WO2017202025A1 - 终端文件加密方法、终端文件解密方法和终端 - Google Patents
终端文件加密方法、终端文件解密方法和终端 Download PDFInfo
- Publication number
- WO2017202025A1 WO2017202025A1 PCT/CN2017/000057 CN2017000057W WO2017202025A1 WO 2017202025 A1 WO2017202025 A1 WO 2017202025A1 CN 2017000057 W CN2017000057 W CN 2017000057W WO 2017202025 A1 WO2017202025 A1 WO 2017202025A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- terminal
- information
- file
- server
- key
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/03—Protecting confidentiality, e.g. by encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/02—Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
Definitions
- the embodiments of the present invention relate to the field of data security technologies, and in particular, to a terminal file encryption method, a terminal file decryption method, and a terminal.
- the user wants to encrypt the content sensitive to the user such as files and pictures to protect.
- encryption is often performed by a password set by a user, but the password is easily lost. Therefore, a new encryption and decryption scheme for protecting terminal files is needed, which does not rely on the user for password input and guarantees the security of the terminal file.
- the embodiment of the present invention provides a terminal file encryption method, a terminal file decryption method, and a terminal, so as to at least implement a password not required by a user, and ensure the security of the terminal file.
- a method for encrypting a terminal file includes: reading one or more pieces of data information in a terminal; generating a unique identifier according to the one or more pieces of data information, and transmitting the identifier to the server, And generating, by the server, a key according to the unique identifier; acquiring a key generated by the server, and encrypting a file in the terminal by using the key.
- the reading one or more pieces of data information in the terminal specifically: reading identifier information of the identity card in the terminal, identifier information of the terminal, and network information of the terminal And/or storage time information of the file.
- the foregoing method before acquiring the key generated by the server, and encrypting the file in the terminal by using the key, further comprising: acquiring regional information of the terminal, according to the area The information selects a file to be encrypted from the terminal.
- the foregoing method before reading one or more pieces of data information in the terminal, further includes: acquiring information input by the user, and determining, by the user, the information terminal corresponding to the user identification card Whether the personal password is the same or not, and when the judgment result is yes, one or more pieces of data information in the reading terminal are executed.
- a terminal including: a data reading module configured to read one or more pieces of data information in a terminal; and a unique identifier generating module configured to be according to the item or Generating a plurality of pieces of data information to the server for generating, by the server, a key according to the unique identifier; the encryption processing module is configured to acquire a key generated by the server, and use the key to the terminal
- the files in the file are encrypted.
- the data reading module includes an identity card reading module, a terminal identifier reading module, a network information reading module, and/or a storage time reading module, and the identity identification card reading module Set to read the identification information of the identification card in the terminal;
- the terminal identification reading module is configured to read the identification information of the terminal;
- the network information reading module is configured to read the network information of the terminal
- the storage time reading module is configured to read storage time information of the file.
- the foregoing terminal further includes: a file selection module, configured to acquire the area information of the terminal, and select a file to be encrypted from the terminal according to the area information.
- a file selection module configured to acquire the area information of the terminal, and select a file to be encrypted from the terminal according to the area information.
- the foregoing terminal further includes: a determining module, configured to obtain information input by the user, and determine whether the personal password corresponding to the user identification card of the information terminal input by the user is the same, and the determination result is The reading of one or more pieces of data information in the terminal is performed.
- a determining module configured to obtain information input by the user, and determine whether the personal password corresponding to the user identification card of the information terminal input by the user is the same, and the determination result is The reading of one or more pieces of data information in the terminal is performed.
- a method for decrypting a terminal file includes: reading one or more pieces of data information in a terminal; generating a unique identifier according to the one or more pieces of data information and transmitting to the server And the server is configured to search, according to the unique identifier, a pre-stored key generated according to the unique identifier; acquire a key generated by the server, and decrypt the file in the terminal by using the key.
- the reading one or more pieces of data information in the terminal specifically: reading identifier information of the identity card in the terminal, identification information of the terminal, and a network of the terminal Information and/or storage time information of the file.
- the method before acquiring the key generated by the server, and using the key to decrypt the file in the terminal, the method further includes: acquiring the area information of the terminal, according to the area The information selects a file to be decrypted from the terminal.
- the foregoing method before reading one or more pieces of data information in the terminal, further includes: acquiring information input by the user, and determining that the information input by the user corresponds to the user identification card of the terminal. Whether the personal password is the same or not, and when the judgment result is yes, one or more pieces of data information in the reading terminal are executed.
- a terminal including: a data reading module configured to read one or more pieces of data information in a terminal; and a unique identifier generating module configured to be according to the item or The plurality of pieces of data information are generated and sent to the server, and the server searches for the pre-stored key generated according to the unique identifier according to the unique identifier; the decryption processing module is configured to acquire the key generated by the server, And decrypting the file in the terminal using the key.
- the data reading module includes an identity card reading module, a terminal identifier reading module, a network information reading module, and/or a storage time reading module, and the identity identification card reading module Set to read the identification information of the identification card in the terminal;
- the terminal identification reading module is configured to read the identification information of the terminal;
- the network information reading module is configured to read the network information of the terminal
- the storage time reading module is configured to read storage time information of the file.
- the foregoing terminal further includes: a file selection module, configured to acquire the area information of the terminal, and select a file to be decrypted from the terminal according to the area information.
- a file selection module configured to acquire the area information of the terminal, and select a file to be decrypted from the terminal according to the area information.
- the foregoing terminal further includes: a determining module, configured to obtain information input by the user, and determine whether the information input by the user is the same as the personal password corresponding to the user identification card of the terminal, and the determination result is The reading of one or more pieces of data information in the terminal is performed.
- a determining module configured to obtain information input by the user, and determine whether the information input by the user is the same as the personal password corresponding to the user identification card of the terminal, and the determination result is The reading of one or more pieces of data information in the terminal is performed.
- the terminal file encryption method, the terminal file decryption method, and the terminal of the embodiment of the present invention have at least the following advantages:
- the data information in the terminal is collected and a unique identifier is generated, and sent to the server, and the server generates a key according to the unique identifier, and the terminal acquires a key from the server to encrypt and decrypt the terminal file;
- the password is encrypted and decrypted by the user in the related art, and the embodiment of the present invention does not rely on the user to set a password, and the server only presses the terminal.
- an identifier generation key is sent to the terminal for encryption and decryption, the key is located in the server and is difficult to be illegally obtained, which is beneficial to ensure the security of the terminal file.
- FIG. 1 is a flowchart of a method for encrypting a terminal file according to an embodiment of the present invention
- FIG. 2 is a flowchart of a method for encrypting a terminal file according to an embodiment of the present invention
- FIG. 3 is a flowchart of a method for encrypting a terminal file according to an embodiment of the present invention
- FIG. 4 is a block diagram of a terminal according to an embodiment of an embodiment of the present invention.
- FIG. 5 is a block diagram of a terminal according to an embodiment of the present invention.
- FIG. 6 is a flowchart of a method for decrypting a terminal file according to an embodiment of the present invention.
- FIG. 7 is a flowchart of a method for decrypting a terminal file according to an embodiment of the present invention.
- FIG. 8 is a flowchart of a method for decrypting a terminal file according to an embodiment of the present invention.
- FIG. 9 is a block diagram of a terminal according to an embodiment of the present invention.
- FIG. 10 is a block diagram of a terminal according to an embodiment of an embodiment of the present invention.
- an embodiment of the present invention provides a terminal file encryption method, including:
- Step S110 reading one or more pieces of data information in the terminal.
- the type of the data information is not limited.
- the software and hardware information of the terminal in this embodiment can be used.
- the terminal includes not limited to a mobile phone, a tablet, or the like.
- Step S120 Generate a unique identifier according to one or more pieces of data information and send it to the server, so that the server generates a key according to the unique identifier.
- the unique identifier may be a globally unique identifier;
- one or more pieces of data information are required to be unique, for example, may be user account information stored in the terminal or the like.
- Step S130 Acquire a key generated by the server, and encrypt the file in the terminal by using the key.
- the data information in the terminal is collected and a unique identifier is generated, sent to the server, and the server generates a key according to the unique identifier, and the terminal acquires a key from the server to encrypt and decrypt the terminal file;
- the user of the technology sets the password for encryption and decryption.
- the user does not rely on the user to set a password, and the server generates a key according to the unique identifier of the terminal and sends the key to the terminal for encryption and decryption. Being illegally obtained helps to ensure the security of the terminal file.
- an embodiment of the present invention provides a terminal file encryption method, including:
- step S210 the information input by the user is obtained, and it is determined whether the personal password corresponding to the user identification card of the information terminal input by the user is the same. If the determination result is yes, step S220 is performed.
- the identity of the user since the encryption and decryption of the file is a more important operation, the identity of the user needs to be verified at this time, wherein the PIN code (Personal Identification Number) of the SIM card (user identification card) can indicate the user's identity. Identity, so in this embodiment the user identity is verified using a PIN code.
- PIN code Personal Identification Number
- Step S220 Read identification information of the identity identification card in the terminal, identification information of the terminal, network information of the terminal, and/or storage time information of the file.
- the identification information of the SIM card may be an ICCID (Integrate circuit card identity) or an IMSI (International Mobile Subscriber Identification Number)
- the identifier information of the terminal may be an IMEI.
- International Mobile Equipment Identity International Mobile Equipment Identity
- the network information may be GUTI (Globally Unique Temporary UE Identity) or TMSI (Temporary Mobile Subscriber Identity).
- GUTI Globally Unique Temporary UE Identity
- TMSI Temporary Mobile Subscriber Identity
- Step S230 Generate a unique identifier according to the identification information of the identity identification card in the terminal, the identification information of the terminal, the network information of the terminal, and/or the storage time information of the file, and send the identifier to the server for the server root.
- the key is generated based on the unique identifier.
- the manner of generating the unique identifier is not limited.
- the foregoing information may be directly connected in series, or the other information may be used to calculate the unique identifier.
- the way the server generates the key includes but is not limited to:
- the key generation formula can be expressed as:
- the encryption file process formula is:
- Key is the key
- FileEncrypted is the encrypted file byte stream, which means that after reading the byte stream of the FileByte of the original file, the key is encrypted.
- Representation operation Key value is after multiple operations, so reverse cracking is very difficult.
- step S240 the area information of the terminal is acquired, and the file to be encrypted is selected from the terminal according to the area information.
- the area information may be the foregoing GUTI.
- different files may be encrypted in different areas by reading GUTI values of different cell identifiers.
- Step S250 Acquire a key generated by the server, and encrypt the file in the terminal by using the key.
- the encrypted data is also hidden.
- FIG. 3 A specific application scenario of the technical solution of this embodiment is shown in FIG. 3:
- the user handles the SIM card, and the operator informs the user of the PIN code of the SIM card;
- the user selects the file to be encrypted and hidden.
- the terminal reads the SIM card identifier, such as the ICCID information, and temporarily enables the PIN check function to prompt the user to input the PIN code.
- the SIM card is locked. The user needs to go to the operator to unlock and reset the PIN code. If the PIN code is correct, the ICCID, IMSI, terminal identifier IMEI, cell identifier GUTI and TMSI and encrypted file will be read. Store time stamps, etc.
- the terminal generates a temporary global unique identifier according to the above information in series or adopts other mixing functions, and sends the temporary global unique identifier to the server on the network side.
- the network side server After receiving the temporary global unique identifier, the network side server performs identity verification on the user (including not including whether the mobile phone and the card are reported, etc.), and asks the user whether to generate and store a new key or Whether to change an existing key, if the user does not store the key or does not change the existing key, The server returns a failure message to the terminal user, and the terminal displays a change prompt or an error prompt; if the user needs to generate a key, the server generates a key according to the temporary unique identifier, generates a temporary key according to a preset algorithm, stores the key, and stores the key The terminal side returns the success information, and the terminal encrypts the file according to the preset algorithm according to the key and hides the file.
- an embodiment of the present invention provides a terminal, including:
- the data reading module 410 reads one or more pieces of data information in the terminal.
- the type of the data information is not limited.
- the software and hardware information of the terminal in this embodiment can be used.
- the unique identifier generation module 420 generates a unique identifier based on one or more pieces of data information and sends it to the server for the server to generate a key based on the unique identifier.
- the unique identifier may be a globally unique identifier; in this embodiment, further, in order to ensure the uniqueness of the unique identifier, one or more pieces of data information are required to be unique, for example, may be stored in the terminal. User account information, etc.
- the encryption processing module 430 acquires a key generated by the server and encrypts the file in the terminal using the key.
- the data information in the terminal is collected and a unique identifier is generated, sent to the server, and the server generates a key according to the unique identifier, and the terminal acquires a key from the server to encrypt and decrypt the terminal file;
- the user of the technology sets the password for encryption and decryption.
- the user does not rely on the user to set a password, and the server generates a key according to the unique identifier of the terminal and sends the key to the terminal for encryption and decryption. Being illegally obtained helps to ensure the security of the terminal file.
- an embodiment of the present invention provides a terminal, including:
- the determining module 510 obtains information input by the user, and determines whether the personal password corresponding to the user identification card of the information terminal input by the user is the same. When the determination result is yes, the data reading module 520 enters the work. In this embodiment, since the encryption and decryption of the file is a more important operation, the identity of the user needs to be verified at this time, wherein the PIN code (Personal Identification Number) of the SIM card (user identification card) can indicate the user's identity. Identity, so in this embodiment the user identity is verified using a PIN code.
- PIN code Personal Identification Number
- the data reading module 520 includes an identification card reading module, a terminal identification reading module, and a network letter.
- the information reading module and/or the storage time reading module, the identification card reading module is configured to read the identification information of the identification card in the terminal; the terminal identification reading module is configured to read the identification information of the terminal; The module is set to read the network information of the terminal; the storage time reading module is set to read the storage time information of the file.
- the identification information of the SIM card may be an ICCID (Integrate circuit card identity) or an IMSI (International Mobile Subscriber Identification Number), and the identifier information of the terminal may be an IMEI ( The International Mobile Equipment Identity (International Mobile Equipment Identity), the network information may be a Globally Unique Temporary UE Identity (GUTI) or a Temporary Mobile Subscriber Identity (TMSI).
- GUI Globally Unique Temporary UE Identity
- TMSI Temporary Mobile Subscriber Identity
- the unique identifier generation module 530 generates a unique identifier according to the identification information of the identity identification card in the terminal, the identification information of the terminal, the network information of the terminal, and/or the storage time information of the file, and sends the unique identifier to the server, so that the server generates a key according to the unique identifier.
- the manner of generating the unique identifier is not limited.
- the foregoing information may be directly connected in series, or the other information may be used to calculate the unique identifier.
- the way the server generates the key includes but is not limited to:
- the key generation formula can be expressed as:
- the encryption file process formula is:
- Key is the key
- FileEncrypted is the encrypted file byte stream, which means that after reading the byte stream of the FileByte of the original file, the key is encrypted.
- Representation operation Key value is after multiple operations, so reverse cracking is very difficult.
- the file selection module 540 acquires the area information of the terminal, and selects a file to be encrypted from the terminal according to the area information.
- the area information may be the foregoing GUTI.
- different files may be encrypted in different areas by reading GUTI values of different cell identifiers.
- the encryption processing module 550 acquires a key generated by the server and encrypts the file in the terminal using the key. In this embodiment, in order to further ensure file security, the encrypted data is also hidden.
- FIG. 3 A specific application scenario of the technical solution of this embodiment is shown in FIG. 3:
- the user handles the SIM card, and the operator informs the user of the PIN code of the SIM card;
- the user selects the file to be encrypted and hidden.
- the terminal reads the SIM card identifier, such as the ICCID information, and determines that the module temporarily enables the PIN check function, prompting the user to input the PIN code;
- the SIM card is locked. The user needs to go to the operator to unlock and reset the PIN code. If the PIN code is correct, the ID card reading module, the terminal ID reading module, the network information reading module, The storage time reading module will read the ICCID, the IMSI, the terminal identifier IMEI, the cell identifier GUTI and the TMSI, and the encrypted file storage time identifier;
- the unique identifier generation module generates a temporary global unique identifier according to the above information in series or adopts other hybrid functions, and sends the temporary global unique identifier to the server on the network side.
- the network side server After receiving the temporary global unique identifier, the network side server performs identity verification on the user, and asks the user whether to generate and store a new key or change the existing key, if the user does not store the secret.
- the key does not change the existing key, the server returns the failure information to the end user, and the terminal displays no change prompt or error prompt; if the user needs to generate the key, the server generates a key according to the temporary unique identifier according to a preset algorithm.
- a temporary key is generated, the key is stored, and the success information is returned to the terminal side, and the encryption processing module encrypts the file according to the predetermined algorithm according to the key and hides the file.
- an embodiment of the present invention provides a method for decrypting a terminal file, including:
- Step S610 reading one or more pieces of data information in the terminal.
- the type of the data information is not limited.
- the software and hardware information of the terminal in this embodiment can be used.
- the terminal includes not limited to a mobile phone, a tablet, or the like.
- Step S620 Generate a unique identifier according to one or more pieces of data information and send it to the server, so that the server searches for a pre-stored key generated according to the unique identifier according to the unique identifier.
- the unique identifier may be a globally unique identifier; in this embodiment, further, in order to ensure the uniqueness of the unique identifier, one or more pieces of data information are required to be unique, for example, may be stored in the terminal. User account information, etc.
- Step S630 Acquire a key generated by the server, and decrypt the file in the terminal by using the key.
- the server collects data information in the terminal and generating a unique identifier, and sending To the server, and the server searches for the key that has been generated according to the unique identifier, and the terminal obtains the key from the server to decrypt the terminal file; and the user is different from the related art to set the password for encryption and decryption.
- the server generates a key according to the unique identifier of the terminal and sends the key to the terminal for encryption and decryption.
- the key is located in the server and is difficult to be illegally obtained, which is beneficial to ensure the security of the terminal file.
- an embodiment of the present invention provides a method for decrypting a terminal file, including:
- step S710 the information input by the user is obtained, and it is determined whether the information input by the user is the same as the personal password corresponding to the user identification card of the terminal. If the determination result is yes, step 720 is performed.
- the identity of the user since the encryption and decryption of the file is a more important operation, the identity of the user needs to be verified at this time, wherein the PIN code (Personal Identification Number) of the SIM card (user identification card) can indicate the user's identity. Identity, so in this embodiment the user identity is verified using a PIN code.
- PIN code Personal Identification Number
- Step S720 Read identification information of the identity identification card in the terminal, identification information of the terminal, network information of the terminal, and/or storage time information of the file.
- the identification information of the SIM card may be an ICCID (Integrate circuit card identity) or an IMSI (International Mobile Subscriber Identification Number)
- the identifier information of the terminal may be an IMEI ( The International Mobile Equipment Identity (International Mobile Equipment Identity)
- the network information may be a Globally Unique Temporary UE Identity (GUTI) or a Temporary Mobile Subscriber Identity (TMSI).
- GUI Globally Unique Temporary UE Identity
- TMSI Temporary Mobile Subscriber Identity
- Step S730 Generate a unique identifier according to the identification information of the identity identification card, the identifier information of the terminal, the network information of the terminal, and/or the storage time information of the file, and send the identifier to the server, so that the server searches for the pre-stored unique identifier according to the unique identifier.
- the manner of generating the unique identifier is not limited.
- the foregoing information may be directly connected in series, or the other information may be used to calculate the unique identifier.
- the way the server generates the key includes but is not limited to:
- the key generation formula can be expressed as:
- the encryption file process formula is:
- Key is the key
- FileEncrypted is the encrypted file byte stream, which means that after reading the byte stream of the FileByte of the original file, the key is encrypted.
- Representation operation Key value is after multiple operations, so reverse cracking is very difficult.
- Step S740 acquiring the area information of the terminal, and selecting the file to be decrypted from the terminal according to the area information.
- the area information may be the foregoing GUTI.
- different files may be decrypted in different areas by reading GUTI values of different cell identifiers.
- Step S750 Acquire a key generated by the server, and decrypt the file in the terminal by using the key.
- the decryption process can be simply calculated by the following formula:
- FileEncryptedByte is the byte stream of the encrypted file
- Keyserver is the key obtained from the encryption server. Indicates the decryption operation.
- FIG. 8 A specific application scenario of the technical solution of this embodiment is shown in FIG. 8:
- the user performs a decryption action.
- the terminal reads the card identifier, such as ICCID information, and temporarily enables the PIN code verification function to prompt the user to input the PIN code.
- the card identifier such as ICCID information
- the SIM card is locked after 3 errors. The user needs to go to the operator to unlock and reset the PIN code. If the PIN code is correct, the ICCID, IMSI, terminal identifier IMEI, cell identifier GUTI and TMSI and encrypted files store time stamps, etc.
- the terminal generates a temporary global unique identifier according to the above information in series or adopts other mixing functions, and sends the temporary global unique identifier to the network side server.
- the network side After receiving the temporary global unique identifier, the network side performs identity verification on the user (including not including whether the mobile phone and the card are reported, etc.), and if the user is an unauthorized user, the network side is the end user. Returning the failure information, the terminal displays a failure prompt; if the user identity is legal, the server is based on The temporary identification code retrieves the key that was generated and stored before.
- the network side server If the retrieval key fails, the network side server returns the failure information to the terminal user, and the terminal displays a failure prompt. If the key retrieval is successful, the server sends the key, and returns the key retrieval success information to the terminal side.
- the decryption processing module attempts to decrypt the display file according to the received key, the file is successfully decrypted, and the encrypted or hidden file is normally displayed, and the file decryption fails with an error message.
- an embodiment of the present invention provides a terminal, including:
- the data reading module 910 reads one or more pieces of data information in the terminal.
- the type of the data information is not limited.
- the software and hardware information of the terminal in this embodiment can be used.
- the unique identifier generation module 920 generates a unique identifier based on the one or more pieces of data information and sends the identifier to the server for the server to search for the pre-stored key generated according to the unique identifier according to the unique identifier.
- the unique identifier may be a globally unique identifier; in this embodiment, further, in order to ensure the uniqueness of the unique identifier, one or more pieces of data information are required to be unique, for example, may be stored in the terminal. User account information, etc.
- the decryption processing module 930 acquires a key generated by the server and decrypts the file in the terminal using the key.
- the data information in the terminal is collected and a unique identifier is generated, sent to the server, and the server searches for a key that has been generated according to the unique identifier, and the terminal acquires a key from the server to decrypt the terminal file. It can be seen that the user does not rely on the user to set the password for encryption and decryption.
- the embodiment of the present invention sends a key to the terminal for encryption and decryption according to the unique identifier of the terminal, without relying on the user setting a password. It is difficult to be illegally obtained in the server, which is beneficial to ensure the security of the terminal file.
- an embodiment of the present invention provides a terminal, including:
- the determining module 1010 obtains the information input by the user, and determines whether the information input by the user is the same as the personal password corresponding to the user identification card of the terminal. If the determination result is yes, step 720 is performed.
- the PIN code of the SIM card Personal Identification Card
- the personal password can indicate the identity of the user, so in the present embodiment, the user identity is verified using the PIN code.
- the data reading module 1020 includes an identity card reading module, a terminal identifier reading module, a network information reading module, and/or a storage time reading module, and the identity card reading module is configured to read the identity card in the terminal.
- the identification information is set to read the identification information of the terminal;
- the network information reading module is configured to read the network information of the terminal;
- the storage time reading module is configured to read the storage time information of the file.
- the identification information of the SIM card may be an ICCID (Integrate circuit card identity) or an IMSI (International Mobile Subscriber Identification Number), and the identifier information of the terminal may be an IMEI ( The International Mobile Equipment Identity (International Mobile Equipment Identity), the network information may be a Globally Unique Temporary UE Identity (GUTI) or a Temporary Mobile Subscriber Identity (TMSI).
- GUI Globally Unique Temporary UE Identity
- TMSI Temporary Mobile Subscriber Identity
- the unique identifier generating module 1030 generates a unique identifier according to the identification information of the identity identification card, the identifier information of the terminal, the network information of the terminal, and/or the storage time information of the file, and sends the unique identifier to the server, so that the server searches for the pre-stored unique identifier according to the unique identifier. Identifies the generated key.
- the manner of generating the unique identifier is not limited.
- the foregoing information may be directly connected in series, or the other information may be used to calculate the unique identifier.
- the way the server generates the key includes but is not limited to:
- the key generation formula can be expressed as:
- the encryption file process formula is:
- Key is the key
- FileEncrypted is the encrypted file byte stream, which means that after reading the byte stream of the FileByte of the original file, the key is encrypted.
- Representation operation Key value is after multiple operations, so reverse cracking is very difficult.
- the file selection module 1040 acquires the area information of the terminal, and selects a file to be decrypted from the terminal according to the area information.
- the area information may be the foregoing GUTI, and may be in the decryption process. Decrypting different files in different regions by reading the GUTI values of different cell identifiers.
- the decryption processing module 1050 obtains a key generated by the server and decrypts the file in the terminal using the key. In this embodiment, if the file is hidden, the hidden state of the file needs to be released; in this embodiment, assuming that the Keyserver is a key obtained from the network side server, the decryption process can be simply calculated by the following formula:
- FileEncryptedByte is the byte stream of the encrypted file
- Keyserver is the key obtained from the encryption server. Indicates the decryption operation.
- FIG. 8 A specific application scenario of the technical solution of this embodiment is shown in FIG. 8:
- the user performs a decryption action.
- the terminal reads the card identifier, such as the ICCID information, and the determining module enables the PIN code verification function to prompt the user to input the PIN code.
- the SIM card is locked after 3 errors. The user needs to go to the operator to unlock and reset the PIN code. If the PIN code is correct, the data reading module will read the ICCID, IMSI, terminal identifier IMEI, Cell identification GUTI and TMSI and encrypted file storage time identification, etc.
- the unique identifier generation module generates a temporary global unique identifier according to the above information in series or adopts other mixing functions, and sends the temporary global unique identifier to the network side server.
- the network side After receiving the temporary global unique identifier, the network side performs the legal verification of the identity of the user. If the user is a non-legal user, the network side returns the failure information to the terminal user, and the terminal displays a failure prompt; if the user identity is legal, the server The previously generated and stored keys are retrieved based on the temporary identification code.
- the network side server If the retrieval key fails, the network side server returns the failure information to the terminal user, and the terminal displays a failure prompt. If the key retrieval is successful, the server sends the key, and returns the key retrieval success information to the terminal side.
- the decryption processing module attempts to decrypt the display file according to the received key, the file is successfully decrypted, and the encrypted or hidden file is normally displayed, and the file decryption fails with an error message.
- the method according to the above embodiment can be implemented by means of software plus a necessary general hardware platform, and of course, by hardware, but in many cases, the former is A better implementation.
- the part of the technical solution of the present invention that contributes in essence or to the prior art can be embodied in the form of a software product.
- the computer software product is stored in a storage medium (such as a ROM/RAM, a magnetic disk, an optical disk), and includes a plurality of instructions for causing a terminal device (which may be a mobile phone, a computer, a server, or a network device) to execute the present application.
- a terminal device which may be a mobile phone, a computer, a server, or a network device
- Embodiments of the present invention also provide a storage medium.
- the foregoing storage medium may be configured to store program code for performing the following steps:
- Step S110 reading one or more pieces of data information in the terminal.
- the type of the data information is not limited.
- the software and hardware information of the terminal in this embodiment can be used.
- the terminal includes not limited to a mobile phone, a tablet, or the like.
- Step S120 Generate a unique identifier according to one or more pieces of data information and send it to the server, so that the server generates a key according to the unique identifier.
- the unique identifier may be a globally unique identifier; in this embodiment, further, in order to ensure the uniqueness of the unique identifier, one or more pieces of data information are required to be unique, for example, may be stored in the terminal. User account information, etc.
- Step S130 Acquire a key generated by the server, and encrypt the file in the terminal by using the key.
- the storage medium is further arranged to store program code for performing the following steps:
- Step S610 reading one or more pieces of data information in the terminal.
- the type of the data information is not limited.
- the software and hardware information of the terminal in this embodiment can be used.
- the terminal includes not limited to a mobile phone, a tablet, or the like.
- Step S620 Generate a unique identifier according to one or more pieces of data information and send it to the server, so that the server searches for a pre-stored key generated according to the unique identifier according to the unique identifier.
- the unique identifier may be a globally unique identifier; in this embodiment, further, in order to ensure the uniqueness of the unique identifier, one or more pieces of data information are required to be unique, for example, may be stored in the terminal. User account information, etc.
- Step S630 Acquire a key generated by the server, and decrypt the file in the terminal by using the key.
- the foregoing storage medium may include, but not limited to, a USB flash drive, a Read-Only Memory (ROM), a Random Access Memory (RAM), a mobile hard disk, and a magnetic memory.
- ROM Read-Only Memory
- RAM Random Access Memory
- a mobile hard disk e.g., a hard disk
- magnetic memory e.g., a hard disk
- modules or steps of the present invention may be Implemented by a general-purpose computing device, which may be centralized on a single computing device or distributed over a network of multiple computing devices, optionally, they may be implemented by program code executable by the computing device, such that They may be stored in a storage device by a computing device, and in some cases, the steps shown or described may be performed in an order different than that herein, or separately fabricated into individual integrated circuit modules, or Implementing multiple modules or steps in them as a single integrated circuit module.
- the invention is not limited to any specific combination of hardware and software.
- the terminal file encryption method, the terminal file decryption method, and the terminal provided by the embodiments of the present invention have the following beneficial effects: collecting data information in the terminal and generating a unique identifier, which is sent to the server and generated by the server according to the unique identifier. Key, the terminal obtains the key from the server to encrypt and decrypt the terminal file; it can be seen that the user does not rely on the user to set the password for encryption and decryption, which is different from the related art.
- the unique identifier generation key of the terminal is sent to the terminal for encryption and decryption, and the key is difficult to be illegally obtained in the server, which is beneficial to ensure the security of the terminal file.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
本发明实施例公开了一种终端文件加密方法、终端文件解密方法和终端,该终端文件加密方法包括:读取终端中的一项或多项数据信息;根据一项或多项数据信息生成唯一标识并发送到服务器,供服务器根据唯一标识生成密钥;获取服务器生成的密钥,并使用密钥对终端中的文件进行加密。本发明实施例不同于相关技术的用户自行设置密码进行加解密的方案,本发明实施例在不依赖用户设置密码的情况下,通过服务器按终端的唯一标识生成密钥发送给终端进行加解密,则密钥位于服务器中难以被非法获取,有利于保证终端文件的安全性。
Description
本发明实施例涉及数据安全技术领域,尤其涉及一种终端文件加密方法、终端文件解密方法和终端。
目前,随着手机等移动终端中大量交流软件的应用,使得用户在手机中留下的信息越来越多。如果手机丢失,用户最关心的是手机中的隐私是否被泄露;如果手机被其他人使用,用户最关心的也是手机中的重要信息是否已泄露。
所以,用户在使用手机过程中,希望对文件、图片等用户比较敏感的内容进行加密来保护。相关技术方案中,往往通过用户设置的密码进行加密,但密码容易遗失。因此,需要一种新的用于保护终端文件的加解密方案,不依赖用户进行密码输入,并保障终端文件的安全性。
发明内容
有鉴于此,本发明实施例提供了一种终端文件加密方法、终端文件解密方法和终端,以至少实现不需要用户设置密码,并保证终端文件的安全性。
本发明实施例解决上述技术问题所采用的技术方案如下:
根据本发明的一个实施例,提供的一种终端文件加密方法,包括:读取终端中的一项或多项数据信息;根据所述一项或多项数据信息生成唯一标识并发送到服务器,供所述服务器根据所述唯一标识生成密钥;获取所述服务器生成的密钥,并使用所述密钥对所述终端中的文件进行加密。
可选地,前述的方法,读取终端中的一项或多项数据信息,具体包括:读取所述终端中身份识别卡的标识信息、所述终端的标识信息、所述终端的网络信息和/或所述文件的存储时间信息。
可选地,前述的方法,在获取所述服务器生成的密钥,并使用所述密钥对所述终端中的文件进行加密之前,还包括:获取所述终端的地域信息,根据所述地域信息从所述终端中选择待加密的文件。
可选地,前述的方法,在读取终端中的一项或多项数据信息之前,还包括:获取用户输入的信息,判断所述用户输入的信息终端的与所述用户身份识别卡对应的个人密码是否相同,在判断结果为是时执行读取终端中的一项或多项数据信息。
依据本发明的另一实施例,提供的一种终端,包括:数据读取模块,设置为读取终端中的一项或多项数据信息;唯一标识生成模块,设置为根据所述一项或多项数据信息生成唯一标识并发送到服务器,供所述服务器根据所述唯一标识生成密钥;加密处理模块,设置为获取所述服务器生成的密钥,并使用所述密钥对所述终端中的文件进行加密。
可选地,前述的终端,所述数据读取模块包括身份识别卡读取模块、终端标识读取模块、网络信息读取模块和/或存储时间读取模块,所述身份识别卡读取模块设置为读取所述终端中身份识别卡的标识信息;所述终端标识读取模块设置为读取所述终端的标识信息;所述网络信息读取模块设置为读取所述终端的网络信息;所述存储时间读取模块设置为读取所述文件的存储时间信息。
可选地,前述的终端,还包括:文件选择模块,设置为获取所述终端的地域信息,根据所述地域信息从所述终端中选择待加密的文件。
可选地,前述的终端,还包括:判断模块,设置为获取用户输入的信息,判断所述用户输入的信息终端的与所述用户身份识别卡对应的个人密码是否相同,在判断结果为是时执行读取终端中的一项或多项数据信息。
依据本发明的另一实施例,提供的一种终端文件解密方法,包括:读取终端中的一项或多项数据信息;根据所述一项或多项数据信息生成唯一标识并发送到服务器,供所述服务器根据所述唯一标识查找预存储的根据所述唯一标识生成的密钥;获取所述服务器生成的密钥,并使用所述密钥对所述终端中的文件进行解密。
可选地,前述的方法,读取终端中的一项或多项数据信息,具体包括:读取所述终端中身份识别卡的标识信息、所述终端的标识信息、所述终端的网络
信息和/或所述文件的存储时间信息。
可选地,前述的方法,在获取所述服务器生成的密钥,并使用所述密钥对所述终端中的文件进行解密之前,还包括:获取所述终端的地域信息,根据所述地域信息从所述终端中选择待解密的文件。
可选地,前述的方法,在读取终端中的一项或多项数据信息之前,还包括:获取用户输入的信息,判断所述用户输入的信息与所述终端的用户身份识别卡对应的个人密码是否相同,在判断结果为是时执行读取终端中的一项或多项数据信息。
依据本发明的另一实施例,提供的一种终端,包括:数据读取模块,设置为读取终端中的一项或多项数据信息;唯一标识生成模块,设置为根据所述一项或多项数据信息生成唯一标识并发送到服务器,供所述服务器根据所述唯一标识查找预存储的根据所述唯一标识生成的密钥;解密处理模块,设置为获取所述服务器生成的密钥,并使用所述密钥对所述终端中的文件进行解密。
可选地,前述的终端,所述数据读取模块包括身份识别卡读取模块、终端标识读取模块、网络信息读取模块和/或存储时间读取模块,所述身份识别卡读取模块设置为读取所述终端中身份识别卡的标识信息;所述终端标识读取模块设置为读取所述终端的标识信息;所述网络信息读取模块设置为读取所述终端的网络信息;所述存储时间读取模块设置为读取所述文件的存储时间信息。
可选地,前述的终端,还包括:文件选择模块,设置为获取所述终端的地域信息,根据所述地域信息从所述终端中选择待解密的文件。
可选地,前述的终端,还包括:判断模块,设置为获取用户输入的信息,判断所述用户输入的信息与所述终端的用户身份识别卡对应的个人密码是否相同,在判断结果为是时执行读取终端中的一项或多项数据信息。
根据以上技术方案,本发明实施例的终端文件加密方法、终端文件解密方法和终端至少具有以下优点:
在本发明实施例的技术方案中,收集终端中的数据信息并生成唯一标识,发送给服务器并由服务器根据唯一标识生成密钥,终端从服务器获取密钥进行对终端文件的加解密;可见不同于相关技术的用户自行设置密码进行加解密的方案,本发明实施例在不依赖用户设置密码的情况下,通过服务器按终端的唯
一标识生成密钥发送给终端进行加解密,则密钥位于服务器中难以被非法获取,有利于保证终端文件的安全性。
图1为本发明实施例的一个实施例的终端文件加密方法的流程图;
图2为本发明实施例的一个实施例的终端文件加密方法的流程图;
图3为本发明实施例的一个实施例的终端文件加密方法的工作流程图;
图4为本发明实施例的一个实施例的终端的框图;
图5为本发明实施例的一个实施例的终端的框图;
图6为本发明实施例的一个实施例的终端文件解密方法的流程图;
图7为本发明实施例的一个实施例的终端文件解密方法的流程图;
图8为本发明实施例的一个实施例的终端文件解密方法的工作流程图;
图9为本发明实施例的一个实施例的终端的框图;
图10为本发明实施例的一个实施例的终端的框图。
本发明目的的实现、功能特点及优点将结合实施例,参照附图做进一步说明。
为了使本发明所要解决的技术问题、技术方案及有益效果更加清楚、明白,以下结合附图和实施例,对本发明进行进一步详细说明。应当理解,此处所描述的具体实施例仅仅用以解释本发明,并不用于限定本发明。
如图1所示,本发明的一个实施例中提供了一种终端文件加密方法,包括:
步骤S110,读取终端中的一项或多项数据信息。在本实施例中,对数据信息的类型不进行限制,例如,本实施例中终端的软硬件信息均可以使用。终端包括不限于手机、平板电脑等。
步骤S120,根据一项或多项数据信息生成唯一标识并发送到服务器,供服务器根据唯一标识生成密钥。在本实施例中,该唯一标识可以是全球唯一标识;
在本实施例中,进一步地,为了保证唯一标识的唯一性,要求一项或多项数据信息具有唯一性,例如可以是终端中存储的用户账号信息等。
步骤S130,获取服务器生成的密钥,并使用密钥对终端中的文件进行加密。
根据本实施例的技术方案,收集终端中的数据信息并生成唯一标识,发送给服务器并由服务器根据唯一标识生成密钥,终端从服务器获取密钥进行对终端文件的加解密;可见不同于相关技术的用户自行设置密码进行加解密的方案,本发明实施例在不依赖用户设置密码的情况下,通过服务器按终端的唯一标识生成密钥发送给终端进行加解密,则密钥位于服务器中难以被非法获取,有利于保证终端文件的安全性。
如图2所示,本发明的一个实施例中提供了一种终端文件加密方法,包括:
步骤S210,获取用户输入的信息,判断用户输入的信息终端的与用户身份识别卡对应的个人密码是否相同,在判断结果为是时执行步骤S220。在本实施例中,由于对文件进行加解密为较重要的操作,此时需要验证用户的身份,其中SIM卡(用户身份识别卡)的PIN码(Personal Identification Number,个人密码)能够指示用户的身份,所以在本实施例中利用PIN码对用户身份进行验证。
步骤S220,读取终端中身份识别卡的标识信息、终端的标识信息、终端的网络信息和/或文件的存储时间信息。在本实施例中,SIM卡的标识信息可以是ICCID(Integrate circuit card identity,集成电路卡识别码)或IMSI(Internat ional Mobile Subscriber Identification Number,国际移动用户识别码),终端的标识信息可以是IMEI(International Mobile Equipment Identity,国际移动设备标识),网络信息可以是GUTI(Globally Unique Temporary UE Identity,全球唯一临时UE标识)或TMSI(Temporary Mobile Subscriber Identity,临时识别码)。利用上述数据信息的优点在于:在终端正常使用过程中,必然可以从终端中获取到上述数据信息,不需要用户进行设置。
步骤S230,根据终端中身份识别卡的标识信息、终端的标识信息、终端的网络信息和/或文件的存储时间信息生成唯一标识并发送到服务器,供服务器根
据唯一标识生成密钥。在本实施例中,对于生成唯一标识的方式不进行限制,例如,可以直接将上述信息串联,也可以利用其它函数对上述信息进行运算得到唯一标识。基于上述信息,服务器生成密钥的方式包括但不限于:
密钥的生成公式可以表示为:
加密文件过程公式为:
其中,Key是密钥,FileEncrypted是加密后的文件字节流,表示读取原始文件的按照字节的FileByte的字节流后,按Key进行加密。表示运算,Key值是经过多次运算的,因此反向破解也是非常难的。
步骤S240,获取终端的地域信息,根据地域信息从终端中选择待加密的文件。在本实施例中,地域信息可以是前述的GUTI,在加密过程中可以通过读取不同小区标识的GUTI值实现在不同地域加密不同的文件。
步骤S250,获取服务器生成的密钥,并使用密钥对终端中的文件进行加密。在本实施例中,为进一步保证文件安全,还对加密后的数据进行隐藏。
本实施例的技术方案的一个具体应用场景如图3所示:
1、用户办理SIM卡,运营商告知用户SIM卡的PIN码;
2、用户选择要加密和隐藏的文件。
3、终端读取SIM卡标识,例如ICCID信息,并临时启用PIN校验功能,提示用户输入PIN码。
4、如果PIN码错误,则SIM卡被锁死,用户需到运营商进行解锁和重置PIN码,如果PIN码正确将读取ICCID、IMSI,终端标识IMEI、小区标识GUTI和TMSI和加密文件存储时间标识等。
5、终端根据如上信息串联或者采用其他混合函数生成一个临时全球唯一标识,并发送此临时全球唯一标识到网络侧的服务器。
6、网络侧服务器接收到此临时全球唯一标识后,对该用户进行身份合法校验(包括不限于此手机和卡有没有被挂失等等),并询问用户是否生成并存储新的密钥或是否更改已有的密钥,如果该用户不存储该密钥或不更改已有的密钥,
服务器向终端用户返回失败信息,终端显示更改提示或错误提示;如果用户需要生成密钥,服务器根据临时的唯一标识生成密钥,按照预先设定的算法生成临时密钥,存储该密钥并向终端侧返回成功信息,同时终端根据该密钥,按照预先设定的算法加密文件并隐藏文件。
如图4所示,本发明的一个实施例中提供了一种终端,包括:
数据读取模块410,读取终端中的一项或多项数据信息。在本实施例中,对数据信息的类型不进行限制,例如,本实施例中终端的软硬件信息均可以使用。
唯一标识生成模块420,根据一项或多项数据信息生成唯一标识并发送到服务器,供服务器根据唯一标识生成密钥。在本实施例中,该唯一标识可以是全球唯一标识;在本实施例中,进一步地,为了保证唯一标识的唯一性,要求一项或多项数据信息具有唯一性,例如可以是终端中存储的用户账号信息等。
加密处理模块430,获取服务器生成的密钥,并使用密钥对终端中的文件进行加密。
根据本实施例的技术方案,收集终端中的数据信息并生成唯一标识,发送给服务器并由服务器根据唯一标识生成密钥,终端从服务器获取密钥进行对终端文件的加解密;可见不同于相关技术的用户自行设置密码进行加解密的方案,本发明实施例在不依赖用户设置密码的情况下,通过服务器按终端的唯一标识生成密钥发送给终端进行加解密,则密钥位于服务器中难以被非法获取,有利于保证终端文件的安全性。
如图5所示,本发明的一个实施例中提供了一种终端,包括:
判断模块510,获取用户输入的信息,判断用户输入的信息终端的与用户身份识别卡对应的个人密码是否相同,在判断结果为是时数据读取模块520进入工作。在本实施例中,由于对文件进行加解密为较重要的操作,此时需要验证用户的身份,其中SIM卡(用户身份识别卡)的PIN码(Personal Identification Number,个人密码)能够指示用户的身份,所以在本实施例中利用PIN码对用户身份进行验证。
数据读取模块520,包括身份识别卡读取模块、终端标识读取模块、网络信
息读取模块和/或存储时间读取模块,身份识别卡读取模块设置为读取终端中身份识别卡的标识信息;终端标识读取模块设置为读取终端的标识信息;网络信息读取模块设置为读取终端的网络信息;存储时间读取模块设置为读取文件的存储时间信息。在本实施例中,SIM卡的标识信息可以是ICCID(Integrate circuit card identity,集成电路卡识别码)或IMSI(International Mobile Subscriber Identification Number,国际移动用户识别码),终端的标识信息可以是IMEI(International Mobile Equipment Identity,国际移动设备标识),网络信息可以是GUTI(Globally Unique Temporary UE Identity,全球唯一临时UE标识)或TMSI(Temporary Mobile Subscriber Identity,临时识别码)。利用上述数据信息的优点在于:在终端正常使用过程中,必然可以从终端中获取到上述数据信息,不需要用户进行设置。
唯一标识生成模块530,根据终端中身份识别卡的标识信息、终端的标识信息、终端的网络信息和/或文件的存储时间信息生成唯一标识并发送到服务器,供服务器根据唯一标识生成密钥。在本实施例中,对于生成唯一标识的方式不进行限制,例如,可以直接将上述信息串联,也可以利用其它函数对上述信息进行运算得到唯一标识。基于上述信息,服务器生成密钥的方式包括但不限于:
密钥的生成公式可以表示为:
加密文件过程公式为:
其中,Key是密钥,FileEncrypted是加密后的文件字节流,表示读取原始文件的按照字节的FileByte的字节流后,按Key进行加密。表示运算,Key值是经过多次运算的,因此反向破解也是非常难的。
文件选择模块540,获取终端的地域信息,根据地域信息从终端中选择待加密的文件。在本实施例中,地域信息可以是前述的GUTI,在加密过程中可以通过读取不同小区标识的GUTI值实现在不同地域加密不同的文件。
加密处理模块550,获取服务器生成的密钥,并使用密钥对终端中的文件进行加密。在本实施例中,为进一步保证文件安全,还对加密后的数据进行隐藏。
本实施例的技术方案的一个具体应用场景如图3所示:
1、用户办理SIM卡,运营商告知用户SIM卡的PIN码;
2、用户选择要加密和隐藏的文件。
3、终端读取SIM卡标识,例如ICCID信息,判断模块临时启用PIN校验功能,提示用户输入PIN码;
4、如果PIN码错误,则SIM卡被锁死,用户需到运营商进行解锁和重置PIN码,如果PIN码正确身份识别卡读取模块、终端标识读取模块、网络信息读取模块、存储时间读取模块将读取ICCID、IMSI,终端标识IMEI、小区标识GUTI和TMSI和加密文件存储时间标识等;
5、唯一标识生成模块根据如上信息串联或者采用其他混合函数生成一个临时全球唯一标识,并发送此临时全球唯一标识到网络侧的服务器。
6、网络侧服务器接收到此临时全球唯一标识后,对该用户进行身份合法校验,并询问用户是否生成并存储新的密钥或是否更改已有的密钥,如果该用户不存储该密钥或不更改已有的密钥,服务器向终端用户返回失败信息,终端显示不更改提示或错误提示;如果用户需要生成密钥,服务器根据临时的唯一标识生成密钥,按照预先设定的算法生成临时密钥,存储该密钥并向终端侧返回成功信息,同时加密处理模块根据该密钥,按照预先设定的算法加密文件并隐藏文件。
如图6所示,本发明的一个实施例中提供了一种终端文件解密方法,包括:
步骤S610,读取终端中的一项或多项数据信息。在本实施例中,对数据信息的类型不进行限制,例如,本实施例中终端的软硬件信息均可以使用。终端包括不限于手机、平板电脑等。
步骤S620,根据一项或多项数据信息生成唯一标识并发送到服务器,供服务器根据唯一标识查找预存储的根据唯一标识生成的密钥。在本实施例中,该唯一标识可以是全球唯一标识;在本实施例中,进一步地,为了保证唯一标识的唯一性,要求一项或多项数据信息具有唯一性,例如可以是终端中存储的用户账号信息等。
步骤S630,获取服务器生成的密钥,并使用密钥对终端中的文件进行解密。
根据本实施例的技术方案,收集终端中的数据信息并生成唯一标识,发送
给服务器,并由服务器查找已根据该唯一标识生成的密钥,终端从服务器获取密钥进行对终端文件的解密;可见不同于相关技术的用户自行设置密码进行加解密的方案,本发明实施例在不依赖用户设置密码的情况下,通过服务器按终端的唯一标识生成密钥发送给终端进行加解密,则密钥位于服务器中难以被非法获取,有利于保证终端文件的安全性。
如图7所示,本发明的一个实施例中提供了一种终端文件解密方法,包括:
步骤S710,获取用户输入的信息,判断用户输入的信息与终端的用户身份识别卡对应的个人密码是否相同,在判断结果为是时执行步骤720。在本实施例中,由于对文件进行加解密为较重要的操作,此时需要验证用户的身份,其中SIM卡(用户身份识别卡)的PIN码(Personal Identification Number,个人密码)能够指示用户的身份,所以在本实施例中利用PIN码对用户身份进行验证。
步骤S720,读取终端中身份识别卡的标识信息、终端的标识信息、终端的网络信息和/或文件的存储时间信息。在本实施例中,SIM卡的标识信息可以是ICCID(Integrate circuit card identity,集成电路卡识别码)或IMSI(International Mobile Subscriber Identification Number,国际移动用户识别码),终端的标识信息可以是IMEI(International Mobile Equipment Identity,国际移动设备标识),网络信息可以是GUTI(Globally Unique Temporary UE Identity,全球唯一临时UE标识)或TMSI(Temporary Mobile Subscriber Identity,临时识别码)。利用上述数据信息的优点在于:在终端正常使用过程中,必然可以从终端中获取到上述数据信息,不需要用户进行设置。
步骤S730,根据身份识别卡的标识信息、终端的标识信息、终端的网络信息和/或文件的存储时间信息生成唯一标识并发送到服务器,供服务器根据唯一标识查找预存储的根据唯一标识生成的密钥。在本实施例中,对于生成唯一标识的方式不进行限制,例如,可以直接将上述信息串联,也可以利用其它函数对上述信息进行运算得到唯一标识。基于上述信息,服务器生成密钥的方式包括但不限于:
密钥的生成公式可以表示为:
加密文件过程公式为:
其中,Key是密钥,FileEncrypted是加密后的文件字节流,表示读取原始文件的按照字节的FileByte的字节流后,按Key进行加密。表示运算,Key值是经过多次运算的,因此反向破解也是非常难的。
步骤S740,获取终端的地域信息,根据地域信息从终端中选择待解密的文件。在本实施例中,地域信息可以是前述的GUTI,在解密过程中可以通过读取不同小区标识的GUTI值实现在不同地域解密不同的文件。
步骤S750,获取服务器生成的密钥,并使用密钥对终端中的文件进行解密。在本实施例中,如文件被隐藏,还需要解除文件的隐藏状态;在本实施例中,假定Keyserver是从网络侧服务器获取到的密钥,那么解密过程可以简单的用如下公式算出来:
本实施例的技术方案的一个具体应用场景如图8所示:
1、用户执行解密动作。
2、终端读取卡标识,例如ICCID信息,并且临时启用PIN码校验功能提示用户输入PIN码。
3、如果输入PIN码错误,错误3次后SIM卡被锁死,用户需到运营商进行解锁和重置PIN码;如果PIN码正确将读取ICCID、IMSI,终端标识IMEI、小区标识GUTI和TMSI和加密文件存储时间标识等。
4、终端根据如上信息串联或者采用其他混合函数生成一个临时全球唯一标识,并发送此临时全球唯一标识到网络侧服务器。
5、网络侧接收到此临时全球唯一标识后,对该用户进行身份合法校验(包括不限于此手机和卡有没有被挂失等等),如果该用户为非合法用户,网络侧向终端用户返回失败信息,终端显示失败提示;如果用户身份合法,服务器根据
临时标识码检索之前生成和存储的密钥。
6、如果检索密钥失败,网络侧服务器向终端用户返回失败信息,终端显示失败提示,如果密钥检索成功,服务器发送此密钥,并向终端侧返回密钥检索成功的信息。
7、解密处理模块根据收到的密钥尝试解密显示文件,文件解密成功,正常显示被加密或隐藏的文件,文件解密失败提示错误信息。
如图9所示,本发明的一个实施例中提供了一种终端,包括:
数据读取模块910,读取终端中的一项或多项数据信息。在本实施例中,对数据信息的类型不进行限制,例如,本实施例中终端的软硬件信息均可以使用。
唯一标识生成模块920,根据一项或多项数据信息生成唯一标识并发送到服务器,供服务器根据唯一标识查找预存储的根据唯一标识生成的密钥。在本实施例中,该唯一标识可以是全球唯一标识;在本实施例中,进一步地,为了保证唯一标识的唯一性,要求一项或多项数据信息具有唯一性,例如可以是终端中存储的用户账号信息等。
解密处理模块930,获取服务器生成的密钥,并使用密钥对终端中的文件进行解密。
根据本实施例的技术方案,收集终端中的数据信息并生成唯一标识,发送给服务器,并由服务器查找已根据该唯一标识生成的密钥,终端从服务器获取密钥进行对终端文件的解密;可见不同于相关技术的用户自行设置密码进行加解密的方案,本发明实施例在不依赖用户设置密码的情况下,通过服务器按终端的唯一标识生成密钥发送给终端进行加解密,则密钥位于服务器中难以被非法获取,有利于保证终端文件的安全性。
如图10所示,本发明的一个实施例中提供了一种终端,包括:
判断模块1010,获取用户输入的信息,判断用户输入的信息与终端的用户身份识别卡对应的个人密码是否相同,在判断结果为是时执行步骤720。在本实施例中,由于对文件进行加解密为较重要的操作,此时需要验证用户的身份,其中SIM卡(用户身份识别卡)的PIN码(Personal Identification Number,
个人密码)能够指示用户的身份,所以在本实施例中利用PIN码对用户身份进行验证。
数据读取模块1020,包括身份识别卡读取模块、终端标识读取模块、网络信息读取模块和/或存储时间读取模块,身份识别卡读取模块设置为读取终端中身份识别卡的标识信息;终端标识读取模块设置为读取终端的标识信息;网络信息读取模块设置为读取终端的网络信息;存储时间读取模块设置为读取文件的存储时间信息。在本实施例中,SIM卡的标识信息可以是ICCID(Integrate circuit card identity,集成电路卡识别码)或IMSI(International Mobile Subscriber Identification Number,国际移动用户识别码),终端的标识信息可以是IMEI(International Mobile Equipment Identity,国际移动设备标识),网络信息可以是GUTI(Globally Unique Temporary UE Identity,全球唯一临时UE标识)或TMSI(Temporary Mobile Subscriber Identity,临时识别码)。利用上述数据信息的优点在于:在终端正常使用过程中,必然可以从终端中获取到上述数据信息,不需要用户进行设置。
唯一标识生成模块1030,根据身份识别卡的标识信息、终端的标识信息、终端的网络信息和/或文件的存储时间信息生成唯一标识并发送到服务器,供服务器根据唯一标识查找预存储的根据唯一标识生成的密钥。在本实施例中,对于生成唯一标识的方式不进行限制,例如,可以直接将上述信息串联,也可以利用其它函数对上述信息进行运算得到唯一标识。基于上述信息,服务器生成密钥的方式包括但不限于:
密钥的生成公式可以表示为:
加密文件过程公式为:
其中,Key是密钥,FileEncrypted是加密后的文件字节流,表示读取原始文件的按照字节的FileByte的字节流后,按Key进行加密。表示运算,Key值是经过多次运算的,因此反向破解也是非常难的。
文件选择模块1040,获取终端的地域信息,根据地域信息从终端中选择待解密的文件。在本实施例中,地域信息可以是前述的GUTI,在解密过程中可以
通过读取不同小区标识的GUTI值实现在不同地域解密不同的文件。
解密处理模块1050,获取服务器生成的密钥,并使用密钥对终端中的文件进行解密。在本实施例中,如文件被隐藏,还需要解除文件的隐藏状态;在本实施例中,假定Keyserver是从网络侧服务器获取到的密钥,那么解密过程可以简单的用如下公式算出来:
本实施例的技术方案的一个具体应用场景如图8所示:
1、用户执行解密动作。
2、终端读取卡标识,例如ICCID信息,判断模块启用PIN码校验功能提示用户输入PIN码。
3、如果输入PIN码错误,错误3次后SIM卡被锁死,用户需到运营商进行解锁和重置PIN码;如果PIN码正确数据读取模块将读取ICCID、IMSI,终端标识IMEI、小区标识GUTI和TMSI和加密文件存储时间标识等。
4、唯一标识生成模块根据如上信息串联或者采用其他混合函数生成一个临时全球唯一标识,并发送此临时全球唯一标识到网络侧服务器。
5、网络侧接收到此临时全球唯一标识后,对该用户进行身份合法校验,如果该用户为非合法用户,网络侧向终端用户返回失败信息,终端显示失败提示;如果用户身份合法,服务器根据临时标识码检索之前生成和存储的密钥。
6、如果检索密钥失败,网络侧服务器向终端用户返回失败信息,终端显示失败提示,如果密钥检索成功,服务器发送此密钥,并向终端侧返回密钥检索成功的信息。
7、解密处理模块根据收到的密钥尝试解密显示文件,文件解密成功,正常显示被加密或隐藏的文件,文件解密失败提示错误信息。
通过以上的实施方式的描述,本领域的技术人员可以清楚地了解到根据上述实施例的方法可借助软件加必需的通用硬件平台的方式来实现,当然也可以通过硬件,但很多情况下前者是更佳的实施方式。基于这样的理解,本发明的技术方案本质上或者说对现有技术做出贡献的部分可以以软件产品的形式体现
出来,该计算机软件产品存储在一个存储介质(如ROM/RAM、磁碟、光盘)中,包括若干指令用以使得一台终端设备(可以是手机,计算机,服务器,或者网络设备等)执行本发明各个实施例所述的方法。
本发明的实施例还提供了一种存储介质。可选地,在本实施例中,上述存储介质可以被设置为存储用于执行以下步骤的程序代码:
步骤S110,读取终端中的一项或多项数据信息。在本实施例中,对数据信息的类型不进行限制,例如,本实施例中终端的软硬件信息均可以使用。终端包括不限于手机、平板电脑等。
步骤S120,根据一项或多项数据信息生成唯一标识并发送到服务器,供服务器根据唯一标识生成密钥。在本实施例中,该唯一标识可以是全球唯一标识;在本实施例中,进一步地,为了保证唯一标识的唯一性,要求一项或多项数据信息具有唯一性,例如可以是终端中存储的用户账号信息等。
步骤S130,获取服务器生成的密钥,并使用密钥对终端中的文件进行加密。
可选地,存储介质还被设置为存储用于执行以下步骤的程序代码:
步骤S610,读取终端中的一项或多项数据信息。在本实施例中,对数据信息的类型不进行限制,例如,本实施例中终端的软硬件信息均可以使用。终端包括不限于手机、平板电脑等。
步骤S620,根据一项或多项数据信息生成唯一标识并发送到服务器,供服务器根据唯一标识查找预存储的根据唯一标识生成的密钥。在本实施例中,该唯一标识可以是全球唯一标识;在本实施例中,进一步地,为了保证唯一标识的唯一性,要求一项或多项数据信息具有唯一性,例如可以是终端中存储的用户账号信息等。
步骤S630,获取服务器生成的密钥,并使用密钥对终端中的文件进行解密。
可选地,在本实施例中,上述存储介质可以包括但不限于:U盘、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、移动硬盘、磁碟或者光盘等各种可以存储程序代码的介质。
可选地,本实施例中的具体示例可以参考上述实施例及可选实施方式中所描述的示例,本实施例在此不再赘述。
显然,本领域的技术人员应该明白,上述的本发明的各模块或各步骤可以
用通用的计算装置来实现,它们可以集中在单个的计算装置上,或者分布在多个计算装置所组成的网络上,可选地,它们可以用计算装置可执行的程序代码来实现,从而,可以将它们存储在存储装置中由计算装置来执行,并且在某些情况下,可以以不同于此处的顺序执行所示出或描述的步骤,或者将它们分别制作成各个集成电路模块,或者将它们中的多个模块或步骤制作成单个集成电路模块来实现。这样,本发明不限制于任何特定的硬件和软件结合。
以上参照附图说明了本发明的优选实施例,并非因此局限本发明的权利范围。本领域技术人员不脱离本发明的范围和实质,可以有多种变型方案实现本发明,比如作为一个实施例的特征可用于另一实施例而得到又一实施例。凡在运用本发明的技术构思之内所作的任何修改、等同替换和改进,均应在本发明的权利范围之内。
如上所述,本发明实施例提供的一种终端文件加密方法、终端文件解密方法和终端,具有以下有益效果:收集终端中的数据信息并生成唯一标识,发送给服务器并由服务器根据唯一标识生成密钥,终端从服务器获取密钥进行对终端文件的加解密;可见不同于相关技术的用户自行设置密码进行加解密的方案,本发明实施例在不依赖用户设置密码的情况下,通过服务器按终端的唯一标识生成密钥发送给终端进行加解密,则密钥位于服务器中难以被非法获取,有利于保证终端文件的安全性。
Claims (12)
- 一种终端文件加密方法,包括:读取终端中的一项或多项数据信息;根据所述一项或多项数据信息生成唯一标识并发送到服务器,供所述服务器根据所述唯一标识生成密钥;获取所述服务器生成的密钥,并使用所述密钥对所述终端中的文件进行加密。
- 根据权利要求1所述的方法,其中,读取终端中的一项或多项数据信息,具体包括:读取所述终端中身份识别卡的标识信息、所述终端的标识信息、所述终端的网络信息和/或所述文件的存储时间信息。
- 根据权利要求1所述的方法,其中,在获取所述服务器生成的密钥,并使用所述密钥对所述终端中的文件进行加密之前,还包括:获取所述终端的地域信息,根据所述地域信息从所述终端中选择待加密的文件。
- 根据权利要求1至3任一项所述的方法,其中,在读取终端中的一项或多项数据信息之前,还包括:获取用户输入的信息,判断所述用户输入的信息终端的与所述用户身份识别卡对应的个人密码是否相同,在判断结果为是时执行读取终端中的一项或多项数据信息。
- 一种终端,包括:数据读取模块,设置为读取终端中的一项或多项数据信息;唯一标识生成模块,设置为根据所述一项或多项数据信息生成唯一标识并发送到服务器,供所述服务器根据所述唯一标识生成密钥;加密处理模块,设置为获取所述服务器生成的密钥,并使用所述密钥对所述终端中的文件进行加密。
- 根据权利要求5所述的终端,其中,所述数据读取模块包括身份识别卡读取模块、终端标识读取模块、网络信息读取模块和/或存储时间读取模块,所述身份识别卡读取模块设置为读取所述终端中身份识别卡的标识信息;所述终端标识读取模块设置为读取所述终端的标识信息;所述网络信息读取模块设置为读取所述终端的网络信息;所述存储时间读取模块设置为读取所述文件的存储时间信息。
- 根据权利要求5所述的终端,其中,还包括:文件选择模块,设置为获取所述终端的地域信息,根据所述地域信息从所述终端中选择待加密的文件。
- 根据权利要求5至7任一项所述的终端,其中,还包括:判断模块,设置为获取用户输入的信息,判断所述用户输入的信息终端的与所述用户身份识别卡对应的个人密码是否相同,在判断结果为是时执行读取终端中的一项或多项数据信息。
- 一种终端文件解密方法,包括:读取终端中的一项或多项数据信息;根据所述一项或多项数据信息生成唯一标识并发送到服务器,供所述服务器根据所述唯一标识查找预存储的根据所述唯一标识生成的密钥;获取所述服务器生成的密钥,并使用所述密钥对所述终端中的文件进行解密。
- 一种终端,包括:数据读取模块,设置为读取终端中的一项或多项数据信息;唯一标识生成模块,设置为根据所述一项或多项数据信息生成唯一标识并发送到服务器,供所述服务器根据所述唯一标识查找预存储的根据所述唯一标识生成的密钥;解密处理模块,设置为获取所述服务器生成的密钥,并使用所述密钥对所述终端中的文件进行解密。
- 一种存储介质,设置为存储用于执行如权利要求1至4中任一项所述的终端文件加密方法的计算机程序。
- 一种存储介质,设置为存储用于执行如权利要求9所述的终端文件解密方法的计算机程序。
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610348798.8 | 2016-05-24 | ||
CN201610348798.8A CN107426723A (zh) | 2016-05-24 | 2016-05-24 | 终端文件加密方法、终端文件解密方法和终端 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2017202025A1 true WO2017202025A1 (zh) | 2017-11-30 |
Family
ID=60411096
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2017/000057 WO2017202025A1 (zh) | 2016-05-24 | 2017-01-03 | 终端文件加密方法、终端文件解密方法和终端 |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN107426723A (zh) |
WO (1) | WO2017202025A1 (zh) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110830243A (zh) * | 2019-10-18 | 2020-02-21 | 中国第一汽车股份有限公司 | 对称密钥分发方法、装置、车辆及存储介质 |
CN110912680A (zh) * | 2019-11-26 | 2020-03-24 | 福建汉特云智能科技有限公司 | 一种提高车况数据安全性的数据传输方法及存储介质 |
CN111460479A (zh) * | 2020-03-31 | 2020-07-28 | 广东培正学院 | 图库加密管理系统 |
CN111814182A (zh) * | 2020-07-01 | 2020-10-23 | 天津联想超融合科技有限公司 | 一种文件加密方法、解密方法、设备及存储介质 |
CN112668024A (zh) * | 2020-12-31 | 2021-04-16 | 浙江威星智能仪表股份有限公司 | 一种燃气表表端数据防止篡改的方法 |
CN113141329A (zh) * | 2020-01-16 | 2021-07-20 | 中移(上海)信息通信科技有限公司 | 大数据挖掘方法、装置、设备和存储介质 |
Families Citing this family (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108377319B (zh) * | 2018-03-15 | 2020-04-17 | 北京顶象技术有限公司 | 图片传输方法及装置 |
CN112566124B (zh) * | 2019-09-25 | 2024-06-18 | 紫光同芯微电子有限公司 | 密钥生成及加解密方法、装置以及sim卡芯片 |
CN110572828B (zh) * | 2019-10-24 | 2020-09-08 | 山东省计算中心(国家超级计算济南中心) | 基于国密算法的物联网安全认证方法、系统及终端 |
CN113132081A (zh) * | 2019-12-31 | 2021-07-16 | 国民技术股份有限公司 | 一种用户信息加密、解密方法及装置、设备和存储介质 |
CN111651786B (zh) * | 2020-05-22 | 2024-04-23 | 北京中兴恒工程咨询有限公司 | 一种办公信息管理方法及系统 |
CN113890730B (zh) * | 2021-09-23 | 2024-09-20 | 上海华兴数字科技有限公司 | 数据传输方法及系统 |
CN114448633B (zh) * | 2022-04-08 | 2022-06-21 | 南京易科腾信息技术有限公司 | 基于量子密钥的文件加密方法、装置、电子设备及介质 |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102938032A (zh) * | 2012-10-17 | 2013-02-20 | 中兴通讯股份有限公司 | 一种对通讯终端上应用程序加、解密的方法、系统和终端 |
CN103813314A (zh) * | 2012-11-09 | 2014-05-21 | 华为技术有限公司 | 软sim卡的启用方法及入网方法及终端及网络接入设备 |
CN104102858A (zh) * | 2013-04-07 | 2014-10-15 | 中兴通讯股份有限公司 | 应用程序加密处理方法、装置和终端 |
CN104378203A (zh) * | 2013-08-15 | 2015-02-25 | 腾讯科技(深圳)有限公司 | 信息鉴权方法、装置及终端 |
US20150281224A1 (en) * | 2010-03-29 | 2015-10-01 | Verifone, Inc. | Password-protected physical transfer of password-protected devices |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101640590B (zh) * | 2009-05-26 | 2012-01-11 | 深圳市安捷信联科技有限公司 | 一种获取标识密码算法私钥的方法和密码中心 |
CN103051641A (zh) * | 2013-01-17 | 2013-04-17 | 中国银行股份有限公司 | 多客户端密钥更新方法和系统及信息安全传输方法 |
CN104537313B (zh) * | 2014-12-04 | 2017-08-08 | 阔地教育科技有限公司 | 一种数据保护方法、终端和服务器 |
-
2016
- 2016-05-24 CN CN201610348798.8A patent/CN107426723A/zh active Pending
-
2017
- 2017-01-03 WO PCT/CN2017/000057 patent/WO2017202025A1/zh active Application Filing
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20150281224A1 (en) * | 2010-03-29 | 2015-10-01 | Verifone, Inc. | Password-protected physical transfer of password-protected devices |
CN102938032A (zh) * | 2012-10-17 | 2013-02-20 | 中兴通讯股份有限公司 | 一种对通讯终端上应用程序加、解密的方法、系统和终端 |
CN103813314A (zh) * | 2012-11-09 | 2014-05-21 | 华为技术有限公司 | 软sim卡的启用方法及入网方法及终端及网络接入设备 |
CN104102858A (zh) * | 2013-04-07 | 2014-10-15 | 中兴通讯股份有限公司 | 应用程序加密处理方法、装置和终端 |
CN104378203A (zh) * | 2013-08-15 | 2015-02-25 | 腾讯科技(深圳)有限公司 | 信息鉴权方法、装置及终端 |
Cited By (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110830243A (zh) * | 2019-10-18 | 2020-02-21 | 中国第一汽车股份有限公司 | 对称密钥分发方法、装置、车辆及存储介质 |
CN110830243B (zh) * | 2019-10-18 | 2023-06-09 | 中国第一汽车股份有限公司 | 对称密钥分发方法、装置、车辆及存储介质 |
CN110912680A (zh) * | 2019-11-26 | 2020-03-24 | 福建汉特云智能科技有限公司 | 一种提高车况数据安全性的数据传输方法及存储介质 |
CN110912680B (zh) * | 2019-11-26 | 2023-06-27 | 福建汉特云智能科技有限公司 | 一种提高车况数据安全性的数据传输方法及存储介质 |
CN113141329A (zh) * | 2020-01-16 | 2021-07-20 | 中移(上海)信息通信科技有限公司 | 大数据挖掘方法、装置、设备和存储介质 |
CN113141329B (zh) * | 2020-01-16 | 2023-04-18 | 中移(上海)信息通信科技有限公司 | 大数据挖掘方法、装置、设备和存储介质 |
CN111460479A (zh) * | 2020-03-31 | 2020-07-28 | 广东培正学院 | 图库加密管理系统 |
CN111460479B (zh) * | 2020-03-31 | 2023-02-14 | 广东培正学院 | 图库加密管理系统 |
CN111814182A (zh) * | 2020-07-01 | 2020-10-23 | 天津联想超融合科技有限公司 | 一种文件加密方法、解密方法、设备及存储介质 |
CN112668024A (zh) * | 2020-12-31 | 2021-04-16 | 浙江威星智能仪表股份有限公司 | 一种燃气表表端数据防止篡改的方法 |
CN112668024B (zh) * | 2020-12-31 | 2024-03-15 | 浙江威星智能仪表股份有限公司 | 一种燃气表表端数据防止篡改的方法 |
Also Published As
Publication number | Publication date |
---|---|
CN107426723A (zh) | 2017-12-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2017202025A1 (zh) | 终端文件加密方法、终端文件解密方法和终端 | |
US9740849B2 (en) | Registration and authentication of computing devices using a digital skeleton key | |
EP2633716B1 (en) | Data processing for securing local resources in a mobile device | |
US10469253B2 (en) | Methods and apparatus for migrating keys | |
CN106452770B (zh) | 一种数据加密方法、解密方法、装置和系统 | |
CN106790156B (zh) | 一种智能设备绑定方法及装置 | |
KR102051720B1 (ko) | 모바일 단말 상의 데이터를 암호화/복호화하는 방법 및 장치 | |
GB2488766A (en) | Securely transferring data to a mobile device | |
JP2008527905A (ja) | セキュリティコード生成方法、セキュリティコード生成方法を用いた方法、及びセキュリティコード生成方法のためのプログラム可能な装置 | |
KR20210046357A (ko) | 블록체인 기반 시스템을 위한 키의 저장 및 복구 방법과 그 장치 | |
US11809540B2 (en) | System and method for facilitating authentication via a short-range wireless token | |
CN106487758B (zh) | 一种数据安全签名方法、业务终端以及私钥备份服务器 | |
US20170091483A1 (en) | Method and Device for Protecting Address Book, and Communication System | |
CN111639357A (zh) | 一种加密网盘系统及其认证方法和装置 | |
US8161295B2 (en) | Storing of data in a device | |
JP6349712B2 (ja) | 携帯端末設定方法 | |
CN109257381A (zh) | 一种密钥管理方法、系统及电子设备 | |
JP4028849B2 (ja) | 通信システム、携帯端末及びプログラム | |
CN106452755A (zh) | 基于客户端解密密文的重置保护口令的方法、装置及系统 | |
CN114070571B (zh) | 一种建立连接的方法、装置、终端及存储介质 | |
KR101329789B1 (ko) | 모바일 디바이스의 데이터베이스 암호화 방법 | |
EP3785395B1 (en) | Method and system for key management | |
CN106341227A (zh) | 基于服务器解密密文的重置保护口令的方法、装置及系统 | |
CN111192049A (zh) | 网络安全支付防护方法及移动终端 | |
CN112566124B (zh) | 密钥生成及加解密方法、装置以及sim卡芯片 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 17801883 Country of ref document: EP Kind code of ref document: A1 |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 17801883 Country of ref document: EP Kind code of ref document: A1 |