CN112601219A - Data encryption and decryption method and system, server, storage device and mobile device - Google Patents
Data encryption and decryption method and system, server, storage device and mobile device Download PDFInfo
- Publication number
- CN112601219A CN112601219A CN202110233985.2A CN202110233985A CN112601219A CN 112601219 A CN112601219 A CN 112601219A CN 202110233985 A CN202110233985 A CN 202110233985A CN 112601219 A CN112601219 A CN 112601219A
- Authority
- CN
- China
- Prior art keywords
- characteristic information
- ciphertext
- storage device
- sent
- cloud
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
Abstract
The application relates to a method and a system for encrypting and decrypting data, a server, a storage device and a mobile device, wherein the method for encrypting and decrypting the data comprises the following steps: after the wireless connection with the storage equipment is directly established, generating a first ciphertext, sending the first ciphertext to the storage equipment, and receiving a second ciphertext sent by the storage equipment; sending the first characteristic information to the storage device, and receiving second characteristic information sent by the storage device; decrypting the second characteristic information by using the second ciphertext, and performing characteristic matching on the decrypted second characteristic information; if the feature matching is successful, sending a secret key to the storage device so that the storage device executes corresponding encryption and decryption operations; and receiving and storing the encryption and decryption state sent by the storage device. Therefore, bidirectional authentication before data transmission is realized, the safety of data transmission is further guaranteed, an authorizer does not need to provide a key independently, the key does not need to be forgotten or lost, and the realization is convenient and quick.
Description
Technical Field
The application relates to the technical field of data encryption and decryption, in particular to a data encryption and decryption method and system, a server, a storage device and a mobile device.
Background
Nowadays, mobile communication is moving towards wireless interconnection of everything, and wireless rate is increasing, such as wireless earphone of mobile phone, and wireless charging technology is popularized, these are all short distance wireless technologies, although the application scenarios are different, but the spanning from wired to wireless is realized. With the development of wireless communication technology, it is becoming more and more common to utilize wireless communication technology to realize data interaction.
In the related art, the data interaction realized by using the wireless communication technology has the advantages of low learning cost and easy realization. However, under the influence of data security, encryption and decryption are often required when wireless data interaction is performed, so as to ensure the security of data transmission and avoid data leakage. The existing authorization encryption and decryption mode has a complex authorization process, and a user usually needs an authorizer to provide a decryption key to obtain authorization. If the authorizer is not present, the user cannot obtain the authorization, and data transmission cannot be carried out. In addition, the key has the risks of forgetting and losing, is inconvenient to use and has larger potential safety hazard.
Disclosure of Invention
In view of the above, the present application is directed to overcome the deficiencies in the prior art, and to provide a method and a system for encrypting and decrypting data, a server, a storage device, and a mobile device.
In order to achieve the purpose, the following technical scheme is adopted in the application:
a first aspect of the present application provides a method for encrypting and decrypting data, including:
after wireless connection is directly established with storage equipment, generating a first ciphertext, sending the first ciphertext to the storage equipment, and receiving a second ciphertext sent by the storage equipment;
sending first characteristic information to the storage device, and receiving second characteristic information sent by the storage device;
decrypting the second characteristic information by using the second ciphertext, and performing characteristic matching on the decrypted second characteristic information;
if the feature matching is successful, sending a secret key to the storage device so that the storage device executes corresponding encryption and decryption operations;
and receiving and storing the encryption and decryption state sent by the storage device.
Optionally, the method further includes:
when the wireless connection with the storage equipment cannot be directly established, establishing the wireless connection with the storage equipment through mobile equipment;
generating the first ciphertext and sending the first ciphertext to the mobile device; meanwhile, receiving a third ciphertext sent by the mobile device and the second ciphertext of the storage device;
sending the first feature information to the mobile device, and receiving third feature information sent by the mobile device and the second feature information of the storage device;
decrypting the second characteristic information by using the second ciphertext, decrypting the third characteristic information by using the third ciphertext, and respectively performing characteristic matching on the decrypted second characteristic information and the decrypted third characteristic information;
if the decrypted second characteristic information and the decrypted third characteristic information are successfully matched in characteristic, sending a secret key to the storage device through the mobile device so that the storage device can execute encryption and decryption operations;
and receiving and storing the encryption and decryption state sent by the mobile equipment.
A second aspect of the present application provides a method for encrypting and decrypting data, including:
after wireless connection is directly established with a cloud end, a second ciphertext is generated and sent to the cloud end, and the first ciphertext sent by the cloud end is received;
sending second characteristic information to the cloud end, and receiving first characteristic information sent by the cloud end;
decrypting the first characteristic information by using the first ciphertext, and performing characteristic matching on the decrypted first characteristic information;
if the feature matching is successful, receiving a key sent by the cloud, and executing corresponding encryption and decryption operations through the key;
and after the encryption and decryption operation is finished, sending an encryption and decryption state to the cloud.
Optionally, the method further includes:
when the wireless connection with the cloud end cannot be directly established, the wireless connection with the cloud end is established through mobile equipment;
generating the second ciphertext and sending the second ciphertext to the mobile device; meanwhile, a third ciphertext sent by the mobile device and the first ciphertext of the cloud are received;
sending the second feature information to the mobile device, and receiving third feature information sent by the mobile device and the first feature information of the cloud;
decrypting the first characteristic information by using the first ciphertext, decrypting the third characteristic information by using the third ciphertext, and respectively performing characteristic matching on the decrypted first characteristic information and the decrypted third characteristic information;
if the decrypted first characteristic information and the decrypted third characteristic information are successfully matched in characteristic, receiving a secret key sent by the cloud end through the mobile equipment, and executing corresponding encryption and decryption operations according to the secret key;
and after the encryption and decryption operation is finished, sending an encryption and decryption state to the mobile equipment so as to be sent to the cloud end for storage through the mobile equipment.
