CN107733936B - Encryption method for mobile data - Google Patents

Encryption method for mobile data Download PDF

Info

Publication number
CN107733936B
CN107733936B CN201711257708.5A CN201711257708A CN107733936B CN 107733936 B CN107733936 B CN 107733936B CN 201711257708 A CN201711257708 A CN 201711257708A CN 107733936 B CN107733936 B CN 107733936B
Authority
CN
China
Prior art keywords
key
encryption
mobile application
usb
device hardware
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201711257708.5A
Other languages
Chinese (zh)
Other versions
CN107733936A (en
Inventor
王潇
孙建
张淑娟
朱颖
丁全
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Corp of China SGCC
Electric Power Research Institute of State Grid Anhui Electric Power Co Ltd
Original Assignee
State Grid Corp of China SGCC
Electric Power Research Institute of State Grid Anhui Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Corp of China SGCC, Electric Power Research Institute of State Grid Anhui Electric Power Co Ltd filed Critical State Grid Corp of China SGCC
Priority to CN201711257708.5A priority Critical patent/CN107733936B/en
Publication of CN107733936A publication Critical patent/CN107733936A/en
Application granted granted Critical
Publication of CN107733936B publication Critical patent/CN107733936B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention relates to the field of information security, and more particularly, to a method for encrypting mobile data. The encryption method of the mobile data comprises a data transmission encryption method and a data storage encryption method, wherein the data transmission encryption method is creatively provided with a security device hardware A and a security device hardware B, the transmission encryption algorithm is realized by the added security device hardware A and the added security device hardware B, an encryption and decryption calculation task is stripped from a main processor part of a server and transplanted to the independent security device hardware, so that the calculation efficiency is greatly improved, the information confidentiality grade is higher, and the security is better.

Description

Encryption method for mobile data
Technical Field
The present invention relates to the field of information security, and more particularly, to a method for encrypting mobile data.
Background
With the rapid development of the network, the user greatly improves the working efficiency by means of the network, but meanwhile, the network has various potential safety hazards, and in recent years, various internet safety accidents occur frequently, and the internet is connected to face various safety risks, such as information leakage, information tampering, resource embezzlement and the like. With the development of the electronic industry, mobile devices such as smart phones, tablets, notebooks and the like enter thousands of households, the mobile devices are convenient to carry and easy to lose, and software on the lost devices is randomly used by others, so that various important information is leaked. The application and development of the network are hindered by the existence of the risks, and the guarantee of information safety is important under the condition that the networking and informatization process is irreversible.
The prior art techniques for data encryption of mobile devices are well established, such as:
chinese patent document Z L200710065062.0 discloses an encryption type mobile storage device, which includes a memory for storing data, a communication interface module for data transmission with an external device, a wireless receiving module for receiving a wireless signal, a data processing module for extracting a key in the wireless signal, wherein the data processing module includes an encryption unit and a decryption unit, the encryption unit encrypts a file stored in the memory with a valid key, the decryption unit decrypts the encrypted file retrieved from the memory, and the decryption unit decrypts the encrypted file only when the key in the wireless signal matches the valid key, and a clock unit for providing a clock pulse to the data processing module.
Chinese patent document CN201410569920.5 discloses a mobile hard disk with data encryption, which includes a magnetic disk and a data interface arranged on the magnetic disk for data interaction with the outside world, and is characterized by further including: the safety identification module and the control module are connected with the data interface, and when the safety identification module identifies that the safety level of the equipment with data interaction with the disk is lower than the preset safety level, the control module controls to cut off the connection of the equipment with data interaction with the disk; further comprising: and the data encryption and decryption engine is arranged at the data interface and used for encrypting and decrypting the data entering and exiting the disk when the safety identification module identifies that the safety level of the equipment with data interaction with the disk is greater than or equal to the preset safety level.
Chinese patent document CN201310677217.1 discloses a data security protection method for a mobile storage medium, which creates a file system on the mobile storage medium, where an operating system cannot be loaded; generating a random key of the file system according to an authentication password input by a user, and storing a hash value of the authentication password and the random key encrypted by using the authentication password into the file system; and carrying out data encryption and decryption operation on the mobile storage medium by using the random key, thereby realizing the data security protection of the mobile storage medium.
Chinese patent document CN201210034983.1 discloses a file encryption and decryption method based on cloud storage, which includes: the application terminal initiates file writing to the cloud storage platform, and the cloud storage platform performs fragment storage on the file; the encryption and decryption platform performs distributed encryption on the file which is stored in the cloud storage platform in the fragmentation mode.
The encryption method is used for encrypting through the own encryption hardware and software of the equipment, and data is easy to crack.
Disclosure of Invention
In view of the above-mentioned deficiencies in the prior art, the present invention provides a method for encrypting mobile data, which can ensure and improve the security of the mobile data.
In order to achieve the purpose, the invention adopts the following technical scheme:
a mobile data encryption method comprises a data transmission encryption method and a data storage encryption method, wherein the data transmission encryption method is applied to a data transmission encryption system, and the data transmission encryption system comprises a mobile application client, a mobile application server, a security device hardware A, a security device hardware B and a key management database; the security equipment hardware A is matched with the mobile application client, and an initial secret key SA is stored in the security equipment hardware A; the safety equipment hardware B is matched with the mobile application server end; the key management database is positioned in an internal network and is physically isolated from an external public network, the key management database can only be accessed by the mobile application server, and the key management database also stores an initial key SA;
the data transmission encryption method comprises the following steps:
s11, the mobile application client acquires the ID of the safety equipment hardware A, wherein the ID of the safety equipment hardware A is set during production and cannot be modified, and is used for uniquely identifying the safety equipment hardware A;
s12, the mobile application client sends a request for updating the key to the security device hardware A;
s13, when the security device hardware A receives the request sent by the mobile application client, firstly, a KEY seed RA is randomly generated, and the KEY seed RA and the initial KEY SA are operated by using a KEY generation algorithm to obtain a final KEY; meanwhile, the security device hardware A returns the generated key seed RA to the mobile application client;
s14, after the mobile application client obtains the key seed RA, the mobile application client sends the key seed RA and the ID of the security device hardware A to the mobile application server;
s15, the mobile application server side searches and obtains an initial key SA of the security device hardware A in the key management database according to the received ID of the security device hardware A, and then the mobile application server side sends the initial key SA and the key seed RA to the security device hardware B at the same time;
and S16, the secure device hardware B utilizes the KEY generation algorithm to calculate the KEY seed RA and the initial KEY SA to obtain a final KEY KEY, wherein when the secure device hardware A and the secure device hardware B calculate the same final KEY KEY, the mobile application client and the mobile application server end complete the encryption of data transmission.
In the above encryption method for mobile data, as a further technical solution of the present invention, the initial key SA stored in the secure device hardware a cannot be modified and cannot be read out from the secure device hardware a.
In the above encryption method for mobile data, as a further technical solution of the present invention, the final KEY is rejected to be read by software outside the data transmission encryption system.
In the above encryption method for mobile data, as a further aspect of the present invention, the key generation algorithm is an SM4 algorithm.
In the above encryption method for mobile data, as a further technical solution of the present invention, the encryption method for data storage includes an information encryption process and an information decryption process, wherein the information encryption process includes the following steps: s21, receiving a PIN code firstly input by a user when the user uses the USB Key system each time;
s22, receiving the specific identifier [ A ] input by the user according to the prompt message to encrypt the stored message;
s23, the USB Key system encrypts the specific identifier [ A ] by using a built-in encryption algorithm to obtain a secret Key [ Y0 ];
s24, the USB Key system decrypts a specific multidimensional Key [ B ] stored in a built-in ROM module of the USB Key system using the Key [ Y0], and obtains a Key group [ Y ] after decryption, where the specific multidimensional Key [ B ] is [ B1, B2, B3, …, Bn ], the specific multidimensional Key [ B ] is randomly generated by the USB Key system and stored in the built-in ROM module of the USB Key system, and the Key group [ Y ] is [ Y1, Y2, Y3, …, Yn ];
s25, the USB Key system uses a Key group [ Y ] as an encryption Key, encrypts information [ C ] which needs to be encrypted and stored by a user by using an encryption algorithm to obtain an encrypted ciphertext [ D ], stores the encrypted ciphertext [ D ] and a corresponding relation [ D → Y ] with the Key group [ Y ] in an external storage module of the USB Key system, and generates feedback information to determine that the encryption is completed, wherein the information [ C ] which needs to be encrypted and stored by the user is [ C1, C2, C3, …, Cn ], and the encrypted ciphertext [ D ] is [ D1, D2, D3, …, Dn ];
the information decryption process comprises the following steps:
s31: when a receiving user uses the USB Key system, the receiving user needs to firstly input a PIN code to enter the USB Key system;
s32: receiving a specific identifier [ A ] input by a user according to a prompt when the user needs to decrypt an encrypted ciphertext [ D ] in an external storage module of the USB Key system;
s33: the USB Key system encrypts the specific identifier [ A ] by using the built-in encryption algorithm to obtain a secret Key [ Y0 ];
s34: the USB Key system decrypts a specific multidimensional Key [ B ] stored in a built-in ROM module of the USB Key system by using the Key [ Y0] to obtain a Key group [ Y ], wherein the Key group [ Y ] is [ Y1, Y2, Y3, …, Yn ];
s35: the USB Key system reads the corresponding relation [ D → Y ] stored in the external storage module, selects a Key from [ Y ] according to the corresponding relation [ D → Y ] to decrypt information [ D ] by using an encryption algorithm, obtains plaintext information [ C ] and generates feedback information to determine that decryption is successful, wherein the plaintext information [ C ] is [ C1, C2, C3, …, Cn ].
In the above encryption method for mobile data, as a further technical solution of the present invention, the step of encrypting the information [ C ] by using an encryption algorithm using a Key group [ Y ] as an encryption Key by the USB Key system includes: during encryption calculation, the USB Key system randomly selects an unselected Key Yi from a Key group [ Y ] ═ Y1, Y2, Y3, … and Yn ] to encrypt information [ C ] until the USB Key system performs encryption calculation n times in total to obtain encrypted ciphertext [ D ] ═ D1, D2, D3, … and Dn ], wherein i equals 1,2,3, … and n.
In the above encryption method for mobile data, as a further aspect of the present invention, an encryption algorithm in the data storage encryption method is an SM2 algorithm.
The invention provides a mobile data encryption method, which realizes encryption algorithm by adding a security device hardware A and a security device hardware B, strips an encryption and decryption calculation task from a server main processor part and transplants the encryption and decryption calculation task to a single special integrated chip, such as: the safety equipment hardware A and the safety equipment hardware A greatly improve the calculation efficiency and the safety performance.
Further, the invention uses the SM4 algorithm in the data transmission encryption method. The SM4 algorithm is published by China in 2006 as a symmetric block cipher algorithm, uses a 32-round Feistel nonlinear iteration structure, has strong differential attack resistance, and has security reaching the standard of an advanced block cipher algorithm. According to the research results disclosed at present, no method can break through the SM4 algorithm of the 24 rounds, so that the SM4 algorithm of the 32 rounds has certain safety redundancy, and is particularly suitable for the encryption protection of mobile data by organizations related to national financial security, such as banks and the like.
Further, the SM2 encryption algorithm is adopted in the data storage protection method, and the SM2 algorithm belongs to an asymmetric key algorithm and works in a way of encrypting and decrypting a private key by using a public key. In the working process of the asymmetric key algorithm, an encryption key and a decryption key are different, the encryption key is used publicly, the decryption key is only known by a user, and an attacker cannot calculate the decryption key according to the encryption key.
The advantages of the SM2 algorithm mainly include: the key management is simple, and the number of key groups required during secret transmission is small; the secret key can be published in a public way, is easy to spread and is not easy to crack; the information confidentiality level is high, and the safety is good; the key occupies small storage space.
Drawings
Fig. 1 is a timing diagram illustrating a data transmission encryption method according to the present invention.
Fig. 2 is a flow chart of information encryption in the data storage encryption method of the present invention.
FIG. 3 is a flow chart of information decryption in the data storage encryption method of the present invention.
Detailed Description
The technical solution of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Example 1
In the data transmission encryption system, the data transmission encryption system comprises a mobile application client, a mobile application server, a security device hardware A, a security device hardware B and a key management database. The security equipment hardware A is matched with the mobile application client, and an initial secret key SA is stored in the security equipment hardware A; and the safety equipment hardware B is matched with the mobile application server terminal.
The invention creatively installs the security device hardware on the mobile application client and the mobile application server respectively, and sets up the key management database to manage the initial key of the security device hardware. In this design, the security device hardware (including security device hardware a and security device hardware B) mainly has four functions:
(1) storing the unique serial number ID and the initial key of the hardware of the safety equipment;
(2) realizing a random key seed generation algorithm;
(3) generating a key algorithm according to the key seed and the initial key;
(4) encryption/decryption is performed using the key.
The key management database is mainly used for managing initial keys corresponding to the hardware IDs of the safety devices, is positioned in an internal network, is physically isolated from an external public network and can only be accessed by a mobile application server,
the method has the advantages that two factors, namely safety and speed, are mainly considered in the protection process of mobile data transmission, and one factor is considered from the safety problem, so that the encryption and decryption algorithm running at a software level is avoided, physical protection is lacked, and when the problems of virus invasion and the like are encountered, an encryption and decryption module can be tampered by viruses, so that serious consequences are caused; on the other hand, in view of the speed problem, the problems that the mobile application server end always needs to face thousands of users to access simultaneously, the amount of data to be encrypted is very large, and the requirement on hardware is high are solved.
As shown in fig. 1, a mobile application device is taken as a security device hardware a, a mobile payment client is taken as a mobile application client, a mobile payment server is taken as a mobile application server, and mobile device hardware is taken as a security device hardware B for explanation.
As shown in fig. 1, the data transmission encryption method includes the following steps:
and S11, the mobile payment client acquires the ID of the mobile application device, wherein the ID of the mobile application device is set during production and cannot be modified so as to uniquely identify the mobile application device.
S12, the mobile payment client sending a request for updating the key to the mobile application device.
S13, when receiving the request sent by the mobile payment client, the mobile application device first randomly generates a KEY seed RA, and performs an operation on the KEY seed RA and the initial KEY SA by using a KEY generation algorithm to obtain a final KEY, and meanwhile, the mobile application device returns the generated KEY seed RA to the mobile payment client.
S14, after the mobile payment client obtains the key seed RA, the mobile payment client sends the key seed RA and the ID of the mobile application device to the mobile payment server.
S15, the mobile payment server searches the key management database for the initial key SA of the mobile application device according to the received ID of the mobile application device, and then the mobile payment server sends the initial key SA and the key seed RA to the mobile device hardware at the same time.
And S16, the mobile device hardware utilizes the KEY generation algorithm to operate the KEY seed RA and the initial KEY SA to obtain a final KEY KEY, wherein when the mobile application device and the mobile device hardware calculate the same final KEY KEY, the mobile payment client and the mobile payment server complete the encryption of data transmission.
Through the setting, the encryption and decryption calculation task is separated from the main processor part of the server and is transplanted to the hardware of the independent safety equipment, so that the calculation efficiency is greatly improved, the encrypted information is higher in confidentiality grade, and the safety is better.
Optionally, in this embodiment, the initial key SA stored in the mobile application device is set during a production process of the mobile application device, and cannot be modified, and the initial key SA is rejected from being read out from the mobile application device.
Optionally, in this embodiment, the generated final KEY is rejected from being read by software outside the data transmission encryption system, so that it is ensured that physical protection cannot be broken through when virus software is invaded, and the KEY is leaked and lost.
Optionally, in this embodiment, the key generation algorithm used for the operation of the key seed RA and the initial key SA is the SM4 algorithm.
The SM4 algorithm is published by China in 2006 as a symmetric block cipher algorithm, uses a 32-round Feistel nonlinear iteration structure, has strong differential attack resistance, and has security reaching the standard of an advanced block cipher algorithm. According to the research results disclosed at present, no method can break through the SM4 algorithm of the 24 rounds, so that the SM4 algorithm of the 32 rounds has certain safety redundancy, and is particularly suitable for the encryption protection of mobile data by organizations related to national financial security, such as banks and the like.
Example 2
As shown in fig. 2, the present embodiment relates to a data storage encryption method, which includes an information encryption process and an information decryption process.
The information encryption process comprises the following steps:
and S21, receiving the PIN code firstly input by the user for each use so as to enter the USB Key system. The USB Key system can be a system of a mobile payment client.
It should be noted that, when the input PIN code is correct, the USB Key system is entered, and prompt information is output, and when the input PIN code is incorrect, the PIN code input by the user is received again until the input PIN code is incorrect after exceeding the preset number of times, the PIN code input by the user is not received again.
S22, the receiving user inputs the specific identifier [ A ] according to the prompt message to encrypt the storage message.
S23, the USB Key system encrypts the specific identifier [ A ] to obtain a secret Key [ Y0] by using a built-in encryption algorithm.
And S24, the USB Key system decrypts a specific multidimensional Key [ B ] stored in a built-in ROM module of the USB Key system by using the Key [ Y0], and obtains a Key group [ Y ] after decryption, wherein the specific multidimensional Key [ B ] is [ B1, B2, B3, …, Bn ], the specific multidimensional Key [ B ] is randomly generated by the USB Key system and is stored in the built-in ROM module of the USB Key system, and the Key group [ Y ] is [ Y1, Y2, Y3, …, Yn ].
And S25, the USB Key system uses a Key group [ Y ] as an encryption Key, encrypts the information [ C ] which needs to be encrypted and stored by the user by using an encryption algorithm to obtain an encrypted ciphertext [ D ], stores the encrypted ciphertext [ D ] and the corresponding relation [ D → Y ] with the Key group [ Y ] in an external storage module of the USB Key system, and generates feedback information to determine that the encryption is completed, wherein the information [ C ] which needs to be encrypted and stored by the user is [ C1, C2, C3, …, Cn ], and the encrypted ciphertext [ D ] is [ D1, D2, D3, …, Dn ].
Referring to fig. 3, the information decryption process includes the following steps:
s31: when the receiving user uses the USB Key system, the receiving user needs to firstly input the PIN code to enter the USB Key system.
It should be noted that, when the input PIN code is correct, the USB Key system is entered, and a prompt is output, and when the input PIN code is incorrect, the PIN code input by the user is received again until the input PIN codes are all incorrect after exceeding the preset number of times, the PIN code input by the user is no longer received.
S32: and receiving a specific identifier (A) input by a user according to a prompt when the user needs to decrypt an encrypted ciphertext (D) in an external storage module of the USB Key system.
S33: the USB Key system encrypts the specific identifier [ A ] using the built-in encryption algorithm to obtain a Key [ Y0 ].
S34: the USB Key system decrypts a specific multidimensional Key [ B ] stored in a built-in ROM module of the USB Key system using the Key [ Y0] to obtain a Key group [ Y ], where the Key group [ Y ] is [ Y1, Y2, Y3, …, Yn ].
S35: the USB Key system reads the corresponding relation [ D → Y ] stored in the external storage module, selects a Key from [ Y ] according to the corresponding relation [ D → Y ] to decrypt information [ D ] by using an encryption algorithm, obtains plaintext information [ C ], and generates feedback information to determine that decryption is successful at this time, wherein the plaintext information [ C ] is [ C1, C2, C3, …, Cn ].
Optionally, in this embodiment, in step S25, the step of encrypting the information [ C ] by using an encryption algorithm includes: during encryption calculation, the USB Key system randomly selects an unselected Key Yi from a Key group [ Y ] ═ Y1, Y2, Y3, … and Yn ] to encrypt information [ C ] until the USB Key system performs encryption calculation n times in total to obtain encrypted ciphertext [ D ] ═ D1, D2, D3, … and Dn ], wherein i equals 1,2,3, … and n.
Optionally, in this embodiment, the encryption algorithm in the data storage encryption method is an SM2 algorithm.
Among them, the SM2 algorithm belongs to an asymmetric key algorithm, and works by using a public key to encrypt and decrypt a private key. In the working process of the asymmetric key algorithm, the encryption key and the decryption key are different, the encryption key is used publicly, the decryption key is only known by a user, and an attacker cannot calculate the decryption key according to the encryption key, so that the information confidentiality grade is higher, and the safety is better.
In summary, the encryption method for mobile data provided by the invention realizes creatively realizing an encryption algorithm by adding hardware, and separates the encryption and decryption calculation task from the server main processor part to be transplanted to a separate special integrated chip, thereby greatly improving the calculation efficiency. In addition, the SM4 algorithm is used in the data transmission encryption method, so that the encrypted information has strong differential attack resistance, and the security of the encrypted information reaches the standard of an advanced block cipher algorithm. The SM2 encryption algorithm is adopted in the data storage protection method, so that the key management is simple, the number of key groups required during secret transmission is small, the occupied storage space of the key is small, the key can be published publicly, the information secret level is high, and the safety is good.
The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.

Claims (6)

1. A mobile data encryption method comprises a data transmission encryption method and a data storage encryption method, and is characterized in that the data transmission encryption method is applied to a data transmission encryption system, and the data transmission encryption system comprises a mobile application client, a mobile application server, a security device hardware A, a security device hardware B and a key management database; the security equipment hardware A is matched with the mobile application client, and an initial secret key SA is stored in the security equipment hardware A; the safety equipment hardware B is matched with the mobile application server end; the key management database is positioned in an internal network and is physically isolated from an external public network, the key management database can only be accessed by the mobile application server, and the key management database also stores an initial key SA;
the data transmission encryption method comprises the following steps:
s11, the mobile application client acquires the ID of the safety equipment hardware A, wherein the ID of the safety equipment hardware A is set during production and cannot be modified, and is used for uniquely identifying the safety equipment hardware A;
s12, the mobile application client sends a request for updating the key to the security device hardware A;
s13, when the security device hardware A receives the request sent by the mobile application client, firstly, a KEY seed RA is randomly generated, and the KEY seed RA and the initial KEY SA are operated by using a KEY generation algorithm to obtain a final KEY, and meanwhile, the security device hardware A returns the generated KEY seed RA to the mobile application client;
s14, after the mobile application client obtains the key seed RA, the mobile application client sends the key seed RA and the ID of the security device hardware A to the mobile application server;
s15, the mobile application server side searches and obtains an initial key SA of the security device hardware A in the key management database according to the received ID of the security device hardware A, and then the mobile application server side sends the initial key SA and the key seed RA to the security device hardware B at the same time;
s16, the secure device hardware B utilizes the KEY generation algorithm to calculate the KEY seed RA and the initial KEY SA to obtain a final KEY KEY, wherein when the secure device hardware A and the secure device hardware B calculate the same final KEY KEY, the mobile application client and the mobile application server end complete the encryption of data transmission;
the data storage encryption method comprises an information encryption process and an information decryption process, wherein the information encryption process comprises the following steps:
s21, receiving a PIN code firstly input by a user when the user uses the USB Key system each time;
s22, receiving the specific identifier [ A ] input by the user according to the prompt message to encrypt the stored message;
s23, the USB Key system encrypts the specific identifier [ A ] by using a built-in encryption algorithm to obtain a secret Key [ Y0 ];
s24, the USB Key system decrypts a specific multidimensional Key [ B ] stored in a built-in ROM module of the USB Key system using the Key [ Y0], and obtains a Key group [ Y ] after decryption, where the specific multidimensional Key [ B ] is [ B1, B2, B3, …, Bn ], the specific multidimensional Key [ B ] is randomly generated by the USB Key system and stored in the built-in ROM module of the USB Key system, and the Key group [ Y ] is [ Y1, Y2, Y3, …, Yn ];
s25, the USB Key system uses a Key group [ Y ] as an encryption Key, encrypts information [ C ] which needs to be encrypted and stored by a user by using an encryption algorithm to obtain an encrypted ciphertext [ D ], stores the encrypted ciphertext [ D ] and a corresponding relation [ D → Y ] with the Key group [ Y ] in an external storage module of the USB Key system, and generates feedback information to determine that the encryption is completed, wherein the information [ C ] which needs to be encrypted and stored by the user is [ C1, C2, C3, …, Cn ], and the encrypted ciphertext [ D ] is [ D1, D2, D3, …, Dn ];
the information decryption process comprises the following steps:
s31: when a receiving user uses the USB Key system, the receiving user needs to firstly input a PIN code to enter the USB Key system;
s32: receiving a specific identifier [ A ] input by a user according to a prompt when the user needs to decrypt an encrypted ciphertext [ D ] in an external storage module of the USB Key system;
s33: the USB Key system encrypts the specific identifier [ A ] by using the built-in encryption algorithm to obtain a secret Key [ Y0 ];
s34: the USB Key system decrypts a specific multidimensional Key [ B ] stored in a built-in ROM module of the USB Key system by using the Key [ Y0] to obtain a Key group [ Y ], wherein the Key group [ Y ] is [ Y1, Y2, Y3, …, Yn ];
s35: the USB Key system reads the corresponding relation [ D → Y ] stored in the external storage module, selects a Key from [ Y ] according to the corresponding relation [ D → Y ] to decrypt information [ D ] by using an encryption algorithm, obtains plaintext information [ C ] and generates feedback information to determine that decryption is successful, wherein the plaintext information [ C ] is [ C1, C2, C3, … and Cn ].
2. The method as claimed in claim 1, wherein the initial key SA stored in the security device hardware a is not modified and not read from the security device hardware a.
3. The method as claimed in claim 2, wherein the final KEY is rejected from being read by software outside the data transmission encryption system.
4. A method for encrypting mobile data according to claim 1,2 or 3, wherein said key generation algorithm is SM4 algorithm.
5. The method for encrypting mobile data according to claim 1, wherein said USB Key system uses a Key group [ Y ] as an encryption Key, and the step of encrypting said information [ C ] using an encryption algorithm comprises: during encryption calculation of the USB Key system, an unselected Key Yi is randomly selected from a Key group [ Y ] ═ Y1, Y2, Y3, … and Yn ] to encrypt information [ C ] until the USB Key system performs encryption calculation n times in total to obtain encrypted ciphertext [ D ] ═ D1, D2, D3, … and Dn ], wherein i equals 1,2,3, … and n.
6. The encryption method for mobile data according to claim 5, wherein the encryption algorithm in the data storage encryption method is the SM2 algorithm.
CN201711257708.5A 2017-12-04 2017-12-04 Encryption method for mobile data Active CN107733936B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711257708.5A CN107733936B (en) 2017-12-04 2017-12-04 Encryption method for mobile data

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711257708.5A CN107733936B (en) 2017-12-04 2017-12-04 Encryption method for mobile data

Publications (2)

Publication Number Publication Date
CN107733936A CN107733936A (en) 2018-02-23
CN107733936B true CN107733936B (en) 2020-08-07

Family

ID=61220946

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711257708.5A Active CN107733936B (en) 2017-12-04 2017-12-04 Encryption method for mobile data

Country Status (1)

Country Link
CN (1) CN107733936B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110995648A (en) * 2019-10-25 2020-04-10 金现代信息产业股份有限公司 Secure encryption method
CN112101977A (en) * 2020-07-01 2020-12-18 上海世强信息技术有限公司 Accurate big data analysis method
CN112053476A (en) * 2020-09-08 2020-12-08 四川铁集共联科技股份有限公司 Encryption method and system based on intelligent lock and mobile phone terminal

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101005357A (en) * 2006-12-28 2007-07-25 北京飞天诚信科技有限公司 Method and system for updating certification key
CN101615322A (en) * 2008-06-25 2009-12-30 上海富友网络技术有限公司 Realization has the mobile terminal payment method and system of magnetic payment function
CN104253694A (en) * 2014-09-27 2014-12-31 杭州电子科技大学 Encrypting method for network data transmission
CN104270242A (en) * 2014-09-27 2015-01-07 杭州电子科技大学 Encryption and decryption device used for network data encryption transmission
CN105376216A (en) * 2015-10-12 2016-03-02 华为技术有限公司 Remote access method, agent server and client end

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9356916B2 (en) * 2010-04-30 2016-05-31 T-Central, Inc. System and method to use a cloud-based platform supported by an API to authenticate remote users and to provide PKI- and PMI-based distributed locking of content and distributed unlocking of protected content

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101005357A (en) * 2006-12-28 2007-07-25 北京飞天诚信科技有限公司 Method and system for updating certification key
CN101615322A (en) * 2008-06-25 2009-12-30 上海富友网络技术有限公司 Realization has the mobile terminal payment method and system of magnetic payment function
CN104253694A (en) * 2014-09-27 2014-12-31 杭州电子科技大学 Encrypting method for network data transmission
CN104270242A (en) * 2014-09-27 2015-01-07 杭州电子科技大学 Encryption and decryption device used for network data encryption transmission
CN105376216A (en) * 2015-10-12 2016-03-02 华为技术有限公司 Remote access method, agent server and client end

Also Published As

Publication number Publication date
CN107733936A (en) 2018-02-23

Similar Documents

Publication Publication Date Title
CN110324143B (en) Data transmission method, electronic device and storage medium
US11880831B2 (en) Encryption system, encryption key wallet and method
CN105760764B (en) Encryption and decryption method and device for embedded storage device file and terminal
CN108833114A (en) A kind of decentralization identity authorization system and method based on block chain
CN102685093A (en) Mobile-terminal-based identity authentication system and method
US11012722B2 (en) System and method for securely transferring data
CN102325026A (en) Account password secure encryption system
CN102904712A (en) Information encrypting method
CA2809144A1 (en) Encryption device and method
CN104579689A (en) Soft secret key system and implementation method
CN107733936B (en) Encryption method for mobile data
CN103853943B (en) program protection method and device
WO2019242645A1 (en) Key generation apparatus, encryption and decryption apparatus, key generation and distribution system and information secure transmission system
CN107070896B (en) Safe and efficient block chain network customized login method and safe reinforcement system
CN111404953A (en) Message encryption method, message decryption method, related devices and related systems
CN105281902A (en) Web system safety login method based on mobile terminal
Wang et al. Leakage models and inference attacks on searchable encryption for cyber-physical social systems
CN111680013A (en) Data sharing method based on block chain, electronic equipment and device
CN110225014B (en) Internet of things equipment identity authentication method based on fingerprint centralized issuing mode
CN113726515B (en) UKEY-based key processing method, storage medium and electronic device
CN113507482B (en) Data security transmission method, security transaction method, system, medium and equipment
CN103873257A (en) Secrete key updating, digital signature and signature verification method and device
CN117725598A (en) An Zhuoduan data encryption and decryption method, device, equipment and medium
CN116155491B (en) Symmetric key synchronization method of security chip and security chip device
CN109412799A (en) System and method for generating local key

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant