TWI396425B - Combining time and place key encryption and decryption system and method - Google Patents

Combining time and place key encryption and decryption system and method Download PDF

Info

Publication number
TWI396425B
TWI396425B TW98132221A TW98132221A TWI396425B TW I396425 B TWI396425 B TW I396425B TW 98132221 A TW98132221 A TW 98132221A TW 98132221 A TW98132221 A TW 98132221A TW I396425 B TWI396425 B TW I396425B
Authority
TW
Taiwan
Prior art keywords
key
encryption
decryption
information
smart card
Prior art date
Application number
TW98132221A
Other languages
Chinese (zh)
Other versions
TW201112718A (en
Original Assignee
Chunghwa Telecom Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chunghwa Telecom Co Ltd filed Critical Chunghwa Telecom Co Ltd
Priority to TW98132221A priority Critical patent/TWI396425B/en
Publication of TW201112718A publication Critical patent/TW201112718A/en
Application granted granted Critical
Publication of TWI396425B publication Critical patent/TWI396425B/en

Links

Landscapes

  • Storage Device Security (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Description

結合時間及地點之金鑰加解密系統與方法Key encryption and decryption system and method combining time and place

本發明係屬於一種結合時間地點之金鑰加解密系統與方法,特別是指一種利用GPS提供的三維定位資訊與標準時間無法被假造與竄改記錄的特性,加上公開金鑰智慧卡進行高安全性、高效率加解密的系統,可確保檔案的機密性且在必要的時候可進行金鑰復原的作業,能夠解決私密金鑰遺失時重要檔案無法解密的問題以及避免檔案可攜所產生之安全上顧慮。The invention belongs to a key encryption and decryption system and method combining time and place, in particular to a feature that uses GPS to provide three-dimensional positioning information and standard time cannot be faked and falsified, and the public key smart card is used for high security. Sexual, high-efficiency encryption and decryption system ensures the confidentiality of files and can perform key recovery operations when necessary. It can solve the problem that important files cannot be decrypted when the private key is lost and the security of file portability can be avoided. Concerned.

在本案之前並無確切之技術可達到此種安全性加解密的效果,以往僅依靠使用者選定的密碼作為加解密金鑰,容易在字典攻擊法之下被破解,且當使用者忘記密碼之時,所有的密文檔就無法解開,形同檔案資料的損失。鑑於許多重要檔案都需要一個高安全度的保密措施,且避免檔案可攜所產生之安全上顧慮,當使用者的金鑰或密碼遺失之際,誠然需要一個更安全、更可信賴的機制來進行金鑰復原的工作,以保障重要檔案之機密性與可用性。Before the case, there is no exact technology to achieve the effect of such security encryption and decryption. In the past, only the password selected by the user was used as the encryption and decryption key, which is easy to be cracked under the dictionary attack method, and when the user forgets the password. At the time, all the confidential documents could not be unlocked, which was similar to the loss of the archives. Since many important files require a high-security security measure and avoid the security concerns of file portability, when the user's key or password is lost, a safer and more reliable mechanism is needed. Key recovery work to ensure the confidentiality and availability of important files.

由此可見,上述習用方式仍有諸多不足,實非一良善之設計,而亟待加以改良。本案發明人鑑於上述習用方式所衍生的各項缺點,乃亟思加以改良創新,並經多年苦心孤詣潛心研究後,終於成功研發完成本件結合時間地點之金鑰加解密系統與方法。It can be seen that there are still many shortcomings in the above-mentioned methods of use. It is not a good design and needs to be improved. In view of the shortcomings derived from the above-mentioned conventional methods, the inventor of the present invention has improved and innovated, and after years of painstaking research, he finally succeeded in researching and developing the key encryption and decryption system and method combining the time and place.

本發明之目的即在於提供一種結合時間地點之金鑰加解密系統與方法,係利用密碼學上高安全等級的演算法結合GPS提供的三維定位資訊與標準時間,讓機密的檔案無法經由其它地點或不允許的時間內傳送或解密,也因此無資訊安全上的疑慮。The object of the present invention is to provide a key encryption and decryption system and method combining time and place, which uses a cryptographically high security level algorithm combined with GPS provided three-dimensional positioning information and standard time, so that confidential files cannot be passed through other locations. It is not allowed to transmit or decrypt in time, and therefore there is no information security concern.

達成上述發明目的之結合時間及地點之金鑰加解密系統與方法,係利用公開金鑰智慧卡結合GPS提供的定位資訊與標準時間進行高安全性、高隱密性的加解密管理作業,可保證電腦檔案的機密性。當使用者的密碼或私密金鑰遺失之際,經過適當的認證授權及確認GPS三維定位坐標以後,根據GPS之標準時間若在允許時間內,金鑰復原伺服端可進行對稱金鑰的復原作業,能夠解決密碼或金鑰遺失時重要檔案無法解密的問題以及避免檔案可攜所產生之安全上顧慮。而本發明採用密碼學上高安全等級的演算法,例如RSA 1024位元以上的公開金鑰與AES 256位元以上的對稱金鑰,可有效的增進檔案之保密性。此外本發明利用GPS提供的三維定位資訊與標準時間,可以讓機密的檔案不致有被竄改、窺視及否認傳送等的疑慮。當使用者遺失其個人密碼或私密金鑰時,本發明可透過金鑰復原伺服端及GPS提供的定位資訊與標準時間,經由適當的認證授權及確認GPS三維定位坐標以後,在允許時間內,進行對稱金鑰的復原,不致於失去使用者的重要檔案。本發明限定在特定的時間內,加上其空間定位資訊,提供使用者金鑰復原的功能,讓機密的檔案無法經由其它地點或不允許的時間內傳送或解密,也因此無資訊安全上的疑慮。The key encryption and decryption system and method for achieving the combined purpose and time of the above invention aims to ensure high-security and high-confidence encryption and decryption management operations by using the public key smart card combined with the positioning information provided by the GPS and the standard time. The confidentiality of the file. When the user's password or private key is lost, after the appropriate authentication and authorization and confirmation of the GPS three-dimensional positioning coordinates, if the standard time of the GPS is within the allowable time, the key recovery server can perform the recovery of the symmetric key. It can solve the problem that important files cannot be decrypted when the password or key is lost, and the security concerns caused by avoiding file portability. The present invention adopts a cryptographically high security level algorithm, such as RSA 1024-bit public key and AES 256-bit symmetric key, which can effectively enhance the confidentiality of the file. In addition, the present invention utilizes the three-dimensional positioning information and standard time provided by the GPS, so that the confidential file can be free from suspicion, peek and denial of transmission. When the user loses his personal password or private key, the present invention can restore the positioning information and standard time provided by the server and the GPS through the key, and after the appropriate authentication and authorization and confirmation of the GPS three-dimensional positioning coordinates, within the allowable time, The restoration of the symmetric key does not result in the loss of the user's important files. The invention limits the user's key recovery information by adding its spatial positioning information in a specific time, so that the confidential file cannot be transmitted or decrypted through other locations or in an unallowable time, and thus there is no information security. doubt.

茲為便於貴審查委員能更進一步對本發明之構造、使用及其特徵有更深一層,明確、詳實的認識與瞭解,發明人舉出較佳之實施方式,配合圖式詳細說明如下:本發明係為一種結合時間及地點之金鑰加解密系統與方法其方法之可包含:一檔案加密流程,可利用公開金鑰智慧卡結合GPS提供的定位資訊與標準時間進行高安全性、高隱密性的加密管理作業;一檔案解密流程,可利用公開金鑰智慧卡結合GPS提供的定位資訊與標準時間進行高安全性、高隱密性的解密管理作業;一金鑰復原流程,可利用公開金鑰智慧卡結合GPS提供的定位資訊與標準時間進行金鑰的復原作業;一數位信封作業流程,可利用公開金鑰智慧卡結合GPS提供的定位資訊與標準時間進行數位信封式的保密措施,可防止被竄改、窺視或否認製作等問題。In order to facilitate the review committee to further understand the structure, use and characteristics of the present invention, the inventors have a better embodiment and a detailed description of the following: A key encryption and decryption system and method combining time and place may include: a file encryption process, which can utilize a public key smart card combined with GPS positioning information and standard time for high security and high privacy encryption management. Job; a file decryption process, which can use the public key smart card combined with GPS positioning information and standard time for high security and high privacy decryption management operations; a key recovery process, can use the public key smart card combined with GPS Provides location information and standard time for key recovery; a digital envelope workflow that uses a public key smart card combined with GPS-provided positioning information and standard time for digital envelope-based security measures to prevent tampering and peeping Or deny production and other issues.

請參閱圖一,係為本發明結合時間及地點之金鑰加解密系統之架構示意圖,係包含有;一加密端1與解密端2;一公開金鑰智慧卡3,儲存金鑰對且可執行其簽章、加解密運算;一智慧卡控制介面4,提供加密端藉以讀取公開金鑰智慧卡3之公開金鑰而解密端藉以使用公開金鑰智慧卡3之私密金鑰進行解密作業;一密碼模組5,連接加解密端,可將GPS定位座標與標準時間結合公開金鑰、對稱金鑰及憑證解析作業,藉以執行金鑰加解密、本文加解密、數位簽章驗證等各項密碼學運算;一金鑰復原作業之客戶端與伺服端模組6,可根據客戶端使用合法的公開金鑰智慧卡申請金鑰復原,進行金鑰復原作業;一數位信封編解碼驗證模組7,連接加解密端,藉以執行接收者公鑰存取、數位信封簽章編碼、數位信封解碼驗證、檔案解密等程序。Please refer to FIG. 1 , which is a schematic diagram of a key encryption and decryption system combined with time and place according to the present invention. The system includes: an encryption terminal 1 and a decryption terminal 2; a public key smart card 3, which stores a key pair and can be Execute its signature, encryption and decryption operation; a smart card control interface 4, providing the encryption terminal to read the public key of the public key smart card 3, and the decryption end uses the private key of the public key smart card 3 for decryption operation A cryptographic module 5, connected to the encryption and decryption end, can combine the GPS locating coordinates with the standard time to disclose the public key, the symmetric key and the voucher parsing operation, thereby performing the key encryption and decryption, the text encryption and decryption, the digital signature verification, and the like. Key cryptography operation; client and server module 6 of a key recovery operation can perform key recovery operation according to the client using a legal public key smart card to perform key recovery; a digital envelope codec verification mode Group 7, connected to the encryption and decryption end, to perform the receiver public key access, digital envelope signature encoding, digital envelope decoding verification, file decryption and the like.

本發明利用密碼學原理實施結合時間地點之金鑰加解密系統,其具有之特徵可包含:The invention utilizes the principle of cryptography to implement a key encryption and decryption system combined with time and place, which has the following features:

a.使用RSA智慧卡作為私密金鑰載具、執行RSA運算;a. Use the RSA smart card as a private key vehicle to perform RSA operations;

b.採AES演算法進行高安全性、高效率的加解密運算;b. Adopt AES algorithm for high security and high efficiency encryption and decryption operations;

c.客戶端可利用合法的RSA智慧卡申請金鑰復原,金鑰復原伺服端經過適當的授權認證,以及核對資訊內之地點是否符合原先產製密文檔案時GPS所提供的三維定位座標,且此申請資訊所含之時間是否為允許時間後,進行金鑰復原的作業;c. The client can use the legal RSA smart card to apply for key recovery, the key recovery server is properly authorized, and the location in the information is consistent with the three-dimensional positioning coordinates provided by the GPS when the original ciphertext file is produced. And if the time included in the application information is the allowable time, the key recovery operation is performed;

d.取用更嚴謹的金鑰加解密方式,結合GPS所提供的定位座標與標準時間,非原先產製密文檔案時之地點與允許時間均無法通過金鑰復原伺服端的授權認證;d. Use a more rigorous key encryption and decryption method, combined with the positioning coordinates and standard time provided by GPS, the location and allowable time of the non-original ciphertext file cannot be verified by the key to restore the authorization of the server;

e.支援數位信封式的簽章加密,以保護傳送安全性。e. Support digital envelope-style signature encryption to protect transmission security.

請參閱圖二,為本發明應用於檔案保密系統之加密作業流程圖,其步驟包含:Please refer to FIG. 2 , which is a flowchart of an encryption operation applied to a file security system according to the present invention, and the steps thereof include:

2a.讀取明文檔,並讀取及驗證金鑰復原伺服端憑證;2a. Read the document and read and verify the key recovery server certificate;

2b.讀取RSA智慧卡中之公開金鑰及使用者之公鑰,如讀取錯誤則終止執行;2b. Read the public key of the RSA smart card and the public key of the user, and terminate the execution if the reading is incorrect;

2c.以AES演算法之隨機金鑰加密明文檔,並以金鑰復原伺服器之公鑰及GPS三維定位座標與標準時間加密封裝金鑰復原資訊,再以使用者之公鑰加密金鑰資訊;2c. Encrypt the document with the random key of the AES algorithm, and restore the public key of the server and the GPS three-dimensional positioning coordinates and the standard time encryption package key recovery information, and then encrypt the key information with the user's public key. ;

2d.加密完成後寫入密文檔案。2d. After the encryption is completed, the ciphertext file is written.

所完成之密文檔案具有之特徵包含:The completed ciphertext file has the following features:

a.具AES演算法之密文;a. ciphertext with AES algorithm;

b.以RSA金鑰加密金鑰(以使用者之公鑰進行加密);b. Encrypt the key with the RSA key (encrypted by the user's public key);

c.為金鑰復原資訊密文(以金鑰復原伺服器之公鑰及GPS三維定位座標與標準時間進行加密)。c. Restore the information ciphertext for the key (to recover the public key of the server and the GPS three-dimensional positioning coordinates and standard time encryption).

其中第c項的金鑰復原資訊密文格式包含:The key recovery ciphertext format of the item c includes:

a.AES隨機金鑰;a. AES random key;

b.密文屬性資訊;b. ciphertext attribute information;

c.使用者ID資訊;c. User ID information;

d.GPS三維定位座標與標準時間。d. GPS three-dimensional positioning coordinates and standard time.

請參閱圖三所示,為本發明應用於檔案保密系統之解密作業流程圖,其步驟包含:Please refer to FIG. 3, which is a flowchart of a decryption operation applied to a file security system according to the present invention, and the steps thereof include:

3a.解密端抓取目前GPS三維定位座標與當地時間,將其與金鑰復原資訊格式的之座標核對無誤後,且當地時間為允許之時間範圍內,否則終止執行;3a. The decryption end captures the current GPS three-dimensional positioning coordinates and the local time, and checks it with the coordinate of the key recovery information format, and the local time is within the allowed time range, otherwise the execution is terminated;

3b.讀取密文檔的金鑰加密金鑰資訊,輸入PIN碼以獲得RSA智慧卡之私密金鑰權限;3b. Read the key encryption key information of the secret document, and input the PIN code to obtain the private key authority of the RSA smart card;

3c.呼叫RSA智慧卡功能,以使用者的私密金鑰進行解密取出隨機金鑰,以其解開AES之密文;3c. Call the RSA smart card function, decrypt the user's private key and retrieve the random key to unlock the AES ciphertext;

3d.解密完成後寫入明文檔案。3d. Write the plaintext file after the decryption is completed.

請參閱圖四所示,為本發明之金鑰復原作業流程圖,其步驟包含:Please refer to FIG. 4, which is a flowchart of the key recovery operation of the present invention, and the steps thereof include:

4a.讀取密文檔之金鑰復原資訊;4a. Reading the key recovery information of the secret document;

4b.輸入PIN碼以獲得RSA智慧卡之私密金鑰權限;並讀取RSA智慧卡中之使用者及讀取GPS三維定位坐標與標準時間;4b. Enter the PIN code to obtain the privacy key of the RSA smart card; and read the user in the RSA smart card and read the GPS three-dimensional positioning coordinates and standard time;

4c.透過金鑰復原之客戶端模組進行申請資訊的封裝,並呼叫RSA智慧卡功能加以簽章,再上傳至金鑰復原伺服端;所述之申請資訊的格式可包含:4c. Encapsulate the application information through the key module of the key recovery, and call the RSA smart card function to sign and upload to the key recovery server; the format of the application information may include:

(1)金鑰復原資訊密文;(1) Key recovery information ciphertext;

(2)申請者之公開金鑰;(2) the applicant's public key;

(3)使用者ID資訊;(3) User ID information;

(4)GPS三維定位坐標與標準時間;及(4) GPS three-dimensional positioning coordinates and standard time; and

(5)數位簽章。(5) Digital signature.

4d.金鑰復原伺服端先解析此一申請資訊,並根據使用者1D資訊找出相對的憑證,以驗證簽章之正確性;4d. The key recovery server first parses the application information, and finds the relative certificate according to the user 1D information to verify the correctness of the signature;

4e.簽章驗證正確後,從中取出金鑰復原資訊並呼叫硬體高速保密器,使用其私密金鑰解開每一份金鑰復原資訊,再比對申請資訊中的使用者1D與復原資訊中的ID是否一致,再驗證申請資訊中的GPS三維定位坐標是否與金鑰復原資訊格式的地點吻合,且標準時間為允許之時間範圍內,以確認合法之申請;4e. After the signature verification is correct, take out the key recovery information and call the hardware high-speed security device, use its private key to unlock each key recovery information, and then compare the user 1D and recovery information in the application information. Whether the IDs in the IDs are consistent, and then verify whether the GPS three-dimensional positioning coordinates in the application information match the location of the key recovery information format, and the standard time is within the allowed time range to confirm the legal application;

4f.確認為申請合法後,利用申請資訊中的使用者公開金鑰加密製作成為新的金鑰加密金鑰資訊,然後封裝回傳給客戶端;4f. After confirming that the application is legal, use the user public key encryption in the application information to create a new key encryption key information, and then package it back to the client;

4g.客戶端解析取出新的金鑰加密金鑰資訊後,依序對原先無法解密的檔案進行金鑰加密金鑰部分的更新,如此即完成金鑰復原的作業。之後使用者逕行依圖三所示的解密流程從事檔案解密作業。4g. After the client parses the new key encryption key information, it updates the key encryption key portion of the file that could not be decrypted in order, thus completing the key recovery operation. After that, the user performs the file decryption operation according to the decryption process shown in FIG.

請參閱圖五所示,為本發明之數位信封之作業流程圖,其步驟與圖二、三所述之加解密流程相似,包含:Please refer to FIG. 5 , which is a flowchart of the operation of the digital envelope of the present invention, and the steps thereof are similar to the encryption and decryption processes described in FIG. 2 and FIG. 3 , and include:

5a.讀取明文檔,並讀取及驗證金鑰復原伺服器憑證;5a. Read the document and read and verify the key recovery server certificate;

5b.選取接收方的憑證,並讀取公開金鑰;5b. Select the recipient's credentials and read the public key;

5c.依使用者選項加簽章,並以AES演算法之隨機金鑰加密明文檔及加密封裝金鑰復原資訊和金鑰加密金鑰資訊;5c. Add the signature according to the user option, and encrypt the document and the encryption package key recovery information and the key encryption key information by using the random key of the AES algorithm;

5d.加密完成後,寫入密文檔案,並將其傳送給接收方;5d. After the encryption is completed, the ciphertext file is written and transmitted to the receiver;

5e.接收方以圖三的解密流程進行解密;5e. The receiver decrypts in the decryption process of Figure 3;

5f.解密成功後,如有簽章,則驗證簽章的正確性;5f. After successful decryption, if there is a signature, verify the correctness of the signature;

5g.簽章驗證正確後即結束,否則終止執行。5g. The signature verification ends correctly, otherwise the execution is terminated.

本發明所提供一種結合時間及地點之金鑰加解密系統與方法,與其他習用技術相互比較時,更具有下列之優點:The invention provides a key encryption and decryption system and method combining time and place, and has the following advantages when compared with other conventional technologies:

a.採用公開金鑰智慧卡以及密碼學上高安全等級的演算法,例如RSA 1024位元以上的公開金鑰與AES 256位元以上的對稱金鑰,可大幅提高檔案之保密性。a. Using public key smart cards and cryptographically high security level algorithms, such as RSA 1024-bit public key and AES 256-bit symmetric key, can greatly improve the confidentiality of the file.

b.當使用者遺失其個人私密金鑰時,本發明可由金鑰復原伺服端經過適當的授權認證及確認GPS三維定位坐標以後,在允許時間內,進行對稱金鑰的復原,不致於失去使用者之重要檔案。b. When the user loses his personal private key, the present invention can be restored by the key recovery server after the appropriate authorization authentication and confirmation of the GPS three-dimensional positioning coordinates, and the symmetric key is restored within the allowable time, so as not to be lost. Important file of the person.

c.本發明支援數位信封式的保密措施,可防止被竄改、窺視或否認製作等問題。c. The present invention supports digital envelope-type security measures to prevent tampering, peek or denial of production.

d.本發明限定在特定的時間內,加上其空間定位資訊,提供使用者金鑰復原的功能,讓機密的檔案無法經由其它地點或不允許的時間內傳送或解密,也因此無資訊安全上的疑慮。d. The invention is limited to a specific time, plus its spatial positioning information, to provide a user key recovery function, so that confidential files cannot be transmitted or decrypted through other locations or in an unallowed time, and thus there is no information security. Concerns.

上列詳細說明係針對本發明之一可行實施例之具體說明,惟該實施例並非用以限制本發明之專利範圍,凡未脫離本發明技藝精神所為之等效實施或變更,均應包含於本案之專利範圍中。The detailed description of the preferred embodiments of the present invention is intended to be limited to the scope of the invention, and is not intended to limit the scope of the invention. The patent scope of this case.

綜上所述,本案不但在技術思想上確屬創新,並能較習知方法增進上述多項功效,應已充分符合新穎性及進步性之法定發明專利要件,爰依法提出申請,懇請 貴局核准本件發明專利申請案,以勵發明,至感德便。To sum up, this case is not only innovative in terms of technical thinking, but also able to enhance the above-mentioned multiple functions compared with the conventional methods. It should fully comply with the statutory invention patent requirements of novelty and progressiveness, and apply for it according to law. This invention patent application, in order to invent invention, to the sense of virtue.

1...加密端1. . . Encrypted end

2...加密端2. . . Encrypted end

3...智慧卡3. . . Smart card

4...智慈卡控制介面4. . . Zhici card control interface

5...密碼模組5. . . Password module

6...金鑰復原作業之客戶端與伺服端模組6. . . Client and server module for key recovery operation

7...數位信封編解碼驗證模組7. . . Digital Envelope Codec Verification Module

請參閱以下有關本發明一較佳實施例之詳細說明及其附圖,將可進一步瞭解本發明之技術內容及其目的功效;有關該實施例之附圖為:The following is a detailed description of a preferred embodiment of the present invention and its accompanying drawings, and the technical contents of the present invention and its functions will be further understood; the drawings relating to the embodiment are:

圖一為本發明結合時間及地點之金鑰加解密系統之架構示意圖。FIG. 1 is a schematic structural diagram of a key encryption and decryption system combining time and place according to the present invention.

圖二為本發明應用於檔案保密系統之加密作業流程圖。Figure 2 is a flow chart of the encryption operation applied to the file security system of the present invention.

圖三為本發明應用於檔案保密系統之解密作業流程圖。Figure 3 is a flow chart of the decryption operation applied to the file security system of the present invention.

圖四為本發明之金鑰復原作業流程圖。Figure 4 is a flow chart of the key recovery operation of the present invention.

圖五為本發明之數位信封作業流程圖。Figure 5 is a flow chart of the digital envelope operation of the present invention.

1...加密端1. . . Encrypted end

2...加密端2. . . Encrypted end

3...智慧卡3. . . Smart card

4...智慈卡控制介面4. . . Zhici card control interface

5...密碼模組5. . . Password module

6...金鑰復原作業之客戶端與伺服端模組6. . . Client and server module for key recovery operation

7...數位信封編解碼驗證模組7. . . Digital Envelope Codec Verification Module

Claims (9)

一種結合時間及地點之金鑰加解密系統,係利用公開金鑰智慧卡與GPS三維定位資訊及標準時間,進行加解密管理作業,以保障檔案的機密性與可用性,主要包括:一加密端;一解密端;一公開金鑰智慧卡,儲存金鑰對且可執行其簽章、加解密運算;一公開金鑰智慧卡之控制介面,提供加密端藉以讀取公開金鑰智慧卡之公開金鑰而解密端藉以使用公開金鑰智慧卡之私密金鑰進行解密作業;一密碼模組,連接加解密端,可將GPS定位座標與標準時間結合公開金鑰、對稱金鑰及憑證解析作業,藉以執行金鑰加解密、本文加解密、數位簽章驗證等各項密碼學運算;一金鑰復原作業之客戶端與伺服端模組,可根據客戶端使用合法的公開金鑰智慧卡申請金鑰復原,進行金鑰復原作業;一數位信封編解碼作業模組,連接加解密端,藉以執行接收者公鑰存取、數位信封簽章編碼、數位信封解碼驗證、檔案解密等程序。A key encryption and decryption system combining time and place uses the public key smart card and GPS three-dimensional positioning information and standard time to perform encryption and decryption management operations to ensure the confidentiality and usability of the file, mainly including: an encryption terminal; a decryption end; a public key smart card, storing the key pair and performing its signature, encryption and decryption operations; a public key smart card control interface, providing an encryption terminal to read the public key of the public key smart card The decryption end uses the private key of the public key smart card to perform the decryption operation; a password module connects the encryption and decryption end, and combines the GPS positioning coordinate with the standard time to disclose the public key, the symmetric key and the credential analysis operation. By performing key cryptography operations such as key encryption and decryption, text encryption and decryption, digital signature verification, etc.; client and server module of a key recovery operation can apply for a legal public key smart card according to the client. Key recovery, key recovery operation; a digital envelope encoding and decoding operation module, connected to the encryption and decryption end, to perform receiver public key access, digital letter Signature encoding, decoding digital envelope verification, decryption program files. 一種結合時間及地點之金鑰加解密方法,其包含:一檔案加密流程,可利用公開金鑰智慧卡結合GPS提供的定位資訊與標準時間進行高安全性、高隱密性的加密管理作業;一檔案解密流程,可利用公開金鑰智慧卡結合GPS提供的定位資訊與標準時間進行高安全性、高隱密性的解密管理作業;一金鑰復原流程,可利用公開金鑰智慧卡結合GPS提供的定位資訊與標準時間進行金鑰的復原作業;及一數位信封作業流程,可利用公開金鑰智慧卡結合GPS提供的定位資訊與標準時間進行數位信封式的保密措施,可防止被竄改、窺視或否認製作等問題。A key encryption and decryption method combining time and place, comprising: a file encryption process, which can use a public key smart card combined with GPS positioning information and standard time for high security and high privacy encryption management operations; The decryption process can use the public key smart card to combine the positioning information provided by GPS with the standard time for high security and high secret decryption management operations; a key recovery process can use the public key smart card combined with the positioning information provided by GPS Key recovery operation with standard time; and a digital envelope operation process, which can prevent tampering, peeping or denying production by using the public key smart card combined with GPS positioning information and standard time for digital envelope security measures. And other issues. 如申請專利範圍第2項所述之結合時間及地點之金鑰加解密方法,其中該檔案加密流程之步驟可包含:a.讀取明文檔,並讀取及驗證金鑰復原伺服端憑證;b.讀取RSA智慧卡中之公開金鑰及使用者之公鑰,如讀取錯誤則終止執行;c.以AES演算法之隨機金鑰加密明文檔,並以金鑰復原伺服器之公鑰及GPS三維定位座標與標準時間加密封裝金鑰復原資訊,再以使用者之公鑰加密金鑰資訊;d.加密完成後寫入密文檔案。The key encryption and decryption method of combining time and place as described in claim 2, wherein the step of the file encryption process may include: a. reading the document, and reading and verifying the key recovery server certificate; b. Read the public key of the RSA smart card and the public key of the user, and terminate the execution if the reading error occurs; c. encrypt the document with the random key of the AES algorithm, and restore the server with the key Key and GPS three-dimensional positioning coordinates and standard time encryption package key recovery information, and then encrypt the key information with the user's public key; d. After the encryption is completed, the ciphertext file is written. 如申請專利範圍第3項所述之結合時間及地點之金鑰加解密方法,其中該密文檔案可包含以下之特徵:a.具AES演算法之密文;b.以RSA金鑰加密金鑰,即以使用者之公鑰進行加密;c.為金鑰復原資訊密文,即以金鑰復原伺服器之公鑰及GPS三維定位座標與標準時間進行加密。The method for encrypting and decrypting a combination time and place as described in claim 3, wherein the ciphertext file may include the following features: a. ciphertext with AES algorithm; b. cryptocard with RSA key The key is encrypted by the user's public key; c. The key is used to restore the information ciphertext, that is, the public key of the server is restored by the key and the GPS three-dimensional positioning coordinates are encrypted with the standard time. 如申請專利範圍第4項所述之結合時間及地點之金鑰加解密方法,其中該金鑰復原資訊密文格式可包含:a.AES隨機金鑰;b.密文屬性資訊;c.使用者ID資訊;d.GPS三維定位座標與標準時間。The key encryption and decryption method for combining time and place as described in claim 4, wherein the key recovery information ciphertext format may include: a. AES random key; b. ciphertext attribute information; c. ID information; d. GPS three-dimensional positioning coordinates and standard time. 如申請專利範圍第2項所述之結合時間及地點之金鑰加解密方法,其中該檔案解密流程之步驟可包含:a.解密端抓取目前GPS三維定位座標與當地時間,將其與金鑰復原資訊格式的之座標核對無誤後,且當地時間為允許之時間範圍內,否則終止執行;b.讀取密文檔的金鑰加密金鑰資訊;c.輸入PIN碼以獲得RSA智慧卡之私密金鑰權限;d.呼叫RSA智慧卡功能,以使用者的私密金鑰進行解密取出隨機金鑰,以其解開AES之密文;e.解密完成後寫入明文檔案。The method for encrypting and decrypting the time and place of the combination as described in claim 2, wherein the step of the file decryption process may include: a. the decryption end captures the current GPS three-dimensional positioning coordinates and local time, and compares it with gold. After the coordinates of the key recovery information format are verified, and the local time is within the allowed time range, otherwise the execution is terminated; b. The key encryption key information of the confidential document is read; c. The PIN code is input to obtain the RSA smart card. Private key authority; d. Call RSA smart card function, decrypt the user's private key to retrieve the random key, and unlock the AES ciphertext; e. Write the plaintext file after decryption is completed. 如申請專利範圍第2項所述之結合時間及地點之金鑰加解密方法,其中該金鑰復原流程之步驟可包含:a.讀取密文檔之金鑰復原資訊;b.輸入PIN碼以獲得RSA智慧卡之私密金鑰權限;並讀取RSA智慧卡中之使用者及讀取GPS三維定位坐標與標準時間;c.透過金鑰復原之客戶端模組進行申請資訊的封裝,並呼叫RSA智慧卡功能加以簽章,再上傳至金鑰復原伺服端;d.金鑰復原伺服端根據使用者1D資訊找出相對的憑證,以驗證簽章之正確性;e.簽章驗證正確後,從中取出金鑰復原資訊並呼叫硬體高速保密器,使用其私密金鑰解開每一份金鑰復原資訊,再比對申請資訊中的使用者1D與復原資訊中的ID是否一致,再驗證申請資訊中的GPS三維定位坐標是否與金鑰復原資訊格式的地點吻合,且標準時間為允許之時間範圍內,以確認合法之申請;f.確認為申請合法後,利用申請資訊中的使用者公開金鑰加密製作成為新的金鑰加密金鑰資訊,然後封裝回傳給客戶端;g.客戶端解析取出新的金鑰加密金鑰資訊後,依序對原先無法解密的檔案進行金鑰加密金鑰部分的更新,並依解密流程從事檔案解密作業。The key encryption and decryption method of combining time and place as described in claim 2, wherein the step of the key restoration process may include: a. reading key recovery information of the secret document; b. inputting the PIN code to Obtain the privacy key of the RSA smart card; read the user in the RSA smart card and read the GPS three-dimensional positioning coordinates and standard time; c. encapsulate the application information through the key module of the key recovery, and call The RSA smart card function is signed and uploaded to the key recovery server; d. The key recovery server finds the relative certificate according to the user 1D information to verify the correctness of the signature; e. After the signature verification is correct From the key recovery information and call the hardware high-speed security device, use its private key to unlock each key recovery information, and then compare the ID of the user 1D and the recovery information in the application information, and then Verify that the GPS three-dimensional positioning coordinates in the application information match the location of the key recovery information format, and the standard time is within the allowed time range to confirm the legal application; f. After confirming that the application is legal, use the application The user's public key encryption in the news is made into a new key encryption key information, and then encapsulated and transmitted back to the client; g. After the client parses the new key encryption key information, the original can not be decrypted. The file is updated with the key of the key encryption key, and the file decryption operation is performed according to the decryption process. 如申請專利範圍第7項所述之結合時間及地點之金鑰加解密方法,其中該金鑰復原申請資訊的格式可包含:a.金鑰復原資訊密文;b.申請者之公開金鑰;c.使用者ID資訊;d.GPS三維定位坐標與標準時間;及e.數位簽章。The key encryption and decryption method of combining time and place as described in claim 7 of the patent application scope, wherein the format of the key restoration application information may include: a. key recovery information ciphertext; b. applicant public key ; c. user ID information; d. GPS three-dimensional positioning coordinates and standard time; and e. digital signature. 如申請專利範圍第2項所述之結合時間及地點之金鑰加解密方法,其中該數位信封作業流程之步驟可包含:a.讀取明文檔,並讀取及驗證金鑰復原伺服器憑證;b.選取接收方的憑證,並讀取公開金鑰;c.依使用者選項加簽章,並以AES演算法之隨機金鑰加密明文檔及加密封裝金鑰復原資訊和金鑰加密金鑰資訊;d.加密完成後,寫入密文檔案,並將其傳送給接收方;e.接收方以解密流程進行解密;f.解密成功後,如有簽章,則驗證簽章的正確性;g.簽章驗證正確後即結束,否則終止執行。The key encryption and decryption method of combining time and place as described in claim 2, wherein the step of the digital envelope operation process may include: a. reading the document and reading and verifying the key recovery server certificate ;b. Select the recipient's credentials and read the public key; c. Add the signature according to the user option, and encrypt the document and the encryption package key recovery information and key encryption with the random key of the AES algorithm. Key information; d. After the encryption is completed, the ciphertext file is written and transmitted to the receiver; e. The receiver decrypts in the decryption process; f. After the decryption is successful, if the signature is signed, the signature is verified correctly. Sex; g. When the signature verification is correct, it ends, otherwise the execution is terminated.
TW98132221A 2009-09-24 2009-09-24 Combining time and place key encryption and decryption system and method TWI396425B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW98132221A TWI396425B (en) 2009-09-24 2009-09-24 Combining time and place key encryption and decryption system and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW98132221A TWI396425B (en) 2009-09-24 2009-09-24 Combining time and place key encryption and decryption system and method

Publications (2)

Publication Number Publication Date
TW201112718A TW201112718A (en) 2011-04-01
TWI396425B true TWI396425B (en) 2013-05-11

Family

ID=44909345

Family Applications (1)

Application Number Title Priority Date Filing Date
TW98132221A TWI396425B (en) 2009-09-24 2009-09-24 Combining time and place key encryption and decryption system and method

Country Status (1)

Country Link
TW (1) TWI396425B (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW487851B (en) * 2000-08-08 2002-05-21 Chieh Chen Method and system for unloyal credit system actively presenting desired prizes by donee in internet with encryption assistance
TWI280025B (en) * 2005-01-24 2007-04-21 Chunghwa Telecom Co Ltd File encryption system having key recovery function and its method thereof
US7532723B2 (en) * 2003-11-24 2009-05-12 Interdigital Technology Corporation Tokens/keys for wireless communications

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW487851B (en) * 2000-08-08 2002-05-21 Chieh Chen Method and system for unloyal credit system actively presenting desired prizes by donee in internet with encryption assistance
US7532723B2 (en) * 2003-11-24 2009-05-12 Interdigital Technology Corporation Tokens/keys for wireless communications
TWI280025B (en) * 2005-01-24 2007-04-21 Chunghwa Telecom Co Ltd File encryption system having key recovery function and its method thereof

Also Published As

Publication number Publication date
TW201112718A (en) 2011-04-01

Similar Documents

Publication Publication Date Title
US10769628B2 (en) Transaction messaging
CN100490372C (en) A method for backup and recovery of encryption key
CN102427449B (en) Trusted mobile storage method based on security chips
EP3386143B1 (en) Method and system for generating a private key for encrypted data transfer between an electronic identity document and a terminal
US20060005028A1 (en) Methods and device for digitally signing data
US8806206B2 (en) Cooperation method and system of hardware secure units, and application device
JP2007013433A (en) Method for transmitting/receiving encrypted data and information processing system
CN101483654A (en) Method and system for implementing authentication and data safe transmission
CN106953732B (en) Key management system and method for chip card
US20120191977A1 (en) Secure transaction facilitator
CN107920052B (en) Encryption method and intelligent device
CN104322003A (en) Cryptographic authentication and identification method using real-time encryption
CN101335754B (en) Method for information verification using remote server
CN110233729B (en) Encrypted solid-state disk key management method based on PUF
CN113472793A (en) Personal data protection system based on hardware password equipment
TWI476629B (en) Data security and security systems and methods
CN103108245B (en) A kind of intelligent television pays cipher key system and method for payment based on intelligent television
TW201223225A (en) Method for personal identity authentication utilizing a personal cryptographic device
JP2006221566A (en) Caring service support system using network
CN106789977A (en) A kind of method and system that handset token is realized based on Secret splitting
CN101355424B (en) Method for safely migrating handhold equipment data
CN105847261B (en) A kind of electronic signature method based on the wireless encryption and decryption of bluetooth
JP2008234143A (en) Subject limited mail opening system using biometrics, method therefor, and program therefor
TWI280025B (en) File encryption system having key recovery function and its method thereof
CN107276961A (en) A kind of method and device based on cipher algorithm encryption and ciphertext data

Legal Events

Date Code Title Description
MM4A Annulment or lapse of patent due to non-payment of fees