CN106789963A - Asymmetric whitepack cipher encrypting method and device and equipment - Google Patents

Abstract

This application discloses a kind of asymmetric whitepack cipher encrypting method and device and equipment.The method includes：Receive encryption message, the encryption serial number that terminal is sent from message；Request in response to obtaining message content, the encryption message and encryption serial number that correspondence is preserved are sent to authentication center, the identity of message receiving terminal is authenticated so as to authentication center and after certification passes through, message packet scheme corresponding with the encryption serial number for receiving, encrypted public key are searched, encryption message is decrypted according to the encryption key corresponding to the message packet scheme and encrypted public key corresponding with each group；From the message content that authentication center's receiving and deciphering is obtained.The application remains to realize information security when attacker can be obtained to encryption data operation, the control of storage environment.

Description

Asymmetric whitepack cipher encrypting method and device and equipment

Technical field

The disclosure relates generally to field of computer technology, and in particular to information processing security fields, more particularly to a kind of non- Symmetrical whitepack cipher encrypting method and device.

Background technology

In data transfer and storage, in order to information security considers, it usually needs to data encryption.Current encryption is main It is assumed that the environment of encryption operation cannot be touched to the attacker of data, the environment that encryption data can not be controlled to store, also without Algorithm and key during method contact encryption.That is, the storage of the process and encryption data of encryption exists as a black box, it is impossible to Known by attacker.

However, in fact, in some cases, the attacker of data is the environment that can touch encryption operation, very Can extremely obtain to data encryption, the control of encryption data storage environment.So, they are easy to by data encryption, encryption Some intermediate data, environmental data in data storage environment etc. deduce AES and key etc. in the way of reverse engineering, So as to attack data.Therefore, it is proposed to when attacker can be obtained to data encryption, the control of encryption data storage environment such as What realizes the demand of information security, i.e., in the case where the storage of the process and encryption data of encryption is regarded as " whitepack ", how Realize information security.

The content of the invention

In view of drawbacks described above of the prior art or deficiency, expect that providing one kind can obtain to encryption data in attacker The scheme of information security is realized when operation, the control of storage environment, i.e., is regarded as " whitepack " the operation and storage of encryption data In the case of, realize the scheme of information security.

In a first aspect, the embodiment of the present application provides a kind of asymmetric whitepack cipher encrypting method, methods described includes：Connect Encryption message, the encryption serial number that terminal is sent from message are received, wherein, encryption message is that message sends terminal according in certification The heart return message packet scheme and with each corresponding encrypted public key of group, by message be divided into group and for each group with the group What corresponding encrypted public key encryption was obtained, the authentication center is sending terminal return message packet scheme and is encrypting public to message Encryption serial number is also returned while key；The encryption message that will be received is corresponding with encryption serial number to be preserved；In response to obtaining message The request of content, the encryption message that correspondence is preserved and encryption serial number are sent to authentication center, so that authentication center is to message After the identity of receiving terminal is authenticated and certification passes through, terminal is sent to message according to authentication center and returns to message packet side Case, encrypted public key and encryption serial number corresponding record, search message packet scheme corresponding with the encryption serial number for receiving, Encrypted public key, according to the encryption key corresponding to the message packet scheme and encrypted public key corresponding with each group to encryption message solution It is close；From the message content that authentication center's receiving and deciphering is obtained.

Second aspect, the embodiment of the present application provides a kind of asymmetric whitepack cipher encrypting method, and methods described includes：Connect The encryption message from message sink terminal, encryption serial number are received, wherein, encryption message is that message sends terminal according in certification The heart return message packet scheme and with each corresponding encrypted public key of group, by message be divided into group and for each group with the group Corresponding encrypted public key encryption is obtained and is sent to message sink terminal, and the authentication center is sending terminal return to message Encryption serial number is also returned while message packet scheme and encrypted public key, so as to message sink terminal by the encryption serial number with Encryption message issues authentication center together；Identity to message receiving terminal is authenticated；If certification passes through, according to message Send the corresponding record of message packet scheme, encrypted public key and encryption serial number that terminal is returned, the encryption searched and receive The corresponding message packet scheme of serial number, encrypted public key；According to the message packet scheme for finding and encryption corresponding with each group Encryption key corresponding to public key is to encryption message decryption；Send the message content that obtains of decryption to message sink terminal.

The third aspect, the embodiment of the present application provides a kind of asymmetric whitepack cipher encrypting method, and methods described includes：To Authentication center sends message packet scheme and encrypted public key request；If the authentication that authentication center sends terminal to message is led to Cross, receive message packet scheme and each corresponding encrypted public key of group and encryption serial number from authentication center；According to Authentication center return message packet scheme and with each corresponding encrypted public key of group, by message be divided into group and for each group use Encrypted public key encryption corresponding with the group, obtains encrypting message；Encryption message is sent to message sink together with encryption serial number Terminal.

Fourth aspect, the embodiment of the present application provides a kind of asymmetric whitepack password encryption device, and described device includes：The One receiving unit, is configured to receive encryption message, the encryption serial number for sending terminal from message, wherein, encryption message is Message send the message packet scheme that is returned according to authentication center of terminal and with each corresponding encrypted public key of group, message is divided into Group simultaneously encrypts what is obtained for each group with encrypted public key corresponding with the group, and the authentication center returns to message transmission terminal Encryption serial number is also returned while returning message packet scheme and encrypted public key；First storage unit, is configured to reception Encryption message is corresponding with encryption serial number to be preserved；First transmitting element, is configured to the request in response to obtaining message content, will The encryption message and encryption serial number that correspondence is preserved are sent to authentication center, so that authentication center is to the identity of message receiving terminal It is authenticated and after certification passes through, sending terminal to message according to authentication center returns to message packet scheme, encrypted public key and add The corresponding record of close serial number, searches message packet scheme corresponding with the encryption serial number for receiving, encrypted public key, according to this Encryption key corresponding to message packet scheme and encrypted public key corresponding with each group is to encryption message decryption；Second receives single Unit, is configured to the message content obtained from authentication center's receiving and deciphering.

5th aspect, the embodiment of the present application provides a kind of asymmetric whitepack password encryption device, and described device includes：The Three receiving units, are configured to receive the encryption message from message sink terminal, encryption serial number, wherein, encryption message is Message send the message packet scheme that is returned according to authentication center of terminal and with each corresponding encrypted public key of group, message is divided into Group is simultaneously obtained and is sent to message sink terminal for each group with encrypted public key corresponding with group encryption, in the certification The heart also returns to encryption serial number while terminal return message packet scheme and encrypted public key is sent to message, so that message connects Receive terminal and the encryption serial number is issued into authentication center together with encryption message；First authentication unit, is configured to connect message The identity for receiving terminal is authenticated；Searching unit, if be configured to certification passed through, disappearing for terminal return is sent according to message The corresponding record of breath packet scheme, encrypted public key and encryption serial number, searches message corresponding with the encryption serial number for receiving Packet scheme, encrypted public key；Decryption unit, is configured to according to the message packet scheme for finding and encryption corresponding with each group Encryption key corresponding to public key is to encryption message decryption；Second transmitting element, is configured to send in the message that decryption is obtained Hold message sink terminal.

6th aspect, the embodiment of the present application provides a kind of asymmetric whitepack password encryption device, and described device includes：The Five transmitting elements, are configured to send message packet scheme to authentication center and encrypted public key are asked；5th receiving unit, configuration If passed through to the authentication that message sends terminal for authentication center, message packet scheme of the reception from authentication center, With each corresponding encrypted public key of group and encryption serial number；Ciphering unit, is configured to the message returned according to authentication center Packet scheme and with each corresponding encrypted public key of group, message is divided into group and public with encryption corresponding with the group for each group Key is encrypted, and obtains encrypting message；6th transmitting element, is configured to that encryption message is sent to message and is connect together with encryption serial number Receive terminal.

7th aspect, the embodiment of the present application provides a kind of equipment, including processor, memory and display；It is described to deposit Reservoir is included can be by the instruction of the computing device to cause the computing device：Receive and send adding for terminal from message Close message, encryption serial number, wherein, encryption message be message send message packet scheme that terminal returns according to authentication center with With each corresponding encrypted public key of group, message is divided into group and is obtained with encrypted public key corresponding with group encryption for each group , the authentication center also returns to encryption flowing water while terminal return message packet scheme and encrypted public key is sent to message Number；The encryption message that will be received is corresponding with encryption serial number to be preserved；Request in response to obtaining message content, correspondence is preserved Encryption message and encryption serial number are sent to authentication center, so that authentication center is authenticated simultaneously to the identity of message receiving terminal After certification passes through, terminal is sent to message according to authentication center and returns to message packet scheme, encrypted public key and encryption serial number Corresponding record, searches message packet scheme corresponding with the encryption serial number for receiving, encrypted public key, according to the message packet side Encryption key corresponding to case and encrypted public key corresponding with each group is to encryption message decryption；From authentication center, receiving and deciphering is obtained Message content.

Eighth aspect, the embodiment of the present application provides a kind of equipment, including processor, memory and display：It is described to deposit Reservoir is included can be by the instruction of the computing device to cause the computing device：Receive adding from message sink terminal Close message, encryption serial number, wherein, encryption message be message send message packet scheme that terminal returns according to authentication center with With each corresponding encrypted public key of group, message is divided into group and is obtained with encrypted public key corresponding with group encryption for each group And message sink terminal is sent to, the authentication center is sending terminal return message packet scheme and encrypted public key to message While also return to encryption serial number, so that the encryption serial number is issued certification by message sink terminal together with encryption message The heart；Identity to message receiving terminal is authenticated；If certification passes through, the message packet that terminal is returned is sent according to message The corresponding record of scheme, encrypted public key and encryption serial number, searches message packet side corresponding with the encryption serial number for receiving Case, encrypted public key；According to the encryption key pair corresponding to the message packet scheme for finding and encrypted public key corresponding with each group Encryption message decryption；Send the message content that obtains of decryption to message sink terminal.

9th aspect, the embodiment of the present application provides a kind of equipment, including processor, memory and display；It is described to deposit Reservoir is included can be by the instruction of the computing device to cause the computing device：Message packet side is sent to authentication center Case and encrypted public key are asked；If authentication center passes through to the authentication that message sends terminal, receive from authentication center Message packet scheme and each corresponding encrypted public key of group and encryption serial number；The message returned according to authentication center is grouped Scheme and with each corresponding encrypted public key of group, message is divided into group and is added with encrypted public key corresponding with the group for each group It is close, obtain encrypting message；Encryption message is sent to message sink terminal together with encryption serial number.

In the embodiment of the present application, it is not preserve the encryption key for encrypting message in message sink terminal, or even message Receiving terminal does not also know encryption key, because decryption is carried out by authentication center.In message sink terminal storage is to receive Encryption message and encryption serial number.So, even if attacker can be obtained to encryption data operation, the control of storage environment, its Also encryption data cannot be decrypted.In addition, encryption message is encrypted with single key, but message sends terminal according to certification Center return message packet scheme and with each corresponding encrypted public key of group, by message be divided into group and for each group with this The corresponding encrypted public key encryption of group is obtained, and it is related to for message to be divided into multiple groups, and is respectively adopted for each group respective Encrypted public key, even if so complicated encryption method also enables that attacker is obtained to encryption data operation, storage environment Control, it is also difficult to packet scheme and each encrypted public key are cracked out by reverse engineering, and then encryption message cannot be decrypted.And disappearing Can be the message after being decrypted when breath receiving terminal wonders the content of message.Now, message sink terminal will be encrypted Message and corresponding encryption serial number are sent to authentication center.Authentication center is sending terminal distribution message packet scheme for message During with each encrypted public key, be by packet scheme, each encrypted public key (may also have the corresponding each encryption key of encrypted public key) and Encryption serial number corresponding record.So, authentication center is authenticated and after certification passes through to the identity of message receiving terminal, root According to the corresponding record, it is possible to find message packet scheme corresponding with the encryption serial number for receiving, encrypted public key, press According to the encryption key corresponding to the message packet scheme and encrypted public key corresponding with each group to encryption message decryption, and to message Receiving terminal returns to the encryption message after decryption.The key component of decryption is all carried out in authentication center.Even if attacker can take Must be to encryption data operation, the control of storage environment, it also only cannot carry out reverse engineering and crack encryption with an encryption serial number Message.If attacker obtains encrypting serial number, being also to the data after authentication center's request decryption can not possibly be successful, because Certification that cannot be by authentication center to requestor's identity.And message sink terminal can be by certification, therefore, it is possible to ask Data after to decryption.In this way, even if can be obtained to encryption data operation, the control of storage environment in attacker In the case of, remain to realize information security.

Brief description of the drawings

By the detailed description made to non-limiting example made with reference to the following drawings of reading, the application other Feature, objects and advantages will become more apparent upon：

Fig. 1 is shown in which that the exemplary system architecture of the embodiment of the present application can be applied；

Fig. 2 shows the asymmetric whitepack password encryption side in message sink end side according to the application one embodiment The exemplary process diagram of method；

Fig. 3 shows the asymmetric whitepack cipher encrypting method in authentication center side according to the application one embodiment Exemplary process diagram；

Fig. 4 shows the asymmetric whitepack password encryption side that end side is sent in message according to the application one embodiment The exemplary process diagram of method；

Fig. 5 shows and filled according to the asymmetric whitepack password encryption in message sink end side of the application one embodiment The exemplary block diagram put；

Fig. 6 shows the asymmetric whitepack password encryption device in authentication center side according to the application one embodiment Exemplary block diagram；

Fig. 7 shows the asymmetric whitepack password encryption dress that end side is sent in message according to the application one embodiment The exemplary block diagram put；

Fig. 8 shows the structural representation of the computer system for being suitable to the message sink terminal for realizing the embodiment of the present application Figure.

Fig. 9 shows the structural representation of the computer system for being suitable to the authentication center for realizing the embodiment of the present application.

Figure 10 shows that the structure for being suitable to the computer system that the message for realizing the embodiment of the present application sends terminal is shown It is intended to.

Specific embodiment

The application is described in further detail with reference to the accompanying drawings and examples.It is understood that this place is retouched The specific embodiment stated is used only for explaining related invention, rather than the restriction to the invention.It also should be noted that, in order to It is easy to description, the part related to invention is illustrate only in accompanying drawing.

It should be noted that in the case where not conflicting, the feature in embodiment and embodiment in the application can phase Mutually combination.Describe the application in detail below with reference to the accompanying drawings and in conjunction with the embodiments.

Fig. 1 is refer to, it illustrates the exemplary system architecture that can apply the embodiment of the present application.

As shown in figure 1, system architecture can include that message sends terminal 102, authentication center 101, message sink terminal 103.Message sends terminal 102 and refers to the terminal for sending message.Message sink terminal 103 refers to the terminal for receiving message.Terminal can be with Refer to a hardware for entity, such as mobile unit, mobile phone, it is also possible to refer to an element inside hardware, such as ECU in vehicle. Authentication center 101 refers to that the identity of the terminal to sending, receiving message is authenticated and is the encryption assignment messages packet side of message Case and each corresponding encrypted public key of group, encryption key, the center for encrypting serial number.It may be located at server side, such as cloud clothes On business device, it is also possible to as a part for hardware, such as in the case of the ECU authentications in vehicle, it can be as A part for vehicle is located on vehicle.

As mentioned in the background art, current encryption is main assumes that the attacker of data cannot be touched encryption operation Environment, can not control encryption data store environment, cannot also contact the algorithm and key during encryption.That is, the mistake of encryption The storage of journey and encryption data exists as a black box, it is impossible to known by attacker.However, in fact, in certain situation Under, the attacker of data is the environment that can touch encryption operation, or even can obtain data encryption, encryption data are deposited Store up the control of environment.So, they are easy to by some intermediate data, the ring in data encryption, encryption data storage environment Border data etc. deduce AES and key etc. in the way of reverse engineering, so as to attack data.Therefore, it is proposed in attacker The demand that information security how is realized during to data encryption, the control of encryption data storage environment can be obtained, i.e., encryption Process and encryption data storage regard " whitepack " as in the case of, how to realize information security.

In the embodiment of the present application, it is not preserve the encryption key for encrypting message in message sink terminal, or even message Receiving terminal does not also know encryption key, because decryption is carried out by authentication center.In message sink terminal storage is to receive Encryption message and encryption serial number.So, even if attacker can be obtained to encryption data operation, the control of storage environment, its Also encryption data cannot be decrypted.In addition, encryption message is encrypted with single key, but message sends terminal according to certification Center return message packet scheme and with each corresponding encrypted public key of group, by message be divided into group and for each group with this The corresponding encrypted public key encryption of group is obtained, and it is related to for message to be divided into multiple groups, and is respectively adopted for each group respective Encrypted public key, even if so complicated encryption method also enables that attacker is obtained to encryption data operation, storage environment Control, it is also difficult to packet scheme and each encrypted public key are cracked out by reverse engineering, and then encryption message cannot be decrypted.And disappearing Can be the message after being decrypted when breath receiving terminal wonders the content of message.Now, message sink terminal will be encrypted Message and corresponding encryption serial number are sent to authentication center.Authentication center is sending terminal distribution message packet scheme for message During with each encrypted public key, be by packet scheme, each encrypted public key (may also have the corresponding each encryption key of encrypted public key) and Encryption serial number corresponding record.So, authentication center is authenticated and after certification passes through to the identity of message receiving terminal, root According to the corresponding record, it is possible to find message packet scheme corresponding with the encryption serial number for receiving, encrypted public key, press According to the encryption key corresponding to the message packet scheme and encrypted public key corresponding with each group to encryption message decryption, and to message Receiving terminal returns to the encryption message after decryption.The key component of decryption is all carried out in authentication center.Even if attacker can take Must be to encryption data operation, the control of storage environment, it also only cannot carry out reverse engineering and crack encryption with an encryption serial number Message.If attacker obtains encrypting serial number, being also to the data after authentication center's request decryption can not possibly be successful, because Certification that cannot be by authentication center to requestor's identity.And message sink terminal can be by certification, therefore, it is possible to ask Data after to decryption.In this way, even if can be obtained to encryption data operation, the control of storage environment in attacker In the case of, remain to realize information security.

With reference to Fig. 2, it illustrates the exemplary of the asymmetric whitepack cipher encrypting method according to the application one embodiment Flow chart.Method shown in Fig. 2 can be in Fig. 1 message sink terminal 103 perform.The concept of " whitepack " has hereinbefore been retouched State." asymmetric " refers to the encryption technology being engaged using public key and private key.In general, public key and private key are used as a key It is right.For example, in the case of with public key encryption, being decrypted with corresponding private key.

As shown in Fig. 2 in step 210, receiving encryption message, the encryption serial number that terminal is sent from message.

Encryption message is that message sends the message packet scheme that is returned according to authentication center of terminal and corresponding with each group Encrypted public key, is divided into message group and encrypts what is obtained with encrypted public key corresponding with the group for each group, in the certification The heart also returns to encryption serial number while terminal return message packet scheme and encrypted public key is sent to message.

Message sends terminal and wants to send message, first has to send message packet scheme to authentication center and encrypted public key please Ask.Authentication center first has to the identity that the certification message sends terminal, certification pass through after could be its transmission message packet scheme And encrypted public key.Certification message send terminal identity can take the initiative query messages send terminal mark method, because If to allow message to send the mark of terminal to report oneself, a message for unauthorized sends terminal and may know that another has been awarded The message of power sends the mark of terminal and the mark that another message for having authorized sends terminal disguises oneself as the mark of oneself Authentication center is reported, " is got by under false pretences " in this way, by certification.Therefore, authentication center wants active inquiry message to send out Make arrangements for his funeral the mark at end.In general, the communication protocol of terminal and authentication center is sent according to message, message sends terminal to recognizing When card center sends message, the mark that message sends terminal be according to communication protocol be automatically loaded transmission message certain is specific Field, this field can not be changed artificially, be exclusively used in showing the identity of sender of the message.Therefore, authentication center can obtain The message that message is sent in the specific fields in the message exchanged between terminal and authentication center sends terminal iidentification.In the field Mark can not be tampered, therefore, in this way, inquired exactly message send terminal mark.Then, by this Message sends terminal iidentification and compares with authorization terminal identification list.The terminal as the sender of message can be trusted Mark is all registered in the identification list of authorization terminal of authentication center in advance.If the message sends terminal iidentification and is authorizing In terminal identification list, then certification passes through.If the message sends terminal iidentification not in authorization terminal identification list, recognize Card failure.

If authentication center passes through to the authentication that message sends terminal, authentication center sends terminal distribution simultaneously to message Message packet scheme is sent with each corresponding encrypted public key of group and encryption serial number.Message packet scheme is in order to disappearing How groups of to message point encryption for information is.For example, specifying in message packet scheme 1, message is divided into three groups：Group A1, organizes B1, organizes C2.Specify in message packet scheme 2, by message according to 2:1:1 ratio is divided into three groups：Group A2, organizes B2, Group C2.Assignment messages packet scheme can be taken and specify some message packet schemes in advance, and one is then randomly assigned wherein Mode.For example, regulation has 10 message packet schemes in advance：Message packet scheme 1, message packet scheme 2 ..., message point Prescription case 10.When needing assignment messages to be grouped scheme, a message packet scheme is therefrom randomly assigned.It is corresponding with each group Then encrypted public key can also wherein be randomly assigned the mode of using one encrypted public key set of regulation in advance.For example, There are 100 public keys (its 100 private key of correspondence) in encrypted public key set.What is be generally noted above message is divided equally A1, group in groups In B1, the message packet scheme 1 of group C2, an encrypted public key k1 is randomly assigned in 100 public keys for group A1, for a group A2 An encrypted public key k2 is randomly assigned in 100 public keys, an encrypted public key is randomly assigned in 100 public keys for group A3 k3.Encryption serial number is to represent that current encryption is different from other sequence number of encryption.Authentication center often sends terminal and sends out to message A message packet scheme and each corresponding encrypted public key of group are sent, just one encryption serial number of distribution.In general, every time The encryption serial number of distribution is different.So, terminal return message packet side is subsequently being sent to message according to authentication center The corresponding record lookup message packet scheme corresponding with the encryption serial number for receiving of case, encrypted public key and encryption serial number, During encrypted public key, unique message packet scheme and encrypted public key can be just found.

Then, message sends message packet scheme and the encryption public affairs corresponding with each group that terminal is returned according to authentication center Key, is divided into message group and is encrypted with encrypted public key corresponding with the group for each group, obtains encrypting message.Then, message Send terminal and encryption message is sent to message sink terminal together with encryption serial number.

For example, it is assumed that authentication center return message packet scheme be message packet scheme 1, will message divide equally in groups A1, group B1, group C2, are k1 with 1 corresponding encrypted public key of group, are k2 with 2 corresponding encrypted public keys of group, with 3 corresponding encryptions of group Public key is k3.Message sends terminal and message first is divided into 3 groups, is combined to be sent to and disappears after being encrypted with k1, k2, k3 respectively Breath receiving terminal.

In a step 220, the encryption message that will be received is corresponding with encryption serial number to be preserved.

In the embodiment of the present application, it is not preserve the encryption key for encrypting message in message sink terminal, or even message Receiving terminal does not also know encryption key, because decryption is carried out by authentication center.In message sink terminal storage is to receive Encryption message and encryption serial number.So, even if attacker can be obtained to encryption data operation, the control of storage environment, its Also encryption data cannot be decrypted.In addition, encryption message is encrypted with single key, but message sends terminal according to certification Center return message packet scheme and with each corresponding encrypted public key of group, by message be divided into group and for each group with this The corresponding encrypted public key encryption of group is obtained, and it is related to for message to be divided into multiple groups, and is respectively adopted for each group respective Encrypted public key, even if so complicated encryption method also enables that attacker is obtained to encryption data operation, storage environment Control, it is also difficult to packet scheme and each encrypted public key are cracked out by reverse engineering, and then encryption message cannot be decrypted.

In step 230, in response to the request of acquisition message content, by the encryption message of correspondence preservation and encryption serial number Authentication center is sent to, the identity of message receiving terminal is authenticated so as to authentication center and after certification passes through, according to certification Center sends the corresponding record that terminal returns to message packet scheme, encrypted public key and encryption serial number to message, searches and receives The corresponding message packet scheme of encryption serial number, the encrypted public key for arriving, according to the message packet scheme and it is corresponding with each group plus Encryption key corresponding to the key of Migong is to encryption message decryption.

As it was previously stated, for the sake of information security, message is encryption storage in message sink terminal all the time.Connect in message Terminal is received when wondering the content of message, the request in response to obtaining message content, message sink terminal will encrypt message and right The encryption serial number answered is sent to authentication center.Then, authentication center is authenticated to the identity of message receiving terminal.Certification disappears Cease receiving terminal identity can take the initiative query messages receiving terminal mark method, because if allowing message sink end End reports the mark of oneself, and a message sink terminal for unauthorized (being probably attacker) may know that what another had been authorized The mark of message sink terminal and the mark of another message sink terminal for the having authorized mark of oneself that disguises oneself as is reported To authentication center, " get by under false pretences " in this way, by certification.Therefore, authentication center wants active inquiry message sink end The mark at end.In general, according to message sink terminal and the communication protocol of authentication center, message sink terminal is in certification When the heart sends message, the mark of message sink terminal is certain specific fields for the message that transmission is automatically loaded according to communication protocol , this field can not be changed artificially, be exclusively used in showing the identity with authentication center correspondent.Therefore, authentication center can obtain Take the message sink terminal iidentification in the specific fields in the message exchanged between message receiving terminal and authentication center.The field In mark can not be tampered, therefore, in this way, the mark of message sink terminal has been inquired exactly.Then, will The message sink terminal iidentification is compared with authorization terminal identification list.The terminal mark for securely communicating can be trusted Knowledge is all registered in the identification list of authorization terminal of authentication center in advance.If the message sink terminal iidentification is authorizing end In the identification list of end, then certification passes through.If the message sink terminal iidentification is not in authorization terminal identification list, certification Failure.

Authentication center, when sending terminal distribution to message and sending message packet scheme and each encrypted public key, is to be grouped Scheme, each encrypted public key (may also have the corresponding each encryption key of encrypted public key) and encryption serial number corresponding record.This Sample, after authentication center is authenticated to the identity of message receiving terminal and certification passes through, according to the corresponding record, it is possible to look into Find message packet scheme corresponding with the encryption serial number for receiving, encrypted public key.Because encrypted public key and encryption key are Generate in pairs, when encrypted public key is generated, actual also generation has corresponding encryption key.Can also be by packet scheme, each encryption The corresponding each encryption key of public key, each encrypted public key and encryption serial number corresponding record.Authentication center is grouped according to the message Encryption key corresponding to scheme and encrypted public key corresponding with each group is to encryption message decryption.

Due to decrypt key component all carried out in authentication center, even if attacker can obtain to encryption data operation, The control of storage environment, it also only cannot carry out reverse engineering and crack encryption message with an encryption serial number.If attacker obtains To encryption serial number, being also to the data after authentication center's request decryption can not possibly be successful, because cannot be by authentication center Certification to requestor's identity.And message sink terminal can be by certification, therefore, it is possible to ask the data after decryption.It is logical This mode is crossed, even if in the case where attacker can be obtained to encryption data operation, the control of storage environment, remaining to realize Information security.

In step 240, the message content for being obtained from authentication center's receiving and deciphering.

With reference to Fig. 3, it illustrates the exemplary of the asymmetric whitepack cipher encrypting method according to the application one embodiment Flow chart.Method shown in Fig. 3 can be in Fig. 1 authentication center 101 perform.The concept of " whitepack " is described above. " asymmetric " refers to the encryption technology being engaged using public key and private key.In general, public key and private key are used as a key pair. For example, in the case of with public key encryption, being decrypted with corresponding private key.

As shown in figure 3, in the step 310, receiving the encryption message from message sink terminal, encryption serial number.

Encryption message is that message sends the message packet scheme that is returned according to authentication center of terminal and corresponding with each group Encrypted public key, is divided into message group and is obtained and be sent to message with encrypted public key corresponding with group encryption for each group to connect Receive terminal.The authentication center also returns while terminal return message packet scheme and encrypted public key is sent to message and adds Close serial number, so that the encryption serial number is issued authentication center by message sink terminal together with encryption message.

In fact, before step 310, methods described also includes：Receive the message packet side that terminal is sent from message Case and encrypted public key are asked；The identity that message sends terminal is authenticated；If certification passes through, generation message packet scheme, With each corresponding encrypted public key of group and encryption serial number；The message packet scheme is sent with each corresponding encryption of group Public key, encryption serial number to message send terminal.

Specifically, message sends terminal and wants to send message, first has to send message packet scheme to authentication center and adds Migong key request.Authentication center first has to the identity that the certification message sends terminal, certification pass through after could be its transmission message Packet scheme and encrypted public key.The identity query messages that can take the initiative that certification message sends terminal send the mark of terminal Method, because if allowing message to send the mark of terminal to report oneself, a message for unauthorized sends terminal and may know that separately One message for having authorized sends the mark of terminal and the mark that another message for having authorized sends terminal disguises oneself as certainly Oneself mark reports authentication center, " gets by under false pretences " in this way, by certification.Therefore, authentication center will actively look into Ask the mark that message sends terminal.In general, the communication protocol of terminal and authentication center is sent according to message, message sends eventually When message is sent to authentication center, the mark that message sends terminal is the message that transmission is automatically loaded according to communication protocol at end Certain specific fields, this field can not be changed artificially, be exclusively used in showing the identity of sender of the message.Therefore, authentication center The message that can be obtained in the specific fields during message sends the message exchanged between terminal and authentication center sends terminal iidentification. Mark in the field can not be tampered, therefore, in this way, the mark that message sends terminal has been inquired exactly. Then, message transmission terminal iidentification is compared with authorization terminal identification list.Can be trusted as the hair of message The terminal iidentification of the side of sending all is registered in the identification list of authorization terminal of authentication center in advance.If the message sends terminal mark Know in authorization terminal identification list, then certification passes through.If the message sends terminal iidentification and is not identified in authorization terminal In list, then authentification failure.If authentication center passes through to the authentication that message sends terminal, authentication center sends to message Terminal distribution simultaneously sends message packet scheme with each corresponding encrypted public key of group and encryption serial number.Message packet scheme I.e. in order to how groups of to message point be to message encryption.For example, specifying in message packet scheme 1, message is divided into Three groups：Group A1, organizes B1, organizes C2.Specify in message packet scheme 2, by message according to 2:1:1 ratio is divided into three groups： Group A2, organizes B2, organizes C2.Assignment messages packet scheme can be taken and specify some message packet schemes in advance, then wherein with Machine specifies the mode of.For example, regulation has 10 message packet schemes in advance：Message packet scheme 1, message packet scheme 2 ..., message packet scheme 10.When needing assignment messages to be grouped scheme, a message packet scheme is therefrom randomly assigned.With Then each corresponding encrypted public key of group can also wherein be randomly assigned one using one encrypted public key set of regulation in advance Mode.For example, there is 100 public keys (its 100 private key of correspondence) in encrypted public key set.What is be generally noted above is equal by message It is divided into a group A1, group B1, the message packet scheme 1 of group C2, an encrypted public key is randomly assigned in 100 public keys for group A1 K1, an encrypted public key k2 is randomly assigned for group A2 in 100 public keys, is randomly assigned in 100 public keys for group A3 One encrypted public key k3.Encryption serial number is to represent that current encryption is different from other sequence number of encryption.Authentication center is often to disappearing Breath sends terminal and sends a message packet scheme and each corresponding encrypted public key of group, just one encryption serial number of distribution.One As for, per sub-distribution encryption serial number it is different.So, terminal return is subsequently being sent to message according to authentication center The corresponding record of message packet scheme, encrypted public key and encryption serial number searches message corresponding with the encryption serial number for receiving During packet scheme, encrypted public key, unique message packet scheme and encrypted public key can be just found.

In one embodiment, methods described also includes after the identity that terminal is sent to message is authenticated：Generation The encryption key with corresponding to each corresponding encrypted public key of group；The message packet scheme that will be generated is corresponding with each group Encrypted public key and corresponding encryption key and encryption serial number accordingly preserve.

In asymmetric encryption techniques, because encrypted public key and encryption key are generations in pairs, in generation encrypted public key Shi Shiji has also generated corresponding encryption key.Can also by packet scheme, each encrypted public key, each encrypted public key it is corresponding respectively plus Close private key and encryption serial number corresponding record.In the follow-up message decryption to encryption of authentication center, encryption key is used Rather than encrypted public key, therefore, by packet scheme, each encrypted public key, the corresponding each encryption key of each encrypted public key and encryption Serial number corresponding record, in subsequent process, authentication center could according to the corresponding message packet scheme of encryption serial number and Encryption key corresponding to encrypted public key corresponding with each group is to encryption message decryption.

Then, message sends message packet scheme and the encryption public affairs corresponding with each group that terminal is returned according to authentication center Key, is divided into message group and is encrypted with encrypted public key corresponding with the group for each group, obtains encrypting message.Then, message Send terminal and encryption message is sent to message sink terminal together with encryption serial number.Message sink terminal disappears the encryption of reception Breath is corresponding with encryption serial number to be preserved, and when needing to obtain message content, the encryption message and encryption flowing water that correspondence is preserved Number it is sent to authentication center.

In step 320, the identity to message receiving terminal is authenticated.

The identity of certification message sink terminal can take the initiative query messages receiving terminal mark method because such as Fruit allows the message sink terminal to report mark of oneself, and a message sink terminal for unauthorized (being probably attacker) may know that The mark of the message sink terminal that another has been authorized and the mark of another message sink terminal for having authorized is disguised oneself as The mark of oneself reports authentication center, " gets by under false pretences " in this way, by certification.Therefore, authentication center will be actively The mark of query messages receiving terminal.In general, according to message sink terminal and the communication protocol of authentication center, message sink When message is sent to authentication center, the mark of message sink terminal is the message that transmission is automatically loaded according to communication protocol to terminal Certain specific fields, this field can not be changed artificially, be exclusively used in showing the identity with authentication center correspondent.Therefore, Authentication center can obtain the message sink in the specific fields in the message exchanged between message sink terminal and authentication center Terminal iidentification.Mark in the field can not be tampered, therefore, in this way, message sink end has been inquired exactly The mark at end.Then, the message sink terminal iidentification is compared with authorization terminal identification list.Can be trusted is carried out The terminal iidentification of secure communication is all registered in the identification list of authorization terminal of authentication center in advance.If the message sink end In authorization terminal identification list, then certification passes through end mark.If the message sink terminal iidentification is not in authorization terminal In identification list, then authentification failure.

In a step 330, if certification passes through, message packet scheme, the encryption public affairs that terminal is returned are sent according to message The corresponding record of key and encryption serial number, searches message packet scheme corresponding with the encryption serial number for receiving, encrypted public key.

Authentication center, when sending terminal distribution to message and sending message packet scheme and each encrypted public key, is to be grouped Scheme, each encrypted public key (may also have the corresponding each encryption key of encrypted public key) and encryption serial number corresponding record.This Sample, after authentication center is authenticated to the identity of message receiving terminal and certification passes through, according to the corresponding record, it is possible to look into Find message packet scheme corresponding with the encryption serial number for receiving, encrypted public key.

In step 340, according to adding corresponding to the message packet scheme for finding and encrypted public key corresponding with each group Close private key pair encryption message decryption.

Because encrypted public key and encryption key are generations in pairs, when encrypted public key is generated, actual also generation has corresponding Encryption key.Can also be by packet scheme, each encrypted public key, the corresponding each encryption key of each encrypted public key and encryption flowing water Number corresponding record.Then, authentication center is according to the encryption corresponding to the message packet scheme and encrypted public key corresponding with each group Private key pair encryption message is decrypted.

In another embodiment, encrypted public key and the encryption key table of comparisons are set in addition.Authentication center is in the table of comparisons Corresponding encryption key is obtained according to the encrypted public key for finding, then, according to the message packet scheme for finding and and each group Encryption key corresponding to corresponding encrypted public key is to encryption message decryption.

In step 350, the message content that obtains of decryption to message sink terminal is sent.

In one embodiment, methods described also includes：If authentification failure, authentification failure is sent to message sink terminal Message.

With reference to Fig. 4, it illustrates the exemplary of the asymmetric whitepack cipher encrypting method according to the application one embodiment Flow chart.Method shown in Fig. 4 can be in Fig. 1 message send terminal 102 perform.The concept of " whitepack " has hereinbefore been retouched State." asymmetric " refers to the encryption technology being engaged using public key and private key.In general, public key and private key are used as a key It is right.For example, in the case of with public key encryption, being decrypted with corresponding private key.

As shown in figure 4, in step 410, sending message packet scheme to authentication center and encrypted public key being asked.

That is, message sends terminal and wants to send message, first has to send message packet scheme to authentication center and encryption is public Key is asked.

At step 420, if authentication center passes through to the authentication that message sends terminal, receive and come from authentication center Message packet scheme and each corresponding encrypted public key of group and encryption serial number.

After authentication center receives request, first have to the identity that the certification message sends terminal, certification pass through after could be It sends message packet scheme and encrypted public key.The identity that certification message sends terminal can take the initiative query messages transmission eventually The method of the mark at end, because if allowing message to send the mark of terminal to report oneself, a message for unauthorized sends terminal May know that message that another has authorized to send the mark of terminal and another message for having authorized is sent the mark of terminal Know the mark of oneself that disguises oneself as and report authentication center, " get by under false pretences " in this way, by certification.Therefore, in certification The heart wants active inquiry message to send the mark of terminal.In general, the communication protocol of terminal and authentication center is sent according to message, Message sends terminal when message is sent to authentication center, and the mark that message sends terminal is to be automatically loaded hair according to communication protocol Certain specific fields of the message sent.This field can not be changed artificially, be exclusively used in showing the identity of sender of the message.Cause This, authentication center can obtain the message hair in the specific fields during message sends the message exchanged between terminal and authentication center Send terminal iidentification.Mark in the field can not be tampered, therefore, in this way, message transmission has been inquired exactly The mark of terminal.Then, message transmission terminal iidentification is compared with authorization terminal identification list.Work can be trusted For the terminal iidentification of the sender of message is all registered in the identification list of authorization terminal of authentication center in advance.If the message Terminal iidentification is sent in authorization terminal identification list, then certification passes through.If the message sends terminal iidentification and is not awarding In power terminal identification list, then authentification failure.If authentication center passes through to the authentication that message sends terminal, authentication center Terminal distribution is sent to message and send message packet scheme with each corresponding encrypted public key of group and encryption serial number.Disappear Breath packet scheme is to how groups of to message point be to message encryption.Encryption serial number is to represent that current crypto is different from Other sequence number of encryption.It is corresponding with each group that authentication center often sends a terminal message packet scheme of transmission to message Serial number is encrypted in encrypted public key, just distribution one.In general, the encryption serial number per sub-distribution is different.So, rear It is continuous to be looked into the corresponding record that message sends terminal return message packet scheme, encrypted public key and encryption serial number according to authentication center During looking for message packet scheme corresponding with the encryption serial number for receiving, encrypted public key, unique message point can be just found Prescription case and encrypted public key.

In asymmetric encryption techniques, because encrypted public key and encryption key are generations in pairs, in generation encrypted public key Shi Shiji has also generated corresponding encryption key.Can also by packet scheme, each encrypted public key, each encrypted public key it is corresponding respectively plus Close private key and encryption serial number corresponding record.In the follow-up message decryption to encryption of authentication center, encryption key is used Rather than encrypted public key, therefore, by packet scheme, each encrypted public key, the corresponding each encryption key of each encrypted public key and encryption Serial number corresponding record, in subsequent process, authentication center could according to the corresponding message packet scheme of encryption serial number and Encryption key corresponding to encrypted public key corresponding with each group is to encryption message decryption.

In step 430, according to authentication center return message packet scheme and with each corresponding encrypted public key of group, general Message is divided into group and is encrypted with encrypted public key corresponding with the group for each group, obtains encrypting message.

In step 440, encryption message is sent to message sink terminal together with encryption serial number.

Message sends terminal and encryption message is sent into message sink terminal together with encryption serial number.Then, message sink The encryption message that terminal will be received is corresponding with encryption serial number to be preserved, and when needing to obtain message content, correspondence is preserved Encryption message and encryption serial number are sent to authentication center.Authentication center is authenticated to the identity of message receiving terminal.

The identity of certification message sink terminal can take the initiative query messages receiving terminal mark method because such as Fruit allows the message sink terminal to report mark of oneself, and a message sink terminal for unauthorized (being probably attacker) may know that The mark of the message sink terminal that another has been authorized and the mark of another message sink terminal for having authorized is disguised oneself as The mark of oneself reports authentication center, " gets by under false pretences " in this way, by certification.Therefore, authentication center will be actively The mark of query messages receiving terminal.In general, according to message sink terminal and the communication protocol of authentication center, message sink When message is sent to authentication center, the mark of message sink terminal is the message that transmission is automatically loaded according to communication protocol to terminal Certain specific fields, this field can not be changed artificially, be exclusively used in showing the identity with authentication center correspondent.Therefore, Authentication center can obtain the message sink in the specific fields in the message exchanged between message sink terminal and authentication center Terminal iidentification.Mark in the field can not be tampered, therefore, in this way, message sink end has been inquired exactly The mark at end.Then, the message sink terminal iidentification is compared with authorization terminal identification list.Can be trusted is carried out The terminal iidentification of secure communication is all registered in the identification list of authorization terminal of authentication center in advance.If the message sink end In authorization terminal identification list, then certification passes through end mark.If the message sink terminal iidentification is not in authorization terminal In identification list, then authentification failure.

Authentication center, when sending terminal distribution to message and sending message packet scheme and each encrypted public key, is to be grouped Scheme, each encrypted public key, each encrypted public key corresponding each encryption key and encryption serial number corresponding record.So, certification After center is authenticated to the identity of message receiving terminal and certification passes through, according to the corresponding record, it is possible to find with The corresponding message packet scheme of encryption serial number, the corresponding encryption key of encrypted public key that receive, then according to finding Encryption key corresponding to message packet scheme and encrypted public key corresponding with each group is to encryption message decryption.Then, in certification The heart sends the message content that obtains of decryption to message sink terminal.

It should be noted that although the operation of the inventive method is described with particular order in the accompanying drawings, this is not required that Or imply that these must be performed according to the particular order operates, or the operation having to carry out shown in whole could realize the phase The result of prestige.Conversely, the step of describing in flow chart can change execution sequence.Additionally or alternatively, it is convenient to omit some Multiple steps are merged into a step and performed, and/or a step is decomposed into execution of multiple steps by step.

With further reference to Fig. 5, it illustrates the asymmetric whitepack password encryption device 500 according to the application one embodiment Exemplary block diagram.

As shown in figure 5, the asymmetric whitepack password encryption device 500 includes：First receiving unit 510, is configured to Encryption message, the encryption serial number that terminal is sent from message are received, wherein, encryption message is that message sends terminal according to certification Center return message packet scheme and with each corresponding encrypted public key of group, by message be divided into group and for each group with this The corresponding encrypted public key encryption of group is obtained, and the authentication center is sending terminal return message packet scheme and encryption to message Encryption serial number is also returned while public key；First storage unit 520, is configured to encryption message and the encryption flowing water that will be received Number correspondence preserve；First transmitting element 530, is configured to the request in response to obtaining message content, the encryption that correspondence is preserved Message and encryption serial number are sent to authentication center, so that authentication center is authenticated and certification to the identity of message receiving terminal By rear, the correspondence that terminal returns to message packet scheme, encrypted public key and encryption serial number is sent to message according to authentication center Record, searches message packet scheme corresponding with the encryption serial number for receiving, encrypted public key, according to the message packet scheme and Encryption key corresponding to encrypted public key corresponding with each group is to encryption message decryption；Second receiving unit 540, be configured to from The message content that authentication center's receiving and deciphering is obtained.

Alternatively, it is by obtaining message sink terminal and recognizing that authentication center is authenticated to the identity of message receiving terminal Between card center exchange message in specific fields in message sink terminal iidentification, and by the message sink terminal iidentification with Authorization terminal identification list compares what is carried out.

Alternatively, if the message sink terminal iidentification is in authorization terminal identification list, certification passes through.

With further reference to Fig. 6, it illustrates the asymmetric whitepack password encryption device 600 according to the application one embodiment Exemplary block diagram.

As shown in fig. 6, the asymmetric whitepack password encryption device 600 includes：3rd receiving unit 610, is configured to The encryption message from message sink terminal, encryption serial number are received, wherein, encryption message is that message sends terminal according to certification Center return message packet scheme and with each corresponding encrypted public key of group, by message be divided into group and for each group with this The corresponding encrypted public key encryption of group is obtained and is sent to message sink terminal, and the authentication center returns to message transmission terminal Encryption serial number is also returned to while returning message packet scheme and encrypted public key, so that message sink terminal is by the encryption serial number Authentication center is issued together with encryption message；First authentication unit 620, is configured to recognize the identity of message receiving terminal Card；Searching unit 630, if be configured to certification passed through, message packet scheme, the encryption that terminal is returned is sent according to message The corresponding record of public key and encryption serial number, searches message packet scheme corresponding with the encryption serial number for receiving, encryption public affairs Key；Decryption unit 640, is configured to according to corresponding to the message packet scheme for finding and encrypted public key corresponding with each group Encryption key is to encryption message decryption；Second transmitting element 650, is configured to send the message content that obtains of decryption and is connect to message Receive terminal.

Alternatively, described device includes：3rd transmitting element, if being configured to authentification failure, to message sink terminal Send authentification failure message.

Alternatively, described device also includes：4th receiving unit, is configured to receive the message for sending terminal from message Packet scheme and encrypted public key are asked；Second authentication unit, is configured to be authenticated the identity that message sends terminal；First Generation unit, if be configured to certification passed through, generates message packet scheme and each the corresponding encrypted public key of group, Yi Jijia Close serial number；4th transmitting element, be configured to send the message packet scheme and each corresponding encrypted public key of group, plus Close serial number sends terminal to message.

Alternatively, described device also includes：Second generation unit, is configured to generation described with each corresponding encryption of group Encryption key corresponding to public key；Second storage unit, is configured to the message packet scheme for generating is corresponding with each group Encrypted public key and corresponding encryption key and encryption serial number are accordingly preserved.

Alternatively, first authentication unit is further configured to：Obtain between message sink terminal and authentication center Message sink terminal iidentification in specific fields in the message of exchange；By the message sink terminal iidentification and authorization terminal mark Know list to compare.

Alternatively, second authentication unit is further configured to：Message is obtained to send between terminal and authentication center Message in specific fields in the message of exchange sends terminal iidentification；The message is sent into terminal iidentification with authorization terminal mark Know list to compare.

With further reference to Fig. 7, it illustrates the asymmetric whitepack password encryption device 700 according to the application one embodiment Exemplary block diagram.

As shown in fig. 7, the asymmetric whitepack password encryption device 700 includes：5th transmitting element 710, is configured to Message packet scheme is sent to authentication center and encrypted public key is asked；5th receiving unit 720, if being configured to authentication center The authentication that message sends terminal is passed through, message packet scheme of the reception from authentication center is corresponding with each group to be added Migong key and encryption serial number；Ciphering unit 730, be configured to according to authentication center return message packet scheme and with Each corresponding encrypted public key of group, is divided into message group and is encrypted with encrypted public key corresponding with the group for each group, obtains Encryption message；6th transmitting element 740, is configured to for encryption message to be sent to message sink terminal together with encryption serial number.

It should be appreciated that the systems or unit described in Fig. 5-7 and each step in the method for reference Fig. 2-Fig. 4 descriptions It is rapid corresponding.Thus, the operation and feature above with respect to method description is equally applicable to Fig. 5-7 and the unit for wherein including, This is repeated no more.

Below with reference to Fig. 8, it illustrates the department of computer science for being suitable to the message sink terminal for realizing the embodiment of the present application The structural representation of system 800.

As shown in figure 8, computer system 800 includes CPU (CPU) 801, it can be according to storage read-only Program in memory (ROM) 802 or be loaded into program in random access storage device (RAM) 803 from storage part 808 and Perform various appropriate actions and treatment.In RAM 803, the system that is also stored with 800 operates required various programs and data. CPU 801, ROM 802 and RAM 803 are connected with each other by bus 804.Input/output (I/O) interface 805 is also connected to always Line 804.

I/O interfaces 805 are connected to lower component：Including the importation 806 of keyboard, mouse etc.；Penetrated including such as negative electrode The output par, c 807 of spool (CRT), liquid crystal display (LCD) etc. and loudspeaker etc.；Storage part 808 including hard disk etc.； And the communications portion 809 of the NIC including LAN card, modem etc..Communications portion 809 via such as because The network of spy's net performs communication process.Driver 810 is also according to needing to be connected to I/O interfaces 805.Detachable media 811, such as Disk, CD, magneto-optic disk, semiconductor memory etc., as needed on driver 810, in order to read from it Computer program be mounted into as needed storage part 808.

Below with reference to Fig. 9, it illustrates the computer system 900 for being suitable to the authentication center for realizing the embodiment of the present application Structural representation.

