CN110110533B - Method, system and medium for batch encryption and unloading of electronic files with automatic identity identification - Google Patents

Method, system and medium for batch encryption and unloading of electronic files with automatic identity identification Download PDF

Info

Publication number
CN110110533B
CN110110533B CN201910308616.8A CN201910308616A CN110110533B CN 110110533 B CN110110533 B CN 110110533B CN 201910308616 A CN201910308616 A CN 201910308616A CN 110110533 B CN110110533 B CN 110110533B
Authority
CN
China
Prior art keywords
memory
application software
user name
login password
password
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910308616.8A
Other languages
Chinese (zh)
Other versions
CN110110533A (en
Inventor
傅运根
梁中云
成春玲
邱建斌
肖芷铃
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Dunpan Technology Co ltd
Original Assignee
Shanghai Dunpan Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Dunpan Technology Co ltd filed Critical Shanghai Dunpan Technology Co ltd
Priority to CN201910308616.8A priority Critical patent/CN110110533B/en
Publication of CN110110533A publication Critical patent/CN110110533A/en
Application granted granted Critical
Publication of CN110110533B publication Critical patent/CN110110533B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/30Security of mobile devices; Security of mobile applications
    • H04W12/35Protecting application or service provisioning, e.g. securing SIM application provisioning
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/101Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measures for digital rights management

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a method, a system and a medium for batch encryption and unloading of electronic files with automatic identity identification. The invention has the beneficial effects that: the invention has the function of automatic identification of identity, is plug-and-play and convenient to use; and an encryption scheme combining software and hardware and combining a certificate and a password is adopted, so that the method has the function of automatically identifying the independent identity, adopts a file independent encryption mode with one file and one secret, has high safety and is not easy to crack.

