KR101688811B1 - Method of encrypting and decrypting data - Google Patents
Method of encrypting and decrypting data Download PDFInfo
- Publication number
- KR101688811B1 KR101688811B1 KR1020150064462A KR20150064462A KR101688811B1 KR 101688811 B1 KR101688811 B1 KR 101688811B1 KR 1020150064462 A KR1020150064462 A KR 1020150064462A KR 20150064462 A KR20150064462 A KR 20150064462A KR 101688811 B1 KR101688811 B1 KR 101688811B1
- Authority
- KR
- South Korea
- Prior art keywords
- key
- encryption
- text data
- token
- data
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
- H04L9/16—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms the keys or algorithms being changed during operation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Medical Informatics (AREA)
- Storage Device Security (AREA)
Abstract
In the data encryption / decryption method, the encryption / decryption requesting apparatus requests encryption of original data. The token server encrypts the original text data based on the first cryptographic key to generate the first text cipher text data, and provides a token value corresponding to the original text data. When the encryption decryption request apparatus requests decryption of the token value after the first encryption key is updated to the second encryption key, the token server decrypts the first original text cipher text data based on the first encryption key, And encrypts the original text data based on the second cryptographic key to provide the second original text ciphertext data. In the data encryption / decryption method according to the present invention, when the encryption decryption requesting apparatus requests decryption of the token value after the first encryption key is updated with the second encryption key, the token server encrypts the first original key The ciphertext data is decrypted to provide the original text data, and the original text data is encrypted based on the second ciphertext to provide the second text ciphertext data, thereby protecting the personal information in the ciphering key leakage.
Description
The present invention relates to data processing, and more particularly, to a data encryption / decryption method.
Personal information may be encrypted in order to maintain the security of personal information. Even if the personal information is encrypted, the personal information may be illegally used if the encryption key is leaked. Various studies have been conducted to protect personal information when a cryptographic key is leaked.
In order to solve the above problems, an object of the present invention is to provide a token server, in which when a first encryption key is updated with a second encryption key, and the encryption / decryption request apparatus requests decryption of a token value, Decrypting the first original text cipher text data to provide original text data and encrypting the original text data based on the second cryptographic key to provide the second original text cipher text data, Method.
According to an aspect of the present invention, there is provided a method of encrypting data according to embodiments of the present invention, the method comprising: requesting encryption of an original data by an encryption / decryption requesting apparatus; Encrypting the first ciphertext data to generate first ciphertext data and providing a token value corresponding to the original text data; and after the first ciphering key is updated with the second ciphering key, The token server decrypts the first cipher text data based on the first cipher key to provide the original text data, encrypts the original text data based on the second cipher key, And providing the original text ciphertext data.
In an exemplary embodiment, after the first cryptographic key is updated with the second cryptographic key, if the encryption decryption request apparatus requests encryption, the token server performs encryption based on the second cryptographic key .
In an exemplary embodiment, the version of the token value, the first text cipher text data, and the first cryptographic key corresponding to the original text data may be stored in a database.
In an exemplary embodiment, the database may be located outside the token server.
In an exemplary embodiment, when the first cryptographic key is updated with the second cryptographic key, the version of the token value, the second original cipher text data, and the second cryptographic key corresponding to the original text data, Lt; / RTI >
In an exemplary embodiment, the database may be located within the token server.
In an exemplary embodiment, the token server may provide a latest update key request signal requesting the key server for information about the most recently updated latest update cipher key at predetermined time intervals.
In an exemplary embodiment, the key server may include a key request processing module that provides a version of the latest update cipher key and the latest update cipher key based on the latest update key request signal.
In an exemplary embodiment, the key request processing module may receive a version of the latest update encryption key from a key pointer included in the key server.
In the exemplary embodiment, the token server may further include a token server for storing the version of the token value, the first original text ciphertext data, and the first cryptographic key corresponding to the original text data stored in the database, The token value corresponding to the original text data, the second original text cipher text data, and the second cryptographic key.
In the data encryption / decryption method according to embodiments of the present invention, after the first encryption key is updated with the second encryption key, when the encryption / decryption requesting apparatus requests decryption of the token value, And provides the original text data by decrypting the first text cipher text data, and encrypts the original text data based on the second cryptographic key to provide the second text cipher text data, thereby protecting the personal information when the encryption key is leaked.
1 is a flowchart illustrating a data encryption / decryption method according to embodiments of the present invention.
2 is a block diagram illustrating a data encryption and decryption system according to embodiments of the present invention.
FIG. 3 is a diagram for explaining an example of the data encryption / decryption method of FIG.
FIG. 4 is a view for explaining an example of operation of the data encryption / decryption system of FIG.
5 is a block diagram illustrating an example of a token server included in the data encryption / decryption system of FIG.
FIG. 6 is a diagram for explaining another operation example of the data encryption / decryption system of FIG. 2. FIG.
FIG. 7 is a diagram for explaining another operation example of the data encryption / decryption system of FIG.
8 is a view for explaining a batch key update operation of the data encryption / decryption system of FIG.
For the embodiments of the invention disclosed herein, specific structural and functional descriptions are set forth for the purpose of describing an embodiment of the invention only, and it is to be understood that the embodiments of the invention may be practiced in various forms, And is not to be construed as limited to the embodiments described in Figs.
The present invention is capable of various modifications and various forms, and specific embodiments are illustrated in the drawings and described in detail in the text. It is to be understood, however, that the invention is not intended to be limited to the particular forms disclosed, but on the contrary, is intended to cover all modifications, equivalents, and alternatives falling within the spirit and scope of the invention.
The terms first, second, etc. may be used to describe various components, but the components should not be limited by the terms. The terms may be used for the purpose of distinguishing one component from another. For example, without departing from the scope of the present invention, the first component may be referred to as a second component, and similarly, the second component may also be referred to as a first component.
It is to be understood that when an element is referred to as being "connected" or "connected" to another element, it may be directly connected or connected to the other element, . On the other hand, when an element is referred to as being "directly connected" or "directly connected" to another element, it should be understood that there are no other elements in between. Other expressions that describe the relationship between components, such as "between" and "between" or "neighboring to" and "directly adjacent to" should be interpreted as well.
The terminology used in this application is used only to describe a specific embodiment and is not intended to limit the invention. The singular expressions include plural expressions unless the context clearly dictates otherwise. In the present application, the terms "comprise", "having", and the like are intended to specify the presence of stated features, integers, steps, operations, elements, components, or combinations thereof, , Steps, operations, components, parts, or combinations thereof, as a matter of principle.
Unless otherwise defined, all terms used herein, including technical or scientific terms, have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. Terms such as those defined in commonly used dictionaries should be construed as meaning consistent with meaning in the context of the relevant art and are not to be construed as ideal or overly formal in meaning unless expressly defined in the present application .
Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings. The same reference numerals are used for the same constituent elements in the drawings and redundant explanations for the same constituent elements are omitted.
FIG. 1 is a flowchart illustrating a data encryption / decryption method according to an embodiment of the present invention. FIG. 2 is a block diagram illustrating a data encryption / decryption system according to an embodiment of the present invention. Fig. 8 is a diagram for explaining an example of a method.
1 to 3, the data encryption /
When the
When the encryption /
In the data encryption / decryption method, the encryption /
The
When the encryption
The data encryption / decryption method according to embodiments of the present invention is a method in which the encryption /
FIG. 4 is a view for explaining an example of operation of the data encryption / decryption system of FIG.
Referring to FIGS. 1, 2 and 4, the data encryption /
After the first cryptographic key KEY1 is updated to the second cryptographic key KEY2, the cryptographic key KEY is the second cryptographic key KEY2, and the original decryption data O_D) may be "0987654321123 ". If the original text data O_D requested by the encryption /
In an exemplary embodiment, the token value T_V, the first original cipher text data OE_D1, and the version (KEY_V1) of the first cryptographic key corresponding to the original text data O_D may be stored in the
5 is a block diagram illustrating an example of a token server included in the data encryption / decryption system of FIG.
1 to 5, the data encryption /
In the exemplary embodiment, when the first cryptographic key KEY1 is updated with the second cryptographic key KEY2, the token value T_V corresponding to the original text data O_D, the second original text cipher text data OE_D2, The version (KEY_V2) of the second cryptographic key may be updated in the database (400). For example, the first cryptographic key KEY1 may be updated with the second cryptographic key KEY2 at the first time T1. After the first cipher key KEY1 is updated with the second cipher key KEY2, the encryption
The data encryption / decryption method according to embodiments of the present invention is a method in which the encryption /
FIG. 6 is a diagram for explaining another operation example of the data encryption / decryption system of FIG. 2. FIG.
6, the
The data encryption / decryption method according to embodiments of the present invention is a method in which the encryption /
FIG. 7 is a diagram for explaining another operation example of the data encryption / decryption system of FIG.
Referring to FIGS. 2 and 7, the data encryption /
In an exemplary embodiment, the
For example, the version (KEY_V2) of the latest update cryptographic key stored in the
In an exemplary embodiment, the key
8 is a view for explaining a batch key update operation of the data encryption / decryption system of FIG.
Referring to FIG. 8, in the data encryption / decryption method, the encryption /
The
When the encryption
In the exemplary embodiment, the
The token value T_V corresponding to the original text data O_D stored in the
The data encryption / decryption method according to embodiments of the present invention is a method in which the encryption /
In the data encryption / decryption method according to embodiments of the present invention, after the first encryption key is updated with the second encryption key, when the encryption / decryption requesting apparatus requests decryption of the token value, Decrypting the first text ciphertext data to provide the original text data and encrypting the original text data based on the second cryptographic key to provide the second text ciphertext data, Lt; / RTI >
While the present invention has been described with reference to the preferred embodiments thereof, it will be apparent to those skilled in the art that various modifications and variations can be made in the present invention without departing from the spirit and scope of the invention as defined in the appended claims. It will be understood.
Claims (10)
The token server encrypts the original text data based on the first cryptographic key to generate first original text cipher text data and generates a token value corresponding to the original text data;
Associating the token value, the first text cipher text data, and the version of the first cryptographic key, which correspond to the original text data, in a database;
Providing the token value to the encryption decryption request apparatus;
When the encryption decryption request apparatus requests decryption of the token value after the first encryption key is updated to the second encryption key, the token server extracts, from the database, the first original text cipher text Reading the data;
Decrypting the first cipher text data based on the first cipher key to generate the original text data and providing the original text data to the encryption decryption request apparatus;
The token server encrypting the original text data based on the second cryptographic key to generate second text ciphertext data; And
Wherein the token server updates the version of the first original cipher text data and the first cipher key stored in the database with the version of the second original cipher text data and the second cipher key respectively associated with the token value The method comprising the steps of:
Wherein the token server performs encryption based on the second cryptographic key if the encryption decryption request apparatus requests encryption after the first cryptographic key is updated with the second cryptographic key. Way.
Wherein the database is located outside the token server.
Wherein the database is located within the token server.
Wherein the token server provides a latest update key request signal requesting the key server for information on the latest update cipher key most recently updated at a predetermined time interval.
And a key request processing module for providing a version of the latest update cipher key and the latest update cipher key based on the latest update key request signal.
Wherein the key request processing module receives a version of the latest update encryption key from a key pointer included in the key server.
The token server transmits a version of the token value, the first original-text cipher text data and the first cryptographic key corresponding to the original text data stored in the database based on the batch key update signal to the token corresponding to the original text data Value, the second original-text ciphertext data, and the second cipher key.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020150064462A KR101688811B1 (en) | 2015-05-08 | 2015-05-08 | Method of encrypting and decrypting data |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020150064462A KR101688811B1 (en) | 2015-05-08 | 2015-05-08 | Method of encrypting and decrypting data |
Publications (2)
Publication Number | Publication Date |
---|---|
KR20160131620A KR20160131620A (en) | 2016-11-16 |
KR101688811B1 true KR101688811B1 (en) | 2016-12-22 |
Family
ID=57541126
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020150064462A KR101688811B1 (en) | 2015-05-08 | 2015-05-08 | Method of encrypting and decrypting data |
Country Status (1)
Country | Link |
---|---|
KR (1) | KR101688811B1 (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20200047992A (en) | 2018-10-29 | 2020-05-08 | 주식회사 스파이스웨어 | Method for simultaneously processing encryption and de-identification of privacy information, server and cloud computing service server for the same |
KR102276189B1 (en) | 2020-11-13 | 2021-07-12 | 주식회사 스파이스웨어 | Method and Apparatus for Personal Information Encryption Using an Encryption Network |
KR102318981B1 (en) | 2020-11-13 | 2021-10-29 | 주식회사 스파이스웨어 | Method and Apparatus for Personal Information Encryption Using Image Composing |
KR102338191B1 (en) | 2020-10-28 | 2021-12-13 | 주식회사 스파이스웨어 | Data encryption apparatus and method using supervised learning |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR101929355B1 (en) | 2016-12-14 | 2019-03-12 | (주)네오와인 | Encryption and decryption system using unique serial number and symmetric cryptography |
KR102617447B1 (en) * | 2023-01-30 | 2023-12-27 | 박성곤 | File management system providing file encryption function and method of the same |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2002217896A (en) | 2001-01-23 | 2002-08-02 | Matsushita Electric Ind Co Ltd | Method for cipher communication and gateway device |
JP2002300151A (en) | 2001-03-29 | 2002-10-11 | Fujitsu Fip Corp | Encryption key management method, encryption key management program, and recording medium |
KR101428648B1 (en) | 2014-01-29 | 2014-08-13 | (주)케이사인 | Method of block token-based encryption and method of block token-based decryption |
-
2015
- 2015-05-08 KR KR1020150064462A patent/KR101688811B1/en active IP Right Grant
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2002217896A (en) | 2001-01-23 | 2002-08-02 | Matsushita Electric Ind Co Ltd | Method for cipher communication and gateway device |
JP2002300151A (en) | 2001-03-29 | 2002-10-11 | Fujitsu Fip Corp | Encryption key management method, encryption key management program, and recording medium |
KR101428648B1 (en) | 2014-01-29 | 2014-08-13 | (주)케이사인 | Method of block token-based encryption and method of block token-based decryption |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20200047992A (en) | 2018-10-29 | 2020-05-08 | 주식회사 스파이스웨어 | Method for simultaneously processing encryption and de-identification of privacy information, server and cloud computing service server for the same |
KR102338191B1 (en) | 2020-10-28 | 2021-12-13 | 주식회사 스파이스웨어 | Data encryption apparatus and method using supervised learning |
KR102276189B1 (en) | 2020-11-13 | 2021-07-12 | 주식회사 스파이스웨어 | Method and Apparatus for Personal Information Encryption Using an Encryption Network |
KR102318981B1 (en) | 2020-11-13 | 2021-10-29 | 주식회사 스파이스웨어 | Method and Apparatus for Personal Information Encryption Using Image Composing |
Also Published As
Publication number | Publication date |
---|---|
KR20160131620A (en) | 2016-11-16 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
KR101688811B1 (en) | Method of encrypting and decrypting data | |
US10778427B2 (en) | Method and apparatus for encrypting and decrypting product information | |
KR100753932B1 (en) | contents encryption method, system and method for providing contents through network using the encryption method | |
CN101271501B (en) | Encryption and decryption method and device of digital media file | |
KR101371608B1 (en) | Database Management System and Encrypting Method thereof | |
US9798893B2 (en) | Secure format-preserving encryption of data fields | |
US20080247540A1 (en) | Method and apparatus for protecting digital contents stored in usb mass storage device | |
CN108432178B (en) | Method for securing recording of multimedia content in a storage medium | |
US10630474B2 (en) | Method and system for encrypted data synchronization for secure data management | |
EP2797254A1 (en) | Encrypted data administration device, encrypted data administration method, and encrypted data administration program | |
CN103237010B (en) | The server end of digital content is cryptographically provided | |
CN103488915A (en) | Double-secret-key-encryption resource encryption and decryption method with combination of software and hardware | |
KR20140109321A (en) | Device for generating an encrypted key and method for providing an encrypted key to a receiver | |
KR102160523B1 (en) | Method and apparatus for encrypting and decrypting a multimedia content | |
US20170351871A1 (en) | Data Owner Controlled Data Storage Privacy Protection Technique | |
JP6930053B2 (en) | Data encryption method and system using device authentication key | |
CN102103668B (en) | Method for operating a security device | |
CN103237011B (en) | Digital content encryption transmission method and server end | |
US9559840B2 (en) | Low-bandwidth time-embargoed content disclosure | |
US8391497B2 (en) | Method for importing rights object and rights issuer | |
US10380353B2 (en) | Document security in enterprise content management systems | |
KR101473656B1 (en) | Method and apparatus for security of mobile data | |
US9038194B2 (en) | Client-side encryption in a distributed environment | |
CN103745170A (en) | Processing method and device for disk data | |
KR101428648B1 (en) | Method of block token-based encryption and method of block token-based decryption |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
E90F | Notification of reason for final refusal | ||
E701 | Decision to grant or registration of patent right | ||
GRNT | Written decision to grant |