CN106911625B - Text processing method, device and system for safe input method - Google Patents
Text processing method, device and system for safe input method Download PDFInfo
- Publication number
- CN106911625B CN106911625B CN201510967166.5A CN201510967166A CN106911625B CN 106911625 B CN106911625 B CN 106911625B CN 201510967166 A CN201510967166 A CN 201510967166A CN 106911625 B CN106911625 B CN 106911625B
- Authority
- CN
- China
- Prior art keywords
- ciphertext
- security
- security domain
- symmetric key
- text processing
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/38—Encryption being effected by mechanical apparatus, e.g. rotating cams, switches, keytape punchers
Abstract
The invention discloses a text processing method, a device and a system of a safe input method, wherein the method comprises the following steps: registering a security domain, and acquiring the security domain identifier; applying for and acquiring a symmetric key corresponding to the security domain; encrypting a plaintext input by a user by using the symmetric key; and outputting the encrypted ciphertext and the security domain identifier together.
Description
Technical Field
The invention relates to the technical field of information security, in particular to a text processing method, a text processing device and a text processing system for a secure input method.
Background
With the development of mobile internet, text communication becomes an important communication mode for people, but intelligent devices and transmission channels are not safe, so that chat information, short message information and electronic mail information of people are likely to be stolen by trojans or intercepted by hackers, and the situation that information such as bank accounts, login passwords and the like contained in network communication contents of users is intercepted by malicious third parties to cause great loss to the users often occurs. The problem of a significant threat to the user's fund security and privacy information is faced.
At present, part of communication software, such as WeChat, can carry out encryption transmission on self communication information, but the mode is only suitable for information transmission among the specific communication software, the encryption and decryption capability is only limited in an application, such as a WeChat client side to a WeChat client side, and the safety of information transmission through other application software in intelligent equipment, such as short message application in an android system, cannot be ensured, and the encryption function is not available. In addition, in this way, the communication information of the user is visible to the communication software operator, and once the communication software operator is out of control, it is quite possible for internal staff to obtain the communication information of the user in an illegal way. And the mode is realized by communication software in a software encryption and decryption mode, and is easily overcome by malicious software.
Disclosure of Invention
The invention provides a text processing method, a device and a system of a safe input method, which can simplify key management and ensure the security of key storage and transmission on the premise of ensuring the text encryption and decryption security of the input method and the convenience of users.
The technical scheme of the embodiment of the invention is realized as follows:
the embodiment of the invention provides a text processing method of a safe input method, which comprises the following steps:
registering a security domain, and acquiring the security domain identifier;
applying for and acquiring a symmetric key corresponding to the security domain;
encrypting a plaintext input by a user by using the symmetric key;
and outputting the encrypted ciphertext and the security domain identifier together.
In the foregoing solution, the encrypting the plaintext input by the user by using the symmetric key includes:
randomly generating an initial vector when encrypting a plaintext input by a user by using the symmetric key every time, and using the initial vector to participate in cryptographic operation;
correspondingly, the outputting the encrypted ciphertext together with the security domain identifier includes:
and outputting the encrypted ciphertext, the security domain identifier and the initial vector corresponding to the ciphertext together.
In the above scheme, the method further comprises:
acquiring a ciphertext and a first security domain identifier corresponding to the ciphertext;
when the first security domain identification is the same as a local second security domain identification, decrypting the ciphertext by using the second symmetric key to obtain a decrypted plaintext and outputting the decrypted plaintext;
when the first security domain identifier is different from the second security domain identifier, the ciphertext is sent to a security management platform, the security management platform decrypts the ciphertext and then encrypts the ciphertext by using a second symmetric key corresponding to the second security domain, the security management platform returns the ciphertext corresponding to the second security domain identifier, and then decrypts the ciphertext returned by the security management platform by using the second symmetric key to obtain the decrypted plaintext and output the decrypted plaintext.
In the above scheme, when there is an initial vector corresponding to the ciphertext, the method further includes:
the method comprises the steps of obtaining a ciphertext and a first security domain identifier corresponding to the ciphertext, and simultaneously obtaining an initial vector corresponding to the ciphertext;
and using the initial vector to participate in decryption operation.
In the foregoing solution, the applying for and acquiring the symmetric key corresponding to the security domain includes:
and performing signature verification on the acquired symmetric key by using security hardware.
In the above scheme, the method further comprises:
using the secure hardware to register a security domain and obtaining a symmetric key corresponding to the security domain.
The embodiment of the invention also provides a text processing device of the safe input method, which comprises the following steps: the security domain registration module, the symmetric key acquisition module, the plaintext encryption module and the ciphertext output module; wherein the content of the first and second substances,
the security domain registration module is used for registering a security domain and acquiring the security domain identifier;
a symmetric key obtaining module, configured to apply for and obtain a symmetric key corresponding to the security domain;
the plaintext encryption module is used for encrypting a plaintext input by a user by using the symmetric key;
and the ciphertext output module is used for outputting the ciphertext obtained by encryption together with the security domain identifier.
In the above scheme, the apparatus further comprises:
the ciphertext obtaining module is used for obtaining a ciphertext and a first security domain identifier corresponding to the ciphertext;
the same-domain decryption module is used for decrypting the ciphertext by using the second symmetric key when the first security domain identifier is the same as a local second security domain identifier, obtaining a decrypted plaintext and outputting the decrypted plaintext;
and the different-domain decryption module is used for sending the ciphertext to a security management platform when the first security domain identifier is different from the second security domain identifier, decrypting the ciphertext by the security management platform and then encrypting by using the second symmetric key, returning the ciphertext corresponding to the second security domain identifier by the security management platform, decrypting the ciphertext returned by the security management platform by using the second symmetric key, and obtaining and outputting the decrypted plaintext.
In the above scheme, the apparatus further comprises:
and the security hardware is used for registering a security domain by using an asymmetric cryptographic algorithm and acquiring a symmetric key corresponding to the security domain.
In the above scheme, the secure hardware is implemented by a smart card, a sound card/Key, a bluetooth card/Key, an embedded secure element, or a smart wearable device.
The embodiment of the invention provides a text processing system of a safe input method, which comprises the following steps: a text processing device and a security management platform of any one of the above security input methods; wherein the content of the first and second substances,
the security management platform is used for establishing and managing a security domain, distributing the security domain for the text processing device of the security input method, and issuing a security domain identifier and a corresponding symmetric key to the text processing device; and the method is used for converting the different domain ciphertext sent by the text processing device into the same domain ciphertext of the text processing device and then returning the same domain ciphertext.
The technical scheme of the invention has the beneficial effects that: a text processing apparatus using a secure input method, comprising: the security domain registration module, the symmetric key acquisition module, the plaintext encryption module and the ciphertext output module register a security domain by using a security input method to acquire a security domain identifier; applying for and acquiring a symmetric key corresponding to the security domain; encrypting a plaintext input by a user by using the symmetric key; and the encrypted ciphertext and the security domain identifier are output together, so that the key management is simplified and the security of key storage and transmission is ensured on the premise of ensuring the security of text encryption and decryption of the input method and the convenience of users.
Drawings
Fig. 1 is a schematic flow chart illustrating an implementation of a text processing method of a secure input method according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of a text processing apparatus of a secure input method according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of embodiment 1 of the present invention.
Detailed Description
In order to more clearly illustrate the embodiments and technical solutions of the present invention, the technical solutions of the present invention will be described in more detail with reference to the accompanying drawings and embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments of the present invention without inventive step, are within the scope of the present invention.
In the embodiment of the present invention, the system provides a secure input method, which has basic functions of a common input method and also provides a secure input mode, and in the secure mode, a plaintext input by a user is encrypted in the secure input method, and the secure input method mainly includes: receiving a plaintext input by a user by using a first editing area; encrypting the plaintext by an encryption and decryption module to obtain an encrypted ciphertext; and formatting the ciphertext according to a preset rule, and returning the formatted ciphertext. When a user wants to decrypt a ciphertext, the secure input method displays the plaintext after internal decryption, and mainly comprises the following steps: receiving a formatted ciphertext selected by a user;
the selected formatted ciphertext is decrypted by the encryption and decryption module to obtain a decrypted plaintext;
and displaying the decrypted plaintext. Therefore, the plaintext input method is realized, and the safety protection of the input information of the user is increased.