Description

Method, system and medium for batch encryption and unloading of electronic files with automatic identity identification
Technical Field
The invention relates to the technical field of data processing, in particular to a batch encryption unloading method, a system and a medium for electronic files with automatic identification of identities.
Background
There are many ways to store files in an encrypted manner, such as a mobile phone file privacy cabinet.
The existing mobile phone file secrecy cabinet has the following defects:
1. the existing mobile phone file secrecy cabinet is deep and inconvenient to use.
2. The existing mobile phone file secrecy cabinet generally uses fingerprints and passwords for encryption and decryption (cracking), and is easy to crack.
3. The existing mobile phone file secrecy cabinet needs to manually search for a target file, the file cannot be intelligently and automatically extracted, and the user experience is poor.
4. The encrypted files in the existing mobile phone file secrecy cabinet are still stored in the mobile phone, and a large amount of mobile phone memory is occupied.
5. The encrypted files in the existing mobile phone file secrecy cabinet can only be in an encrypted state in the mobile phone file secrecy cabinet, and cannot be encrypted and protected after leaving the mobile phone file secrecy cabinet.
6. The existing mobile phone file secrecy cabinet belongs to software encryption, and has a layer of safety protection (inputting fingerprints or passwords when entering the mobile phone file secrecy cabinet), and the safety protection level is not high.
Disclosure of Invention
The invention provides an electronic file batch encryption unloading method with automatic identification, which comprises an application software activation step, a data encryption step and a data decryption step, wherein the application software activation step comprises the following steps:
step 1: when the terminal installs and activates the application software, receiving a user name input by a user, reading an initial public key in a memory, calculating an identification mark corresponding to the initial public key by the initial public key, reading a current memory mark and comparing the current memory mark with the identification mark, if the current memory mark and the identification mark are the same, sending a real-time random verification code to a specified position of the user name, receiving the real-time random verification code input by the user, continuing to activate the application software and receiving a login password set by the user, and if the comparison between the memory mark and the identification mark is different, judging the application software is pirated and quitting the application software;
step 2: when the application software is activated, a secret key of an encryption algorithm is generated, a user name, a login password and a CPK serial number identifier of a memory are combined randomly to form a set of combined public key, and the combined public key is stored in the memory and stored by a sandbox; generating a set of new CPK privacy by the combined public key, encrypting the secret key of the encryption algorithm, storing the secret key in a memory and storing the secret key in a sandbox; in the step 2, the CPK serial number mark of the memory is a new memory mark generated after the application software is activated;
and 3, step 3: after adding a salt value to the user name, encrypting the user name, storing the user name in a memory, and fixing the total encrypted value;
data encryption: when a user logs in, the application software decrypts the user name and the login password of the memory and compares the user name and the login password input by the user, if the user name and the login password are the same, the application software opens the sandbox with the password, if the user name and the login password are successfully opened, the password is right, after the sandbox is opened, the sandbox is decrypted to obtain a combined public key, the combined public key is calculated by the CPK to obtain a CPK private key, the CPK private key obtains a ciphertext of an encryption algorithm, the password of the encryption algorithm is decrypted, the file is encrypted in a one-character-one-password mode in the terminal, and the encrypted file is transferred into the memory;
the data decryption step comprises:
the first step is as follows: after the application software is opened, the application software calls data and detects whether the identification memory is a memory with a CPK identity;
the second step is that: the application software decrypts the user name and the login password of the memory and compares the user name and the login password input by the user, if the user name and the login password are the same, the user is given the password to open the sandbox, if the user name and the login password are successfully opened, the password is right, after the sandbox is opened, the combined public key is obtained after the sandbox is decrypted, the combined public key is calculated through the CPK to obtain the CPK private key, the CPK private key is used for obtaining the ciphertext of the encryption algorithm, the password of the encryption algorithm is decrypted, the CPK serial number identification of the memory is identified, the encrypted file is called into the terminal from the memory, and the file is decrypted in the terminal in a one-character-one-password mode.
As a further improvement of the invention, the user name comprises a mobile phone number and an email address, and in the step 1, when the memory identifier is the same as the identification identifier, the application software informs the background server to send the real-time random verification code to the mobile phone where the mobile phone number is located or the corresponding email.
As a further improvement of the invention, the encryption algorithm comprises a symmetric encryption algorithm and an asymmetric encryption algorithm.
As a further improvement of the invention, the symmetric encryption algorithm adopts an AES256 algorithm.
As a further improvement of the present invention, in the step 2, the arbitrary combination of the user name, the login password, and the new memory identifier generated after activating the application software to form a set of combined public keys means: a set of combined public keys is formed by combining the user name and the login password, or a set of combined public keys is formed by combining the user name and the new memory identification, or a set of combined public keys is formed by combining the login password and the new memory identification, or a set of combined public keys is formed by combining the user name, the login password and the new memory identification.
As a further improvement of the invention, when in use, the memory is connected with the terminal, the terminal comprises a mobile terminal and a personal computer, the application software installed on the mobile terminal is downloaded from an official website, and when the personal computer is connected with the memory, the personal computer installs the application software from the memory.
As a further improvement of the invention, the application software is stored in the CD area of the memory, and when the personal computer is connected with the memory, the personal computer installs the application software from the CD area of the memory.
As a further improvement of the present invention,
in the step 1, when the application software is activated, firstly reading an initial public key from a reserved area of a memory;
in the step 2, the combined public key is stored in a reserved area of a memory and is stored by a sandbox; generating a set of new CPK privacy by the combined public key, encrypting the secret key of the encryption algorithm, storing the secret key in a reserved area of a memory, and storing the secret key in a sandbox;
in the step 3, after the salt value is added to the user name, the user name is encrypted and then stored in a reserved area of a memory, and the total encrypted value is fixed;
in the data encryption step, after encrypting the file in a one-character-one-secret mode in the terminal, calling the encrypted file into a public area of a memory;
in the data decryption step, the encrypted file is called into the terminal from the public area of the memory, and the file is decrypted in the terminal in a one-character-one-secret mode.
The invention also provides an electronic file batch encryption unloading system with automatic identity identification, which comprises: memory, a processor and a computer program stored on the memory, the computer program being configured to carry out the steps of the method of the invention when called by the processor.
The invention also provides a computer-readable storage medium having stored thereon a computer program configured to, when invoked by a processor, perform the steps of the method of the invention.
The invention has the beneficial effects that: the invention has the function of automatic identification of identity, is plug-and-play and convenient to use; and an encryption scheme combining software and hardware and combining a certificate and a password is adopted, so that the method has the function of automatically identifying the independent identity, adopts a file independent encryption mode with one file and one secret, has high safety and is not easy to crack.
Drawings
FIG. 1 is a flow chart of the data encryption steps of the present invention.
Fig. 2 is a flow chart of the data decryption steps of the present invention.
Detailed Description
The invention comprises hardware and software, wherein the hardware is a memory and a terminal, and the software is application software.
The memory comprises a memory card, a U disk, a hard disk and the like, the memory can be configured according to data storage requirements, and the U disk is preferred in the invention.
The memory of the invention is provided with a data interface, the memory is connected with a terminal through the data interface, and the data interface comprises: USB (including Type-A, Type-B, Type-Micro B, Type-Micro, Type-Mini, Type-Lightning, Type-C, etc.), CAN, RS232, RS485, RS422, SD card, etc., the data interface CAN be configured according to the equipment and the data transmission need, the invention preferably uses the Type-C interface of USB3.0 as an example (the Type-C belongs to USB3.0, and has the characteristic of high-speed data transmission).
The invention divides the memory into 3 partitions including a reserved area, a CD area and a public area. Then, the public key corresponding to the memory identification is written into the reserved area.
The reserved area is not visible to the normal user.
The CD area has storage and cannot be formatted, and the CD area files and data cannot be deleted.
The common area is a storage area of the common memory.
When the mobile terminal is used, the memory is connected with the terminal, the terminal comprises a mobile terminal and a personal computer, and application software installed on the mobile terminal is downloaded from an official website.
The application software is stored in the CD area of the memory, and when the personal computer is connected with the memory, the personal computer installs the application software from the CD area of the memory.
The mobile terminal comprises a mobile phone and a tablet personal computer.
The invention discloses an electronic file batch encryption unloading method with automatic identification, which comprises an application software activation step, a data encryption step and a data decryption step, wherein the application software activation step comprises the following steps:
step 1: after a memory is connected with a terminal, application software is installed on the terminal, when the application software is activated, a user name input by a user is received, an initial public key in a reserved area of the memory is read, an identification mark corresponding to the initial public key is calculated by the initial public key, the current memory mark is read and compared with the identification mark, if the current memory mark is the same as the identification mark, a real-time random verification code is sent to the appointed position of the user name, the real-time random verification code input by the user is received, the application software is continuously activated, a login password set by the user is received, and if the comparison between the memory mark and the identification mark is different, piracy is judged and the application software exits.
The user name comprises a mobile phone number and an email address, and when the memory identification is the same as the identification, the application software informs the background server to send the real-time random verification code to the mobile phone where the mobile phone number is located or the corresponding email.
Step 2: when the application software is activated, a secret key of an encryption algorithm is generated, a user name, a login password and a CPK serial number identifier of a memory are combined randomly to form a set of combined public key, and the combined public key is stored in a reserved area of the memory and is stored by a sandbox; generating a set of new CPK privacy by the combined public key, encrypting the secret key of the encryption algorithm, storing the secret key in a reserved area of a memory, and storing the secret key in a sandbox; in the step 2, the CPK serial number mark of the memory is a new memory mark generated after the application software is activated;
the encryption algorithm comprises a symmetric encryption algorithm and an asymmetric encryption algorithm, the symmetric encryption algorithm comprises AES256 and SM2, the AES256 algorithm is preferably adopted in the invention, for example, in step 2, when the application software is activated, a key of the AES256 is generated; and generating a set of new CPK privacy by combining the public keys, encrypting the key of the AES256, storing the key into a reserved area of a memory, and storing the key by using a sandbox.
The random combination of the user name, the login password and the new memory identification generated after the application software is activated to form a set of combined public keys is as follows: a set of combined public keys is formed by combining the user name and the login password, or a set of combined public keys is formed by combining the user name and the new memory identification, or a set of combined public keys is formed by combining the login password and the new memory identification, or a set of combined public keys is formed by combining the user name, the login password and the new memory identification.
And 3, step 3: after adding a salt value to the user name, encrypting the user name, storing the user name in a reserved area of a memory, and fixing an encrypted total value; the application software activates a fixed encryption total value formed by the login password and the user name to be a sandbox open password, and a sandbox password storage mechanism is equal to a security password of the memory.
After the application software activation step is executed, if the application software is activated, the user does not need to activate the application software any more, the application software is activated once, and the application software can be normally opened for use through a user name and a login password.
As shown in fig. 1, the data encryption step: the method comprises the steps that a memory and a terminal are connected together, when a user logs in, application software decrypts a user name and a login password of a reserved area in the memory and the user name and the login password input by the user, if the user name and the login password are the same, the password is given to open a sandbox, if the user name and the login password can be successfully opened, the password is right, after the sandbox is opened, a combined public key is obtained after the sandbox is decrypted, the combined public key is calculated through a CPK to obtain a CPK private key, an encryption algorithm (AES256) ciphertext is obtained through the CPK private key, the encryption algorithm (AES256) password is decrypted, a file is encrypted in the terminal in a one-character one-password mode, and the encrypted file is transferred into a public area of the memory.
As shown in fig. 2, the data decryption step includes:
firstly, connecting a memory with a terminal, calling data into application software after the application software is opened, and detecting and identifying the memory; the detection identification memory comprises a detection memory and an identification memory, and the detection memory: that is, memory is detected (e.g., a usb disk is detected); identifying a memory: it is identified whether the memory is a memory with a CPK identity (i.e. whether the memory belongs to a memory with a serial number).
The second step is that: the application software decrypts the user name and the login password of the memory and compares the user name and the login password input by the user, if the user name and the login password are the same, the password is given to open a sandbox, if the user name and the login password are successfully opened, the password is right, after the sandbox is opened, the combined public key is obtained after the sandbox is decrypted, the combined public key is calculated through the CPK to obtain a CPK private key, an encryption algorithm (AES256) ciphertext is obtained through the CPK private key, the encryption algorithm (AES256) password is unlocked, the identification is identified, the encrypted file is called into the terminal from the public area of the memory, and the file is decrypted in the terminal in a one-character-one-password mode.
The invention also discloses an electronic file batch encryption unloading system with automatic identity identification, which comprises the following components: memory, a processor and a computer program stored on the memory, the computer program being configured to carry out the steps of the method of the invention when called by the processor.
The invention also discloses a computer-readable storage medium storing a computer program configured to, when invoked by a processor, implement the steps of the method of the invention.
The invention also discloses an electronic file batch encryption unloading device with automatic identity identification, which is characterized by comprising an application software activation unit, a data encryption unit and a data decryption unit, wherein the application software activation unit comprises:
an initial activation module: the terminal is used for receiving a user name input by a user when the terminal installs and activates application software, reading an initial public key in a memory, calculating an identification mark corresponding to the initial public key by the initial public key, reading a current memory mark and comparing the current memory mark with the identification mark, if the current memory mark and the identification mark are the same, sending a real-time random verification code to a specified position of the user name, receiving the real-time random verification code input by the user, continuing to activate the application software and receiving a login password set by the user, and if the comparison between the memory mark and the identification mark is different, judging that the application software is pirated and quitting the application software;
a key saving module: the combined public key is stored in the memory and is stored by a sandbox; generating a set of new CPK privacy by the combined public key, encrypting the secret key of the encryption algorithm, storing the secret key in a memory and storing the secret key in a sandbox; in the key storage module, the CPK serial number mark of the memory is a new memory mark generated after the application software is activated;
a processing module: after the salt value is added to the user name, the user name is encrypted and then stored in a memory, and the total encrypted value is fixed;
a data encryption unit: when a user logs in, the application software decrypts the user name and the login password of the memory and the user name and the login password input by the user, if the user name and the login password are the same, the application software decrypts the user name and the login password of the memory, if the user name and the login password are the same, the application software opens the sandbox with the password, if the user name and the login password are successfully opened, the password is right, after the sandbox is opened, the combined public key is obtained after the sandbox is decrypted, the combined public key is calculated through the CPK to obtain a CPK private key, a ciphertext of an encryption algorithm is obtained through the CPK private key, the password of the encryption algorithm is decrypted, the file is encrypted in a one-character-one-password mode in the terminal, and the encrypted file is transferred into the memory; if the user name and the login password of the application software decryption memory are different from the user name and the login password input by the user, quitting the application software;
the data decryption unit includes:
a data call-in module: the device is used for calling data and detecting and identifying the memory by the application software after the application software is opened; the detection identification memory comprises a detection memory and an identification memory, and the detection memory: that is, memory is detected (e.g., a usb disk is detected); identifying a memory: it is identified whether the memory is a memory with a CPK identity (i.e. whether the memory belongs to a memory with a serial number).
A decryption processing module: the method comprises the steps that a user name and a login password used for an application software decryption memory are compared with the user name and the login password input by a user, if the user name and the login password are the same, a sandbox is opened by giving the password, if the user name and the login password can be successfully opened, the password is right, after the sandbox is opened, a combined public key is obtained after the sandbox is decrypted, the combined public key is calculated through a CPK (public key), a CPK private key is obtained through the CPK private key, a cipher text of an encryption algorithm is decrypted, the password of the encryption algorithm is decrypted, an identification is identified, the encrypted file is called into a terminal from the memory, and the file is decrypted in the terminal in a one-text-one-secret mode; and if the user name and the login password of the application software decryption memory are different from the user name and the login password input by the user, exiting the application software.
The user name comprises a mobile phone number and an email address, and in the initial activation module, when the memory identifier is the same as the identification identifier, the application software informs the background server to send a real-time random verification code to the mobile phone where the mobile phone number is located or the corresponding email;
in the key storage module, a set of combined public keys formed by randomly combining a user name, a login password and a new memory identifier generated after activating application software is that: a set of combined public keys is formed by combining the user name and the login password, or a set of combined public keys is formed by combining the user name and the new memory identification, or a set of combined public keys is formed by combining the login password and the new memory identification, or a set of combined public keys is formed by combining the user name, the login password and the new memory identification.
When the device is used, the memory is connected with the terminal, the terminal comprises a mobile terminal and a personal computer, application software installed on the mobile terminal is downloaded from an official website, and when the personal computer is connected with the memory, the personal computer installs the application software from the memory; the application software is stored in the CD area of the memory, and when the personal computer is connected with the memory, the personal computer installs the application software from the CD area of the memory.
In the initial activation module, when the application software is activated, firstly reading an initial public key from a reserved area of a memory;
in the key storage module, the combined public key is stored in a reserved area of a memory and is stored by a sandbox; generating a set of new CPK privacy by the combined public key, encrypting the secret key of the encryption algorithm, storing the secret key in a reserved area of a memory, and storing the secret key in a sandbox;
in the processing module, after the salt value is added to the user name, the user name is encrypted and then stored in a reserved area of a memory, and the total encrypted value is fixed;
in the data encryption unit, after encrypting the file in a one-character-one-secret mode in the terminal, calling the encrypted file into a public area of a memory;
in the data decryption unit, the encrypted file is called from the public area of the memory to the terminal, and the file is decrypted in the terminal in a one-character-one-secret mode.
The invention has the beneficial effects that:
1. the invention has the function of automatic identification of identity, is plug-and-play and is convenient to use.
2. The invention adopts a software and hardware combined encryption scheme, has the function of automatically identifying the independent identity, adopts a file independent encryption mode with one file and one secret, has high safety and is not easy to crack.
3. The invention can transfer all mobile phone files by one key, can also transfer files manually, and can carry out automatic classification, encryption and storage, thus being simple and easy to understand.
4. The encrypted file can be stored in a memory, does not occupy any mobile phone memory, and can be inserted when the user wants to use the mobile phone.
The encrypted file of the memory of the invention can be backed up to the mobile phone or any other memory.
5. The encrypted file can be encrypted in batches and then sent to a mobile phone or any memory, and the file is protected by encryption in the transmission and storage processes, so that the application range is wide.
6. The invention belongs to software and hardware, makes full use of the uniqueness of independent identity identification of the hardware, leaves no file opened by the software or the hardware, cannot see or open the encrypted file even if the hardware is picked up, and has high safety.
7. And if the mobile phone encryption and transfer hardware is lost, purchasing a new mobile phone encryption and transfer hardware, and using the real mobile phone for identification and activation, the original encrypted file can still be automatically decrypted.
8. According to the file encryption and decryption method, if a login password exists and a USB flash disk with a public key and a private key does not exist, encryption and decryption cannot be carried out; and the encryption and decryption can not be carried out without login passwords when the USB flash disk with the public and private keys is used.
9. The reserved area is invisible to common users, a password needs to be logged in addition to the agreement of our company, and multiple layers of protection measures are provided for public and private keys.
10. The CD area has storage and cannot be formatted, and the CD area files and data cannot be deleted.
11. The invention has various data interfaces, and the data interfaces can be configured according to equipment and data transmission requirements, thereby having high market application applicability.
12. The memory of the present invention comprises: the storage device comprises a memory card, a U disk, a hard disk and the like, wherein the memory can be configured according to the data storage requirement, and the memory can be wide in selectivity.
13. The invention can carry out mass production burn-in (the common memory also needs a mass production burn-in link) only by cooperating with the memory master control room to obtain the SDK or the protocol of a master control provider, and the production of the memory does not need to increase additional process and production cost.
The foregoing is a more detailed description of the invention in connection with specific preferred embodiments and it is not intended that the invention be limited to these specific details. For those skilled in the art to which the invention pertains, several simple deductions or substitutions can be made without departing from the spirit of the invention, and all shall be considered as belonging to the protection scope of the invention.

Claims (10)

1. The electronic file batch encryption unloading method with automatic identification is characterized by comprising an application software activation step, a data encryption step and a data decryption step, wherein the application software activation step comprises the following steps:
step 1: when the terminal installs and activates the application software, receiving a user name input by a user, reading an initial public key in a memory, calculating an identification mark corresponding to the initial public key by the initial public key, reading a current memory mark and comparing the current memory mark with the identification mark, if the current memory mark and the identification mark are the same, sending a real-time random verification code to a specified position of the user name, receiving the real-time random verification code input by the user, continuing to activate the application software and receiving a login password set by the user, and if the comparison between the memory mark and the identification mark is different, judging the application software is pirated and quitting the application software;
step 2: when the application software is activated, a secret key of an encryption algorithm is generated, a user name, a login password and a CPK serial number identifier of a memory are combined randomly to form a set of combined public key, and the combined public key is stored in the memory and stored by a sandbox; generating a set of new CPK privacy by the combined public key, encrypting the secret key of the encryption algorithm, storing the secret key in a memory and storing the secret key in a sandbox; in the step 2, the CPK serial number mark of the memory is a new memory mark generated after the application software is activated;
and 3, step 3: after adding a salt value to the user name, encrypting the user name, storing the user name in a memory, and fixing the total encrypted value;
data encryption: when a user logs in, the application software decrypts the user name and the login password of the memory and compares the user name and the login password input by the user, if the user name and the login password are the same, the application software opens the sandbox with the password, if the user name and the login password are successfully opened, the password is right, after the sandbox is opened, the sandbox is decrypted to obtain a combined public key, the combined public key is calculated by the CPK to obtain a CPK private key, the CPK private key obtains a ciphertext of an encryption algorithm, the password of the encryption algorithm is decrypted, the file is encrypted in a one-character-one-password mode in the terminal, and the encrypted file is transferred into the memory; if the user name and the login password of the application software decryption memory are different from the user name and the login password input by the user, quitting the application software;
the data decryption step comprises:
the first step is as follows: after the application software is opened, the application software calls data and detects whether the identification memory is a memory with a CPK identity;
the second step is that: the application software decrypts the user name and the login password of the memory and compares the user name and the login password input by the user, if the user name and the login password are the same, the user is given the password to open the sandbox, if the user name and the login password are successfully opened, the password is right, after the sandbox is opened, the combined public key is obtained after the sandbox is decrypted, the combined public key is calculated through the CPK to obtain the CPK private key, the CPK private key is used for obtaining the ciphertext of the encryption algorithm, the password of the encryption algorithm is decrypted, the CPK serial number identification of the memory is identified, the encrypted file is called into the terminal from the memory, and the file is decrypted in the terminal in a one-file-password mode; and if the user name and the login password of the application software decryption memory are different from the user name and the login password input by the user, exiting the application software.
2. The method for batch encryption and unloading of electronic files according to claim 1, wherein the user name comprises a mobile phone number and an email address, and in the step 1, when the memory identifier is the same as the identification identifier, the application software notifies the background server to send a real-time random verification code to the mobile phone where the mobile phone number is located or the corresponding email;
in the step 2, the arbitrary combination of the user name, the login password and the new memory identifier generated after the application software is activated to form a set of combined public key means that: a set of combined public keys is formed by combining the user name and the login password, or a set of combined public keys is formed by combining the user name and the new memory identification, or a set of combined public keys is formed by combining the login password and the new memory identification, or a set of combined public keys is formed by combining the user name, the login password and the new memory identification.
3. The method for bulk encryption and unloading of electronic files according to claim 1, wherein in use, the memory is connected to the terminal, the terminal comprises a mobile terminal and a personal computer, the application software installed on the mobile terminal is downloaded from an official website, and when the personal computer is connected to the memory, the personal computer installs the application software from the memory;
the application software is stored in the CD area of the memory, and when the personal computer is connected with the memory, the personal computer installs the application software from the CD area of the memory.
4. The batch encryption unloading method for the electronic files according to claim 1, characterized in that:
in the step 1, when the application software is activated, firstly reading an initial public key from a reserved area of a memory;
in the step 2, the combined public key is stored in a reserved area of a memory and is stored by a sandbox; generating a set of new CPK privacy by the combined public key, encrypting the secret key of the encryption algorithm, storing the secret key in a reserved area of a memory, and storing the secret key in a sandbox;
in the step 3, after the salt value is added to the user name, the user name is encrypted and then stored in a reserved area of a memory, and the total encrypted value is fixed;
in the data encryption step, after encrypting the file in a one-character-one-secret mode in the terminal, calling the encrypted file into a public area of a memory;
in the data decryption step, the encrypted file is called into the terminal from the public area of the memory, and the file is decrypted in the terminal in a one-character-one-secret mode.
5. The utility model provides a take electronic file of automatic identification to encrypt in batches and unload device which characterized in that, includes application software activation unit, data encryption unit and data decryption unit, application software activation unit includes:
an initial activation module: the terminal is used for receiving a user name input by a user when the terminal installs and activates application software, reading an initial public key in a memory, calculating an identification mark corresponding to the initial public key by the initial public key, reading a current memory mark and comparing the current memory mark with the identification mark, if the current memory mark and the identification mark are the same, sending a real-time random verification code to a specified position of the user name, receiving the real-time random verification code input by the user, continuing to activate the application software and receiving a login password set by the user, and if the comparison between the memory mark and the identification mark is different, judging that the application software is pirated and quitting the application software;
a key saving module: the combined public key is stored in the memory and is stored by a sandbox; generating a set of new CPK privacy by the combined public key, encrypting the secret key of the encryption algorithm, storing the secret key in a memory and storing the secret key in a sandbox; in the key storage module, the CPK serial number mark of the memory is a new memory mark generated after the application software is activated;
a processing module: after the salt value is added to the user name, the user name is encrypted and then stored in a memory, and the total encrypted value is fixed;
a data encryption unit: when a user logs in, the application software decrypts the user name and the login password of the memory and the user name and the login password input by the user, if the user name and the login password are the same, the application software decrypts the user name and the login password of the memory, if the user name and the login password are the same, the application software opens the sandbox with the password, if the user name and the login password are successfully opened, the password is right, after the sandbox is opened, the combined public key is obtained after the sandbox is decrypted, the combined public key is calculated through the CPK to obtain a CPK private key, a ciphertext of an encryption algorithm is obtained through the CPK private key, the password of the encryption algorithm is decrypted, the file is encrypted in a one-character-one-password mode in the terminal, and the encrypted file is transferred into the memory; if the user name and the login password of the application software decryption memory are different from the user name and the login password input by the user, quitting the application software;
the data decryption unit includes:
a data call-in module: the device is used for calling data by the application software after the application software is opened, and detecting whether the identification memory is a memory with a CPK identity mark;
a decryption processing module: the method comprises the steps that a user name and a login password used for an application software decryption memory are compared with the user name and the login password input by a user, if the user name and the login password are the same, a sandbox is opened by giving the password, if the user name and the login password can be successfully opened, the password is right, after the sandbox is opened, a combined public key is obtained after the sandbox is decrypted, the combined public key is calculated through a CPK to obtain a CPK private key, a ciphertext of an encryption algorithm is obtained through the CPK private key, the password of the encryption algorithm is decrypted, the CPK serial number identification of the memory is identified, the encrypted file is called into a terminal from the memory, and the file is decrypted in the terminal in a one-character-one-password mode; and if the user name and the login password of the application software decryption memory are different from the user name and the login password input by the user, exiting the application software.
6. The device for bulk encryption and unloading of electronic files according to claim 5, wherein the user name includes a mobile phone number and an email address, and in the initial activation module, when the memory identifier is the same as the identification identifier, the application software notifies the background server to send a real-time random verification code to the mobile phone where the mobile phone number is located or the corresponding email;
in the key storage module, a set of combined public keys formed by randomly combining a user name, a login password and a new memory identifier generated after activating application software is that: a set of combined public keys is formed by combining the user name and the login password, or a set of combined public keys is formed by combining the user name and the new memory identification, or a set of combined public keys is formed by combining the login password and the new memory identification, or a set of combined public keys is formed by combining the user name, the login password and the new memory identification.
7. The device for bulk encryption and unloading of electronic files according to claim 5, wherein the memory is connected to the terminal when in use, the terminal comprises a mobile terminal and a personal computer, the application software installed on the mobile terminal is downloaded from the official website, and the personal computer installs the application software from the memory when connected to the memory; the application software is stored in the CD area of the memory, and when the personal computer is connected with the memory, the personal computer installs the application software from the CD area of the memory.
8. The batch encryption unloading device for electronic files according to claim 5,
in the initial activation module, when the application software is activated, firstly reading an initial public key from a reserved area of a memory;
in the key storage module, the combined public key is stored in a reserved area of a memory and is stored by a sandbox; generating a set of new CPK privacy by the combined public key, encrypting the secret key of the encryption algorithm, storing the secret key in a reserved area of a memory, and storing the secret key in a sandbox;
in the processing module, after the salt value is added to the user name, the user name is encrypted and then stored in a reserved area of a memory, and the total encrypted value is fixed;
in the data encryption unit, after encrypting the file in a one-character-one-secret mode in the terminal, calling the encrypted file into a public area of a memory;
in the data decryption unit, the encrypted file is called from the public area of the memory to the terminal, and the file is decrypted in the terminal in a one-character-one-secret mode.
9. The utility model provides a take electronic file of automatic identification to encrypt in batches and unload system which characterized in that includes: memory, a processor and a computer program stored on the memory, the computer program being configured to carry out the steps of the method of any one of claims 1-4 when invoked by the processor.
10. A computer-readable storage medium characterized by: the computer-readable storage medium stores a computer program configured to implement the steps of the method of any one of claims 1-4 when invoked by a processor.
CN201910308616.8A 2019-04-17 2019-04-17 Method, system and medium for batch encryption and unloading of electronic files with automatic identity identification Active CN110110533B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910308616.8A CN110110533B (en) 2019-04-17 2019-04-17 Method, system and medium for batch encryption and unloading of electronic files with automatic identity identification

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910308616.8A CN110110533B (en) 2019-04-17 2019-04-17 Method, system and medium for batch encryption and unloading of electronic files with automatic identity identification

Publications (2)

Publication Number Publication Date
CN110110533A CN110110533A (en) 2019-08-09
CN110110533B true CN110110533B (en) 2022-04-29

Family

ID=67485627

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910308616.8A Active CN110110533B (en) 2019-04-17 2019-04-17 Method, system and medium for batch encryption and unloading of electronic files with automatic identity identification

Country Status (1)

Country Link
CN (1) CN110110533B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113347159B (en) * 2021-05-18 2024-04-02 浪潮金融信息技术有限公司 Data transmission method, system and storage medium of self-service terminal

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2012144909A1 (en) * 2011-04-19 2012-10-26 Invenia As Method for secure storing of a data file via a computer communication network
CN103577769A (en) * 2013-11-05 2014-02-12 曙光云计算技术有限公司 File content safety management method and management system
US9553855B2 (en) * 2014-02-14 2017-01-24 Red Hat, Inc. Storing a key to an encrypted file in kernel memory
CN105022962A (en) * 2015-07-02 2015-11-04 四川效率源信息安全技术有限责任公司 Encryption protection method of network hard disk data content
US9813414B2 (en) * 2015-11-30 2017-11-07 International Business Machines Corporation Password-based management of encrypted files
CN107154848A (en) * 2017-03-10 2017-09-12 深圳市盾盘科技有限公司 A kind of data encryption based on CPK certifications and storage method and device
CN107766700A (en) * 2017-09-30 2018-03-06 江苏睿泰数字产业园有限公司 Digital publishing system and method for copyright protection

Also Published As

Publication number Publication date
CN110110533A (en) 2019-08-09

Similar Documents

Publication Publication Date Title
KR102307665B1 (en) identity authentication
CA2709944C (en) System and method for securing data
US8572392B2 (en) Access authentication method, information processing unit, and computer product
CN103931137B (en) Method and storage device for protecting content
CN100495421C (en) Authentication protection method based on USB device
CN107679370B (en) Equipment identifier generation method and device
CN113557703B (en) Authentication method and device of network camera
US20080010453A1 (en) Method and apparatus for one time password access to portable credential entry and memory storage devices
US20110047378A1 (en) System and method for identifying account and peripheral device thereof
CN102799803A (en) Secure removable media and method for managing the same
CN101771680B (en) Method for writing data to smart card, system and remote writing-card terminal
US20130262876A1 (en) Method, Apparatus, and System for Performing Authentication on Bound Data Card and Mobile Host
US20180053018A1 (en) Methods and systems for facilitating secured access to storage devices
TWI644229B (en) Data center with data encryption and operating method thererfor
CN115952552B (en) Remote data destruction method, system and equipment
CN108256302A (en) Data Access Security method and device
CN109076054A (en) System and method for managing the encryption key of single-sign-on application program
CN110402440B (en) Segmented key authentication system
US20170091483A1 (en) Method and Device for Protecting Address Book, and Communication System
CN110110533B (en) Method, system and medium for batch encryption and unloading of electronic files with automatic identity identification
CN103930894A (en) Storage device reader having security function and security method using same
CN108234126B (en) System and method for remote account opening
CN108234125A (en) For the system and method for authentication
CN114357398A (en) Terminal access right processing method and device and electronic equipment
CN107766735A (en) A kind of invisible encryption storage method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant