Summary of the invention
The invention provides a kind of sensitive data secure exchange method and system, it can be realized and between intelligent terminal, carry out sensitive data exchange safely and efficiently.
In order to solve the problems of the technologies described above, the invention provides a kind of sensitive data secure exchange method, the method comprises: between terminal equipment when passing on encrypted sensitive data by server, by the key packet for described encryption is contained in to the transmission that Quick Response Code carries out described key, thereby realize the sensitive data secure exchange between terminal equipment.
As preferably, specifically comprise the following steps:
S201: the key management module in first terminal equipment generates key;
S202: described key management module generates Quick Response Code using generated key as content;
S203: the barcode scanning/encrypting module in the second terminal equipment scans described Quick Response Code, obtains key;
S204: described barcode scanning/encrypting module is encrypted sensitive data with described key, and encrypted sensitive data is uploaded to service end as ciphertext;
S205: described key management module is obtained described ciphertext from described service end, and be decrypted to obtain described sensitive data with described key.
As preferably, step S203 is specially: described barcode scanning/encrypting module scans the described Quick Response Code on the screen that is presented at described first terminal equipment that described key management module generates, and obtains key.
As preferably, in step S201, the method that described key management module generates key is to generate symmetric key by symmetric encipherment algorithm, or by asymmetric arithmetic, generates the PKI of asymmetric arithmetic;
In step S205, when the key comprising is symmetric key, during described key management module deciphering, adopt identical symmetric key deciphering in Quick Response Code; In Quick Response Code, comprise for the PKI of asymmetric arithmetic time, described key management module adopts the private key relative with PKI to be decrypted.
As preferably, symmetric encipherment algorithm comprises aes algorithm, DES algorithm, TDES algorithm; Rivest, shamir, adelman comprises RSA Algorithm, ECC algorithm.
The present invention also provides a kind of sensitive data security exchange system, comprising: have key management module first terminal equipment, there is the second terminal equipment of barcode scanning/encrypting module, and service end, wherein:
Described key management module comprises:
Key generation unit, it is configured to generate key, and by corresponding key storage in memory cell;
Described memory cell, it stores the key of described correspondence;
Quick Response Code generation unit, it is configured to the key of generation to generate Quick Response Code as content; And
Processing unit, itself and described service end are carried out data interaction, be configured to obtain ciphertext from described service end, and with the secret key decryption encrypt data of described correspondence;
Described barcode scanning/encrypting module is configured to scan described Quick Response Code and decodes to obtain described key, and with described secret key encryption sensitive data, the sensitive data after encrypting is uploaded to described service end as described ciphertext;
Described service end it be configured to described key management module and described barcode scanning/encrypting module alternately, receives and store the described ciphertext that described barcode scanning/encrypting module is uploaded, and issue described ciphertext to key management software.
As preferably, described key generation unit concrete configuration is to generate symmetric key by symmetric encipherment algorithm, or by asymmetric arithmetic, generates the PKI of asymmetric arithmetic;
Described memory cell is also configured to store described symmetry or rivest, shamir, adelman, and symmetric key or unsymmetrical key are to information.
As preferably, wherein:
Described first terminal equipment is PC or mobile terminal device, and described the second terminal equipment is mobile terminal device.
As preferably, described mobile terminal device is smart mobile phone, panel computer, PDA, intelligent watch or intelligent glasses.
As preferably, described service end is Cloud Server or self-defined server.
Compared with prior art, the beneficial effect of sensitive data secure exchange method and system of the present invention is: realize between intelligent terminal and utilize Quick Response Code to carry out sensitive data exchange safely and efficiently.By the form of Quick Response Code, can realize easily and safely the interaction problems of the sensitive data between equipment and equipment, not need the intervention of communication, there is the advantages such as safe, easy and simple to handle, with low cost, process is quick, user friendly is good.
Embodiment
Below in conjunction with the drawings and specific embodiments, the sensitive data secure exchange method and system of embodiments of the invention are described in further detail, but not as a limitation of the invention.
Before embodiments of the invention are elaborated, paper is some technology of relevant Quick Response Code once.Quick Response Code (two-dimensional bar code, two-dimensional bar code) be with some specifically the geometric figure on two dimensional surface (commonly chequered with black and white figure) by corresponding encryption algorithm, carry out the bar code picture of the information such as shorthand, picture, network address.Quick Response Code has that information capacity is large, coding range is wide, fault-tolerant ability is strong, can introduce encryption measures, good confidentiality and cost are low, easily making, the features such as durable, so the use of Quick Response Code in intelligent terminal is more and more frequent, has a good application prospect.
Quick Response Code, when identifying, needs experience scanning and two processes of decoding.Scanning Quick Response Code can obtain one group of reflected light signal, this signal after opto-electronic conversion, become one group with lines, the corresponding electronic signal of blank, through decoding (decoding), be reduced to corresponding data.The at present making of common Quick Response Code maker is by Quick Response Code generating algorithm, or a Quick Response Code plug-in unit, then with programming languages such as JAVA, C#, VB, writes one and calls software and can realize.Quick Response Code generating algorithm is exactly that 0,1 character matrix that forms Quick Response Code is combined, and the information of the Quick Response Code maker of input is different, and resulting 0,1 character matrix combination is not identical yet, and the Quick Response Code pattern therefore generating is just various.
Fig. 1 is the overall structure figure of the sensitive data security exchange system of embodiments of the invention.As shown in Figure 1, the sensitive data security exchange system of embodiments of the invention, have key management module first terminal equipment, there is the second terminal equipment of barcode scanning/encrypting module, and service end, wherein:
Key management module comprises:
Key generation unit, it is configured to generate key, and by corresponding key storage in memory cell;
Memory cell, it stores corresponding key;
Quick Response Code generation unit, it is configured to the key of generation to generate Quick Response Code as content; And
Processing unit, itself and service end are carried out data interaction, be configured to obtain ciphertext from service end, and with corresponding secret key decryption encrypt data.
Barcode scanning/encrypting module, it is configured to scan Quick Response Code and decodes to obtain key, uses secret key encryption sensitive data, and the sensitive data after encrypting is uploaded to service end as ciphertext.
Service end, it is configured to key management module and barcode scanning/encrypting module mutual, receives and store the ciphertext that barcode scanning/encrypting module is uploaded, and issues ciphertext to key management software.
Sensitive data security exchange system of the present invention is realized between intelligent terminal and is utilized Quick Response Code to carry out sensitive data exchange safely and efficiently.By the form of Quick Response Code, can realize easily and safely the interaction problems of the sensitive data between equipment and equipment, not need the intervention of communication, there is the advantages such as safe, easy and simple to handle, with low cost, process is quick, user friendly is good.
As a kind of improvement, key generation unit concrete configuration is to generate symmetric key by symmetric encipherment algorithm, or by asymmetric arithmetic, generates the PKI of asymmetric arithmetic; Memory cell concrete configuration is storage symmetry or rivest, shamir, adelman, and symmetric key or unsymmetrical key are to information.
Barcode scanning/encrypting module can be the mobile application software (mobile APP) that Quick Response Code function and encryption function are resolved in scanning that has being installed in intelligent terminal, and mobile APP scans the Quick Response Code on its place device screen that is presented at of key management module generation.
As another kind, improve, first terminal equipment is PC or mobile terminal device, and the second terminal equipment is mobile terminal device.Mobile terminal device can be intelligent terminal, comprises the mobile devices such as smart mobile phone, panel computer, PDA, intelligent watch, intelligent glasses.Service end can be used existing cloud service (Cloud Server), can be also self-defined server.
The present invention also provides a kind of sensitive data secure exchange method, comprise: between terminal equipment when passing on encrypted sensitive data by server, by the key packet for encrypting is contained in to the transmission that Quick Response Code carries out key, thereby realize the sensitive data secure exchange between terminal equipment.
Fig. 2 is the schematic flow sheet of the sensitive data secure exchange method of embodiments of the invention.As shown in Figure 2, as embodiment, the sensitive data secure exchange method of the present embodiment specifically comprises the following steps::
S201: the key management module in first terminal equipment generates key;
S202: key management module generates Quick Response Code using generated key as content;
S203: the barcode scanning in the second terminal equipment/encrypting module scanning Quick Response Code, obtains key;
S204: barcode scanning/encrypting module is encrypted sensitive data with key, and encrypted sensitive data is uploaded to service end as ciphertext;
S205: key management module is obtained ciphertext from service end, and be decrypted to obtain sensitive data with key.
As a kind of improvement, step S203 is specially: the Quick Response Code on the screen that is presented at first terminal equipment that barcode scanning/encrypting module scanning key management module generates, obtains key.
As a kind of improvement of the present embodiment method, in step S201, the method that key management module generates key is to generate symmetric key by symmetric encipherment algorithm, or by asymmetric arithmetic, generates the PKI of asymmetric arithmetic; In step S205, when the key comprising is symmetric key, during key management module deciphering, adopt identical symmetric key deciphering in Quick Response Code; In Quick Response Code, comprise for the PKI of asymmetric arithmetic time, key management module adopts the private key relative with PKI to be decrypted.
Wherein alternatively, symmetric encipherment algorithm includes but not limited to aes algorithm, DES algorithm, TDES algorithm; Rivest, shamir, adelman includes but not limited to RSA Algorithm, ECC algorithm.
For making object of the present invention, technical scheme and advantage clearer, below in conjunction with aforementioned content, with reference to the accompanying drawing embodiment that develops simultaneously, the present invention is described in more detail.
Fig. 3 is the schematic flow sheet of the sensitive data secure exchange method of a kind of embodiment of the present invention.As shown in Figure 3, in the present embodiment, key management module is arranged in PC computer, and key generation unit adopts AES symmetric encipherment algorithm, and mobile APP is mobile phone A PP, and service end is used existing cloud service.The sensitive data secure exchange method of the present embodiment, concrete steps comprise:
1, key management Software Create symmetric key AESKey;
2, key management software generates Quick Response Code using AESKey as content;
3, mobile phone A PP scanning is presented at the Quick Response Code by key management Software Create on computer screen, reduction key A ESKey;
4, mobile phone A PP encrypts generating ciphertext AESKeyT by sensitive data by AESKey, and ciphertext AESKeyT is uploaded to cloud service;
5, the key management software in computer obtains service end ciphertext, and the key A ESKey decrypting ciphertext of preserving by inside, obtains sensitive data.
In the present embodiment, key management software can also be arranged in the intelligent terminals such as mobile phone or PAD, and its implementation procedure is consistent with in computer, repeats no more herein.
Compared with prior art, the beneficial effect of sensitive data secure exchange method and system of the present invention is: realize between intelligent terminal and utilize Quick Response Code to carry out sensitive data exchange safely and efficiently.By the form of Quick Response Code, can realize easily and safely the interaction problems of the sensitive data between equipment and equipment, not need the intervention of communication, there is the advantages such as safe, easy and simple to handle, with low cost, process is quick, user friendly is good.
Above embodiment is only exemplary embodiment of the present invention, is not used in restriction the present invention, and protection scope of the present invention is defined by the claims.Those skilled in the art can make various modifications or be equal to replacement the present invention in essence of the present invention and protection range, this modification or be equal to replacement and also should be considered as dropping in protection scope of the present invention.