TWI244849B - An internal business data decryption method - Google Patents

Abstract

This invention relates to an internal business data decryption method, which enables encrypted data files to be decrypted through authentication with e-business server and transfers decrypted string back to a user end. The invention is used for preventing confidential data from being revealed, allowing authorized users to use the encrypted data files. Therefore, this invention can achieve the objective of data security ensuring internal data files to be used within an enterprise only.

Description

9 44 12

Explain that the industry I issued eight only [except five P clear explanation to use clfh-f species-is the secret solution of the special method. The case law of the case law of J case is a combination of materials and techniques. It belongs to the internal technical news issued by Mingzi, and it belongs to the industry company.

Page 5 Prior Techniques] Today, the technology—the daily life of information—the functions of information processing devices and communication-related devices are becoming more and more diversified. At the same time, the surroundings of information processing devices must be strengthened. The equipment comes straight; U is used to enhance the competitiveness of the enterprise; however, when other related security control edges are developed ... At the same time, the decentralized systems used by the industry rt are also mostly related to- The traffic that caused the management to fail is quite astonishing. Crossing the net: / f. In recent years, in order to avoid internal information of enterprises such as: fire prevention; sub: provide some means to solve the above problems, the security department: Come :::: == Internet control, anti-virus programs that use the Internet to allow data brain viruses or corporate employee equipment to keep data out of the $$ = & Second, for external error cards, zips, external dogs: Do Protection methods, such as: magnetic discs, but ca n’t remember the disc burning for the above topics, and so on. : Used to chase funds it: Patent Bulletin No. 343301, the case of information preservation system and method for the status of the external machine of the invention name, 1244849 V. The description of the invention (2) is based on the different preservation and its focus is on = = Contact the server, take the encryption action and then take this method to reduce the speed of the network in the enterprise. Because of the connection, the system's data transmission at this time will also waste a lot of this patent case. Regarding the encryption case, for the two most important assets and assets of today's technical companies, how to protect the author ’s very important task and encryption. When the encrypted data is returned, it is a means to propose solutions. The purpose of this invention is to implement different data protection methods. When internal data is to be flowed out, the user must authorize it before releasing it, or return fake data to the user through the server. There will be a lot of load on the Internet. Even in a large enterprise, quite a lot of sources will be occupied at the same time. At the time of the employees of the company, once the information is returned, Furthermore, after the file is decrypted view put forward new solutions' should not really have a similar situation. As mentioned above, talents and information are modern. 'All companies must work hard to create and protect the business secrets of this technology company. It has become a great challenge for information workers. The direction of sexual thinking. [Summary of the invention] Fang =, the present invention provides a method for de-encrypting the data in the enterprise, using the purpose of the file to decrypt the system encrypted file data to decrypt the field within the enterprise [machine identification code to distinguish permissions, Let the data be used only in one text, and can be widely used to control the execution of unauthorized software according to the present invention. Method for de-encrypting data in the enterprise

$ 6 页 1244849 V. Description of the invention (3), including at least the following steps: transparent, and its maintenance function, and then using the server to create a server database connection to connect, and then use, according to different selection modes and servo Server data, and then the client detects, confirms and confirms the latest server-to-user command to the client, and ^ does any external storage device need to be saved to the file. After confirmation, the user $ user The terminal determines whether the file is a security file identification code, a user code, and a file sending and receiving interface. The sending machine sends and receives the interface and sends it to the server. '=, = Header to the server sends the client's machine identification code. And: ^ shell database, and then the server-side judgment file is stored in the server to determine whether it is correct, and then write the file number to send the appropriate decryption string ^; ^ the server-side sends and receives according to the user-side The interface sends the sending and receiving media ®, and the server sends it to the client. "::: The client sends and receives media to decrypt and restore it to a normal standard. The decrypted string adds the security file to the sender. After the cockroach is taken in two, the general standard is stored in the user's terminal. The seven details and techniques are described below in conjunction with the drawings. [Embodiment] The present invention is a method for lifting an enterprise by referring to FIG. For the method of adding internal forks in Rm, please win the system structure to remove the encryption of the data in the enterprise. The basic structure of the present invention is described below. It is composed of the client 200 and the user 2 .... 〇 And use 1 G 0 to complete _ ^ n ^ ^ ... from the servo state terminal 100 ... record all write and write actions, and provide for decryption

