CN107733936A - A kind of encryption method of mobile data - Google Patents

A kind of encryption method of mobile data Download PDF

Info

Publication number
CN107733936A
CN107733936A CN201711257708.5A CN201711257708A CN107733936A CN 107733936 A CN107733936 A CN 107733936A CN 201711257708 A CN201711257708 A CN 201711257708A CN 107733936 A CN107733936 A CN 107733936A
Authority
CN
China
Prior art keywords
key
encryption
safety means
mobile
means hardware
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201711257708.5A
Other languages
Chinese (zh)
Other versions
CN107733936B (en
Inventor
王潇
孙建
张淑娟
朱颖
丁全
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Corp of China SGCC
Electric Power Research Institute of State Grid Anhui Electric Power Co Ltd
Original Assignee
State Grid Corp of China SGCC
Electric Power Research Institute of State Grid Anhui Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Corp of China SGCC, Electric Power Research Institute of State Grid Anhui Electric Power Co Ltd filed Critical State Grid Corp of China SGCC
Priority to CN201711257708.5A priority Critical patent/CN107733936B/en
Publication of CN107733936A publication Critical patent/CN107733936A/en
Application granted granted Critical
Publication of CN107733936B publication Critical patent/CN107733936B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention relates to information security field, more specifically, more particularly to a kind of encryption method of mobile data.The encryption method of the mobile data includes data transfer encryption method and data storage encryption method, the data transfer encryption method creativeness is additionally arranged safety means hardware A and safety means hardware B, transmission AES is realized by the safety means hardware A and safety means hardware B that set up, encryption and decryption calculating task is partially stripped out from server primary processor, it is transplanted on single safety means hardware, so as to be greatly improved computational efficiency, and the higher grade of information privacy, security is more preferable.