For such a secure input method, how to perform encryption and decryption processing on the text of the secure input method more securely is a key problem. In order to further enhance the security of the secure input method, the embodiment of the invention provides a text processing system of the secure input method, which comprises a security management platform and a text processing device of the secure input method; the security management platform is used for establishing and managing a security domain, distributing the security domain for the text processing device of the security input method, and issuing a security domain identifier and a corresponding symmetric key to the text processing device; and the method is used for converting the different domain ciphertext sent by the text processing device into the same domain ciphertext of the text processing device and then returning the same domain ciphertext.
Fig. 1 is a schematic flow chart illustrating an implementation process of a text processing method of a secure input method according to an embodiment of the present invention, as shown in fig. 1, the method includes:
specifically, the security input method needs to register a security domain with a security management platform and acquire a security domain identifier of the security input method;
102, applying for and acquiring a symmetric key corresponding to the security domain;
specifically, a secure input method applies for and obtains a symmetric key corresponding to the secure domain; all the security input methods in the same security domain use the same symmetric key;
103, encrypting a plaintext input by a user by using the symmetric key;
specifically, the plaintext received by the secure input method through the first editing area is transmitted to the encryption and decryption module, and then encrypted by the encryption and decryption module;
further, when the symmetric key is used for encrypting a plaintext input by a user each time, an initial vector is randomly generated, and the initial vector is used for participating in cryptographic operation;
correspondingly, the outputting the encrypted ciphertext together with the security domain identifier includes:
outputting the encrypted ciphertext, the security domain identifier and the initial vector corresponding to the ciphertext together;
specifically, after the encryption and decryption module completes encryption, the secure input method obtains the encrypted ciphertext from the encryption and decryption module; and outputting the encrypted ciphertext and the security domain identifier together; and transmitting, storing, copying or deleting the encrypted ciphertext and the security domain identifier by using the application program or the user input by the security input method in the security mode.
When the ciphertext needs to be decrypted, the security input method obtains the ciphertext and a first security domain identifier corresponding to the ciphertext;
when the first security domain identification is the same as a local second security domain identification, decrypting the ciphertext by using the second symmetric key to obtain a decrypted plaintext and outputting the decrypted plaintext;
and when the first security domain identifier is different from the second security domain identifier, sending the ciphertext to a security management platform, decrypting the ciphertext by the security management platform, encrypting by using the second symmetric key, returning the ciphertext corresponding to the second security domain identifier by the security management platform, decrypting the ciphertext returned by the security management platform by using the second symmetric key, and obtaining and outputting the decrypted plaintext.
Further, when an initial vector corresponding to the ciphertext exists, that is, the initial vector participates in the cryptographic operation during encryption, the secure input method obtains the ciphertext and the first security domain identifier corresponding to the ciphertext, and also obtains the initial vector corresponding to the ciphertext;
and using the initial vector to participate in decryption operation.
Further, the applying for and acquiring the symmetric key corresponding to the security domain includes: and performing signature verification on the acquired symmetric key by using security hardware.
Further, the secure input method registers a security domain using secure hardware and obtains a symmetric key corresponding to the security domain.
By using the text processing method of the secure input method provided by the embodiment, on the premise of ensuring the text encryption and decryption security of the input method and the convenience of the user, the key management is simplified and the security of key storage and transmission is ensured.
Fig. 2 is a schematic structural diagram of a text processing apparatus of a secure input method according to an embodiment of the present invention, and as shown in fig. 2, the text processing apparatus includes: a security domain registration module 201, a symmetric key acquisition module 202, a plaintext encryption module 203 and a ciphertext output module 203; wherein the content of the first and second substances,
a security domain registration module 201, configured to register a security domain and obtain the security domain identifier;
a symmetric key obtaining module 202, configured to apply for and obtain a symmetric key corresponding to the security domain;
a plaintext encryption module 203, configured to encrypt a plaintext input by a user using the symmetric key;
and the ciphertext output module 204 is configured to output the ciphertext obtained by encrypting together with the security domain identifier.
Further, the apparatus further comprises:
the ciphertext obtaining module is used for obtaining a ciphertext and a first security domain identifier corresponding to the ciphertext;
the same-domain decryption module is used for decrypting the ciphertext by using the second symmetric key when the first security domain identifier is the same as a local second security domain identifier, obtaining a decrypted plaintext and outputting the decrypted plaintext;
and the different-domain decryption module is used for sending the ciphertext to a security management platform when the first security domain identifier is different from the second security domain identifier, decrypting the ciphertext by the security management platform and then encrypting by using the second symmetric key identifier, returning the ciphertext corresponding to the second security domain identifier by the security management platform, decrypting the ciphertext returned by the security management platform by using the second symmetric key, and obtaining and outputting the decrypted plaintext.
