponding with each group to encryption message
Decryption;
Send the message content that obtains of decryption to message sink terminal.
A kind of 23. equipment, including processor, memory and display;It is characterized in that:
The memory is included can be by the instruction of the computing device to cause the computing device:
Message packet scheme is sent to authentication center and encrypted public key is asked;
If authentication center passes through to the authentication that message sends terminal, message packet scheme of the reception from authentication center,
With each corresponding encrypted public key of group and encryption serial number;
According to authentication center return message packet scheme and with each corresponding encrypted public key of group, message is divided into group and is directed to
Each group is encrypted with encrypted public key corresponding with the group, obtains encrypting message;
Encryption message is sent to message sink terminal together with encryption serial number.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611101864.8A CN106789963B (en) | 2016-12-02 | 2016-12-02 | Asymmetric white-box password encryption method, device and equipment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611101864.8A CN106789963B (en) | 2016-12-02 | 2016-12-02 | Asymmetric white-box password encryption method, device and equipment |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106789963A true CN106789963A (en) | 2017-05-31 |
CN106789963B CN106789963B (en) | 2020-12-22 |
Family
ID=58884260
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201611101864.8A Active CN106789963B (en) | 2016-12-02 | 2016-12-02 | Asymmetric white-box password encryption method, device and equipment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106789963B (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107222305A (en) * | 2017-06-06 | 2017-09-29 | 北京洋浦伟业科技发展有限公司 | The method and apparatus for protecting the private key safety of RSA cryptographic algorithms |
CN107276741A (en) * | 2017-06-06 | 2017-10-20 | 北京洋浦伟业科技发展有限公司 | Air state concealed-enciphering guard method and device |
CN107809313A (en) * | 2017-10-31 | 2018-03-16 | 北京三未信安科技发展有限公司 | A kind of whitepack crypto-operation method and system |
WO2020042217A1 (en) * | 2018-08-31 | 2020-03-05 | 密信技术(深圳)有限公司 | Method and apparatus for signing and/or encrypting browser file, browser, and medium |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050182735A1 (en) * | 2004-02-12 | 2005-08-18 | Zager Robert P. | Method and apparatus for implementing a micropayment system to control e-mail spam |
CN103916480A (en) * | 2014-04-15 | 2014-07-09 | 武汉理工大学 | File encrypting system for shared file |
CN104243149A (en) * | 2013-06-19 | 2014-12-24 | 北京搜狗科技发展有限公司 | Encrypting and decrypting method, device and server |
CN105260668A (en) * | 2015-10-10 | 2016-01-20 | 北京搜狗科技发展有限公司 | File encryption method and electronic device |
CN105721463A (en) * | 2016-02-01 | 2016-06-29 | 腾讯科技(深圳)有限公司 | File secure transmission method and file secure transmission device |
-
2016
- 2016-12-02 CN CN201611101864.8A patent/CN106789963B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050182735A1 (en) * | 2004-02-12 | 2005-08-18 | Zager Robert P. | Method and apparatus for implementing a micropayment system to control e-mail spam |
CN104243149A (en) * | 2013-06-19 | 2014-12-24 | 北京搜狗科技发展有限公司 | Encrypting and decrypting method, device and server |
CN103916480A (en) * | 2014-04-15 | 2014-07-09 | 武汉理工大学 | File encrypting system for shared file |
CN105260668A (en) * | 2015-10-10 | 2016-01-20 | 北京搜狗科技发展有限公司 | File encryption method and electronic device |
CN105721463A (en) * | 2016-02-01 | 2016-06-29 | 腾讯科技(深圳)有限公司 | File secure transmission method and file secure transmission device |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107222305A (en) * | 2017-06-06 | 2017-09-29 | 北京洋浦伟业科技发展有限公司 | The method and apparatus for protecting the private key safety of RSA cryptographic algorithms |
CN107276741A (en) * | 2017-06-06 | 2017-10-20 | 北京洋浦伟业科技发展有限公司 | Air state concealed-enciphering guard method and device |
CN107809313A (en) * | 2017-10-31 | 2018-03-16 | 北京三未信安科技发展有限公司 | A kind of whitepack crypto-operation method and system |
WO2020042217A1 (en) * | 2018-08-31 | 2020-03-05 | 密信技术(深圳)有限公司 | Method and apparatus for signing and/or encrypting browser file, browser, and medium |
Also Published As
Publication number | Publication date |
---|---|
CN106789963B (en) | 2020-12-22 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP2228942B1 (en) | Securing communications sent by a first user to a second user | |
KR101389100B1 (en) | A method and apparatus to provide authentication and privacy with low complexity devices | |
AU2003202511B2 (en) | Methods for authenticating potential members invited to join a group | |
CN101032117B (en) | Method of authentication based on polynomials, system, and method for demonstration device | |
US8683209B2 (en) | Method and apparatus for pseudonym generation and authentication | |
Velliangiri et al. | An efficient lightweight privacy-preserving mechanism for industry 4.0 based on elliptic curve cryptography | |
CN107948152A (en) | Information storage means, acquisition methods, device and equipment | |
Malik et al. | Novel authentication system using visual cryptography | |
CN106789963A (en) | Asymmetric whitepack cipher encrypting method and device and equipment | |
CN108809633A (en) | A kind of identity authentication method, apparatus and system | |
CN110098925B (en) | Quantum communication service station key negotiation method and system based on asymmetric key pool pair and random number | |
Tan et al. | MPCAuth: multi-factor authentication for distributed-trust systems | |
CN106656463A (en) | Fixed-secret-key symmetric white box password encryption method, device and equipment | |
CN110176989A (en) | Quantum communications service station identity identifying method and system based on unsymmetrical key pond | |
Liou et al. | T-auth: A novel authentication mechanism for the IoT based on smart contracts and PUFs | |
Dowlatshah et al. | A secure and robust smart card-based remote user authentication scheme | |
Luo et al. | On “A new quantum blind signature with unlinkability” | |
Kwon et al. | Efficient key exchange and authentication protocols protecting weak secrets | |
Sen et al. | Find out the innovative techniques of data sharing using cryptography by systematic literature review | |
Cai et al. | Cryptanalysis of a batch proxy quantum blind signature scheme | |
CN110113152B (en) | Quantum communication service station key negotiation method and system based on asymmetric key pool pair and digital signature | |
Boonkrong | Authentication and Access Control | |
Merzeh et al. | GDPR compliance IoT authentication model for smart home environment | |
CN114726544B (en) | Method and system for acquiring digital certificate | |
Tillah et al. | Access Control System based on Secret Sharing Scheme with Secure Web Database and SHA-3 Password Authentication |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
CB02 | Change of applicant information |
Address after: 100083 Beijing, Haidian District Xueyuan Road 30 days building A 20 floor Applicant after: Beijing Bang Bang Safety Technology Co. Ltd. Address before: 100083 Beijing, Haidian District Xueyuan Road 30 days building A 20 floor Applicant before: Yangpuweiye Technology Limited |
|
CB02 | Change of applicant information | ||
GR01 | Patent grant | ||
GR01 | Patent grant |