As shown in figure 9, computer system 900 includes CPU (CPU) 901, it can be according to storage read-only Program in memory (ROM) 902 or be loaded into program in random access storage device (RAM) 903 from storage part 908 and Perform various appropriate actions and treatment.In RAM 903, the system that is also stored with 900 operates required various programs and data. CPU 901, ROM 902 and RAM 903 are connected with each other by bus 904.Input/output (I/O) interface 905 is also connected to always Line 904.

I/O interfaces 905 are connected to lower component：Including the importation 906 of keyboard, mouse etc.；Penetrated including such as negative electrode The output par, c 907 of spool (CRT), liquid crystal display (LCD) etc. and loudspeaker etc.；Storage part 908 including hard disk etc.； And the communications portion 909 of the NIC including LAN card, modem etc..Communications portion 909 via such as because The network of spy's net performs communication process.Driver 910 is also according to needing to be connected to I/O interfaces 905.Detachable media 911, such as Disk, CD, magneto-optic disk, semiconductor memory etc., as needed on driver 910, in order to read from it Computer program be mounted into as needed storage part 908.

Below with reference to Figure 10, it illustrates the department of computer science for being suitable to the message sink terminal for realizing the embodiment of the present application The structural representation of system 1000.

As shown in Figure 10, computer system 1000 includes CPU (CPU) 1001, and it can be according to storage only Read the program in memory (ROM) 1002 or be loaded into random access storage device (RAM) 1003 from storage part 1008 Program and perform various appropriate actions and treatment.In RAM 1003, the system that is also stored with 1000 operates required various journeys Sequence and data.CPU 1001, ROM 1002 and RAM 1003 are connected with each other by bus 1004.Input/output (I/O) interface 1005 are also connected to bus 1004.

I/O interfaces 1005 are connected to lower component：Including the importation 1006 of keyboard, mouse etc.；Including such as negative electrode The output par, c 1007 of ray tube (CRT), liquid crystal display (LCD) etc. and loudspeaker etc.；Storage part including hard disk etc. 1008；And the communications portion 1009 of the NIC including LAN card, modem etc..Communications portion 1009 is passed through Communication process is performed by the network of such as internet.Driver 1010 is also according to needing to be connected to I/O interfaces 1005.It is detachable to be situated between Matter 1011, such as disk, CD, magneto-optic disk, semiconductor memory etc., as needed on driver 1010, so as to Storage part 1008 is mounted into as needed in the computer program for reading from it.

Especially, in accordance with an embodiment of the present disclosure, the process above with reference to Fig. 2-Fig. 4 descriptions may be implemented as computer Software program.For example, embodiment of the disclosure includes a kind of computer program product, it includes being tangibly embodied in machine readable Computer program on medium, program code of the computer program comprising the method for performing Fig. 2-Fig. 4.Such In embodiment, the computer program can be downloaded and installed by communications portion 809,909,1009 from network, and/or from Detachable media 811,911,1011 is mounted.

Flow chart and block diagram in accompanying drawing, it is illustrated that according to the system of various embodiments of the invention, method and computer journey The architectural framework in the cards of sequence product, function and operation.At this point, each square frame in flow chart or block diagram can generation One part for module, program segment or code of table a, part for the module, program segment or code includes one or more Executable instruction for realizing the logic function of regulation.It should also be noted that in some realizations as replacement, institute in square frame The function of mark can also occur with different from the order marked in accompanying drawing.For example, two square frame reality for succeedingly representing On can perform substantially in parallel, they can also be performed in the opposite order sometimes, and this is depending on involved function.Also It is noted that the combination of the square frame in each square frame and block diagram and/or flow chart in block diagram and/or flow chart, Ke Yiyong Perform the function of regulation or the special hardware based system of operation to realize, or can be referred to computer with specialized hardware The combination of order is realized.

Being described in unit involved in the embodiment of the present application or module can be realized by way of software, it is also possible to Realized by way of hardware.Described unit or module can also be set within a processor.These units or module Title does not constitute the restriction to the unit or module in itself under certain conditions.

As on the other hand, present invention also provides a kind of computer-readable recording medium, the computer-readable storage medium Matter can be the computer-readable recording medium included in device described in above-described embodiment；Can also be individualism, not It is fitted into the computer-readable recording medium in equipment.Computer-readable recording medium storage has one or more than one journey Sequence, described program is used for performing the formula input method for being described in the application by one or more than one processor.

Above description is only the preferred embodiment and the explanation to institute's application technology principle of the application.People in the art Member is it should be appreciated that involved invention scope in the application, however it is not limited to the technology of the particular combination of above-mentioned technical characteristic Scheme, while should also cover in the case where the inventive concept is not departed from, is carried out by above-mentioned technical characteristic or its equivalent feature Other technical schemes for being combined and being formed.Such as features described above has similar work(with (but not limited to) disclosed herein The technical scheme that the technical characteristic of energy is replaced mutually and formed.

Claims (23)

1. a kind of asymmetric whitepack cipher encrypting method, it is characterised in that methods described includes：

Receive from message send terminal encryption message, encryption serial number, wherein, encryption message be message send terminal according to Authentication center return message packet scheme and with each corresponding encrypted public key of group, by message be divided into group and for each group use The encryption of corresponding with group encrypted public key is obtained, the authentication center to message send terminal return message packet scheme and Encryption serial number is also returned while encrypted public key；

The encryption message that will be received is corresponding with encryption serial number to be preserved；

Request in response to obtaining message content, the encryption message that correspondence is preserved and encryption serial number are sent to authentication center, The identity of message receiving terminal is authenticated so as to authentication center and after certification passes through, is sent eventually to message according to authentication center End returns to the corresponding record of message packet scheme, encrypted public key and encryption serial number, the encryption serial number pair searched and receive Message packet scheme, the encrypted public key answered, according to adding corresponding to the message packet scheme and encrypted public key corresponding with each group Close private key pair encryption message decryption；

From the message content that authentication center's receiving and deciphering is obtained.

2. method according to claim 1, it is characterised in that authentication center is authenticated to the identity of message receiving terminal It is by obtaining the message sink terminal mark in the specific fields in the message exchanged between message sink terminal and authentication center Know, and the message sink terminal iidentification is compared what is carried out with authorization terminal identification list.

3. method according to claim 2, it is characterised in that if the message sink terminal iidentification is in authorization terminal mark Know in list, then certification passes through.

4. a kind of asymmetric whitepack cipher encrypting method, it is characterised in that methods described includes：

Receive the encryption message from message sink terminal, encryption serial number, wherein, encryption message be message send terminal according to Authentication center return message packet scheme and with each corresponding encrypted public key of group, by message be divided into group and for each group use Encrypted public key encryption corresponding with the group is obtained and is sent to message sink terminal, and the authentication center sends eventually to message End also returns to encryption serial number while returning to message packet scheme and encrypted public key, so that message sink terminal is by the encryption stream Water number issues authentication center together with encryption message；

Identity to message receiving terminal is authenticated；

If certification passes through, message packet scheme, encrypted public key and encryption serial number that terminal is returned are sent according to message Corresponding record, searches message packet scheme corresponding with the encryption serial number for receiving, encrypted public key；

According to the encryption key corresponding to the message packet scheme for finding and encrypted public key corresponding with each group to encryption message Decryption；

Send the message content that obtains of decryption to message sink terminal.

5. method according to claim 4, it is characterised in that methods described includes：

If authentification failure, authentification failure message is sent to message sink terminal.

6. method according to claim 4, it is characterised in that methods described is receiving the encryption from message sink terminal Also include before message, encryption serial number：

Receive message packet scheme and the encrypted public key request that terminal is sent from message；

The identity that message sends terminal is authenticated；

If certification passes through, message packet scheme and each corresponding encrypted public key of group and encryption serial number are generated；

Send the message packet scheme and send terminal with each corresponding encrypted public key of group, encryption serial number to message.

7. method according to claim 6, it is characterised in that methods described is recognized in the identity that terminal is sent to message Also include after card：

With the encryption key corresponding to each corresponding encrypted public key of group described in generation；

The message packet scheme that will be generated and each corresponding encrypted public key of group and corresponding encryption key and encryption stream Water number is accordingly preserved.

8. method according to claim 4, it is characterised in that the identity to message receiving terminal is authenticated bag Include：

Obtain the message sink terminal iidentification in the specific fields in the message exchanged between message sink terminal and authentication center；

The message sink terminal iidentification is compared with authorization terminal identification list.

9. method according to claim 6, it is characterised in that described that bag is authenticated to the identity that message sends terminal Include：

The message obtained in the specific fields during message sends the message exchanged between terminal and authentication center sends terminal iidentification；

Message transmission terminal iidentification is compared with authorization terminal identification list.

10. a kind of asymmetric whitepack cipher encrypting method, it is characterised in that methods described includes：

Message packet scheme is sent to authentication center and encrypted public key is asked；

If authentication center passes through to the authentication that message sends terminal, message packet scheme of the reception from authentication center, With each corresponding encrypted public key of group and encryption serial number；

According to authentication center return message packet scheme and with each corresponding encrypted public key of group, message is divided into group and is directed to Each group is encrypted with encrypted public key corresponding with the group, obtains encrypting message；

Encryption message is sent to message sink terminal together with encryption serial number.

11. a kind of asymmetric whitepack password encryption devices, it is characterised in that described device includes：

First receiving unit, is configured to receive encryption message, the encryption serial number for sending terminal from message, wherein, encryption Message be message send the message packet scheme that is returned according to authentication center of terminal and with each corresponding encrypted public key of group, will disappear Breath is divided into group and encrypts what is obtained with encrypted public key corresponding with the group for each group, and the authentication center sends to message Terminal also returns to encryption serial number while returning to message packet scheme and encrypted public key；

First storage unit, is configured to the encryption message preservation corresponding with encryption serial number that will be received；

First transmitting element, is configured to the request in response to obtaining message content, by the encryption message of correspondence preservation and encryption Serial number is sent to authentication center, the identity of message receiving terminal is authenticated so as to authentication center and after certification passes through, root The corresponding record that terminal returns to message packet scheme, encrypted public key and encryption serial number is sent to message according to authentication center, is searched Message packet scheme corresponding with the encryption serial number for receiving, encrypted public key, according to the message packet scheme and with each group pair The encryption key corresponding to encrypted public key answered is to encryption message decryption；

Second receiving unit, is configured to the message content obtained from authentication center's receiving and deciphering.

12. devices according to claim 11, it is characterised in that authentication center is recognized the identity of message receiving terminal Card is by obtaining the message sink terminal in the specific fields in the message exchanged between message sink terminal and authentication center Mark, and the message sink terminal iidentification is compared what is carried out with authorization terminal identification list.

13. devices according to claim 12, it is characterised in that if the message sink terminal iidentification is in authorization terminal In identification list, then certification passes through.

14. a kind of asymmetric whitepack password encryption devices, it is characterised in that described device includes：

3rd receiving unit, is configured to receive the encryption message from message sink terminal, encryption serial number, wherein, encryption Message be message send the message packet scheme that is returned according to authentication center of terminal and with each corresponding encrypted public key of group, will disappear Breath is divided into group and is obtained and be sent to message sink terminal with encrypted public key corresponding with group encryption for each group, described Authentication center also returns to encryption serial number while terminal return message packet scheme and encrypted public key is sent to message, so as to The encryption serial number is issued authentication center by message sink terminal together with encryption message；

First authentication unit, is configured to be authenticated the identity of message receiving terminal；

Searching unit, if be configured to certification passed through, message packet scheme, the encryption public affairs that terminal is returned is sent according to message The corresponding record of key and encryption serial number, searches message packet scheme corresponding with the encryption serial number for receiving, encrypted public key；

Decryption unit, was configured to according to adding corresponding to the message packet scheme for finding and encrypted public key corresponding with each group Close private key pair encryption message decryption；

Second transmitting element, is configured to send the message content that obtains of decryption to message sink terminal.

15. devices according to claim 14, it is characterised in that described device includes：

3rd transmitting element, if being configured to authentification failure, authentification failure message is sent to message sink terminal.

16. devices according to claim 14, it is characterised in that described device also includes：

4th receiving unit, is configured to receive message packet scheme and the encrypted public key request for sending terminal from message；

Second authentication unit, is configured to be authenticated the identity that message sends terminal；

First generation unit, if be configured to certification passed through, the encryption corresponding with each group of generation message packet scheme is public Key and encryption serial number；

4th transmitting element, is configured to send the message packet scheme with each corresponding encrypted public key of group, encryption flowing water Number to message send terminal.

17. devices according to claim 16, it is characterised in that described device also includes：

Second generation unit, is configured to generation described with the encryption key corresponding to each corresponding encrypted public key of group；

Second storage unit, is configured to message packet scheme and each the corresponding encrypted public key of group that will generate and corresponding Encryption key and encryption serial number accordingly preserve.

18. devices according to claim 14, it is characterised in that first authentication unit is further configured to：

Obtain the message sink terminal iidentification in the specific fields in the message exchanged between message sink terminal and authentication center；

The message sink terminal iidentification is compared with authorization terminal identification list.

19. devices according to claim 16, it is characterised in that second authentication unit is further configured to：

The message obtained in the specific fields during message sends the message exchanged between terminal and authentication center sends terminal iidentification；

Message transmission terminal iidentification is compared with authorization terminal identification list.

20. a kind of asymmetric whitepack password encryption devices, it is characterised in that described device includes：

5th transmitting element, is configured to send message packet scheme to authentication center and encrypted public key is asked；

5th receiving unit, if be configured to authentication center passed through the authentication that message sends terminal, receives to accept as unavoidable The message packet scheme at card center and each corresponding encrypted public key of group and encryption serial number；

Ciphering unit, be configured to according to authentication center return message packet scheme and with each corresponding encrypted public key of group, Message is divided into group and is encrypted with encrypted public key corresponding with the group for each group, obtain encrypting message；

6th transmitting element, is configured to for encryption message to be sent to message sink terminal together with encryption serial number.

A kind of 21. equipment, including processor, memory and display；It is characterized in that：

The memory is included can be by the instruction of the computing device to cause the computing device：

Receive from message send terminal encryption message, encryption serial number, wherein, encryption message be message send terminal according to Authentication center return message packet scheme and with each corresponding encrypted public key of group, by message be divided into group and for each group use The encryption of corresponding with group encrypted public key is obtained, the authentication center to message send terminal return message packet scheme and Encryption serial number is also returned while encrypted public key；

The encryption message that will be received is corresponding with encryption serial number to be preserved；

Request in response to obtaining message content, the encryption message that correspondence is preserved and encryption serial number are sent to authentication center, The identity of message receiving terminal is authenticated so as to authentication center and after certification passes through, is sent eventually to message according to authentication center End returns to the corresponding record of message packet scheme, encrypted public key and encryption serial number, the encryption serial number pair searched and receive Message packet scheme, the encrypted public key answered, according to adding corresponding to the message packet scheme and encrypted public key corresponding with each group Close private key pair encryption message decryption；

From the message content that authentication center's receiving and deciphering is obtained.

A kind of 22. equipment, including processor, memory and display；It is characterized in that：

The memory is included can be by the instruction of the computing device to cause the computing device：

Receive the encryption message from message sink terminal, encryption serial number, wherein, encryption message be message send terminal according to Authentication center return message packet scheme and with each corresponding encrypted public key of group, by message be divided into group and for each group use Encrypted public key encryption corresponding with the group is obtained and is sent to message sink terminal, and the authentication center sends eventually to message End also returns to encryption serial number while returning to message packet scheme and encrypted public key, so that message sink terminal is by the encryption stream Water number issues authentication center together with encryption message；

Identity to message receiving terminal is authenticated；

If certification passes through, message packet scheme, encrypted public key and encryption serial number that terminal is returned are sent according to message Corresponding record, searches message packet scheme corresponding with the encryption serial number for receiving, encrypted public key；

According to the encryption key corresponding to the message packet scheme for finding and encrypted public key corresponding with each group to encryption message Decryption；

Send the message content that obtains of decryption to message sink terminal.

A kind of 23. equipment, including processor, memory and display；It is characterized in that：

The memory is included can be by the instruction of the computing device to cause the computing device：

Message packet scheme is sent to authentication center and encrypted public key is asked；

If authentication center passes through to the authentication that message sends terminal, message packet scheme of the reception from authentication center, With each corresponding encrypted public key of group and encryption serial number；

According to authentication center return message packet scheme and with each corresponding encrypted public key of group, message is divided into group and is directed to Each group is encrypted with encrypted public key corresponding with the group, obtains encrypting message；

Encryption message is sent to message sink terminal together with encryption serial number.