CN110381044A - A kind of encryption system based on pluggable key management end - Google Patents

A kind of encryption system based on pluggable key management end Download PDF

Info

Publication number
CN110381044A
CN110381044A CN201910610060.8A CN201910610060A CN110381044A CN 110381044 A CN110381044 A CN 110381044A CN 201910610060 A CN201910610060 A CN 201910610060A CN 110381044 A CN110381044 A CN 110381044A
Authority
CN
China
Prior art keywords
key
pluggable
encryption
management end
key management
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910610060.8A
Other languages
Chinese (zh)
Inventor
吕卿
王勇
耿加申
钱岩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Unicloud Technology Co Ltd
Original Assignee
Unicloud Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Unicloud Technology Co Ltd filed Critical Unicloud Technology Co Ltd
Priority to CN201910610060.8A priority Critical patent/CN110381044A/en
Publication of CN110381044A publication Critical patent/CN110381044A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention provides a kind of encryption system based on pluggable key management end, client provides visualization interface, proposes encryption and decryption request to pluggable key management end by client, SSL safe lane is established between client and cloud platform;Pluggable key management end includes password fingerprint authentication module, key generates and memory module and encryption/decryption module, and pluggable key management end keeps the management of key safer by pluggable equipment;Cloud platform includes cipher key backup module, and cloud platform is responsible for backing up encrypted key.Client is only responsible for providing visualization interface in the present invention, and data encrypting and deciphering work is carried out by pluggable key management end, do not depend on the safety of client environment, keep ciphering process more safe and reliable;Cipher key backup function is provided by cloud platform, is decrypted by pluggable key management end, separates the key of backup with encryption/decryption module, can avoid Key Exposure.

Description

A kind of encryption system based on pluggable key management end
Technical field
The invention belongs to field of information security technology, more particularly, to a kind of encryption system based on pluggable key management end System.
Background technique
With the development of science and technology, the rapid development of Internet technology, information security issue also shows and protrudes day, and for enterprise For, business secret, data information of enterprise etc. are all particularly important, are all the intangible assets of enterprise, are related to the normal of enterprise Operation and market competition.
Key cryptographic systems are usually made of key management end, client and cloud, carry out key by key management end Management, client carries out file encryption decryption, but the system in the prior art has the disadvantage that: firstly, cipher key backup is placed on Key management end carries out, and there are the risks of larger Key Exposure;Secondly, key management end can not carry out encryption and decryption, encryption and decryption function Client can be all relied on, have biggish dependence to user rs environment safety, cause the safety of system encryption and decryption itself compared with It is low;Finally, the communication channel between client and cloud is dangerous, the data of transmission are easily revealed.
Summary of the invention
In view of this, the present invention is directed to propose a kind of encryption system based on pluggable key management end, client are only born Duty provides visualization interface, and data encrypting and deciphering work is carried out by pluggable key management end, does not depend on the safety of client environment Property, keep ciphering process more safe and reliable;Cipher key backup function is provided by cloud platform, is solved by pluggable key management end It is close, it separates the key of backup with encryption/decryption module, can avoid Key Exposure;Client and cloud platform establish encryption safe channel SSL, communication transmitting data can prevent leakage of data by encryption.
In order to achieve the above objectives, the technical scheme of the present invention is realized as follows:
A kind of encryption system based on pluggable key management end, including client, pluggable key management end and Yun Ping Platform;
Client provides visualization interface, proposes encryption and decryption request, client to pluggable key management end by client SSL safe lane is established between end and cloud platform, protects communication data transfer;
Pluggable key management end includes password fingerprint authentication module, key generates and memory module and encryption/decryption module, Pluggable key management end keeps the management of key safer by pluggable equipment, and pluggable key management end carries out key It generates, the encryption and decryption of storage and file, and key is exported and is backed up by cloud platform;
Cloud platform includes cipher key backup module, and cloud platform is responsible for backing up encrypted key so that backup key with plus Deciphering module separation, data can not decrypt after avoiding key from losing.
It further, include noise module in pluggable key management end, key generates and memory module is made an uproar by chip Sound source generates true random number and generates clear data encryption key, keeps the safety of key higher.
Further, key, which is generated, generates master key using symmetric encipherment algorithm with memory module, improves the efficiency of encryption.
Further, encryption/decryption module by master key by clear data encryption key carry out encryption generate ciphertext data add Key.
Further, key generate and memory module by ciphertext data encryption key be transferred to cipher key backup module carry out it is standby Part.
Further, encryption/decryption module generated using key ciphertext encrypted with the master key of memory module creation preservation it is close Key decryption is clear data encryption key, and is transferred to client by encrypted tunnel.
Compared with the existing technology, a kind of encryption system based on pluggable key management end of the present invention has following Advantage:
A kind of encryption system based on pluggable key management end of the present invention, client are only responsible for providing visualization Interface, data encrypting and deciphering work are carried out by pluggable key management end, do not depend on the safety of client environment, make ciphering process It is more safe and reliable;Cipher key backup function is provided by cloud platform, is decrypted by pluggable key management end, the key of backup is made It is separated with encryption/decryption module, can avoid Key Exposure;Client and cloud platform establish encryption safe channel SSL, communications number Leakage of data can be prevented according to by encryption.
Detailed description of the invention
The attached drawing for constituting a part of the invention is used to provide further understanding of the present invention, schematic reality of the invention It applies example and its explanation is used to explain the present invention, do not constitute improper limitations of the present invention.
In the accompanying drawings:
Fig. 1 is a kind of encryption system schematic diagram based on pluggable key management end described in the embodiment of the present invention.
Specific embodiment
It should be noted that in the absence of conflict, the feature in embodiment and embodiment in the present invention can phase Mutually combination.
In the description of the present invention, it is to be understood that, term " center ", " longitudinal direction ", " transverse direction ", "upper", "lower", The orientation or positional relationship of the instructions such as "front", "rear", "left", "right", "vertical", "horizontal", "top", "bottom", "inner", "outside" is It is based on the orientation or positional relationship shown in the drawings, is merely for convenience of description of the present invention and simplification of the description, rather than instruction or dark Show that signified device or element must have a particular orientation, be constructed and operated in a specific orientation, therefore should not be understood as pair Limitation of the invention.In addition, term " first ", " second " etc. are used for description purposes only, it is not understood to indicate or imply phase To importance or implicitly indicate the quantity of indicated technical characteristic.The feature for defining " first ", " second " etc. as a result, can To explicitly or implicitly include one or more of the features.In the description of the present invention, unless otherwise indicated, " multiple " It is meant that two or more.
In the description of the present invention, it should be noted that unless otherwise clearly defined and limited, term " installation ", " phase Even ", " connection " shall be understood in a broad sense, for example, it may be being fixedly connected, may be a detachable connection, or be integrally connected;It can To be mechanical connection, it is also possible to be electrically connected;It can be directly connected, can also can be indirectly connected through an intermediary Connection inside two elements.For the ordinary skill in the art, above-mentioned term can be understood by concrete condition Concrete meaning in the present invention.
The present invention will be described in detail below with reference to the accompanying drawings and embodiments.
As shown in Figure 1, a kind of encryption system based on pluggable key management end, including client, pluggable key pipe Manage end and cloud platform;
Client provides visualization interface, proposes encryption and decryption request, client to pluggable key management end by client SSL safe lane is established between end and cloud platform, protects communication data transfer;
Pluggable key management end includes password fingerprint authentication module, key generates and memory module and encryption/decryption module, Pluggable key management end keeps the management of key safer by pluggable equipment, and pluggable key management end carries out key It generates, the encryption and decryption of storage and file, and key is exported and is backed up by cloud platform;
Cloud platform includes cipher key backup module, and cloud platform is responsible for backing up encrypted key so that backup key with plus Deciphering module separation, data can not decrypt after avoiding key from losing.
As shown in Figure 1, including noise module in pluggable key management end, key generates and memory module is made an uproar by chip Sound source generates true random number and generates clear data encryption key, keeps the safety of key higher.
As shown in Figure 1, key, which is generated, generates master key using symmetric encipherment algorithm with memory module, the effect of encryption is improved Rate.
As shown in Figure 1, clear data encryption key is carried out encryption by master key by encryption/decryption module generates ciphertext data Encryption key.
As shown in Figure 1, key generates and ciphertext data encryption key is transferred to cipher key backup module and carried out by memory module Backup.
Ciphertext is encrypted as shown in Figure 1, encryption/decryption module generates the master key saved with memory module creation using key Key decryption is clear data encryption key, and is transferred to client by encrypted tunnel.
In the embodiment of the present invention key generate and management process the following steps are included:
S1: user creates master key by client on pluggable key management end and sends out to pluggable key management end Send the request of data encryption key;
S2: pluggable key management end generates true random number, generates clear data encryption key by this true random number;
S3: the clear data encryption key in S2 is carried out encryption life by the master key in S1 by pluggable key management end At ciphertext data encryption key;
S4: clear data encryption key and ciphertext data encryption key are sent out by exit passageway at pluggable key management end Give user;
S5: user uses clear data encryption keys local file, and local clear data encryption key is deleted, Clear data Key Exposure is avoided to lead to leakage of data;
S6: since pluggable key management end does not provide cipher key backup function, user may be selected will be close by exit passageway Literary data encryption key, which is transferred in cloud platform, to be backed up.
Ciphering process in the embodiment of the present invention includes: that user passes through client visible interface in pluggable key management Master key is established on end, user will need the file encrypted to be transmitted to pluggable key management end by client, pluggable close Key management end encrypts user data based on the algorithm that user selectes, and encrypted data are returned at pluggable key management end Back to user.
Decrypting process in the embodiment of the present invention includes: that the ciphertext data encryption key oneself saved is transferred to by user can Key management end is plugged, it is clear data encryption key that pluggable key management end is decrypted using the master key of the key, Clear data encryption key is passed to user by pluggable key management end, and user is counted using the clear data encryption key According to decryption.
The foregoing is merely illustrative of the preferred embodiments of the present invention, is not intended to limit the invention, all in essence of the invention Within mind and principle, any modification, equivalent replacement, improvement and so on be should all be included in the protection scope of the present invention.

