WO2016165312A1 - Procédé de chiffrement, procédé de déchiffrement et dispositif associé - Google Patents

Procédé de chiffrement, procédé de déchiffrement et dispositif associé Download PDF

Info

Publication number
WO2016165312A1
WO2016165312A1 PCT/CN2015/093432 CN2015093432W WO2016165312A1 WO 2016165312 A1 WO2016165312 A1 WO 2016165312A1 CN 2015093432 W CN2015093432 W CN 2015093432W WO 2016165312 A1 WO2016165312 A1 WO 2016165312A1
Authority
WO
WIPO (PCT)
Prior art keywords
message
current
decryption
automatically
determining
Prior art date
Application number
PCT/CN2015/093432
Other languages
English (en)
Chinese (zh)
Inventor
张冬明
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2016165312A1 publication Critical patent/WO2016165312A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • H04W12/033Protecting confidentiality, e.g. by encryption of the user plane, e.g. user's traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]

Definitions

  • the present invention relates to the field of communications, and in particular to an encryption method, a decryption method, and an apparatus therefor.
  • smartphone-based social software such as instant messaging software
  • smartphone-based social software has dramatically changed the way people communicate and communicate.
  • the important information data is encrypted (for example, compressed into an encrypted compressed package file, or an encrypted text file, etc.) may be manually encrypted and then transmitted; the other party receives the encrypted information data and then manually decrypts it. the way.
  • the method of encrypting the ordinary message sent and received by the instant communication software in this way will face the problem of frequent encryption and decryption operations when transmitting and receiving messages. Therefore, how to improve the ease of use of the message while ensuring security, or provide a certain degree of security while having good usability, and no guidance is given in the related art.
  • the present invention provides an encryption method, a decryption method, and an apparatus therefor.
  • an encryption method including: acquiring an encryption policy parameter, where the encryption policy parameter includes at least one of: a time range, a location range, an access network; and obtaining a current environment. a parameter, wherein the environment parameter includes at least one of: a current time, a current location, and a currently accessed network; determining, according to the encryption policy parameter and the environment parameter, whether to automatically encrypt the plaintext message; In the case of YES, the plaintext message is automatically encrypted.
  • determining whether to automatically encrypt the plaintext message according to the encryption policy parameter and the environment parameter includes: determining whether the current time is within the time range, and/or determining whether the current location is Within the location range, and/or determining whether the access network includes the currently accessed network; if the determination result is yes, determining to automatically encrypt the plaintext message.
  • determining whether to automatically encrypt the plaintext message according to the encryption policy parameter and the environment parameter includes: determining, according to the encryption policy parameter and the environment parameter, whether the current environment needs to improve security; When the result of the judgment is that the security needs to be improved, it is determined that the plaintext message is automatically encrypted.
  • the method before determining whether to automatically encrypt the plaintext message, the method further includes: determining whether the current message is an unencrypted plaintext message; if the determination result is yes, continuing to use the encryption policy parameter And said The environment parameter determines whether the plaintext message is automatically encrypted. If the judgment result is negative, it is directly determined that the current message is not automatically encrypted.
  • the method before determining whether the current message is the unencrypted plaintext message, the method further includes: receiving an instruction for manually encrypting the current message; and encrypting the current message.
  • a decryption method including: acquiring a decryption policy parameter, where the decryption policy parameter includes at least one of: a time range, a location range, an access network; The environment parameter, wherein the environment parameter comprises at least one of: a current time, a current location, and a currently accessed network; and determining, according to the decryption policy parameter and the environment parameter, whether to automatically decrypt the ciphertext message; In the case where the determination result is YES, the ciphertext message is automatically decrypted.
  • determining whether to automatically decrypt the ciphertext message according to the decryption policy parameter and the environment parameter includes: determining whether the current time is within the time range, and/or determining whether the current location is Within the location range, and/or determining whether the access network includes the currently accessed network; if the determination result is yes, determining to automatically decrypt the ciphertext message.
  • determining whether to automatically decrypt the ciphertext message according to the decryption policy parameter and the environment parameter includes: determining, according to the decryption policy parameter and the environment parameter, whether the current environment is safe; If the result is secure, it is determined that the ciphertext message is automatically decrypted.
  • the method before determining whether to automatically decrypt the ciphertext message, the method further includes: determining whether the current message is the ciphertext message that is not decrypted; and if the determination result is yes, continuing to perform the decryption according to the decryption
  • the policy parameter and the environment parameter determine whether to automatically decrypt the ciphertext message; if the judgment result is no, directly determine not to automatically decrypt the current message.
  • the result of the determination is that the ciphertext message is not automatically decrypted, or that the ciphertext message is automatically decrypted but the automatic decryption fails, or the automatic decryption function of the ciphertext message is not enabled.
  • the method further includes: receiving an instruction for manually decrypting the ciphertext message; and decrypting the ciphertext message.
  • an encryption apparatus including: a first obtaining module, configured to acquire an encryption policy parameter, where the encryption policy parameter includes at least one of: a time range, a location range
  • the first obtaining module is configured to obtain the current environment parameter, where the environment parameter includes at least one of the following: a current time, a current location, and a currently accessed network; and the first determining module is configured to be based on The encryption policy parameter and the environment parameter determine whether the plaintext message is automatically encrypted.
  • the first encryption module is configured to automatically encrypt the plaintext message if the determination result of the first determination module is yes.
  • the first determining module includes: a first determining unit, configured to determine whether the current time is within the time range, and/or determine whether the current location is within the location range And/or determining whether the access network includes the currently accessed network; the first determining unit is configured to determine, in the case that the determination result of the first determining unit is yes, determining the plaintext The message is automatically encrypted.
  • the first determining module includes: a second determining unit, configured to be according to the encryption policy parameter and the The environment parameter determines whether the current environment needs to improve security; and the second determining unit is configured to determine to automatically encrypt the plaintext message if the judgment result of the second determining unit is that the security needs to be improved.
  • the device further includes: a second determining module, configured to determine whether the current message is an unencrypted plaintext message; and the first determining module is configured to determine, in the second determining module, a negative result In the case that the current message is not automatically encrypted, the first determining module is further configured to continue according to the encryption policy parameter and if the judgment result of the second determining module is yes.
  • the environment parameter determines whether the plaintext message is automatically encrypted.
  • the device further includes: a first receiving module, configured to receive an instruction for manually encrypting the current message; and a second encryption module configured to encrypt the current message.
  • a decryption apparatus including: a third obtaining module, configured to acquire a decryption policy parameter, wherein the decryption policy parameter includes at least one of: a time range, a location range
  • the access module is configured to obtain the current environment parameter, where the environment parameter includes at least one of the following: a current time, a current location, and a currently accessed network; and a third determining module, configured to Decrypting the policy parameter and the environment parameter to determine whether to automatically decrypt the ciphertext message; the first decrypting module is configured to automatically decrypt the ciphertext if the judgment result of the third determining module is yes Message.
  • the third determining module includes: a third determining unit, configured to determine whether the current time is within the time range, and/or determine whether the current location is within the location range, and Or determining whether the access network includes the currently accessed network, and determining, by the third determining unit, that the ciphertext message is determined if the determination result of the third determining unit is yes. Perform automatic decryption.
  • the third determining module includes: a fourth determining unit, configured to determine, according to the decryption policy parameter and the environment parameter, whether the current environment is safe; the fourth determining unit is configured to be in the When the determination result of the fourth determining unit is safe, it is determined that the ciphertext message is automatically decrypted.
  • the device further includes: a fourth determining module, configured to determine whether the current message is the ciphertext message that is not decrypted; and the second determining module is configured to determine whether the determining result in the fourth determining module is If it is determined that the current message is not automatically decrypted, the third determining module is further configured to continue according to the decryption policy parameter if the determination result of the fourth determining module is yes And determining, by the environment parameter, whether the ciphertext message is automatically decrypted.
  • a fourth determining module configured to determine whether the current message is the ciphertext message that is not decrypted
  • the second determining module is configured to determine whether the determining result in the fourth determining module is If it is determined that the current message is not automatically decrypted
  • the third determining module is further configured to continue according to the decryption policy parameter if the determination result of the fourth determining module is yes And determining, by the environment parameter, whether the ciphertext message is automatically decrypted.
  • the device further includes: a second receiving module, configured to: when the third determining module determines that the ciphertext message is not automatically decrypted, or that the ciphertext message is automatically Decryption but automatic decryption fails, or, if the automatic decryption function of the ciphertext message is not enabled, receiving an instruction to manually decrypt the ciphertext message; the second decryption module is set to the ciphertext message Decrypt.
  • a second receiving module configured to: when the third determining module determines that the ciphertext message is not automatically decrypted, or that the ciphertext message is automatically Decryption but automatic decryption fails, or, if the automatic decryption function of the ciphertext message is not enabled, receiving an instruction to manually decrypt the ciphertext message; the second decryption module is set to the ciphertext message Decrypt.
  • the encryption policy parameter is used, where the encryption policy parameter includes at least one of the following: a time range, a location range, and an access network; and the current environment parameter is obtained, where the environment parameter includes at least one of the following: Time, current location, current access network; judge whether to clear the text according to the encryption policy parameters and environmental parameters
  • the information is automatically encrypted; when the judgment result is yes, the manner of automatically encrypting the plaintext message solves the problem that the encryption or decryption method in the related art is not easy to use, and the usability of encryption or decryption is improved.
  • FIG. 1 is a flow chart of an encryption method in accordance with an embodiment of the present invention.
  • FIG. 2 is a flow chart of a decryption method in accordance with an embodiment of the present invention.
  • FIG. 3 is a schematic structural diagram of an encryption apparatus according to an embodiment of the present invention.
  • FIG. 4 is a schematic structural diagram 1 of an optional structure of an encryption device according to an embodiment of the present invention.
  • FIG. 5 is a second schematic diagram of an optional structure of an encryption device according to an embodiment of the present invention.
  • FIG. 6 is a schematic structural diagram of a decryption apparatus according to an embodiment of the present invention.
  • FIG. 7 is a first schematic structural diagram 1 of a decryption apparatus according to an embodiment of the present invention.
  • FIG. 8 is a second schematic diagram of an optional structure of a decryption apparatus according to an embodiment of the present invention.
  • FIG. 9 is a flow chart of an encryption method in accordance with an alternative embodiment of the present invention.
  • FIG. 10 is a flow chart of a decryption method in accordance with an alternate embodiment of the present invention.
  • FIG. 1 is a flowchart of an encryption method according to an embodiment of the present invention. As shown in FIG. 1, the process includes the following steps:
  • Step S102 Acquire an encryption policy parameter, where the encryption policy parameter includes, but is not limited to, at least one of the following: a time range, a location range, and an access network;
  • step S104 the current environment parameter is obtained, where the environment parameter includes, but is not limited to, at least one of the following: a current time, a current location, and a currently accessed network;
  • Step S106 Determine, according to the encryption policy parameter and the environment parameter, whether to automatically encrypt the plaintext message.
  • step S108 if the result of the determination is yes, the plaintext message is automatically encrypted.
  • the present invention solves the problem that the encryption or decryption method in the related art is not easy to use, and improves the usability of encryption or decryption.
  • the foregoing solution provided by the embodiment of the present invention may be applied to a terminal or an instant messaging software of the terminal; the foregoing plaintext message may be stored in the terminal with a specific feature (for example, located in a specific storage directory).
  • the file can also be an instant message to be sent in the instant messaging software.
  • the ciphertext message may also be a file stored in the terminal with a specific feature, or may be an instant message received in the instant messaging software.
  • the above steps may further include:
  • step S109 the encrypted plaintext message is sent.
  • step S106 when determining whether to perform encryption for the current time, the current location, and the currently accessed network, the following determining logic may be adopted: determining whether the current time is within the time range, and/or determining the current location. Whether it is within the location range, and/or, determining whether the access network includes the currently accessed network; and if the result of the above determination is yes, determining to automatically encrypt the plaintext message.
  • the current time, the current location, and one or more of the currently accessed networks may be selected for the determination.
  • the method is not limited to determining whether to perform the determination.
  • the feature of encryption and decryption for example, for a terminal that is logged in by a multi-user, it is also possible to determine whether the plaintext message needs to be encrypted by the currently logged-in user (for example, user authority).
  • the “time period range” in the encryption policy parameter may be used to indicate the time period that needs to be encrypted, but in some other examples, “time range” Can also be used to indicate the time period when encryption is not required.
  • the following determining logic may be adopted in step S106 in some embodiments: determining whether the current environment needs to be improved according to the encryption policy parameter and the environmental parameter. Sexuality; in the case where the judgment result is that security needs to be improved, it is determined that the plaintext message is automatically encrypted. That is, regardless of how the meaning of the parameters in the encryption policy parameters change, as long as the encryption policy parameters and If the current environment parameter determines whether the environment in which the current terminal is located needs to improve security, it can further determine whether encryption is needed automatically.
  • the plaintext message may have been manually encrypted, in which case it may not be necessary to continue encrypting the ciphertext message; at the same time, multiple encryption will also make the decryption more complicated. Therefore, in the embodiment of the present invention, before encrypting the plaintext message, the method may further: determine whether the current message is an unencrypted plaintext message; if the judgment result is yes, continue to determine according to the encryption policy parameter and the environment parameter. Whether to automatically encrypt the plaintext message; if the judgment result is no, directly determine not to automatically encrypt the current message. Further, in the case of encrypting the instant message, if it is determined that the current message is not automatically encrypted, the current message is directly sent.
  • a manner of manual encryption is also provided in the embodiment of the present invention.
  • the current message may also receive an instruction to manually encrypt the current message; and encrypt the current message according to the instruction of the instruction.
  • a control can be provided in the chat box of the instant messaging software to receive the user's manual encryption indication.
  • the current message may be directly encrypted regardless of whether the current automatic encryption function is enabled or whether the determination result in step S106 is to determine encryption.
  • the content of the configuration parameters such as the encryption and decryption algorithm (for example, symmetric encryption and decryption algorithm, asymmetric encryption and decryption algorithm), encryption and decryption key, etc. are not involved, and therefore These parts are no longer described.
  • the encryption and decryption algorithm for example, symmetric encryption and decryption algorithm, asymmetric encryption and decryption algorithm
  • encryption and decryption key etc.
  • the encryption and decryption algorithm used in the embodiment of the present invention includes, but is not limited to, an encryption and decryption algorithm existing in the prior art.
  • an embodiment of the present invention further provides a decryption method.
  • 2 is a flowchart of a decryption method according to an embodiment of the present invention. As shown in FIG. 2, the process includes the following steps:
  • Step S202 obtaining a decryption policy parameter, where the decryption policy parameter includes but is not limited to at least one of the following: a time range, a location range, and an access network;
  • step S204 the current environment parameter is obtained, where the environment parameter includes but is not limited to at least one of the following: a current time, a current location, and a currently accessed network;
  • Step S206 Determine, according to the decryption policy parameter and the environment parameter, whether to automatically decrypt the ciphertext message;
  • step S208 if the result of the determination is YES, the ciphertext message is automatically decrypted.
  • the decryption policy parameter and the encryption policy parameter may be the same parameter or different parameters.
  • the decryption policy parameter and the encryption policy parameter may be separately set according to actual conditions.
  • the method may further include:
  • Step S201 receiving a ciphertext message.
  • step S206 it may be determined whether the current time is within the time range, and/or, determining whether the current location is within the location range, and/or determining whether the access network includes The currently accessed network; if the judgment result is yes, it is determined that the ciphertext message is automatically decrypted.
  • step S206 it may be further determined whether the current environment is safe according to the decryption policy parameter and the environment parameter; and if the determination result is safe, determining to automatically decrypt the ciphertext message. That is, regardless of how the meaning of the parameter in the decryption policy parameter changes, as long as the environment in which the current terminal is located can be determined by the decryption policy parameter and the current environment parameter, it is possible to further automatically determine whether decryption is required.
  • the ciphertext message is generally decrypted.
  • the method may further include: determining whether the current message is an undecrypted ciphertext message; In the case of YES, it is determined whether to automatically decrypt the ciphertext message according to the decryption policy parameter and the environment parameter; if the judgment result is no, it is directly determined that the current message is not automatically decrypted.
  • the method may also be The method includes: receiving an instruction for manually decrypting a ciphertext message; and decrypting the ciphertext message. In this way, manual decryption can be achieved, thereby further improving the flexibility of decrypting ciphertext messages. Similarly, in the case of manual decryption, it can also be triggered by the way the control receives the user's decryption command.
  • an encryption device is also provided, which is used to implement the foregoing embodiment of the encryption method and optional embodiments.
  • the descriptions of the modules involved in the device are described below.
  • the term "module” may implement a combination of software and/or hardware of a predetermined function.
  • the apparatus described in the following embodiments is preferably implemented in software, hardware, or a combination of software and hardware, is also possible and contemplated.
  • FIG. 3 is a schematic structural diagram of an encryption apparatus according to an embodiment of the present invention.
  • the apparatus includes: a first acquisition module 32, a second acquisition module 34, a first determination module 36, and a first encryption module 38, wherein
  • the first obtaining module 32 is configured to obtain an encryption policy parameter, where the encryption policy parameter includes at least one of the following: a time range, a location range, and an access network; and the second obtaining module 34 is configured to obtain the current environmental parameter, where The environment parameter includes at least one of the following: a current time, a current location, and a currently accessed network;
  • the first determining module 36 is coupled to the first obtaining module 32 and the second obtaining module 34, respectively, and is configured to be based on the encryption policy parameter and the environment.
  • the parameter determines whether the plaintext message is automatically encrypted.
  • the first encryption module 38 is coupled to the first determining module 36, and is configured to automatically encrypt the plaintext message if the determination result of the first determining module is yes.
  • the first determining module 36 includes: a first determining unit 362, configured to determine whether the current time is within a time range, and/or determine whether the current location is within the location range, and/or determine access Whether the network includes the currently accessed network; the first determining unit 364 is coupled to the first determining unit 362, and is configured to determine that the plaintext message is automatically encrypted if the determination result of the first determining unit 362 is yes.
  • the first determining module 36 includes: a second determining unit 366, configured to determine, according to the encryption policy parameter and the environment parameter, whether the current environment needs to improve security; the second determining unit 368 is coupled to the second determining The unit 366 is configured to determine that the plaintext message is self-determined if the determination result of the second determining unit 366 is that the security needs to be improved. Dynamic encryption.
  • FIG. 4 is a schematic diagram of an optional structure of an encryption device according to an embodiment of the present invention.
  • the device further includes: a second determining module 42 configured to determine whether the current message is an unencrypted plaintext message.
  • the first determining module 44 is coupled to the second determining module 42 and configured to directly determine that the current message is not automatically encrypted if the determining result of the second determining module 42 is negative; wherein the first determining module 36 further
  • the second judging module 42 is further configured to determine whether the plaintext message is automatically encrypted according to the encryption policy parameter and the environment parameter if the judgment result of the second judging module 42 is YES.
  • FIG. 5 is a second schematic diagram of an optional structure of an encryption apparatus according to an embodiment of the present invention.
  • the apparatus further includes: a first receiving module 52 configured to receive an instruction for manually encrypting a current message;
  • the second encryption module 54 coupled to the first receiving module 52 and the second determining module 42, is configured to encrypt the current message.
  • first determining module 36 and the second determining module 42 may be combined; the first encryption module 38 and the second encryption module 54 may be combined.
  • a decryption device configured to implement the above-described decryption method and an optional implementation manner.
  • the descriptions of the modules involved in the device will be described below.
  • FIG. 6 is a schematic structural diagram of a decryption apparatus according to an embodiment of the present invention.
  • the apparatus includes: a third acquisition module 62, a fourth acquisition module 64, a third determination module 66, and a first decryption module 68, wherein
  • the third obtaining module 62 is configured to obtain a decryption policy parameter, where the decryption policy parameter includes at least one of the following: a time range, a location range, and an access network; and the fourth obtaining module 64 is configured to obtain the current environmental parameter, where The environment parameter includes at least one of the following: the current time, the current location, and the currently accessed network;
  • the third determining module 66 is coupled to the third obtaining module 62 and the fourth obtaining module 64, respectively, and is configured to be based on the decryption policy parameter and the environment.
  • the parameter determines whether the ciphertext message is automatically decrypted.
  • the first decryption module 68 is coupled to the third determining module 66, and is configured to automatically decrypt the ciphertext message if the determination result of the third determining module 66 is YES.
  • the third determining module 66 includes: a third determining unit 662, configured to determine whether the current time is within a time range, and/or determine whether the current location is within the location range, and/or determine access Whether the network includes the currently accessed network; the third determining unit 664 is coupled to the third determining unit 662, and is configured to determine that the ciphertext message is automatically decrypted if the determination result of the third determining unit 662 is yes.
  • the third determining module 66 includes: a fourth determining unit 666, configured to determine, according to the decryption policy parameter and the environment parameter, whether the current environment is safe; the fourth determining unit 668 is coupled to the fourth determining unit 666, It is set to determine that the ciphertext message is automatically decrypted in a case where the determination result of the fourth judging unit 666 is safe.
  • FIG. 7 is a schematic diagram of an optional structure of a decryption apparatus according to an embodiment of the present invention.
  • the apparatus further includes: a fourth determining module 72, configured to determine whether the current message is an undecrypted ciphertext.
  • the second determining module 74 is coupled to the fourth determining module 72, and is configured to directly determine that the current message is not automatically decrypted if the determining result of the fourth determining module 72 is negative; wherein the third determining module 66, It is further coupled to the fourth determining module 72, and is further configured to continue to determine whether the password is confidential according to the decryption policy parameter and the environmental parameter if the determination result of the fourth determining module 72 is YES. Automatic decryption of text messages;
  • FIG. 8 is a second schematic diagram of an optional structure of a decryption apparatus according to an embodiment of the present invention.
  • the apparatus further includes: a second receiving module 82 configured to determine that the result of the third determining module is incorrect.
  • the ciphertext message is automatically decrypted, or it is determined that the ciphertext message is automatically decrypted but the automatic decryption fails, or the automatic decryption function of the ciphertext message is not turned on, and the instruction for manually decrypting the ciphertext message is received;
  • the two decryption module 84 coupled to the second receiving module 82 and the fourth determining module 72, is configured to decrypt the ciphertext message.
  • the third determining module 66 and the fourth determining module 72 may be combined; the first decrypting module 68 and the second decrypting module 84 may be combined.
  • each functional unit in each embodiment of the present invention may be integrated into one processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit.
  • the above integrated unit can be implemented in the form of hardware or in the form of a software functional unit.
  • the encryption and decryption of the instant information is taken as an example to provide an automatic encryption and decryption method for the instant information.
  • the purpose of the optional embodiment of the present invention is to perform encryption and decryption control on an instant message in an instant messaging process, including but not limited to one or more of parameters such as location, network hotspot, time, etc., to perform automatic encryption and decryption strategy calculation. Automatically encrypt and decrypt messages sent and received in a specific location and in a specific time period.
  • the specific location and the specific time period itself have a high security credibility difference, it means a certain security feature information, and the automatic encryption and decryption process means that the encryption and decryption link is transparent to the user, so that The user's sending and receiving encryption and decryption messages in a specific location and a specific time period will have a better user experience with certain security guarantees.
  • FIG. 9 is a flowchart of an encryption method according to an alternative embodiment of the present invention. As shown in FIG. 9, the method includes the following steps:
  • Step S902 initializing the parameter configuration.
  • the encryption key, the automatic encryption function switch, and the relevant parameters of the automatic encryption policy are mainly configured; wherein the parameters of the automatic encryption policy (corresponding to the above encryption policy parameters) include an automatically encrypted location range, a network hotspot, and a time range. Parameters such as parameters that determine whether automatic encryption is performed when a message is sent.
  • the location range is determined by using the basic functions of the mobile terminal such as map and location positioning to calibrate the automatically encrypted position reference reference point
  • the position range is determined by the effective radius on the basis of the reference point, and the position range may be the area within the effective radius. It can also be an area outside the radius, or it can be a union or intersection of multiple areas.
  • the network hotspot is mainly to set the credibility of the common WIFI network.
  • the location range and the network hotspot can be used together to indicate the location security determination, or can be used independently to determine the security location.
  • the time range is used to indicate the time period that requires automatic encryption.
  • Step S904 monitoring the input state and manual encryption, and real-time monitoring the input state of the input frame of the instant communication software interface
  • step S906 it is determined whether manual encryption is performed.
  • a manually encrypted interactive control is provided during the input process (example) For example, a floating button for triggering manual encryption).
  • step S908 is performed, otherwise proceeds to step S910;
  • Step S908 the original text of the input box is directly encrypted into a ciphertext according to the encryption key configured in step S902, and the original text in the input box is replaced with the encrypted ciphertext;
  • Step S910 triggering a message sending process
  • Step S912 when the message is triggered to send, first determine whether the input content in the text box is the ciphertext manually encrypted in step S908, and if so, proceeds to step S922 to directly send the message in the input box; otherwise, proceeds to step S914;
  • Step S914 it is determined whether the automatic encryption function is turned on; if automatic encryption is turned on, the process proceeds to step S916, otherwise step S922 is performed;
  • Step S916 automatic encryption strategy calculation
  • Step S918 automatically determining, according to the result of the automatic encryption policy calculation, whether the message in the input box needs to be encrypted
  • the automatic encryption policy calculation module obtains the current location, the connected WIFI hotspot, and the current time information in real time, and compares the parameters with the location range, the network hotspot, the time range, and the like set in step S902. If the condition is met, go to step S920, otherwise, go to step S922;
  • Step S920 automatically encrypting the content of the input box according to the encryption key set in step S902 into a ciphertext under the condition that the automatic encryption is satisfied;
  • step S922 the ciphertext is sent out.
  • FIG. 10 is a flowchart of a decryption method according to an alternative embodiment of the present invention. As shown in FIG. 10, the method includes the following steps:
  • Step S1002 initializing parameter configuration
  • the decryption key, the automatic decryption function switch, and the relevant parameters of the automatic decryption policy are configured.
  • the parameters of the automatic decryption policy include parameters such as a location range of automatic decryption, a network hotspot, a time range, and the like, and these parameters are used to determine whether to perform automatic decryption when sending a message.
  • the location range is determined by using the basic functions of the mobile terminal, such as map and location positioning, to calibrate the position reference point of the automatic decryption
  • the position range is determined by the effective radius on the basis of the reference point, and the position range may be the area within the effective radius.
  • the network hotspot is mainly to set the credibility of the common WIFI network.
  • the location range and the network hotspot can be used together to indicate the location security determination, or can be used independently to determine the security location.
  • the time range is used to indicate the time period that requires automatic decryption.
  • Step S1004 monitoring the received message
  • Step S1006 it is determined whether the received message is a ciphertext, if not a ciphertext, step S1008 is performed; otherwise, step S1010 is performed;
  • Step S1008 directly displaying the received original plaintext message
  • Step S1010 if it is cipher text, determine whether the automatic decryption function is enabled, if not, step S1022, directly display the original ciphertext message; otherwise, step S1012;
  • Step S101 automatic decryption strategy calculation
  • step S1014 according to the calculation result of the decryption strategy, it is automatically determined whether the received message needs to be automatically decrypted.
  • the automatic decryption policy calculation module obtains the current location, the connected WIFI hotspot, and the current time information in real time, and compares it with the location range, network hotspot, time range, and other parameters set in step S1002, when the setting is met. If the condition is met, go to step S1016; otherwise, execute step S1022 to directly display the original ciphertext message;
  • Step S1016 automatically, after receiving the automatic decryption condition, automatically decrypt the received message according to the decryption key set in step S1002;
  • Step S1018 it is determined whether the decryption is successful, if the decryption is successful, step S1020 is performed; otherwise, step S1022 is performed;
  • Step S1020 displaying the decrypted plaintext
  • Step S1022 directly displaying the original ciphertext message
  • Step S1024 determining whether to perform manual decryption
  • the interface displays the interactive control for manual decryption (for example, a floating button for triggering manual decryption); if manual decryption is performed, step S1026 is performed; otherwise, the process returns to step S1020 and the flow is ended.
  • manual decryption for example, a floating button for triggering manual decryption
  • Step S1026 when the manual decryption control is triggered, the manual decryption interface is popped up, and the decryption key can be input;
  • step S1030 it is determined whether the decryption is successful. If the decryption is successful, step S1020 is executed to display the decrypted plaintext; if the decryption fails, step S1022 is performed, the original ciphertext message is still displayed, and the prompt information of the decryption failure is given.
  • the encryption and decryption methods described in the optional embodiments of the present invention may be used in combination, that is, in automatic encryption, and also in automatic decryption, or may be implemented independently, using only automatic encryption or automatic decryption.
  • a scheme of automatically encrypting and decrypting while integrating manual encryption and decryption is provided; in an actual application, automatic encryption and decryption may be used according to actual needs, only the manual encryption and decryption method is used, or only automatic encryption and decryption is used. Instead of using manual encryption and decryption methods.
  • the three parameters of position, WIFI hotspot and time period can take only some parameters, or can be used in combination with three parameters, and even select other directions such as orientation.
  • the type of parameter If all parameters are not distinguished, the automatic encryption and decryption method is degraded to automatically encrypt or automatically decrypt the message in all cases, so that the message itself is still secure during transmission, but there is some ease of use on the receiving and receiving side of the terminal. Security loss.
  • the automatic encryption and decryption provided by the embodiments of the present invention is transparent to the user, and has good security.
  • the encrypted content itself is encrypted, and the encrypted ciphertext can be directly sent or saved through the existing transmission channel or the existing communication client, and has the advantages of wide adaptability and low cost;
  • the content is encrypted, and the user can directly see the encrypted ciphertext effect.
  • the security effect is visually visible and has a good security experience.
  • the solution provided by the embodiment of the present invention is simple and easy to use, and the user is very convenient to learn and use.
  • a storage medium is further provided, wherein the software includes the above-mentioned software, including but not limited to: an optical disk, a floppy disk, a hard disk, an erasable memory, and the like.
  • the embodiment of the present invention solves the problem that the encryption or decryption method in the related art is not easy to use, and improves the usability of encryption or decryption.
  • modules or steps of the present invention described above can be implemented by a general-purpose computing device that can be centralized on a single computing device or distributed across a network of multiple computing devices. Alternatively, they may be implemented by program code executable by the computing device such that they may be stored in the storage device by the computing device and, in some cases, may be different from the order herein.
  • the steps shown or described are performed, or they are separately fabricated into individual integrated circuit modules, or a plurality of modules or steps thereof are fabricated as a single integrated circuit module.
  • the invention is not limited to any specific combination of hardware and software.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

La présente invention concerne un procédé de chiffrement, un procédé de déchiffrement et un dispositif associé. Le procédé de chiffrement comprend les étapes consistant : à acquérir des paramètres de politique de chiffrement, les paramètres de politique de chiffrement comprenant au moins l'un parmi les éléments suivants : une plage de périodes temporelles, une plage de positions et un réseau d'accès ; à acquérir des paramètres environnementaux actuels, les paramètres environnementaux comprenant au moins l'un parmi les éléments suivants : un temps actuel, une position actuelle et un réseau d'accès actuel ; à déterminer, selon les paramètres de politique de chiffrement et les paramètres environnementaux, s'il faut chiffrer automatiquement un message simple ; et si tel est le cas, à chiffrer automatiquement le message simple. La présente invention résout le problème d'une faible convivialité d'un type de chiffrement ou de déchiffrement dans l'état de la technique associé, améliorant ainsi la convivialité de chiffrement ou de déchiffrement.
PCT/CN2015/093432 2015-04-16 2015-10-30 Procédé de chiffrement, procédé de déchiffrement et dispositif associé WO2016165312A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510180531.8 2015-04-16
CN201510180531.8A CN106162625A (zh) 2015-04-16 2015-04-16 加密方法、解密方法及其装置

Publications (1)

Publication Number Publication Date
WO2016165312A1 true WO2016165312A1 (fr) 2016-10-20

Family

ID=57127104

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2015/093432 WO2016165312A1 (fr) 2015-04-16 2015-10-30 Procédé de chiffrement, procédé de déchiffrement et dispositif associé

Country Status (2)

Country Link
CN (1) CN106162625A (fr)
WO (1) WO2016165312A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111552949A (zh) * 2020-04-26 2020-08-18 黄应明 一种物联网设备加密方法、装置及电子设备

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106789950B (zh) * 2016-11-30 2020-04-10 Oppo广东移动通信有限公司 信息保护方法、装置及终端
TW202030671A (zh) 2019-02-01 2020-08-16 和碩聯合科技股份有限公司 資料分析系統與資料分析方法

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101488847A (zh) * 2008-01-18 2009-07-22 华为技术有限公司 一种数据加密的方法、装置和系统
CN103561384A (zh) * 2013-11-07 2014-02-05 中国科学院软件研究所 一种基于移动智能终端地理位置信息的数据保护方法
US20150012630A1 (en) * 2013-07-03 2015-01-08 International Business Machines Corporation Enforcing runtime policies in a networked computing environment

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070168294A1 (en) * 2003-12-25 2007-07-19 Mitsubishi Electric Corporation Digital content use right management system
CN101170409B (zh) * 2006-10-24 2010-11-03 华为技术有限公司 实现设备访问控制的方法、系统、业务设备和认证服务器
CN102402664B (zh) * 2011-12-28 2014-12-10 用友软件股份有限公司 数据访问控制装置和数据访问控制方法
CN103107887B (zh) * 2013-01-22 2016-09-21 东莞宇龙通信科技有限公司 一种基于位置信息对文件进行操作控制的方法和装置
CN104023137A (zh) * 2014-06-13 2014-09-03 深圳市中兴移动通信有限公司 一种移动终端及其智能加密的方法和装置
CN104113839A (zh) * 2014-07-14 2014-10-22 蓝盾信息安全技术有限公司 基于sdn的移动数据安全保护系统及方法

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101488847A (zh) * 2008-01-18 2009-07-22 华为技术有限公司 一种数据加密的方法、装置和系统
US20150012630A1 (en) * 2013-07-03 2015-01-08 International Business Machines Corporation Enforcing runtime policies in a networked computing environment
CN103561384A (zh) * 2013-11-07 2014-02-05 中国科学院软件研究所 一种基于移动智能终端地理位置信息的数据保护方法

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111552949A (zh) * 2020-04-26 2020-08-18 黄应明 一种物联网设备加密方法、装置及电子设备
CN111552949B (zh) * 2020-04-26 2023-09-01 深圳市兴海物联科技有限公司 一种物联网设备加密方法、装置及电子设备

Also Published As

Publication number Publication date
CN106162625A (zh) 2016-11-23

Similar Documents

Publication Publication Date Title
KR101894232B1 (ko) 클라우드-보조 암호화를 위한 방법 및 장치
US10038676B2 (en) Call encryption systems and methods
US9742738B2 (en) Method and apparatus for enforcing storage encryption for data stored in a cloud
CN106612275B (zh) 用于传送和接收消息的用户终端和方法
EP3324572A1 (fr) Procédé de transmission d'informations et dispositif mobile
WO2016045464A1 (fr) Procédé de déchiffrement et terminal mobile
KR20150069982A (ko) 보안 통신방법 및 장치와 이를 채용하는 멀티미디어 기기
CN106330858A (zh) 实现数据云端存储的方法和装置
CN104270517A (zh) 信息加密方法和移动终端
JP2018502524A (ja) 情報に対する暗号化制御、情報解析の方法、システム及び端末
US10791124B2 (en) Method and terminal device for encrypting message
CN108197485A (zh) 终端数据加密方法和系统、终端数据解密方法和系统
CN105743917B (zh) 消息传输方法及终端
WO2020155812A1 (fr) Procédé et dispositif de stockage de données, et appareil
CN109347625A (zh) 密码运算、创建工作密钥的方法、密码服务平台及设备
CN103458400A (zh) 一种语音加密通信系统中的密钥管理方法
CN104270353A (zh) 一种信息安全传递方法及系统、接收终端、发送终端
WO2017080356A1 (fr) Procédé, dispositif et système de saisie sécurisée
WO2016165312A1 (fr) Procédé de chiffrement, procédé de déchiffrement et dispositif associé
WO2015117437A1 (fr) Procédé et dispositif de cryptage/décryptage de fichier
CN109547196B (zh) 一种手表令牌系统的实现方法及手表令牌系统和装置
WO2016146046A1 (fr) Procédé et dispositif d'accès à des données
US20150156173A1 (en) Communication system utilizing fingerprint information and use thereof
CN106453335B (zh) 一种数据传输方法及装置
CN104243291A (zh) 一种可保障用户通讯内容安全的即时通讯方法及其系统

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15889008

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15889008

Country of ref document: EP

Kind code of ref document: A1