WO2017107642A1 - Text processing method, apparatus and system for secure input method - Google Patents

Text processing method, apparatus and system for secure input method Download PDF

Info

Publication number
WO2017107642A1
WO2017107642A1 PCT/CN2016/103054 CN2016103054W WO2017107642A1 WO 2017107642 A1 WO2017107642 A1 WO 2017107642A1 CN 2016103054 W CN2016103054 W CN 2016103054W WO 2017107642 A1 WO2017107642 A1 WO 2017107642A1
Authority
WO
WIPO (PCT)
Prior art keywords
ciphertext
security
security domain
symmetric key
text processing
Prior art date
Application number
PCT/CN2016/103054
Other languages
French (fr)
Chinese (zh)
Inventor
杨贤伟
Original Assignee
国民技术股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 国民技术股份有限公司 filed Critical 国民技术股份有限公司
Publication of WO2017107642A1 publication Critical patent/WO2017107642A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/38Encryption being effected by mechanical apparatus, e.g. rotating cams, switches, keytape punchers

Definitions

  • the present invention relates to the field of information security technologies, and in particular, to a text processing method, apparatus, and system for a secure input method.
  • some communication software such as WeChat
  • encrypts and transmits its own communication information but this method is only applicable to the transmission of information between these specific communication software.
  • the encryption and decryption capability is limited to the application, such as the WeChat client.
  • WeChat client For the WeChat client, there is no guarantee that the information transmission through other application software in the smart device, such as the SMS application in the Android system, has no encryption function.
  • the communication information of the user is visible to the communication software operator. Once the communication software operator is negligent in management, it is entirely possible for the internal employee to obtain the communication information of the user in an illegal manner. And this method is implemented by communication software in software encryption and decryption, and it is easy to be overcome by malware.
  • the present invention is intended to provide a text processing method, apparatus and system for a secure input method, which can simplify key management and ensure key storage and transmission under the premise of ensuring text encryption and decryption security of the input method and user convenience. Security.
  • the embodiment of the invention provides a text processing method for a secure input method, the method comprising:
  • the encrypted ciphertext is output together with the security domain identifier.
  • the encrypting the plaintext input by the user by using the symmetric key includes:
  • the outputting the encrypted ciphertext together with the security domain identifier comprises:
  • the encrypted ciphertext, the security domain identifier, and the initial vector corresponding to the ciphertext are output together.
  • the method further includes:
  • the ciphertext is decrypted by using the second symmetric key, and the decrypted plaintext is obtained and output;
  • the ciphertext is sent to the security management platform, and the ciphertext is decrypted by the security management platform, and then the second security domain is used.
  • the second symmetric key is encrypted, and the security management platform returns the ciphertext corresponding to the second security domain identifier, and then decrypts the ciphertext returned by the security management platform by using the second symmetric key to obtain decryption. After the plain text and output.
  • the method when there is an initial vector corresponding to the ciphertext, the method further includes:
  • the initial vector is used to participate in the decryption operation.
  • the requesting and acquiring the symmetric key corresponding to the security domain includes:
  • the method further includes:
  • the embodiment of the invention further provides a text processing device for a secure input method, the device comprising: a security domain registration module, a symmetric key acquisition module, a plaintext encryption module, and a ciphertext output module;
  • a security domain registration module configured to register a security domain, and obtain the security domain identifier
  • a symmetric key acquisition module configured to apply for and obtain a symmetric key corresponding to the security domain
  • a plaintext encryption module configured to encrypt the plaintext input by the user by using the symmetric key
  • the ciphertext output module is configured to output the encrypted ciphertext together with the security domain identifier.
  • the device further includes:
  • a ciphertext obtaining module configured to obtain the ciphertext and the first security domain identifier corresponding to the ciphertext
  • a same-domain decryption module configured to decrypt the ciphertext by using the second symmetric key to obtain the decrypted plaintext and output the same when the first security domain identifier is the same as the local second security domain identifier;
  • the foreign domain decryption module is configured to: send the ciphertext to the security management platform when the first security domain identifier is different from the second security domain identifier, and use the security management platform to decrypt the ciphertext and then use the
  • the second symmetric key is encrypted, and the security management platform returns the ciphertext corresponding to the second security domain identifier, and then decrypts the ciphertext returned by the security management platform by using the second symmetric key to obtain decryption. After the plain text and output.
  • the device further includes:
  • the security hardware is configured to register a security domain by using an asymmetric cryptographic algorithm, and obtain a symmetric key corresponding to the security domain.
  • the security hardware is composed of a smart card, a sound card/Key, a Bluetooth card/Key, and an embedded Secured by a security element or smart wearable device.
  • An embodiment of the present invention provides a text processing system for a secure input method, where the system includes: a text processing device and a security management platform of any of the above security input methods;
  • the security management platform is configured to create and manage a security domain, assign a security domain to the text processing device of the secure input method, and send the security domain identifier and the corresponding symmetric key to the text processing device; and send the text processing device
  • the foreign ciphertext is converted into the same-domain ciphertext of the text processing device and returned.
  • a text processing apparatus using a secure input method including: a security domain registration module, a symmetric key acquisition module, a plaintext encryption module, and a ciphertext output module, and registering a security domain by using a secure input method.
  • FIG. 1 is a schematic flowchart of implementing a text processing method of a security input method according to an embodiment of the present invention
  • FIG. 2 is a schematic structural diagram of a text processing apparatus of a secure input method according to an embodiment of the present invention
  • FIG. 3 is a schematic structural view of Embodiment 1 of the present invention.
  • the system provides a security input method.
  • the secure input method provides a secure input mode.
  • the user inputs the plaintext in the secure input method.
  • the encryption includes: receiving the plaintext input by the user by using the first editing area; encrypting the plaintext by the encryption and decryption module to obtain the encrypted ciphertext; formatting the ciphertext according to a preset rule, and returning Format the ciphertext.
  • the security input method displays the plaintext after decrypting internally, which mainly includes: receiving the formatted ciphertext selected by the user;
  • the decrypted plaintext is displayed.
  • the input method is implemented in plain text, and the security protection of the input information of the user is increased.
  • an embodiment of the present invention provides a text processing system for a secure input method, the system comprising a security management platform and a text processing device for a secure input method; wherein the security management platform is used to create And managing the security domain, assigning a security domain to the text processing device of the secure input method, delivering the security domain identifier and the corresponding symmetric key to the text processing device; and converting the foreign ciphertext sent by the text processing device into the text processing Returns the same ciphertext of the device.
  • FIG. 1 is a schematic flowchart of implementing a text processing method of a security input method according to an embodiment of the present invention. As shown in FIG. 1 , the method includes:
  • Step 101 Register a security domain, and obtain the security domain identifier.
  • the security input method needs to register a security domain with the security management platform to obtain the identity of the security domain in which it is located;
  • Step 102 Apply for and obtain a symmetric key corresponding to the security domain.
  • the security input method applies for and obtains a symmetric key corresponding to the security domain; all security input methods in the same security domain use the same symmetric key;
  • Step 103 Encrypt the plaintext input by the user by using the symmetric key
  • the security input method transmits the plaintext received by the first editing area to the encryption and decryption module, and is encrypted by the encryption and decryption module;
  • the outputting the encrypted ciphertext together with the security domain identifier comprises:
  • Step 104 Output the encrypted ciphertext together with the security domain identifier
  • the security input method obtains the encrypted ciphertext from the encryption and decryption module; and outputs the encrypted ciphertext together with the security domain identifier; and uses the security input method to enter the security mode.
  • the application or the user transmits, saves, copies, or deletes the encrypted ciphertext together with the security domain identifier.
  • the security input method obtains the ciphertext and the first security domain identifier corresponding to the ciphertext;
  • the ciphertext is decrypted by using the second symmetric key, and the decrypted plaintext is obtained and output;
  • the secure input method obtains the ciphertext and the first security domain identifier corresponding to the ciphertext, And acquiring an initial vector corresponding to the ciphertext;
  • the initial vector is used to participate in the decryption operation.
  • the requesting and acquiring the symmetric key corresponding to the security domain includes: performing signature verification on the obtained symmetric key by using security hardware.
  • the security input method uses a secure hardware to register a security domain and obtain a symmetric key corresponding to the security domain.
  • the text processing method of the secure input method simplifies the key management and ensures the security of key storage and transmission under the premise of ensuring the text encryption and decryption security of the input method and the user's convenience.
  • the text processing apparatus includes: a security domain registration module 201, a symmetric key acquisition module 202, and a plaintext encryption module 203. And a ciphertext output module 203; wherein
  • the security domain registration module 201 is configured to register a security domain and obtain the security domain identifier.
  • the symmetric key obtaining module 202 is configured to apply for and obtain a symmetric key corresponding to the security domain;
  • the plaintext encryption module 203 is configured to encrypt the plaintext input by the user by using the symmetric key
  • the ciphertext output module 204 is configured to output the encrypted ciphertext together with the security domain identifier.
  • the device further includes:
  • a ciphertext obtaining module configured to obtain the ciphertext and the first security domain identifier corresponding to the ciphertext
  • a same-domain decryption module configured to decrypt the ciphertext by using the second symmetric key to obtain the decrypted plaintext and output the same when the first security domain identifier is the same as the local second security domain identifier;
  • the foreign domain decryption module is configured to: send the ciphertext to the security management platform when the first security domain identifier is different from the second security domain identifier, and use the security management platform to decrypt the ciphertext and then use the
  • the second symmetric key identifies the encryption, and the security management platform identifies the second security domain corresponding to the secret
  • the text returns, and then the ciphertext returned by the security management platform is decrypted by using the second symmetric key, and the decrypted plaintext is obtained and output.
  • the device further includes:
  • the security hardware is configured to register a security domain by using an asymmetric cryptographic algorithm, and obtain a symmetric key corresponding to the security domain.
  • the security hardware is implemented by a smart card, a sound card/Key, a Bluetooth card/Key, an embedded security element, or a smart wearable device.
  • the smart card may be a SIM (Subscriber Identity Module) card or an SD card (Secure Digital Memory Card), and the smart wearable device may be a smart bracelet, a smart watch, or the like.
  • SIM Subscriber Identity Module
  • SD card Secure Digital Memory Card
  • the SIM card can be a standard SIM card, a USIM (Universal Subscriber Identity Module) card, a UIM (User Identify Module) card, a MicroSIM card, a NanoSIM card, and the like.
  • the SD card can be a security data card of various forms and sizes such as a standard SD card and a miniSD card.
  • the encryption and decryption process is performed by a security chip in the smart card.
  • the encryption and decryption process for the text using the symmetric algorithm can also be completed by the above-mentioned security hardware.
  • the asymmetric cryptographic algorithm includes but is not limited to asymmetric cryptographic algorithms such as RSA, ECC, SM2, and SM9.
  • the symmetric cryptographic algorithms include but are not limited to symmetric cryptographic algorithms such as 3DES, AES, SM1, SM4, and SM7.
  • Each of the above modules and each unit may be implemented by a central processing unit (CPU), a microprocessor (MPU), a digital signal processor (DSP), or a field programmable gate array of a text processing device located in a secure input method. (FPGA) implementation.
  • CPU central processing unit
  • MPU microprocessor
  • DSP digital signal processor
  • FPGA field programmable gate array
  • the present invention also provides a text processing system for a secure input method, the system comprising the text processing device and the security management platform of the secure input method according to any one of the above;
  • the security management platform is configured to create and manage a security domain, assign a security domain to the text processing device of the secure input method, and send the security domain identifier and the corresponding symmetric key to the text processing device; and send the text processing device
  • the foreign ciphertext is converted into the same-domain ciphertext of the text processing device and returned.
  • the security management platform may be a stand-alone server platform or a system management service function running on a business system server.
  • FIG. 3 is a schematic structural diagram of Embodiment 1 of the present invention.
  • the security input method includes a basic function and a key management component.
  • the basic function undertakes the entry of text input by the user and all applications, and calls the security hardware device to complete the text addition and decryption functions of the secure input method.
  • the safe input method caches the text edited by the user. After the user confirms that the text is correct, the encrypted output button is triggered, the security hardware device function is called to encrypt, and the ciphertext is output to the input box of the target application. .
  • the basic function is responsible for identifying the input method ciphertext in the clipboard and automatically decrypting when the user pastes; the key management interacts with the system platform and the security hardware device to complete the key management related functions.
  • the secure hardware device is a hardware module with a unique identifier (ID) and symmetric and asymmetric encryption and decryption capabilities, and has the function of generating true random numbers, generating and storing symmetric and asymmetric keys.
  • ID unique identifier
  • the secure hardware device has the function of generating true random numbers, generating and storing symmetric and asymmetric keys.
  • the security management platform is responsible for maintaining and managing the secure input method security hardware device and its associated keys. If the security hardware device registration information is maintained, the public key TermPubKey uploaded by the security hardware device is received and saved, the symmetric key K is generated, and the symmetric key K is encrypted by using the public key TermPubKey of the security hardware device, and then sent to the security hardware. Device.
  • the key management method and system for the secure input method have three aspects: the security hardware device registration, the input method key application (key generation and injection), and the input method plus Decryption (use of the key).
  • the security hardware device registration includes: generating a public-private key pair (TermPubKey/TermPrvKey) by using the security hardware device, storing the private key TermPrvKey in the security hardware device, and sending the security hardware device identification ID together with the public key TermPubKey to the security management through the secure channel.
  • the platform is registered, and the security management platform is responsible for maintaining and managing security input method security hardware device information (such as ID, TermPubKey, etc.), and assigning the security hardware device to a designated security domain (identifying the security domain by DID), the same All secure hardware devices in the secure domain use the same key K, and the secure hardware devices in different security domains use different keys K.
  • the secure channel may be a dedicated system, a dedicated tool, a virtual private network (VPN), etc., used during the production or release phase of the secure hardware device.
  • one or more new security domains can be created by the security management platform for the secure hardware device at any time required by the application, and all secure hardware devices in the same security domain use the same key. K, the security hardware devices in different security domains use different keys K.
  • the security hardware device uses its own private key TermPrvKey to sign the security hardware device identification ID, and then sends the ID and the signature together to the security management platform through the key management sub-module;
  • the security management platform authenticates the legality of the security hardware device, and generates and delivers the security input method encryption key K:
  • the security management platform checks whether the security hardware device ID is registered on the security management platform, and if it is registered, uses the corresponding TermPubKey to verify the ID signature. If the ID signature verification is passed, the security hardware device passes the authentication;
  • the security management platform generates a symmetric encryption key K, and associates the key K with the related information (ID, TermPubKey) of the security hardware device that applies for the key, that is, assigns a symmetric key corresponding to the security domain to the security hardware device.
  • Key K The symmetric key K may be generated or saved temporarily or in advance by the security management platform.
  • the security management platform allocates a key K thereto;
  • the security management platform uses TermPubKey as the key to perform asymmetric encryption operation on K to obtain K ciphertext K', and then sends K' to the secure hardware device. Further, the security management platform signs K' using its private key PlatPrvKey. And then send the signatures of K' and K' together to the secure hardware device;
  • the input method key management sub-module passes the received K' to the security hardware device, and the security hardware device uses its own private key TermPrvKey to perform asymmetric decryption operation on the received ciphertext K' to obtain the key K, and the security hardware device saves Key K; or, the input method key management sub-module passes the received signatures of K' and K' to the secure hardware device, and the secure hardware device first verifies the signature of K' using the public key PlatPubKey of the security management platform.
  • the security hardware device uses its own private key TermPrvKey to perform asymmetric decryption operation on the received ciphertext K' to obtain the key K, and the security hardware device saves the key. K.
  • the secure input method can use the key K in the secure hardware device to encrypt and decrypt the text processed by the input method.
  • the secure hardware device in the secure input method uses its own key K to encrypt the text processed by the input method;
  • the secure hardware device in the secure input method encrypts the text processed by the input method using its own key K
  • the results are different, further improving the security of the text.
  • the initial vector IV is composed of a true random number generated by the security hardware device, and is bound to the ciphertext, and transmitted, saved, copied or deleted along with the ciphertext data;
  • the ciphertext data is transmitted, saved, copied or deleted together, and the identifier DID of the security domain where the security hardware device is located is also included.
  • the security hardware device in the security input method decrypts, if it is determined that the security domain identifier DID of the ciphertext is the same as the security domain identifier, indicating that the ciphertext is generated by the security hardware device of the security domain, the security input method is adopted.
  • the security hardware device decrypts the plaintext using its own key K; otherwise, when the secure input method is decrypted, if the ciphertext is determined to have the security domain identifier (denoted as DIDb) and the security domain identifier
  • the difference indicates that the ciphertext (denoted as Cb) is generated by a security hardware device other than the security domain, and the secure input method submits the ciphertext Cb to the security management platform through the key management submodule.
  • the security management platform uses the key (denoted as Kb) of the security domain DIDb of the ciphertext Cb to decrypt the plaintext (denoted as P), and then encrypts the plaintext P using the key Ka of the security domain DIDa to obtain the ciphertext Ca. Finally, the encrypted ciphertext Ca is returned to the secure input method, and the secure input method is decrypted by the secure hardware device using its own key Ka to obtain the plaintext P;
  • the security management platform uses the key Ka of the security domain DIDa to encrypt the plaintext P to obtain the ciphertext Ca, and also uses an initial vector IV2 to participate in the cryptographic operation, so that the security management platform encrypts the same plaintext P each time. Not the same, further improve the security of the text.
  • the initial vector IV2 is composed of a security management platform or a true random number generated by trusted hardware connected to the security management platform, and is bound with the ciphertext Ca, and returned to the secure input method along with the ciphertext data Ca, and the secure input method.
  • the plaintext P is then decrypted by the secure hardware device using its own key Ka.
  • the respective modules of the text processing apparatus of the secure input method of the present embodiment correspond to the steps described in the embodiment of the text processing method of the above-described secure input method, and thus have the same advantageous effects.
  • the implementation of the text processing apparatus described above is merely illustrative, and the division of the described modules is only a logical function division, and may be further divided in actual implementation.
  • the coupling or communication connection of the modules to each other may be through some interfaces, or may be electrical or other forms.
  • Each of the foregoing functional modules may be part of a text processing device, and may or may not be a physical frame. It may be located in one place or distributed to multiple network units, and may be implemented in the form of hardware or software. The form of the box is implemented. Some or all of the modules may be selected according to actual needs to achieve the objectives of the solution of the present invention.
  • embodiments of the present invention can be provided as a method, system, or computer program product. Accordingly, the present invention may employ hardware embodiments, software embodiments, or a combination of software and A form of embodiment of the hardware aspect. Moreover, the invention can take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage and optical storage, etc.) including computer usable program code.
  • the computer program instructions can also be stored in a computer readable memory that can direct a computer or other programmable data processing device to operate in a particular manner, such that the instructions stored in the computer readable memory produce an article of manufacture comprising the instruction device.
  • the apparatus implements the functions specified in one or more blocks of a flow or a flow and/or block diagram of the flowchart.
  • These computer program instructions can also be loaded onto a computer or other programmable data processing device such that a series of operational steps are performed on a computer or other programmable device to produce computer-implemented processing for execution on a computer or other programmable device.
  • the instructions provide steps for implementing the functions specified in one or more of the flow or in a block or blocks of a flow diagram.

Abstract

Disclosed in the present invention are a text processing method, apparatus and system for a secure input method. The method comprises: registering a security domain, and obtaining an identifier of the security domain; applying for and obtaining a symmetric key corresponding to the security domain; by using the symmetric key, encrypting a plaintext inputted by a user; and outputting an encrypted ciphertext and the identifier of the security domain together.

Description

一种安全输入法的文本处理方法、装置和系统Text processing method, device and system for safe input method 技术领域Technical field
本发明涉及信息安全技术领域,尤其涉及一种安全输入法的文本处理方法、装置和系统。The present invention relates to the field of information security technologies, and in particular, to a text processing method, apparatus, and system for a secure input method.
背景技术Background technique
随着移动互联网的发展,文本通信成为人们重要的沟通方式,但是智能设备和传输通道本身并不安全,人们的聊天信息、短信信息、电子邮件信息都面临被木马盗取或者黑客拦截的可能,时常出现用户在网络通信内容中包含的银行账号、登录密码等信息被恶意第三方截获而给用户造成重大损失的情况。针对用户资金安全和隐私信息会面临重大威胁的问题。With the development of mobile Internet, text communication has become an important communication method for people, but the smart device and transmission channel itself are not safe. People's chat information, short message information, and email information are all likely to be stolen by Trojans or intercepted by hackers. It is often the case that the bank account, login password and other information contained in the network communication content are intercepted by a malicious third party and cause a great loss to the user. A major threat to users' financial security and privacy information.
目前,有部分通信软件,比如微信,会对自身通信信息进行加密传输,但这种方式只适用于这些特定的通信软件之间的信息传输,加解密能力只限定在应用内部,比如微信客户端对微信客户端,并不能保证智能设备中通过其他应用软件信息传输的安全,比如安卓系统中的短信应用,并没有加密功能。此外,在这种方式下,用户的通信信息对通信软件运营商来说是可见的,一旦通信软件运营商疏于管理,内部员工完全有可能通过非法方式获取用户的通信信息。且这种方式都是由通信软件以软件加解密方式实现,很容易被恶意软件攻克。At present, some communication software, such as WeChat, encrypts and transmits its own communication information, but this method is only applicable to the transmission of information between these specific communication software. The encryption and decryption capability is limited to the application, such as the WeChat client. For the WeChat client, there is no guarantee that the information transmission through other application software in the smart device, such as the SMS application in the Android system, has no encryption function. In addition, in this manner, the communication information of the user is visible to the communication software operator. Once the communication software operator is negligent in management, it is entirely possible for the internal employee to obtain the communication information of the user in an illegal manner. And this method is implemented by communication software in software encryption and decryption, and it is easy to be overcome by malware.
发明内容Summary of the invention
本发明期望提供一种安全输入法的文本处理方法、装置和系统,能够在保证输入法的文本加解密安全性和用户使用方便性的前提下,简化了密钥管理并保证密钥存储和传输的安全性。The present invention is intended to provide a text processing method, apparatus and system for a secure input method, which can simplify key management and ensure key storage and transmission under the premise of ensuring text encryption and decryption security of the input method and user convenience. Security.
本发明实施例的技术方案是这样实现的:The technical solution of the embodiment of the present invention is implemented as follows:
本发明实施例提供了一种安全输入法的文本处理方法,该方法包括: The embodiment of the invention provides a text processing method for a secure input method, the method comprising:
注册安全域,获取所述安全域标识;Registering a security domain to obtain the security domain identifier;
申请并获取所述安全域对应的对称密钥;Applying for and obtaining a symmetric key corresponding to the security domain;
使用所述对称密钥对用户输入的明文进行加密;Encrypting the plaintext input by the user by using the symmetric key;
将加密得到的密文与所述安全域标识一同输出。The encrypted ciphertext is output together with the security domain identifier.
上述方案中,所述使用所述对称密钥对用户输入的明文进行加密包括:In the foregoing solution, the encrypting the plaintext input by the user by using the symmetric key includes:
每次使用所述对称密钥对用户输入的明文进行加密时,随机生成一初始向量,并使用所述初始向量参与密码运算;Each time the plaintext input by the user is encrypted using the symmetric key, an initial vector is randomly generated, and the initial vector is used to participate in the cryptographic operation;
相应的,所述将加密得到的密文与所述安全域标识一同输出包括:Correspondingly, the outputting the encrypted ciphertext together with the security domain identifier comprises:
将加密得到的密文、所述安全域标识和所述密文对应的初始向量一同输出。The encrypted ciphertext, the security domain identifier, and the initial vector corresponding to the ciphertext are output together.
上述方案中,所述方法还包括:In the above solution, the method further includes:
获取密文和该密文对应的第一安全域标识;Obtaining the ciphertext and the first security domain identifier corresponding to the ciphertext;
当所述第一安全域标识与本地的第二安全域标识相同时,使用所述第二对称密钥对所述密文进行解密,获得解密后的明文并输出;When the first security domain identifier is the same as the local second security domain identifier, the ciphertext is decrypted by using the second symmetric key, and the decrypted plaintext is obtained and output;
当所述第一安全域标识与所述第二安全域标识不同时,将所述密文发送至安全管理平台,由所述安全管理平台解密密文后再使用所述第二安全域对应的第二对称密钥加密,再由所述安全管理平台将所述第二安全域标识对应的密文返回,之后使用所述第二对称密钥解密所述安全管理平台返回的密文,获得解密后的明文并输出。When the first security domain identifier is different from the second security domain identifier, the ciphertext is sent to the security management platform, and the ciphertext is decrypted by the security management platform, and then the second security domain is used. The second symmetric key is encrypted, and the security management platform returns the ciphertext corresponding to the second security domain identifier, and then decrypts the ciphertext returned by the security management platform by using the second symmetric key to obtain decryption. After the plain text and output.
上述方案中,当存在与密文对应的初始向量时,所述方法还包括:In the above solution, when there is an initial vector corresponding to the ciphertext, the method further includes:
获取密文和该密文对应的第一安全域标识的同时,还获取所述密文对应的初始向量;Obtaining the ciphertext and the first security domain identifier corresponding to the ciphertext, and acquiring an initial vector corresponding to the ciphertext;
使用所述初始向量参与解密运算。The initial vector is used to participate in the decryption operation.
上述方案中,所述申请并获取所述安全域对应的对称密钥包括: In the foregoing solution, the requesting and acquiring the symmetric key corresponding to the security domain includes:
使用安全硬件对获取到的对称密钥进行签名验证。Signature verification of the obtained symmetric key using secure hardware.
上述方案中,所述方法还包括:In the above solution, the method further includes:
使用安全硬件注册安全域、获取所述安全域对应的对称密钥。Use the security hardware to register the security domain and obtain the symmetric key corresponding to the security domain.
本发明实施例还提供一种安全输入法的文本处理装置,所述装置包括:安全域注册模块、对称密钥获取模块、明文加密模块以及密文输出模块;其中,The embodiment of the invention further provides a text processing device for a secure input method, the device comprising: a security domain registration module, a symmetric key acquisition module, a plaintext encryption module, and a ciphertext output module;
安全域注册模块,用于注册安全域,获取所述安全域标识;a security domain registration module, configured to register a security domain, and obtain the security domain identifier;
对称密钥获取模块,用于申请并获取所述安全域对应的对称密钥;a symmetric key acquisition module, configured to apply for and obtain a symmetric key corresponding to the security domain;
明文加密模块,用于使用所述对称密钥对用户输入的明文进行加密;a plaintext encryption module, configured to encrypt the plaintext input by the user by using the symmetric key;
密文输出模块,用于将加密得到的密文与所述安全域标识一同输出。The ciphertext output module is configured to output the encrypted ciphertext together with the security domain identifier.
上述方案中,所述装置还包括:In the above solution, the device further includes:
密文获取模块,用于获取密文和该密文对应的第一安全域标识;a ciphertext obtaining module, configured to obtain the ciphertext and the first security domain identifier corresponding to the ciphertext;
同域解密模块,用于当所述第一安全域标识与本地的第二安全域标识相同时,使用所述第二对称密钥对所述密文进行解密,获得解密后的明文并输出;a same-domain decryption module, configured to decrypt the ciphertext by using the second symmetric key to obtain the decrypted plaintext and output the same when the first security domain identifier is the same as the local second security domain identifier;
异域解密模块,用于当所述第一安全域标识与所述第二安全域标识不同时,将所述密文发送至安全管理平台,由所述安全管理平台解密密文后再使用所述第二对称密钥加密,再由所述安全管理平台将所述第二安全域标识对应的密文返回,之后使用所述第二对称密钥解密所述安全管理平台返回的密文,获得解密后的明文并输出。The foreign domain decryption module is configured to: send the ciphertext to the security management platform when the first security domain identifier is different from the second security domain identifier, and use the security management platform to decrypt the ciphertext and then use the The second symmetric key is encrypted, and the security management platform returns the ciphertext corresponding to the second security domain identifier, and then decrypts the ciphertext returned by the security management platform by using the second symmetric key to obtain decryption. After the plain text and output.
上述方案中,所述装置还包括:In the above solution, the device further includes:
安全硬件,用于使用非对称密码算法进行注册安全域、获取所述安全域对应的对称密钥。The security hardware is configured to register a security domain by using an asymmetric cryptographic algorithm, and obtain a symmetric key corresponding to the security domain.
上述方案中,所述安全硬件由智能卡、声波卡/Key、蓝牙卡/Key、嵌入式 安全元件或者智能可穿戴装置实现。In the above solution, the security hardware is composed of a smart card, a sound card/Key, a Bluetooth card/Key, and an embedded Secured by a security element or smart wearable device.
本发明实施例提供一种安全输入法的文本处理系统,该系统包括:上述任意一种安全输入法的文本处理装置和安全管理平台;其中,An embodiment of the present invention provides a text processing system for a secure input method, where the system includes: a text processing device and a security management platform of any of the above security input methods;
所述安全管理平台,用于创建和管理安全域,为安全输入法的文本处理装置分配安全域,向文本处理装置下发安全域标识和对应的对称密钥;并用于将文本处理装置发送的异域密文转换为所述文本处理装置的同域密文后返回。The security management platform is configured to create and manage a security domain, assign a security domain to the text processing device of the secure input method, and send the security domain identifier and the corresponding symmetric key to the text processing device; and send the text processing device The foreign ciphertext is converted into the same-domain ciphertext of the text processing device and returned.
本发明技术方案的有益效果在于:利用一种安全输入法的文本处理装置,包括:安全域注册模块、对称密钥获取模块、明文加密模块以及密文输出模块,通过使用安全输入法注册安全域,获取所述安全域标识;申请并获取所述安全域对应的对称密钥;使用所述对称密钥对用户输入的明文进行加密;将加密得到的密文与所述安全域标识一同输出,能够在保证输入法的文本加解密安全性和用户使用方便性的前提下,简化了密钥管理并保证密钥存储和传输的安全性。The beneficial effects of the technical solution of the present invention are: a text processing apparatus using a secure input method, including: a security domain registration module, a symmetric key acquisition module, a plaintext encryption module, and a ciphertext output module, and registering a security domain by using a secure input method. Obtaining the security domain identifier; applying and obtaining a symmetric key corresponding to the security domain; encrypting the plaintext input by the user by using the symmetric key; and outputting the encrypted ciphertext together with the security domain identifier, It can simplify the key management and ensure the security of key storage and transmission under the premise of ensuring the text encryption and decryption security of the input method and user convenience.
附图说明DRAWINGS
图1为本发明实施例提供的安全输入法的文本处理方法的实现流程示意图;1 is a schematic flowchart of implementing a text processing method of a security input method according to an embodiment of the present invention;
图2为本发明实施例提供的安全输入法的文本处理装置的组成结构示意图;2 is a schematic structural diagram of a text processing apparatus of a secure input method according to an embodiment of the present invention;
图3为本发明实施例1的结构示意图。FIG. 3 is a schematic structural view of Embodiment 1 of the present invention.
具体实施方式detailed description
为了更清楚地说明本发明实施例和技术方案,下面将结合附图及实施例对本发明的技术方案进行更详细的说明,显然,所描述的实施例是本发明的一部分实施例,而不是全部实施例。基于本发明的实施例,本领域普通技术人员在不付出创造性劳动的前提下所获得的所有其他实施例,都属于本发明保护的范 围。In order to explain the embodiments and technical solutions of the present invention more clearly, the technical solutions of the present invention will be described in more detail below with reference to the accompanying drawings and embodiments. It is obvious that the described embodiments are a part of the embodiments of the present invention, and not all Example. All other embodiments obtained by those of ordinary skill in the art based on the embodiments of the present invention without creative efforts are within the scope of the present invention. Wai.
在本发明实施例中,系统提供一种安全输入法,该安全输入法除了具有普通输入法的基础功能以外,还提供安全输入模式,在安全模式下,在安全输入法内部对用户输入的明文进行加密,主要包括:使用第一编辑区接收用户输入的明文;将所述明文交由加解密模块进行加密,获取加密后的密文;按照预设规则对所述密文进行格式化,返回格式化密文。而当用户希望解密密文时,安全输入法在内部解密后显示明文,主要包括:接收用户选定的格式化密文;In the embodiment of the present invention, the system provides a security input method. In addition to the basic functions of the common input method, the secure input method provides a secure input mode. In the secure mode, the user inputs the plaintext in the secure input method. The encryption includes: receiving the plaintext input by the user by using the first editing area; encrypting the plaintext by the encryption and decryption module to obtain the encrypted ciphertext; formatting the ciphertext according to a preset rule, and returning Format the ciphertext. When the user wants to decrypt the ciphertext, the security input method displays the plaintext after decrypting internally, which mainly includes: receiving the formatted ciphertext selected by the user;
将所述选定的格式化密文交由所述加解密模块进行解密,获取解密后明文;And the selected formatted ciphertext is decrypted by the encryption and decryption module to obtain the decrypted plaintext;
显示所述解密后明文。如此,实现了明文不出输入法,增加了对用户输入信息的安全保护。The decrypted plaintext is displayed. In this way, the input method is implemented in plain text, and the security protection of the input information of the user is increased.
针对这样的安全输入法,如何更安全的对安全输入法的文本进行加密解密处理,是个关键问题。为了进一步加强安全输入法的安全性,本发明实施例提供一种安全输入法的文本处理系统,该系统包括安全管理平台和安全输入法的文本处理装置;其中,所述安全管理平台用于创建和管理安全域,为安全输入法的文本处理装置分配安全域,向文本处理装置下发安全域标识和对应的对称密钥;并用于将文本处理装置发送的异域密文转换为所述文本处理装置的同域密文后返回。For such a safe input method, how to safely encrypt and decrypt the text of the secure input method is a key issue. In order to further enhance the security of the security input method, an embodiment of the present invention provides a text processing system for a secure input method, the system comprising a security management platform and a text processing device for a secure input method; wherein the security management platform is used to create And managing the security domain, assigning a security domain to the text processing device of the secure input method, delivering the security domain identifier and the corresponding symmetric key to the text processing device; and converting the foreign ciphertext sent by the text processing device into the text processing Returns the same ciphertext of the device.
图1为本发明实施例提供的安全输入法的文本处理方法的实现流程示意图,如图1所示,该方法包括:1 is a schematic flowchart of implementing a text processing method of a security input method according to an embodiment of the present invention. As shown in FIG. 1 , the method includes:
步骤101,注册安全域,获取所述安全域标识;Step 101: Register a security domain, and obtain the security domain identifier.
具体的,安全输入法需要向安全管理平台注册安全域,获取自身所在安全域标识;Specifically, the security input method needs to register a security domain with the security management platform to obtain the identity of the security domain in which it is located;
步骤102,申请并获取所述安全域对应的对称密钥;Step 102: Apply for and obtain a symmetric key corresponding to the security domain.
具体的,安全输入法申请并获取所述安全域对应的对称密钥;同一安全域中所有安全输入法使用相同的对称密钥; Specifically, the security input method applies for and obtains a symmetric key corresponding to the security domain; all security input methods in the same security domain use the same symmetric key;
步骤103,使用所述对称密钥对用户输入的明文进行加密;Step 103: Encrypt the plaintext input by the user by using the symmetric key;
具体的,安全输入法通过第一编辑区接收到的明文传输至加解密模块,交由加解密模块进行加密;Specifically, the security input method transmits the plaintext received by the first editing area to the encryption and decryption module, and is encrypted by the encryption and decryption module;
进一步的,每次使用所述对称密钥对用户输入的明文进行加密时,随机生成一初始向量,并使用所述初始向量参与密码运算;Further, each time the plaintext input by the user is encrypted by using the symmetric key, an initial vector is randomly generated, and the initial vector is used to participate in the cryptographic operation;
相应的,所述将加密得到的密文与所述安全域标识一同输出包括:Correspondingly, the outputting the encrypted ciphertext together with the security domain identifier comprises:
将加密得到的密文、所述安全域标识和所述密文对应的初始向量一同输出;And outputting the encrypted ciphertext, the security domain identifier, and the initial vector corresponding to the ciphertext;
步骤104,将加密得到的密文与所述安全域标识一同输出;Step 104: Output the encrypted ciphertext together with the security domain identifier;
具体的,待加解密模块完成加密后,安全输入法在从加解密模块获取加密后的密文;并将加密得到的密文与所述安全域标识一同输出;使用安全输入法安全模式输入的应用程序或者用户,将加密得到的密文与所述安全域标识一同传输、保存、复制或删除。Specifically, after the encryption and decryption module completes the encryption, the security input method obtains the encrypted ciphertext from the encryption and decryption module; and outputs the encrypted ciphertext together with the security domain identifier; and uses the security input method to enter the security mode. The application or the user transmits, saves, copies, or deletes the encrypted ciphertext together with the security domain identifier.
当需要对密文进行解密时,所述安全输入法获取密文和该密文对应的第一安全域标识;When the ciphertext needs to be decrypted, the security input method obtains the ciphertext and the first security domain identifier corresponding to the ciphertext;
当所述第一安全域标识与本地的第二安全域标识相同时,使用所述第二对称密钥对所述密文进行解密,获得解密后的明文并输出;When the first security domain identifier is the same as the local second security domain identifier, the ciphertext is decrypted by using the second symmetric key, and the decrypted plaintext is obtained and output;
当所述第一安全域标识与所述第二安全域标识不同时,将所述密文发送至安全管理平台,由所述安全管理平台解密密文后再使用所述第二对称密钥加密,再由所述安全管理平台将所述第二安全域标识对应的密文返回,之后使用所述第二对称密钥解密所述安全管理平台返回的密文,获得解密后的明文并输出。Sending the ciphertext to the security management platform when the first security domain identifier is different from the second security domain identifier, and decrypting the ciphertext by the security management platform, and then using the second symmetric key to encrypt Then, the ciphertext corresponding to the second security domain identifier is returned by the security management platform, and then the ciphertext returned by the security management platform is decrypted by using the second symmetric key, and the decrypted plaintext is obtained and output.
进一步的,当存在与密文对应的初始向量时,即在加密时有初始向量参与密码运算,则所述安全输入法获取密文和该密文对应的第一安全域标识的同时, 还获取所述密文对应的初始向量;Further, when there is an initial vector corresponding to the ciphertext, that is, when the initial vector participates in the cryptographic operation during the encryption, the secure input method obtains the ciphertext and the first security domain identifier corresponding to the ciphertext, And acquiring an initial vector corresponding to the ciphertext;
使用所述初始向量参与解密运算。The initial vector is used to participate in the decryption operation.
进一步的,所述申请并获取所述安全域对应的对称密钥包括:使用安全硬件对获取到的对称密钥进行签名验证。Further, the requesting and acquiring the symmetric key corresponding to the security domain includes: performing signature verification on the obtained symmetric key by using security hardware.
进一步的,所述安全输入法使用安全硬件注册安全域、获取所述安全域对应的对称密钥。Further, the security input method uses a secure hardware to register a security domain and obtain a symmetric key corresponding to the security domain.
使用上述实施例提供的安全输入法的文本处理方法,在保证输入法的文本加解密安全性和用户使用方便性的前提下,简化了密钥管理并保证密钥存储和传输的安全性。The text processing method of the secure input method provided by the above embodiment simplifies the key management and ensures the security of key storage and transmission under the premise of ensuring the text encryption and decryption security of the input method and the user's convenience.
图2是本发明实施例提供的安全输入法的文本处理装置的组成结构示意图,如图2所示,该文本处理装置包括:安全域注册模块201、对称密钥获取模块202、明文加密模块203以及密文输出模块203;其中,2 is a schematic structural diagram of a text processing apparatus of a security input method according to an embodiment of the present invention. As shown in FIG. 2, the text processing apparatus includes: a security domain registration module 201, a symmetric key acquisition module 202, and a plaintext encryption module 203. And a ciphertext output module 203; wherein
安全域注册模块201,用于注册安全域,获取所述安全域标识;The security domain registration module 201 is configured to register a security domain and obtain the security domain identifier.
对称密钥获取模块202,用于申请并获取所述安全域对应的对称密钥;The symmetric key obtaining module 202 is configured to apply for and obtain a symmetric key corresponding to the security domain;
明文加密模块203,用于使用所述对称密钥对用户输入的明文进行加密;The plaintext encryption module 203 is configured to encrypt the plaintext input by the user by using the symmetric key;
密文输出模块204,用于将加密得到的密文与所述安全域标识一同输出。The ciphertext output module 204 is configured to output the encrypted ciphertext together with the security domain identifier.
进一步的,所述装置还包括:Further, the device further includes:
密文获取模块,用于获取密文和该密文对应的第一安全域标识;a ciphertext obtaining module, configured to obtain the ciphertext and the first security domain identifier corresponding to the ciphertext;
同域解密模块,用于当所述第一安全域标识与本地的第二安全域标识相同时,使用所述第二对称密钥对所述密文进行解密,获得解密后的明文并输出;a same-domain decryption module, configured to decrypt the ciphertext by using the second symmetric key to obtain the decrypted plaintext and output the same when the first security domain identifier is the same as the local second security domain identifier;
异域解密模块,用于当所述第一安全域标识与所述第二安全域标识不同时,将所述密文发送至安全管理平台,由所述安全管理平台解密密文后再使用所述第二对称密钥识加密,再由所述安全管理平台将所述第二安全域标识对应的密 文返回,之后使用所述第二对称密钥解密所述安全管理平台返回的密文,获得解密后的明文并输出。The foreign domain decryption module is configured to: send the ciphertext to the security management platform when the first security domain identifier is different from the second security domain identifier, and use the security management platform to decrypt the ciphertext and then use the The second symmetric key identifies the encryption, and the security management platform identifies the second security domain corresponding to the secret The text returns, and then the ciphertext returned by the security management platform is decrypted by using the second symmetric key, and the decrypted plaintext is obtained and output.
进一步的,所述装置还包括:Further, the device further includes:
安全硬件,用于使用非对称密码算法进行注册安全域、获取所述安全域对应的对称密钥。The security hardware is configured to register a security domain by using an asymmetric cryptographic algorithm, and obtain a symmetric key corresponding to the security domain.
进一步的,所述安全硬件由智能卡、声波卡/Key、蓝牙卡/Key、嵌入式安全元件或者智能可穿戴装置实现。Further, the security hardware is implemented by a smart card, a sound card/Key, a Bluetooth card/Key, an embedded security element, or a smart wearable device.
这里,所述智能卡可以是SIM(Subscriber Identity Module客户识别模块)卡或SD卡(Secure Digital Memory Card,安全数字存储卡)等,智能可穿戴装置可以是智能手环、智能手表等。而SIM卡可以是标准SIM卡、USIM(Universal Subscriber Identity Module,全球用户识别)卡、UIM(User Identify Module,用户识别模块)卡、MicroSIM卡、NanoSIM卡等各种形态和尺寸的通信卡。SD卡可以是标准SD卡、miniSD卡等各种形态和尺寸的安全数据卡。Here, the smart card may be a SIM (Subscriber Identity Module) card or an SD card (Secure Digital Memory Card), and the smart wearable device may be a smart bracelet, a smart watch, or the like. The SIM card can be a standard SIM card, a USIM (Universal Subscriber Identity Module) card, a UIM (User Identify Module) card, a MicroSIM card, a NanoSIM card, and the like. The SD card can be a security data card of various forms and sizes such as a standard SD card and a miniSD card.
具体来说,当安全硬件由智能卡实现时,加密和解密过程由智能卡中的安全芯片完成。Specifically, when the secure hardware is implemented by a smart card, the encryption and decryption process is performed by a security chip in the smart card.
进一步的,为了更好的保证输入法的安全性,对于使用对称算法对文本的加密解密过程也可以由上述安全硬件来完成。Further, in order to better ensure the security of the input method, the encryption and decryption process for the text using the symmetric algorithm can also be completed by the above-mentioned security hardware.
这里,上述非对称密码算法包括但不限于RSA、ECC、SM2、SM9等非对称密码算法,上述对称密码算法包括但不限于3DES、AES、SM1、SM4、SM7等对称密码算法。Here, the asymmetric cryptographic algorithm includes but is not limited to asymmetric cryptographic algorithms such as RSA, ECC, SM2, and SM9. The symmetric cryptographic algorithms include but are not limited to symmetric cryptographic algorithms such as 3DES, AES, SM1, SM4, and SM7.
上述各个模块及各个单元在实际应用中,均可由位于安全输入法的文本处理装置的中央处理器(CPU)、微处理器(MPU)、数字信号处理器(DSP)、或现场可编程门阵列(FPGA)实现。Each of the above modules and each unit may be implemented by a central processing unit (CPU), a microprocessor (MPU), a digital signal processor (DSP), or a field programmable gate array of a text processing device located in a secure input method. (FPGA) implementation.
本发明还提供一种安全输入法的文本处理系统,该系统包括上述任一项所述的安全输入法的文本处理装置和安全管理平台;其中, The present invention also provides a text processing system for a secure input method, the system comprising the text processing device and the security management platform of the secure input method according to any one of the above;
所述安全管理平台,用于创建和管理安全域,为安全输入法的文本处理装置分配安全域,向文本处理装置下发安全域标识和对应的对称密钥;并用于将文本处理装置发送的异域密文转换为所述文本处理装置的同域密文后返回。The security management platform is configured to create and manage a security domain, assign a security domain to the text processing device of the secure input method, and send the security domain identifier and the corresponding symmetric key to the text processing device; and send the text processing device The foreign ciphertext is converted into the same-domain ciphertext of the text processing device and returned.
这里,所述安全管理平台可以是独立运行的服务器平台,也可以是运行于业务系统服务器上的一项系统管理服务功能。Here, the security management platform may be a stand-alone server platform or a system management service function running on a business system server.
实施例1:Example 1:
附图3为本发明实施例1的结构示意图,如图3所示,所述安全输入法包括基本功能和密钥管理组成。基本功能承接了用户与所有应用进行文本输入的入口,并调用安全硬件装置完成所述安全输入法的文本加、解密功能。与传统输入法不同的是,安全输入法会缓存用户编辑的文本,等到用户确认文本正确之后,触发加密输出按钮,调用安全硬件装置功能进行加密,并把密文输出到目标应用的输入框中。FIG. 3 is a schematic structural diagram of Embodiment 1 of the present invention. As shown in FIG. 3, the security input method includes a basic function and a key management component. The basic function undertakes the entry of text input by the user and all applications, and calls the security hardware device to complete the text addition and decryption functions of the secure input method. Different from the traditional input method, the safe input method caches the text edited by the user. After the user confirms that the text is correct, the encrypted output button is triggered, the security hardware device function is called to encrypt, and the ciphertext is output to the input box of the target application. .
此外,基本功能负责识别剪贴板中的输入法密文并在用户粘贴时进行自动解密;密钥管理分别与系统平台和安全硬件装置交互,完成密钥管理相关功能。In addition, the basic function is responsible for identifying the input method ciphertext in the clipboard and automatically decrypting when the user pastes; the key management interacts with the system platform and the security hardware device to complete the key management related functions.
安全硬件装置是具有唯一标识(ID)和具有对称与非对称加解密能力的硬件模块,并具有产生真随机数、生成和存储对称与非对称密钥的功能。The secure hardware device is a hardware module with a unique identifier (ID) and symmetric and asymmetric encryption and decryption capabilities, and has the function of generating true random numbers, generating and storing symmetric and asymmetric keys.
安全管理平台负责维护和管理安全输入法安全硬件装置及其相关密钥。如维护安全硬件装置注册信息,接收和保存安全硬件装置上传的公钥TermPubKey,生成所述对称密钥K,使用安全硬件装置的公钥TermPubKey加密所述对称密钥K后,下发给安全硬件装置。The security management platform is responsible for maintaining and managing the secure input method security hardware device and its associated keys. If the security hardware device registration information is maintained, the public key TermPubKey uploaded by the security hardware device is received and saved, the symmetric key K is generated, and the symmetric key K is encrypted by using the public key TermPubKey of the security hardware device, and then sent to the security hardware. Device.
所述用于安全输入法的密钥管理方法和系统,其密钥管理的基本工作过程包括三个方面:安全硬件装置注册、输入法密钥申请(密钥的产生与注入)、输入法加解密(密钥的使用)。The key management method and system for the secure input method have three aspects: the security hardware device registration, the input method key application (key generation and injection), and the input method plus Decryption (use of the key).
具体说明如下:The specific instructions are as follows:
安全硬件装置注册: Security hardware device registration:
安全硬件装置注册包括,利用安全硬件装置生成公私钥对(TermPubKey/TermPrvKey),将私钥TermPrvKey保存在安全硬件装置内,将安全硬件装置标识ID与其公钥TermPubKey一起,通过安全通道发送给安全管理平台进行注册,安全管理平台负责维护和管理安全输入法安全硬件装置信息(如ID、TermPubKey等),并将所述安全硬件装置归属到一个指定的安全域(以DID标识该安全域),同一安全域中所有安全硬件装置使用相同的密钥K,不同安全域中的安全硬件装置使用不同的密钥K。所述安全通道可以是在安全硬件装置的生产阶段或发行阶段使用的专用系统、专用工具、虚拟专用网络(VPN)等。The security hardware device registration includes: generating a public-private key pair (TermPubKey/TermPrvKey) by using the security hardware device, storing the private key TermPrvKey in the security hardware device, and sending the security hardware device identification ID together with the public key TermPubKey to the security management through the secure channel. The platform is registered, and the security management platform is responsible for maintaining and managing security input method security hardware device information (such as ID, TermPubKey, etc.), and assigning the security hardware device to a designated security domain (identifying the security domain by DID), the same All secure hardware devices in the secure domain use the same key K, and the secure hardware devices in different security domains use different keys K. The secure channel may be a dedicated system, a dedicated tool, a virtual private network (VPN), etc., used during the production or release phase of the secure hardware device.
除了注册阶段创建和分配的安全域,也可以在应用需要的任何时候,由安全管理平台为安全硬件装置创建一个或多个新的安全域,同一安全域中所有安全硬件装置使用相同的密钥K,不同安全域中的安全硬件装置使用不同的密钥K。In addition to the security zones created and assigned during the registration phase, one or more new security domains can be created by the security management platform for the secure hardware device at any time required by the application, and all secure hardware devices in the same security domain use the same key. K, the security hardware devices in different security domains use different keys K.
输入法密钥申请(密钥的产生与注入):Input method key request (key generation and injection):
(1)安全硬件装置采用自己的私钥TermPrvKey对安全硬件装置标识ID进行签名,然后将ID和签名一起,通过密钥管理子模块发送给安全管理平台;(1) The security hardware device uses its own private key TermPrvKey to sign the security hardware device identification ID, and then sends the ID and the signature together to the security management platform through the key management sub-module;
(2)安全管理平台认证安全硬件装置的合法性,生成和下发安全输入法加密密钥K:(2) The security management platform authenticates the legality of the security hardware device, and generates and delivers the security input method encryption key K:
安全管理平台检查安全硬件装置ID是否已在安全管理平台上注册,若已注册则采用其对应的TermPubKey对ID签名进行验证,如果已注册且ID签名验证通过,则安全硬件装置认证通过;The security management platform checks whether the security hardware device ID is registered on the security management platform, and if it is registered, uses the corresponding TermPubKey to verify the ID signature. If the ID signature verification is passed, the security hardware device passes the authentication;
安全管理平台生成对称加密密钥K,并将密钥K与申请密钥的安全硬件装置的相关信息(ID、TermPubKey)进行关联,即,为该安全硬件装置分配一个与其安全域对应的对称密钥K。所述对称密钥K,可由安全管理平台临时或事先产生和保存,在安全输入法的安全硬件装置进行密钥申请时,安全管理平台为其分配密钥K; The security management platform generates a symmetric encryption key K, and associates the key K with the related information (ID, TermPubKey) of the security hardware device that applies for the key, that is, assigns a symmetric key corresponding to the security domain to the security hardware device. Key K. The symmetric key K may be generated or saved temporarily or in advance by the security management platform. When the secure hardware device of the secure input method performs a key application, the security management platform allocates a key K thereto;
安全管理平台使用TermPubKey作为密钥对K进行非对称加密运算得到K的密文K’,然后将K’发送给安全硬件装置,进一步的,安全管理平台使用自己的私钥PlatPrvKey对K’进行签名,然后将K’和K’的签名一起发送给安全硬件装置;The security management platform uses TermPubKey as the key to perform asymmetric encryption operation on K to obtain K ciphertext K', and then sends K' to the secure hardware device. Further, the security management platform signs K' using its private key PlatPrvKey. And then send the signatures of K' and K' together to the secure hardware device;
(3)输入法密钥注入:(3) Input method key injection:
输入法密钥管理子模块将接收到的K’传递给安全硬件装置,安全硬件装置使用自己的私钥TermPrvKey对接收到的密文K’进行非对称解密运算得到密钥K,安全硬件装置保存密钥K;或者,输入法密钥管理子模块将接收到的K’和K’的签名一起传递给安全硬件装置,安全硬件装置首先使用安全管理平台的公钥PlatPubKey对K’的签名进行验证,若验证通过,则说明K’为管理平台所签发,然后安全硬件装置再使用自己的私钥TermPrvKey对接收到的密文K’进行非对称解密运算得到密钥K,安全硬件装置保存密钥K。The input method key management sub-module passes the received K' to the security hardware device, and the security hardware device uses its own private key TermPrvKey to perform asymmetric decryption operation on the received ciphertext K' to obtain the key K, and the security hardware device saves Key K; or, the input method key management sub-module passes the received signatures of K' and K' to the secure hardware device, and the secure hardware device first verifies the signature of K' using the public key PlatPubKey of the security management platform. If the verification is passed, it indicates that K' is issued by the management platform, and then the security hardware device uses its own private key TermPrvKey to perform asymmetric decryption operation on the received ciphertext K' to obtain the key K, and the security hardware device saves the key. K.
输入法加解密(密钥的使用):Input method encryption and decryption (use of key):
完成密钥配置后,安全输入法就可以使用安全硬件装置中的密钥K对输入法处理的文本进行加解密操作了。After the key configuration is completed, the secure input method can use the key K in the secure hardware device to encrypt and decrypt the text processed by the input method.
安全输入法中的安全硬件装置使用自己的密钥K对输入法处理的文本进行加密操作;The secure hardware device in the secure input method uses its own key K to encrypt the text processed by the input method;
进一步的,安全输入法中的安全硬件装置在使用自己的密钥K对输入法处理的文本进行加密操作时,还使用一个初始向量IV参与密码运算,使得安全输入法对相同文本每次加密的结果都不相同,进一步提高文本的安全性。所述初始向量IV由安全硬件装置产生的真随机数构成,与密文绑定在一起,随密文数据一起传输、保存、复制或删除;Further, when the secure hardware device in the secure input method encrypts the text processed by the input method using its own key K, it also uses an initial vector IV to participate in the cryptographic operation, so that the secure input method encrypts the same text each time. The results are different, further improving the security of the text. The initial vector IV is composed of a true random number generated by the security hardware device, and is bound to the ciphertext, and transmitted, saved, copied or deleted along with the ciphertext data;
进一步的,除IV外,随密文数据一起传输、保存、复制或删除的,还包括安全硬件装置所在安全域的标识DID。Further, in addition to the IV, the ciphertext data is transmitted, saved, copied or deleted together, and the identifier DID of the security domain where the security hardware device is located is also included.
安全输入法中的安全硬件装置进行解密时,若判断密文所带安全域标识DID与本安全域标识相同,说明该密文是本安全域的安全硬件装置所产生的,则安全输入法通过安全硬件装置使用自己的密钥K解密得到明文;否则,当安全输入法进行解密时,若判断密文所带安全域标识(记为DIDb)与本安全域标 识(记为DIDa)不同,说明该密文(记为Cb)是由非本安全域的安全硬件装置所产生的,则安全输入法通过密钥管理子模块将密文Cb提交给安全管理平台,安全管理平台使用该密文Cb所属安全域DIDb的密钥(记为Kb)进行解密得到明文(记为P),然后使用安全域DIDa的密钥Ka对明文P进行加密,得到密文Ca,最后把加密得到的密文Ca返回给安全输入法,安全输入法再通过安全硬件装置使用自己的密钥Ka解密得到明文P;When the security hardware device in the security input method decrypts, if it is determined that the security domain identifier DID of the ciphertext is the same as the security domain identifier, indicating that the ciphertext is generated by the security hardware device of the security domain, the security input method is adopted. The security hardware device decrypts the plaintext using its own key K; otherwise, when the secure input method is decrypted, if the ciphertext is determined to have the security domain identifier (denoted as DIDb) and the security domain identifier The difference (denoted as DIDa) indicates that the ciphertext (denoted as Cb) is generated by a security hardware device other than the security domain, and the secure input method submits the ciphertext Cb to the security management platform through the key management submodule. The security management platform uses the key (denoted as Kb) of the security domain DIDb of the ciphertext Cb to decrypt the plaintext (denoted as P), and then encrypts the plaintext P using the key Ka of the security domain DIDa to obtain the ciphertext Ca. Finally, the encrypted ciphertext Ca is returned to the secure input method, and the secure input method is decrypted by the secure hardware device using its own key Ka to obtain the plaintext P;
进一步的,安全管理平台在使用安全域DIDa的密钥Ka对明文P进行加密得到密文Ca时,还使用一个初始向量IV2参与密码运算,使得安全管理平台对相同明文P每次加密的结果都不相同,进一步提高文本的安全性。所述初始向量IV2由安全管理平台或者与安全管理平台连接的可信硬件产生的真随机数构成,与密文Ca绑定在一起,随密文数据Ca一起返回给安全输入法,安全输入法再通过安全硬件装置使用自己的密钥Ka解密得到明文P。Further, the security management platform uses the key Ka of the security domain DIDa to encrypt the plaintext P to obtain the ciphertext Ca, and also uses an initial vector IV2 to participate in the cryptographic operation, so that the security management platform encrypts the same plaintext P each time. Not the same, further improve the security of the text. The initial vector IV2 is composed of a security management platform or a true random number generated by trusted hardware connected to the security management platform, and is bound with the ciphertext Ca, and returned to the secure input method along with the ciphertext data Ca, and the secure input method. The plaintext P is then decrypted by the secure hardware device using its own key Ka.
本实施例的安全输入法的文本处理装置的各个模块对应执行上述安全输入法的文本处理方法实施例所描述的步骤,因此具有相同的有益效果。另外,应该理解到,以上所描述的文本处理装置的实施方式仅仅是示意性的,所描述模块的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式。另外,模块相互之间的耦合或通信连接可以是通过一些接口,也可以是电性或其它的形式。The respective modules of the text processing apparatus of the secure input method of the present embodiment correspond to the steps described in the embodiment of the text processing method of the above-described secure input method, and thus have the same advantageous effects. In addition, it should be understood that the implementation of the text processing apparatus described above is merely illustrative, and the division of the described modules is only a logical function division, and may be further divided in actual implementation. In addition, the coupling or communication connection of the modules to each other may be through some interfaces, or may be electrical or other forms.
上述各个功能模块作为文本处理装置的组成部分,可以是或者也可以不是物理框,既可以位于一个地方,也可以分布到多个网络单元上,既可以采用硬件的形式实现,也可以采用软件功能框的形式实现。可以根据实际的需要选择其中的部分或者全部模块来实现本发明方案的目的。Each of the foregoing functional modules may be part of a text processing device, and may or may not be a physical frame. It may be located in one place or distributed to multiple network units, and may be implemented in the form of hardware or software. The form of the box is implemented. Some or all of the modules may be selected according to actual needs to achieve the objectives of the solution of the present invention.
本领域内的技术人员应明白,本发明的实施例可提供为方法、系统、或计算机程序产品。因此,本发明可采用硬件实施例、软件实施例、或结合软件和 硬件方面的实施例的形式。而且,本发明可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器和光学存储器等)上实施的计算机程序产品的形式。Those skilled in the art will appreciate that embodiments of the present invention can be provided as a method, system, or computer program product. Accordingly, the present invention may employ hardware embodiments, software embodiments, or a combination of software and A form of embodiment of the hardware aspect. Moreover, the invention can take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage and optical storage, etc.) including computer usable program code.
本发明是参照根据本发明实施例的方法、设备(系统)、和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器,使得通过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。The present invention has been described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (system), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or FIG. These computer program instructions can be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing device to produce a machine for the execution of instructions for execution by a processor of a computer or other programmable data processing device. Means for implementing the functions specified in one or more of the flow or in a block or blocks of the flow chart.
这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定方式工作的计算机可读存储器中,使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品,该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。The computer program instructions can also be stored in a computer readable memory that can direct a computer or other programmable data processing device to operate in a particular manner, such that the instructions stored in the computer readable memory produce an article of manufacture comprising the instruction device. The apparatus implements the functions specified in one or more blocks of a flow or a flow and/or block diagram of the flowchart.
这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上,使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理,从而在计算机或其他可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。These computer program instructions can also be loaded onto a computer or other programmable data processing device such that a series of operational steps are performed on a computer or other programmable device to produce computer-implemented processing for execution on a computer or other programmable device. The instructions provide steps for implementing the functions specified in one or more of the flow or in a block or blocks of a flow diagram.
再次说明,以上所述仅为本发明的实施例,并非因此限制本发明的专利范围,凡是利用本发明说明书及附图内容所作的等效结构或等效流程变换,例如各实施例之间技术特征的相互结合,或直接或间接运用在其他相关的技术领域,均同理包括在本发明的专利保护范围内。 It is to be noted that the above description is only an embodiment of the present invention, and thus does not limit the scope of the invention, and the equivalent structure or equivalent flow transformation using the description of the present invention and the drawings, for example, the technology between the embodiments The combination of features, or directly or indirectly, in other related technical fields, is equally included in the scope of patent protection of the present invention.

Claims (11)

  1. 一种安全输入法的文本处理方法,其特征在于,所述方法包括:A text processing method for a secure input method, characterized in that the method comprises:
    注册安全域,获取所述安全域标识;Registering a security domain to obtain the security domain identifier;
    申请并获取所述安全域对应的对称密钥;Applying for and obtaining a symmetric key corresponding to the security domain;
    使用所述对称密钥对用户输入的明文进行加密;Encrypting the plaintext input by the user by using the symmetric key;
    将加密得到的密文与所述安全域标识一同输出。The encrypted ciphertext is output together with the security domain identifier.
  2. 根据权利要求1所述的文本处理方法,其特征在于,所述使用所述对称密钥对用户输入的明文进行加密包括:The text processing method according to claim 1, wherein the encrypting the plaintext input by the user by using the symmetric key comprises:
    每次使用所述对称密钥对用户输入的明文进行加密时,随机生成一初始向量,并使用所述初始向量参与密码运算;Each time the plaintext input by the user is encrypted using the symmetric key, an initial vector is randomly generated, and the initial vector is used to participate in the cryptographic operation;
    相应的,所述将加密得到的密文与所述安全域标识一同输出包括:Correspondingly, the outputting the encrypted ciphertext together with the security domain identifier comprises:
    将加密得到的密文、所述安全域标识和所述密文对应的初始向量一同输出。The encrypted ciphertext, the security domain identifier, and the initial vector corresponding to the ciphertext are output together.
  3. 根据权利要求1或2所述的文本处理方法,其特征在于,所述方法还包括:The text processing method according to claim 1 or 2, wherein the method further comprises:
    获取密文和该密文对应的第一安全域标识;Obtaining the ciphertext and the first security domain identifier corresponding to the ciphertext;
    当所述第一安全域标识与本地的第二安全域标识相同时,使用所述第二对称密钥对所述密文进行解密,获得解密后的明文并输出;When the first security domain identifier is the same as the local second security domain identifier, the ciphertext is decrypted by using the second symmetric key, and the decrypted plaintext is obtained and output;
    当所述第一安全域标识与所述第二安全域标识不同时,将所述密文发送至安全管理平台,由所述安全管理平台解密密文后再使用所述第二安全域对应的第二对称密钥加密,再由所述安全管理平台将所述第二安全域标识对应的密文返回,之后使用所述第二对称密钥解密所述安全管理平台返回的密文,获得解密后的明文并输出。When the first security domain identifier is different from the second security domain identifier, the ciphertext is sent to the security management platform, and the ciphertext is decrypted by the security management platform, and then the second security domain is used. The second symmetric key is encrypted, and the security management platform returns the ciphertext corresponding to the second security domain identifier, and then decrypts the ciphertext returned by the security management platform by using the second symmetric key to obtain decryption. After the plain text and output.
  4. 根据权利要求3所述的文本处理方法,其特征在于,当存在与密文对应的初始向量时,所述方法还包括: The text processing method according to claim 3, wherein when there is an initial vector corresponding to the ciphertext, the method further comprises:
    获取密文和该密文对应的第一安全域标识的同时,还获取所述密文对应的初始向量;Obtaining the ciphertext and the first security domain identifier corresponding to the ciphertext, and acquiring an initial vector corresponding to the ciphertext;
    使用所述初始向量参与解密运算。The initial vector is used to participate in the decryption operation.
  5. 根据权利要求1所述的文本处理方法,其特征在于,所述申请并获取所述安全域对应的对称密钥包括:The text processing method according to claim 1, wherein the requesting and acquiring the symmetric key corresponding to the security domain comprises:
    使用安全硬件对获取到的对称密钥进行签名验证。Signature verification of the obtained symmetric key using secure hardware.
  6. 根据权利要求1所述的文本处理方法,其特征在于,所述方法还包括:The text processing method according to claim 1, wherein the method further comprises:
    使用安全硬件注册安全域、获取所述安全域对应的对称密钥。Use the security hardware to register the security domain and obtain the symmetric key corresponding to the security domain.
  7. 一种安全输入法的文本处理装置,其特征在于,所述装置包括:安全域注册模块、对称密钥获取模块、明文加密模块以及密文输出模块;其中,A text processing device for a secure input method, the device comprising: a security domain registration module, a symmetric key acquisition module, a plaintext encryption module, and a ciphertext output module;
    安全域注册模块,用于注册安全域,获取所述安全域标识;a security domain registration module, configured to register a security domain, and obtain the security domain identifier;
    对称密钥获取模块,用于申请并获取所述安全域对应的对称密钥;a symmetric key acquisition module, configured to apply for and obtain a symmetric key corresponding to the security domain;
    明文加密模块,用于使用所述对称密钥对用户输入的明文进行加密;a plaintext encryption module, configured to encrypt the plaintext input by the user by using the symmetric key;
    密文输出模块,用于将加密得到的密文与所述安全域标识一同输出。The ciphertext output module is configured to output the encrypted ciphertext together with the security domain identifier.
  8. 根据权利要求7所述的文本处理装置,其特征在于,所述装置还包括:The text processing device according to claim 7, wherein the device further comprises:
    密文获取模块,用于获取密文和该密文对应的第一安全域标识;a ciphertext obtaining module, configured to obtain the ciphertext and the first security domain identifier corresponding to the ciphertext;
    同域解密模块,用于当所述第一安全域标识与本地的第二安全域标识相同时,使用所述第二对称密钥对所述密文进行解密,获得解密后的明文并输出;a same-domain decryption module, configured to decrypt the ciphertext by using the second symmetric key to obtain the decrypted plaintext and output the same when the first security domain identifier is the same as the local second security domain identifier;
    异域解密模块,用于当所述第一安全域标识与所述第二安全域标识不同时,将所述密文发送至安全管理平台,由所述安全管理平台解密密文后再使用所述第二对称密钥加密,再由所述安全管理平台将所述第二安全域标识对应的密文返回,之后使用所述第二对称密钥解密所述安全管理平台返回的密文,获得解密后的明文并输出。 The foreign domain decryption module is configured to: send the ciphertext to the security management platform when the first security domain identifier is different from the second security domain identifier, and use the security management platform to decrypt the ciphertext and then use the The second symmetric key is encrypted, and the security management platform returns the ciphertext corresponding to the second security domain identifier, and then decrypts the ciphertext returned by the security management platform by using the second symmetric key to obtain decryption. After the plain text and output.
  9. 根据权利要求7或8所述的文本处理装置,其特征在于,所述装置还包括:The text processing device according to claim 7 or 8, wherein the device further comprises:
    安全硬件,用于使用非对称密码算法进行注册安全域、获取所述安全域对应的对称密钥。The security hardware is configured to register a security domain by using an asymmetric cryptographic algorithm, and obtain a symmetric key corresponding to the security domain.
  10. 根据权利要求9所述的文本处理装置,其特征在于,所述安全硬件由智能卡、声波卡/Key、蓝牙卡/Key、嵌入式安全元件或者智能可穿戴装置实现。The text processing apparatus according to claim 9, wherein the secure hardware is implemented by a smart card, a sound card/Key, a Bluetooth card/Key, an embedded secure element, or a smart wearable device.
  11. 一种安全输入法的文本处理系统,其特征在于,该系统包括:根据权利要求7至10任一项所述的安全输入法的文本处理装置和安全管理平台;其中,A text processing system for a secure input method, comprising: a text processing apparatus and a security management platform according to the secure input method according to any one of claims 7 to 10;
    所述安全管理平台,用于创建和管理安全域,为安全输入法的文本处理装置分配安全域,向文本处理装置下发安全域标识和对应的对称密钥;并用于将文本处理装置发送的异域密文转换为所述文本处理装置的同域密文后返回。 The security management platform is configured to create and manage a security domain, assign a security domain to the text processing device of the secure input method, and send the security domain identifier and the corresponding symmetric key to the text processing device; and send the text processing device The foreign ciphertext is converted into the same-domain ciphertext of the text processing device and returned.
PCT/CN2016/103054 2015-12-22 2016-10-24 Text processing method, apparatus and system for secure input method WO2017107642A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510967166.5A CN106911625B (en) 2015-12-22 2015-12-22 Text processing method, device and system for safe input method
CN201510967166.5 2015-12-22

Publications (1)

Publication Number Publication Date
WO2017107642A1 true WO2017107642A1 (en) 2017-06-29

Family

ID=59089075

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2016/103054 WO2017107642A1 (en) 2015-12-22 2016-10-24 Text processing method, apparatus and system for secure input method

Country Status (3)

Country Link
CN (1) CN106911625B (en)
TW (1) TWI611316B (en)
WO (1) WO2017107642A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111177739A (en) * 2019-10-28 2020-05-19 腾讯云计算(北京)有限责任公司 Data processing method, information interaction system and computer storage medium
CN111212068A (en) * 2019-12-31 2020-05-29 熵加网络科技(北京)有限公司 Method for encrypting and decrypting characters by input method

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002086826A1 (en) * 2001-04-25 2002-10-31 Harexinfotech Inc. Financial information input method using symmetrical key security algorithm and commercial transaction system for mobile communications
CN101064595A (en) * 2006-04-27 2007-10-31 联想(北京)有限公司 Computer network safe input authentication system and method
CN101169815A (en) * 2007-11-27 2008-04-30 华为技术有限公司 Computer system and data input method
CN101894232A (en) * 2010-07-26 2010-11-24 深圳市永达电子股份有限公司 Safe input method applied to identity authentication and input terminal
CN102355353A (en) * 2011-08-12 2012-02-15 无锡城市云计算中心有限公司 Encrypted input method and encrypted communication method and device

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI224455B (en) * 2001-01-19 2004-11-21 Mitake Data Co Ltd End-to-end encryption procedure and module of M-commerce WAP data transport layer
TW563047B (en) * 2001-06-12 2003-11-21 Financial Information Service Shared system of mobile bank and its operating method
CN101729246B (en) * 2008-10-24 2012-02-08 中兴通讯股份有限公司 Method and system for distributing key
CN101739756B (en) * 2008-11-10 2012-01-11 中兴通讯股份有限公司 Method for generating secrete key of smart card
US20140109176A1 (en) * 2012-10-15 2014-04-17 Citrix Systems, Inc. Configuring and providing profiles that manage execution of mobile applications
EP2982148A1 (en) * 2013-04-05 2016-02-10 Interdigital Patent Holdings, Inc. Securing peer-to-peer and group communications
JP6078688B2 (en) * 2014-04-22 2017-02-08 株式会社日立製作所 Data processing system and data processing method

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002086826A1 (en) * 2001-04-25 2002-10-31 Harexinfotech Inc. Financial information input method using symmetrical key security algorithm and commercial transaction system for mobile communications
CN101064595A (en) * 2006-04-27 2007-10-31 联想(北京)有限公司 Computer network safe input authentication system and method
CN101169815A (en) * 2007-11-27 2008-04-30 华为技术有限公司 Computer system and data input method
CN101894232A (en) * 2010-07-26 2010-11-24 深圳市永达电子股份有限公司 Safe input method applied to identity authentication and input terminal
CN102355353A (en) * 2011-08-12 2012-02-15 无锡城市云计算中心有限公司 Encrypted input method and encrypted communication method and device

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111177739A (en) * 2019-10-28 2020-05-19 腾讯云计算(北京)有限责任公司 Data processing method, information interaction system and computer storage medium
CN111177739B (en) * 2019-10-28 2023-11-03 腾讯云计算(北京)有限责任公司 Data processing method, information interaction system and computer storage medium
CN111212068A (en) * 2019-12-31 2020-05-29 熵加网络科技(北京)有限公司 Method for encrypting and decrypting characters by input method

Also Published As

Publication number Publication date
CN106911625B (en) 2020-04-24
TW201723919A (en) 2017-07-01
TWI611316B (en) 2018-01-11
CN106911625A (en) 2017-06-30

Similar Documents

Publication Publication Date Title
US11799668B2 (en) Electronic identification verification methods and systems with storage of certification records to a side chain
US11799656B2 (en) Security authentication method and device
US10601801B2 (en) Identity authentication method and apparatus
CN110519260B (en) Information processing method and information processing device
US9673975B1 (en) Cryptographic key splitting for offline and online data protection
US9860064B2 (en) Encrypted password transport across untrusted cloud network
CN106487765B (en) Authorized access method and device using the same
WO2017024934A1 (en) Electronic signing method, device and signing server
RU2018103181A (en) CONFIDENTIAL AUTHENTICATION AND SECURITY
US20160330029A1 (en) Authenticator device facilitating file security
WO2018145127A1 (en) Electronic identification verification methods and systems with storage of certification records to a side chain
CN109922027B (en) Credible identity authentication method, terminal and storage medium
US10439809B2 (en) Method and apparatus for managing application identifier
CN103546289A (en) USB (universal serial bus) Key based secure data transmission method and system
TW201409990A (en) Communication method utilizing fingerprint information for authentication
TWI734729B (en) Method and device for realizing electronic signature and signature server
WO2015109958A1 (en) Data processing method based on negotiation key, and mobile phone
WO2017107642A1 (en) Text processing method, apparatus and system for secure input method
CN113904830B (en) SPA authentication method, SPA authentication device, electronic equipment and readable storage medium
TW201426597A (en) A user management method and system based on group
JP2014230156A (en) System, method, program and device for authentication
WO2019179240A1 (en) Method and terminal for establishing security infrastructure and device
WO2022133923A1 (en) License authentication method and apparatus, electronic device, system, and storage medium
JP2018148293A (en) Credential generation system and method, client terminal, server device, issuance request device, and credential issuance device and program
CN117081736A (en) Key distribution method, key distribution device, communication method, and communication device

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16877453

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 09/11/2018)

122 Ep: pct application non-entry in european phase

Ref document number: 16877453

Country of ref document: EP

Kind code of ref document: A1