A third aspect of the present application provides a data encryption and decryption method, which is applied to a data encryption and decryption system, where the data encryption and decryption system includes a cloud and a storage device, and the method includes:
after wireless connection with the cloud and the storage device is established respectively, third ciphertext is generated and sent to the cloud and the storage device respectively, first ciphertext sent by the cloud and second ciphertext sent by the storage device are received respectively, the first ciphertext is sent to the storage device, and the second ciphertext is sent to the cloud;
respectively receiving first characteristic information sent by the cloud and second characteristic information sent by the storage device, sending the first characteristic information and third characteristic information to the storage device, and sending the second characteristic information and the third characteristic information to the cloud;
decrypting the first characteristic information and the second characteristic information respectively by using the first ciphertext and the second ciphertext, and performing characteristic matching on the decrypted first characteristic information and the decrypted second characteristic information respectively;
and if the decrypted first characteristic information characteristic is successfully matched, receiving a key sent by the cloud end and sending the key to the storage device, and if the decrypted second characteristic information characteristic is successfully matched, receiving an encryption and decryption state sent by the storage device and sending the encryption and decryption state to the cloud end.
A fourth aspect of the present application provides a server comprising:
a processor, and a memory coupled to the processor;
the memory is used for storing a computer program;
the processor is configured to invoke and execute the computer program in the memory to perform the method according to the first aspect of the application.
A fifth aspect of the present application provides a storage device comprising:
a processor, and a memory coupled to the processor;
the memory is used for storing a computer program;
the processor is configured to invoke and execute the computer program in the memory to perform the method according to the second aspect of the application.
A sixth aspect of the present application provides a mobile device comprising:
a processor, and a memory coupled to the processor;
the memory is used for storing a computer program;
the processor is configured to invoke and execute the computer program in the memory to perform the method according to the third aspect of the present application.
A seventh aspect of the present application provides a system for encrypting and decrypting data, including the server according to the fourth aspect of the present application and the storage device according to the fifth aspect of the present application.
Optionally, the mobile device according to the sixth aspect of the present application is further included; wherein the server and the storage device are wirelessly connected with the mobile device respectively.
The technical scheme provided by the application can comprise the following beneficial effects:
according to the scheme, after the storage device directly establishes the wireless connection, a first ciphertext is generated and sent to the storage device, and meanwhile, a second ciphertext sent by the storage device is received. After the first ciphertext is sent and the second ciphertext is received, the preset first characteristic information is sent to the storage device, and the second characteristic information sent by the storage device is received. And then, decrypting the second characteristic information by using the second ciphertext, and performing characteristic matching on the decrypted second characteristic information so as to trigger a key issuing process after the characteristic matching is successful. And after the characteristic matching is determined to be successful, sending the key to the storage device so that the storage device executes the corresponding encryption and decryption operation, and receiving and storing the encryption and decryption state sent by the storage device after the storage device executes the encryption and decryption operation. Therefore, an authorizer does not need to provide a key independently, and does not need to worry about forgetting and losing the key, the feature information is decrypted through the ciphertext, the feature matching after decryption is carried out, the bidirectional authentication before data transmission is realized, and the security of the data transmission is further guaranteed. In addition, the method can be not limited by a network, can also finish encryption and decryption operations in an off-line manner, can also not be limited by regions of authorized persons, can realize authorization anytime and anywhere, and is convenient and quick.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a flowchart of a method for encrypting and decrypting data according to an embodiment of the present application.
Fig. 2 is a flowchart of a method for encrypting and decrypting data according to another embodiment of the present application.
Fig. 3 is a flowchart of a method for encrypting and decrypting data according to another embodiment of the present application.
Fig. 4 is a flowchart of a method for encrypting and decrypting data according to still another embodiment of the present application.
Fig. 5 is a schematic structural diagram of a server according to another embodiment of the present application.
Fig. 6 is a schematic structural diagram of a storage device according to another embodiment of the present application.
Fig. 7 is a schematic structural diagram of a mobile device according to another embodiment of the present application.
Fig. 8 is a schematic structural diagram of a data encryption and decryption system according to another embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the technical solutions of the present application will be described in detail below. It is to be understood that the embodiments described are only a few embodiments of the present application and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the examples given herein without making any creative effort, shall fall within the protection scope of the present application.
Fig. 1 is a flowchart of a method for encrypting and decrypting data according to an embodiment of the present application. The embodiment provides a method for encrypting and decrypting data, taking the execution of a server side as an example, where the server may be a cloud server, as shown in the figure, the implementation method at least includes the following steps:
and 11, after the wireless connection with the storage equipment is directly established, generating a first ciphertext, sending the first ciphertext to the storage equipment, and receiving a second ciphertext sent by the storage equipment.
During specific implementation, the cloud server can be in wireless connection with the storage device to establish a transmission link between the two parties. After the link is successfully built, the cloud server generates a first ciphertext and sends the first ciphertext to the storage device, and meanwhile receives and stores a second ciphertext sent by the storage device, so that a foundation is laid for feature matching between two subsequent parties.
And step 12, sending the first characteristic information to the storage device, and receiving the second characteristic information sent by the storage device.
The first characteristic Information may be an Enterprise Information Portal (EIP), and the second characteristic Information may be an ID number of the storage device.
And step 13, decrypting the second characteristic information by using the second ciphertext, and performing characteristic matching on the decrypted second characteristic information.
After the second ciphertext and the second feature information sent by the storage device are obtained, the second ciphertext is used for decrypting the second feature information to obtain the decrypted second feature information, and the decrypted second feature information is used for comparing with a preset second matching library to establish feature matching.
And if the feature matching fails, the authentication on the storage equipment fails, and the encryption and decryption of the storage equipment fails. If the feature matching is successful, indicating that the storage device is successfully authenticated, the step 14 is continued.
And step 14, if the feature matching is successful, sending the key to the storage device so that the storage device executes corresponding encryption and decryption operations.
And step 15, receiving and storing the encryption and decryption state sent by the storage device.
In this embodiment, after the storage device directly establishes the wireless connection, a first ciphertext is generated and sent to the storage device, and a second ciphertext sent by the storage device is received. After the first ciphertext is sent and the second ciphertext is received, the preset first characteristic information is sent to the storage device, and the second characteristic information sent by the storage device is received. And then, decrypting the second characteristic information by using the second ciphertext, and performing characteristic matching on the decrypted second characteristic information so as to trigger a key issuing process after the characteristic matching is successful. And after the characteristic matching is determined to be successful, sending the key to the storage device so that the storage device executes the corresponding encryption and decryption operation, and receiving and storing the encryption and decryption state sent by the storage device after the storage device executes the encryption and decryption operation. Therefore, an authorizer does not need to provide a key independently, and does not need to worry about forgetting and losing the key, the feature information is decrypted through the ciphertext, the feature matching after decryption is carried out, the bidirectional authentication before data transmission is realized, and the security of the data transmission is further guaranteed. In addition, the encryption and decryption are not limited by a network during encryption and decryption, the encryption and decryption operation can be completed off line, the encryption and decryption operation is not limited by regions of authorized persons, the key can be obtained at any time and any place for authorization, and the method is convenient and fast.
The execution main body of the scheme of the application can be a cloud server, a software or hardware-based functional module in the cloud server, other equipment and the like.
In some embodiments, under the influence of a hardware device, there is also a case where the cloud server cannot be directly connected to the storage device, and to this end, the data encryption and decryption method may further include: when the wireless connection with the storage equipment cannot be directly established, the wireless connection is established with the storage equipment through the mobile equipment; generating a first ciphertext and sending the first ciphertext to the mobile device; meanwhile, receiving a third ciphertext sent by the mobile device and a second ciphertext of the storage device; sending the first characteristic information to the mobile equipment, and receiving third characteristic information sent by the mobile equipment and second characteristic information of the storage equipment; decrypting the second characteristic information by using the second ciphertext, decrypting the third characteristic information by using the third ciphertext, and respectively performing characteristic matching on the decrypted second characteristic information and the decrypted third characteristic information; if the decrypted second characteristic information and the decrypted third characteristic information are successfully matched in characteristic, the key is sent to the storage device through the mobile device, so that the storage device executes encryption and decryption operations; and receiving and storing the encryption and decryption state sent by the mobile equipment.
The mobile device may include, but is not limited to, a mobile phone, a tablet, and the like.
When the cloud server cannot directly establish wireless connection with the storage device, the mobile device can be used as a bridge for connecting the cloud server and the storage device. During specific implementation, the mobile device can be a mobile phone, the storage device can be a mobile hard disk, the mobile phone can be used for establishing Bluetooth connection with the mobile hard disk, and the mobile phone is connected with the cloud server, so that the connection between the cloud server and the mobile hard disk can be realized through the mobile phone.
After the connection between the cloud server and the mobile device is achieved by using the mobile phone, the cloud server can receive a second ciphertext and a third ciphertext sent by the mobile device while generating the first ciphertext and sending the first ciphertext to the mobile device. The second ciphertext is sent to the mobile device by the storage device, and the third ciphertext is generated by the mobile device. Correspondingly, when the cloud server sends the first feature information to the mobile device, the cloud server also receives second feature information and third feature information sent by the mobile device, wherein the second feature information is sent by the storage device, and the third feature information is of the mobile device itself. And the three parties respectively encrypt and decrypt the characteristic information from the other two parties, compare the decrypted second characteristic information with a preset second matching library, compare the decrypted third characteristic information with a preset third matching library, and respectively establish characteristic matching so as to realize the authentication between the three parties. After the decrypted second characteristic information and the decrypted third characteristic information are successfully matched, the authentication is passed, the cloud server can send the key to the mobile device, and the mobile device transmits the received key to the storage device, so that the storage device executes the encryption and decryption operation. After encryption and decryption are completed, the cloud server can also receive the encryption and decryption state sent by the storage device through the mobile device to store the encryption and decryption state.
The specific implementation manner of decrypting the feature information by using the ciphertext may refer to the related art, and is not described herein again.
The present embodiment provides a method for encrypting and decrypting data, taking the execution on the storage device side as an example, as shown in fig. 2, the implementation method at least includes the following steps:
and step 21, after the wireless connection is directly established with the cloud, generating a second ciphertext, sending the second ciphertext to the cloud, and receiving the first ciphertext sent by the cloud.
And step 22, sending the second characteristic information to the cloud end, and receiving the first characteristic information sent by the cloud end.
And step 23, decrypting the first characteristic information by using the first ciphertext, and performing characteristic matching on the decrypted first characteristic information.
Specifically, the specific implementation manner of performing the feature matching on the decrypted first feature information may refer to the specific implementation manner of performing the feature matching on the decrypted second feature information, and details are not repeated here.
And 24, if the feature matching is successful, receiving a key sent by the cloud, and executing corresponding encryption and decryption operations through the key.
And 25, after the encryption and decryption operation is finished, sending an encryption and decryption state to the cloud.
In this embodiment, a wireless connection is established with the cloud end, a link can be provided for ciphertext transmission with the cloud end, and when a second ciphertext is generated and transmitted to the cloud end, a first ciphertext transmitted by the cloud end can be received. When the second characteristic information is sent to the cloud, the first characteristic information sent by the cloud can also be received. And after the first ciphertext and the first characteristic information are determined to be received, decrypting the first characteristic information by using the first ciphertext, and performing characteristic matching on the decrypted first characteristic information. If the feature matching is successful, the authentication of the cloud is successful, then the key sent by the cloud can be received, and the corresponding encryption and decryption operation is executed according to the key. And after the encryption and decryption operation is finished, sending an encryption and decryption state to the cloud. Therefore, an authorizer does not need to provide a key independently, and does not need to worry about forgetting and losing the key, the feature information is decrypted through the ciphertext, the feature matching after decryption is carried out, the bidirectional authentication before data transmission is realized, and the security of the data transmission is further guaranteed. In addition, the encryption and decryption are not limited by a network during encryption and decryption, the encryption and decryption operation can be completed off line, the encryption and decryption operation is not limited by regions of authorized persons, the key can be obtained at any time and any place for authorization, and the method is convenient and fast.
In some embodiments, in order to deal with a situation that the storage device and the cloud cannot be directly connected, the data encryption and decryption method may further include: when the wireless connection with the cloud cannot be directly established, the wireless connection with the cloud is established through the mobile equipment; generating a second ciphertext and sending the second ciphertext to the mobile device; meanwhile, receiving a third ciphertext and a first ciphertext of a cloud end sent by the mobile device; sending the second characteristic information to the mobile equipment, and receiving third characteristic information sent by the mobile equipment and the first characteristic information of the cloud end; decrypting the first characteristic information by using the first ciphertext, decrypting the third characteristic information by using the third ciphertext, and respectively performing characteristic matching on the decrypted first characteristic information and the decrypted third characteristic information; if the decrypted first characteristic information and the decrypted third characteristic information are successfully matched in characteristic, receiving a secret key sent by a cloud end through the mobile equipment, and executing corresponding encryption and decryption operation according to the secret key; and after the encryption and decryption operation is finished, sending the encryption and decryption state to the mobile equipment so as to be sent to the cloud end for storage through the mobile equipment.
When the storage device cannot directly establish wireless connection with the cloud, the mobile device can be used as a bridge for connecting the storage device and the cloud server. During specific implementation, the mobile device can be a mobile phone, the storage device can be a mobile hard disk, the mobile phone can be used for establishing Bluetooth connection with the mobile hard disk, and the mobile phone is connected with the cloud server, so that the connection between the cloud server and the mobile hard disk can be realized through the mobile phone.
The present embodiment provides a data encryption and decryption method, as shown in fig. 3, the method specifically includes the following steps:
And step 34, if the feature matching is successful, the cloud sends the key to the storage device so that the storage device executes corresponding encryption and decryption operations.
And step 36, after the storage device completes the encryption and decryption operations, sending an encryption and decryption state to the cloud.
And step 37, the cloud receives and stores the encryption and decryption state sent by the storage device.
In this embodiment, the cloud and the storage device execute interactively, after the cloud establishes a wireless connection with the storage device, the cloud generates a first ciphertext and sends the first ciphertext to the storage device, and similarly, the storage device also generates a second ciphertext and sends the second ciphertext to the cloud. The cloud end receives the second ciphertext and sends the first characteristic information to the storage device, and correspondingly, the storage device receives the first ciphertext and sends the second characteristic information to the cloud end. Based on the method, the cloud terminal decrypts the received second characteristic information by using the received second ciphertext sent by the storage device, performs characteristic matching on the decrypted second characteristic information, and the storage device decrypts the received first characteristic information by using the received first ciphertext sent by the cloud terminal, and performs characteristic matching on the decrypted first characteristic information. After the second characteristic information characteristic matching is successful, the cloud end is proved to pass the storage device authentication, and the cloud end sends the secret key to the storage device. At this time, if the first characteristic information feature matching is successful, which indicates that the authentication of the storage device to the cloud is passed, the storage device receives the key sent by the cloud, executes corresponding encryption and decryption operations according to the received key, and returns an encryption and decryption state to the cloud after the encryption and decryption operations are finished. And the cloud receives and stores the encryption and decryption state. Therefore, an authorizer does not need to provide a key independently, and does not need to worry about forgetting and losing the key, the feature information is decrypted through the ciphertext, the feature matching after decryption is carried out, the bidirectional authentication before data transmission is realized, and the security of the data transmission is further guaranteed. In addition, the encryption and decryption operation can be completed off line without being limited by a network when in encryption and decryption, and can also be completed off line without being limited by regions of authorized persons, and the key authorization can be obtained anytime and anywhere, thereby being convenient and fast.
In specific implementation, the storage device may be a mobile hard disk with a 4G network module, and the specific implementation of the data encryption and decryption method of this embodiment is described in detail below by taking the cloud server and the mobile hard disk as examples:
during use, the mobile hard disk and the cloud server can be connected in a 4G mode, a decryption process is started, the mobile hard disk and the cloud server send ciphertext and characteristic information to each other, the first characteristic information of the cloud server can be EIP, and the second characteristic information of the mobile hard disk can be an ID number. Both sides store the ciphertext and the feature information transmitted from the other side, and decrypt the feature information using the ciphertext. After decryption is completed, the cloud server compares the decrypted second characteristic information with a preset second matching library to establish characteristic matching between the cloud server and the mobile hard disk; similarly, the mobile hard disk compares the decrypted first characteristic information with a preset first matching library to establish characteristic matching between the mobile hard disk and the cloud server. And after the characteristics of the two parties are successfully matched, for example, the cloud server matches the read-only permission of the mobile hard disk, sending the read-only key and the encryption key after the use to the mobile hard disk. After receiving the read-only key and storing the received encryption key, the mobile hard disk immediately carries out decryption operation and distributes read-only authority to the user, and after the user finishes the operation, the mobile hard disk re-encrypts and waits for next re-authorization.
An embodiment of the present application provides a method for data encryption and decryption, which is applied to a system for data encryption and decryption, where the system for data encryption and decryption includes a cloud and a storage device, and taking execution on a mobile device side as an example, as shown in fig. 4, the method for data encryption and decryption may specifically include the following steps:
and 41, after wireless connection is established with the cloud and the storage device, generating third ciphertexts and sending the third ciphertexts to the cloud and the storage device respectively, receiving the first ciphertexts sent by the cloud and the second ciphertexts sent by the storage device respectively, sending the first ciphertexts to the storage device, and sending the second ciphertexts to the cloud.
And 42, respectively receiving the first characteristic information sent by the cloud and the second characteristic information sent by the storage device, sending the first characteristic information and the third characteristic information to the storage device, and sending the second characteristic information and the third characteristic information to the cloud.
And 43, decrypting the first characteristic information and the second characteristic information respectively by using the first ciphertext and the second ciphertext, and performing characteristic matching on the decrypted first characteristic information and the decrypted second characteristic information respectively.
And step 44, if the decrypted first characteristic information features are successfully matched, receiving a secret key sent by the cloud and sending the secret key to the storage device, and if the decrypted second characteristic information features are successfully matched, receiving an encryption and decryption state sent by the storage device and sending the encryption and decryption state to the cloud.
In this embodiment, the mobile device is used to establish wireless connection with the cloud and the storage device, so that the mobile device is used as an intermediate device between the cloud and the storage device to establish connection between the cloud and the storage device. After the third ciphertext is generated, the third ciphertext is respectively sent to the cloud and the storage device, the first ciphertext sent by the cloud and the second ciphertext sent by the storage device are respectively received, the first ciphertext is sent to the storage device, and the second ciphertext is sent to the cloud. And then after receiving the first characteristic information sent by the cloud and the second characteristic information sent by the storage device, sending the first characteristic information and the second characteristic information to the storage device, and sending the second characteristic information and the third characteristic information to the cloud. And respectively decrypting the first characteristic information and the second characteristic information by using the first ciphertext and the second ciphertext, and respectively performing characteristic matching on the decrypted first characteristic information and the decrypted second characteristic information. If the decrypted first characteristic information characteristics are successfully matched, and the mobile device passes the authentication of the cloud, the key sent by the cloud can be received and sent to the storage device. If the decrypted second characteristic information characteristics are successfully matched, which indicates that the mobile device passes the authentication of the storage device, the encryption and decryption state sent by the storage device can be received and sent to the cloud. Therefore, three-party authentication in the encryption and decryption process is realized, the security of the encryption and decryption process is further improved, the data encryption and decryption process can be realized by utilizing the mobile equipment, the limitation on whether a computer system is on the network or not is eliminated, the limitation on the region of an authorizer is also eliminated, and the data encryption and decryption are more convenient and faster to realize.
The execution main body of the embodiment may be a mobile phone, or a software or hardware based functional module in the mobile phone, and so on.
Based on the same technical concept, embodiments of the present application provide a server, as shown in fig. 5, the server may include: a processor 501, and a memory 502 connected to the processor 501; the memory 502 is used to store computer programs; the processor 501 is used to call and execute the computer program in the memory 502 to execute the data encryption and decryption method as described in any of the embodiments on the server side.
The server may be a cloud server.
For a specific implementation of the server provided in the embodiment of the present application, reference may be made to the implementation of the method for encrypting and decrypting data at the server side described in any of the above embodiments, and details are not described here again.
An embodiment of the present application further provides a storage device, as shown in fig. 6, where the storage device may specifically include: a processor 601, and a memory 602 connected to the processor 601; the memory 602 is used to store computer programs; the processor 601 is used to call and execute the computer program in the memory 602 to execute the data encryption and decryption method as described in any of the above embodiments on the storage device side.
For a specific implementation of the storage device provided in the embodiment of the present application, reference may be made to the implementation of the data encryption and decryption method on the storage device side described in any example above, and details are not described here again.
An embodiment of the present application provides a mobile device, as shown in fig. 7, where the mobile device may specifically include: a processor 701, and a memory 702 coupled to the processor 701; the memory 702 is used to store computer programs; the processor 701 is configured to call and execute a computer program in the memory 702 to execute the method for encrypting and decrypting data on the mobile device side according to any of the above embodiments.
For a specific implementation of the mobile device provided in this embodiment of the present application, reference may be made to the implementation of the method for encrypting and decrypting data on the mobile device side described in any of the above embodiments, and details are not described here again.
The embodiment of the present application provides a data encryption and decryption system, and as shown in fig. 8, the system may specifically include a server 801 as described in any of the above embodiments and a storage device 802 as described in any of the above embodiments.
In some embodiments, the system for encrypting and decrypting data may further comprise a mobile device as described in any of the above embodiments, wherein the server and the storage device are each wirelessly connected to the mobile device.
It is understood that the same or similar parts in the above embodiments may be mutually referred to, and the same or similar parts in other embodiments may be referred to for the content which is not described in detail in some embodiments.
It should be noted that, in the description of the present application, the terms "first", "second", etc. are used for descriptive purposes only and are not to be construed as indicating or implying relative importance. Further, in the description of the present application, the meaning of "a plurality" means at least two unless otherwise specified.
Any process or method descriptions in flow charts or otherwise described herein may be understood as representing modules, segments, or portions of code which include one or more executable instructions for implementing specific logical functions or steps of the process, and the scope of the preferred embodiments of the present application includes other implementations in which functions may be executed out of order from that shown or discussed, including substantially concurrently or in reverse order, depending on the functionality involved, as would be understood by those reasonably skilled in the art of the present application.
It should be understood that portions of the present application may be implemented in hardware, software, firmware, or a combination thereof. In the above embodiments, the various steps or methods may be implemented in software or firmware stored in memory and executed by a suitable instruction execution system. For example, if implemented in hardware, as in another embodiment, any one or combination of the following techniques, which are known in the art, may be used: a discrete logic circuit having a logic gate circuit for implementing a logic function on a data signal, an application specific integrated circuit having an appropriate combinational logic gate circuit, a Programmable Gate Array (PGA), a Field Programmable Gate Array (FPGA), or the like.
It will be understood by those skilled in the art that all or part of the steps carried by the method for implementing the above embodiments may be implemented by hardware related to instructions of a program, which may be stored in a computer readable storage medium, and when the program is executed, the program includes one or a combination of the steps of the method embodiments.
In addition, functional units in the embodiments of the present application may be integrated into one processing module, or each unit may exist alone physically, or two or more units are integrated into one module. The integrated module can be realized in a hardware mode, and can also be realized in a software functional module mode. The integrated module, if implemented in the form of a software functional module and sold or used as a stand-alone product, may also be stored in a computer readable storage medium.
The storage medium mentioned above may be a read-only memory, a magnetic or optical disk, etc.
In the description herein, reference to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the application. In this specification, the schematic representations of the terms used above do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
Although embodiments of the present application have been shown and described above, it is understood that the above embodiments are exemplary and should not be construed as limiting the present application, and that variations, modifications, substitutions and alterations may be made to the above embodiments by those of ordinary skill in the art within the scope of the present application.
Claims (10)
1. A method for encrypting and decrypting data, comprising:
after wireless connection is directly established with storage equipment, generating a first ciphertext, sending the first ciphertext to the storage equipment, and receiving a second ciphertext sent by the storage equipment;
sending first characteristic information to the storage device, and receiving second characteristic information sent by the storage device;
decrypting the second characteristic information by using the second ciphertext, and performing characteristic matching on the decrypted second characteristic information;
if the feature matching is successful, sending a secret key to the storage device so that the storage device executes corresponding encryption and decryption operations;
and receiving and storing the encryption and decryption state sent by the storage device.
2. The data encryption and decryption method according to claim 1, further comprising:
when the wireless connection with the storage equipment cannot be directly established, establishing the wireless connection with the storage equipment through mobile equipment;
generating the first ciphertext and sending the first ciphertext to the mobile device; meanwhile, receiving a third ciphertext sent by the mobile device and the second ciphertext of the storage device;
sending the first feature information to the mobile device, and receiving third feature information sent by the mobile device and the second feature information of the storage device;
decrypting the second characteristic information by using the second ciphertext, decrypting the third characteristic information by using the third ciphertext, and respectively performing characteristic matching on the decrypted second characteristic information and the decrypted third characteristic information;
if the decrypted second characteristic information and the decrypted third characteristic information are successfully matched in characteristic, sending a secret key to the storage device through the mobile device so that the storage device can execute encryption and decryption operations;
and receiving and storing the encryption and decryption state sent by the mobile equipment.
3. A method for encrypting and decrypting data, comprising:
after wireless connection is directly established with a cloud end, a second ciphertext is generated and sent to the cloud end, and the first ciphertext sent by the cloud end is received;
sending second characteristic information to the cloud end, and receiving first characteristic information sent by the cloud end;
decrypting the first characteristic information by using the first ciphertext, and performing characteristic matching on the decrypted first characteristic information;
if the feature matching is successful, receiving a key sent by the cloud, and executing corresponding encryption and decryption operations through the key;
and after the encryption and decryption operation is finished, sending an encryption and decryption state to the cloud.
4. The data encryption and decryption method according to claim 3, further comprising:
when the wireless connection with the cloud end cannot be directly established, the wireless connection with the cloud end is established through mobile equipment;
generating the second ciphertext and sending the second ciphertext to the mobile device; meanwhile, a third ciphertext sent by the mobile device and the first ciphertext of the cloud are received;
sending the second feature information to the mobile device, and receiving third feature information sent by the mobile device and the first feature information of the cloud;
decrypting the first characteristic information by using the first ciphertext, decrypting the third characteristic information by using the third ciphertext, and respectively performing characteristic matching on the decrypted first characteristic information and the decrypted third characteristic information;
if the decrypted first characteristic information and the decrypted third characteristic information are successfully matched in characteristic, receiving a secret key sent by the cloud end through the mobile equipment, and executing corresponding encryption and decryption operations according to the secret key;
and after the encryption and decryption operation is finished, sending an encryption and decryption state to the mobile equipment so as to be sent to the cloud end for storage through the mobile equipment.
5. A data encryption and decryption method is applied to a data encryption and decryption system, wherein the data encryption and decryption system comprises a cloud end and a storage device, and the method comprises the following steps:
after wireless connection with the cloud and the storage device is established respectively, third ciphertext is generated and sent to the cloud and the storage device respectively, first ciphertext sent by the cloud and second ciphertext sent by the storage device are received respectively, the first ciphertext is sent to the storage device, and the second ciphertext is sent to the cloud;
respectively receiving first characteristic information sent by the cloud and second characteristic information sent by the storage device, sending the first characteristic information and third characteristic information to the storage device, and sending the second characteristic information and the third characteristic information to the cloud;
decrypting the first characteristic information and the second characteristic information respectively by using the first ciphertext and the second ciphertext, and performing characteristic matching on the decrypted first characteristic information and the decrypted second characteristic information respectively;
and if the decrypted first characteristic information characteristic is successfully matched, receiving a key sent by the cloud end and sending the key to the storage device, and if the decrypted second characteristic information characteristic is successfully matched, receiving an encryption and decryption state sent by the storage device and sending the encryption and decryption state to the cloud end.
6. A server, comprising:
a processor, and a memory coupled to the processor;
the memory is used for storing a computer program;
the processor is configured to invoke and execute the computer program in the memory to perform the method of any of claims 1-2.
7. A storage device, comprising:
a processor, and a memory coupled to the processor;
the memory is used for storing a computer program;
the processor is configured to invoke and execute the computer program in the memory to perform the method of any of claims 3-4.
8. A mobile device, comprising:
a processor, and a memory coupled to the processor;
the memory is used for storing a computer program;
the processor is configured to invoke and execute the computer program in the memory to perform the method of claim 5.
9. A system for encrypting and decrypting data, comprising the server according to claim 6 and the storage device according to claim 7.
10. The system for encrypting and decrypting data according to claim 9, further comprising a mobile device according to claim 8; wherein the server and the storage device are wirelessly connected with the mobile device respectively.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110233985.2A CN112601219A (en) | 2021-03-03 | 2021-03-03 | Data encryption and decryption method and system, server, storage device and mobile device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110233985.2A CN112601219A (en) | 2021-03-03 | 2021-03-03 | Data encryption and decryption method and system, server, storage device and mobile device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112601219A true CN112601219A (en) | 2021-04-02 |
Family
ID=75210141
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110233985.2A Pending CN112601219A (en) | 2021-03-03 | 2021-03-03 | Data encryption and decryption method and system, server, storage device and mobile device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112601219A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2023272747A1 (en) * | 2021-06-29 | 2023-01-05 | 南京大学 | Scientific research data security protection system based on cloud fusion and working method thereof |
Citations (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030117262A1 (en) * | 2001-12-21 | 2003-06-26 | Kba-Giori S.A. | Encrypted biometric encoded security documents |
| CN101340630A (en) * | 2007-12-24 | 2009-01-07 | 四川长城天讯数码技术有限公司 | Model number automatic recognition method for mobile information terminal |
| CN101937501A (en) * | 2009-06-30 | 2011-01-05 | 西门子(中国)有限公司 | Method and device for protecting files from unauthenticated accesses |
| CN101983379A (en) * | 2008-04-02 | 2011-03-02 | 惠普开发有限公司 | Disk drive data encryption |
| CN101989323A (en) * | 2010-11-23 | 2011-03-23 | 北京安天电子设备有限公司 | Program signature and upgrade error recovery method and device based on universal serial bus (USB) flash disk carrier |
| CN102195983A (en) * | 2011-05-12 | 2011-09-21 | 深圳Tcl新技术有限公司 | Network terminal encryption authentication method and server |
| CN103037370A (en) * | 2012-11-05 | 2013-04-10 | 李明 | Portable storage device and identity authentication method |
| CN103701613A (en) * | 2014-01-06 | 2014-04-02 | 立德高科(北京)数码科技有限责任公司 | Bidirectional authentication method between authentication terminal and host and device |
| US20150007296A1 (en) * | 2012-08-09 | 2015-01-01 | Desire2Learn Incorporated | Code-based authorization of mobile device |
| CN104881602A (en) * | 2014-02-28 | 2015-09-02 | Ncr公司 | Unattended Secure Device Authorization |
| CN106104603A (en) * | 2014-02-06 | 2016-11-09 | 谷歌公司 | Follow the trail of the dynamic change of data |
| CN106506148A (en) * | 2016-10-28 | 2017-03-15 | 郑建钦 | A kind of date storage method based on mobile fingerprint |
| CN106570416A (en) * | 2016-10-28 | 2017-04-19 | 鄢碧珠 | Fingerprint-based cloud storage method |
| CN106712943A (en) * | 2017-01-20 | 2017-05-24 | 郑州云海信息技术有限公司 | Secure storage system |
| US20180082050A1 (en) * | 2013-09-08 | 2018-03-22 | Yona Flink | Method and a system for secure login to a computer, computer network, and computer website using biometrics and a mobile computing wireless electronic communication device |
| US20200076807A1 (en) * | 2018-09-04 | 2020-03-05 | International Business Machines Corporation | Controlling access between nodes by a key server |
| CN111758243A (en) * | 2019-12-18 | 2020-10-09 | 深圳市汇顶科技股份有限公司 | Mobile storage device, storage system and storage method |
| CN112434271A (en) * | 2021-01-25 | 2021-03-02 | 四川微巨芯科技有限公司 | Encryption verification method, device and equipment for identity of storage equipment |
-
2021
- 2021-03-03 CN CN202110233985.2A patent/CN112601219A/en active Pending
Patent Citations (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030117262A1 (en) * | 2001-12-21 | 2003-06-26 | Kba-Giori S.A. | Encrypted biometric encoded security documents |
| CN101340630A (en) * | 2007-12-24 | 2009-01-07 | 四川长城天讯数码技术有限公司 | Model number automatic recognition method for mobile information terminal |
| CN101983379A (en) * | 2008-04-02 | 2011-03-02 | 惠普开发有限公司 | Disk drive data encryption |
| CN101937501A (en) * | 2009-06-30 | 2011-01-05 | 西门子(中国)有限公司 | Method and device for protecting files from unauthenticated accesses |
| CN101989323A (en) * | 2010-11-23 | 2011-03-23 | 北京安天电子设备有限公司 | Program signature and upgrade error recovery method and device based on universal serial bus (USB) flash disk carrier |
| CN102195983A (en) * | 2011-05-12 | 2011-09-21 | 深圳Tcl新技术有限公司 | Network terminal encryption authentication method and server |
| US20150007296A1 (en) * | 2012-08-09 | 2015-01-01 | Desire2Learn Incorporated | Code-based authorization of mobile device |
| CN103037370A (en) * | 2012-11-05 | 2013-04-10 | 李明 | Portable storage device and identity authentication method |
| US20180082050A1 (en) * | 2013-09-08 | 2018-03-22 | Yona Flink | Method and a system for secure login to a computer, computer network, and computer website using biometrics and a mobile computing wireless electronic communication device |
| CN103701613A (en) * | 2014-01-06 | 2014-04-02 | 立德高科(北京)数码科技有限责任公司 | Bidirectional authentication method between authentication terminal and host and device |
| CN106104603A (en) * | 2014-02-06 | 2016-11-09 | 谷歌公司 | Follow the trail of the dynamic change of data |
| CN104881602A (en) * | 2014-02-28 | 2015-09-02 | Ncr公司 | Unattended Secure Device Authorization |
| CN106506148A (en) * | 2016-10-28 | 2017-03-15 | 郑建钦 | A kind of date storage method based on mobile fingerprint |
| CN106570416A (en) * | 2016-10-28 | 2017-04-19 | 鄢碧珠 | Fingerprint-based cloud storage method |
| CN106712943A (en) * | 2017-01-20 | 2017-05-24 | 郑州云海信息技术有限公司 | Secure storage system |
| US20200076807A1 (en) * | 2018-09-04 | 2020-03-05 | International Business Machines Corporation | Controlling access between nodes by a key server |
| CN111758243A (en) * | 2019-12-18 | 2020-10-09 | 深圳市汇顶科技股份有限公司 | Mobile storage device, storage system and storage method |
| CN112434271A (en) * | 2021-01-25 | 2021-03-02 | 四川微巨芯科技有限公司 | Encryption verification method, device and equipment for identity of storage equipment |
Non-Patent Citations (1)
| Title |
|---|
| 仇建平: "《信息安全技术》", 31 August 2017 * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2023272747A1 (en) * | 2021-06-29 | 2023-01-05 | 南京大学 | Scientific research data security protection system based on cloud fusion and working method thereof |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110177354B (en) | Wireless control method and system for vehicle | |
| CN110278078B (en) | Data processing method, device and system | |
| CN107864124B (en) | Terminal information security protection method, terminal and Bluetooth lock | |
| CN107993073B (en) | Face recognition system and working method thereof | |
| CN106611310B (en) | Data processing method, wearable electronic device and system | |
| CN109688573A (en) | Exchange method and bluetooth equipment between bluetooth equipment | |
| CN109902477A (en) | Ensure voice communication safety | |
| US20150020180A1 (en) | Wireless two-factor authentication, authorization and audit system with close proximity between mass storage device and communication device | |
| CN114070614B (en) | Identity authentication method, apparatus, device, storage medium and computer program product | |
| TW202031010A (en) | Data storage method and device, and apparatus | |
| CN114172544B (en) | Method for copying smart card, electronic equipment and storage medium | |
| CN106162537A (en) | Method, Wireless Telecom Equipment and the terminal that a kind of safety certification connects | |
| CN105915336A (en) | Object cooperative decryption method and device thereof | |
| CN109639644A (en) | Authority checking method, apparatus, storage medium and electronic equipment | |
| CN112087302A (en) | Device for encrypting and decrypting algorithm of asymmetric dynamic token | |
| CN108696361A (en) | Configuration method, generation method and the device of smart card | |
| US20180199191A1 (en) | Method and apparatus for key management of end encrypted transmission | |
| CN113920616A (en) | Vehicle and Bluetooth key safety connection method, Bluetooth module and Bluetooth key | |
| CN112601219A (en) | Data encryption and decryption method and system, server, storage device and mobile device | |
| CN113989958A (en) | Digital key sharing system, method and apparatus, vehicle and storage medium | |
| CN111491272B (en) | Vehicle unlocking method and system | |
| CN105022965A (en) | Data encryption method and apparatus | |
| CN108629192B (en) | Authorization data processing method and device | |
| CN110826097A (en) | Data processing method and electronic equipment | |
| US20140380061A1 (en) | Implementation Method of a Multifunctional MCU and such Multifunctional MCU |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210402 |