Claims (6)

1. a kind of encryption system based on pluggable key management end, it is characterised in that: including client, pluggable key management End and cloud platform;
The client provides visualization interface, proposes that encryption and decryption is asked to the pluggable key management end by the client It asks, SSL safe lane is established between the client and the cloud platform, protect communication data transfer;
The pluggable key management end includes password fingerprint authentication module, key generates and memory module and encryption/decryption module, The pluggable key management end keeps the management of key safer by pluggable equipment, the pluggable key management end into The encryption and decryption of generation, the storage and file of row key, and key is exported and is backed up by the cloud platform;
The cloud platform includes cipher key backup module, and the cloud platform is responsible for backing up encrypted key, so that the key of backup It is separated with the encryption/decryption module, data can not decrypt after avoiding key from losing.
2. a kind of encryption system based on pluggable key management end according to claim 1, it is characterised in that: it is described can Plugging includes noise module in key management end, and the key, which is generated, generates true random number by chip noise source with memory module Clear data encryption key is generated, keeps the safety of key higher.
3. a kind of encryption system based on pluggable key management end according to claim 2, it is characterised in that: described close Key, which is generated, generates master key using symmetric encipherment algorithm with memory module, improves the efficiency of encryption.
4. a kind of encryption system based on pluggable key management end according to claim 3, it is characterised in that: described to add Clear data encryption key is carried out encryption by master key and generates ciphertext data encryption key by deciphering module.
5. a kind of encryption system based on pluggable key management end according to claim 4, it is characterised in that: described close Key generates and ciphertext data encryption key is transferred to the cipher key backup module and backed up by memory module.
6. a kind of encryption system based on pluggable key management end according to claim 3, it is characterised in that: described to add It is plaintext number that deciphering module, which generates the master key saved with memory module creation using the key for ciphertext encryption key decryption, The client is transferred to according to encryption key, and by encrypted tunnel.
CN201910610060.8A 2019-07-08 2019-07-08 A kind of encryption system based on pluggable key management end Pending CN110381044A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910610060.8A CN110381044A (en) 2019-07-08 2019-07-08 A kind of encryption system based on pluggable key management end

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910610060.8A CN110381044A (en) 2019-07-08 2019-07-08 A kind of encryption system based on pluggable key management end

Publications (1)

Publication Number Publication Date
CN110381044A true CN110381044A (en) 2019-10-25

Family

ID=68252431

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910610060.8A Pending CN110381044A (en) 2019-07-08 2019-07-08 A kind of encryption system based on pluggable key management end

Country Status (1)

Country Link
CN (1) CN110381044A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111080845A (en) * 2019-10-29 2020-04-28 深圳市汇顶科技股份有限公司 Temporary unlocking method, system, door lock, administrator terminal and readable storage medium
CN113158201A (en) * 2021-02-26 2021-07-23 云码智能(海南)科技有限公司 Information safety backup method and device
CN114172733A (en) * 2021-12-10 2022-03-11 中科计算技术西部研究院 Medical sample data encryption transmission method based on plug-in encryption terminal

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111080845A (en) * 2019-10-29 2020-04-28 深圳市汇顶科技股份有限公司 Temporary unlocking method, system, door lock, administrator terminal and readable storage medium
CN113158201A (en) * 2021-02-26 2021-07-23 云码智能(海南)科技有限公司 Information safety backup method and device
CN114172733A (en) * 2021-12-10 2022-03-11 中科计算技术西部研究院 Medical sample data encryption transmission method based on plug-in encryption terminal
CN114172733B (en) * 2021-12-10 2024-04-05 中科计算技术西部研究院 Medical sample data encryption transmission method based on pluggable encryption terminal

Similar Documents

Publication Publication Date Title
CN109495274B (en) Decentralized intelligent lock electronic key distribution method and system
CN109561047B (en) Encrypted data storage system and method based on key remote storage
CN106789052B (en) Remote key issuing system based on quantum communication network and use method thereof
US8761401B2 (en) System and method for secure key distribution to manufactured products
CN101115060B (en) Method for protecting user encryption key in asymmetric cipher key transmitting process of user key management system
CN101340443A (en) Session key negotiating method, system and server in communication network
US9215070B2 (en) Method for the cryptographic protection of an application
CN110381044A (en) A kind of encryption system based on pluggable key management end
CN103634266B (en) A bidirectional authentication method for a server and a terminal
CN101808089A (en) Secret data transmission protection method based on isomorphism of asymmetrical encryption algorithm
CN104239808A (en) Method and device for encryption transmission of data
CN107070856A (en) Encryption/decryption speed improvement method of encryption is applied compoundly
CN108882030A (en) A kind of monitor video classification encryption and decryption method and system based on time-domain information
CN105959648A (en) Encryption method and device, and video monitoring system
CN105262586B (en) The method for distributing key and device of automobile burglar equipment
CN103414564A (en) Secrete key card, secrete key device and method for protecting private key
WO2018157724A1 (en) Method for protecting encrypted control word, hardware security module, main chip and terminal
CN116244750A (en) Secret-related information maintenance method, device, equipment and storage medium
CN109040109B (en) Data transaction method and system based on key management mechanism
CN103607273A (en) Data file encryption and decryption method based on time limit control
US10764260B2 (en) Distributed processing of a product on the basis of centrally encrypted stored data
CN111130778A (en) Method and system for safely recovering encrypted data based on hardware
CN110519238A (en) A kind of Internet of Things security system and communication means based on cryptographic technique
WO2024017256A1 (en) Vehicle communication method and terminal, and vehicle and computer-readable storage medium
KR101262844B1 (en) Apparatus for relaying remote meter data for controlling network access and method thereof

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20191025

RJ01 Rejection of invention patent application after publication