WO2016165312A1 - Encryption method, decryption method and device therefor - Google Patents

Encryption method, decryption method and device therefor Download PDF

Info

Publication number
WO2016165312A1
WO2016165312A1 PCT/CN2015/093432 CN2015093432W WO2016165312A1 WO 2016165312 A1 WO2016165312 A1 WO 2016165312A1 CN 2015093432 W CN2015093432 W CN 2015093432W WO 2016165312 A1 WO2016165312 A1 WO 2016165312A1
Authority
WO
WIPO (PCT)
Prior art keywords
message
current
decryption
automatically
determining
Prior art date
Application number
PCT/CN2015/093432
Other languages
French (fr)
Chinese (zh)
Inventor
张冬明
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2016165312A1 publication Critical patent/WO2016165312A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • H04W12/033Protecting confidentiality, e.g. by encryption of the user plane, e.g. user's traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The present invention provides an encryption method, a decryption method and device therefor. The encryption method comprises: acquiring encryption policy parameters, wherein the encryption policy parameters comprise at least one of the following: a time period range, a position range and an access network; acquiring current environmental parameters, wherein the environmental parameters comprise at least one of the following: a current time, a current position and a current access network; judging, according to the encryption policy parameters and the environmental parameters, whether to automatically encrypt a plain message; and if so, automatically encrypting the plain message. The present invention solves the problem of low usability of an encryption or decryption way in the related art, thereby improving the usability of encryption or decryption.

Description

加密方法、解密方法及其装置Encryption method, decryption method and device thereof 技术领域Technical field
本发明涉及通信领域,具体而言,涉及一种加密方法、解密方法及其装置。The present invention relates to the field of communications, and in particular to an encryption method, a decryption method, and an apparatus therefor.
背景技术Background technique
当前移动互联网飞速发展,智能手机已经普及,基于智能手机的社交软件(例如,即时通信软件)极大地改变了人们的通信和沟通方式。在通信过程中,往往需要发送一些敏感的私人信息,例如:银行卡号、密码等,或者仅能让双方知道的重要商业机密等信息。如果在发送过程中能够对这些信息进行加密发送,将为用户提供更加放心的安全保障。With the rapid development of mobile Internet and the popularity of smartphones, smartphone-based social software (such as instant messaging software) has dramatically changed the way people communicate and communicate. In the process of communication, it is often necessary to send some sensitive private information, such as bank card number, password, etc., or information such as important business secrets that only the two parties can know. If the information can be encrypted and sent during the sending process, the user will be provided with more security.
在相关技术中,对重要信息数据进行加密(例如:压缩成加密的压缩包文件,或者,加密的文本文档等)可以采用手工加密之后,再发送;对方接收加密的信息数据后再手工解密的方式。但采用该方式对即时通信类软件收发的普通消息进行加密的方式,将面临收发消息时进行频繁的加解密操作的问题。因此,如何在保证安全性的同时尽量提高消息发送的易用性,或者在具有很好的易用性的同时能提供一定的安全性,相关技术中并未给出任何指导。In the related art, the important information data is encrypted (for example, compressed into an encrypted compressed package file, or an encrypted text file, etc.) may be manually encrypted and then transmitted; the other party receives the encrypted information data and then manually decrypts it. the way. However, the method of encrypting the ordinary message sent and received by the instant communication software in this way will face the problem of frequent encryption and decryption operations when transmitting and receiving messages. Therefore, how to improve the ease of use of the message while ensuring security, or provide a certain degree of security while having good usability, and no guidance is given in the related art.
针对相关技术中的加密或解密方式易用性不强的问题,目前尚未提出有效的解决方案。In view of the problem that the ease of use of the encryption or decryption method in the related art is not strong, an effective solution has not been proposed yet.
发明内容Summary of the invention
为了解决上述技术问题,本发明提供了一种加密方法、解密方法及其装置。In order to solve the above technical problems, the present invention provides an encryption method, a decryption method, and an apparatus therefor.
根据本发明实施例的一个方面,提供了一种加密方法,包括:获取加密策略参数,其中,所述加密策略参数包括以下至少之一:时段范围、位置范围、接入网络;获取当前的环境参数,其中,所述环境参数包括以下至少之一:当前时间、当前位置、当前接入的网络;根据所述加密策略参数和所述环境参数,判断是否对明文消息进行自动加密;在判断结果为是的情况下,自动加密所述明文消息。According to an aspect of the embodiments of the present invention, an encryption method is provided, including: acquiring an encryption policy parameter, where the encryption policy parameter includes at least one of: a time range, a location range, an access network; and obtaining a current environment. a parameter, wherein the environment parameter includes at least one of: a current time, a current location, and a currently accessed network; determining, according to the encryption policy parameter and the environment parameter, whether to automatically encrypt the plaintext message; In the case of YES, the plaintext message is automatically encrypted.
可选地,根据所述加密策略参数和所述环境参数,判断是否对明文消息进行自动加密包括:判断所述当前时间是否在所述时段范围之内,和/或,判断所述当前位置是否在所述位置范围之内,和/或,判断所述接入网络是否包括所述当前接入的网络;在判断结果均为是的情况下,确定对所述明文消息进行自动加密。Optionally, determining whether to automatically encrypt the plaintext message according to the encryption policy parameter and the environment parameter includes: determining whether the current time is within the time range, and/or determining whether the current location is Within the location range, and/or determining whether the access network includes the currently accessed network; if the determination result is yes, determining to automatically encrypt the plaintext message.
可选地,根据所述加密策略参数和所述环境参数,判断是否对明文消息进行自动加密包括:根据所述加密策略参数和所述环境参数,判断当前所处的环境是否需要提高安全性;在判断结果为需要提高安全性的情况下,确定对所述明文消息进行自动加密。Optionally, determining whether to automatically encrypt the plaintext message according to the encryption policy parameter and the environment parameter includes: determining, according to the encryption policy parameter and the environment parameter, whether the current environment needs to improve security; When the result of the judgment is that the security needs to be improved, it is determined that the plaintext message is automatically encrypted.
可选地,在判断是否对明文消息进行自动加密之前,所述方法还包括:判断当前消息是否为未加密的所述明文消息;在判断结果为是的情况下,继续根据所述加密策略参数和所述 环境参数判断是否对所述明文消息进行自动加密;在判断结果为否的情况下,直接确定不对所述当前消息进行自动加密。Optionally, before determining whether to automatically encrypt the plaintext message, the method further includes: determining whether the current message is an unencrypted plaintext message; if the determination result is yes, continuing to use the encryption policy parameter And said The environment parameter determines whether the plaintext message is automatically encrypted. If the judgment result is negative, it is directly determined that the current message is not automatically encrypted.
可选地,在判断当前消息是否为未加密的所述明文消息之前,所述方法还包括:接收对所述当前消息进行手动加密的指令;对所述当前消息进行加密。Optionally, before determining whether the current message is the unencrypted plaintext message, the method further includes: receiving an instruction for manually encrypting the current message; and encrypting the current message.
根据本发明实施例的另一个方面,还提供了一种解密方法,包括:获取解密策略参数,其中,所述解密策略参数包括以下至少之一:时段范围、位置范围、接入网络;获取当前的环境参数,其中,所述环境参数包括以下至少之一:当前时间、当前位置、当前接入的网络;根据所述解密策略参数和所述环境参数,判断是否对密文消息进行自动解密;在判断结果为是的情况下,自动解密所述密文消息。According to another aspect of the embodiments of the present invention, a decryption method is provided, including: acquiring a decryption policy parameter, where the decryption policy parameter includes at least one of: a time range, a location range, an access network; The environment parameter, wherein the environment parameter comprises at least one of: a current time, a current location, and a currently accessed network; and determining, according to the decryption policy parameter and the environment parameter, whether to automatically decrypt the ciphertext message; In the case where the determination result is YES, the ciphertext message is automatically decrypted.
可选地,根据所述解密策略参数和所述环境参数,判断是否对密文消息进行自动解密包括:判断所述当前时间是否在所述时段范围之内,和/或,判断当前位置是否在所述位置范围之内,和/或,判断所述接入网络是否包括所述当前接入的网络;在判断结果均为是的情况下,确定对所述密文消息进行自动解密。Optionally, determining whether to automatically decrypt the ciphertext message according to the decryption policy parameter and the environment parameter includes: determining whether the current time is within the time range, and/or determining whether the current location is Within the location range, and/or determining whether the access network includes the currently accessed network; if the determination result is yes, determining to automatically decrypt the ciphertext message.
可选地,根据所述解密策略参数和所述环境参数,判断是否对密文消息进行自动解密包括:根据所述解密策略参数和所述环境参数,判断当前所处的环境是否安全;在判断结果为安全的情况下,确定对所述密文消息进行自动解密。Optionally, determining whether to automatically decrypt the ciphertext message according to the decryption policy parameter and the environment parameter includes: determining, according to the decryption policy parameter and the environment parameter, whether the current environment is safe; If the result is secure, it is determined that the ciphertext message is automatically decrypted.
可选地,在判断是否对密文消息进行自动解密之前,所述方法还包括:判断当前消息是否为未解密的所述密文消息;在判断结果为是的情况下,继续根据所述解密策略参数和所述环境参数,判断是否对所述密文消息进行自动解密;在判断结果为否的情况下,直接确定不对所述当前消息进行自动解密。Optionally, before determining whether to automatically decrypt the ciphertext message, the method further includes: determining whether the current message is the ciphertext message that is not decrypted; and if the determination result is yes, continuing to perform the decryption according to the decryption The policy parameter and the environment parameter determine whether to automatically decrypt the ciphertext message; if the judgment result is no, directly determine not to automatically decrypt the current message.
可选地,在判断结果为不对所述密文消息进行自动解密,或者,确定对所述对密文消息进行自动解密但自动解密失败,或者,对所述密文消息的自动解密功能未开启的情况下,所述方法还包括:接收对所述密文消息进行手动解密的指令;对所述密文消息进行解密。Optionally, the result of the determination is that the ciphertext message is not automatically decrypted, or that the ciphertext message is automatically decrypted but the automatic decryption fails, or the automatic decryption function of the ciphertext message is not enabled. In the case of the method, the method further includes: receiving an instruction for manually decrypting the ciphertext message; and decrypting the ciphertext message.
根据本发明实施例的另一个方面,还提供了一种加密装置,包括:第一获取模块,设置为获取加密策略参数,其中,所述加密策略参数包括以下至少之一:时段范围、位置范围、接入网络;第二获取模块,设置为获取当前的环境参数,其中,所述环境参数包括以下至少之一:当前时间、当前位置、当前接入的网络;第一判断模块,设置为根据所述加密策略参数和所述环境参数,判断是否对明文消息进行自动加密;第一加密模块,设置为在所述第一判断模块的判断结果为是的情况下,自动加密所述明文消息。According to another aspect of the present invention, an encryption apparatus is provided, including: a first obtaining module, configured to acquire an encryption policy parameter, where the encryption policy parameter includes at least one of: a time range, a location range The first obtaining module is configured to obtain the current environment parameter, where the environment parameter includes at least one of the following: a current time, a current location, and a currently accessed network; and the first determining module is configured to be based on The encryption policy parameter and the environment parameter determine whether the plaintext message is automatically encrypted. The first encryption module is configured to automatically encrypt the plaintext message if the determination result of the first determination module is yes.
可选地,所述第一判断模块包括:第一判断单元,设置为判断所述当前时间是否在所述时段范围之内,和/或,判断所述当前位置是否在所述位置范围之内,和/或,判断所述接入网络是否包括所述当前接入的网络;第一确定单元,设置为在所述第一判断单元的判断结果均为是的情况下,确定对所述明文消息进行自动加密。Optionally, the first determining module includes: a first determining unit, configured to determine whether the current time is within the time range, and/or determine whether the current location is within the location range And/or determining whether the access network includes the currently accessed network; the first determining unit is configured to determine, in the case that the determination result of the first determining unit is yes, determining the plaintext The message is automatically encrypted.
可选地,所述第一判断模块包括:第二判断单元,设置为根据所述加密策略参数和所述 环境参数,判断当前所处的环境是否需要提高安全性;第二确定单元,设置为在所述第二判断单元的判断结果为需要提高安全性的情况下,确定对所述明文消息进行自动加密。Optionally, the first determining module includes: a second determining unit, configured to be according to the encryption policy parameter and the The environment parameter determines whether the current environment needs to improve security; and the second determining unit is configured to determine to automatically encrypt the plaintext message if the judgment result of the second determining unit is that the security needs to be improved. .
可选地,所述装置还包括:第二判断模块,设置为判断当前消息是否为未加密的所述明文消息;第一确定模块,设置为在所述第二判断模块的判断结果为否的情况下,直接确定不对所述当前消息进行自动加密;其中,所述第一判断模块,还设置为在所述第二判断模块的判断结果为是的情况下,继续根据所述加密策略参数和所述环境参数判断是否对所述明文消息进行自动加密。Optionally, the device further includes: a second determining module, configured to determine whether the current message is an unencrypted plaintext message; and the first determining module is configured to determine, in the second determining module, a negative result In the case that the current message is not automatically encrypted, the first determining module is further configured to continue according to the encryption policy parameter and if the judgment result of the second determining module is yes. The environment parameter determines whether the plaintext message is automatically encrypted.
可选地,所述装置还包括:第一接收模块,设置为接收对所述当前消息进行手动加密的指令;第二加密模块,设置为对所述当前消息进行加密。Optionally, the device further includes: a first receiving module, configured to receive an instruction for manually encrypting the current message; and a second encryption module configured to encrypt the current message.
根据本发明实施例的另一个方面,还提供了一种解密装置,包括:第三获取模块,设置为获取解密策略参数,其中,所述解密策略参数包括以下至少之一:时段范围、位置范围、接入网络;第四获取模块,设置为获取当前的环境参数,其中,所述环境参数包括以下至少之一:当前时间、当前位置、当前接入的网络;第三判断模块,设置为根据所述解密策略参数和所述环境参数,判断是否对密文消息进行自动解密;第一解密模块,设置为在所述第三判断模块的判断结果为是的情况下,自动解密所述密文消息。According to another aspect of the embodiments of the present invention, a decryption apparatus is provided, including: a third obtaining module, configured to acquire a decryption policy parameter, wherein the decryption policy parameter includes at least one of: a time range, a location range The access module is configured to obtain the current environment parameter, where the environment parameter includes at least one of the following: a current time, a current location, and a currently accessed network; and a third determining module, configured to Decrypting the policy parameter and the environment parameter to determine whether to automatically decrypt the ciphertext message; the first decrypting module is configured to automatically decrypt the ciphertext if the judgment result of the third determining module is yes Message.
可选地,所述第三判断模块包括:第三判断单元,设置为判断所述当前时间是否在所述时段范围之内,和/或,判断当前位置是否在所述位置范围之内,和/或,判断所述接入网络是否包括所述当前接入的网络;第三确定单元,设置为在所述第三判断单元的判断结果均为是的情况下,确定对所述密文消息进行自动解密。Optionally, the third determining module includes: a third determining unit, configured to determine whether the current time is within the time range, and/or determine whether the current location is within the location range, and Or determining whether the access network includes the currently accessed network, and determining, by the third determining unit, that the ciphertext message is determined if the determination result of the third determining unit is yes. Perform automatic decryption.
可选地,所述第三判断模块包括:第四判断单元,设置为根据所述解密策略参数和所述环境参数,判断当前所处的环境是否安全;第四确定单元,设置为在所述第四判断单元的判断结果为安全的情况下,确定对所述密文消息进行自动解密。Optionally, the third determining module includes: a fourth determining unit, configured to determine, according to the decryption policy parameter and the environment parameter, whether the current environment is safe; the fourth determining unit is configured to be in the When the determination result of the fourth determining unit is safe, it is determined that the ciphertext message is automatically decrypted.
可选地,所述装置还包括:第四判断模块,设置为判断当前消息是否为未解密的所述密文消息;第二确定模块,设置为在所述第四判断模块的判断结果为否的情况下,直接确定不对所述当前消息进行自动解密;其中,所述第三判断模块,还设置为在所述第四判断模块的判断结果为是的情况下,继续根据所述解密策略参数和所述环境参数,判断是否对所述密文消息进行自动解密。Optionally, the device further includes: a fourth determining module, configured to determine whether the current message is the ciphertext message that is not decrypted; and the second determining module is configured to determine whether the determining result in the fourth determining module is If it is determined that the current message is not automatically decrypted, the third determining module is further configured to continue according to the decryption policy parameter if the determination result of the fourth determining module is yes And determining, by the environment parameter, whether the ciphertext message is automatically decrypted.
可选地,所述装置还包括:第二接收模块,设置为在所述第三判断模块的判断结果为不对所述密文消息进行自动解密,或者,确定对所述对密文消息进行自动解密但自动解密失败,或者,对所述密文消息的自动解密功能未开启的情况下,接收对所述密文消息进行手动解密的指令;第二解密模块,设置为对所述密文消息进行解密。Optionally, the device further includes: a second receiving module, configured to: when the third determining module determines that the ciphertext message is not automatically decrypted, or that the ciphertext message is automatically Decryption but automatic decryption fails, or, if the automatic decryption function of the ciphertext message is not enabled, receiving an instruction to manually decrypt the ciphertext message; the second decryption module is set to the ciphertext message Decrypt.
通过本发明实施例,采用获取加密策略参数,其中,加密策略参数包括以下至少之一:时段范围、位置范围、接入网络;获取当前的环境参数,其中,环境参数包括以下至少之一:当前时间、当前位置、当前接入的网络;根据加密策略参数和环境参数,判断是否对明文消 息进行自动加密;在判断结果为是的情况下,自动加密明文消息的方式,解决了相关技术中的加密或解密方式易用性不强的问题,提高了加密或解密的易用性。According to the embodiment of the present invention, the encryption policy parameter is used, where the encryption policy parameter includes at least one of the following: a time range, a location range, and an access network; and the current environment parameter is obtained, where the environment parameter includes at least one of the following: Time, current location, current access network; judge whether to clear the text according to the encryption policy parameters and environmental parameters The information is automatically encrypted; when the judgment result is yes, the manner of automatically encrypting the plaintext message solves the problem that the encryption or decryption method in the related art is not easy to use, and the usability of encryption or decryption is improved.
附图说明DRAWINGS
此处所说明的附图用来提供对本发明的进一步理解,构成本申请的一部分,本发明的示意性实施例及其说明用于解释本发明,并不构成对本发明的不当限定。在附图中:The drawings described herein are intended to provide a further understanding of the invention, and are intended to be a part of the invention. In the drawing:
图1是根据本发明实施例的加密方法的流程图;1 is a flow chart of an encryption method in accordance with an embodiment of the present invention;
图2是根据本发明实施例的解密方法的流程图;2 is a flow chart of a decryption method in accordance with an embodiment of the present invention;
图3是根据本发明实施例的加密装置的结构示意图;FIG. 3 is a schematic structural diagram of an encryption apparatus according to an embodiment of the present invention; FIG.
图4是根据本发明实施例的加密装置的可选结构示意图一;4 is a schematic structural diagram 1 of an optional structure of an encryption device according to an embodiment of the present invention;
图5是根据本发明实施例的加密装置的可选结构示意图二;FIG. 5 is a second schematic diagram of an optional structure of an encryption device according to an embodiment of the present invention; FIG.
图6是根据本发明实施例的解密装置的结构示意图;6 is a schematic structural diagram of a decryption apparatus according to an embodiment of the present invention;
图7是根据本发明实施例的解密装置的可选结构示意图一;FIG. 7 is a first schematic structural diagram 1 of a decryption apparatus according to an embodiment of the present invention; FIG.
图8是根据本发明实施例的解密装置的可选结构示意图二;FIG. 8 is a second schematic diagram of an optional structure of a decryption apparatus according to an embodiment of the present invention; FIG.
图9是根据本发明可选实施例的加密方法的流程图;9 is a flow chart of an encryption method in accordance with an alternative embodiment of the present invention;
图10是根据本发明可选实施例的解密方法的流程图。10 is a flow chart of a decryption method in accordance with an alternate embodiment of the present invention.
具体实施方式detailed description
下文中将参考附图并结合实施例来详细说明本发明。需要说明的是,在不冲突的情况下,本申请中的实施例及实施例中的特征可以相互组合。The invention will be described in detail below with reference to the drawings in conjunction with the embodiments. It should be noted that the embodiments in the present application and the features in the embodiments may be combined with each other without conflict.
本发明的其它特征和优点将在随后的说明书中阐述,并且,部分地从说明书中变得显而易见,或者通过实施本发明而了解。本发明的目的和其他优点可通过在所写的说明书、权利要求书、以及附图中所特别指出的结构来实现和获得。Other features and advantages of the invention will be set forth in the description which follows, The objectives and other advantages of the invention may be realized and obtained by means of the structure particularly pointed in the appended claims.
为了使本技术领域的人员更好地理解本发明方案,下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分的实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都应当属于本发明保护的范围。The technical solutions in the embodiments of the present invention are clearly and completely described in the following with reference to the accompanying drawings in the embodiments of the present invention. It is an embodiment of the invention, but not all of the embodiments. All other embodiments obtained by those skilled in the art based on the embodiments of the present invention without creative efforts shall fall within the scope of the present invention.
需要说明的是,在本发明实施例、可选实施例中的流程步骤的顺序在不冲突的情况下,并不是严格限制的。例如,在下列步骤中,步骤S102和S104的顺序是可以调换的。在本发明其他实施例中也存在类似情况。 It should be noted that the sequence of the process steps in the embodiment and the optional embodiment of the present invention is not strictly limited in the case of no conflict. For example, in the following steps, the order of steps S102 and S104 is interchangeable. A similar situation exists in other embodiments of the invention.
本发明实施例提供了一种加密方法。图1是根据本发明实施例的加密方法的流程图,如图1所示,该流程包括如下步骤:The embodiment of the invention provides an encryption method. FIG. 1 is a flowchart of an encryption method according to an embodiment of the present invention. As shown in FIG. 1, the process includes the following steps:
步骤S102,获取加密策略参数,其中,加密策略参数包括但不限于以下至少之一:时段范围、位置范围、接入网络;Step S102: Acquire an encryption policy parameter, where the encryption policy parameter includes, but is not limited to, at least one of the following: a time range, a location range, and an access network;
步骤S104,获取当前的环境参数,其中,环境参数包括但不限于以下至少之一:当前时间、当前位置、当前接入的网络;In step S104, the current environment parameter is obtained, where the environment parameter includes, but is not limited to, at least one of the following: a current time, a current location, and a currently accessed network;
步骤S106,根据加密策略参数和环境参数,判断是否对明文消息进行自动加密;Step S106: Determine, according to the encryption policy parameter and the environment parameter, whether to automatically encrypt the plaintext message.
步骤S108,在判断结果为是的情况下,自动加密明文消息。In step S108, if the result of the determination is yes, the plaintext message is automatically encrypted.
通过上述步骤,通过对包括但不限于当前时间或当前位置或当前接入的网络的信息与加密策略参数进行比较的方式,自动确定是否对明文消息进行加密;相对于相关技术中需要通过人为判断的方式进行手动加密的方式,通过本实施例解决了相关技术中的加密或解密方式易用性不强的问题,提高了加密或解密的易用性。Through the above steps, automatically determining whether to encrypt the plaintext message by comparing the information of the network including but not limited to the current time or the current location or the currently accessed network with the encryption policy parameter; compared with the related art, the human judgment is required. In the manner of manual encryption, the present invention solves the problem that the encryption or decryption method in the related art is not easy to use, and improves the usability of encryption or decryption.
需要说明的是,本发明实施例提供的上述方案可以应用于一个终端,或者该终端的即时通讯软件中;上述的明文消息可以是存储于该终端中具有特定特征(例如位于特定存储目录)的文件,也可以是在即时通讯软件中将要发送的即时消息。相应地,在后续的实施例中,密文消息也可以使存储于终端中具有特定特征的文件,也可以是在即时通讯软件中收到的即时消息。It should be noted that the foregoing solution provided by the embodiment of the present invention may be applied to a terminal or an instant messaging software of the terminal; the foregoing plaintext message may be stored in the terminal with a specific feature (for example, located in a specific storage directory). The file can also be an instant message to be sent in the instant messaging software. Correspondingly, in the following embodiments, the ciphertext message may also be a file stored in the terminal with a specific feature, or may be an instant message received in the instant messaging software.
在将上述步骤应用于即时通讯软件的加解密过程中的情况下,上述步骤还可以包括:In the case that the above steps are applied to the encryption and decryption process of the instant messaging software, the above steps may further include:
步骤S109,发送经过加密的明文消息。In step S109, the encrypted plaintext message is sent.
可选地,在步骤S106中,针对当前时间、当前位置、当前接入的网络判断是否进行加密时,可以采用以下判断逻辑:判断当前时间是否在时段范围之内,和/或,判断当前位置是否在位置范围之内,和/或,判断接入网络是否包括当前接入的网络;而在上述判断的结果均为是的情况下,确定对明文消息进行自动加密。在实际应用中,可以选取当前时间、当前位置、当前接入的网络中的一种或者多种相结合的方式进行判断,此外,在本发明实施例中也不限于其他的用于判断是否进行加解密的特征,例如:对于多用户登录的终端,还可以通过对当前登录的用户(例如用户权限)判断是否需要对明文消息进行加密。Optionally, in step S106, when determining whether to perform encryption for the current time, the current location, and the currently accessed network, the following determining logic may be adopted: determining whether the current time is within the time range, and/or determining the current location. Whether it is within the location range, and/or, determining whether the access network includes the currently accessed network; and if the result of the above determination is yes, determining to automatically encrypt the plaintext message. In an actual application, the current time, the current location, and one or more of the currently accessed networks may be selected for the determination. In addition, in the embodiment of the present invention, the method is not limited to determining whether to perform the determination. The feature of encryption and decryption, for example, for a terminal that is logged in by a multi-user, it is also possible to determine whether the plaintext message needs to be encrypted by the currently logged-in user (for example, user authority).
在上述针对当前时间、当前位置、当前接入网络的判断中,给出了一种判断的实例。但是在实际应用中,由于加密策略参数中的某些参数可以有不同含义,例如:加密策略参数中的“时段范围”可以用来指示需要加密的时段,然而在一些其他的实例中“时段范围”也可以用来指示不需要加密的时段。可选地,为了使本发明实施例的方案更为完善,在一些实施例中的步骤S106中可以采用下列的判断逻辑:根据加密策略参数和环境参数,判断当前所处的环境是否需要提高安全性;在判断结果为需要提高安全性的情况下,确定对明文消息进行自动加密。也即,无论加密策略参数中的参数含义如何变化,只要能够通过加密策略参数和 当前环境参数确定当前终端所处的环境是否需要提高安全性,则可以进一步对是否需要加密进行自动判断。In the above judgment for the current time, the current location, and the current access network, an example of the judgment is given. However, in practical applications, some parameters in the encryption policy parameters may have different meanings. For example, the “time period range” in the encryption policy parameter may be used to indicate the time period that needs to be encrypted, but in some other examples, “time range” Can also be used to indicate the time period when encryption is not required. Optionally, in order to improve the solution of the embodiment of the present invention, the following determining logic may be adopted in step S106 in some embodiments: determining whether the current environment needs to be improved according to the encryption policy parameter and the environmental parameter. Sexuality; in the case where the judgment result is that security needs to be improved, it is determined that the plaintext message is automatically encrypted. That is, regardless of how the meaning of the parameters in the encryption policy parameters change, as long as the encryption policy parameters and If the current environment parameter determines whether the environment in which the current terminal is located needs to improve security, it can further determine whether encryption is needed automatically.
在一些情况下,明文消息可以已经被手动加密,那么在这种情况下,继续对密文消息加密可能是不必要的;同时,多重加密也将使得解密更为复杂。为此,在本发明实施例中,在对明文消息进行加密之前,还可以:判断当前消息是否为未加密的明文消息;在判断结果为是的情况下,继续根据加密策略参数和环境参数判断是否对明文消息进行自动加密;在判断结果为否的情况下,直接确定不对当前消息进行自动加密。进一步的,在对即时消息进行加密的情况下,若确定不对当前消息进行自动加密,则直接发送当前消息。In some cases, the plaintext message may have been manually encrypted, in which case it may not be necessary to continue encrypting the ciphertext message; at the same time, multiple encryption will also make the decryption more complicated. Therefore, in the embodiment of the present invention, before encrypting the plaintext message, the method may further: determine whether the current message is an unencrypted plaintext message; if the judgment result is yes, continue to determine according to the encryption policy parameter and the environment parameter. Whether to automatically encrypt the plaintext message; if the judgment result is no, directly determine not to automatically encrypt the current message. Further, in the case of encrypting the instant message, if it is determined that the current message is not automatically encrypted, the current message is directly sent.
可选地,在本发明实施例中还提供了手动加密的方式。例如,在判断当前消息是否为未加密的明文消息之前,还可以通过接收对当前消息进行手动加密的指令;并根据该指令的指示,对当前消息进行加密。在实施过程中,如果方案应用在即时通讯软件中,那么在即时通讯软件的聊天框中可以提供一个控件,用来接收用户的手动加密指示。在用户发出手动加密指示之后,无论当前自动加密功能是否启用,或者步骤S106中的判断结果是否是确定加密,都可以直接对当前消息进行加密。Optionally, a manner of manual encryption is also provided in the embodiment of the present invention. For example, before determining whether the current message is an unencrypted plaintext message, it may also receive an instruction to manually encrypt the current message; and encrypt the current message according to the instruction of the instruction. In the implementation process, if the solution is applied in the instant messaging software, a control can be provided in the chat box of the instant messaging software to receive the user's manual encryption indication. After the user issues a manual encryption indication, the current message may be directly encrypted regardless of whether the current automatic encryption function is enabled or whether the determination result in step S106 is to determine encryption.
此外,还需要说明的是,在本发明实施例中,对于加密解密的算法(例如对称加解密算法、非对称加解密算法)、加解密密钥等配置参数的传递内容并不涉及,因此也不再对这些部分进行描述。与加密算法有关的技术内容,可以参考相关技术中现有的方案。即,在本发明实施例中采用的加解密算法包括但不限于现有技术中已有的加解密算法。In addition, it should be noted that, in the embodiment of the present invention, the content of the configuration parameters such as the encryption and decryption algorithm (for example, symmetric encryption and decryption algorithm, asymmetric encryption and decryption algorithm), encryption and decryption key, etc. are not involved, and therefore These parts are no longer described. For the technical content related to the encryption algorithm, reference may be made to the existing solutions in the related art. That is, the encryption and decryption algorithm used in the embodiment of the present invention includes, but is not limited to, an encryption and decryption algorithm existing in the prior art.
对应于上述的加密方法,本发明实施例还提供了一种解密方法。图2是根据本发明实施例的解密方法的流程图,如图2所示,该流程包括如下步骤:Corresponding to the above encryption method, an embodiment of the present invention further provides a decryption method. 2 is a flowchart of a decryption method according to an embodiment of the present invention. As shown in FIG. 2, the process includes the following steps:
步骤S202,获取解密策略参数,其中,解密策略参数包括但不限于以下至少之一:时段范围、位置范围、接入网络;Step S202, obtaining a decryption policy parameter, where the decryption policy parameter includes but is not limited to at least one of the following: a time range, a location range, and an access network;
步骤S204,获取当前的环境参数,其中,环境参数包括但不限于以下至少之一:当前时间、当前位置、当前接入的网络;In step S204, the current environment parameter is obtained, where the environment parameter includes but is not limited to at least one of the following: a current time, a current location, and a currently accessed network;
步骤S206,根据解密策略参数和环境参数,判断是否对密文消息进行自动解密;Step S206: Determine, according to the decryption policy parameter and the environment parameter, whether to automatically decrypt the ciphertext message;
步骤S208,在判断结果为是的情况下,自动解密密文消息。In step S208, if the result of the determination is YES, the ciphertext message is automatically decrypted.
通过上述步骤,解决了相关技术中的加密或解密方式易用性不强的问题,提高了加密或解密的易用性。Through the above steps, the problem that the encryption or decryption method in the related art is not easy to use is solved, and the usability of encryption or decryption is improved.
需要说明的是,解密策略参数和加密策略参数可以是相同的参数,也可以是不同的参数;较优的,上述的解密策略参数和加密策略参数可以根据实际情况分别进行设置。It should be noted that the decryption policy parameter and the encryption policy parameter may be the same parameter or different parameters. Preferably, the decryption policy parameter and the encryption policy parameter may be separately set according to actual conditions.
可选地,在步骤S202之前,该方法还可以包括:Optionally, before step S202, the method may further include:
步骤S201,接收密文消息。 Step S201, receiving a ciphertext message.
可选地,与加密方法类似的,在步骤S206中可以:判断当前时间是否在时段范围之内,和/或,判断当前位置是否在位置范围之内,和/或,判断接入网络是否包括当前接入的网络;在判断结果均为是的情况下,确定对密文消息进行自动解密。Optionally, similar to the encryption method, in step S206, it may be determined whether the current time is within the time range, and/or, determining whether the current location is within the location range, and/or determining whether the access network includes The currently accessed network; if the judgment result is yes, it is determined that the ciphertext message is automatically decrypted.
可选地,在步骤S206中,还可以:根据解密策略参数和环境参数,判断当前所处的环境是否安全;在判断结果为安全的情况下,确定对密文消息进行自动解密。也即,无论解密策略参数中的参数含义如何变化,只要能够通过解密策略参数和当前环境参数确定当前终端所处的环境是安全的,则可以进一步对是否需要解密进行自动判断。Optionally, in step S206, it may be further determined whether the current environment is safe according to the decryption policy parameter and the environment parameter; and if the determination result is safe, determining to automatically decrypt the ciphertext message. That is, regardless of how the meaning of the parameter in the decryption policy parameter changes, as long as the environment in which the current terminal is located can be determined by the decryption policy parameter and the current environment parameter, it is possible to further automatically determine whether decryption is required.
在实际应用中,一般只有对密文消息进行解密,可选地,在判断是否对密文消息进行自动解密之前,方法还可以包括:判断当前消息是否为未解密的密文消息;在判断结果为是的情况下,继续根据解密策略参数和环境参数,判断是否对密文消息进行自动解密;在判断结果为否的情况下,直接确定不对当前消息进行自动解密。In an actual application, the ciphertext message is generally decrypted. Optionally, before determining whether to automatically decrypt the ciphertext message, the method may further include: determining whether the current message is an undecrypted ciphertext message; In the case of YES, it is determined whether to automatically decrypt the ciphertext message according to the decryption policy parameter and the environment parameter; if the judgment result is no, it is directly determined that the current message is not automatically decrypted.
可选地,在判断结果为不对密文消息进行自动解密,或者,确定对密文消息进行自动解密但自动解密失败,或者,对密文消息的自动解密功能未开启的情况下,方法还可以包括:接收对密文消息进行手动解密的指令;对密文消息进行解密。通过该方式,可以实现手动解密,从而进一步提高了解密密文消息的灵活性。同样地,在进行手动解密的情况下,也可以通过控件接收用户的解密指令的方式来触发。Optionally, if the result of the determination is that the ciphertext message is not automatically decrypted, or if the ciphertext message is automatically decrypted but the automatic decryption fails, or the automatic decryption function of the ciphertext message is not enabled, the method may also be The method includes: receiving an instruction for manually decrypting a ciphertext message; and decrypting the ciphertext message. In this way, manual decryption can be achieved, thereby further improving the flexibility of decrypting ciphertext messages. Similarly, in the case of manual decryption, it can also be triggered by the way the control receives the user's decryption command.
在本实施例中还提供了一种加密装置,用于实现上述加密方法的实施例及可选实施方式,已经进行过说明的不再赘述,下面对该装置中涉及到的模块进行说明。如以下所使用的,术语“模块”可以实现预定功能的软件和/或硬件的组合。尽管以下实施例所描述的装置较佳地以软件来实现,但是硬件,或者软件和硬件的组合的实现也是可能并被构想的。In this embodiment, an encryption device is also provided, which is used to implement the foregoing embodiment of the encryption method and optional embodiments. The descriptions of the modules involved in the device are described below. As used below, the term "module" may implement a combination of software and/or hardware of a predetermined function. Although the apparatus described in the following embodiments is preferably implemented in software, hardware, or a combination of software and hardware, is also possible and contemplated.
图3是根据本发明实施例的加密装置的结构示意图,如图3所示,该装置包括:第一获取模块32、第二获取模块34、第一判断模块36和第一加密模块38,其中,第一获取模块32,设置为获取加密策略参数,其中,加密策略参数包括以下至少之一:时段范围、位置范围、接入网络;第二获取模块34,设置为获取当前的环境参数,其中,环境参数包括以下至少之一:当前时间、当前位置、当前接入的网络;第一判断模块36,分别耦合至第一获取模块32和第二获取模块34,设置为根据加密策略参数和环境参数,判断是否对明文消息进行自动加密;第一加密模块38,耦合至第一判断模块36,设置为在第一判断模块的判断结果为是的情况下,自动加密明文消息。FIG. 3 is a schematic structural diagram of an encryption apparatus according to an embodiment of the present invention. As shown in FIG. 3, the apparatus includes: a first acquisition module 32, a second acquisition module 34, a first determination module 36, and a first encryption module 38, wherein The first obtaining module 32 is configured to obtain an encryption policy parameter, where the encryption policy parameter includes at least one of the following: a time range, a location range, and an access network; and the second obtaining module 34 is configured to obtain the current environmental parameter, where The environment parameter includes at least one of the following: a current time, a current location, and a currently accessed network; the first determining module 36 is coupled to the first obtaining module 32 and the second obtaining module 34, respectively, and is configured to be based on the encryption policy parameter and the environment. The parameter determines whether the plaintext message is automatically encrypted. The first encryption module 38 is coupled to the first determining module 36, and is configured to automatically encrypt the plaintext message if the determination result of the first determining module is yes.
可选地,第一判断模块36包括:第一判断单元362,设置为判断当前时间是否在时段范围之内,和/或,判断当前位置是否在位置范围之内,和/或,判断接入网络是否包括当前接入的网络;第一确定单元364,耦合至第一判断单元362,设置为在第一判断单元362的判断结果均为是的情况下,确定对明文消息进行自动加密。Optionally, the first determining module 36 includes: a first determining unit 362, configured to determine whether the current time is within a time range, and/or determine whether the current location is within the location range, and/or determine access Whether the network includes the currently accessed network; the first determining unit 364 is coupled to the first determining unit 362, and is configured to determine that the plaintext message is automatically encrypted if the determination result of the first determining unit 362 is yes.
可选地,第一判断模块36包括:第二判断单元366,设置为根据加密策略参数和环境参数,判断当前所处的环境是否需要提高安全性;第二确定单元368,耦合至第二判断单元366,设置为在第二判断单元366的判断结果为需要提高安全性的情况下,确定对明文消息进行自 动加密。Optionally, the first determining module 36 includes: a second determining unit 366, configured to determine, according to the encryption policy parameter and the environment parameter, whether the current environment needs to improve security; the second determining unit 368 is coupled to the second determining The unit 366 is configured to determine that the plaintext message is self-determined if the determination result of the second determining unit 366 is that the security needs to be improved. Dynamic encryption.
图4是根据本发明实施例的加密装置的可选结构示意图一,如图4所示,可选地,装置还包括:第二判断模块42,设置为判断当前消息是否为未加密的明文消息;第一确定模块44,耦合至第二判断模块42,设置为在第二判断模块42的判断结果为否的情况下,直接确定不对当前消息进行自动加密;其中,第一判断模块36,还耦合至第二判断模块42,还设置为在第二判断模块42的判断结果为是的情况下,继续根据加密策略参数和环境参数判断是否对明文消息进行自动加密。FIG. 4 is a schematic diagram of an optional structure of an encryption device according to an embodiment of the present invention. As shown in FIG. 4, the device further includes: a second determining module 42 configured to determine whether the current message is an unencrypted plaintext message. The first determining module 44 is coupled to the second determining module 42 and configured to directly determine that the current message is not automatically encrypted if the determining result of the second determining module 42 is negative; wherein the first determining module 36 further The second judging module 42 is further configured to determine whether the plaintext message is automatically encrypted according to the encryption policy parameter and the environment parameter if the judgment result of the second judging module 42 is YES.
图5是根据本发明实施例的加密装置的可选结构示意图二,如图5所示,可选地,装置还包括:第一接收模块52,设置为接收对当前消息进行手动加密的指令;第二加密模块54,耦合至第一接收模块52和第二判断模块42,设置为对当前消息进行加密。FIG. 5 is a second schematic diagram of an optional structure of an encryption apparatus according to an embodiment of the present invention. As shown in FIG. 5, the apparatus further includes: a first receiving module 52 configured to receive an instruction for manually encrypting a current message; The second encryption module 54, coupled to the first receiving module 52 and the second determining module 42, is configured to encrypt the current message.
需要说明的是:上述的第一判断模块36和第二判断模块42可以合设;上述的第一加密模块38和第二加密模块54可以合设。It should be noted that the first determining module 36 and the second determining module 42 may be combined; the first encryption module 38 and the second encryption module 54 may be combined.
在本实施例中还提供了一种解密装置,设置为实现上述解密方法的实施例及可选实施方式,已经进行过说明的不再赘述,下面对该装置中涉及到的模块进行说明。In this embodiment, a decryption device is provided, which is configured to implement the above-described decryption method and an optional implementation manner. The descriptions of the modules involved in the device will be described below.
图6是根据本发明实施例的解密装置的结构示意图,如图6所示,该装置包括:第三获取模块62、第四获取模块64、第三判断模块66和第一解密模块68,其中,第三获取模块62,设置为获取解密策略参数,其中,解密策略参数包括以下至少之一:时段范围、位置范围、接入网络;第四获取模块64,设置为获取当前的环境参数,其中,环境参数包括以下至少之一:当前时间、当前位置、当前接入的网络;第三判断模块66,分别耦合至第三获取模块62和第四获取模块64,设置为根据解密策略参数和环境参数,判断是否对密文消息进行自动解密;第一解密模块68,耦合至第三判断模块66,设置为在第三判断模块66的判断结果为是的情况下,自动解密密文消息。FIG. 6 is a schematic structural diagram of a decryption apparatus according to an embodiment of the present invention. As shown in FIG. 6, the apparatus includes: a third acquisition module 62, a fourth acquisition module 64, a third determination module 66, and a first decryption module 68, wherein The third obtaining module 62 is configured to obtain a decryption policy parameter, where the decryption policy parameter includes at least one of the following: a time range, a location range, and an access network; and the fourth obtaining module 64 is configured to obtain the current environmental parameter, where The environment parameter includes at least one of the following: the current time, the current location, and the currently accessed network; the third determining module 66 is coupled to the third obtaining module 62 and the fourth obtaining module 64, respectively, and is configured to be based on the decryption policy parameter and the environment. The parameter determines whether the ciphertext message is automatically decrypted. The first decryption module 68 is coupled to the third determining module 66, and is configured to automatically decrypt the ciphertext message if the determination result of the third determining module 66 is YES.
可选地,第三判断模块66包括:第三判断单元662,设置为判断当前时间是否在时段范围之内,和/或,判断当前位置是否在位置范围之内,和/或,判断接入网络是否包括当前接入的网络;第三确定单元664,耦合至第三判断单元662,设置为在第三判断单元662的判断结果均为是的情况下,确定对密文消息进行自动解密。Optionally, the third determining module 66 includes: a third determining unit 662, configured to determine whether the current time is within a time range, and/or determine whether the current location is within the location range, and/or determine access Whether the network includes the currently accessed network; the third determining unit 664 is coupled to the third determining unit 662, and is configured to determine that the ciphertext message is automatically decrypted if the determination result of the third determining unit 662 is yes.
可选地,第三判断模块66包括:第四判断单元666,设置为根据解密策略参数和环境参数,判断当前所处的环境是否安全;第四确定单元668,耦合至第四判断单元666,设置为在第四判断单元666的判断结果为安全的情况下,确定对密文消息进行自动解密。Optionally, the third determining module 66 includes: a fourth determining unit 666, configured to determine, according to the decryption policy parameter and the environment parameter, whether the current environment is safe; the fourth determining unit 668 is coupled to the fourth determining unit 666, It is set to determine that the ciphertext message is automatically decrypted in a case where the determination result of the fourth judging unit 666 is safe.
图7是根据本发明实施例的解密装置的可选结构示意图一,如图7所示,可选地,装置还包括:第四判断模块72,设置为判断当前消息是否为未解密的密文消息;第二确定模块74,耦合至第四判断模块72,设置为在第四判断模块72的判断结果为否的情况下,直接确定不对当前消息进行自动解密;其中,第三判断模块66,还耦合至第四判断模块72,还设置为在第四判断模块72的判断结果为是的情况下,继续根据解密策略参数和环境参数,判断是否对密 文消息进行自动解密;FIG. 7 is a schematic diagram of an optional structure of a decryption apparatus according to an embodiment of the present invention. As shown in FIG. 7, the apparatus further includes: a fourth determining module 72, configured to determine whether the current message is an undecrypted ciphertext. The second determining module 74 is coupled to the fourth determining module 72, and is configured to directly determine that the current message is not automatically decrypted if the determining result of the fourth determining module 72 is negative; wherein the third determining module 66, It is further coupled to the fourth determining module 72, and is further configured to continue to determine whether the password is confidential according to the decryption policy parameter and the environmental parameter if the determination result of the fourth determining module 72 is YES. Automatic decryption of text messages;
图8是根据本发明实施例的解密装置的可选结构示意图二,如图8所示,可选地,装置还包括:第二接收模块82,设置为在第三判断模块的判断结果为不对密文消息进行自动解密,或者,确定对密文消息进行自动解密但自动解密失败,或者,对密文消息的自动解密功能未开启的情况下,接收对密文消息进行手动解密的指令;第二解密模块84,耦合至第二接收模块82和第四判断模块72,设置为对密文消息进行解密。FIG. 8 is a second schematic diagram of an optional structure of a decryption apparatus according to an embodiment of the present invention. As shown in FIG. 8 , the apparatus further includes: a second receiving module 82 configured to determine that the result of the third determining module is incorrect. The ciphertext message is automatically decrypted, or it is determined that the ciphertext message is automatically decrypted but the automatic decryption fails, or the automatic decryption function of the ciphertext message is not turned on, and the instruction for manually decrypting the ciphertext message is received; The two decryption module 84, coupled to the second receiving module 82 and the fourth determining module 72, is configured to decrypt the ciphertext message.
需要说明的是,上述的第三判断模块66和第四判断模块72可以合设;上述的第一解密模块68和第二解密模块84可以合设。It should be noted that the third determining module 66 and the fourth determining module 72 may be combined; the first decrypting module 68 and the second decrypting module 84 may be combined.
另外,在本发明各个实施例中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中。上述集成的单元既可以采用硬件的形式实现,也可以采用软件功能单元的形式实现。In addition, each functional unit in each embodiment of the present invention may be integrated into one processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit. The above integrated unit can be implemented in the form of hardware or in the form of a software functional unit.
为了使本发明实施例的描述更加清楚,下面结合可选实施例进行描述和说明。In order to make the description of the embodiments of the present invention more clear, the following description and description are made in conjunction with the exemplary embodiments.
本发明可选实施例中以对即时信息的加解密为例进行说明,提供了一种即时信息的自动加解密方法。In the optional embodiment of the present invention, the encryption and decryption of the instant information is taken as an example to provide an automatic encryption and decryption method for the instant information.
本发明可选实施例的目的是在即时信息收发过程中对即时消息进行加解密控制,包括但不限于基于位置、网络热点、时间等参数中的一个或者多个来进行自动加解密策略计算,对于特定位置和特定时段内收发的消息进行自动加解密处理。The purpose of the optional embodiment of the present invention is to perform encryption and decryption control on an instant message in an instant messaging process, including but not limited to one or more of parameters such as location, network hotspot, time, etc., to perform automatic encryption and decryption strategy calculation. Automatically encrypt and decrypt messages sent and received in a specific location and in a specific time period.
由于特定位置和特定时段内本身具有较高的安全可信度差异性,其本身即意味着一定的安全特征信息,而自动加解密处理对用户而言意味着加解密环节是透明的,这样在特定位置和特定时段内用户收发加解密消息在具有一定安全保证的前提下将具有较好的用户体验。Since the specific location and the specific time period itself have a high security credibility difference, it means a certain security feature information, and the automatic encryption and decryption process means that the encryption and decryption link is transparent to the user, so that The user's sending and receiving encryption and decryption messages in a specific location and a specific time period will have a better user experience with certain security guarantees.
图9是根据本发明可选实施例的加密方法的流程图,如图9所示,包括如下步骤:FIG. 9 is a flowchart of an encryption method according to an alternative embodiment of the present invention. As shown in FIG. 9, the method includes the following steps:
步骤S902,初始化参数配置。Step S902, initializing the parameter configuration.
在该步骤中主要配置加密密钥、自动加密功能开关、自动加密策略的相关参数;其中,自动加密策略的参数(相当于上述的加密策略参数)包括自动加密的位置范围、网络热点、时段范围等参数,这些参数用于确定在发送消息时是否进行自动加密。其中,位置范围的确定采用结合地图、位置定位等移动终端的基础功能来标定自动加密的位置基准参考点,在参考点基础上通过有效半径来确定位置范围,位置范围可以是有效半径内的区域,也可以是半径外的区域,也可以是多个区域的并集或者交集。网络热点主要是设置常用WIFI网络的可信度。位置范围和网络热点可以一起用于指示位置安全性的判断,也可以分别独立的用于确定安全位置。时段范围用于指示需要自动加密的时间段。In this step, the encryption key, the automatic encryption function switch, and the relevant parameters of the automatic encryption policy are mainly configured; wherein the parameters of the automatic encryption policy (corresponding to the above encryption policy parameters) include an automatically encrypted location range, a network hotspot, and a time range. Parameters such as parameters that determine whether automatic encryption is performed when a message is sent. Wherein, the location range is determined by using the basic functions of the mobile terminal such as map and location positioning to calibrate the automatically encrypted position reference reference point, and the position range is determined by the effective radius on the basis of the reference point, and the position range may be the area within the effective radius. It can also be an area outside the radius, or it can be a union or intersection of multiple areas. The network hotspot is mainly to set the credibility of the common WIFI network. The location range and the network hotspot can be used together to indicate the location security determination, or can be used independently to determine the security location. The time range is used to indicate the time period that requires automatic encryption.
步骤S904,监测输入状态及手动加密,可以实时监测即时通信软件界面输入框的输入状态;Step S904, monitoring the input state and manual encryption, and real-time monitoring the input state of the input frame of the instant communication software interface;
步骤S906,判断是否进行手动加密。其中,在输入过程中提供手动加密的交互控件(例 如,用于触发手动加密的悬浮按钮)。当手动加密控件被触发,指示进行手动加密的情况下,执行步骤S908,否则进入步骤S910;In step S906, it is determined whether manual encryption is performed. Wherein, a manually encrypted interactive control is provided during the input process (example) For example, a floating button for triggering manual encryption). When the manual encryption control is triggered, indicating that manual encryption is performed, step S908 is performed, otherwise proceeds to step S910;
步骤S908,则将输入框原始文本按照步骤S902配置的加密密钥直接加密成密文,并将输入框中的原始文本替换为加密后的密文;Step S908, the original text of the input box is directly encrypted into a ciphertext according to the encryption key configured in step S902, and the original text in the input box is replaced with the encrypted ciphertext;
步骤S910,触发消息发送过程;Step S910, triggering a message sending process;
步骤S912,当消息被触发发送,则先判断文本框中输入内容是否为步骤S908中手动加密过的密文,如是,则进入步骤S922直接发送输入框中消息;反之,进入步骤S914;Step S912, when the message is triggered to send, first determine whether the input content in the text box is the ciphertext manually encrypted in step S908, and if so, proceeds to step S922 to directly send the message in the input box; otherwise, proceeds to step S914;
步骤S914,判断是否开启自动加密功能;在开启自动加密的情况下,进入步骤S916,否则执行步骤S922;Step S914, it is determined whether the automatic encryption function is turned on; if automatic encryption is turned on, the process proceeds to step S916, otherwise step S922 is performed;
步骤S916,自动加密策略计算;Step S916, automatic encryption strategy calculation;
步骤S918,根据自动加密策略计算的结果,自动判断输入框中消息是否需要加密;Step S918, automatically determining, according to the result of the automatic encryption policy calculation, whether the message in the input box needs to be encrypted;
可选地,自动加密策略计算模块实时获取当前的位置、连接的WIFI热点以及当前的时间信息,并将其与步骤S902设置的位置范围、网络热点、时段范围等参数进行比较,当满足设定条件时,则转入步骤S920,否则,执行步骤S922;Optionally, the automatic encryption policy calculation module obtains the current location, the connected WIFI hotspot, and the current time information in real time, and compares the parameters with the location range, the network hotspot, the time range, and the like set in step S902. If the condition is met, go to step S920, otherwise, go to step S922;
步骤S920,在满足自动加密条件下,自动将输入框中内容按照步S902设置的加密密钥加密成密文;Step S920, automatically encrypting the content of the input box according to the encryption key set in step S902 into a ciphertext under the condition that the automatic encryption is satisfied;
步骤S922,将密文发送出去。In step S922, the ciphertext is sent out.
图10是根据本发明可选实施例的解密方法的流程图,如图10所示,包括如下步骤:FIG. 10 is a flowchart of a decryption method according to an alternative embodiment of the present invention. As shown in FIG. 10, the method includes the following steps:
步骤S1002,初始化参数配置;Step S1002, initializing parameter configuration;
在该步骤中配置解密密钥、自动解密功能开关、自动解密策略的相关参数。其中,自动解密策略的参数(相当于上述的解密策略参数)包括自动解密的位置范围、网络热点、时段范围等参数,这些参数用于确定在发送消息时是否进行自动解密。其中,位置范围的确定采用结合地图、位置定位等移动终端的基础功能来标定自动解密的位置基准参考点,在参考点基础上通过有效半径来确定位置范围,位置范围可以是有效半径内的区域,也可以是半径外的区域,也可以是多个区域的并集或者交集。网络热点主要是设置常用WIFI网络的可信度。位置范围和网络热点可以一起用于指示位置安全性的判断,也可以分别独立的用于确定安全位置。时段范围用于指示需要自动解密的时间段。In this step, the decryption key, the automatic decryption function switch, and the relevant parameters of the automatic decryption policy are configured. The parameters of the automatic decryption policy (corresponding to the above-mentioned decryption policy parameters) include parameters such as a location range of automatic decryption, a network hotspot, a time range, and the like, and these parameters are used to determine whether to perform automatic decryption when sending a message. Wherein, the location range is determined by using the basic functions of the mobile terminal, such as map and location positioning, to calibrate the position reference point of the automatic decryption, and the position range is determined by the effective radius on the basis of the reference point, and the position range may be the area within the effective radius. It can also be an area outside the radius, or it can be a union or intersection of multiple areas. The network hotspot is mainly to set the credibility of the common WIFI network. The location range and the network hotspot can be used together to indicate the location security determination, or can be used independently to determine the security location. The time range is used to indicate the time period that requires automatic decryption.
步骤S1004,监测接收消息;Step S1004, monitoring the received message;
步骤S1006,判断接收消息是否为密文,如非密文,则执行步骤S1008;否则,执行步骤S1010;Step S1006, it is determined whether the received message is a ciphertext, if not a ciphertext, step S1008 is performed; otherwise, step S1010 is performed;
步骤S1008,直接显示接收到的原始明文消息; Step S1008, directly displaying the received original plaintext message;
步骤S1010,如是密文,判断自动解密功能是否开启,如未开启,执行步骤S1022,直接显示原始密文消息;否则执行步骤S1012;Step S1010, if it is cipher text, determine whether the automatic decryption function is enabled, if not, step S1022, directly display the original ciphertext message; otherwise, step S1012;
步骤S1012,自动解密策略计算;Step S1012, automatic decryption strategy calculation;
步骤S1014,根据解密策略计算结果,自动判断接收消息是否需要自动解密。可选地,自动解密策略计算模块实时获取当前的位置、连接的WIFI热点以及当前的时间信息,并将其与步骤S1002设置的位置范围、网络热点、时段范围等参数进行比较,当满足设定条件时,则转入步骤S1016;否则,执行步骤S1022,直接显示原始密文消息;In step S1014, according to the calculation result of the decryption strategy, it is automatically determined whether the received message needs to be automatically decrypted. Optionally, the automatic decryption policy calculation module obtains the current location, the connected WIFI hotspot, and the current time information in real time, and compares it with the location range, network hotspot, time range, and other parameters set in step S1002, when the setting is met. If the condition is met, go to step S1016; otherwise, execute step S1022 to directly display the original ciphertext message;
步骤S1016,在满足自动解密条件下,自动将接收消息按照步骤S1002设置的解密密钥对接收消息进行解密;Step S1016: automatically, after receiving the automatic decryption condition, automatically decrypt the received message according to the decryption key set in step S1002;
步骤S1018,判断解密是否成功,如解密成功,则执行步骤S1020;否则,执行步骤S1022;Step S1018, it is determined whether the decryption is successful, if the decryption is successful, step S1020 is performed; otherwise, step S1022 is performed;
步骤S1020,显示解密后的明文;Step S1020, displaying the decrypted plaintext;
步骤S1022,直接显示原始密文消息;Step S1022, directly displaying the original ciphertext message;
步骤S1024,判断是否进行手动解密;Step S1024, determining whether to perform manual decryption;
其中,在自动解密未开启、不满足自动解密条件或自动解密失败的情形下,接收到的消息为原始密文。此时界面显示手动解密的交互控件(例如用于触发手动解密的悬浮按钮);若进行手动解密,则执行步骤S1026,否则,返回步骤S1020并结束流程。Wherein, in the case that the automatic decryption is not turned on, the automatic decryption condition is not satisfied, or the automatic decryption fails, the received message is the original ciphertext. At this time, the interface displays the interactive control for manual decryption (for example, a floating button for triggering manual decryption); if manual decryption is performed, step S1026 is performed; otherwise, the process returns to step S1020 and the flow is ended.
步骤S1026,当手动解密控件被触发,则弹出手动解密界面,可以输入解密密钥;Step S1026, when the manual decryption control is triggered, the manual decryption interface is popped up, and the decryption key can be input;
步骤S1028,当手动输入的密钥与步骤S1002设置的解密密钥匹配,则对接收消息进行解密;Step S1028, when the manually input key matches the decryption key set in step S1002, decrypt the received message;
步骤S1030,判断解密是否成功;如解密成功,则执行步骤S1020,显示解密后的明文;如解密失败,则执行步骤S1022,仍然显示原始密文消息,并给出解密失败的提示信息。In step S1030, it is determined whether the decryption is successful. If the decryption is successful, step S1020 is executed to display the decrypted plaintext; if the decryption fails, step S1022 is performed, the original ciphertext message is still displayed, and the prompt information of the decryption failure is given.
需要说明的是,本发明可选实施例中描述的加密、解密方法可以组合使用,即在自动加密,同时也自动解密,也可以独立实现,只使用自动加密或自动解密。此外,在本发明可选实施例中提供了自动加解密的同时融合手动加解密的方案;在实际应用中,可以根据实际需要关闭自动加解密只使用手动加解密方法,或者只使用自动加解密而不使用手动加解密方法。It should be noted that the encryption and decryption methods described in the optional embodiments of the present invention may be used in combination, that is, in automatic encryption, and also in automatic decryption, or may be implemented independently, using only automatic encryption or automatic decryption. In addition, in an optional embodiment of the present invention, a scheme of automatically encrypting and decrypting while integrating manual encryption and decryption is provided; in an actual application, automatic encryption and decryption may be used according to actual needs, only the manual encryption and decryption method is used, or only automatic encryption and decryption is used. Instead of using manual encryption and decryption methods.
此外,对于自动加解密方法,在自动加解密策略计算的参数选择上,位置、WIFI热点、时间段三个参数可以只取部分参数,也可以三个参数联合使用,甚至可以选取诸如方位等其它类型的参数。如不区分所有参数,则自动加解密方法则退化为在所有情况下均自动加密或自动解密消息,这样在传输过程中消息本身仍然具有安全性,但在终端收发侧存在一定的易用性或安全性损失。In addition, for the automatic encryption and decryption method, in the parameter selection of the automatic encryption and decryption strategy calculation, the three parameters of position, WIFI hotspot and time period can take only some parameters, or can be used in combination with three parameters, and even select other directions such as orientation. The type of parameter. If all parameters are not distinguished, the automatic encryption and decryption method is degraded to automatically encrypt or automatically decrypt the message in all cases, so that the message itself is still secure during transmission, but there is some ease of use on the receiving and receiving side of the terminal. Security loss.
综上所述,根据本发明的上述实施例、可选实施例和实施方式可知,本发明实施例提供的自动加解密对用户而言是透明的,在具有一定安全性的同时具有较好的用户体验;在上述 实施例的方案中,对加密内容本身进行加密,加密后的密文可以通过现有的传输信道或者现有的通信客户端直接发送或者保存,具有适应面广、成本低廉的优势;上述方案对内容进行加密,用户直接可以看到加密后的密文效果,保密效果直观可见,具有良好的保密体验;此外,本发明实施例提供的方案交互简洁易用,用户学习和使用都非常方便。In summary, according to the above-mentioned embodiments, optional embodiments, and implementations of the present invention, the automatic encryption and decryption provided by the embodiments of the present invention is transparent to the user, and has good security. User experience; above In the solution of the embodiment, the encrypted content itself is encrypted, and the encrypted ciphertext can be directly sent or saved through the existing transmission channel or the existing communication client, and has the advantages of wide adaptability and low cost; The content is encrypted, and the user can directly see the encrypted ciphertext effect. The security effect is visually visible and has a good security experience. In addition, the solution provided by the embodiment of the present invention is simple and easy to use, and the user is very convenient to learn and use.
在另外一个实施例中,还提供了一种软件,该软件用于执行上述实施例及可选实施方式中描述的技术方案。In another embodiment, software is also provided for performing the technical solutions described in the above embodiments and alternative embodiments.
在另外一个实施例中,还提供了一种存储介质,该存储介质中存储有上述软件,该存储介质包括但不限于:光盘、软盘、硬盘、可擦写存储器等。In another embodiment, a storage medium is further provided, wherein the software includes the above-mentioned software, including but not limited to: an optical disk, a floppy disk, a hard disk, an erasable memory, and the like.
工业实用性:通过上述描述可知,本发明实施例解决了相关技术中的加密或解密方式易用性不强的问题,提高了加密或解密的易用性。Industrial Applicability: As can be seen from the above description, the embodiment of the present invention solves the problem that the encryption or decryption method in the related art is not easy to use, and improves the usability of encryption or decryption.
需要说明的是,本发明的说明书和权利要求书及上述附图中的术语“第一”、“第二”等是用于区别类似的对象,而不必用于描述特定的顺序或先后次序。应该理解这样使用的对象在适当情况下可以互换,以便这里描述的本发明的实施例能够以除了在这里图示或描述的那些以外的顺序实施。此外,术语“包括”和“具有”以及他们的任何变形,意图在于覆盖不排他的包含,例如,包含了一系列步骤或单元的过程、方法、系统、产品或设备不必限于清楚地列出的那些步骤或单元,而是可包括没有清楚地列出的或对于这些过程、方法、产品或设备固有的其它步骤或单元。It is to be understood that the terms "first", "second" and the like in the specification and claims of the present invention are used to distinguish similar objects, and are not necessarily used to describe a particular order or order. It is to be understood that the objects so used are interchangeable, where appropriate, so that the embodiments of the invention described herein can be carried out in a sequence other than those illustrated or described herein. In addition, the terms "comprises" and "comprises" and "the" and "the" are intended to cover a non-exclusive inclusion, for example, a process, method, system, product, or device that comprises a series of steps or units is not necessarily limited to Those steps or units may include other steps or units not explicitly listed or inherent to such processes, methods, products or devices.
显然,本领域的技术人员应该明白,上述的本发明的各模块或各步骤可以用通用的计算装置来实现,它们可以集中在单个的计算装置上,或者分布在多个计算装置所组成的网络上,可选地,它们可以用计算装置可执行的程序代码来实现,从而,可以将它们存储在存储装置中由计算装置来执行,并且在某些情况下,可以以不同于此处的顺序执行所示出或描述的步骤,或者将它们分别制作成各个集成电路模块,或者将它们中的多个模块或步骤制作成单个集成电路模块来实现。这样,本发明不限制于任何特定的硬件和软件结合。It will be apparent to those skilled in the art that the various modules or steps of the present invention described above can be implemented by a general-purpose computing device that can be centralized on a single computing device or distributed across a network of multiple computing devices. Alternatively, they may be implemented by program code executable by the computing device such that they may be stored in the storage device by the computing device and, in some cases, may be different from the order herein. The steps shown or described are performed, or they are separately fabricated into individual integrated circuit modules, or a plurality of modules or steps thereof are fabricated as a single integrated circuit module. Thus, the invention is not limited to any specific combination of hardware and software.
以上所述仅为本发明的可选实施例而已,并不用于限制本发明,对于本领域的技术人员来说,本发明可以有各种更改和变化。凡在本发明的精神和原则之内,所作的任何修改、等同替换、改进等,均应包含在本发明的保护范围之内。 The above description is only an alternative embodiment of the present invention, and is not intended to limit the present invention, and various modifications and changes can be made to the present invention. Any modifications, equivalent substitutions, improvements, etc. made within the spirit and scope of the present invention are intended to be included within the scope of the present invention.

Claims (20)

  1. 一种加密方法,包括:An encryption method, including:
    获取加密策略参数,其中,所述加密策略参数包括以下至少之一:时段范围、位置范围、接入网络;Obtaining an encryption policy parameter, where the encryption policy parameter includes at least one of the following: a time range, a location range, and an access network;
    获取当前的环境参数,其中,所述环境参数包括以下至少之一:当前时间、当前位置、当前接入的网络;Obtaining a current environment parameter, where the environment parameter includes at least one of the following: a current time, a current location, and a currently accessed network;
    根据所述加密策略参数和所述环境参数,判断是否对明文消息进行自动加密;Determining whether to automatically encrypt the plaintext message according to the encryption policy parameter and the environment parameter;
    在判断结果为是的情况下,自动加密所述明文消息。In the case where the determination result is YES, the plaintext message is automatically encrypted.
  2. 根据权利要求1所述的方法,其中,根据所述加密策略参数和所述环境参数,判断是否对明文消息进行自动加密包括:The method according to claim 1, wherein determining whether to automatically encrypt the plaintext message according to the encryption policy parameter and the environment parameter comprises:
    判断所述当前时间是否在所述时段范围之内,和/或,判断所述当前位置是否在所述位置范围之内,和/或,判断所述接入网络是否包括所述当前接入的网络;Determining whether the current time is within the time range, and/or determining whether the current location is within the location range, and/or determining whether the access network includes the currently accessed The internet;
    在判断结果均为是的情况下,确定对所述明文消息进行自动加密。If the result of the determination is yes, it is determined that the plaintext message is automatically encrypted.
  3. 根据权利要求1所述的方法,其中,根据所述加密策略参数和所述环境参数,判断是否对明文消息进行自动加密包括:The method according to claim 1, wherein determining whether to automatically encrypt the plaintext message according to the encryption policy parameter and the environment parameter comprises:
    根据所述加密策略参数和所述环境参数,判断当前所处的环境是否需要提高安全性;Determining, according to the encryption policy parameter and the environment parameter, whether the current environment needs to improve security;
    在判断结果为需要提高安全性的情况下,确定对所述明文消息进行自动加密。When the result of the judgment is that the security needs to be improved, it is determined that the plaintext message is automatically encrypted.
  4. 根据权利要求1至3中任一项所述的方法,其中,在判断是否对明文消息进行自动加密之前,所述方法还包括:The method according to any one of claims 1 to 3, wherein before determining whether to automatically encrypt the plaintext message, the method further comprises:
    判断当前消息是否为未加密的所述明文消息;Determining whether the current message is the unencrypted plaintext message;
    在判断结果为是的情况下,继续根据所述加密策略参数和所述环境参数判断是否对所述明文消息进行自动加密;If the result of the determination is yes, determining whether to automatically encrypt the plaintext message according to the encryption policy parameter and the environment parameter;
    在判断结果为否的情况下,直接确定不对所述当前消息进行自动加密。If the result of the determination is no, it is directly determined that the current message is not automatically encrypted.
  5. 根据权利要求4所述的方法,其中,在判断当前消息是否为未加密的所述明文消息之前,所述方法还包括:The method of claim 4, wherein before the determining whether the current message is the unencrypted plaintext message, the method further comprises:
    接收对所述当前消息进行手动加密的指令;Receiving an instruction to manually encrypt the current message;
    对所述当前消息进行加密。Encrypting the current message.
  6. 一种解密方法,包括:A decryption method comprising:
    获取解密策略参数,其中,所述解密策略参数包括以下至少之一:时段范围、位置范围、接入网络; Obtaining a decryption policy parameter, where the decryption policy parameter includes at least one of the following: a time range, a location range, and an access network;
    获取当前的环境参数,其中,所述环境参数包括以下至少之一:当前时间、当前位置、当前接入的网络;Obtaining a current environment parameter, where the environment parameter includes at least one of the following: a current time, a current location, and a currently accessed network;
    根据所述解密策略参数和所述环境参数,判断是否对密文消息进行自动解密;Determining whether to automatically decrypt the ciphertext message according to the decryption policy parameter and the environment parameter;
    在判断结果为是的情况下,自动解密所述密文消息。In the case where the determination result is YES, the ciphertext message is automatically decrypted.
  7. 根据权利要求6所述的方法,其中,根据所述解密策略参数和所述环境参数,判断是否对密文消息进行自动解密包括:The method according to claim 6, wherein determining whether to automatically decrypt the ciphertext message according to the decryption policy parameter and the environment parameter comprises:
    判断所述当前时间是否在所述时段范围之内,和/或,判断当前位置是否在所述位置范围之内,和/或,判断所述接入网络是否包括所述当前接入的网络;Determining whether the current time is within the time range, and/or determining whether the current location is within the location range, and/or determining whether the access network includes the currently accessed network;
    在判断结果均为是的情况下,确定对所述密文消息进行自动解密。In the case where the determination result is yes, it is determined that the ciphertext message is automatically decrypted.
  8. 根据权利要求6所述的方法,其中,根据所述解密策略参数和所述环境参数,判断是否对密文消息进行自动解密包括:The method according to claim 6, wherein determining whether to automatically decrypt the ciphertext message according to the decryption policy parameter and the environment parameter comprises:
    根据所述解密策略参数和所述环境参数,判断当前所处的环境是否安全;Determining whether the current environment is safe according to the decryption policy parameter and the environment parameter;
    在判断结果为安全的情况下,确定对所述密文消息进行自动解密。In the case where the judgment result is safe, it is determined that the ciphertext message is automatically decrypted.
  9. 根据权利要求6所述的方法,其中,在判断是否对密文消息进行自动解密之前,所述方法还包括:The method according to claim 6, wherein before determining whether to automatically decrypt the ciphertext message, the method further comprises:
    判断当前消息是否为未解密的所述密文消息;Determining whether the current message is the ciphertext message that is not decrypted;
    在判断结果为是的情况下,继续根据所述解密策略参数和所述环境参数,判断是否对所述密文消息进行自动解密;If the determination result is yes, proceed to determine whether to automatically decrypt the ciphertext message according to the decryption policy parameter and the environment parameter;
    在判断结果为否的情况下,直接确定不对所述当前消息进行自动解密。If the result of the determination is negative, it is directly determined that the current message is not automatically decrypted.
  10. 根据权利要求6至9中任一项所述的方法,其中,在判断结果为不对所述密文消息进行自动解密,或者,确定对所述对密文消息进行自动解密但自动解密失败,或者,对所述密文消息的自动解密功能未开启的情况下,所述方法还包括:The method according to any one of claims 6 to 9, wherein the result of the judgment is that the ciphertext message is not automatically decrypted, or that the ciphertext message is automatically decrypted but the automatic decryption fails, or In the case that the automatic decryption function of the ciphertext message is not enabled, the method further includes:
    接收对所述密文消息进行手动解密的指令;Receiving an instruction to manually decrypt the ciphertext message;
    对所述密文消息进行解密。Decrypt the ciphertext message.
  11. 一种加密装置,包括:An encryption device comprising:
    第一获取模块,设置为获取加密策略参数,其中,所述加密策略参数包括以下至少之一:时段范围、位置范围、接入网络;The first obtaining module is configured to obtain an encryption policy parameter, where the encryption policy parameter includes at least one of the following: a time range, a location range, and an access network;
    第二获取模块,设置为获取当前的环境参数,其中,所述环境参数包括以下至少之一:当前时间、当前位置、当前接入的网络; The second obtaining module is configured to obtain the current environment parameter, where the environment parameter includes at least one of the following: a current time, a current location, and a currently accessed network;
    第一判断模块,设置为根据所述加密策略参数和所述环境参数,判断是否对明文消息进行自动加密;The first determining module is configured to determine, according to the encryption policy parameter and the environment parameter, whether to automatically encrypt the plaintext message;
    第一加密模块,设置为在所述第一判断模块的判断结果为是的情况下,自动加密所述明文消息。The first encryption module is configured to automatically encrypt the plaintext message if the determination result of the first determining module is yes.
  12. 根据权利要求11所述的装置,其中,所述第一判断模块包括:The apparatus of claim 11, wherein the first determining module comprises:
    第一判断单元,设置为判断所述当前时间是否在所述时段范围之内,和/或,判断所述当前位置是否在所述位置范围之内,和/或,判断所述接入网络是否包括所述当前接入的网络;a first determining unit, configured to determine whether the current time is within the time range, and/or determine whether the current location is within the location range, and/or determine whether the access network is Include the currently accessed network;
    第一确定单元,设置为在所述第一判断单元的判断结果均为是的情况下,确定对所述明文消息进行自动加密。The first determining unit is configured to determine to automatically encrypt the plaintext message if the determination result of the first determining unit is yes.
  13. 根据权利要求11所述的装置,其中,所述第一判断模块包括:The apparatus of claim 11, wherein the first determining module comprises:
    第二判断单元,设置为根据所述加密策略参数和所述环境参数,判断当前所处的环境是否需要提高安全性;a second determining unit, configured to determine, according to the encryption policy parameter and the environment parameter, whether the current environment needs to improve security;
    第二确定单元,设置为在所述第二判断单元的判断结果为需要提高安全性的情况下,确定对所述明文消息进行自动加密。The second determining unit is configured to determine to automatically encrypt the plaintext message if the result of the determination by the second determining unit is that security needs to be improved.
  14. 根据权利要求11至13中任一项所述的装置,其中,所述装置还包括:The device according to any one of claims 11 to 13, wherein the device further comprises:
    第二判断模块,设置为判断当前消息是否为未加密的所述明文消息;a second determining module, configured to determine whether the current message is an unencrypted plaintext message;
    第一确定模块,设置为在所述第二判断模块的判断结果为否的情况下,直接确定不对所述当前消息进行自动加密;The first determining module is configured to directly determine that the current message is not automatically encrypted if the determining result of the second determining module is negative;
    其中,所述第一判断模块,还设置为在所述第二判断模块的判断结果为是的情况下,继续根据所述加密策略参数和所述环境参数判断是否对所述明文消息进行自动加密。The first determining module is further configured to: when the determination result of the second determining module is yes, continue to determine whether to automatically encrypt the plaintext message according to the encryption policy parameter and the environment parameter. .
  15. 根据权利要求14所述的装置,其中,所述装置还包括:The apparatus of claim 14 wherein said apparatus further comprises:
    第一接收模块,设置为接收对所述当前消息进行手动加密的指令;a first receiving module, configured to receive an instruction for manually encrypting the current message;
    第二加密模块,设置为对所述当前消息进行加密。The second encryption module is configured to encrypt the current message.
  16. 一种解密装置,包括:A decryption device comprising:
    第三获取模块,设置为获取解密策略参数,其中,所述解密策略参数包括以下至少之一:时段范围、位置范围、接入网络;a third obtaining module, configured to obtain a decryption policy parameter, where the decryption policy parameter includes at least one of the following: a time range, a location range, and an access network;
    第四获取模块,设置为获取当前的环境参数,其中,所述环境参数包括以下至少之一:当前时间、当前位置、当前接入的网络;The fourth obtaining module is configured to obtain the current environment parameter, where the environment parameter includes at least one of the following: a current time, a current location, and a currently accessed network;
    第三判断模块,设置为根据所述解密策略参数和所述环境参数,判断是否对密文消 息进行自动解密;a third determining module, configured to determine, according to the decryption policy parameter and the environment parameter, whether to confiscate Automatic decryption;
    第一解密模块,设置为在所述第三判断模块的判断结果为是的情况下,自动解密所述密文消息。The first decryption module is configured to automatically decrypt the ciphertext message if the determination result of the third determining module is YES.
  17. 根据权利要求16所述的装置,其中,所述第三判断模块包括:The apparatus of claim 16, wherein the third determining module comprises:
    第三判断单元,设置为判断所述当前时间是否在所述时段范围之内,和/或,判断当前位置是否在所述位置范围之内,和/或,判断所述接入网络是否包括所述当前接入的网络;a third determining unit, configured to determine whether the current time is within the time range, and/or determine whether the current location is within the location range, and/or determine whether the access network includes The currently accessed network;
    第三确定单元,设置为在所述第三判断单元的判断结果均为是的情况下,确定对所述密文消息进行自动解密。The third determining unit is configured to determine to automatically decrypt the ciphertext message if the determination result of the third determining unit is yes.
  18. 根据权利要求16所述的装置,其中,所述第三判断模块包括:The apparatus of claim 16, wherein the third determining module comprises:
    第四判断单元,设置为根据所述解密策略参数和所述环境参数,判断当前所处的环境是否安全;a fourth determining unit, configured to determine, according to the decryption policy parameter and the environment parameter, whether the current environment is safe;
    第四确定单元,设置为在所述第四判断单元的判断结果为安全的情况下,确定对所述密文消息进行自动解密。The fourth determining unit is configured to determine to automatically decrypt the ciphertext message if the determination result of the fourth determining unit is safe.
  19. 根据权利要求16所述的装置,其中,所述装置还包括:The apparatus of claim 16 wherein said apparatus further comprises:
    第四判断模块,设置为判断当前消息是否为未解密的所述密文消息;a fourth determining module, configured to determine whether the current message is the ciphertext message that is not decrypted;
    第二确定模块,设置为在所述第四判断模块的判断结果为否的情况下,直接确定不对所述当前消息进行自动解密;a second determining module, configured to directly determine that the current message is not automatically decrypted if the determining result of the fourth determining module is negative;
    其中,所述第三判断模块,还设置为在所述第四判断模块的判断结果为是的情况下,继续根据所述解密策略参数和所述环境参数,判断是否对所述密文消息进行自动解密。The third determining module is further configured to: if the determination result of the fourth determining module is yes, continue to determine whether to perform the ciphertext message according to the decryption policy parameter and the environment parameter. Automatic decryption.
  20. 根据权利要求16至19中任一项所述的装置,其中,所述装置还包括:The device according to any one of claims 16 to 19, wherein the device further comprises:
    第二接收模块,设置为在所述第三判断模块的判断结果为不对所述密文消息进行自动解密,或者,确定对所述对密文消息进行自动解密但自动解密失败,或者,对所述密文消息的自动解密功能未开启的情况下,接收对所述密文消息进行手动解密的指令;The second receiving module is configured to: in the third determining module, the result of the determination is that the ciphertext message is not automatically decrypted, or that the ciphertext message is automatically decrypted but the automatic decryption fails, or When the automatic decryption function of the ciphertext message is not enabled, receiving an instruction for manually decrypting the ciphertext message;
    第二解密模块,设置为对所述密文消息进行解密。 The second decryption module is configured to decrypt the ciphertext message.
PCT/CN2015/093432 2015-04-16 2015-10-30 Encryption method, decryption method and device therefor WO2016165312A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510180531.8A CN106162625A (en) 2015-04-16 2015-04-16 Encryption method, decryption method and device thereof
CN201510180531.8 2015-04-16

Publications (1)

Publication Number Publication Date
WO2016165312A1 true WO2016165312A1 (en) 2016-10-20

Family

ID=57127104

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2015/093432 WO2016165312A1 (en) 2015-04-16 2015-10-30 Encryption method, decryption method and device therefor

Country Status (2)

Country Link
CN (1) CN106162625A (en)
WO (1) WO2016165312A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111552949A (en) * 2020-04-26 2020-08-18 黄应明 Internet of things equipment encryption method and device and electronic equipment

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106789950B (en) * 2016-11-30 2020-04-10 Oppo广东移动通信有限公司 Information protection method, device and terminal
TW202030671A (en) 2019-02-01 2020-08-16 和碩聯合科技股份有限公司 System and method for data analysis

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101488847A (en) * 2008-01-18 2009-07-22 华为技术有限公司 Method, apparatus and system for data ciphering
CN103561384A (en) * 2013-11-07 2014-02-05 中国科学院软件研究所 Data protection method based on geographical location information of mobile intelligent terminal
US20150012630A1 (en) * 2013-07-03 2015-01-08 International Business Machines Corporation Enforcing runtime policies in a networked computing environment

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPWO2005064484A1 (en) * 2003-12-25 2007-07-19 三菱電機株式会社 Digital content management system
CN101170409B (en) * 2006-10-24 2010-11-03 华为技术有限公司 Method, system, service device and certification server for realizing device access control
CN102402664B (en) * 2011-12-28 2014-12-10 用友软件股份有限公司 Data access control device and data access control method
CN103107887B (en) * 2013-01-22 2016-09-21 东莞宇龙通信科技有限公司 A kind of method and apparatus that based on positional information, file is carried out operation control
CN104023137A (en) * 2014-06-13 2014-09-03 深圳市中兴移动通信有限公司 Mobile terminal, and intelligent encryption method and device of mobile terminal
CN104113839A (en) * 2014-07-14 2014-10-22 蓝盾信息安全技术有限公司 Mobile data safety protection system and method based on SDN

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101488847A (en) * 2008-01-18 2009-07-22 华为技术有限公司 Method, apparatus and system for data ciphering
US20150012630A1 (en) * 2013-07-03 2015-01-08 International Business Machines Corporation Enforcing runtime policies in a networked computing environment
CN103561384A (en) * 2013-11-07 2014-02-05 中国科学院软件研究所 Data protection method based on geographical location information of mobile intelligent terminal

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111552949A (en) * 2020-04-26 2020-08-18 黄应明 Internet of things equipment encryption method and device and electronic equipment
CN111552949B (en) * 2020-04-26 2023-09-01 深圳市兴海物联科技有限公司 Encryption method and device for Internet of things equipment and electronic equipment

Also Published As

Publication number Publication date
CN106162625A (en) 2016-11-23

Similar Documents

Publication Publication Date Title
KR101894232B1 (en) Method and apparatus for cloud-assisted cryptography
US10038676B2 (en) Call encryption systems and methods
KR102330538B1 (en) Roaming content wipe actions across devices
US9742738B2 (en) Method and apparatus for enforcing storage encryption for data stored in a cloud
JP6814147B2 (en) Terminals, methods, non-volatile storage media
CN106612275B (en) User terminal and method for transmitting and receiving messages
EP3324572A1 (en) Information transmission method and mobile device
WO2016045464A1 (en) Decryption method and mobile terminal
KR20150069982A (en) Method and apparatus for secured communication and multimedia device adopting the same
CN106330858A (en) Method and apparatus for realizing data cloud storage
CN104270517A (en) Information encryption method and mobile terminal
US10791124B2 (en) Method and terminal device for encrypting message
CN105743917B (en) Message transmission method and terminal
CN108197485A (en) terminal data encryption method and system, terminal data decryption method and system
WO2020155812A1 (en) Data storage method and device, and apparatus
CN109347625A (en) Crypto-operation, method, cryptographic service platform and the equipment for creating working key
CN103458400A (en) Key management method for voice encryption communication system
CN104270353A (en) Information safety transmission method and system, receiving terminal and transmitting terminal
WO2017080356A1 (en) Secure input method, device and system
WO2016165312A1 (en) Encryption method, decryption method and device therefor
WO2015117437A1 (en) File encryption/decryption method and device
CN109547196B (en) Watch token system implementation method, watch token system and device
US20150156173A1 (en) Communication system utilizing fingerprint information and use thereof
WO2016146046A1 (en) Data access method and device
CN106453335B (en) Data transmission method and device

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15889008

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15889008

Country of ref document: EP

Kind code of ref document: A1