CN110166229A - Trustship method, application system and the cipher key center system of sensitive information - Google Patents
Trustship method, application system and the cipher key center system of sensitive information Download PDFInfo
- Publication number
- CN110166229A CN110166229A CN201910293446.0A CN201910293446A CN110166229A CN 110166229 A CN110166229 A CN 110166229A CN 201910293446 A CN201910293446 A CN 201910293446A CN 110166229 A CN110166229 A CN 110166229A
- Authority
- CN
- China
- Prior art keywords
- sensitive information
- cipher key
- application system
- key center
- center system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
- H04L65/1066—Session management
- H04L65/1073—Registration or de-registration
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/083—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Business, Economics & Management (AREA)
- General Business, Economics & Management (AREA)
- Multimedia (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The present invention provides a kind of trustship method of sensitive information, application system and cipher key center systems.The trustship method of the sensitive information includes: that application system is registered in cipher key center system, is application system generation sign-on ID with the registration information by cipher key center system based on the application system and selects Encryption Algorithm;Sensitive information to trustship is sent to cipher key center system by application system, and the sensitive information is encrypted and stored to be based on selected Encryption Algorithm by cipher key center system;And application system receives the sign-on ID and corresponding key from cipher key center system, encrypted sensitive information is obtained to be based on the sign-on ID when needing using the sensitive information from the cipher key center system, and decrypts to obtain the sensitive information based on the key.The trustship method of sensitive information provided by the invention can be managed collectively the sensitive information of types of applications system, and for application system without saving any sensitive data, risk of divulging a secret is lower.
Description
Technical field
The present invention relates to field of information security technology, relate more specifically to a kind of trustship method of sensitive information, using system
System and cipher key center system.
Background technique
As business event flourishes, types of applications system service quantity is all with growth, in major applications system
It can all need to rely on some sensitive configuration informations, such as the access of types of databases, message queue, light weight catalog when initialization starting
Agreement (LDAP) account information etc., frequent way are directly as plain text configuration by them in application system local
In file, or by stored in clear in remote system, these have larger possibility to lead to sensitive information leakage, be easy to
Enterprise brings biggish loss.
Defect existing for existing method mainly includes following aspects: (1) all kinds of configurable writes of existing application system are at this
It is not safe enough when ground file, there is the risk divulged a secret;(2) it when all kinds of configurations of existing application system read from distal end, does not do
High strength encrypting, it is also not safe enough, there is the risk divulged a secret;(3) existing all kinds of sensitive configuration informations can not be unified to a platform
Upper management, maintenance cost are high;(4) different Encryption Algorithm can not be arranged in existing sensitive information according to security level, be for application
System uses.
Summary of the invention
Propose the present invention at least one of to solve the above-mentioned problems.According to an aspect of the present invention, one is provided
The trustship method of kind sensitive information, which comprises application system is registered in cipher key center system, by cipher key center
Registration information of the system based on the application system is that the application system generates sign-on ID and selects Encryption Algorithm;Using system
Sensitive information to trustship is sent to cipher key center system by system, to be based on selected Encryption Algorithm pair by cipher key center system
The sensitive information is encrypted and is stored;And application system is from the cipher key center system reception sign-on ID and accordingly
Key, it is encrypted from cipher key center system acquisition to be based on the sign-on ID when needing using the sensitive information
Sensitive information, and decrypt to obtain the sensitive information based on the key.
In one embodiment of the invention, the method also includes: the application systems will access white list and/or visit
Ask that blacklist is sent to the cipher key center system, with by the cipher key center system determine to attempt to obtain it is described encrypted
The visitor of sensitive information just allows this acquisition after being allowed to the visitor of access.
In one embodiment of the invention, the sensitive information is the sensitive configuration information of the application system, described
Application system obtains the encrypted sensitive information from the cipher key center system when initializing starting.
In one embodiment of the invention, the application system and the cipher key center system deployment are in same privately owned net
In network.
According to a further aspect of the invention, a kind of application system is provided, the application system includes: registration module, is used for
It is that the application system is registered in cipher key center system, to be believed by cipher key center system based on the registration of the application system
Breath is that the application system generates sign-on ID and selects Encryption Algorithm;Communication module, for by the application system wait hold in the palm
The sensitive information of pipe is sent to cipher key center system, to be based on selected Encryption Algorithm to the sensitivity by cipher key center system
Information is encrypted and is stored;The communication module is also used to receive the sign-on ID and corresponding close from cipher key center system
Key, it is encrypted quick from cipher key center system acquisition to be based on the sign-on ID when needing using the sensitive information
Feel information;And deciphering module, for based on encrypted sensitive information acquired in communication module described in the key pair into
Row decryption obtains the sensitive information.
According to a further aspect of the present invention, a kind of application system is provided, the application system includes storage device and processing
Device is stored with the computer program run by the processor on the storage device, and the computer program is by the place
The trustship method of above-mentioned sensitive information is executed when reason device operation.
Another aspect according to the present invention provides a kind of trustship method of sensitive information, which comprises cipher key center
System receives the registration information of application system, and is application system generation sign-on ID based on the registration information and selects
Encryption Algorithm;Cipher key center system receives the sensitive information to trustship of the application system, and is calculated based on selected encryption
Method is encrypted and is stored to the sensitive information;And cipher key center system transmits the sign-on ID and corresponding key
To the application system, with by the application system when needing using the sensitive information based on the sign-on ID from described
Cipher key center system obtains and decrypts to obtain the sensitive information.
In one embodiment of the invention, the method also includes: cipher key center system is received from the application system
White list and/or access blacklist are accessed, to determine when receiving the request for attempting to obtain the encrypted sensitive information
Visitor just allows this acquisition after being allowed to the visitor of access.
In one embodiment of the invention, the application system and the cipher key center system deployment are in same privately owned net
In network.
According to a further aspect of the present invention, a kind of cipher key center system is provided, the cipher key center system includes: communication mould
Block, for receiving the registration information of application system and the sensitive information to trustship of the application system;Generation module is used for base
It is application system generation sign-on ID in the registration information and selects Encryption Algorithm;Encrypting module, for based on selected
The Encryption Algorithm selected is encrypted and is stored to the sensitive information;And the communication module is also used to the sign-on ID
It is sent to the application system with corresponding key, to be based on institute when needing using the sensitive information by the application system
Sign-on ID is stated to obtain from the cipher key center system and decrypt to obtain the sensitive information.
According to a further aspect of the present invention, a kind of cipher key center system is provided, the cipher key center system includes storage dress
It sets and processor, is stored with the computer program run by the processor on the storage device, the computer program exists
The trustship method of sensitive information described in any of the above embodiments is executed when being run by the processor.
Another aspect according to the present invention provides a kind of storage medium, and the storage medium is stored with computer program, institute
State the trustship method that computer program executes above-mentioned sensitive information at runtime.
Trustship method, application system and the cipher key center system of sensitive information according to an embodiment of the present invention are based in key
It feels concerned about system and adaptability encryption, storage and unified management is carried out to the sensitive information of types of applications system, application system is without saving
Any sensitive data, and application system from cipher key center system obtain sensitive information when sensitive information have passed through encryption, reduce
The risk of divulging a secret of the sensitive information of application system, and reduce the maintenance cost of sensitive information.
Detailed description of the invention
The embodiment of the present invention is described in more detail in conjunction with the accompanying drawings, the above and other purposes of the present invention,
Feature and advantage will be apparent.Attached drawing is used to provide to further understand the embodiment of the present invention, and constitutes explanation
A part of book, is used to explain the present invention together with the embodiment of the present invention, is not construed as limiting the invention.In the accompanying drawings,
Identical reference label typically represents same parts or step.
Fig. 1 is shown in trustship method, application system and key for realizing sensitive information according to an embodiment of the present invention
Feel concerned about the schematic block diagram of the exemplary electronic device of system;
Fig. 2 shows the schematic flow charts of the trustship method of sensitive information according to an embodiment of the present invention;
Fig. 3 shows the schematic block diagram of the application system for realizing method shown in Fig. 2;
Fig. 4 shows the schematic block diagram of application system according to an embodiment of the present invention;
Fig. 5 shows the schematic flow chart of the trustship method of sensitive information according to another embodiment of the present invention;
Fig. 6 shows the schematic block diagram of the cipher key center system for realizing method shown in Fig. 5;And
Fig. 7 shows the schematic block diagram of the cipher key center system of the embodiment of the present invention.
Specific embodiment
In order to enable the object, technical solutions and advantages of the present invention become apparent, root is described in detail below with reference to accompanying drawings
According to example embodiments of the present invention.Obviously, described embodiment is only a part of the embodiments of the present invention, rather than this hair
Bright whole embodiments, it should be appreciated that the present invention is not limited by example embodiment described herein.Based on described in the present invention
The embodiment of the present invention, those skilled in the art's obtained all other embodiment in the case where not making the creative labor
It should all fall under the scope of the present invention.
Firstly, referring to Fig.1 come describe the trustship method of the sensitive information for realizing the embodiment of the present invention, application system and
The exemplary electronic device 100 of cipher key center system.
As shown in Figure 1, electronic equipment 100 include one or more processors 102, it is one or more storage device 104, defeated
Enter device 106 and output device 108, these components (are not shown by the bindiny mechanism of bus system 110 and/or other forms
It interconnects out).It should be noted that the component and structure of electronic equipment 100 shown in FIG. 1 are illustrative, and not restrictive, root
According to needs, the electronic equipment can not include the whole of said modules, it is possible to have other assemblies and structure.
The processor 102 can be central processing unit (CPU) or have data-handling capacity and/or instruction execution
The processing unit of the other forms of ability, and the other components that can control in the electronic equipment 100 are desired to execute
Function.
The storage device 104 may include one or more computer program products, and the computer program product can
To include various forms of computer readable storage mediums, such as volatile memory and/or nonvolatile memory.It is described easy
The property lost memory for example may include random access memory (RAM) and/or cache memory (cache) etc..It is described non-
Volatile memory for example may include read-only memory (ROM), hard disk, flash memory etc..In the computer readable storage medium
On can store one or more computer program instructions, processor 102 can run described program instruction, to realize hereafter institute
The application system (realized by processor) in the embodiment of the present invention stated/cipher key center system function and/or other expectations
Function.It can also store various application programs and various data in the computer readable storage medium, such as described answer
With program use and/or the various data generated etc..
The input unit 106 can be the device that user is used to input instruction, and may include keyboard, mouse, wheat
One or more of gram wind and touch screen etc..
The output device 108 can export various information (such as image or sound) to external (such as user), and
It may include one or more of display, loudspeaker etc..
Illustratively, for realizing in the trustship method of sensitive information according to an embodiment of the present invention, application system, key
The exemplary electronic device for feeling concerned about system and computer-readable medium may be implemented as such as smart phone, tablet computer, server
Deng.
The trustship method of sensitive information provided by the present invention is related to application system and cipher key center system.In the following, first
The trustship method 200 of sensitive information according to an embodiment of the present invention is described with reference to Fig. 2, the trustship method 200 of sensitive information is station
In the trustship method for the sensitive information that the angle of application system describes.On the other hand, it will describe later in conjunction with Fig. 5 according to this hair
The trustship method 500 of the trustship method 500 of the sensitive information of bright another embodiment, sensitive information is stood in cipher key center system
The trustship method of the sensitive information of angle description.
As shown in Figure 2, the trustship method 200 of sensitive information may include steps of:
In step S210, application system is registered in cipher key center system, to be based on described answer by cipher key center system
It is application system generation sign-on ID with the registration information of system and selects Encryption Algorithm.
In step S220, the sensitive information to trustship is sent to cipher key center system by application system, by cipher key center
System is based on selected Encryption Algorithm and the sensitive information is encrypted and stored.
In step 230, application system receives the sign-on ID and corresponding key from cipher key center system, to need
Encrypted sensitive information, and base are obtained from the cipher key center system using the sign-on ID is based on when the sensitive information
It decrypts to obtain the sensitive information in the key.
In an embodiment of the present invention, application system can be any application program service system, such as recognition of face system
System etc..Major applications system can all need to need to rely on some sensitivities when sensitive information, such as application system initialization starting
Configuration information (such as types of databases, message queue, LDAP etc.) or application system need some sensitivities in the process of running
Information etc..In an embodiment of the present invention, application system, which may not need, is being locally stored these sensitive informations, but can be close
It encrypts and stores in key centring system (system that a being adapted to property encrypted and saved the sensitive information of types of applications system)
These sensitive informations, when needing to obtain these sensitive informations using these sensitive informations Shi Zaicong cipher key center system, due to quick
It has passed through when sense information stores in cipher key center system and encryption when sending back application system, therefore largely drop
The low risk of divulging a secret of the sensitive information of application system.
In an embodiment of the present invention, application system needs are registered in cipher key center system first, based on application
The registration of system, cipher key center system can generate the sign-on ID (APP ID) for being specific to the application system for application system,
Foundation to upload to the sensitive information of cipher key center system before obtaining it from cipher key center system as application system.This
Outside, cipher key center system can generate the Encryption Algorithm for being suitable for the application system based on the registration information of application system, or
(different application systems are done based on security level from the Encryption Algorithm for selecting to be suitable for the application system in Encryption Algorithm has been deposited
Different control extensions), the sensitive information to trustship from application system is encrypted and be stored.Further,
Cipher key center system can be by the type of the Encryption Algorithm and corresponding key (such as the key of symmetric encipherment algorithm, Huo Zhefei
The private key of symmetric encipherment algorithm) together with the sign-on ID for being specific to the application system of generation it is sent to the application system.In this way,
Application system can be based on the sign-on ID when needing using sensitive information to cipher key center (such as when initializing starting)
System is initiated to obtain the request of sensitive information, and cipher key center system can be found corresponding by the quick of encryption based on the sign-on ID
Sense information is sent to application system.Application system then can be used the key pair that it had previously been obtained from cipher key center system and obtain
Encrypted sensitive information be decrypted and obtain its sensitive information to be used.
In further embodiment of the invention, the above method 200 can also include (not shown in FIG. 2): described
Application system will access white list and/or access blacklist is sent to the cipher key center system, by the cipher key center system
Uniting just allows this after the visitor that the visitor for determining to attempt to obtain the encrypted sensitive information is allowed to access
It obtains.
In this embodiment, access safety permission can be set in application system, will allow to access and/or does not allow to access close
Key centring system (accesses white list and/or access blacklist, such as with the list for obtaining the visitor of the sensitive information of its upload
IP access white list and/or IP access blacklist) it is sent to cipher key center system.Based on the access safety permission, cipher key center
System after receiving sensitive information access request, can determine using certain sign-on ID access visitor whether be and the note
Volume identifies person's of being allowed access to (IP address being such as allowed access to) of corresponding application system setting.If it is determined that using certain note
Volume mark access visitor be allowed to access visitor (such as access white list in or not access blacklist
It is interior), then allow this acquisition, i.e., the sensitive information by encryption corresponding with the sign-on ID is sent to the visitor;
, whereas if determine using certain sign-on ID access visitor be not allowed to access visitor (such as not access it is white
In list or in access blacklist), then it is regarded as illegal request, not reacts or gives a warning.In the embodiment
The trustship method of sensitive information further increases access safety strategy, further reduced letting out for the sensitive information of application system
Close risk.
In further embodiment of the invention, application system and cipher key center system in the above method 200 can be with
It is deployed in same private network.In this way, the communication between application system and cipher key center system can be safer and be arranged more
Simply.Certainly, this is merely exemplary, and application system and cipher key center system can also be separately positioned in different networks,
Suitable security strategy can further be disposed to the communication between it at this time.
In further embodiment of the invention, the application system in the above method 200 can also be according to self-demand
It voluntarily selects suitable Encryption Algorithm to encrypt sensitive information, and cipher key center will be sent to by the sensitive information of encryption
System storage, alternatively, application system, which can voluntarily generate key, is sent to cipher key center system, being based on by cipher key center system should
Key pair sensitive information is encrypted, and such application system can be voluntarily when obtaining encrypted sensitive information from cipher key center
Decryption, without obtaining key from cipher key center system.
Based on above description, the trustship method of sensitive information according to an embodiment of the present invention is based on cipher key center system pair
The sensitive information of types of applications system carries out adaptability encryption, storage and unified management, and application system is without saving any sensitivity
Data, and application system from cipher key center system obtain sensitive information when sensitive information have passed through encryption, reduce application system
Sensitive information risk of divulging a secret, and reduce the maintenance cost of sensitive information.
The trustship of sensitive information according to an embodiment of the present invention has been illustratively described from the angle of application system above
Method describes the application system for realizing method shown in Fig. 2 below with reference to Fig. 3.Fig. 3 shows for realizing method shown in Fig. 2
Application system 300 schematic block diagram.
As shown in figure 3, application system 300 includes registration module 310, communication module 320 and deciphering module 330.It is described each
A module can execute each step/function of the trustship method of the sensitive information above in conjunction with Fig. 2 description respectively.It is only right below
The major function of each unit of application system 300 is described, and omits the detail content having been described above.
Registration module 310 is used in cipher key center system be that the application system is registered, by cipher key center system
Registration information based on the application system is that the application system generates sign-on ID and selects Encryption Algorithm.Communication module
320 for being sent to cipher key center system for the sensitive information to trustship of the application system, by cipher key center system base
The sensitive information is encrypted and stored in selected Encryption Algorithm.Communication module 320 is used for from cipher key center system
The sign-on ID and corresponding key are received, to be based on the sign-on ID when needing using the sensitive information from described
Cipher key center system obtains encrypted sensitive information.Deciphering module 330 is used for based on communication module institute described in the key pair
The encrypted sensitive information obtained is decrypted to obtain the sensitive information.Registration module 310, communication module 320 and decryption
The program instruction that module 330 can store in 102 Running storage device 104 of processor in electronic equipment as shown in Figure 1
To realize.
In an embodiment of the present invention, application system 300 can be any application program service system, such as recognition of face
System etc..Major applications system can all need to need to rely on when sensitive information, such as application system initialization starting some quick
Sense configuration information (such as types of databases, message queue, LDAP etc.) or application system need some quick in the process of running
Feel information etc..In an embodiment of the present invention, application system 300, which may not need, is being locally stored these sensitive informations, but can
With the encryption in cipher key center system (system that a being adapted to property encrypted and saved the sensitive information of types of applications system)
And these sensitive informations are stored, when needing to obtain these sensitive informations using these sensitive informations Shi Zaicong cipher key center system,
It has passed through encryption when storing in cipher key center system due to sensitive information and when sending back application system 300, very
The risk of divulging a secret of the sensitive information of application system 300 is reduced in big degree.
In an embodiment of the present invention, the registration module 310 of application system 300 is application first in cipher key center system
System 300 is registered, and based on the registration of application system 300, cipher key center system can be specific to for the generation of application system 300
The sign-on ID (APP ID) of application system 300, to be uploaded to before obtaining it from cipher key center system as application system 300
The foundation of the sensitive information of cipher key center system.In addition, cipher key center system can be raw based on the registration information of application system 300
It is suitable for adding for the application system at the Encryption Algorithm for being suitable for the application system 300, or from selection in Encryption Algorithm has been deposited
Close algorithm (different control extensions are done to different application systems based on security level), with the communication module to application system 300
The sensitive information to trustship that 320 transmission come is encrypted and is stored.Further, the communication module of application system 300
320 can be received from cipher key center system the type of the Encryption Algorithm and corresponding key (such as the key of symmetric encipherment algorithm,
Or the private key of rivest, shamir, adelman) together with the registration mark for being specific to the application system 300 generated in cipher key center system
Know, and the type of Encryption Algorithm, key and sign-on ID are written in the system file of application system 300.In this way, using
System 300 can be based on the registration mark by communication module 320 (such as when initializing starting) when needing using sensitive information
Know the request for initiating to obtain sensitive information to cipher key center system, cipher key center system can find corresponding based on the sign-on ID
Sensitive information by encryption is sent to the communication module 320 of application system 300.The deciphering module 330 of application system then may be used
To use the encrypted sensitive information of the cipher key pair communication module 320 being previously stored in system file acquisition to be decrypted
Obtain its sensitive information to be used.
In further embodiment of the invention, communication module 320 can be also used for that white list and/or access will be accessed
Blacklist is sent to the cipher key center system, with by the cipher key center system determine to attempt to obtain it is described encrypted quick
The visitor of sense information just allows this acquisition after being allowed to the visitor of access.
In this embodiment, access safety permission can be set in application system 300, will allow to access by communication module 320
And/or do not allow to access list (the i.e. access white list of the visitor of sensitive information of the cipher key center system to obtain its upload
And/or access blacklist, as IP accesses white list and/or IP access blacklist) it is sent to cipher key center system.Based on the access
Security permission, cipher key center system can determine after receiving sensitive information access request using the access of certain sign-on ID
Whether visitor is the person of being allowed access to of application system setting corresponding with the sign-on ID (such as the IP being allowed access to
Location).If it is determined that using certain sign-on ID access visitor be allowed to access visitor (such as access white list in
Or not in access blacklist), then allow this acquisition, i.e., believes corresponding with the sign-on ID by the sensitive of encryption
Breath is sent to the visitor;The access accessed is not allowed to using the visitor of certain sign-on ID access, whereas if determining
Person's (such as not in access white list or in access blacklist), then be regarded as illegal request, not react or issue
Warning.The trustship method of sensitive information in the embodiment further increases access safety strategy, further reduced application
The risk of divulging a secret of the sensitive information of system.
In further embodiment of the invention, application system 300 and cipher key center system above-mentioned can be deployed in
In same private network.In this way, the communication between application system 300 and cipher key center system can be safer and be arranged simpler
It is single.Certainly, this is merely exemplary, and application system 300 and cipher key center system can also be separately positioned in different networks,
Suitable security strategy can further be disposed to the communication between it at this time.
Based on above description, application system according to an embodiment of the present invention is based on cipher key center system to its sensitive information
Adaptability encryption, storage and unified management are carried out, application system is without saving any sensitive data, and application system is from key
Feeling concerned about sensitive information when system obtains sensitive information have passed through encryption, reduce the risk of divulging a secret of the sensitive information of application system, and
Reduce the maintenance cost of sensitive information.
Fig. 4 shows the schematic block diagram of application system 400 according to an embodiment of the present invention.Application system 400 includes depositing
Storage device 410 and processor 420.
Wherein, the storage of storage device 410 is for realizing in the trustship method 200 of sensitive information according to an embodiment of the present invention
Corresponding steps program code.Program code of the processor 420 for being stored in Running storage device 410, to execute basis
The corresponding steps of the trustship method 200 of the sensitive information of the embodiment of the present invention, and for realizing according to an embodiment of the present invention
Corresponding module in application system 300.
In addition, according to embodiments of the present invention, a kind of computer-readable medium is additionally provided, in the computer-readable medium
On store program instruction, when described program instruction is run by computer or processor for executing the quick of the embodiment of the present invention
Feel the corresponding steps of the trustship method 200 of information, and for realizing the phase in application system 300 according to an embodiment of the present invention
Answer module.The computer-readable medium for example may include the storage card of smart phone, the storage unit of tablet computer, individual
The hard disk of computer, read-only memory (ROM), Erasable Programmable Read Only Memory EPROM (EPROM), portable compact disc is read-only deposits
Any combination of reservoir (CD-ROM), USB storage or above-mentioned storage medium.The computer readable storage medium can be with
It is any combination of one or more computer readable storage mediums.
The trustship method 500 of sensitive information according to another embodiment of the present invention is described below with reference to Fig. 5, sensitive information
Trustship method 500 is the trustship method of the sensitive information described from the angle of cipher key center system.On the other hand, it is tied before
Closing Fig. 2 and describing the trustship method 200 of sensitive information according to an embodiment of the present invention is from the quick of the angle of application system description
Feel the trustship method of information.
As shown in Figure 5, the trustship method 500 of sensitive information may include steps of:
In step S510, cipher key center system receives the registration information of application system, and is institute based on the registration information
Application system is stated to generate sign-on ID and select Encryption Algorithm.
In step S520, cipher key center system receives the sensitive information to trustship of the application system, and based on selected
The Encryption Algorithm selected is encrypted and is stored to the sensitive information.
In step S530, the sign-on ID and corresponding key are sent to the application system by cipher key center system,
To be obtained based on the sign-on ID from the cipher key center system by the application system when needing using the sensitive information
It takes and decrypts to obtain the sensitive information.
In an embodiment of the present invention, as described in previously in conjunction with Fig. 2, cipher key center system, which is one, can be answered all kinds of
The system for being encrypted and being saved with the sensitive information adaptive of system, application system can be any application program service system.Greatly
Certain applications system can all need to need to rely on some sensitive configuration informations when sensitive information, such as application system initialization starting
(such as types of databases, message queue, LDAP etc.) or application system need some sensitive informations etc. in the process of running.
In an embodiment of the present invention, application system, which may not need, is being locally stored these sensitive informations, but can be in cipher key center
These sensitive informations are encrypted and stored in system, when needing to obtain these using these sensitive informations Shi Zaicong cipher key center system
Sensitive information have passed through encryption when storing in cipher key center system due to sensitive information and when sending back application system,
Therefore the risk of divulging a secret of the sensitive information of application system is largely reduced.
In an embodiment of the present invention, application system needs are registered in cipher key center system first, based on application
The registration of system, cipher key center system can receive the registration information of application system, be specific to the application for application system generation
The sign-on ID (APP ID) of system, to upload to cipher key center system before obtaining it from cipher key center system as application system
The foundation of the sensitive information of system.It is answered in addition, cipher key center system can be generated based on the registration information of application system suitable for this
It is suitable for the Encryption Algorithm of the application system (i.e. based on peace with the Encryption Algorithm of system, or from selection in Encryption Algorithm has been deposited
Congruent grade does different control extensions to different application systems), and based on generating or selected Encryption Algorithm is to carrying out self-application
The sensitive information to trustship of system is encrypted and is stored.Further, cipher key center system can be by the Encryption Algorithm
Type and corresponding key (such as symmetric encipherment algorithm key or rivest, shamir, adelman private key) together with generation
The sign-on ID for being specific to the application system be sent to the application system.In this way, application system is being needed using sensitive information
When starting (such as initialize) can initiate to obtain the request of sensitive information to cipher key center system based on the sign-on ID,
Cipher key center system can be found the corresponding sensitive information by encryption based on the sign-on ID and be sent to application system.Using system
System then can be used the encrypted sensitive information that the key pair that it had previously been obtained from cipher key center system obtains and be decrypted
And obtain its sensitive information to be used.
In further embodiment of the invention, the above method 500 can also include (not shown in FIG. 2): key
Centring system receives access white list and/or access blacklist from the application system, to receive the trial acquisition warp
Determining when the request of the sensitive information of encryption just allows this acquisition after visitor is allowed to the visitor accessed.
In this embodiment, cipher key center system can receive the access safety permission of application system setting, be from application
System receives the visitor for allowing to access and/or do not allow to access sensitive information of the cipher key center system to obtain application system upload
List (i.e. access white list and/or access blacklist access blacklist as IP accesses white list and/or IP).Based on the visit
Ask security permission, cipher key center system can be determined and be accessed using certain sign-on ID after receiving sensitive information access request
Visitor whether be the person of being allowed access to of corresponding with sign-on ID application system setting (such as the IP being allowed access to
Location).If it is determined that using certain sign-on ID access visitor be allowed to access visitor (such as access white list in
Or not in access blacklist), then allow this acquisition, i.e., believes corresponding with the sign-on ID by the sensitive of encryption
Breath is sent to the visitor;The access accessed is not allowed to using the visitor of certain sign-on ID access, whereas if determining
Person's (such as not in access white list or in access blacklist), then be regarded as illegal request, not react or issue
Warning.The trustship method of sensitive information in the embodiment further increases access safety strategy, further reduced application
The risk of divulging a secret of the sensitive information of system.
In further embodiment of the invention, application system and cipher key center system in the above method 500 can be with
It is deployed in same private network.In this way, the communication between application system and cipher key center system can be safer and be arranged more
Simply.Certainly, this is merely exemplary, and application system and cipher key center system can also be separately positioned in different networks,
Suitable security strategy can further be disposed to the communication between it at this time.
Based on above description, the trustship method of sensitive information according to an embodiment of the present invention is based on cipher key center system pair
The sensitive information of types of applications system carries out adaptability encryption, storage and unified management, and application system is without saving any sensitivity
Data, and application system from cipher key center system obtain sensitive information when sensitive information have passed through encryption, reduce application system
Sensitive information risk of divulging a secret, and reduce the maintenance cost of sensitive information.
Sensitive information according to an embodiment of the present invention has been illustratively described from the angle of cipher key center system above
Trustship method describes the cipher key center system for realizing method shown in Fig. 5 below with reference to Fig. 6.Fig. 6 shows for realizing Fig. 5
The schematic block diagram of the cipher key center system 600 of shown method.
As shown in fig. 6, cipher key center system 600 includes communication module 610, generation module 620 and encrypting module 630.Institute
State each step/function for the trustship method 500 that modules can be executed respectively above in conjunction with Fig. 5 sensitive information described.
Only the major function of each unit of cipher key center system 600 is described below, and omits the details having been described above
Content.
Communication module 610 is used to receive the registration information of application system and the sensitivity letter to trustship of the application system
Breath.Generation module 620 is used to be that the application system generates sign-on ID and selects Encryption Algorithm based on the registration information.Add
Close module 630 is used to that the sensitive information to be encrypted and be stored based on selected Encryption Algorithm.Communication module 620 is also used
In the sign-on ID and corresponding key are sent to the application system, to be needed described in use as the application system
It is obtained from the cipher key center system based on the sign-on ID when sensitive information and decrypts to obtain the sensitive information.Communicate mould
Block 610, generation module 620 and encrypting module 630 can the processor 102 in electronic equipment as shown in Figure 1 run storage
The program instruction that stores in device 104 is realized.
In an embodiment of the present invention, cipher key center system 600 be one can be to the sensitive information of types of applications system
The system that adaptability is encrypted and saved, application system can be any application program service system.Major applications system all can
Need sensitive information, when such as application system initialization starting need to rely on some sensitive configuration informations (such as types of databases,
Message queue, LDAP etc.) or application system need some sensitive informations etc. in the process of running.In the embodiment of the present invention
In, application system, which may not need, is being locally stored these sensitive informations, but can encrypt and deposit in cipher key center system 600
Store up these sensitive informations, when need using these sensitive informations Shi Zaicong cipher key center system 600 obtain these sensitive informations, by
It has passed through when sensitive information stores in cipher key center system 600 and encryption when sending back application system, therefore very big
The risk of divulging a secret of the sensitive information of application system is reduced in degree.
In an embodiment of the present invention, the communication module 610 of cipher key center system 600 receives application system from application system
Registration information and application system the information to trustship.Registration information based on application system, the life of cipher key center system 600
It can be generated at module 620 for application system and be specific to the sign-on ID (APP ID) of the application system, using as application system
The foundation of the sensitive information of cipher key center system 600 is uploaded to before obtaining it from cipher key center system 600.In addition, in key
The generation module 620 for feeling concerned about system 600 can generate the encryption calculation for being suitable for the application system based on the registration information of application system
Method, or (difference is answered based on security level from the Encryption Algorithm for selecting to be suitable for the application system in Encryption Algorithm has been deposited
Different control extensions are done with system).Encrypting module 630 is generated based on generation module 620 or selected Encryption Algorithm is to next
The sensitive information to trustship of self-application system is encrypted and is stored.Further, the communication of cipher key center system 600
Module 610 can by with the type of Encryption Algorithm and corresponding key (such as symmetric encipherment algorithm key or it is asymmetric plus
The private key of close algorithm) together with generation module 620 generate the sign-on ID for being specific to the application system be sent to the application system.
In this way, application system can be based on the sign-on ID when needing using sensitive information to key (such as when initializing starting)
Centring system 600 is initiated to obtain the request of sensitive information, and cipher key center system 600 can find corresponding warp based on the sign-on ID
The sensitive information for crossing encryption is sent to application system.Application system then can be used what it had previously been obtained from cipher key center system
The encrypted sensitive information that key pair obtains, which is decrypted, obtains its sensitive information to be used.
In further embodiment of the invention, cipher key center system 600 can also include determining module (not in Fig. 6
In show), and communication module 610 can be also used for from the application system receive access white list and/or access blacklist, with
Determine that visitor is allowed to access by determining module when receiving the request for attempting to obtain the encrypted sensitive information
Visitor after just allow this acquisition.
In this embodiment, communication module 610 can receive the access safety permission of application system setting, from application system
Receive the visitor's for allowing to access and/or do not allow to access sensitive information of the cipher key center system to obtain application system upload
List (i.e. access white list and/or access blacklist, as IP accesses white list and/or IP access blacklist).Based on the access
Security permission, communication module 610 can be determined using certain registration mark after receiving sensitive information access request by determining module
Whether the visitor for knowing access is that the person of being allowed access to that application system corresponding with the sign-on ID is arranged (is such as allowed access to
IP address).If it is determined that module determine using certain sign-on ID access visitor be allowed to access visitor (such as
In access white list or not in access blacklist), then allow this acquisition, i.e., it will be with the registration by communication module 610
It identifies the corresponding sensitive information by encryption and is sent to the visitor;, whereas if determining module is determined using certain registration
Mark access visitor be not allowed to access visitor (such as not access white list in or access blacklist
It is interior), then it is regarded as illegal request, not reacts or is given a warning by communication module 610.Sensitive information in the embodiment
Trustship method further increases access safety strategy, further reduced the risk of divulging a secret of the sensitive information of application system.
In further embodiment of the invention, above-mentioned application system and cipher key center system 600 can be deployed in
In same private network.In this way, the communication between application system and cipher key center system can be safer and be arranged simpler.When
So, this is merely exemplary, and application system and cipher key center system can also be separately positioned in different networks, at this time can be with
Suitable security strategy is further disposed to the communication between it.
Based on above description, cipher key center system according to an embodiment of the present invention can be to the sensitivity of types of applications system
Information carries out adaptability encryption, storage and unified management, and application system is without saving any sensitive data, and application system is from close
Sensitive information have passed through encryption when key centring system obtains sensitive information, reduce the wind of divulging a secret of the sensitive information of application system
Danger, and reduce the maintenance cost of sensitive information.
Fig. 7 shows the schematic block diagram of cipher key center system 700 according to an embodiment of the present invention.Cipher key center system
700 include storage device 710 and processor 720.
Wherein, the storage of storage device 710 is for realizing in the trustship method 500 of sensitive information according to an embodiment of the present invention
Corresponding steps program code.Program code of the processor 720 for being stored in Running storage device 710, to execute basis
The corresponding steps of the trustship method 500 of the sensitive information of the embodiment of the present invention, and for realizing according to an embodiment of the present invention
Corresponding module in cipher key center system 600.
In addition, according to embodiments of the present invention, a kind of computer-readable medium is additionally provided, in the computer-readable medium
On store program instruction, when described program instruction is run by computer or processor for executing the quick of the embodiment of the present invention
Feel the corresponding steps of the trustship method 500 of information, and for realizing in cipher key center system 600 according to an embodiment of the present invention
Corresponding module.The computer-readable medium for example may include the storage card of smart phone, tablet computer storage unit,
Hard disk, read-only memory (ROM), Erasable Programmable Read Only Memory EPROM (EPROM), the portable compact disc of personal computer
Read any combination of memory (CD-ROM), USB storage or above-mentioned storage medium.The computer readable storage medium
It can be any combination of one or more computer readable storage mediums.
Although describing example embodiment by reference to attached drawing here, it should be understood that above example embodiment are only exemplary
, and be not intended to limit the scope of the invention to this.Those of ordinary skill in the art can carry out various changes wherein
And modification, it is made without departing from the scope of the present invention and spiritual.All such changes and modifications are intended to be included in appended claims
Within required the scope of the present invention.
Those of ordinary skill in the art may be aware that list described in conjunction with the examples disclosed in the embodiments of the present disclosure
Member and algorithm steps can be realized with the combination of electronic hardware or computer software and electronic hardware.These functions are actually
It is implemented in hardware or software, the specific application and design constraint depending on technical solution.Professional technician
Each specific application can be used different methods to achieve the described function, but this realization is it is not considered that exceed
The scope of the present invention.
In several embodiments provided herein, it should be understood that disclosed device and method can pass through it
Its mode is realized.For example, apparatus embodiments described above are merely indicative, for example, the division of the unit, only
Only a kind of logical function partition, there may be another division manner in actual implementation, such as multiple units or components can be tied
Another equipment is closed or is desirably integrated into, or some features can be ignored or not executed.
In the instructions provided here, numerous specific details are set forth.It is to be appreciated, however, that implementation of the invention
Example can be practiced without these specific details.In some instances, well known method, structure is not been shown in detail
And technology, so as not to obscure the understanding of this specification.
Similarly, it should be understood that in order to simplify the present invention and help to understand one or more of the various inventive aspects,
To in the description of exemplary embodiment of the present invention, each feature of the invention be grouped together into sometimes single embodiment, figure,
Or in descriptions thereof.However, the method for the invention should not be construed to reflect an intention that i.e. claimed
The present invention claims features more more than feature expressly recited in each claim.More precisely, such as corresponding power
As sharp claim reflects, inventive point is that the spy of all features less than some disclosed single embodiment can be used
Sign is to solve corresponding technical problem.Therefore, it then follows thus claims of specific embodiment are expressly incorporated in this specific
Embodiment, wherein each, the claims themselves are regarded as separate embodiments of the invention.
It will be understood to those skilled in the art that any combination pair can be used other than mutually exclusive between feature
All features disclosed in this specification (including adjoint claim, abstract and attached drawing) and so disclosed any method
Or all process or units of equipment are combined.Unless expressly stated otherwise, this specification (is wanted including adjoint right
Ask, make a summary and attached drawing) disclosed in each feature can be replaced with an alternative feature that provides the same, equivalent, or similar purpose.
In addition, it will be appreciated by those of skill in the art that although some embodiments described herein include other embodiments
In included certain features rather than other feature, but the combination of the feature of different embodiments mean it is of the invention
Within the scope of and form different embodiments.For example, in detail in the claims, embodiment claimed it is one of any
Can in any combination mode come using.
Various component embodiments of the invention can be implemented in hardware, or to run on one or more processors
Software module realize, or be implemented in a combination thereof.It will be understood by those of skill in the art that can be used in practice
Microprocessor or other suitable processors realize some or all function of some modules according to an embodiment of the present invention
Energy.The present invention be also implemented as executing method as described herein some or all program of device (for example,
Computer program and computer program product).It is such to realize that program of the invention can store on a computer-readable medium,
Or it may be in the form of one or more signals.Such signal can be downloaded from an internet website to obtain, or
It is provided on the carrier signal, or is provided in any other form.
It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and ability
Field technique personnel can be designed alternative embodiment without departing from the scope of the appended claims.In the claims,
Any reference symbol between parentheses should not be configured to limitations on claims.Word "comprising" does not exclude the presence of not
Element or step listed in the claims.Word "a" or "an" located in front of the element does not exclude the presence of multiple such
Element.The present invention can be by means of including the hardware of several different elements and being come by means of properly programmed computer real
It is existing.In the unit claims listing several devices, several in these devices can be through the same hardware branch
To embody.The use of word first, second, and third does not indicate any sequence.These words can be explained and be run after fame
Claim.
The above description is merely a specific embodiment or to the explanation of specific embodiment, protection of the invention
Range is not limited thereto, and anyone skilled in the art in the technical scope disclosed by the present invention, can be easily
Expect change or replacement, should be covered by the protection scope of the present invention.Protection scope of the present invention should be with claim
Subject to protection scope.
Claims (12)
1. a kind of trustship method of sensitive information, which is characterized in that the described method includes:
Application system is registered in cipher key center system, with the registration information by cipher key center system based on the application system
Sign-on ID is generated for the application system and selects Encryption Algorithm;
Sensitive information to trustship is sent to cipher key center system by application system, selected to be based on by cipher key center system
Encryption Algorithm is encrypted and is stored to the sensitive information;And
Application system receives the sign-on ID and corresponding key from cipher key center system, to need using the sensitive letter
Encrypted sensitive information is obtained from the cipher key center system based on the sign-on ID when breath, and is decrypted based on the key
Obtain the sensitive information.
2. the method according to claim 1, wherein the method also includes:
The application system will access white list and/or access blacklist is sent to the cipher key center system, by described close
Key centring system after the visitor that the visitor for determining to attempt to obtain the encrypted sensitive information is allowed to access
Allow this acquisition.
3. the method according to claim 1, wherein the sensitive information is the sensitive configuration of the application system
Information, the application system obtain the encrypted sensitive information from the cipher key center system when initializing starting.
4. method described in any one of -3 according to claim 1, which is characterized in that in the application system and the key
System is felt concerned about to be deployed in same private network.
5. a kind of application system, which is characterized in that the application system includes:
Registration module, for being that the application system is registered in cipher key center system, to be based on institute by cipher key center system
The registration information for stating application system is that the application system generates sign-on ID and selects Encryption Algorithm;
Communication module, for the sensitive information to trustship of the application system to be sent to cipher key center system, by key
Centring system is based on selected Encryption Algorithm and the sensitive information is encrypted and stored;
The communication module is also used to receive the sign-on ID and corresponding key from cipher key center system, with need using
Encrypted sensitive information is obtained from the cipher key center system based on the sign-on ID when sensitive information;And
Deciphering module, for being decrypted based on encrypted sensitive information acquired in communication module described in the key pair
To the sensitive information.
6. a kind of application system, which is characterized in that the application system includes storage device and processor, on the storage device
It is stored with the computer program run by the processor, the computer program is executed when being run by the processor as weighed
Benefit requires the trustship method of sensitive information described in any one of 1-4.
7. a kind of trustship method of sensitive information, which is characterized in that the described method includes:
Cipher key center system receives the registration information of application system, and is that the application system generates note based on the registration information
Volume identifies and selects Encryption Algorithm;
Cipher key center system receives the sensitive information to trustship of the application system, and based on selected Encryption Algorithm to institute
Sensitive information is stated to be encrypted and stored;And
The sign-on ID and corresponding key are sent to the application system by cipher key center system, by the application system
It is obtained based on the sign-on ID from the cipher key center system when needing using the sensitive information and decrypts to obtain described
Sensitive information.
8. the method according to the description of claim 7 is characterized in that the method also includes:
Cipher key center system receives access white list and/or access blacklist from the application system, to obtain receiving trial
Take determined when the request of encrypted sensitive information visitor be allowed to access visitor after just allow this acquisition.
9. method according to claim 7 or 8, which is characterized in that the application system and the cipher key center Account Dept
Administration is in same private network.
10. a kind of cipher key center system, which is characterized in that the cipher key center system includes:
Communication module, for receiving the registration information of application system and the sensitive information to trustship of the application system;
Generation module, for being application system generation sign-on ID based on the registration information and selecting Encryption Algorithm;
Encrypting module, for the sensitive information to be encrypted and stored based on selected Encryption Algorithm;And
The communication module is also used to the sign-on ID and corresponding key being sent to the application system, to be answered by described
It is obtained and is decrypted from the cipher key center system based on the sign-on ID when being needed using the sensitive information with system
To the sensitive information.
11. a kind of cipher key center system, which is characterized in that the cipher key center system includes storage device and processor, described
The computer program run by the processor is stored on storage device, the computer program is run by the processor
The trustship method of sensitive information of the Shi Zhihang as described in any one of claim 7-9.
12. a kind of storage medium, which is characterized in that be stored with computer program, the computer program on the storage medium
The trustship method of the sensitive information as described in any one of claim 1-4 or 7-9 is executed at runtime.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910293446.0A CN110166229A (en) | 2019-04-12 | 2019-04-12 | Trustship method, application system and the cipher key center system of sensitive information |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910293446.0A CN110166229A (en) | 2019-04-12 | 2019-04-12 | Trustship method, application system and the cipher key center system of sensitive information |
Publications (1)
Publication Number | Publication Date |
---|---|
CN110166229A true CN110166229A (en) | 2019-08-23 |
Family
ID=67639226
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910293446.0A Pending CN110166229A (en) | 2019-04-12 | 2019-04-12 | Trustship method, application system and the cipher key center system of sensitive information |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110166229A (en) |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2012160944A (en) * | 2011-02-01 | 2012-08-23 | Sony Corp | Key information management system, recorder/reproducer, and key information management device |
CN103617399A (en) * | 2013-11-06 | 2014-03-05 | 北京深思数盾科技有限公司 | Data file protecting method and device |
CN105022966A (en) * | 2015-07-21 | 2015-11-04 | 郭俊雄 | Database data encryption and decryption method and system |
CN106330858A (en) * | 2015-07-02 | 2017-01-11 | 阿里巴巴集团控股有限公司 | Method and apparatus for realizing data cloud storage |
CN106936588A (en) * | 2017-04-13 | 2017-07-07 | 北京深思数盾科技股份有限公司 | A kind of trustship method, the apparatus and system of hardware controls lock |
EP2814199B1 (en) * | 2012-02-09 | 2018-02-28 | ZTE Corporation | Method and system for downloading file |
CN108197485A (en) * | 2018-01-29 | 2018-06-22 | 世纪龙信息网络有限责任公司 | terminal data encryption method and system, terminal data decryption method and system |
-
2019
- 2019-04-12 CN CN201910293446.0A patent/CN110166229A/en active Pending
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2012160944A (en) * | 2011-02-01 | 2012-08-23 | Sony Corp | Key information management system, recorder/reproducer, and key information management device |
EP2814199B1 (en) * | 2012-02-09 | 2018-02-28 | ZTE Corporation | Method and system for downloading file |
CN103617399A (en) * | 2013-11-06 | 2014-03-05 | 北京深思数盾科技有限公司 | Data file protecting method and device |
CN106330858A (en) * | 2015-07-02 | 2017-01-11 | 阿里巴巴集团控股有限公司 | Method and apparatus for realizing data cloud storage |
CN105022966A (en) * | 2015-07-21 | 2015-11-04 | 郭俊雄 | Database data encryption and decryption method and system |
CN106936588A (en) * | 2017-04-13 | 2017-07-07 | 北京深思数盾科技股份有限公司 | A kind of trustship method, the apparatus and system of hardware controls lock |
CN108197485A (en) * | 2018-01-29 | 2018-06-22 | 世纪龙信息网络有限责任公司 | terminal data encryption method and system, terminal data decryption method and system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106063185B (en) | Method and apparatus for safely shared data | |
JP7434342B2 (en) | Container builder for personalized network services | |
CN103390124B (en) | Safety input and the equipment, system and method for processing password | |
CN107851167A (en) | Protection calculates the technology of data in a computing environment | |
JP2021533435A (en) | Systems and methods for secure electronic transaction platforms | |
CN106663161B (en) | Security host interaction | |
CN102780689B (en) | Service is played up for remote access to application | |
AU2019204723B2 (en) | Cryptographic key management based on identity information | |
CN105684483A (en) | Registry apparatus, agent device, application providing apparatus and corresponding methods | |
CN109347625A (en) | Crypto-operation, method, cryptographic service platform and the equipment for creating working key | |
KR101923943B1 (en) | System and method for remitting crypto currency with enhanced security | |
CN109587103A (en) | For executing the method, apparatus and cloud system of the application in cloud system | |
US20200154270A1 (en) | Secure trusted service manager provider | |
CN110135854A (en) | Actual situation authentication circuit | |
CN108449315A (en) | Ask calibration equipment, method and the computer readable storage medium of legitimacy | |
US10679183B2 (en) | Method and system for distributing and tracking information | |
US9864853B2 (en) | Enhanced security mechanism for authentication of users of a system | |
JP2016012902A (en) | Electronic data utilization system, portable terminal device, and method for electronic data utilization system | |
CN110166229A (en) | Trustship method, application system and the cipher key center system of sensitive information | |
CN109670338A (en) | A kind of method and system of data whole process encryption | |
Singh et al. | Performance analysis of middleware distributed and clustered systems (PAMS) concept in mobile communication devices using Android operating system | |
CN109614779A (en) | A kind of secure data operation method, device, equipment and medium | |
WO2017159067A1 (en) | Information processing apparatus and agent system | |
CN108985079A (en) | Data verification method and verifying system | |
CN109933994A (en) | Data classification storage and device and calculating equipment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190823 |
|
RJ01 | Rejection of invention patent application after publication |