CN102163178A - Secure storage method of data - Google Patents
Secure storage method of data Download PDFInfo
- Publication number
- CN102163178A CN102163178A CN2010101129878A CN201010112987A CN102163178A CN 102163178 A CN102163178 A CN 102163178A CN 2010101129878 A CN2010101129878 A CN 2010101129878A CN 201010112987 A CN201010112987 A CN 201010112987A CN 102163178 A CN102163178 A CN 102163178A
- Authority
- CN
- China
- Prior art keywords
- data
- aes
- hash
- key
- storage means
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention discloses a secure storage method of data. While encrypting the data, the method comprises the following steps of: 1, generating a random number; 2, performing HASH transformation on the random number; 3, taking the result of the HASH transformation as a secret key to perform AES (Advanced Encryption Standard) encryption on the data needed to be encrypted; 4, destroying primitive data plain texts and the AES secret key. In the secure storage method of the data, the secret key processed with the HASH transformation and used performing the AES encryption and decryption is not stored in a client in any form, can be temporally generated while being necessary for encryption and decryption each time and is immediately destroyed after performing the encryption and decryption operations, in this way, security of the information stored by a mobile device is guaranteed maximally.
Description
Technical field
The present invention relates to a kind of data encryption/decryption method, be specifically related to a kind of date storage method that is applied on the handheld device.
Background technology
Along with popularizing of handheld mobile device, need on handheld device, the demand of the storage customizing messages of safety grow with each passing day.Because the restriction of the cost of handheld device is relatively stricter usually, and the people that easier quilt is held various purposes obtains, and disassembles.So, current a kind of economy of market exigence, local data secure memory techniques efficiently.
Development along with symmetric cryptography, the DES data encryption standard algorithm is because key length less (56), incompatible current distributed type open network is to the requirement of data cryptographic security, therefore 1997 USA National Institute of Standard and Technology (NIST) new data encryption standards, i.e. AES are disclosed.This algorithm will become the new data encryption standards of the U.S. and be widely used in the every field.AES has converged strong security, high-performance, high-level efficiency, advantage such as easy-to-use and flexible as the data encryption standards of a new generation.The AES design has three key lengths: 128,192,256, comparatively speaking, 128 keys of AES are stronger 1021 times than 56 keys of DES.Aes algorithm mainly comprises three aspects: wheel variation, the number of turns and cipher key spreading.
Hash algorithm is also referred to as hashing algorithm or message digest (digital digest).Hash algorithm is converted into regular length character sequence with data with arbitrary length.Hash result ties up one all the time.The Hash result of any two sequences is different.Hash result also is called digital finger-print (FingerPrint), and it has fixing length, and identical plaintext summary must be consistent.This string summary makes and can become whether the checking plaintext has been " fingerprint " of " original appearance " like this.
Summary of the invention
Technical matters to be solved by this invention provides a kind of data security storage means, and it can effectively guarantee the security of mobile device stored information.
In order to solve above technical matters, the invention provides a kind of data security storage means, when encrypting, may further comprise the steps: step 1, generation random number; Step 2, random number is carried out HASH conversion; Result after step 3, the use HASH conversion carries out AES to the needs ciphered data and encrypts as key; Step 4, original data plaintext and the AES key of destruction.
Beneficial effect of the present invention is: because the key that carries out the AES encryption and decryption that HASH of the present invention crosses can not be kept at client in any form, all can generate when need carry out encryption and decryption at every turn temporarily, and instant destruction after the encryption and decryption computing.So just farthest guaranteed the security of mobile device stored information.
The present invention also provides a kind of data security storage means, may further comprise the steps when being decrypted: step 1, generation random number; Step 2, random number is carried out HASH conversion; Result after step 3, the use HASH conversion carries out the AES deciphering as key to the needs decrypted data; Step 4, original data plaintext and the AES key of destruction.
Description of drawings
Below in conjunction with the drawings and specific embodiments the present invention is described in further detail.
Fig. 1 is the process flow diagram that carries out encrypted work;
Fig. 2 is the process flow diagram that is decrypted work.
Embodiment
At first, with all the information bursts that need preserve, then the information of burst is carried out the AES symmetric cryptography.And the password that AES encrypts is to obtain afterwards according to some the specific automated randomized generations of exclusive information of client and the HASH processing of process hardware HASH chip.The generting machanism of this random number has guaranteed that the random key of each client generation is neither identical.This random coded will be kept at client, use when having got inferior the deciphering ready.Client will trigger according to certain rule, generate new random number.The key that carries out the AES encryption and decryption that HASH crosses can not be kept at client in any form, all can generate when need carry out encryption and decryption at every turn temporarily, and instant destruction after the encryption and decryption computing.So just farthest guaranteed the security of stored information.
Use the HASH chip to carry out unidirectional irreversible HASH computing, this is most economical a kind of in all encryption and decryption modes.In order to improve the difficulty that cracks, method commonly used now is cured to part or all of enciphering and deciphering algorithm among the chip exactly.In the encipher-decipher method commonly used now, the chip that solidifies the HASH algorithm is most economical a kind of, and HASH is irreversible one-way algorithm, one group of data is added the seed data that solidifies in the HASH chip, together by after the HASH, very difficult backstepping goes out the seed data in the HASH chip, even the seed data in the HASH chip has been acquired,, also is difficult to backstepping and goes out raw data expressly by the data after the HASH; The symmetry enciphering and deciphering algorithm is because secret key is consistent in the encryption and decryption process, so if secret key is cured in the chip, in case be cracked, then all data through this chip encryption also just all have been cracked; The symmetry enciphering and deciphering algorithm is as the present higher a kind of security algorithm of degree of safety, on the contrary often be cured among the chip, but the price of this chip is very expensive, is unsuitable for using in handheld device on a large scale, and this mode mainly is applied among the Internet bank at present.
What this programme adopted is exactly a kind of local data method for secure storing that carries out safety guarantee based on the most cheap HASH chip.
Specifically, ciphering process of the present invention may further comprise the steps:
1. taking-up random number.
Client will according to some specific, exclusive information automatically, at random random number of generation.The generting machanism of this random number has guaranteed that the random key of each client generation is neither identical.After the generation, this random coded will be kept in the hard disk or ROM of client, use when having got inferior the deciphering ready.Client will trigger according to certain rule, regenerate new random number.
2. by the HASH chip random number is carried out the HASH conversion.
By the HASH chip, with random number, add the HASH seed that solidifies in the HASH chip, carry out the HASH conversion together.The irreversible HASH result of unidirectional generation.
3. use HASH result afterwards as key, the needs ciphered data is carried out the AES burst encrypt.
To need information encrypted to carry out burst, use the AES symmetric encipherment algorithm then, the data after the burst will be encrypted.The key that uses during the AES encryption and decryption wherein is exactly the HASH result that previous step generates in rapid.
4. in internal memory, destroy original plaintext message and process HASH AES cryptographic algorithm key afterwards.
After encrypting, in internal memory, the AES encryption key after original plaintext and the HASH to be destroyed immediately, these information will not deposited in fixed memory device such as hard disk or ROM in any form.
Decrypting process of the present invention may further comprise the steps:
1. taking-up random number.
Client will according to some specific, exclusive information automatically, at random random number of generation.The generting machanism of this random number has guaranteed that the random key of each client generation is neither identical.After the generation, this random coded will be kept in the hard disk or ROM of client, use when having got inferior the deciphering ready.Client will trigger according to certain rule, regenerate new random number.
2. by the HASH chip random number is carried out the HASH conversion.
By the HASH chip, with random number, add the HASH seed that solidifies in the HASH chip, carry out the HASH conversion together.The irreversible HASH result of unidirectional generation.
3. use HASH result afterwards as key, the needs decrypted data is carried out AES burst decrypt operation handle.
Use AES symmetry enciphering and deciphering algorithm, enciphered data is carried out the burst deciphering, and piece together out current needed data expressly.The information of needs deciphering is carried out burst, use the AES symmetric encipherment algorithm then, the data after the burst are encrypted.The key of the use of using during the AES encryption and decryption wherein is exactly the HASH result that previous step generates in rapid.
4. after the plaintext after deciphering is employed, in internal memory, destroy cleartext information and process HASH AES cryptographic algorithm key afterwards.
In fixed memory device such as hard disk or ROM, do not preserve cleartext information and process HASH AES encryption key afterwards in any form.
This method has been applied in the private key of preserving asymmetric encryption and decryption in the handheld device, and handheld device is carried out distributed secure data exchange if desired, all can adopt asymmetric encipher-decipher method usually.For the enciphered message that can obtain different times in this locality is disassembled, just the private key that different times produces must be carried out this locality storage.Use this method to preserve private key, can make the security of private key storage further improve only increasing seldom under the condition of cost.And can be than using the more frequent replacing public private key pair of asymmetric deciphering chip, and after public private key pair is replaced, continues to allow handheld device to read and be stored in local enciphered message together.
The present invention is not limited to embodiment discussed above.More than the description of embodiment is intended in order to describe and illustrate the technical scheme that the present invention relates to.Based on the conspicuous conversion of the present invention enlightenment or substitute and also should be considered to fall into protection scope of the present invention.Above embodiment is used for disclosing best implementation method of the present invention, so that those of ordinary skill in the art can use numerous embodiments of the present invention and multiple alternative reaches purpose of the present invention.
Claims (10)
1. a data security storage means is characterized in that, may further comprise the steps when encrypting: step 1, generation random number;
Step 2, random number is carried out HASH conversion;
Result after step 3, the use HASH conversion carries out AES to the needs ciphered data and encrypts as key;
Step 4, original data plaintext and the AES key of destruction.
2. data security storage means as claimed in claim 1 is characterized in that the random number that generates in the described step 1 is kept in the storer of client.
3. data security storage means as claimed in claim 1 is characterized in that, the unidirectional irreversible HASH result of generation of HASH conversion in the described step 2.
4. data security storage means as claimed in claim 1, it is characterized in that, use HASH result afterwards as key in the described step 3, the needs ciphered data is carried out the AES burst encrypts, need to be about to information encrypted to carry out burst, use the AES symmetric encipherment algorithm then, the data after the burst are encrypted; Wherein the key that uses during the AES encryption and decryption is gone up the HASH result who generates in the step 2 exactly.
5. data security storage means as claimed in claim 1 is characterized in that, destroys all original data plaintext and AES key in client in the described step 4.
6. a data security storage means is characterized in that, may further comprise the steps when being decrypted: step 1, generation random number;
Step 2, random number is carried out HASH conversion;
Result after step 3, the use HASH conversion carries out the AES deciphering as key to the needs decrypted data;
Step 4, original data plaintext and the AES key of destruction.
7. data security storage means as claimed in claim 6 is characterized in that the random number that generates in the described step 1 is kept in the storer of client.
8. data security storage means as claimed in claim 6 is characterized in that, the unidirectional irreversible HASH result of generation of HASH conversion in the described step 2.
9. data security storage means as claimed in claim 6, it is characterized in that, in described step 3, use HASH result afterwards as key, the needs decrypted data is carried out the deciphering of AES burst, need to be about to the information of deciphering to carry out burst, use AES symmetry decipherment algorithm then, the data after the burst are decrypted; Wherein the key that uses during the AES encryption and decryption is gone up the HASH result who generates in the step 2 exactly.
10. data security storage means as claimed in claim 6 is characterized in that, destroys all original data plaintext and AES key in client in described step 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010101129878A CN102163178A (en) | 2010-02-24 | 2010-02-24 | Secure storage method of data |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010101129878A CN102163178A (en) | 2010-02-24 | 2010-02-24 | Secure storage method of data |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102163178A true CN102163178A (en) | 2011-08-24 |
Family
ID=44464413
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2010101129878A Pending CN102163178A (en) | 2010-02-24 | 2010-02-24 | Secure storage method of data |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102163178A (en) |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103577768A (en) * | 2012-08-06 | 2014-02-12 | 三星电子株式会社 | Method of managing key for secure storage of data and apparatus therefor |
| CN104125068A (en) * | 2014-07-04 | 2014-10-29 | 天津大学 | Portable ring-shaped electronic device for information security, and control method |
| CN104410493A (en) * | 2014-11-07 | 2015-03-11 | 南方电网科学研究院有限责任公司 | Secure data storage method and secure data read method based on distributed system infrastructure |
| CN104967612A (en) * | 2015-05-27 | 2015-10-07 | 李明 | Data encryption storage method, server and system |
| CN105046173A (en) * | 2015-07-02 | 2015-11-11 | 山东超越数控电子有限公司 | Fast and reliable design method for destroying SSD hard disk |
| CN106411515A (en) * | 2016-12-07 | 2017-02-15 | 北京信任度科技有限公司 | Method of using cipher machine to segment secret key so as to increase secret key safety and system thereof |
| CN109005184A (en) * | 2018-08-17 | 2018-12-14 | 上海小蚁科技有限公司 | File encrypting method and device, storage medium, terminal |
| CN109698745A (en) * | 2018-12-25 | 2019-04-30 | 歌尔科技有限公司 | A kind of key management method, system and earphone and storage medium |
| CN110298186A (en) * | 2019-07-02 | 2019-10-01 | 北京计算机技术及应用研究所 | A kind of non-key data encipher-decipher method based on dynamic reconfigurable crypto chip |
| CN113055155A (en) * | 2021-02-21 | 2021-06-29 | 上海帕科信息科技有限公司 | Data security storage method based on big data platform |
| CN116597874A (en) * | 2023-05-13 | 2023-08-15 | 汇钜电科(东莞)实业有限公司 | Mobile hard disk with built-in static discharge sheet and method for preventing static accumulation |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1689297A (en) * | 2002-07-10 | 2005-10-26 | 通用仪表公司 | Method of preventing unauthorized distribution and use of electronic keys using a key seed |
| CN1805337A (en) * | 2005-01-14 | 2006-07-19 | 中兴通讯股份有限公司 | Secret shared key mechanism based user management method |
| US20060288232A1 (en) * | 2005-06-16 | 2006-12-21 | Min-Hank Ho | Method and apparatus for using an external security device to secure data in a database |
| CN101093626A (en) * | 2007-07-27 | 2007-12-26 | 哈尔滨工业大学 | Palm print cipher key system |
-
2010
- 2010-02-24 CN CN2010101129878A patent/CN102163178A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1689297A (en) * | 2002-07-10 | 2005-10-26 | 通用仪表公司 | Method of preventing unauthorized distribution and use of electronic keys using a key seed |
| CN1805337A (en) * | 2005-01-14 | 2006-07-19 | 中兴通讯股份有限公司 | Secret shared key mechanism based user management method |
| US20060288232A1 (en) * | 2005-06-16 | 2006-12-21 | Min-Hank Ho | Method and apparatus for using an external security device to secure data in a database |
| CN101093626A (en) * | 2007-07-27 | 2007-12-26 | 哈尔滨工业大学 | Palm print cipher key system |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103577768A (en) * | 2012-08-06 | 2014-02-12 | 三星电子株式会社 | Method of managing key for secure storage of data and apparatus therefor |
| CN104125068A (en) * | 2014-07-04 | 2014-10-29 | 天津大学 | Portable ring-shaped electronic device for information security, and control method |
| CN104410493A (en) * | 2014-11-07 | 2015-03-11 | 南方电网科学研究院有限责任公司 | Secure data storage method and secure data read method based on distributed system infrastructure |
| CN104967612A (en) * | 2015-05-27 | 2015-10-07 | 李明 | Data encryption storage method, server and system |
| CN105046173A (en) * | 2015-07-02 | 2015-11-11 | 山东超越数控电子有限公司 | Fast and reliable design method for destroying SSD hard disk |
| CN106411515A (en) * | 2016-12-07 | 2017-02-15 | 北京信任度科技有限公司 | Method of using cipher machine to segment secret key so as to increase secret key safety and system thereof |
| CN109005184A (en) * | 2018-08-17 | 2018-12-14 | 上海小蚁科技有限公司 | File encrypting method and device, storage medium, terminal |
| CN109698745A (en) * | 2018-12-25 | 2019-04-30 | 歌尔科技有限公司 | A kind of key management method, system and earphone and storage medium |
| CN110298186A (en) * | 2019-07-02 | 2019-10-01 | 北京计算机技术及应用研究所 | A kind of non-key data encipher-decipher method based on dynamic reconfigurable crypto chip |
| CN113055155A (en) * | 2021-02-21 | 2021-06-29 | 上海帕科信息科技有限公司 | Data security storage method based on big data platform |
| CN116597874A (en) * | 2023-05-13 | 2023-08-15 | 汇钜电科(东莞)实业有限公司 | Mobile hard disk with built-in static discharge sheet and method for preventing static accumulation |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102163178A (en) | Secure storage method of data | |
| CN107070948A (en) | Signature and verification method based on hybrid encryption algorithm in cloud storage | |
| US8767959B2 (en) | Block encryption | |
| CN102355352B (en) | Data confidentiality and integrity protection method | |
| CN103152362B (en) | Based on the large data files encrypted transmission method of cloud computing | |
| CN103618607A (en) | Method for data security transmission and key exchange | |
| KR20080093635A (en) | Method for encrypting message for keeping integrity of message and apparatus, and method for decrypting message for keeping integrity of message and apparatus | |
| CN102567688B (en) | File confidentiality keeping system and file confidentiality keeping method on Android operating system | |
| Surya et al. | A survey on symmetric key encryption algorithms | |
| WO2008148784A3 (en) | Cryptographic methods and devices for the pseudo-random generation of data encryption and cryptographic hashing of a message | |
| CN103716157A (en) | Grouped multiple-key encryption method and grouped multiple-key encryption device | |
| CN102693386A (en) | Method and system for encryption protection of video files | |
| CN104660590A (en) | Cloud storage scheme for file encryption security | |
| CN104396182A (en) | Method of encrypting data | |
| CN110245511A (en) | A kind of file encryption storage method based on block chain | |
| CN102811124B (en) | Based on the system Authentication method of two card trigram technology | |
| JP2024511236A (en) | Computer file security encryption method, decryption method and readable storage medium | |
| JP2023063430A5 (en) | ||
| CN105357004A (en) | Medical privacy data self-encryption method and self-decryption method | |
| JP2005244534A5 (en) | ||
| Madavi et al. | Enhanced cloud security using cryptography and steganography techniques | |
| CN102546151A (en) | Data encryption and decryption method | |
| CN102622561A (en) | Enciphering and deciphering method for invoking data in software | |
| Bastanta et al. | Image data encryption using DES method | |
| Mohammed et al. | Implementation of new secure encryption technique for cloud computing |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| ASS | Succession or assignment of patent right |
Owner name: SHANGHAI SHENGXUAN NETWORK TECHNOLOGY CO., LTD. Free format text: FORMER OWNER: SHANGHAI GUOKE ELECTRONIC CO., LTD. Effective date: 20130301 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| COR | Change of bibliographic data |
Free format text: CORRECT: ADDRESS; FROM: 201210 PUDONG NEW AREA, SHANGHAI TO: 201203 PUDONG NEW AREA, SHANGHAI |
|
| TA01 | Transfer of patent application right |
Effective date of registration: 20130301 Address after: 201203 Shanghai Guo Shou Jing Road, Zhangjiang hi tech Park No. 356 building 3 room 126 Applicant after: Shanghai Shengxuan Network Technology Co., Ltd. Address before: 201210, room 1, building 380, 108 Yin Yin Road, Shanghai, Pudong New Area Applicant before: Shanghai Guoke Electronic Co., Ltd. |
|
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20110824 |