CN1514572A - Distribution type data encryption method - Google Patents
Distribution type data encryption method Download PDFInfo
- Publication number
- CN1514572A CN1514572A CNA02160116XA CN02160116A CN1514572A CN 1514572 A CN1514572 A CN 1514572A CN A02160116X A CNA02160116X A CN A02160116XA CN 02160116 A CN02160116 A CN 02160116A CN 1514572 A CN1514572 A CN 1514572A
- Authority
- CN
- China
- Prior art keywords
- key
- encryption method
- combination lock
- encryption
- password
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 71
- 238000012795 verification Methods 0.000 claims description 5
- 238000013500 data storage Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000008929 regeneration Effects 0.000 description 1
- 238000011069 regeneration method Methods 0.000 description 1
Landscapes
- Storage Device Security (AREA)
Abstract
Characters of the invented method are that a selected encrypting method creates a cipher box to store cipher linked-table. The linked-table is pointed to a specific encrypting method or cipher key. When encrypting or decrypting operation needed to carry out, user obtains corresponding encrypting method or cipher key to carry out encrypting or decrypting operation for data. The invented method separates safety of cipher box from safety of information, and maps distributed information safety to single file safety.
Description
Technical field
The present invention relates to the data encryption technology field, relate in particular to a kind of distributed data encryption method.
Technical background
Popularizing of the Internet, and being extensive use of of handheld device make personal information disperse to leave on the different storage mediums.This has just brought pressure for information security.We need design new encryption system, ensure information security.
Traditional information security method comprises authentication, and data encryption.In the present network data storage, widely used is authentication.In transfer of data, be extensive use of data encryption technology.
For authentication, have two kinds of potential safety hazards: if user key is decrypted, full detail just can freely be stolen; There is system defect, perhaps internal control problem, promptly information can just freely be stolen without authentication.
For data encryption, the emphasis of safety prevents that just key is decrypted.
Now, because network, and the popularizing of handheld device, our information leaves on network and the equipment in a large number.We can't guarantee that all Internet Service Providers are safe, can not guarantee that the equipment of oneself is not lost, and perhaps are stolen.Therefore, adopt simple authentication can't protect information security.
If adopt encryption technology protection personal information, we must have way to prevent that key is decrypted.The best way is often to change key.
But, because data disperse to leave on distinct device, the network, when changing key, we can't upgrade All Files simultaneously, cause partial document to understand.
The distributed data encryption technology designs in order to address the above problem.
Summary of the invention
The purpose of this patent just provides a kind of encryption method, to improve user information safety, maintaining system safety.
A kind of distributed data encryption method is characterized in that:
Selected a kind of encryption method is set up a combination lock;
Deposit the password chained list in combination lock, this password chained list points to a concrete encryption method or a key;
When the user need encrypt or during decryption oprerations, obtain corresponding encrypting method or key and data are encrypted or decryption oprerations with it.
Described password chained list is set up by an application program, and this application program will be set up a corresponding relation between password chained list and the specific encryption key.
Described distributed data encryption method, when the user need encrypt appointed information, combination lock was user's Dynamic Selection encryption key, used this encryption key to be data encryption.
The step of described encryption can be finished under open environment.
Described distributed data encryption method after cryptographic operation is finished, is indicated encryption method at the enciphered data ad-hoc location, and the encryption key indices value.
Described distributed data encryption method, when the user need be decrypted appointed information, according to encryption method and the encryption key indices that the enciphered data ad-hoc location is indicated, in combination lock, search corresponding encryption key, use this key to be decrypted operation.
Described combination lock can use biological characteristic as key.
Described combination lock uses and lands key as verification method.
The encryption method of setting up combination lock can change, and the combination lock after the foundation can be changed key.
The described step of opening combination lock can not verified and open the correctness that combination lock uses key, in the judgement of the correctness the when encryption method that this verification step is transferred to the appointment of password chained list is used.
Owing to adopted distributed data encryption method of the present invention, with combination lock safety, separate with information security, set up both corresponding relations by the password chained list.Like this, distributed information safety is mapped to single file security.Because password can dynamically generate in the combination lock, it is little that the same password of assurance use carries out information encrypted quantity, both improved the decoding difficulty, also reduced the possible loss when contingency is decrypted.Because combination lock separates with the actual encrypted data, like this, the user can often change the combination lock password, guarantees combination lock safety.Simultaneously, because the uniqueness of combination lock, we can use superpower method to encrypt, and, can by with the combining of mobile memory, guarantee its independence physically.
Embodiment
The following describes the specific embodiment of the present invention.
At first selected a kind of encryption method is set up a combination lock, deposits the password chained list in combination lock.In fact this combination lock can be a data block that produces through encryption, also can be a file, this combination lock uses special encryption method to form, and can allow the special encryption method of customization, encrypt such as biological informations such as fingerprints, land encrypted message encryption etc.The user can open combination lock by the input corresponding specific information.Here, the encryption method of setting up combination lock can change, and the combination lock after the foundation can be changed password, and this is very common in the prior art, needn't describe in detail at this, and combination lock adopts specific process to encrypt.We see a concrete example:
For example:
<AKL?ver=”1.0”>
<rec?id=”0001”key=”23fg7?&?
*H”method=”0001”num=”23”>
<rec?id=”0002”key=”23gg7?&?
*H”method=”0002”num=”35”>
<rec?id=”0003”key=”23fg7GHD”method=”0003”num=”45”>
</AKL>
Deposit the password chained list then in combination lock, this combination lock adopts XML format description password chained list, comprises inner ID, encryption key, encryption method index value.Certainly, above-mentioned combination lock is a cryptogam, and in actual use, this document needs to encrypt.
This password chained list can have one, also can have multinomial, its each point to a concrete encryption method or a corresponding key, and be this encryption method or encryption key distribution index ID; When the user need encrypt appointed information, combination lock was user's Dynamic Selection encryption method, used this encryption method to be data encryption.By ad-hoc location, indicate the index ID of encryption key in combination lock in encrypted data.Set up the corresponding relation of key in enciphered data and the combination lock.
The foundation of password chained list can be adopted several different methods.For example: generate at random every the set time, perhaps specify by hand etc.This dynamic generation can reduce the risk that key is decrypted.
In the encryption of reality, we can make and set up the password chained list with the following method:
We preserve the access times of certain password in combination lock, last service time, information such as ciphertext length.When we need encrypt certain data block, can use the maximum times determination methods.Promptly the access times of this password surpass predetermined number of times (for example: 80 times), promptly stop using.According to the current time, subscriber identity information generates new key at random and uses then, when this key uses surpass predetermined number of times this moment, and the regeneration new key.
When the user need use encryption function, open combination lock, according to the sensing of password chained list in the combination lock, obtain corresponding encryption method and data are carried out cryptographic operation with it.File header), and the Crypted password index value this cryptographic operation can be to finish in combination lock, and after cryptographic operation was finished, (for example:, the corresponding relation of this index value and password was managed by combination lock to indicate encryption method at the enciphered data ad-hoc location.
When the user need be decrypted appointed information, according to encryption method and the encryption key indices that the enciphered data ad-hoc location is indicated, in combination lock, search corresponding encryption key, use this key to be decrypted operation.
As shown in table 1, be the instantiation of a password chained list.Can search key by cipher key index by this table.
Cipher key number encryption method statistical information
23fg7?&?
*H 0001 0001
23gg7?&?
*H 0002 0002
23fg7GHD 0003 0003
Table 1
Among the present invention, open the step of combination lock, can not verify and open the correctness that combination lock uses key, in the judgement of the correctness the when encryption method that this verification step is transferred to the appointment of password chained list is used.Here, whether combination lock is opened correct, and application program can not make a decision, and judges that it is to use the password chained list of reading to understand file that combination lock is opened correct key.
By indicating enciphering authentication at combination lock ciphertext ad-hoc location.Correct coding/decoding method can be discerned and load to software.
We see a concrete example, and desire is encrypted a piece of data here, we in the following way:
At first set up combination lock, this combination lock can be a ciphered data file, and the user specifies the encryption method and the encryption key of this data file.When combination lock was created, password chained list wherein was empty.
<AKL?ver=”1.0”>
</AKL>
When the user need encrypt certain data block, at first from combination lock, take out current operable encryption key.The combination lock hypervisor will be judged current operable encryption key automatically, can be the key that has existed, and also can be the new key of creating.By repeatedly process several times, will progressively increase some keys in the combination lock.
<AKL?ver=”1.0”>
<rec?id=”0001”key=”23fg7?&?
*H”method=”0001”num=”23”>
<rec?id=”0002”key=”23gg7?&?
*H”method=”0002”num=”35”>
<rec?id=”0003”key=”23fg7GHD”method=”0003”num=”45”>
</AKL>
The secret key encryption file that user's use obtains, and write algorithm sign and the index ID of key in combination lock at the head of ciphertext.
Combination lock should consider that the access times of same key cannot be too much when automatically judging current operable encryption key.Like this, even can guarantee to use open algorithm, simultaneously, deposit data is under open environment, because the access times of same key are few.Therefore, still can guarantee the safety of data.
Owing to adopted distributed data encryption method of the present invention, with combination lock safety, separate with information security, set up both corresponding relations by the password chained list.Like this, distributed information safety is mapped to single file security.Because key can dynamically generate in the combination lock, it is little that the same key of assurance use carries out information encrypted quantity, both improved the decoding difficulty, also reduced the possible loss when contingency is decrypted.Because combination lock separates with the actual encrypted data, like this, the user can often change the combination lock key, guarantees combination lock safety.Simultaneously, because the uniqueness of combination lock, we can use superpower method to encrypt, and, can by with the combining of mobile memory, guarantee its independence physically.
The above; only for the preferable embodiment of the present invention, but protection scope of the present invention is not limited thereto, and anyly is familiar with those skilled in the art in the technical scope that the present invention discloses; the variation that can expect easily or replacement all should be encompassed within protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion with the protection range of claims.
Claims (10)
1, a kind of distributed data encryption method is characterized in that:
Selected a kind of encryption method is set up a combination lock;
Deposit the password chained list in combination lock, this password chained list points to a concrete encryption method or a key;
When the user need encrypt or during decryption oprerations, obtain corresponding encrypting method or key and data are encrypted or decryption oprerations with it.
2, distributed data encryption method as claimed in claim 1 is characterized in that described password chained list, sets up by an application program, and this application program will be set up a corresponding relation between password chained list and the specific encryption key.
3, distributed data encryption method as claimed in claim 1 or 2 is characterized in that when the user need encrypt appointed information, combination lock was user's Dynamic Selection encryption key, used this encryption key to be data encryption.
4, distributed encryption method as claimed in claim 3 is characterized in that the step of described encryption, can finish under open environment.
5, distributed data encryption method as claimed in claim 4 is characterized in that after cryptographic operation is finished, and indicates encryption method at the enciphered data ad-hoc location, and encryption key (whether being exactly key) index value.
6, as any described distributed data encryption method of claim 5, the user it is characterized in that when need be decrypted to appointed information, encryption method and the encryption key indices indicated according to the enciphered data ad-hoc location, in combination lock, search corresponding encryption key, use this key to be decrypted operation.
7, as any described distributed data encryption method of claim 1-6, it is characterized in that described combination lock can use biological characteristic as key.
8,, it is characterized in that described combination lock uses to land key as verification method as any described distributed data encryption method of claim 1-6.
9, as any described distributed data encryption method of claim 1-6, it is characterized in that the described encryption method of setting up combination lock can change, the combination lock after the foundation can be changed key.
10, as any described distributed data encryption method of claim 1-6, it is characterized in that the described step of opening combination lock, can not verify and open the correctness that combination lock uses key, in the judgement of the correctness the when encryption method that this verification step is transferred to the appointment of password chained list is used.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB02160116XA CN100486157C (en) | 2002-12-31 | 2002-12-31 | Distribution type data encryption method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB02160116XA CN100486157C (en) | 2002-12-31 | 2002-12-31 | Distribution type data encryption method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1514572A true CN1514572A (en) | 2004-07-21 |
| CN100486157C CN100486157C (en) | 2009-05-06 |
Family
ID=34237773
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB02160116XA Expired - Fee Related CN100486157C (en) | 2002-12-31 | 2002-12-31 | Distribution type data encryption method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100486157C (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106059767A (en) * | 2016-08-17 | 2016-10-26 | 王树栋 | Terminal private data protection system and method based on Internet |
| TWI558152B (en) * | 2014-07-18 | 2016-11-11 | Hao-Xi Zhuang | Key replacement method and computer program products |
| CN108769037A (en) * | 2018-06-04 | 2018-11-06 | 厦门集微科技有限公司 | A kind of method, apparatus of data processing, computer storage media and terminal |
| CN109816383A (en) * | 2019-02-22 | 2019-05-28 | 杭州秘猿科技有限公司 | A kind of block chain endorsement method, block chain wallet and block chain |
| CN113015157A (en) * | 2019-12-20 | 2021-06-22 | 北京新岸线移动通信技术有限公司 | Method, device and system for supporting multiple encryption in wireless communication system |
| CN113079025A (en) * | 2021-04-07 | 2021-07-06 | 上海万向区块链股份公司 | Method and system compatible with multiple public key algorithm signatures |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105471900A (en) * | 2015-12-29 | 2016-04-06 | 畅捷通信息技术股份有限公司 | Method and device for encrypting and decrypting data |
| CN105743637B (en) * | 2016-03-30 | 2018-11-23 | 国网山东省电力公司荣成市供电公司 | A kind of intelligent substation inspection system |
-
2002
- 2002-12-31 CN CNB02160116XA patent/CN100486157C/en not_active Expired - Fee Related
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| TWI558152B (en) * | 2014-07-18 | 2016-11-11 | Hao-Xi Zhuang | Key replacement method and computer program products |
| CN106059767A (en) * | 2016-08-17 | 2016-10-26 | 王树栋 | Terminal private data protection system and method based on Internet |
| CN108769037A (en) * | 2018-06-04 | 2018-11-06 | 厦门集微科技有限公司 | A kind of method, apparatus of data processing, computer storage media and terminal |
| CN109816383A (en) * | 2019-02-22 | 2019-05-28 | 杭州秘猿科技有限公司 | A kind of block chain endorsement method, block chain wallet and block chain |
| CN113015157A (en) * | 2019-12-20 | 2021-06-22 | 北京新岸线移动通信技术有限公司 | Method, device and system for supporting multiple encryption in wireless communication system |
| CN113079025A (en) * | 2021-04-07 | 2021-07-06 | 上海万向区块链股份公司 | Method and system compatible with multiple public key algorithm signatures |
Also Published As
| Publication number | Publication date |
|---|---|
| CN100486157C (en) | 2009-05-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9240883B2 (en) | Multi-key cryptography for encrypting file system acceleration | |
| US7873168B2 (en) | Secret information management apparatus and secret information management system | |
| US6976162B1 (en) | Platform and method for establishing provable identities while maintaining privacy | |
| KR101371608B1 (en) | Database Management System and Encrypting Method thereof | |
| US7634659B2 (en) | Roaming hardware paired encryption key generation | |
| US8880879B2 (en) | Accelerated cryptography with an encryption attribute | |
| US7571327B2 (en) | Exclusive encryption | |
| CN109728914B (en) | Digital signature verification method, system, device and computer readable storage medium | |
| CN1659821A (en) | Method for secure data exchange between two devices | |
| CN102904712A (en) | Information encrypting method | |
| US20120284534A1 (en) | Memory Device and Method for Accessing the Same | |
| CN109981266B (en) | Method and device for storing and reading key and sensitive information | |
| EP2103032A2 (en) | Privacy enhanced comparison of data sets | |
| CN104410493A (en) | Data security storage and reading method based on distributed system infrastructure | |
| CN104484628B (en) | It is a kind of that there is the multi-application smart card of encrypting and decrypting | |
| CN1832398A (en) | Method and system of file encipher share | |
| CN111541652B (en) | System for improving security of secret information keeping and transmission | |
| US8181869B2 (en) | Method for customizing customer identifier | |
| CN112787996B (en) | Password equipment management method and system | |
| CN1514572A (en) | Distribution type data encryption method | |
| CN111988330A (en) | Information security protection system and method based on white-box encryption in distributed system | |
| CN113055155A (en) | Data security storage method based on big data platform | |
| EP1632943B1 (en) | Method of preventing multimedia copy | |
| CN114374521B (en) | Private data protection method, electronic equipment and storage medium | |
| CN112651038B (en) | VR resource safety protection method and terminal capable of reducing space and time |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C17 | Cessation of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20090506 Termination date: 20100201 |