Page 7 of 1244849 V. Description of the invention (4) ----- Authorization code, in addition to encrypting the file and authorization code written by the user end 2000 to decrypt the security file to avoid the outflow of corporate data and let the data only It can be used inside the enterprise, and can fully control the execution of unauthorized software. The server terminal 100 is used to receive and transmit data, and integrates and manages the internal data of the enterprise. It stores the security settings and user terminal 200. The use record, ^, and the function of updating the security setting data in the user terminal 200, especially the information and decryption string for analyzing the decryption requirements of the security file, and includes (1) the management interface module 110, (2) the servo Server-side database 丨 20, (3) dynamic directory module, and 1 3 0 and (4) server-side transmission and receiving interface 1 4 0, further explained as follows, (1) management interface module 11 0, which provides a Management interface, allowing system operators to directly issue instructions and manage server-side 100. (2) The server-side database 1220 provides a space for storing server-side data and other externally input data, and makes it directly accessible. (3) Active Directory module i30 (Active Directory), which can obtain enterprise employee and department group data through Lightweight Directory Access Protocol (LDPA), and save it to the server-side database 1 2 0. (4) The server-side transmission and receiving interface 14o is used to receive the data from the user-side 10 () and return it to the server-side database 120 and the data sent by the server-side 100. The user terminal 200 is used to receive and transmit data, and write the general file and the security file through the security settings.

III

1244849 V. Description of the invention (5) Secret operation to achieve the function of de-encrypting data, and includes (1) core function module 2 1 0, (2) user database 2 2 0, (3) use The user interface module 2 3 0 and (4) the user terminal sends and receives the interface 24 0, and further explains the following C1) The core function module 2 1 0, you all, Xiaokou and the manufacturer side 2 0 0 data outflow, through The security settings discriminate the difference between the general file and the security file and decide the processing method so that the data to be accessed by the user can be used; the general slot refers to the unencrypted file and presented in clear text. (2) The user database 2 220 is to provide a space for storing the data of the client 200 and other externally input data, and can directly access the secure slot. The secure broadcast refers to encrypted files And presented in cipher text. (3) The user interface module 23 is a user interface, which can resolve a security file after obtaining the security setting and decryption string from the server 100, so that the security file response becomes a normal file, allowing the operation Can be easily used. -六 Using the six-party transmission interface 迗 Receiving interface 240, which is the receiving server 100; To the user-side database 22 °, and the specific settings of the transmission user paste include different user names and user terminals on the computer 2 0 0 The encryption used and symmetric encryption, instead of pairwise, the encryption can be asymmetric encryption (㈣, m algorithm and rounding = encryption of public records can be Blow fish,. 1 • ,,,, One of them, and one of the symmetrical forms CAST-128 and RC2—Γ1P 6 DES, DES, IDEA, RC5, 1244849 5. Description of the invention (β)

， MO ， buffer-type storage device 3 0 0 can be connected from floppy disk, CD-ROM drive, ZIP H universal serial bus ㈤ ⑷ serial bus (Par a 1 1 e 1 p, to universal serial bus connection You can choose any combination of cable, parallel port connection line information storage belt, human string: port connection line (Seria: l Port), and mobile type. One record ^ ^ server end 100 stores a write The record file of the file, this identification code: make Sint: the time when the coffin case was written, the computer machine data structure) and the random Λ'Λ case name, the thumbprint of the coffin case (MD5 Security 2 ® '第 2 ® is the invention that the end user to unlock the side m: 2 ° two network end: ;; :: ^ iv transmitted by the terminal state, when the safety = Bu-hill with disabilities to Yau Tin Tin King Wen only external storage device 300 to be used to move I will use the aforementioned decryption method to unsecure this security file and put it in the normal file 350, so that others can open and decrypt the normal file 350, which will be presented in a monthly manner so that anyone can read it. With reference to the figure, Figure 3 is a diagram of the relationship between the server end and the multiple ends of the present invention. This figure mainly illustrates the internal A server = 1 00 is transmitted through the server-side transmission and reception interface 14 and a plurality of user-side transmission and reception interfaces 24 0a to 2 00n respectively, and the data transmission Receiving is more rapid. Refer to Figures 4-a to 4-d for details, which is a flowchart of the method for encrypting data in an enterprise according to the present invention, which is explained as follows: Page 10 1244849 V. Description of the invention (7 ) Secret: ^ ^ Create a server-side database 1 2 0 and = σ through the server end 1 0 0 (step 4 0 0), at this time, please see step A, and refer to Figure 5, Figure: 1. The detailed flowchart of the server-side database for the server-side of the present invention. After the server is created, firstly, a management interface module 11 is established so that it can enter the servo to perform the access function for the shellfish database 120 (step 4). 2) Then, through a move, the branch group 130 obtains the information of the enterprise employee and the department group (step 404), and finally stores the data in the server-side database 12 (step 4 06), and then returns to Figure 4-a continues the process after step 400, a user terminal 200 selects according to different modes The connection mode (step 410) with the server end 100 can be divided into an active connection mode (step 4) or a passive connection mode (step 420), and enters step B and step c, respectively. This connection mode is to be described in Figures 4-a, 4-b, 4-c, and 4-d. When the connection is completed, the user terminal 2000 obtains and confirms The latest information of the server 100 (step 43), and the client 200 detects whether there is an external storage device 300. A command to save a file to a client 200 (step 44). ), If not, the user terminal continuously monitors (step 450); if there is a file to be stored in a user terminal 200; the user terminal 200 determines whether the file is a secure file (step 460) ), If it is not a security file, directly save the file to the hard disk (step 470: · 'If it is a security file, send a machine identification code and a use of the user through a user-end transmission and receiving interface 240 The user code and a file header of the file are sent to a server-side transmitting and receiving interface 14 and sent to the server. = Server-side database (step 480), this header records a method of encryption,-the index of the decryption private key on the server, a security file

Page 11 1244849

The date and time of birth and the user name of the security file are encrypted, and then the server 100 determines whether the machine identification code and user code of the user 200 are correct (step 4 9 〇). ), If it is not correct, the client 2Q0 refuses to restore the security file to a normal file and saves the security file to the hard disk (step 500), and then the user terminal 200 It is determined whether there is a command to cancel the encryption of the security file (step 51), if there is no command to cancel the encryption of the security file, the user terminal 200 continuously monitors (step 52), and returns to step 510, if If there is a command to unencrypt the security file, step 460 is repeated. V. Description of the invention (8) The machine identification code refers to the specific machine serial number on the computer of the specific user terminal 2000. After returning to step 49, if the machine identification code is correct with the user, it will be written The log file of the input file is stored in the server-side database 120 / step 5 30). After saving, the server-side 100 transmits an appropriate decryption string to the server-side transmission and receiving interface according to the user code. 1 40 (step 540), this decryption string is decrypted in a relative manner according to different encryption methods of the security file, and then the server side transmits and receives 140 and the decryption string is transmitted to the user side. The receiving interface 24 and sends it to == 200 (step 5 50), and then the user 200 decrypts the secure slot and restores it to the normal broadcast (step 5 60) ) ,, ^. After that, the general file is stored in the user terminal (step 570), and then the process after step B is explained. Please refer to the 6th _a chart and the 6th chart. This is the initiative of the user terminal of the present invention. Details of the connection mode. Figure (a) and Figure 6-b show the active connection mode of the user end of the present invention

Page 12 of 1244849 V. Description of the invention (9) The formula is: wide-range map (2), the words are as follows: User = :! Special: (First Niu Tou 2: User-end database 22. Get the proxy "Send ... Send" with the same name, then connect to eight: through, after a server end value 〆 ,,, sister # 人 叩 "step 6〇 2) 'After the transmission is completed, enter the server's terminal J library two: 1 The cow 40 receives the command of the synchronization data and compares it with the database 120; step 604) 'After that, the temple server will report back the error-whether it is correct or not (step 606). If the feature is incorrect, The user side 20 (uH / ^ j Λ 者 者 端 200 (step 62)), at this time it should be outflowed (step 622 =: poor material library 2 20 set a limit to avoid the data library 120 ^ right sign is correct , Then use the server end to determine whether the user database 22G needs to be synchronized. If the user database 2 20 does not need to be synchronized, step 6, 〇Γ 4th floor The record building of the case is stored in the server-side database 12 (step 640), and the right-side user-side database 22 needs to be synchronized. Then == the server-side database 12o updates the data. Pass and receive through the temple server; i-side 140 transmits (step 63), and finally the user transmits and receives; I-side 2 40 receives and stores it in the user database 2 2 0 (step 6). 3 2), and the process is ended. The timing of triggering the active connection mode in this figure can be retrieved from the user end 200 to the server end 100 or the first network connection after booting or泫 User terminal 2000 is free to set any one of a time period. Next, the detailed process after step c will be explained. Step c can be divided into

Page 13 1244849 V. Description of the invention (10) The server side 1 0 0 notifies the change setting (steps c and 100) to transmit the change setting (step C2), as shown in Figure f through the server side directly. Figure 7-a shows the invention Detailed flow chart of the user side a and the 7th-b chart device notification of changing the settings, silver 7 = and through the servo = passive connection mode and directly through feeding θ = 2 = detailed flow chart, explained as follows: After changing the step C1, the server end 100 judges whether the security settings have been changed (step 70 0). If there is no two-sided control, the server end 100 continuously monitors (step 7, and Ai women's production settings, pull the two into the 2M 2 j service to know 10 0 through the server-side communication receiving interface 丨 40 notify each user terminal 200 that the security settings need to be changed (step 720), and then use each The user side 200 receives the notification signal through the user-side transmission and receiving interface 240 and sends the receiving interface 14 to the server side to request to retrieve the new security settings (step 73), and finally, the server side丨 〇〇 Pass back the new security settings through the management interface module 1 1 〇 Give the client 200 'the client 200 and store it in the client database 22 (step 740), and end the process of ci.

After step C2, the server 100 judges whether a management interface module no has changed the security setting (step 750). If the security setting is not changed, the server continuously monitors; if the security setting is changed, then Through the server-side transmission and reception interface 1 4 0, the new security settings are directly transmitted to the user's transmission and reception interface 240 (step 770). Finally, the user-side transmission and reception interface 2 4 0 stores the new security settings in The client database 2 2 0 (step 780).

Page 14 1244849

Page 15 1244849 Brief description of the drawings [Simplified description of the drawings] Fig. 1 is a system architecture diagram of the present invention for de-encrypting data in an enterprise; Fig. 2 is a schematic diagram of a user end unlocking a security file of the present invention; Fig. 3 is a relationship diagram between the server end and a plurality of user ends of the present invention; Fig. 4-a is a flowchart (a) of the method for de-encrypting data in an enterprise of the present invention, and Fig. 4-b is this Flow chart of the method for de-encrypting data in an enterprise (II), Fig. 4-c is a flow chart of the method for de-encrypting data in an enterprise (C) Flow chart (4) of the method for encrypting data in the enterprise; Figure 5 is a detailed flow chart of establishing a server-side database on the server side of the present invention; Figure 6-a is a detailed flow chart of the active connection mode of the user end of the present invention Figure (a); Figure 6-b is a detailed flow chart of the active connection mode of the user terminal of the present invention (II); Figure 7-a is the passive connection mode of the user terminal of the present invention and notification of changes through the server Set-up details ; And of 7 - b Pictured passive user terminal connected mode of the present invention and transmits the setting change detailed flow directly through the servo Burgundy month end.

Page 16 1244849 Brief description of the diagram [Symbol description 100 110 120 130 140 200 200a ~ 200η 210 220 230 240 240a ~ 240η 250 300 350 Step 400 Step 402 Step 404 Step 406 Step 410 Server-side management interface module Server-side Database dynamic directory module server-side transmission and reception interface user-side core function module user-side database user interface module user-side transmission and reception interface user-side transmission and reception interface hard disk external storage device Decrypt a general file. A server-side database and a maintenance function are established through a server-side. A management interface module is established so that it can enter the server-side database to perform access functions. Enterprise employees and departments are obtained through a dynamic directory module. The group data stores the data into the server-side database of a company. A client chooses the server side according to different modes.

Page 17 1244849 Simple description of the connection diagram Step 41 5 Active connection mode step 4 2 0 Passive connection mode step 4 3 0 The client-side picking step 44 0 The client-side saves a file to the step 4 5 0 The user side holds step 4 6 0 The user side judges step 4 7 0 The file is directly passed to step 4 8 0 Through a user's — the machine recognizes a file to a server side of the server. Step 490 The server end judges a user code step 5 0 0 checks the user end and checks the security step 5 10 the user side orders a command step 5 2 0 the user side holds a step 5 3 0 writes a File step 54 0 The server end decrypts the string to get the latest information from the server. Check if there is an external storage device. A client command is required to continue to monitor whether the file is stored in a secure file. To the middle end of the hard disk sending and receiving interface to send the client Code and a user code and the server-side transmission and receiving interface of the file and send it to the library to determine whether a machine identification code on the user side and whether the security file is correctly refused to be restored to the normal file are saved to the hard disk interrupt Whether there is a log file for deactivating the security slot encryption and continued monitoring is stored in the server-side database and an appropriate server-side sending and receiving interface is sent according to the user code.

Page 18 1244849 The diagram briefly explains step 5 5 0 step 5 6 0 step 5 7 0 step 6 0 0 step 6 0 2 step 6 0 4 step 6 0 6 step 6 1 0 step 6 2 0 step 6 2 2 step 6 3 0 step 6 3 2 step 6 4 0 step 700 The server-side transmitting and receiving interface sends the decrypted string to the user-side transmitting and receiving interface and sends it to the user-side. The user-side sends the decrypted string through the decrypted string. The security file is decrypted and restored to the general file. The general file is stored in the user terminal. A characteristic of the user terminal is obtained through a user terminal database. A command for transmitting synchronous data is transmitted through a user terminal receiving interface. A server-side transmitting and receiving interface receives the command for synchronizing the data and enters the server-side database. The server-side database compares the feature correctly with the server-side database to determine whether the client-side database needs Perform a synchronous comparison and report an error message to the client. The client sets a limit on the client database to avoid data outflow. The server-side database updates the data through the server. The server-side transmitting and receiving interface performs transmission. The user-side transmitting and receiving interface performs receiving and stores in the user-side database. The log file of the written file is stored in the server-side database. The server-side determines a management interface module. Are there any changes

Page 19

1244849 Simple illustration of security setting step 71 0 The server supports step 7 2 0 The server knows each user step 73 0 Each user receives the notification signal and requests to retrieve a new step 740 The server The server-side full-irJX. 5 is given to make the user-side funding step 7 50 0 the feeder-side judgment security setting step 760 the server-side holding step 770 through the server security settings to the step 780 the The client sends in the client to continuously monitor the server-side transmit and receive interface. The security settings need to be changed. The user-side sends and receives the interface and sends the server-side receive interface to the server. The security settings pass through the management interface module. Send a new user side, and the user side is stored in the warehouse. If there is a change in the management interface module, continue to monitor the sending and receiving interface. Directly send the new user. Sending and receiving interface. Sending and receiving interface to the new security. Settings database

Page 20

Claims (1)

1244849 6. Scope of patent application 1. A method for de-encrypting data in an enterprise, the method includes the following steps: a server-side database and a maintenance function are established through a server side; a user side selects according to different modes Connect with the server; the client obtains and confirms the latest data of the server; the client detects the command of an external storage device to store a file to the client; The user terminal determines whether the file is a secure file; and transmits a machine identification code and a user code of the user terminal and a header of the file to a server terminal through a user terminal transmitting and receiving interface. Sending and receiving interface and sending to the server-side database; the server-side judges whether a machine identification code of the user-side and the user code are correct; and stores a log file written into the file into the server-side database; The server end sends an appropriate decryption string to the server end transmission and reception interface according to the user code; the server end transmission and reception interface sends the decryption string to the user end transmission and reception interface and sends the use The client; the client decrypts the security file through the decryption string and restores it to a general file; and stores the general file in the client. Page 21, 1244849 VI. Application for Patent Scope 2. The method for de-encrypting data in an enterprise as described in item 1 of the scope of patent application, in which a server-side database and its maintenance functions will be established through the server-side The steps further include the following steps: Create a management interface module to access the server-side database to perform access functions, obtain enterprise employee and department group data through a dynamic directory module, and store the data in the Server-side database. 3. The method for de-encrypting data in an enterprise as described in item 1 of the scope of patent application, wherein the user terminal selects the steps for connecting with the server terminal according to different modes, and the different modes can be divided into an active Connection mode and a passive connection mode. 4. The method for de-encrypting data in an enterprise as described in item 3 of the scope of patent application, wherein the active connection mode includes the following steps: obtaining a feature of the client through the client database; The client-side transmitting and receiving interface sends a synchronization data command; the server-side receiving and receiving interface receives the synchronization data command and enters the server-side database; whether the server-side database is correct for the feature; Judging whether the user-side database needs to be synchronized through the server-side database; transmitting the updated data of the server-side database through the server-side transmitting and receiving interface; and Page 22, 1244849, the user database for applying for a patent scope 5 · If the method is applied for a proprietary method user name 6 · If the method is applied for a confidential method user name 7 · If the method is applied for a confidential method The end-to-end transmission and receiving interface performs a profit range, of which 0 profit range, of which 0 profit range, in which the use of the feature described in item 4 refers to-the use of the feature described in item 4 refers to a power Item 4 uses the active connection mode server terminal to retrieve the data path connection and the user terminal to set freely. 8 9 It is optional to apply the server-side communication setting as the special method. If the method of applying for confidentiality includes the following steps, the servo must be determined; the servo user needs to use the range of interest, in which the range of interest is changed. Among them, the device side judges the device side to change the passive connection as described in item 3. Mode failure and one directly described in item 8 should be used to receive and store the user through the server to deactivate the data in the enterprise plus the brain machine identification code and one to deactivate the data in the enterprise plus the brain machine identification code or Once the time to cancel the data addition in the enterprise can be removed from the combination of the data and the first network time period after the startup, it can be divided into one by sending changes to the server through the server. Cancel the change of setting notifications in the company's data, and check whether the management interface module has been changed. The security settings have been set through a server. All settings are sent to the receiving interface. Page 24 1244849 ------------ VI. Patent application scope Each user creeps through-use the 'knowledge signal' and send to the word service ^ send and receive interface to receive the communication settings; and extension reception The interface requests to retrieve the new security server through the management server to the user terminal, and the group returns the new security setting database. Coexisting a to the user-side data ίο · If the method described in item 8 of the scope of the patent application is used, it should be transparently used to release the enterprise_data plus Contains the following steps ... The server sends and changes settings on the server side, and the server judges a management σ setting; 1 Does the pull-up group change the safety setting A through the server-side transmission and reception interface to a user-side transmission and reception interface; $ The new security setting transmission and receiving interface stores the new security settings in the application η.ΆΤίΓ1 to remove the data in the enterprise plus j ζ ρ, Μ0, the burner, and the universal serial bus f 1 Bus (USB, USB) cable to universal serial bus cable, 'Paral lel port (Paral lel port), serial port cable = erial Port) and mobile information storage device 〇 ^ 12. The method for declassifying as described in item 3 of the scope of patent application, wherein the security setting includes the use of different names = force name 1244849 6. The scope of the patent application and the specific machine signal on the computer. 1 3. The method for de-encrypting data in an enterprise as described in item 1 of the scope of patent application, wherein the security file refers to an encrypted file and is presented in cipher text. 1 4. The method for de-encrypting data in an enterprise as described in item 1 of the scope of patent application, wherein the machine identification code refers to a specific machine serial number on a computer of a specific user terminal. 1 5. The method for de-encrypting data in an enterprise as described in item 1 of the scope of patent application, wherein the head (H eader) records an encryption method, an index of the decrypted private key on the server, and the security The date and time the file was generated and the user name that encrypted the general file into the secure file. 1 6. The method for de-encrypting data in an enterprise as described in item 1 of the scope of the patent application, wherein the record file of the written file includes at least the following fields: a time when the file was written, a computer Machine identification code, a user name, a written file name, a file thumbprint (MD5 data structure), and a random fragment content. 1 7. The method for de-encrypting data in an enterprise as described in item 1 of the scope of patent application, wherein the decryption string is decrypted in a relative manner according to different encryption methods of the security file. 1 8. The method for de-encrypting data in an enterprise as described in item 1 of the scope of patent application, wherein the encryption method can be an asymmetric encryption and a symmetric encryption. 19. The method for de-encrypting data in an enterprise as described in item 18 of the scope of patent application, wherein the asymmetric encryption can be obtained from a public key 1244849 6. Any one of the combination of patent application scope (PKI), RSA algorithm and elliptic curve password. 0. The method for de-encrypting data in an enterprise as described in item 18 of the patent application scope, wherein Symmetric encryption can be selected from any combination of Blow fish, Triple DES, DES, IDEA, RC5, CAST-128 and RC2. 2 1. The method for de-encrypting data in an enterprise as described in item 1 of the scope of the patent application, wherein the user end and the server end are connected through an enterprise intranet (I n t r a n e t). Page 26