Further, the apparatus further comprises:
and the security hardware is used for registering a security domain by using an asymmetric cryptographic algorithm and acquiring a symmetric key corresponding to the security domain.
Further, the security hardware is implemented by a smart card, a sound card/Key, a bluetooth card/Key, an embedded security element, or a smart wearable device.
Here, the smart Card may be a SIM (Subscriber Identity Module) Card, an SD (Secure Digital Memory Card), or the like, and the smart wearable device may be a smart band, a smart watch, or the like. The SIM card may be a standard SIM card, a USIM (Universal Subscriber identity Module) card, a UIM (User identity Module) card, a MicroSIM card, a NanoSIM card, and other communication cards with various shapes and sizes. The SD card may be a secure data card of various forms and sizes such as a standard SD card, a miniSD card, and the like.
In particular, when the security hardware is implemented by a smart card, the encryption and decryption processes are performed by a security chip in the smart card.
Further, in order to better ensure the security of the input method, the encryption and decryption process of the text by using the symmetric algorithm can also be completed by the above-mentioned security hardware.
Here, the asymmetric cryptographic algorithms include, but are not limited to, asymmetric cryptographic algorithms such as RSA, ECC, SM2, SM9, and the like, and the symmetric cryptographic algorithms include, but are not limited to, symmetric cryptographic algorithms such as 3DES, AES, SM1, SM4, SM7, and the like.
In practical applications, each of the modules and each of the units may be implemented by a Central Processing Unit (CPU), a microprocessor unit (MPU), a Digital Signal Processor (DSP), or a Field Programmable Gate Array (FPGA) in a text processing apparatus of the secure input method.
The invention also provides a text processing system of the safe input method, which comprises the text processing device of the safe input method and a safety management platform; wherein the content of the first and second substances,
the security management platform is used for establishing and managing a security domain, distributing the security domain for the text processing device of the security input method, and issuing a security domain identifier and a corresponding symmetric key to the text processing device; and the method is used for converting the different domain ciphertext sent by the text processing device into the same domain ciphertext of the text processing device and then returning the same domain ciphertext.
Here, the security management platform may be a server platform that operates independently, or may be a system management service function that operates on a service system server.
Example 1:
fig. 3 is a schematic structural diagram of embodiment 1 of the present invention, and as shown in fig. 3, the secure input method includes a basic function and a key management component. The basic function supports the entrance of text input between the user and all the applications, and calls the safety hardware device to complete the text encryption and decryption functions of the safety input method. Different from the traditional input method, the safe input method can buffer the text edited by the user, and after the user confirms that the text is correct, the encryption output button is triggered, the safe hardware device function is called to encrypt, and the ciphertext is output to the input box of the target application.
In addition, the basic function is responsible for identifying the input method ciphertext in the clipboard and automatically decrypting when the user pastes the ciphertext; the key management interacts with the system platform and the secure hardware device respectively to complete the key management related functions.
The safety hardware device is a hardware module with unique Identification (ID) and symmetric and asymmetric encryption and decryption capabilities, and has the functions of generating true random numbers and generating and storing symmetric and asymmetric keys.
The security management platform is responsible for maintaining and managing the security hardware device of the security input method and the related key thereof. If the registration information of the safety hardware device is maintained, the public key TermPubKey uploaded by the safety hardware device is received and stored, the symmetric key K is generated, and the symmetric key K is encrypted by using the public key TermPubKey of the safety hardware device and then is issued to the safety hardware device.
The key management method and the key management system for the secure input method have the following basic working process of key management: secure hardware device registration, input method key application (key generation and injection), and input method encryption and decryption (key usage).
The concrete description is as follows:
secure hardware device registration:
the registration of the safety hardware device comprises the steps of generating a public key pair (TermPubKey/TermPrvKey) by utilizing the safety hardware device, storing the private key TermPrvKey in the safety hardware device, sending a safety hardware device identification ID and a public key TermPubKey thereof to a safety management platform through a safety channel for registration, wherein the safety management platform is responsible for maintaining and managing safety hardware device information (such as the ID, the TermPubKey and the like) of a safety input method, and attributing the safety hardware device to a specified safety domain (identifying the safety domain by DID), all the safety hardware devices in the same safety domain use the same secret key K, and the safety hardware devices in different safety domains use different secret keys K. The secure channel may be a dedicated system, a dedicated tool, a Virtual Private Network (VPN), etc. used during the production phase or the release phase of the secure hardware device.
In addition to the security domains created and assigned during the registration phase, one or more new security domains may be created for the secure hardware devices by the security management platform whenever an application requires, all secure hardware devices in the same security domain using the same key K, and secure hardware devices in different security domains using different keys K.
Input method key application (key generation and injection):
(1) the safety hardware device signs the identification ID of the safety hardware device by adopting a private key TermPrvKey of the safety hardware device, and then the ID and the signature are sent to a safety management platform through a key management submodule;
(2) the safety management platform authenticates the legality of the safety hardware device, and generates and issues a safety input method encryption key K:
the safety management platform checks whether the ID of the safety hardware device is registered on the safety management platform, if so, the ID signature is verified by adopting the corresponding TermPubKey, and if so, the safety hardware device passes the authentication;
the security management platform generates a symmetric encryption key K, and associates the key K with related information (ID, TermPubKey) of a security hardware device applying for the key, namely, a symmetric key K corresponding to a security domain of the security hardware device is distributed to the security hardware device. The symmetric key K can be temporarily or previously generated and stored by the security management platform, and the security management platform distributes the key K to the security hardware device of the security input method when the security hardware device applies the key;
the security management platform uses TermPubKey as a key to carry out asymmetric encryption operation on K to obtain K ciphertext K ', then sends K ' to the security hardware device, further, the security management platform uses a private key PlatPrvKey of the security management platform to sign K ', and then sends the K ' and the K ' together to the security hardware device;
(3) input method key injection:
the input method key management submodule transmits the received K 'to the security hardware device, the security hardware device uses a private key TermPrvKey of the security hardware device to perform asymmetric decryption operation on the received ciphertext K' to obtain a key K, and the security hardware device stores the key K; or the input method key management submodule transmits the received signatures of the K ' and the K ' to the secure hardware device, the secure hardware device firstly verifies the signature of the K ' by using a public key PlatPubKey of the secure management platform, if the verification is passed, the K ' is signed and issued by the management platform, then the secure hardware device carries out asymmetric decryption operation on the received ciphertext K ' by using a private key TermPrvKey of the secure hardware device to obtain a secret key K, and the secure hardware device stores the secret key K.
Input method encryption and decryption (use of key):
after the key configuration is completed, the secure input method can use the key K in the secure hardware device to encrypt and decrypt the text processed by the input method.
A safety hardware device in the safety input method uses a key K of the safety hardware device to encrypt a text processed by the input method;
furthermore, when the secure hardware device in the secure input method uses the key K of the secure hardware device to encrypt the text processed by the input method, an initial vector IV is used to participate in the cryptographic operation, so that the results of encrypting the same text by the secure input method every time are different, and the security of the text is further improved. The initial vector IV is formed by true random numbers generated by a safety hardware device, is bound with a ciphertext and is transmitted, stored, copied or deleted along with ciphertext data;
further, besides the IV, the identifier DID that is transmitted, stored, copied, or deleted along with the ciphertext data also includes an identifier DID of a security domain in which the secure hardware device is located.
When a safety hardware device in the safety input method carries out decryption, if the safety domain identifier DID carried by the ciphertext is judged to be the same as the safety domain identifier, and the ciphertext is generated by the safety hardware device of the safety domain, the safety input method uses the own secret key K for decryption through the safety hardware device to obtain a plaintext; otherwise, when the secure input method is used for decryption, if the secure domain identifier (marked as DIDb) carried by the ciphertext is different from the secure domain identifier (marked as DIDa) and the ciphertext (marked as Cb) is generated by a secure hardware device which is not the secure domain, the secure input method submits the ciphertext Cb to a secure management platform through a key management submodule, the secure management platform decrypts by using a key (marked as Kb) of the secure domain DIDb to which the ciphertext Cb belongs to obtain a plaintext (marked as P), then encrypts the plaintext P by using a key Ka of the secure domain DIDa to obtain a ciphertext Ca, finally returns the ciphertext Ca obtained by encryption to the secure input method, and the secure input method decrypts the plaintext P by using the key Ka of the secure hardware device;
furthermore, when the security management platform encrypts the plaintext P by using the key Ka of the security domain DIDa to obtain the ciphertext Ca, an initial vector IV2 is used to participate in the cryptographic operation, so that the results of encrypting the same plaintext P by the security management platform each time are different, and the security of the text is further improved. The initial vector IV2 is composed of a true random number generated by a security management platform or trusted hardware connected with the security management platform, is bound with a ciphertext Ca and is returned to the security input method along with the ciphertext data Ca, and the security input method decrypts through a security hardware device by using a key Ka of the security hardware device to obtain a plaintext P.
The modules of the text processing apparatus for the secure input method of the present embodiment execute the steps described in the above embodiments of the text processing method for the secure input method, and therefore have the same advantages. In addition, it should be understood that the above-described embodiment of the text processing apparatus is merely illustrative, and the described division of the modules is only one logical functional division, and other divisions may be realized in practice. In addition, the modules may be coupled or communicatively connected to each other through some interfaces, and may also be in an electrical or other form.
The functional modules may or may not be physical blocks as components of the text processing apparatus, and may be located in one place or distributed on a plurality of network units, and may be implemented in the form of hardware or software functional blocks. Some or all of the modules can be selected according to actual needs to achieve the purpose of the scheme of the invention.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of a hardware embodiment, a software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
It should be noted that the above-mentioned embodiments are only examples of the present invention, and not intended to limit the scope of the present invention, and all equivalent structures or equivalent flow transformations made by using the contents of the specification and the drawings, such as the combination of technical features between the embodiments, or the direct or indirect application to other related technical fields, are included in the scope of the present invention.
Claims (11)
1. A text processing method of a secure input method, the method comprising:
registering a security domain and acquiring a security domain identifier;
applying for and acquiring a symmetric key corresponding to the security domain;
encrypting a plaintext input by a user by using the symmetric key;
outputting the encrypted ciphertext and the security domain identifier together;
acquiring a ciphertext and a first security domain identifier corresponding to the ciphertext;
when the first security domain identifier is different from a local second security domain identifier, sending the ciphertext to a security management platform, decrypting the ciphertext by the security management platform, encrypting by using a second symmetric key corresponding to the second security domain, returning the ciphertext corresponding to the second security domain identifier by the security management platform, decrypting the ciphertext returned by the security management platform by using the second symmetric key, and obtaining and outputting the decrypted plaintext.
2. The method of claim 1, wherein the encrypting the plaintext input by the user using the symmetric key comprises:
randomly generating an initial vector when encrypting a plaintext input by a user by using the symmetric key every time, and using the initial vector to participate in cryptographic operation;
correspondingly, the outputting the encrypted ciphertext together with the security domain identifier includes:
and outputting the encrypted ciphertext, the security domain identifier and the initial vector corresponding to the ciphertext together.
3. The text processing method according to claim 1 or 2, wherein the method further comprises:
and when the first security domain identifier is the same as the second security domain identifier, decrypting the ciphertext by using the second symmetric key to obtain decrypted plaintext and outputting the decrypted plaintext.
4. The method of claim 1, wherein when there is an initial vector corresponding to the ciphertext, the method further comprises:
the method comprises the steps of obtaining a ciphertext and a first security domain identifier corresponding to the ciphertext, and simultaneously obtaining an initial vector corresponding to the ciphertext;
and using the initial vector to participate in decryption operation.
5. The text processing method according to claim 1, wherein the applying for and obtaining the symmetric key corresponding to the security domain comprises:
and performing signature verification on the acquired symmetric key by using security hardware.
6. The text processing method of claim 1, wherein the method further comprises:
using the secure hardware to register a security domain and obtaining a symmetric key corresponding to the security domain.
7. A text processing apparatus for a secure input method, the apparatus comprising: the security domain registration module, the symmetric key acquisition module, the plaintext encryption module and the ciphertext output module; wherein the content of the first and second substances,
the security domain registration module is used for registering a security domain and acquiring a security domain identifier;
a symmetric key obtaining module, configured to apply for and obtain a symmetric key corresponding to the security domain;
the plaintext encryption module is used for encrypting a plaintext input by a user by using the symmetric key;
the ciphertext output module is used for outputting the ciphertext obtained by encryption together with the security domain identifier;
the ciphertext obtaining module is used for obtaining a ciphertext and a first security domain identifier corresponding to the ciphertext;
and the different-domain decryption module is used for sending the ciphertext to a security management platform when the first security domain identifier is different from a local second security domain identifier, decrypting the ciphertext by the security management platform, then encrypting by using a second symmetric key corresponding to the second security domain, then returning the ciphertext corresponding to the second security domain identifier by the security management platform, and then decrypting the ciphertext returned by the security management platform by using the second symmetric key to obtain the decrypted plaintext and output the decrypted plaintext.
8. The text processing apparatus according to claim 7, further comprising:
and the same-domain decryption module is used for decrypting the ciphertext by using the second symmetric key when the first security domain identifier is the same as the second security domain identifier, obtaining decrypted plaintext and outputting the decrypted plaintext.
9. The text processing apparatus according to claim 7 or 8, wherein the apparatus further comprises:
and the security hardware is used for registering a security domain by using an asymmetric cryptographic algorithm and acquiring a symmetric key corresponding to the security domain.
10. The text processing apparatus of claim 9, wherein the security hardware is implemented by a smart card, a sound card/Key, a bluetooth card/Key, an embedded security element, or a smart wearable device.
11. A system for processing text in a secure input method, the system comprising: a text processing apparatus and a security management platform of a secure input method according to any one of claims 7 to 10; wherein the content of the first and second substances,
the security management platform is used for establishing and managing a security domain, distributing the security domain for the text processing device of the security input method, and issuing a security domain identifier and a corresponding symmetric key to the text processing device; and the method is used for converting the different domain ciphertext sent by the text processing device into the same domain ciphertext of the text processing device and then returning the same domain ciphertext.
Priority Applications (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510967166.5A CN106911625B (en) | 2015-12-22 | 2015-12-22 | Text processing method, device and system for safe input method |
| PCT/CN2016/103054 WO2017107642A1 (en) | 2015-12-22 | 2016-10-24 | Text processing method, apparatus and system for secure input method |
| TW105135989A TWI611316B (en) | 2015-12-22 | 2016-11-04 | Text processing method for safe input method, text processing device and text processing system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510967166.5A CN106911625B (en) | 2015-12-22 | 2015-12-22 | Text processing method, device and system for safe input method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106911625A CN106911625A (en) | 2017-06-30 |
| CN106911625B true CN106911625B (en) | 2020-04-24 |
Family
ID=59089075
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510967166.5A Active CN106911625B (en) | 2015-12-22 | 2015-12-22 | Text processing method, device and system for safe input method |
Country Status (3)
| Country | Link |
|---|---|
| CN (1) | CN106911625B (en) |
| TW (1) | TWI611316B (en) |
| WO (1) | WO2017107642A1 (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111177739B (en) * | 2019-10-28 | 2023-11-03 | 腾讯云计算(北京)有限责任公司 | Data processing method, information interaction system and computer storage medium |
| CN111212068B (en) * | 2019-12-31 | 2022-02-08 | 北京升鑫网络科技有限公司 | Method for encrypting and decrypting characters by input method |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101064595A (en) * | 2006-04-27 | 2007-10-31 | 联想(北京)有限公司 | Computer network safe input authentication system and method |
| CN101169815A (en) * | 2007-11-27 | 2008-04-30 | 华为技术有限公司 | Computer system and data input method |
| CN101729246A (en) * | 2008-10-24 | 2010-06-09 | 中兴通讯股份有限公司 | Method and system for distributing key |
| CN101739756A (en) * | 2008-11-10 | 2010-06-16 | 中兴通讯股份有限公司 | Method for generating secrete key of smart card |
| WO2015162688A1 (en) * | 2014-04-22 | 2015-10-29 | 株式会社日立製作所 | Data processing system and data processing method |
Family Cites Families (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| TWI224455B (en) * | 2001-01-19 | 2004-11-21 | Mitake Data Co Ltd | End-to-end encryption procedure and module of M-commerce WAP data transport layer |
| KR100641824B1 (en) * | 2001-04-25 | 2006-11-06 | 주식회사 하렉스인포텍 | A payment information input method and mobile commerce system using symmetric cipher system |
| TW563047B (en) * | 2001-06-12 | 2003-11-21 | Financial Information Service | Shared system of mobile bank and its operating method |
| CN101894232B (en) * | 2010-07-26 | 2012-09-12 | 深圳市永达电子股份有限公司 | Safe input method applied to identity authentication |
| CN102355353A (en) * | 2011-08-12 | 2012-02-15 | 无锡城市云计算中心有限公司 | Encrypted input method and encrypted communication method and device |
| US20140109176A1 (en) * | 2012-10-15 | 2014-04-17 | Citrix Systems, Inc. | Configuring and providing profiles that manage execution of mobile applications |
| EP2982148A1 (en) * | 2013-04-05 | 2016-02-10 | Interdigital Patent Holdings, Inc. | Securing peer-to-peer and group communications |
-
2015
- 2015-12-22 CN CN201510967166.5A patent/CN106911625B/en active Active
-
2016
- 2016-10-24 WO PCT/CN2016/103054 patent/WO2017107642A1/en active Application Filing
- 2016-11-04 TW TW105135989A patent/TWI611316B/en not_active IP Right Cessation
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101064595A (en) * | 2006-04-27 | 2007-10-31 | 联想(北京)有限公司 | Computer network safe input authentication system and method |
| CN101169815A (en) * | 2007-11-27 | 2008-04-30 | 华为技术有限公司 | Computer system and data input method |
| CN101729246A (en) * | 2008-10-24 | 2010-06-09 | 中兴通讯股份有限公司 | Method and system for distributing key |
| CN101739756A (en) * | 2008-11-10 | 2010-06-16 | 中兴通讯股份有限公司 | Method for generating secrete key of smart card |
| WO2015162688A1 (en) * | 2014-04-22 | 2015-10-29 | 株式会社日立製作所 | Data processing system and data processing method |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2017107642A1 (en) | 2017-06-29 |
| TW201723919A (en) | 2017-07-01 |
| TWI611316B (en) | 2018-01-11 |
| CN106911625A (en) | 2017-06-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109309565B (en) | Security authentication method and device | |
| US10601801B2 (en) | Identity authentication method and apparatus | |
| CN107465689B (en) | Key management system and method of virtual trusted platform module in cloud environment | |
| EP3318043B1 (en) | Mutual authentication of confidential communication | |
| US10305688B2 (en) | Method, apparatus, and system for cloud-based encryption machine key injection | |
| EP2639997B1 (en) | Method and system for secure access of a first computer to a second computer | |
| CN107358441B (en) | Payment verification method and system, mobile device and security authentication device | |
| US20210357914A1 (en) | Constructing a Distributed Ledger Transaction on a Cold Hardware Wallet | |
| CN108199847B (en) | Digital security processing method, computer device, and storage medium | |
| CN102281300A (en) | digital rights management license distribution method and system, server and terminal | |
| KR101879758B1 (en) | Method for Generating User Digital Certificate for Individual User Terminal and for Authenticating Using the Same Digital Certificate | |
| KR20150079489A (en) | Instant messaging method and system | |
| WO2018137225A1 (en) | Fingerprint data processing method and processing apparatus | |
| EP4150879A1 (en) | Constructing a distributed ledger transaction on a cold hardware wallet | |
| CN104322003A (en) | Cryptographic authentication and identification method using real-time encryption | |
| CN104424446A (en) | Safety verification and transmission method and system | |
| CN112766962A (en) | Method for receiving and sending certificate, transaction system, storage medium and electronic device | |
| CN109005184A (en) | File encrypting method and device, storage medium, terminal | |
| GB2522445A (en) | Secure mobile wireless communications platform | |
| CN114465803A (en) | Object authorization method, device, system and storage medium | |
| CN105407467A (en) | Short message encryption methods, devices and system | |
| CN105142134A (en) | Parameter obtaining and transmission methods/devices | |
| WO2017050152A1 (en) | Password security system adopted by mobile apparatus and secure password entering method thereof | |
| CN106685897B (en) | Safe input method, device and system | |
| CN104462877B (en) | A kind of digital resource acquisition method under copyright protection and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| REG | Reference to a national code |
Ref country code: HK Ref legal event code: DE Ref document number: 1234926 Country of ref document: HK |
|
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |