CN107733936A - A kind of encryption method of mobile data - Google Patents
A kind of encryption method of mobile data Download PDFInfo
- Publication number
- CN107733936A CN107733936A CN201711257708.5A CN201711257708A CN107733936A CN 107733936 A CN107733936 A CN 107733936A CN 201711257708 A CN201711257708 A CN 201711257708A CN 107733936 A CN107733936 A CN 107733936A
- Authority
- CN
- China
- Prior art keywords
- key
- encryption
- safety means
- mobile
- means hardware
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The present invention relates to information security field, more specifically, more particularly to a kind of encryption method of mobile data.The encryption method of the mobile data includes data transfer encryption method and data storage encryption method, the data transfer encryption method creativeness is additionally arranged safety means hardware A and safety means hardware B, transmission AES is realized by the safety means hardware A and safety means hardware B that set up, encryption and decryption calculating task is partially stripped out from server primary processor, it is transplanted on single safety means hardware, so as to be greatly improved computational efficiency, and the higher grade of information privacy, security is more preferable.
Description
Technical field
The present invention relates to information security field, more specifically, more particularly to a kind of encryption method of mobile data.
Background technology
With the rapid development of network, user greatly improves operating efficiency by this network, but simultaneously, network there is
Various potential safety hazards, various internet security Frequent Accidents in recent years, various security risks will be faced by being connected into internet,
Such as leakage of information, information is distorted, resource stealing etc..Also with the development of electronic industry, mobile device such as smart mobile phone, put down
Plate, notebook etc. are also to enter huge numbers of families, and while mobile device is easy to carry also along with it is easy to be lost the shortcomings that, lose
The software in equipment is arbitrarily used by other people afterwards, causes the leakage of various important informations.The presence of these risks hinders network
Application and development, under networking, the irreversible situation of the process of IT application, ensure information safety most important.
Technology in the prior art on the data encryption of mobile device is highly developed, such as:
Chinese patent literature ZL200710065062.0 discloses a kind of ciphering type mobile storage apparatus, including:Memory,
For data storage;Communication interface modules, for carrying out data transmission with external equipment;Wireless receiving module, receive wireless communication
Number;Data processing module, the key in the wireless signal is extracted, include ciphering unit in the data processing module and decryption is single
The file stored into memory is encrypted using effective key for member, the ciphering unit, and decryption unit is used for from storage
The file of encryption taken out in device is decrypted, and when key of the decryption unit only in wireless signal and effective cipher key match
File can will have been encrypted to be decrypted;Clock unit, clock pulses is provided to data processing module.Data processing module according to when
Clock monitors whether to receive new wireless signal in setting time, and is included and effective cipher key match in the wireless signal
Key, as do not received in setting time or key mismatch if decryption unit can not be decrypted to having encrypted file.
Chinese patent literature CN201410569920.5 discloses a kind of mobile hard disk of data encryption, including disk and
It is provided with disk and the extraneous data-interface for carrying out data interaction, it is characterised in that also include:Connect the safety of data-interface
Identification module and control module, when the safe class that the equipment for having data interaction with disk is recognized by security identity module is less than
During default safe class, control module control cut-out has the connection of the equipment of data interaction with disk;Also include:Data encrypting and deciphering
Engine, data-interface is arranged at, it is big in the safe class that the equipment for having data interaction with disk is recognized by security identity module
When default safe class, encryption and decryption is carried out to the data for passing in and out disk.
Chinese patent literature CN201310677217.1 discloses a kind of data security protection method of mobile memory medium,
The file system that an operating system can not load is created on mobile memory medium;The checking password inputted according to user, it is raw
Into the random key of file system, text is saved in by the cryptographic Hash for verifying password and using the random key after checking password encryption
In part system;Data encrypting and deciphering operation is carried out to mobile memory medium using random key, so as to realize to mobile memory medium
Data security protecting.
Chinese patent literature CN201210034983.1 discloses a kind of file encryption based on cloud storage, decryption method,
This method includes:File write-in is initiated in application terminal to cloud storage platform, and cloud storage platform carries out burst storage to file;Encryption
Distributed cryptographic is carried out to the file of burst storage to cloud storage platform with decryption platform.
The encryption hardware and software that above-mentioned encryption method is carried in itself by equipment are encrypted, and data are easily by broken
Solution.
The content of the invention
For above-mentioned deficiency of the prior art, it is an object of the invention to provide a kind of encryption method of mobile data,
It can ensure and improve mobile data safety.
To achieve the above object, present invention employs following technical scheme:
A kind of encryption method of mobile data, including data transfer encryption method and data storage encryption method, the number
Applied according to transmission encryption method in data transfer encryption system, the data transfer encryption system includes Mobile solution client
End, mobile application server end, safety means hardware A, safety means hardware B and key management data storehouse;The safety means
Hardware A is engaged with Mobile solution client, and is stored with initial key SA in safety means hardware A;The safety means are hard
Part B is engaged with mobile application server end;The key management data storehouse is in internal network, is carried out with external common network
Physical isolation, and the key management data storehouse can only be accessed by the mobile application server end, the key management data
Storehouse is also stored with initial key SA;
The data transfer encryption method comprises the following steps:
S11, the Mobile solution client obtain safety means hardware A ID, wherein, the safety means hardware A's
ID is set in production, and can not be changed, for unique mark safety means hardware A;
S12, the Mobile solution client send the request of more new key to the safety means hardware A;
When S13, the safety means hardware A receive the request that the Mobile solution client is sent, randomly generate first
One key seed RA, and the key seed RA and initial key SA is subjected to computing using key schedule, obtain
Obtain final key KEY;Meanwhile the key seed RA of generation is returned to the Mobile solution client by the safety means hardware A
End;
S14, after the Mobile solution client obtains key seed RA, the Mobile solution client is by the key
Seed RA and safety means hardware A ID are sent to the mobile application server end;
S15, the mobile application server end are according to the safety means hardware A received ID, in the key pipe
Searched in reason database and obtain the initial key SA of the safety means hardware A, the mobile application server end will just afterwards
Beginning key SA and key seed RA issues the safety means hardware B simultaneously;
S16, the safety means hardware B utilize the key schedule by the key seed RA and initial key SA
Computing is carried out, obtains final key KEY, wherein, calculated together in the safety means hardware A and the safety means hardware B
During the final key KEY of sample, then the encryption of data transfer is completed at the Mobile solution client and mobile application server end.
In the encryption method of above-mentioned mobile data, as the further technical scheme of the present invention, the peace is stored in
Initial key SA in full device hardware A, it is impossible to modify, can not be read from the safety means hardware A.
In the encryption method of above-mentioned mobile data, as the further technical scheme of the present invention, the final key
KEY refusals are read by the software outside data transfer encryption system.
In the encryption method of above-mentioned mobile data, as the further technical scheme of the present invention, the key generation
Algorithm is SM4 algorithms.
In the encryption method of above-mentioned mobile data, as the further technical scheme of the present invention, the data storage
Encryption method includes information encryption flow and information decryption flow, wherein, described information encryption flow comprises the following steps:S21,
The PIN code inputted first when user uses every time is received, to enter USB Key systems;
S22, receive user and specific identifiers [A] are inputted to encrypt storage information according to prompt message;
S23, the USB Key systems obtain key [Y0] using specific identifiers [A] described in built-in encryption algorithm for encryption;
S24, the USB Key systems are stored in the built-in ROM module of USB Key systems using the key [Y0] decryption
Specific multidimensional key [B], and obtain key group [Y] after decryption, wherein, the specific multidimensional key [B]=[B1, B2,
B3 ..., Bn], the specific multidimensional key [B] is that the USB Key systems generate at random, and is stored in the USB Key systems
Built-in ROM module in, the key group [Y]=[Y1, Y2, Y3 ..., Yn];
S25, the USB Key systems use key group [Y] to be used as encryption key, and user is needed to encrypt the information of storage
[C] is encrypted using AES, obtains encrypted cipher text [D], and by the encrypted cipher text [D] and with the key group [Y]
Corresponding relation [D → Y] be stored in the external memory module of USB Key systems, and feedback information is generated, to determine that this adds
Close completion, wherein, information [C]=[C1, C2, C3 ..., the Cn] of user's needs encryption storage, the encrypted cipher text [D]=[D1,
D2,D3,…,Dn];
Described information decryption flow comprises the following steps:
S31:PIN code need to be inputted first by receiving when user uses every time, to enter USB Key systems;
S32:User is received when needing to decrypt encrypted cipher text [D] in the external memory module of USB Key systems by carrying
Show the specific identifiers [A] of input;
S33:The USB Key systems obtain key using specific identifiers [A] described in the built-in encryption algorithm for encryption
[Y0];
S34:The USB Key systems are stored in the built-in ROM module of USB Key systems using the key [Y0] decryption
Specific multidimensional key [B] obtains key group [Y], wherein key group [Y]=[Y1, Y2, Y3 ..., Yn];
S35:The corresponding relation [D → Y] stored in the USB Key systems reading external memory module, and according to
The corresponding relation [D → Y] selection key from [Y] uses AES solution confidential information [D], obtains cleartext information [C] and life
Into feedback information, to determine this successful decryption, wherein, the cleartext information [C]=[C1, C2, C3 ..., Cn].
In the encryption method of above-mentioned mobile data, as the further technical scheme of the present invention, the USB Key systems
The step of system uses key group [Y] to be used as encryption key, described information [C] is encrypted using AES includes:It is described
When USB Key system encryptions calculate at random from key group [Y]=[Y1, Y2, Y3 ..., Yn] one non-selected mistake of selection it is close
Information [C] is encrypted key Yi, until the USB Key systems carry out obtaining after n computations altogether encrypting it is close
Text [D]=[D1, D2, D3 ..., Dn], wherein, i=1,2,3 ..., n.
In the encryption method of above-mentioned mobile data, as the present invention further technical scheme, the data storage
AES in encryption method is SM2 algorithms.
A kind of encryption method of mobile data provided by the invention, it is hard by setting up safety means hardware A and safety means
Part B realizes AES, and encryption and decryption calculating task is partially stripped out from server primary processor, is transplanted to individually special
In integrated chip, such as:Safety means hardware A and safety means hardware A, so as to be greatly improved computational efficiency, and is improved
Security performance.
Further, the present invention has used SM4 algorithms in data transfer encryption method.SM4 algorithms are as a kind of symmetrical
Block cipher, announced by China within 2006, it uses the Feistel nonlinear iteration structures of 32 wheels, has very strong resist
Differential attack ability, its security reach the standard of advanced block cipher.Presently disclosed result of study is seen do not have also
There are the SM4 algorithms that any method can break through 24 wheels, therefore, the SM4 algorithms of 32 wheels have certain safety redundancy, especially suitable
The mechanism for being related to financial security of the country in bank etc. moves the encipherment protections of data.
Further, the present invention employs SM2 AESs in data storage guard method, and SM2 algorithms belong to non-right
Claim key algorithm, the mode decrypted by using public key encryption private key is worked.In the asymmetric key algorithm course of work, encryption
Key and decruption key are different, and encryption key is open to be used, and decruption key only has user oneself to know, attacker without
Method calculates decruption key according to encryption key.
The advantages of SM2 algorithms, mainly includes:Key management is simple, required key group negligible amounts during secrecy transmission;
Key can publish, and easily propagate without easily cracking;Information privacy it is higher ranked, security is preferable;Key takes storage
Space is small.
Brief description of the drawings
Fig. 1 is the timing diagram of the data transfer encryption method in the present invention.
Fig. 2 is the information encryption flow figure in the data store encryption method in the present invention.
Fig. 3 is that the information in the data store encryption method in the present invention decrypts flow chart.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the present invention is clearly and completely retouched
State.Based on the embodiment in the present invention, what those of ordinary skill in the art were obtained under the premise of creative work is not made
Every other embodiment, belongs to the scope of protection of the invention.
Embodiment 1
In data transfer encryption system, the data transfer encryption system includes Mobile solution client, Mobile solution
Server end, safety means hardware A, safety means hardware B and key management data storehouse.The safety means hardware A and movement
Applications client is engaged, and is stored with initial key SA in safety means hardware A;The safety means hardware B answers with mobile
It is engaged with server end.
In Mobile solution client with mobile application server end to install safety means additional respectively hard for the present invention creative
Part, meanwhile, key management data storehouse is set up, the initial key of safety means hardware is managed.In the design, peace
Full device hardware (including safety means hardware A, safety means hardware B) mainly possesses four functions:
(1) the unique serial number ID and initial key of safety means hardware are stored;
(2) random key seed generating algorithm is realized;
(3) key algorithm is generated according to key seed and initial key;
(4) it is encrypted/decrypts using key.
Key management data storehouse is then mainly used in management and the initial key corresponding to each safety means hardware ID, and
Key management data storehouse is in internal network, is physically separated with external common network, can only be by mobile application server end
Access,
Realize during the protection of mobile data transfer, main to consider two factors of safety and speed, one is from peace
Full problem angle considers, avoids the enciphering and deciphering algorithm for operating in software level, lacks physical protection, facing poisoning intrusion etc.
During problem, encryption/decryption module may distort by virus, so as to cause serious consequence;On the other hand examined in terms of speed issue
Consider, avoid mobile application server end and generally require to face thousands of user simultaneously while access, required encryption
The problem of data volume is very big, and the requirement to hardware is also higher.
As shown in figure 1, in Fig. 1 using Mobile solution equipment as safety means hardware A, mobile payment client for it is mobile should
With client, mobile payment server is mobile application server end, and mobile device hardware is that safety means hardware B is said
It is bright.
As shown in figure 1, the data transfer encryption method comprises the following steps:
S11, the mobile payment client obtain the ID of Mobile solution equipment, wherein, the ID of the Mobile solution equipment
Set, and can not be changed in production, for the unique mark Mobile solution equipment.
S12, the mobile payment client send the request of more new key to the Mobile solution equipment.
When S13, the Mobile solution equipment receive the request that the mobile payment client is sent, one is randomly generated first
Individual key seed RA, and the key seed RA and initial key SA is subjected to computing using key schedule, obtain
Final key KEY, meanwhile, the key seed RA of generation is returned to the mobile payment client by the Mobile solution equipment.
S14, after the mobile payment client obtains key seed RA, the mobile payment client is by the key
The seed RA and ID of Mobile solution equipment is sent to the mobile payment server.
S15, the mobile payment server are according to the ID of the Mobile solution equipment received, in the key management number
The initial key SA of the Mobile solution equipment is obtained according to being searched in storehouse, the mobile payment server is by initial key SA afterwards
The mobile device hardware is issued with key seed RA simultaneously.
S16, the mobile device hardware utilize the key schedule by the key seed RA and initial key SA
Computing is carried out, obtains final key KEY, wherein, calculated equally in the Mobile solution equipment and the mobile device hardware
Final key KEY when, then the mobile payment client and mobile payment server complete the encryption of data transfer.
Encryption and decryption calculating task is partially stripped out from server primary processor to realize by above-mentioned setting, transplanted
Onto single safety means hardware, so as to be greatly improved computational efficiency, and the higher grade of the information privacy after encryption,
Security is more preferable.
Optionally, in the present embodiment, the initial key SA being stored in the Mobile solution equipment, is in Mobile solution
Set during equipment production link, it is impossible to modify, and refuse to read initial key SA from Mobile solution equipment.
Optionally, in the present embodiment, the final key KEY generated refuses by the software outside data transfer encryption system
Read, so as to ensure, when bogusware is invaded, physical protection can not to be broken through, cause Key Exposure to be lost.
Optionally, in the present embodiment, key generation is calculated used by key seed RA and initial key SA carries out computing
Method is SM4 algorithms.
Wherein, SM4 algorithms are announced as a kind of symmetric block ciphers algorithm, 2006 by China, and it uses 32 wheels
Feistel nonlinear iteration structures, have very strong resisting differential attacking ability, and its security reaches advanced block cipher
Standard.Presently disclosed result of study is seen, the SM4 algorithms of 24 wheels can be also broken through without any method, therefore, 32 wheels
SM4 algorithms have certain safety redundancy, and the mechanism that the bank that is particularly suitable for use in etc. is related to financial security of the country moves number
According to encipherment protection.
Embodiment 2
As shown in Fig. 2 being related to data store encryption method in the present embodiment, the data store encryption method includes information
Encryption flow and information decryption flow.
Described information encryption flow comprises the following steps:
S21, the PIN code inputted first when user uses every time is received, to enter USB Key systems.Wherein, USB Key
System can be the system of mobile payment client.
It should be noted that entering USB Key systems when the PIN code of input is correct, and prompt message is exported, when defeated
During the PIN code mistake entered, the PIN code of user's input is received again, until being all mistake in the PIN code inputted after preset times
Mistake and no longer receive the PIN code of user's input.
S22, receive user and specific identifiers [A] are inputted to encrypt storage information according to prompt message.
S23, the USB Key systems obtain key [Y0] using specific identifiers [A] described in built-in encryption algorithm for encryption.
S24, the USB Key systems are stored in the built-in ROM module of USB Key systems using the key [Y0] decryption
Specific multidimensional key [B], and obtain key group [Y] after decryption, wherein, the specific multidimensional key [B]=[B1, B2,
B3 ..., Bn], the specific multidimensional key [B] is that the USB Key systems generate at random, and is stored in the USB Key systems
Built-in ROM module in, the key group [Y]=[Y1, Y2, Y3 ..., Yn].
S25, the USB Key systems use key group [Y] to be used as encryption key, and user is needed to encrypt the information of storage
[C] is encrypted using AES, obtains encrypted cipher text [D], and by the encrypted cipher text [D] and with the key group [Y]
Corresponding relation [D → Y] be stored in the external memory module of USB Key systems, and feedback information is generated, to determine that this adds
Close completion, wherein, information [C]=[C1, C2, C3 ..., the Cn] of user's needs encryption storage, encrypted cipher text [D]=[D1, D2,
D3,…,Dn]。
Incorporated by reference to Fig. 3, described information decryption flow comprises the following steps:
S31:PIN code need to be inputted first by receiving when user uses every time, to enter USB Key systems.
It should be noted that entering USB Key systems when the PIN code of input is correct, and prompting is exported, when in input
During PIN code mistake, the PIN code of user's input is received again, until when the PIN code inputted after preset times is all wrong
No longer receive the PIN code of user's input.
S32:User is received when needing to decrypt encrypted cipher text [D] in the external memory module of USB Key systems by carrying
Show the specific identifiers [A] of input.
S33:The USB Key systems obtain key using specific identifiers [A] described in the built-in encryption algorithm for encryption
[Y0]。
S34:The USB Key systems are stored in the built-in ROM module of USB Key systems using the key [Y0] decryption
Specific multidimensional key [B] obtains key group [Y], wherein, the key group [Y]=[Y1, Y2, Y3 ..., Yn].
S35:The corresponding relation [D → Y] stored in the USB Key systems reading external memory module, and according to
The corresponding relation [D → Y] selection key from [Y] uses AES solution confidential information [D], obtains cleartext information [C], and raw
Into feedback information, to determine this successful decryption, wherein, the cleartext information [C]=[C1, C2, C3 ..., Cn].
Optionally, in the present embodiment, in above-mentioned steps S25, the USB Key systems use key group [Y] conduct
Encryption key, the step of described information [C] is encrypted using AES, include:The USB Key system encryptions calculate
Shi Suiji key Yi of one non-selected mistake of selection from key group [Y]=[Y1, Y2, Y3 ..., Yn] add to information [C]
Close processing, until the USB Key systems carry out obtaining after n computations altogether encrypted cipher text [D]=[D1, D2, D3 ...,
Dn], wherein, i=1,2,3 ..., n.
Optionally, in the present embodiment, the AES in the data store encryption method is SM2 algorithms.
Wherein, SM2 algorithms belong to asymmetric key algorithm, and the mode decrypted by using public key encryption private key is worked.
In the asymmetric key algorithm course of work, encryption key and decruption key are different, and encryption key is open to be used, and is decrypted
Key only has user oneself to know, attacker can not calculate decruption key according to encryption key so that the grade of information privacy
Higher, security is preferable.
To sum up, the encryption method of a kind of mobile data provided by the invention, to realize creatively by setting up hardware reality
Existing AES, encryption and decryption calculating task is partially stripped out from server primary processor, is transplanted to individually special integrated
On chip, so as to be greatly improved computational efficiency.In addition, the present invention has used SM4 algorithms in data transfer encryption method,
So that the information after encryption has very strong resisting differential attacking ability, its security reaches the mark of advanced block cipher
It is accurate.The present invention employs SM2 AESs in data storage guard method so that key management is simple, secrecy transmission when institute
The key group negligible amounts needed, key take memory space it is small, key can publish, and the grade of information privacy compared with
Height, security are preferable.
The preferred embodiments of the present invention are the foregoing is only, are not intended to limit the invention, for the skill of this area
For art personnel, the present invention can have various modifications and variations.Within the spirit and principles of the invention, that is made any repaiies
Change, equivalent substitution, improvement etc., should be included in the scope of the protection.
Claims (7)
1. a kind of encryption method of mobile data, including data transfer encryption method and data storage encryption method, its feature exist
In the data transfer encryption method is applied in data transfer encryption system, and the data transfer encryption system includes movement
Applications client, mobile application server end, safety means hardware A, safety means hardware B and key management data storehouse;It is described
Safety means hardware A is engaged with Mobile solution client, and is stored with initial key SA in safety means hardware A;The peace
Full device hardware B is engaged with mobile application server end;The key management data storehouse is in internal network, with external common
Network is physically separated, and the key management data storehouse can only be accessed by the mobile application server end, the key
Management database is also stored with initial key SA;
The data transfer encryption method comprises the following steps:
S11, the Mobile solution client obtain safety means hardware A ID, wherein, the ID of the safety means hardware A exists
Set, and can not be changed during production, for unique mark safety means hardware A;
S12, the Mobile solution client send the request of more new key to the safety means hardware A;
When S13, the safety means hardware A receive the request that the Mobile solution client is sent, one is randomly generated first
Key seed RA, and the key seed RA and initial key SA is subjected to computing using key schedule, obtain most
Whole key KEY, meanwhile, the key seed RA of generation is returned to the Mobile solution client by the safety means hardware A;
S14, after the Mobile solution client obtains key seed RA, the Mobile solution client is by the key seed
RA and safety means hardware A ID are sent to the mobile application server end;
S15, the mobile application server end are according to the safety means hardware A received ID, in the key management number
The initial key SA of the safety means hardware A is obtained according to being searched in storehouse, the mobile application server end will be initial close afterwards
Key SA and key seed RA issues the safety means hardware B simultaneously;
S16, the safety means hardware B are carried out the key seed RA and initial key SA using the key schedule
Computing, final key KEY is obtained, wherein, calculated in the safety means hardware A and the safety means hardware B same
During final key KEY, then the encryption of data transfer is completed at the Mobile solution client and mobile application server end.
2. the encryption method of a kind of mobile data according to claim 1, it is characterised in that be stored in the safety means
Initial key SA in hardware A, it is impossible to modify, can not be read from the safety means hardware A.
3. the encryption method of a kind of mobile data according to claim 2, it is characterised in that the final key KEY is refused
Read by the software outside data transfer encryption system absolutely.
A kind of 4. encryption method of mobile data according to claim 1 or 2 or 3, it is characterised in that the key generation
Algorithm is SM4 algorithms.
A kind of 5. encryption method of mobile data according to claim 1, it is characterised in that the data store encryption side
Method includes information encryption flow and information decryption flow, wherein, described information encryption flow comprises the following steps:
S21, the PIN code inputted first when user uses every time is received, to enter USB Key systems;
S22, receive user and specific identifiers [A] are inputted to encrypt storage information according to prompt message;
S23, the USB Key systems obtain key [Y0] using specific identifiers [A] described in built-in encryption algorithm for encryption;
S24, the USB Key systems are stored in the spy of the built-in ROM module of USB Key systems using the key [Y0] decryption
Determine multidimensional key [B], and obtain key group [Y] after decryption, wherein, the specific multidimensional key [B]=[B1, B2,
B3, Bn], the specific multidimensional key [B] is that the USB Key systems generate at random, and is stored in the USB Key
In the built-in ROM module of system, the key group [Y]=[Y1, Y2, Y3, Yn];
S25, the USB Key systems use key group [Y] to be used as encryption key, and user is needed to encrypt the information [C] of storage
It is encrypted using AES, obtains encrypted cipher text [D], and by the encrypted cipher text [D] and pair with the key group [Y]
It should be related to that [D → Y] is stored in the external memory module of USB Key systems, and generate feedback information, to determine that this has been encrypted
Into, wherein, the information [C] that user's needs encryption stores=[C1, C2, C3, Cn], encrypted cipher text [D]=[D1, D2,
D3,···,Dn];
Described information decryption flow comprises the following steps:
S31:PIN code need to be inputted first by receiving when user uses every time, to enter USB Key systems;
S32:It is defeated by prompting when needing to decrypt encrypted cipher text [D] in the external memory module of USB Key systems to receive user
The specific identifiers [A] entered;
S33:The USB Key systems obtain key [Y0] using specific identifiers [A] described in the built-in encryption algorithm for encryption;
S34:The USB Key systems are stored in the specific of the built-in ROM module of USB Key systems using the key [Y0] decryption
Multidimensional key [B] obtains key group [Y], wherein, the key group [Y]=[Y1, Y2, Y3, Yn];
S35:The USB Key systems read the corresponding relation [D → Y] stored in the external memory module, and according to described
Corresponding relation [D → Y] selection key from [Y] uses AES solution confidential information [D], obtains cleartext information [C] and generates anti-
Feedforward information, to determine this successful decryption, wherein, cleartext information [C]=[C1, C2, C3, Cn].
6. the encryption method of a kind of mobile data according to claim 5, it is characterised in that the USB Key systems make
By the use of key group [Y] as encryption key, the step of described information [C] is encrypted using AES, includes:The USB
When Key system encryptions calculate at random from key group [Y]=[Y1, Y2, Y3, Yn] one non-selected mistake of selection it is close
Information [C] is encrypted key Yi, until the USB Key systems carry out obtaining after n computations altogether encrypting it is close
Literary [D]=[D1, D2, D3, Dn], wherein, i=1,2,3, n.
7. the encryption method of a kind of mobile data according to claim 5 or 6, it is characterised in that the data storage adds
AES in decryption method is SM2 algorithms.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711257708.5A CN107733936B (en) | 2017-12-04 | 2017-12-04 | Encryption method for mobile data |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711257708.5A CN107733936B (en) | 2017-12-04 | 2017-12-04 | Encryption method for mobile data |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107733936A true CN107733936A (en) | 2018-02-23 |
CN107733936B CN107733936B (en) | 2020-08-07 |
Family
ID=61220946
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711257708.5A Active CN107733936B (en) | 2017-12-04 | 2017-12-04 | Encryption method for mobile data |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107733936B (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110995648A (en) * | 2019-10-25 | 2020-04-10 | 金现代信息产业股份有限公司 | Secure encryption method |
CN112053476A (en) * | 2020-09-08 | 2020-12-08 | 四川铁集共联科技股份有限公司 | Encryption method and system based on intelligent lock and mobile phone terminal |
CN112101977A (en) * | 2020-07-01 | 2020-12-18 | 上海世强信息技术有限公司 | Accurate big data analysis method |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101005357A (en) * | 2006-12-28 | 2007-07-25 | 北京飞天诚信科技有限公司 | Method and system for updating certification key |
CN101615322A (en) * | 2008-06-25 | 2009-12-30 | 上海富友网络技术有限公司 | Realization has the mobile terminal payment method and system of magnetic payment function |
CN104253694A (en) * | 2014-09-27 | 2014-12-31 | 杭州电子科技大学 | Encrypting method for network data transmission |
CN104270242A (en) * | 2014-09-27 | 2015-01-07 | 杭州电子科技大学 | Encryption and decryption device used for network data encryption transmission |
CN105376216A (en) * | 2015-10-12 | 2016-03-02 | 华为技术有限公司 | Remote access method, agent server and client end |
US20160337361A1 (en) * | 2010-04-30 | 2016-11-17 | T-Central, Inc. | System and method to use a cloud-based platform supported by an api to authenticate remote users and to provide pki- and pmi- based distributed locking of content and distributed unlocking of protected content |
-
2017
- 2017-12-04 CN CN201711257708.5A patent/CN107733936B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101005357A (en) * | 2006-12-28 | 2007-07-25 | 北京飞天诚信科技有限公司 | Method and system for updating certification key |
CN101615322A (en) * | 2008-06-25 | 2009-12-30 | 上海富友网络技术有限公司 | Realization has the mobile terminal payment method and system of magnetic payment function |
US20160337361A1 (en) * | 2010-04-30 | 2016-11-17 | T-Central, Inc. | System and method to use a cloud-based platform supported by an api to authenticate remote users and to provide pki- and pmi- based distributed locking of content and distributed unlocking of protected content |
CN104253694A (en) * | 2014-09-27 | 2014-12-31 | 杭州电子科技大学 | Encrypting method for network data transmission |
CN104270242A (en) * | 2014-09-27 | 2015-01-07 | 杭州电子科技大学 | Encryption and decryption device used for network data encryption transmission |
CN105376216A (en) * | 2015-10-12 | 2016-03-02 | 华为技术有限公司 | Remote access method, agent server and client end |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110995648A (en) * | 2019-10-25 | 2020-04-10 | 金现代信息产业股份有限公司 | Secure encryption method |
CN112101977A (en) * | 2020-07-01 | 2020-12-18 | 上海世强信息技术有限公司 | Accurate big data analysis method |
CN112053476A (en) * | 2020-09-08 | 2020-12-08 | 四川铁集共联科技股份有限公司 | Encryption method and system based on intelligent lock and mobile phone terminal |
Also Published As
Publication number | Publication date |
---|---|
CN107733936B (en) | 2020-08-07 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10154021B1 (en) | Securitization of temporal digital communications with authentication and validation of user and access devices | |
Dai et al. | SBLWT: A secure blockchain lightweight wallet based on trustzone | |
Nagaraju et al. | Trusted framework for online banking in public cloud using multi-factor authentication and privacy protection gateway | |
Rezaeighaleh et al. | New secure approach to backup cryptocurrency wallets | |
CN109583219A (en) | A kind of data signature, encryption and preservation method, apparatus and equipment | |
CN108989346A (en) | The effective identity trustship agility of third party based on account concealment authenticates access module | |
JP2015154491A (en) | System and method for remote access and remote digital signature | |
CN101815091A (en) | Cipher providing equipment, cipher authentication system and cipher authentication method | |
CN110519046A (en) | Quantum communications service station cryptographic key negotiation method and system based on disposable asymmetric key pair and QKD | |
CN107871081A (en) | A kind of computer information safe system | |
CN106682903A (en) | Feedback verification method of bank payment permission authentication information | |
BR112018013306B1 (en) | METHOD AND SYSTEM OF BANK CARD PASSWORD PROTECTION | |
CN103378971A (en) | Data encryption system and method | |
CN110474908A (en) | Transaction monitoring and managing method and device, storage medium and computer equipment | |
CN107707562A (en) | A kind of method, apparatus of asymmetric dynamic token Encrypt and Decrypt algorithm | |
WO2017050152A1 (en) | Password security system adopted by mobile apparatus and secure password entering method thereof | |
CN107733936A (en) | A kind of encryption method of mobile data | |
Süzen et al. | Blockchain-based secure credit card storage system for e-commerce | |
CN102752112A (en) | Authority control method and device based on signed message 1 (SM1)/SM2 algorithm | |
Nowroozi et al. | Cryptocurrency wallets: assessment and security | |
CN102270182B (en) | Encrypted mobile storage equipment based on synchronous user and host machine authentication | |
CN201717885U (en) | Code providing equipment and code identification system | |
CN101547098B (en) | Method and system for security certification of public network data transmission | |
KR101327193B1 (en) | A user-access trackable security method for removable storage media | |
CN104009851A (en) | One-time pad bidirectional authentication safe logging technology for internet bank |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |