CN112468291A - Method, device and system for synchronizing sensitive data, computer equipment and computer readable storage medium - Google Patents

Method, device and system for synchronizing sensitive data, computer equipment and computer readable storage medium Download PDF

Info

Publication number
CN112468291A
CN112468291A CN202011205474.1A CN202011205474A CN112468291A CN 112468291 A CN112468291 A CN 112468291A CN 202011205474 A CN202011205474 A CN 202011205474A CN 112468291 A CN112468291 A CN 112468291A
Authority
CN
China
Prior art keywords
public key
key
term public
short
long
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202011205474.1A
Other languages
Chinese (zh)
Inventor
谈扬
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Yishi Huolala Technology Co Ltd
Original Assignee
Shenzhen Yishi Huolala Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Yishi Huolala Technology Co Ltd filed Critical Shenzhen Yishi Huolala Technology Co Ltd
Priority to CN202011205474.1A priority Critical patent/CN112468291A/en
Publication of CN112468291A publication Critical patent/CN112468291A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Algebra (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Physics (AREA)
  • Pure & Applied Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the application discloses a method, a device, a system, computer equipment and a computer readable storage medium for synchronizing sensitive data, wherein a long-term public key and a short-term public key of first equipment are uploaded, and a long-term public key and a short-term public key of second equipment are obtained; generating a shared key according to the long-term private key and the short-term private key of the first device, the long-term public key of the second device and the short-term public key of the second device; acquiring the encrypted sensitive information of the second device from a server, wherein the encrypted password is the shared key; decrypting the encrypted sensitive information using the shared key. Therefore, the transmission of the sensitive information is always in an encrypted state in the process of synchronizing the sensitive information, and the sensitive information is ensured not to be leaked to an intermediate server or other attackers. The encryption key of the sensitive information uses the newly generated shared key each time so as to ensure the forward security, and an attacker can break through the latest encryption key immediately and can not decrypt the encrypted information before.

Description

Method, device and system for synchronizing sensitive data, computer equipment and computer readable storage medium
Technical Field
Embodiments of the present application relate to the field of videos, and in particular, to a method, an apparatus, a system, a computer device, and a computer-readable storage medium for synchronizing sensitive data.
Background
Various types of APPs of users require synchronization of sensitive personal information between different devices. Generally, there are three methods for synchronizing sensitive information: first, the seaname protocol of Signal is used to synchronize messages between different devices of a user, and a redundant Double Ratchet, X3DH key exchange protocol is designed to ensure the forward security of each message. And secondly, according to a general scheme of a trusted central server, the central server needs to be trusted, sensitive information is uploaded to the server by equipment, the server stores the sensitive information, and when other equipment is added, sensitive data is sent to other equipment. The scheme needs to trust the central server, and if the security protection capability of the central server is insufficient, sensitive information of a user can be leaked. Third, a manual input scheme. The user can also select to manually input sensitive information into new equipment, and the equipment is required to be manually added by the user every time the equipment is added, so that the user experience is poor.
Disclosure of Invention
An object of the embodiments of the present application is to provide a method, a system, a computer device, and a computer-readable storage medium for synchronizing sensitive data, which are used to solve the problem of data security of user sensitive information synchronized between different devices.
One aspect of an embodiment of the present application provides a method for synchronizing sensitive data, where the method includes:
uploading a long-term public key and a short-term public key of the first equipment and acquiring a long-term public key and a short-term public key of the second equipment;
generating a shared key according to the long-term private key and the short-term private key of the first device, the long-term public key of the second device and the short-term public key of the second device;
acquiring the encrypted sensitive information of the second device from a server, wherein the encrypted password is the shared key;
decrypting the encrypted sensitive information using the shared key.
One aspect of an embodiment of the present application provides a method for synchronizing sensitive data, where the method includes:
after receiving a request for synchronizing sensitive data, uploading a long-term public key and a short-term public key of second equipment and acquiring a long-term public key and a short-term public key of first equipment;
generating a shared key according to the long-term private key and the short-term private key of the second device, the long-term public key of the first device and the short-term public key of the first device;
and encrypting the sensitive data through the shared secret key and uploading the sensitive data to a server.
An aspect of an embodiment of the present application further provides a method for synchronizing sensitive data, where the method includes:
receiving a long-term public key and a short-term public key of first equipment, and sending the long-term public key and the short-term public key of second equipment to the first equipment;
receiving a long-term public key and a short-term public key of second equipment, and sending the long-term public key and the short-term public key of first equipment to the second equipment;
and receiving the encrypted sensitive information sent by the second equipment, and sending the encrypted sensitive information to the first equipment.
An aspect of an embodiment of the present application further provides an apparatus for synchronizing sensitive data, the apparatus including:
the first acquisition module is used for uploading a long-term public key and a short-term public key of the first equipment and acquiring a long-term public key and a short-term public key of the second equipment;
a generating module, configured to generate a shared key according to the long-term private key and the short-term private key of the first device, the long-term public key of the second device, and the short-term public key of the second device;
the second obtaining module is used for obtaining the encrypted sensitive information of the second device from the server, and the encrypted password is the shared secret key;
and the decryption module is used for decrypting the encrypted sensitive information by using the shared secret key.
An aspect of an embodiment of the present application further provides an apparatus for synchronizing sensitive data, the apparatus including:
the acquisition module is used for uploading the long-term public key and the short-term public key of the second equipment and acquiring the long-term public key and the short-term public key of the first equipment after receiving the request of synchronizing the sensitive data;
a generating module, configured to generate a shared key according to the long-term private key and the short-term private key of the second device, the long-term public key of the first device, and the short-term public key of the first device;
and the uploading module is used for encrypting the sensitive data through the shared secret key and uploading the sensitive data to a server.
An aspect of an embodiment of the present application further provides an apparatus for synchronizing sensitive data, the apparatus including:
the first sending module is used for receiving the long-term public key and the short-term public key of the first equipment and sending the long-term public key and the short-term public key of the second equipment to the first equipment;
the second sending module is used for receiving the long-term public key and the short-term public key of the second equipment and sending the long-term public key and the short-term public key of the first equipment to the second equipment;
and the third sending module is used for receiving the encrypted sensitive information sent by the second equipment and sending the encrypted sensitive information to the first equipment.
An aspect of the embodiments of the present application further provides a computer device, including a memory, a processor, and a computer program stored on the memory and executable on the processor, the processor implementing the steps of the method as described above when executing the computer program.
An aspect of the embodiments of the present application further provides a computer-readable storage medium, including a memory, a processor, and a computer program stored on the memory and executable on the processor, the processor implementing the steps of the method as described above when executing the computer program.
An aspect of an embodiment of the present application further provides a system for synchronizing sensitive data, including:
the first device is used for uploading the long-term public key and the short-term public key of the first device and acquiring the long-term public key and the short-term public key of the second device; generating a shared key according to the long-term private key and the short-term private key of the first device, the long-term public key of the second device and the short-term public key of the second device; acquiring the encrypted sensitive information of the second device from a server, wherein the encrypted password is the shared key; decrypting the encrypted sensitive information using the shared key;
the second device is used for uploading the long-term public key and the short-term public key of the second device and acquiring the long-term public key and the short-term public key of the first device after receiving the request of synchronizing the sensitive data; generating a shared key according to the long-term private key and the short-term private key of the second device, the long-term public key of the first device and the short-term public key of the first device; encrypting the sensitive data through the shared secret key and uploading the sensitive data to a server;
the server is used for receiving the long-term public key and the short-term public key of the first equipment and sending the long-term public key and the short-term public key of the second equipment to the first equipment; receiving a long-term public key and a short-term public key of second equipment, and sending the long-term public key and the short-term public key of first equipment to the second equipment; and receiving the encrypted sensitive information sent by the second equipment, and sending the encrypted sensitive information to the first equipment.
The method, the device, the system, the computer equipment and the computer readable storage medium for synchronizing the sensitive data upload the long-term public key and the short-term public key of the first equipment and acquire the long-term public key and the short-term public key of the second equipment; generating a shared key according to the long-term private key and the short-term private key of the first device, the long-term public key of the second device and the short-term public key of the second device; acquiring the encrypted sensitive information of the second device from a server, wherein the encrypted password is the shared key; decrypting the encrypted sensitive information using the shared key. Therefore, the transmission of the sensitive information is always in an encrypted state in the process of synchronizing the sensitive information, and the sensitive information is ensured not to be leaked to an intermediate server or other attackers. The encryption key of the sensitive information uses the newly generated shared key each time so as to ensure the forward security, and an attacker can break through the latest encryption key immediately and can not decrypt the encrypted information before.
Drawings
FIG. 1 schematically illustrates an application environment diagram of a method of synchronizing sensitive data according to an embodiment of the present application;
FIG. 2 is a flow chart schematically illustrating a method for synchronizing sensitive data according to a first embodiment of the present application;
FIG. 3 is a flow chart schematically illustrating a method for synchronizing sensitive data according to a first embodiment of the present application;
FIG. 4 schematically shows a flow chart of a method of synchronizing sensitive data according to a second embodiment of the present application;
FIG. 5 schematically shows a flow chart of a method of synchronizing sensitive data according to a third embodiment of the present application;
FIG. 6 schematically shows a schematic diagram of an apparatus for synchronizing sensitive data according to a fourth embodiment of the present application;
FIG. 7 schematically illustrates an apparatus for synchronizing sensitive data according to an embodiment of the present application;
FIG. 8 schematically illustrates an apparatus for synchronizing sensitive data according to a sixth embodiment of the present application;
fig. 9 schematically shows a hardware architecture diagram of a computer device suitable for implementing a method of synchronizing sensitive data according to a seventh embodiment of the present application;
fig. 10 schematically shows a structural diagram of a system for synchronizing sensitive data according to a ninth embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
It should be noted that the descriptions relating to "first", "second", etc. in the embodiments of the present application are only for descriptive purposes and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include at least one such feature. In addition, technical solutions between various embodiments may be combined with each other, but must be realized by a person skilled in the art, and when the technical solutions are contradictory or cannot be realized, such a combination should not be considered to exist, and is not within the protection scope of the present application.
Fig. 1 schematically shows an environment application diagram according to an embodiment of the application.
The user terminal 11 may be connected to a plurality of mobile terminals 13 through the server 12. The user terminal 11 receives a service request input by a user, the server 12 obtains the service request of the user, performs wind control detection according to the service request, obtains a service processing rule corresponding to a wind control detection result, and processes the service request according to the service processing rule. The mobile terminal 13 and the user terminal 11 may be the same device or different devices.
The user terminal 11, the server 12, and the mobile terminal 13 are connected to each other through a network. The network may include various network devices such as routers, switches, multiplexers, hubs, modems, bridges, repeaters, firewalls, proxy devices, and/or the like. The network may include physical links, such as coaxial cable links, twisted pair cable links, fiber optic links, combinations thereof, and the like. The network may include wireless links, such as cellular links, satellite links, Wi-Fi links, and the like.
The plurality of mobile terminals 13 may be configured to receive the content and services of the server 12. The plurality of mobile terminals 13 may include any type of electronic device, such as a mobile device, a tablet device, a laptop computer, a workstation, a virtual reality device, a gaming device, a set-top box, a digital streaming media device, a vehicle terminal, a smart television, a set-top box, and so forth.
A plurality of mobile terminals 13 may be associated with one or more users. A single user may use one or more of the plurality of mobile terminals 13 to access the server 12.
Example one
Fig. 2 schematically shows a flowchart of a method for synchronizing sensitive data according to a first embodiment of the present application. It is understood that the present method embodiment may be implemented in the mobile terminal 13, and the flowchart of the present method embodiment is not used to limit the order in which the steps are executed.
As shown in fig. 2, the method for synchronizing sensitive data may include steps S200 to S206, wherein:
step S200, uploading a long-term public key and a short-term public key of the first equipment, and acquiring a long-term public key and a short-term public key of the second equipment;
step S202, generating a shared key according to the long-term private key and the short-term private key of the first device, the long-term public key of the second device and the short-term public key of the second device;
step S204, acquiring the encrypted sensitive information of the second device from a server, wherein the encrypted password is the shared key;
and step S206, decrypting the encrypted sensitive information by using the shared key.
Optionally, the method further comprises:
deleting the used short-term public key, which includes an accompanying signature generated based on the long-term private key.
Specifically, 1, each device of the user generates a long-term identity key pair locally through a public key cryptographic algorithm, exchanges the key pair with a short-term key at one time, uploads a public key in each key pair to an intermediate server, and the public key exchanged with the short-term key at one time needs to be signed by using the identity key to ensure integrity and non-repudiation.
2. And the newly added device acquires the public key of the identity key of the previous device and the public key of the one-time key exchange through the intermediate server and calculates the shared key for encrypting the sensitive information.
3. The original equipment also obtains the public key of the identity key of the newly added equipment and the public key of the one-time key exchange from the intermediate server, and calculates the shared key for encrypting the sensitive information.
4. The original equipment encrypts user sensitive information by using a shared secret key and sends the user sensitive information to the intermediate server.
5. And the intermediate server sends the data encrypted by the sensitive information to the newly-added equipment, and the newly-added equipment decrypts by using the shared secret key to acquire the sensitive information and completes synchronization.
Specifically, as shown in fig. 3, entities involved in the scheme are: device A, device B, device C, an intermediate server.
The public key cryptographic algorithm used in the scheme is an elliptic Curve cryptographic algorithm, and the algorithm parameters can be Curve25519, Curve448 and Secp256k1 (algorithm used by bitcoin). The algorithm generates a pair of key pairs each time a key is generated: PK/SK. PK is disclosed externally, and SK is stored by users.
The device needs to store the generated key pair as follows:
device A:
(1) long-term identity key pair IPKA and ISKA
(2) Short-time key pair set: EPKA1, ESKA 1; EPKA2, ESKA 2; the EPKA3 and the ESKA3.
The key pair that device B needs to generate is similar:
(1) long-term identity key pair IPKB, ISKB
(2) Short-time key pair set: EPKB1, ESKB 1; EPKB2, ESKB 2; EPKB3, eskb3.
Device C needs to generate a similar key pair:
(1) long-term identity key pair IPKC and ISKC
(2) Short-time key pair set: EPKC1, ESKC 1; EPKC2, ESKC 2; EPKC3, ESKC3.
IPK and EPK all need upload to the server, need take the signature based on ISK generates when EPK uploads, should delete after each EPK uses once to guarantee forward security.
The signature generation method is as follows: sig (ISKB, Encode (EPKB2))
When a user adds one device, the new device and one of the old devices need to synchronize sensitive information, and if the new device B needs to synchronize sensitive information with the old device A, the new device B needs to synchronize sensitive information with the old device A.
After uploading the public key of the device B, the device B acquires the IPK of the device A from the serverAAnd a short-time key, e.g. EPKA2After receiving the synchronization request, the device A also obtains the IPK of the device B from the serverAAnd a short-time key, e.g. EPKB2Then the key shared between a and B can be generated as follows:
device a calculates:
DH1=DH(ISKA,EPKB2)
DH2=DH(ESKA2,IPKB)
SK=KDF(DH1||DH2)
device B performs a similar calculation:
DH1=DH(ISKB,EPKA2)
DH2=DH(ESKB2,IPKA)
SK=KDF(DH1||DH2)
device A encrypts Google code by using SK and uploads Google code to server
Enc (SK, sensitive information)AES-CBC-256
The server forwards the encrypted message to the device B, and the device B decrypts the message
Dec (SK, sensitive information)AES-CBC-256
The method for synchronizing the sensitive data, provided by the embodiment of the application, uploads a long-term public key and a short-term private key of a first device and obtains a long-term public key and a short-term public key of a second device; generating a shared key according to the long-term private key and the short-term private key of the first device, the long-term public key of the second device and the short-term public key of the second device; acquiring the encrypted sensitive information of the second device from a server, wherein the encrypted password is the shared key; decrypting the encrypted sensitive information using the shared key. Therefore, the transmission of the sensitive information is always in an encrypted state in the process of synchronizing the sensitive information, and the sensitive information is ensured not to be leaked to an intermediate server or other attackers. The encryption key of the sensitive information uses the newly generated shared key each time so as to ensure the forward security, and an attacker can break through the latest encryption key immediately and can not decrypt the encrypted information before.
Example two
Fig. 4 schematically shows a flowchart of a method of synchronizing sensitive data according to a second embodiment of the present application. It is understood that the present method embodiment may be implemented in the mobile terminal 13, and the flowchart of the present method embodiment is not used to limit the order in which the steps are executed.
As shown in fig. 4, the method for synchronizing sensitive data may include steps S400 to S404, wherein:
step S400, after receiving the request of synchronizing the sensitive data, uploading the long-term public key and the short-term public key of the second device, and acquiring the long-term public key and the short-term public key of the first device;
step S402, generating a shared key according to the long-term private key and the short-term private key of the second device, the long-term public key of the first device and the short-term public key of the first device;
and S404, encrypting the sensitive data through the shared secret key and uploading the sensitive data to a server.
Specifically, 1, each device of the user generates an identity key pair locally through a public key cryptographic algorithm, the key pair is exchanged through a one-time key, a public key in the key pair is uploaded to an intermediate server, and the public key exchanged through the one-time key needs to be signed through the identity key to ensure integrity and non-repudiation.
2. And the newly added device acquires the public key of the identity key of the previous device and the public key of the one-time key exchange through the intermediate server and calculates the shared key for encrypting the sensitive information.
3. The original equipment also obtains the public key of the identity key of the newly added equipment and the public key of the one-time key exchange from the intermediate server, and calculates the shared key for encrypting the sensitive information.
4. The original equipment encrypts user sensitive information by using a shared secret key and sends the user sensitive information to the intermediate server.
5. And the intermediate server sends the data encrypted by the sensitive information to the newly-added equipment, and the newly-added equipment decrypts by using the shared secret key to acquire the sensitive information and completes synchronization.
Specifically, as shown in fig. 3, entities involved in the scheme are: device A, device B, device C, an intermediate server.
The public key cryptographic algorithm used in the scheme is an elliptic Curve cryptographic algorithm, and the algorithm parameters can be Curve25519, Curve448 and Secp256k1 (algorithm used by bitcoin). The algorithm generates a pair of key pairs each time a key is generated: PK/SK. PK is disclosed externally, and SK is stored by users.
The device needs to store the generated key pair as follows:
device A:
(1) long-term identity key pair IPKA and ISKA
(2) Short-time key pair set: EPKA1, ESKA 1; EPKA2, ESKA 2; the EPKA3 and the ESKA3.
The key pair that device B needs to generate is similar:
(1) long-term identity key pair IPKB, ISK
(2) Short-time key pair set: EPKB1, ESKB 1; EPKB2, ESKB 2; EPKB3, eskb3.
Device C needs to generate a similar key pair:
(1) long-term identity key pair IPKC and ISKC
(2) Short-time key pair set: EPKC1, ESKC 1; EPKC2, ESKC 2; EPKC3, ESKC3.
IPK and EPK all need upload to the server, need take the signature based on ISK generates when EPK uploads, should delete after each EPK uses once to guarantee forward security.
The signature generation method is as follows: sig (ISKB, Encode (EPKB2))
When a user adds one device, the new device and one of the old devices need to synchronize sensitive information, and if the new device B needs to synchronize sensitive information with the old device A, the new device B needs to synchronize sensitive information with the old device A.
After device B uploads its own public key and obtains the IPKA of device a and a certain short-time key, e.g. EPKA2, from the server, and after device a receives the synchronization request, also obtains the IPKA of B and a certain short-time key, e.g. EPKB2, then the key shared between a and B can be generated according to the following algorithm:
device a calculates:
DH1=DH(ISKA,EPKB2)
DH2=DH(ESKA2,IPKB)
SK=KDF(DH1||DH2)
device B performs a similar calculation:
DH1=DH(ISKB,EPKA2)
DH2=DH(ESKB2,IPKA)
SK=KDF(DH1||DH2)
device A encrypts Google code by using SK and uploads Google code to server
Enc (SK, sensitive information) AES-CBC-256
The server forwards the encrypted message to the device B, and the device B decrypts the message
Dec (SK, sensitive information) AES-CBC-256
The method for synchronizing the sensitive data, provided by the embodiment of the application, uploads a long-term public key and a short-term public key of a first device and obtains the long-term public key and the short-term public key of a second device; generating a shared key according to the long-term public key of the first device, the long-term public key of the second device and the short-term public key of the second device; acquiring the encrypted sensitive information of the second device from a server, wherein the encrypted password is the shared key; decrypting the encrypted sensitive information using the shared key. Therefore, the transmission of the sensitive information is always in an encrypted state in the process of synchronizing the sensitive information, and the sensitive information is ensured not to be leaked to an intermediate server or other attackers. The encryption key of the sensitive information uses the newly generated shared key each time so as to ensure the forward security, and an attacker can break through the latest encryption key immediately and can not decrypt the encrypted information before.
EXAMPLE III
Fig. 5 schematically shows a flowchart of a method of synchronizing sensitive data according to a third embodiment of the present application. It is understood that the present method embodiment may be performed in the server 12 and the flow chart of the present method embodiment is not intended to limit the order in which the steps are performed.
Step S500, receiving a long-term public key and a short-term public key of first equipment, and sending the long-term public key and the short-term public key of second equipment to the first equipment;
step S502, receiving a long-term public key and a short-term public key of second equipment, and sending the long-term public key and the short-term public key of first equipment to the second equipment;
step S504, receiving the encrypted sensitive information sent by the second device, and sending the encrypted sensitive information to the first device.
Specifically, 1, each device of the user generates an identity key pair locally through a public key cryptographic algorithm, the key pair is exchanged through a one-time key, a public key in the key pair is uploaded to an intermediate server, and the public key exchanged through the one-time key needs to be signed through the identity key to ensure integrity and non-repudiation.
2. And the newly added device acquires the public key of the identity key of the previous device and the public key of the one-time key exchange through the intermediate server and calculates the shared key for encrypting the sensitive information.
3. The original equipment also obtains the public key of the identity key of the newly added equipment and the public key of the one-time key exchange from the intermediate server, and calculates the shared key for encrypting the sensitive information.
4. The original equipment encrypts user sensitive information by using a shared secret key and sends the user sensitive information to the intermediate server.
5. And the intermediate server sends the data encrypted by the sensitive information to the newly-added equipment, and the newly-added equipment decrypts by using the shared secret key to acquire the sensitive information and completes synchronization.
Specifically, as shown in fig. 3, entities involved in the scheme are: device A, device B, device C, an intermediate server.
The public key cryptographic algorithm used in the scheme is an elliptic Curve cryptographic algorithm, and the algorithm parameters can be Curve25519, Curve448 and Secp256k1 (algorithm used by bitcoin). The algorithm generates a pair of key pairs each time a key is generated: PK/SK. PK is disclosed externally, and SK is stored by users.
The device needs to store the generated key pair as follows:
device A:
(1) long-term identity key pair IPKA and ISKA
(2) Short-time key pair set: EPKA1, ESKA 1; EPKA2, ESKA 2; the EPKA3 and the ESKA3.
The key pair that device B needs to generate is similar:
(1) long-term identity key pair IPKB, ISKB
(2) Short-time key pair set: EPKB1, ESKB 1; EPKB2, ESKB 2; EPKB3, eskb3.
Device C needs to generate a similar key pair:
(1) long-term identity key pair IPKC and ISKC
(2) Short-time key pair set: EPKC1, ESKC 1; EPKC2, ESKC 2; EPKC3, ESKC3.
IPK and EPK all need upload to the server, need take the signature based on ISK generates when EPK uploads, should delete after each EPK uses once to guarantee forward security.
The signature generation method is as follows: sig (ISKB, Encode (EPKB2))
When a user adds one device, the new device and one of the old devices need to synchronize sensitive information, and if the new device B needs to synchronize sensitive information with the old device A, the new device B needs to synchronize sensitive information with the old device A.
After device B uploads its own public key and obtains the IPKA of device a and a certain short-time key, e.g. EPKA2, from the server, and after device a receives the synchronization request, also obtains the IPKA of B and a certain short-time key, e.g. EPKB2, then the key shared between a and B can be generated according to the following algorithm:
device a calculates:
DH1=DH(ISKA,EPKB2)
DH2=DH(ESKA2,IPKB)
SK=KDF(DH1||DH2)
device B performs a similar calculation:
DH1=DH(ISKB,EPKA2)
DH2=DH(ESKB2,IPKA)
SK=KDF(DH1||DH2)
device A encrypts Google code by using SK and uploads Google code to server
Enc (SK, sensitive information) AES-CBC-256
The server forwards the encrypted message to the device B, and the device B decrypts the message
Dec (SK, sensitive information) AES-CBC-256
The method for synchronizing sensitive data provided by the embodiment of the application comprises the steps of receiving a long-term public key and a short-term public key of first equipment, and sending the long-term public key and the short-term public key of second equipment to the first equipment; receiving a long-term public key and a short-term public key of second equipment, and sending the long-term public key and the short-term public key of first equipment to the second equipment; and receiving the encrypted sensitive information sent by the second equipment, and sending the encrypted sensitive information to the first equipment. Therefore, the transmission of the sensitive information is always in an encrypted state in the process of synchronizing the sensitive information, and the sensitive information is ensured not to be leaked to an intermediate server or other attackers. The encryption key of the sensitive information uses the newly generated shared key each time so as to ensure the forward security, and an attacker can break through the latest encryption key immediately and can not decrypt the encrypted information before.
Example four
Fig. 6 schematically illustrates an apparatus for synchronizing sensitive data according to a fourth embodiment of the present application, which may be divided into one or more program modules, stored in a storage medium and executed by one or more processors to implement the embodiments of the present application. The program modules referred to in the embodiments of the present application refer to a series of computer program instruction segments that can perform specific functions, and the following description will specifically describe the functions of the program modules in the embodiments.
As shown in fig. 6, the apparatus 600 for synchronizing sensitive data may include a first obtaining module 610, a generating module 620, a second obtaining module 630, and a decrypting module 640, wherein:
a first obtaining module 610, configured to upload a long-term public key and a short-term public key of a first device and obtain a long-term public key and a short-term public key of a second device;
a generating module 620, configured to generate a shared key according to the long-term public key of the first device, the long-term public key of the second device, and the short-term public key of the second device;
a second obtaining module 630, configured to obtain, from the server, the encrypted sensitive information of the second device, where an encrypted password is the shared key;
a decryption module 640, configured to decrypt the encrypted sensitive information using the shared key.
Specifically, 1, each device of the user generates an identity key pair locally through a public key cryptographic algorithm, the key pair is exchanged through a one-time key, a public key in the key pair is uploaded to an intermediate server, and the public key exchanged through the one-time key needs to be signed through the identity key to ensure integrity and non-repudiation.
2. And the newly added device acquires the public key of the identity key of the previous device and the public key of the one-time key exchange through the intermediate server and calculates the shared key for encrypting the sensitive information.
3. The original equipment also obtains the public key of the identity key of the newly added equipment and the public key of the one-time key exchange from the intermediate server, and calculates the shared key for encrypting the sensitive information.
4. The original equipment encrypts user sensitive information by using a shared secret key and sends the user sensitive information to the intermediate server.
5. And the intermediate server sends the data encrypted by the sensitive information to the newly-added equipment, and the newly-added equipment decrypts by using the shared secret key to acquire the sensitive information and completes synchronization.
EXAMPLE five
Fig. 7 schematically illustrates an apparatus for synchronizing sensitive data according to a fifth embodiment of the present application, which may be partitioned into one or more program modules, stored in a storage medium, and executed by one or more processors to implement the embodiments of the present application. The program modules referred to in the embodiments of the present application refer to a series of computer program instruction segments that can perform specific functions, and the following description will specifically describe the functions of the program modules in the embodiments.
As shown in fig. 7, the apparatus 700 for synchronizing sensitive data may include an obtaining module 710, a generating module 720, and an uploading module 730, where:
the obtaining module 710 is configured to upload the long-term public key and the short-term public key of the second device and obtain the long-term public key and the short-term public key of the first device after receiving the request for synchronizing the sensitive data;
a generating module 720, configured to generate a shared key according to the long-term public key of the second device, the long-term public key of the first device, and the short-term public key of the first device;
and an uploading module 730, configured to encrypt the sensitive data through the shared key and upload the encrypted sensitive data to a server.
Specifically, 1, each device of the user generates an identity key pair locally through a public key cryptographic algorithm, the key pair is exchanged through a one-time key, a public key in the key pair is uploaded to an intermediate server, and the public key exchanged through the one-time key needs to be signed through the identity key to ensure integrity and non-repudiation.
2. And the newly added device acquires the public key of the identity key of the previous device and the public key of the one-time key exchange through the intermediate server and calculates the shared key for encrypting the sensitive information.
3. The original equipment also obtains the public key of the identity key of the newly added equipment and the public key of the one-time key exchange from the intermediate server, and calculates the shared key for encrypting the sensitive information.
4. The original equipment encrypts user sensitive information by using a shared secret key and sends the user sensitive information to the intermediate server.
5. And the intermediate server sends the data encrypted by the sensitive information to the newly-added equipment, and the newly-added equipment decrypts by using the shared secret key to acquire the sensitive information and completes synchronization.
EXAMPLE six
Fig. 8 schematically illustrates an apparatus for synchronizing sensitive data according to a sixth embodiment of the present application, which may be partitioned into one or more program modules, stored in a storage medium, and executed by one or more processors to implement the embodiments of the present application. The program modules referred to in the embodiments of the present application refer to a series of computer program instruction segments that can perform specific functions, and the following description will specifically describe the functions of the program modules in the embodiments.
As shown in fig. 8, the apparatus 800 for synchronizing sensitive data may include a first sending module 810, a second sending module 820, and a third sending module 830, wherein:
a first sending module 810, configured to receive a long-term public key and a short-term public key of a first device, and send a long-term public key and a short-term public key of a second device to the first device;
a second sending module 820, configured to receive the long-term public key and the short-term public key of the second device, and send the long-term public key and the short-term public key of the first device to the second device;
a third sending module 830, configured to receive the encrypted sensitive information sent by the second device, and send the encrypted sensitive information to the first device.
Specifically, 1, each device of the user generates an identity key pair locally through a public key cryptographic algorithm, the key pair is exchanged through a one-time key, a public key in the key pair is uploaded to an intermediate server, and the public key exchanged through the one-time key needs to be signed through the identity key to ensure integrity and non-repudiation.
2. And the newly added device acquires the public key of the identity key of the previous device and the public key of the one-time key exchange through the intermediate server and calculates the shared key for encrypting the sensitive information.
3. The original equipment also obtains the public key of the identity key of the newly added equipment and the public key of the one-time key exchange from the intermediate server, and calculates the shared key for encrypting the sensitive information.
4. The original equipment encrypts user sensitive information by using a shared secret key and sends the user sensitive information to the intermediate server.
5. And the intermediate server sends the data encrypted by the sensitive information to the newly-added equipment, and the newly-added equipment decrypts by using the shared secret key to acquire the sensitive information and completes synchronization.
EXAMPLE seven
Fig. 9 schematically shows a hardware architecture diagram of a computer device suitable for implementing the method of synchronizing sensitive data according to a seventh embodiment of the present application.
In this embodiment, the computer device 900 may be used as a provider network or a component part of a provider network, and the computer device 900 may be, for example, a virtual machine host process and one or more virtual machine instances, or a rack server, a blade server, a tower server, or a rack server (including an independent server or a server cluster composed of multiple servers), and the like
In this embodiment, the computer device 900 may also be used as or constitute a mobile terminal. When the computer device is a mobile terminal or forms part of a mobile terminal, the computer device may be, for example, a smartphone, a computer, a projector, a set-top box, etc.
In this embodiment, the computer device 900 is a device capable of automatically performing numerical calculation and/or information processing in accordance with a command set in advance or stored. As shown in fig. 9, computer device 900 includes at least, but is not limited to: the memory 910, processor 920, and network interface 930 may be communicatively linked to each other via a system bus.
Wherein:
the memory 910 includes at least one type of computer-readable storage medium including a flash memory, a hard disk, a multimedia card, a card-type memory (e.g., SD or DX memory, etc.), a Random Access Memory (RAM), a Static Random Access Memory (SRAM), a read-only memory (ROM), an electrically erasable programmable read-only memory (EEPROM), a programmable read-only memory (PROM), a magnetic memory, a magnetic disk, an optical disk, etc. In some embodiments, the storage 910 may be an internal storage module of the computer device 900, such as a hard disk or a memory of the computer device 900. In other embodiments, the memory 910 may also be an external storage device of the computer device 900, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), etc. provided on the computer device 900. Of course, the memory 910 may also include both internal and external memory modules of the computer device 900. In this embodiment, the memory 910 is generally used for storing program codes of an operating system and various kinds of application software installed in the computer apparatus 900, such as a method for synchronizing sensitive data, and the like. In addition, the memory 910 may also be used to temporarily store various types of data that have been output or are to be output.
Processor 920 may be, in some embodiments, a Central Processing Unit (CPU), a controller, a microcontroller, a microprocessor, or other data Processing chip. The processor 920 is generally configured to control overall operations of the computer device 900, such as performing control and processing related to data interaction or communication with the computer device 900. In this embodiment, the processor 920 is configured to execute program codes stored in the memory 910 or process data.
Network interface 930 may include a wireless network interface or a wired network interface, and network interface 930 is typically used to establish communication links between computer device 900 and other computer devices. For example, the network interface 930 is used to connect the computer apparatus 900 to an external terminal through a network, establish a data transmission channel and a communication link between the computer apparatus 900 and the external terminal, and the like. The network may be a wireless or wired network such as an Intranet (Intranet), the Internet (Internet), a Global System of Mobile communication (GSM), Wideband Code Division Multiple Access (WCDMA), a 4G network, a 5G network, Bluetooth (Bluetooth), or Wi-Fi.
It is noted that FIG. 9 only shows a computer device having components 910 and 930, but it is to be understood that not all of the shown components are required and that more or fewer components may be implemented instead.
In this embodiment, the method for synchronizing sensitive data stored in the memory 910 can be further divided into one or more program modules and executed by one or more processors (in this embodiment, the processor 920) to complete the present application.
Example eight
The present embodiments also provide a computer-readable storage medium having stored thereon a computer program, which when executed by a processor, performs the steps of the method of synchronizing sensitive data of an embodiment.
In this embodiment, the computer-readable storage medium includes a flash memory, a hard disk, a multimedia card, a card type memory (e.g., SD or DX memory, etc.), a Random Access Memory (RAM), a Static Random Access Memory (SRAM), a Read Only Memory (ROM), an Electrically Erasable Programmable Read Only Memory (EEPROM), a Programmable Read Only Memory (PROM), a magnetic memory, a magnetic disk, an optical disk, and the like. In some embodiments, the computer readable storage medium may be an internal storage unit of the computer device, such as a hard disk or a memory of the computer device. In other embodiments, the computer readable storage medium may be an external storage device of the computer device, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), and the like provided on the computer device. Of course, the computer-readable storage medium may also include both internal and external storage devices of the computer device. In this embodiment, the computer-readable storage medium is generally used for storing an operating system and various types of application software installed in the computer device, for example, the program code of the method for synchronizing sensitive data in the embodiment, and the like. Further, the computer-readable storage medium may also be used to temporarily store various types of data that have been output or are to be output.
Example nine
Fig. 10 schematically shows a structural diagram of a system for synchronizing sensitive data according to a ninth embodiment of the present application.
The first device 1010 is configured to upload the long-term public key and the short-term public key of the first device and acquire the long-term public key and the short-term public key of the second device; generating a shared key according to the long-term public key and the short-term secret key of the first device, the long-term public key of the second device and the short-term public key of the second device; acquiring the encrypted sensitive information of the second device from a server, wherein the encrypted password is the shared key; decrypting the encrypted sensitive information using the shared key;
the second device 1020 is configured to upload the long-term public key and the short-term public key of the second device and obtain the long-term public key and the short-term public key of the first device after receiving the request for synchronizing the sensitive data; generating a shared key according to the long-term private key and the short-term private key of the second device, the long-term public key of the first device and the short-term public key of the first device; encrypting the sensitive data through the shared secret key and uploading the sensitive data to a server;
the server 1030 is configured to receive a long-term public key and a short-term public key of a first device, and send a long-term public key and a short-term public key of a second device to the first device; receiving a long-term public key and a short-term public key of second equipment, and sending the long-term public key and the short-term public key of first equipment to the second equipment; and receiving the encrypted sensitive information sent by the second equipment, and sending the encrypted sensitive information to the first equipment.
Specifically, 1, each device of the user generates an identity key pair locally through a public key cryptographic algorithm, the key pair is exchanged through a one-time key, a public key in the key pair is uploaded to an intermediate server, and the public key exchanged through the one-time key needs to be signed through the identity key to ensure integrity and non-repudiation.
2. And the newly added device acquires the public key of the identity key of the previous device and the public key of the one-time key exchange through the intermediate server and calculates the shared key for encrypting the sensitive information.
3. The original equipment also obtains the public key of the identity key of the newly added equipment and the public key of the one-time key exchange from the intermediate server, and calculates the shared key for encrypting the sensitive information.
4. The original equipment encrypts user sensitive information by using a shared secret key and sends the user sensitive information to the intermediate server.
5. And the intermediate server sends the data encrypted by the sensitive information to the newly-added equipment, and the newly-added equipment decrypts by using the shared secret key to acquire the sensitive information and completes synchronization.
The above description is only a preferred embodiment of the present application, and not intended to limit the scope of the present application, and all modifications of equivalent structures and equivalent processes, which are made by the contents of the specification and the drawings of the present application, or which are directly or indirectly applied to other related technical fields, are included in the scope of the present application.

Claims (10)

1. A method of synchronizing sensitive data, the method comprising:
uploading a long-term public key and a short-term public key of the first equipment and acquiring a long-term public key and a short-term public key of the second equipment;
generating a shared key according to the long-term private key and the short-term private key of the first device, the long-term public key of the second device and the short-term public key of the second device;
acquiring the encrypted sensitive information of the second device from a server, wherein the encrypted password is the shared key;
decrypting the encrypted sensitive information using the shared key.
2. The method of claim 1, further comprising:
deleting the used short-term public key, which includes an accompanying signature generated based on the long-term private key.
3. A method of synchronizing sensitive data, the method comprising:
after receiving a request for synchronizing sensitive data, uploading a long-term public key and a short-term public key of second equipment and acquiring a long-term public key and a short-term public key of first equipment;
generating a shared key according to the long-term private key and the short-term private key of the second device, the long-term public key of the first device and the short-term public key of the first device;
and encrypting the sensitive data through the shared secret key and uploading the sensitive data to a server.
4. A method of synchronizing sensitive data, the method comprising:
receiving a long-term public key and a short-term public key of first equipment, and sending the long-term public key and the short-term public key of second equipment to the first equipment;
receiving a long-term public key and a short-term public key of second equipment, and sending the long-term public key and the short-term public key of first equipment to the second equipment;
and receiving the encrypted sensitive information sent by the second equipment, and sending the encrypted sensitive information to the first equipment.
5. An apparatus for synchronizing sensitive data, the apparatus comprising:
the first acquisition module is used for uploading a long-term public key and a short-term public key of the first equipment and acquiring a long-term public key and a short-term public key of the second equipment;
a generating module, configured to generate a shared key according to the long-term private key and the short-term private key of the first device, the long-term public key of the second device, and the short-term public key of the second device;
the second obtaining module is used for obtaining the encrypted sensitive information of the second device from the server, and the encrypted password is the shared secret key;
and the decryption module is used for decrypting the encrypted sensitive information by using the shared secret key.
6. An apparatus for synchronizing sensitive data, the apparatus comprising:
the acquisition module is used for uploading the long-term public key and the short-term public key of the second equipment and acquiring the long-term public key and the short-term public key of the first equipment after receiving the request of synchronizing the sensitive data;
a generating module, configured to generate a shared key according to the long-term private key and the short-term private key of the second device, the long-term public key of the first device, and the short-term public key of the first device;
and the uploading module is used for encrypting the sensitive data through the shared secret key and uploading the sensitive data to a server.
7. An apparatus for synchronizing sensitive data, the apparatus comprising:
the first sending module is used for receiving the long-term public key and the short-term public key of the first equipment and sending the long-term public key and the short-term public key of the second equipment to the first equipment;
the second sending module is used for receiving the long-term public key and the short-term public key of the second equipment and sending the long-term public key and the short-term public key of the first equipment to the second equipment;
and the third sending module is used for receiving the encrypted sensitive information sent by the second equipment and sending the encrypted sensitive information to the first equipment.
8. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the steps of the method of any of claims 1 to 4 are implemented by the processor when executing the computer program.
9. A computer-readable storage medium, having stored thereon a computer program, the computer program being executable by at least one processor to cause the at least one processor to perform the steps of the method according to any one of claims 1 to 4.
10. A system for synchronizing sensitive data, the system comprising:
the first device is used for uploading a long-term public key and a short-term public key of the first device and acquiring a long-term public key and a short-term public key of the second device; generating a shared key according to the long-term private key and the short-term private key of the first device, the long-term public key of the second device and the short-term public key of the second device; acquiring the encrypted sensitive information of the second device from a server, wherein the encrypted password is the shared key; decrypting the encrypted sensitive information using the shared key;
the second device is used for uploading the long-term public key and the short-term public key of the second device and acquiring the long-term public key and the short-term public key of the first device after receiving the request of synchronizing the sensitive data; generating a shared key according to the long-term private key and the short-term private key of the second device, the long-term public key of the first device and the short-term public key of the first device; encrypting the sensitive data through the shared secret key and uploading the sensitive data to a server;
the server is used for receiving the long-term public key and the short-term public key of the first equipment and sending the long-term public key and the short-term public key of the second equipment to the first equipment; receiving a long-term public key and a short-term public key of second equipment, and sending the long-term public key and the short-term public key of first equipment to the second equipment; and receiving the encrypted sensitive information sent by the second equipment, and sending the encrypted sensitive information to the first equipment.
CN202011205474.1A 2020-11-02 2020-11-02 Method, device and system for synchronizing sensitive data, computer equipment and computer readable storage medium Pending CN112468291A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011205474.1A CN112468291A (en) 2020-11-02 2020-11-02 Method, device and system for synchronizing sensitive data, computer equipment and computer readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011205474.1A CN112468291A (en) 2020-11-02 2020-11-02 Method, device and system for synchronizing sensitive data, computer equipment and computer readable storage medium

Publications (1)

Publication Number Publication Date
CN112468291A true CN112468291A (en) 2021-03-09

Family

ID=74834435

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011205474.1A Pending CN112468291A (en) 2020-11-02 2020-11-02 Method, device and system for synchronizing sensitive data, computer equipment and computer readable storage medium

Country Status (1)

Country Link
CN (1) CN112468291A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114338710A (en) * 2021-12-21 2022-04-12 杭州逗酷软件科技有限公司 Data synchronization method and device, computer storage medium and related equipment

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2005107141A1 (en) * 2004-04-30 2005-11-10 Research In Motion Limited Systems and methods to securely generate shared keys
CN102318260A (en) * 2008-12-16 2012-01-11 塞尔蒂卡姆公司 Acceleration of key agreement protocols
CN109691013A (en) * 2018-08-16 2019-04-26 区链通网络有限公司 Block chain communication method between nodes, device and storage medium, block catenary system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2005107141A1 (en) * 2004-04-30 2005-11-10 Research In Motion Limited Systems and methods to securely generate shared keys
CN1969501A (en) * 2004-04-30 2007-05-23 捷讯研究有限公司 Systems and methods to securely generate shared keys
CN102318260A (en) * 2008-12-16 2012-01-11 塞尔蒂卡姆公司 Acceleration of key agreement protocols
CN109691013A (en) * 2018-08-16 2019-04-26 区链通网络有限公司 Block chain communication method between nodes, device and storage medium, block catenary system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
MOXIE MARLINSPIKE等: "《X3DH》", 4 November 2016 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114338710A (en) * 2021-12-21 2022-04-12 杭州逗酷软件科技有限公司 Data synchronization method and device, computer storage medium and related equipment

Similar Documents

Publication Publication Date Title
CN111556025A (en) Data transmission method, system and computer equipment based on encryption and decryption operations
US10103888B2 (en) Method of performing keyed-hash message authentication code (HMAC) using multi-party computation without Boolean gates
CN113364760A (en) Data encryption processing method and device, computer equipment and storage medium
CN109525989B (en) Data processing and identity authentication method and system, and terminal
CN111177801B (en) Signature method and device of electronic document, storage medium and electronic equipment
CN109905474B (en) Data security sharing method and device based on block chain
CN110912682B (en) Data processing method, device and system
CN112115461B (en) Equipment authentication method and device, computer equipment and storage medium
US20200195446A1 (en) System and method for ensuring forward & backward secrecy using physically unclonable functions
CN113032357A (en) File storage method and device and server
CN113572743B (en) Data encryption and decryption methods and devices, computer equipment and storage medium
CN113239403A (en) Data sharing method and device
CN116633582A (en) Secure communication method, apparatus, electronic device and storage medium
CN112637300B (en) Block chain-based distributed storage and acquisition method and device for video information
CN114499836A (en) Key management method, key management device, computer equipment and readable storage medium
CN112468291A (en) Method, device and system for synchronizing sensitive data, computer equipment and computer readable storage medium
CN117118972A (en) Method, device, equipment and medium capable of recording file circulation process
CN109600631B (en) Video file encryption and publishing method and device
KR20150107062A (en) Data communication apparatus using cloud service and method for data processing thereof
KR20210036700A (en) Blockchain system for supporting change of plain text data included in transaction
CN112367329B (en) Communication connection authentication method, device, computer equipment and storage medium
CN112995210B (en) Data transmission method and device and electronic equipment
CN110875902A (en) Communication method, device and system
CN113452513B (en) Key distribution method, device and system
KR101595056B1 (en) System and method for data sharing of intercloud enviroment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20210309

RJ01 Rejection of invention patent application after publication