Description

A kind of encryption method of mobile data
Technical field
The present invention relates to information security field, more specifically, more particularly to a kind of encryption method of mobile data.
Background technology
With the rapid development of network, user greatly improves operating efficiency by this network, but simultaneously, network there is Various potential safety hazards, various internet security Frequent Accidents in recent years, various security risks will be faced by being connected into internet, Such as leakage of information, information is distorted, resource stealing etc..Also with the development of electronic industry, mobile device such as smart mobile phone, put down Plate, notebook etc. are also to enter huge numbers of families, and while mobile device is easy to carry also along with it is easy to be lost the shortcomings that, lose The software in equipment is arbitrarily used by other people afterwards, causes the leakage of various important informations.The presence of these risks hinders network Application and development, under networking, the irreversible situation of the process of IT application, ensure information safety most important.
Technology in the prior art on the data encryption of mobile device is highly developed, such as:
Chinese patent literature ZL200710065062.0 discloses a kind of ciphering type mobile storage apparatus, including:Memory, For data storage;Communication interface modules, for carrying out data transmission with external equipment;Wireless receiving module, receive wireless communication Number;Data processing module, the key in the wireless signal is extracted, include ciphering unit in the data processing module and decryption is single The file stored into memory is encrypted using effective key for member, the ciphering unit, and decryption unit is used for from storage The file of encryption taken out in device is decrypted, and when key of the decryption unit only in wireless signal and effective cipher key match File can will have been encrypted to be decrypted;Clock unit, clock pulses is provided to data processing module.Data processing module according to when Clock monitors whether to receive new wireless signal in setting time, and is included and effective cipher key match in the wireless signal Key, as do not received in setting time or key mismatch if decryption unit can not be decrypted to having encrypted file.
Chinese patent literature CN201410569920.5 discloses a kind of mobile hard disk of data encryption, including disk and It is provided with disk and the extraneous data-interface for carrying out data interaction, it is characterised in that also include:Connect the safety of data-interface Identification module and control module, when the safe class that the equipment for having data interaction with disk is recognized by security identity module is less than During default safe class, control module control cut-out has the connection of the equipment of data interaction with disk;Also include:Data encrypting and deciphering Engine, data-interface is arranged at, it is big in the safe class that the equipment for having data interaction with disk is recognized by security identity module When default safe class, encryption and decryption is carried out to the data for passing in and out disk.
Chinese patent literature CN201310677217.1 discloses a kind of data security protection method of mobile memory medium, The file system that an operating system can not load is created on mobile memory medium;The checking password inputted according to user, it is raw Into the random key of file system, text is saved in by the cryptographic Hash for verifying password and using the random key after checking password encryption In part system;Data encrypting and deciphering operation is carried out to mobile memory medium using random key, so as to realize to mobile memory medium Data security protecting.
Chinese patent literature CN201210034983.1 discloses a kind of file encryption based on cloud storage, decryption method, This method includes:File write-in is initiated in application terminal to cloud storage platform, and cloud storage platform carries out burst storage to file;Encryption Distributed cryptographic is carried out to the file of burst storage to cloud storage platform with decryption platform.
The encryption hardware and software that above-mentioned encryption method is carried in itself by equipment are encrypted, and data are easily by broken Solution.
The content of the invention
For above-mentioned deficiency of the prior art, it is an object of the invention to provide a kind of encryption method of mobile data, It can ensure and improve mobile data safety.
To achieve the above object, present invention employs following technical scheme:
A kind of encryption method of mobile data, including data transfer encryption method and data storage encryption method, the number Applied according to transmission encryption method in data transfer encryption system, the data transfer encryption system includes Mobile solution client End, mobile application server end, safety means hardware A, safety means hardware B and key management data storehouse;The safety means Hardware A is engaged with Mobile solution client, and is stored with initial key SA in safety means hardware A;The safety means are hard Part B is engaged with mobile application server end;The key management data storehouse is in internal network, is carried out with external common network Physical isolation, and the key management data storehouse can only be accessed by the mobile application server end, the key management data Storehouse is also stored with initial key SA;
The data transfer encryption method comprises the following steps:
S11, the Mobile solution client obtain safety means hardware A ID, wherein, the safety means hardware A's ID is set in production, and can not be changed, for unique mark safety means hardware A;
S12, the Mobile solution client send the request of more new key to the safety means hardware A;
When S13, the safety means hardware A receive the request that the Mobile solution client is sent, randomly generate first One key seed RA, and the key seed RA and initial key SA is subjected to computing using key schedule, obtain Obtain final key KEY;Meanwhile the key seed RA of generation is returned to the Mobile solution client by the safety means hardware A End;
S14, after the Mobile solution client obtains key seed RA, the Mobile solution client is by the key Seed RA and safety means hardware A ID are sent to the mobile application server end;
S15, the mobile application server end are according to the safety means hardware A received ID, in the key pipe Searched in reason database and obtain the initial key SA of the safety means hardware A, the mobile application server end will just afterwards Beginning key SA and key seed RA issues the safety means hardware B simultaneously;
S16, the safety means hardware B utilize the key schedule by the key seed RA and initial key SA Computing is carried out, obtains final key KEY, wherein, calculated together in the safety means hardware A and the safety means hardware B During the final key KEY of sample, then the encryption of data transfer is completed at the Mobile solution client and mobile application server end.
In the encryption method of above-mentioned mobile data, as the further technical scheme of the present invention, the peace is stored in Initial key SA in full device hardware A, it is impossible to modify, can not be read from the safety means hardware A.
In the encryption method of above-mentioned mobile data, as the further technical scheme of the present invention, the final key KEY refusals are read by the software outside data transfer encryption system.
In the encryption method of above-mentioned mobile data, as the further technical scheme of the present invention, the key generation Algorithm is SM4 algorithms.
In the encryption method of above-mentioned mobile data, as the further technical scheme of the present invention, the data storage Encryption method includes information encryption flow and information decryption flow, wherein, described information encryption flow comprises the following steps:S21, The PIN code inputted first when user uses every time is received, to enter USB Key systems;
S22, receive user and specific identifiers [A] are inputted to encrypt storage information according to prompt message;
S23, the USB Key systems obtain key [Y0] using specific identifiers [A] described in built-in encryption algorithm for encryption;
S24, the USB Key systems are stored in the built-in ROM module of USB Key systems using the key [Y0] decryption Specific multidimensional key [B], and obtain key group [Y] after decryption, wherein, the specific multidimensional key [B]=[B1, B2, B3 ..., Bn], the specific multidimensional key [B] is that the USB Key systems generate at random, and is stored in the USB Key systems Built-in ROM module in, the key group [Y]=[Y1, Y2, Y3 ..., Yn];
S25, the USB Key systems use key group [Y] to be used as encryption key, and user is needed to encrypt the information of storage [C] is encrypted using AES, obtains encrypted cipher text [D], and by the encrypted cipher text [D] and with the key group [Y] Corresponding relation [D → Y] be stored in the external memory module of USB Key systems, and feedback information is generated, to determine that this adds Close completion, wherein, information [C]=[C1, C2, C3 ..., the Cn] of user's needs encryption storage, the encrypted cipher text [D]=[D1, D2,D3,…,Dn];
Described information decryption flow comprises the following steps:
S31:PIN code need to be inputted first by receiving when user uses every time, to enter USB Key systems;
S32:User is received when needing to decrypt encrypted cipher text [D] in the external memory module of USB Key systems by carrying Show the specific identifiers [A] of input;
S33:The USB Key systems obtain key using specific identifiers [A] described in the built-in encryption algorithm for encryption [Y0];
S34:The USB Key systems are stored in the built-in ROM module of USB Key systems using the key [Y0] decryption Specific multidimensional key [B] obtains key group [Y], wherein key group [Y]=[Y1, Y2, Y3 ..., Yn];
S35:The corresponding relation [D → Y] stored in the USB Key systems reading external memory module, and according to The corresponding relation [D → Y] selection key from [Y] uses AES solution confidential information [D], obtains cleartext information [C] and life Into feedback information, to determine this successful decryption, wherein, the cleartext information [C]=[C1, C2, C3 ..., Cn].
In the encryption method of above-mentioned mobile data, as the further technical scheme of the present invention, the USB Key systems The step of system uses key group [Y] to be used as encryption key, described information [C] is encrypted using AES includes:It is described When USB Key system encryptions calculate at random from key group [Y]=[Y1, Y2, Y3 ..., Yn] one non-selected mistake of selection it is close Information [C] is encrypted key Yi, until the USB Key systems carry out obtaining after n computations altogether encrypting it is close Text [D]=[D1, D2, D3 ..., Dn], wherein, i=1,2,3 ..., n.
In the encryption method of above-mentioned mobile data, as the present invention further technical scheme, the data storage AES in encryption method is SM2 algorithms.
A kind of encryption method of mobile data provided by the invention, it is hard by setting up safety means hardware A and safety means Part B realizes AES, and encryption and decryption calculating task is partially stripped out from server primary processor, is transplanted to individually special In integrated chip, such as:Safety means hardware A and safety means hardware A, so as to be greatly improved computational efficiency, and is improved Security performance.
Further, the present invention has used SM4 algorithms in data transfer encryption method.SM4 algorithms are as a kind of symmetrical Block cipher, announced by China within 2006, it uses the Feistel nonlinear iteration structures of 32 wheels, has very strong resist Differential attack ability, its security reach the standard of advanced block cipher.Presently disclosed result of study is seen do not have also There are the SM4 algorithms that any method can break through 24 wheels, therefore, the SM4 algorithms of 32 wheels have certain safety redundancy, especially suitable The mechanism for being related to financial security of the country in bank etc. moves the encipherment protections of data.
Further, the present invention employs SM2 AESs in data storage guard method, and SM2 algorithms belong to non-right Claim key algorithm, the mode decrypted by using public key encryption private key is worked.In the asymmetric key algorithm course of work, encryption Key and decruption key are different, and encryption key is open to be used, and decruption key only has user oneself to know, attacker without Method calculates decruption key according to encryption key.
The advantages of SM2 algorithms, mainly includes:Key management is simple, required key group negligible amounts during secrecy transmission; Key can publish, and easily propagate without easily cracking;Information privacy it is higher ranked, security is preferable;Key takes storage Space is small.
Brief description of the drawings
Fig. 1 is the timing diagram of the data transfer encryption method in the present invention.
Fig. 2 is the information encryption flow figure in the data store encryption method in the present invention.
Fig. 3 is that the information in the data store encryption method in the present invention decrypts flow chart.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the present invention is clearly and completely retouched State.Based on the embodiment in the present invention, what those of ordinary skill in the art were obtained under the premise of creative work is not made Every other embodiment, belongs to the scope of protection of the invention.
Embodiment 1
In data transfer encryption system, the data transfer encryption system includes Mobile solution client, Mobile solution Server end, safety means hardware A, safety means hardware B and key management data storehouse.The safety means hardware A and movement Applications client is engaged, and is stored with initial key SA in safety means hardware A;The safety means hardware B answers with mobile It is engaged with server end.
In Mobile solution client with mobile application server end to install safety means additional respectively hard for the present invention creative Part, meanwhile, key management data storehouse is set up, the initial key of safety means hardware is managed.In the design, peace Full device hardware (including safety means hardware A, safety means hardware B) mainly possesses four functions:
(1) the unique serial number ID and initial key of safety means hardware are stored;
(2) random key seed generating algorithm is realized;
(3) key algorithm is generated according to key seed and initial key;
(4) it is encrypted/decrypts using key.
Key management data storehouse is then mainly used in management and the initial key corresponding to each safety means hardware ID, and Key management data storehouse is in internal network, is physically separated with external common network, can only be by mobile application server end Access,
Realize during the protection of mobile data transfer, main to consider two factors of safety and speed, one is from peace Full problem angle considers, avoids the enciphering and deciphering algorithm for operating in software level, lacks physical protection, facing poisoning intrusion etc. During problem, encryption/decryption module may distort by virus, so as to cause serious consequence;On the other hand examined in terms of speed issue Consider, avoid mobile application server end and generally require to face thousands of user simultaneously while access, required encryption The problem of data volume is very big, and the requirement to hardware is also higher.
As shown in figure 1, in Fig. 1 using Mobile solution equipment as safety means hardware A, mobile payment client for it is mobile should With client, mobile payment server is mobile application server end, and mobile device hardware is that safety means hardware B is said It is bright.
As shown in figure 1, the data transfer encryption method comprises the following steps:
S11, the mobile payment client obtain the ID of Mobile solution equipment, wherein, the ID of the Mobile solution equipment Set, and can not be changed in production, for the unique mark Mobile solution equipment.
S12, the mobile payment client send the request of more new key to the Mobile solution equipment.
When S13, the Mobile solution equipment receive the request that the mobile payment client is sent, one is randomly generated first Individual key seed RA, and the key seed RA and initial key SA is subjected to computing using key schedule, obtain Final key KEY, meanwhile, the key seed RA of generation is returned to the mobile payment client by the Mobile solution equipment.
S14, after the mobile payment client obtains key seed RA, the mobile payment client is by the key The seed RA and ID of Mobile solution equipment is sent to the mobile payment server.
S15, the mobile payment server are according to the ID of the Mobile solution equipment received, in the key management number The initial key SA of the Mobile solution equipment is obtained according to being searched in storehouse, the mobile payment server is by initial key SA afterwards The mobile device hardware is issued with key seed RA simultaneously.
S16, the mobile device hardware utilize the key schedule by the key seed RA and initial key SA Computing is carried out, obtains final key KEY, wherein, calculated equally in the Mobile solution equipment and the mobile device hardware Final key KEY when, then the mobile payment client and mobile payment server complete the encryption of data transfer.
Encryption and decryption calculating task is partially stripped out from server primary processor to realize by above-mentioned setting, transplanted Onto single safety means hardware, so as to be greatly improved computational efficiency, and the higher grade of the information privacy after encryption, Security is more preferable.
Optionally, in the present embodiment, the initial key SA being stored in the Mobile solution equipment, is in Mobile solution Set during equipment production link, it is impossible to modify, and refuse to read initial key SA from Mobile solution equipment.
Optionally, in the present embodiment, the final key KEY generated refuses by the software outside data transfer encryption system Read, so as to ensure, when bogusware is invaded, physical protection can not to be broken through, cause Key Exposure to be lost.
Optionally, in the present embodiment, key generation is calculated used by key seed RA and initial key SA carries out computing Method is SM4 algorithms.
Wherein, SM4 algorithms are announced as a kind of symmetric block ciphers algorithm, 2006 by China, and it uses 32 wheels Feistel nonlinear iteration structures, have very strong resisting differential attacking ability, and its security reaches advanced block cipher Standard.Presently disclosed result of study is seen, the SM4 algorithms of 24 wheels can be also broken through without any method, therefore, 32 wheels SM4 algorithms have certain safety redundancy, and the mechanism that the bank that is particularly suitable for use in etc. is related to financial security of the country moves number According to encipherment protection.
Embodiment 2
As shown in Fig. 2 being related to data store encryption method in the present embodiment, the data store encryption method includes information Encryption flow and information decryption flow.
Described information encryption flow comprises the following steps:
S21, the PIN code inputted first when user uses every time is received, to enter USB Key systems.Wherein, USB Key System can be the system of mobile payment client.
It should be noted that entering USB Key systems when the PIN code of input is correct, and prompt message is exported, when defeated During the PIN code mistake entered, the PIN code of user's input is received again, until being all mistake in the PIN code inputted after preset times Mistake and no longer receive the PIN code of user's input.
S22, receive user and specific identifiers [A] are inputted to encrypt storage information according to prompt message.
S23, the USB Key systems obtain key [Y0] using specific identifiers [A] described in built-in encryption algorithm for encryption.
S24, the USB Key systems are stored in the built-in ROM module of USB Key systems using the key [Y0] decryption Specific multidimensional key [B], and obtain key group [Y] after decryption, wherein, the specific multidimensional key [B]=[B1, B2, B3 ..., Bn], the specific multidimensional key [B] is that the USB Key systems generate at random, and is stored in the USB Key systems Built-in ROM module in, the key group [Y]=[Y1, Y2, Y3 ..., Yn].
S25, the USB Key systems use key group [Y] to be used as encryption key, and user is needed to encrypt the information of storage [C] is encrypted using AES, obtains encrypted cipher text [D], and by the encrypted cipher text [D] and with the key group [Y] Corresponding relation [D → Y] be stored in the external memory module of USB Key systems, and feedback information is generated, to determine that this adds Close completion, wherein, information [C]=[C1, C2, C3 ..., the Cn] of user's needs encryption storage, encrypted cipher text [D]=[D1, D2, D3,…,Dn]。
Incorporated by reference to Fig. 3, described information decryption flow comprises the following steps:
S31:PIN code need to be inputted first by receiving when user uses every time, to enter USB Key systems.
It should be noted that entering USB Key systems when the PIN code of input is correct, and prompting is exported, when in input During PIN code mistake, the PIN code of user's input is received again, until when the PIN code inputted after preset times is all wrong No longer receive the PIN code of user's input.
S32:User is received when needing to decrypt encrypted cipher text [D] in the external memory module of USB Key systems by carrying Show the specific identifiers [A] of input.
S33:The USB Key systems obtain key using specific identifiers [A] described in the built-in encryption algorithm for encryption [Y0]。
S34:The USB Key systems are stored in the built-in ROM module of USB Key systems using the key [Y0] decryption Specific multidimensional key [B] obtains key group [Y], wherein, the key group [Y]=[Y1, Y2, Y3 ..., Yn].
S35:The corresponding relation [D → Y] stored in the USB Key systems reading external memory module, and according to The corresponding relation [D → Y] selection key from [Y] uses AES solution confidential information [D], obtains cleartext information [C], and raw Into feedback information, to determine this successful decryption, wherein, the cleartext information [C]=[C1, C2, C3 ..., Cn].
Optionally, in the present embodiment, in above-mentioned steps S25, the USB Key systems use key group [Y] conduct Encryption key, the step of described information [C] is encrypted using AES, include:The USB Key system encryptions calculate Shi Suiji key Yi of one non-selected mistake of selection from key group [Y]=[Y1, Y2, Y3 ..., Yn] add to information [C] Close processing, until the USB Key systems carry out obtaining after n computations altogether encrypted cipher text [D]=[D1, D2, D3 ..., Dn], wherein, i=1,2,3 ..., n.
Optionally, in the present embodiment, the AES in the data store encryption method is SM2 algorithms.
Wherein, SM2 algorithms belong to asymmetric key algorithm, and the mode decrypted by using public key encryption private key is worked. In the asymmetric key algorithm course of work, encryption key and decruption key are different, and encryption key is open to be used, and is decrypted Key only has user oneself to know, attacker can not calculate decruption key according to encryption key so that the grade of information privacy Higher, security is preferable.
To sum up, the encryption method of a kind of mobile data provided by the invention, to realize creatively by setting up hardware reality Existing AES, encryption and decryption calculating task is partially stripped out from server primary processor, is transplanted to individually special integrated On chip, so as to be greatly improved computational efficiency.In addition, the present invention has used SM4 algorithms in data transfer encryption method, So that the information after encryption has very strong resisting differential attacking ability, its security reaches the mark of advanced block cipher It is accurate.The present invention employs SM2 AESs in data storage guard method so that key management is simple, secrecy transmission when institute The key group negligible amounts needed, key take memory space it is small, key can publish, and the grade of information privacy compared with Height, security are preferable.
The preferred embodiments of the present invention are the foregoing is only, are not intended to limit the invention, for the skill of this area For art personnel, the present invention can have various modifications and variations.Within the spirit and principles of the invention, that is made any repaiies Change, equivalent substitution, improvement etc., should be included in the scope of the protection.

Claims (7)

1. a kind of encryption method of mobile data, including data transfer encryption method and data storage encryption method, its feature exist In the data transfer encryption method is applied in data transfer encryption system, and the data transfer encryption system includes movement Applications client, mobile application server end, safety means hardware A, safety means hardware B and key management data storehouse;It is described Safety means hardware A is engaged with Mobile solution client, and is stored with initial key SA in safety means hardware A;The peace Full device hardware B is engaged with mobile application server end;The key management data storehouse is in internal network, with external common Network is physically separated, and the key management data storehouse can only be accessed by the mobile application server end, the key Management database is also stored with initial key SA;
The data transfer encryption method comprises the following steps:
S11, the Mobile solution client obtain safety means hardware A ID, wherein, the ID of the safety means hardware A exists Set, and can not be changed during production, for unique mark safety means hardware A;
S12, the Mobile solution client send the request of more new key to the safety means hardware A;
When S13, the safety means hardware A receive the request that the Mobile solution client is sent, one is randomly generated first Key seed RA, and the key seed RA and initial key SA is subjected to computing using key schedule, obtain most Whole key KEY, meanwhile, the key seed RA of generation is returned to the Mobile solution client by the safety means hardware A;
S14, after the Mobile solution client obtains key seed RA, the Mobile solution client is by the key seed RA and safety means hardware A ID are sent to the mobile application server end;
S15, the mobile application server end are according to the safety means hardware A received ID, in the key management number The initial key SA of the safety means hardware A is obtained according to being searched in storehouse, the mobile application server end will be initial close afterwards Key SA and key seed RA issues the safety means hardware B simultaneously;
S16, the safety means hardware B are carried out the key seed RA and initial key SA using the key schedule Computing, final key KEY is obtained, wherein, calculated in the safety means hardware A and the safety means hardware B same During final key KEY, then the encryption of data transfer is completed at the Mobile solution client and mobile application server end.
2. the encryption method of a kind of mobile data according to claim 1, it is characterised in that be stored in the safety means Initial key SA in hardware A, it is impossible to modify, can not be read from the safety means hardware A.
3. the encryption method of a kind of mobile data according to claim 2, it is characterised in that the final key KEY is refused Read by the software outside data transfer encryption system absolutely.
A kind of 4. encryption method of mobile data according to claim 1 or 2 or 3, it is characterised in that the key generation Algorithm is SM4 algorithms.
A kind of 5. encryption method of mobile data according to claim 1, it is characterised in that the data store encryption side Method includes information encryption flow and information decryption flow, wherein, described information encryption flow comprises the following steps:
S21, the PIN code inputted first when user uses every time is received, to enter USB Key systems;
S22, receive user and specific identifiers [A] are inputted to encrypt storage information according to prompt message;
S23, the USB Key systems obtain key [Y0] using specific identifiers [A] described in built-in encryption algorithm for encryption;
S24, the USB Key systems are stored in the spy of the built-in ROM module of USB Key systems using the key [Y0] decryption Determine multidimensional key [B], and obtain key group [Y] after decryption, wherein, the specific multidimensional key [B]=[B1, B2, B3, Bn], the specific multidimensional key [B] is that the USB Key systems generate at random, and is stored in the USB Key In the built-in ROM module of system, the key group [Y]=[Y1, Y2, Y3, Yn];
S25, the USB Key systems use key group [Y] to be used as encryption key, and user is needed to encrypt the information [C] of storage It is encrypted using AES, obtains encrypted cipher text [D], and by the encrypted cipher text [D] and pair with the key group [Y] It should be related to that [D → Y] is stored in the external memory module of USB Key systems, and generate feedback information, to determine that this has been encrypted Into, wherein, the information [C] that user's needs encryption stores=[C1, C2, C3, Cn], encrypted cipher text [D]=[D1, D2, D3,···,Dn];
Described information decryption flow comprises the following steps:
S31:PIN code need to be inputted first by receiving when user uses every time, to enter USB Key systems;
S32:It is defeated by prompting when needing to decrypt encrypted cipher text [D] in the external memory module of USB Key systems to receive user The specific identifiers [A] entered;
S33:The USB Key systems obtain key [Y0] using specific identifiers [A] described in the built-in encryption algorithm for encryption;
S34:The USB Key systems are stored in the specific of the built-in ROM module of USB Key systems using the key [Y0] decryption Multidimensional key [B] obtains key group [Y], wherein, the key group [Y]=[Y1, Y2, Y3, Yn];
S35:The USB Key systems read the corresponding relation [D → Y] stored in the external memory module, and according to described Corresponding relation [D → Y] selection key from [Y] uses AES solution confidential information [D], obtains cleartext information [C] and generates anti- Feedforward information, to determine this successful decryption, wherein, cleartext information [C]=[C1, C2, C3, Cn].
6. the encryption method of a kind of mobile data according to claim 5, it is characterised in that the USB Key systems make By the use of key group [Y] as encryption key, the step of described information [C] is encrypted using AES, includes:The USB When Key system encryptions calculate at random from key group [Y]=[Y1, Y2, Y3, Yn] one non-selected mistake of selection it is close Information [C] is encrypted key Yi, until the USB Key systems carry out obtaining after n computations altogether encrypting it is close Literary [D]=[D1, D2, D3, Dn], wherein, i=1,2,3, n.
7. the encryption method of a kind of mobile data according to claim 5 or 6, it is characterised in that the data storage adds AES in decryption method is SM2 algorithms.
CN201711257708.5A 2017-12-04 2017-12-04 Encryption method for mobile data Active CN107733936B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711257708.5A CN107733936B (en) 2017-12-04 2017-12-04 Encryption method for mobile data

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711257708.5A CN107733936B (en) 2017-12-04 2017-12-04 Encryption method for mobile data

Publications (2)

Publication Number Publication Date
CN107733936A true CN107733936A (en) 2018-02-23
CN107733936B CN107733936B (en) 2020-08-07

Family

ID=61220946

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711257708.5A Active CN107733936B (en) 2017-12-04 2017-12-04 Encryption method for mobile data

Country Status (1)

Country Link
CN (1) CN107733936B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110995648A (en) * 2019-10-25 2020-04-10 金现代信息产业股份有限公司 Secure encryption method
CN112053476A (en) * 2020-09-08 2020-12-08 四川铁集共联科技股份有限公司 Encryption method and system based on intelligent lock and mobile phone terminal
CN112101977A (en) * 2020-07-01 2020-12-18 上海世强信息技术有限公司 Accurate big data analysis method

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101005357A (en) * 2006-12-28 2007-07-25 北京飞天诚信科技有限公司 Method and system for updating certification key
CN101615322A (en) * 2008-06-25 2009-12-30 上海富友网络技术有限公司 Realization has the mobile terminal payment method and system of magnetic payment function
CN104253694A (en) * 2014-09-27 2014-12-31 杭州电子科技大学 Encrypting method for network data transmission
CN104270242A (en) * 2014-09-27 2015-01-07 杭州电子科技大学 Encryption and decryption device used for network data encryption transmission
CN105376216A (en) * 2015-10-12 2016-03-02 华为技术有限公司 Remote access method, agent server and client end
US20160337361A1 (en) * 2010-04-30 2016-11-17 T-Central, Inc. System and method to use a cloud-based platform supported by an api to authenticate remote users and to provide pki- and pmi- based distributed locking of content and distributed unlocking of protected content

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101005357A (en) * 2006-12-28 2007-07-25 北京飞天诚信科技有限公司 Method and system for updating certification key
CN101615322A (en) * 2008-06-25 2009-12-30 上海富友网络技术有限公司 Realization has the mobile terminal payment method and system of magnetic payment function
US20160337361A1 (en) * 2010-04-30 2016-11-17 T-Central, Inc. System and method to use a cloud-based platform supported by an api to authenticate remote users and to provide pki- and pmi- based distributed locking of content and distributed unlocking of protected content
CN104253694A (en) * 2014-09-27 2014-12-31 杭州电子科技大学 Encrypting method for network data transmission
CN104270242A (en) * 2014-09-27 2015-01-07 杭州电子科技大学 Encryption and decryption device used for network data encryption transmission
CN105376216A (en) * 2015-10-12 2016-03-02 华为技术有限公司 Remote access method, agent server and client end

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110995648A (en) * 2019-10-25 2020-04-10 金现代信息产业股份有限公司 Secure encryption method
CN112101977A (en) * 2020-07-01 2020-12-18 上海世强信息技术有限公司 Accurate big data analysis method
CN112053476A (en) * 2020-09-08 2020-12-08 四川铁集共联科技股份有限公司 Encryption method and system based on intelligent lock and mobile phone terminal

Also Published As

Publication number Publication date
CN107733936B (en) 2020-08-07

Similar Documents

Publication Publication Date Title
US10154021B1 (en) Securitization of temporal digital communications with authentication and validation of user and access devices
Dai et al. SBLWT: A secure blockchain lightweight wallet based on trustzone
Nagaraju et al. Trusted framework for online banking in public cloud using multi-factor authentication and privacy protection gateway
Rezaeighaleh et al. New secure approach to backup cryptocurrency wallets
CN109583219A (en) A kind of data signature, encryption and preservation method, apparatus and equipment
CN108989346A (en) The effective identity trustship agility of third party based on account concealment authenticates access module
JP2015154491A (en) System and method for remote access and remote digital signature
CN101815091A (en) Cipher providing equipment, cipher authentication system and cipher authentication method
CN110519046A (en) Quantum communications service station cryptographic key negotiation method and system based on disposable asymmetric key pair and QKD
CN107871081A (en) A kind of computer information safe system
CN106682903A (en) Feedback verification method of bank payment permission authentication information
BR112018013306B1 (en) METHOD AND SYSTEM OF BANK CARD PASSWORD PROTECTION
CN103378971A (en) Data encryption system and method
CN110474908A (en) Transaction monitoring and managing method and device, storage medium and computer equipment
CN107707562A (en) A kind of method, apparatus of asymmetric dynamic token Encrypt and Decrypt algorithm
WO2017050152A1 (en) Password security system adopted by mobile apparatus and secure password entering method thereof
CN107733936A (en) A kind of encryption method of mobile data
Süzen et al. Blockchain-based secure credit card storage system for e-commerce
CN102752112A (en) Authority control method and device based on signed message 1 (SM1)/SM2 algorithm
Nowroozi et al. Cryptocurrency wallets: assessment and security
CN102270182B (en) Encrypted mobile storage equipment based on synchronous user and host machine authentication
CN201717885U (en) Code providing equipment and code identification system
CN101547098B (en) Method and system for security certification of public network data transmission
KR101327193B1 (en) A user-access trackable security method for removable storage media
CN104009851A (en) One-time pad bidirectional authentication safe logging technology for internet bank

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant