CN102377560A

Movatterモバイル変換

Info

Publication number: CN102377560A
Application number: CN2010102593588A
Authority: CN
Inventors: 朱贤钧; 金东选; 金石峰; 王鸿远; 洪秀丽; 洪贤禹
Original assignee: Beijing Hanmi Zhiheng Science And Technology Co Ltd
Current assignee: Beijing Hanmi Zhiheng Science And Technology Co Ltd
Priority date: 2010-08-19
Filing date: 2010-08-19
Publication date: 2012-03-14

Abstract

The invention provides a data encryption method for a mobile communication terminal. The method comprises the following steps of: calling a block encryption algorithm according to a user instruction, and generating a symmetric key for block encryption by utilizing the block encryption algorithm; encrypting a clear text by utilizing the symmetric key to generate a cipher text; calling an asymmetric encryption algorithm, and generating a public key of an asymmetric encryption key by utilizing the asymmetric encryption algorithm; and encrypting the symmetric key by using the public key. The invention also provides a data encryption device for the mobile communication terminal. By the method and the device, the combined encryption of data in the mobile communication terminal is realized; and by the combined encryption, the dual encryption of the data and the encryption key is realized, so the security of the data in the mobile communication terminal is ensured.

Description

A kind of mobile communication terminal data encryption method and device

Technical field

The present invention relates to the data encryption technology field, relate in particular to a kind of mobile communication terminal data encryption method and device.

Background technology

Now, various types of mobile communication terminals have almost spreaded all over the every nook and cranny of people's life.Mobile communication terminal has developed into that people are requisite in daily life to be used to handle multiple information processing terminal.

In recent ten years; Along with the development of information technology, as present most widely used mobile communication terminal, the function of mobile phone from before single make a phone call, sending short messages to develop into becomes the multimedia processing terminal that can handle multiple information now; Its application surmounts its basic function far away; Its processing capacity comprises word processing, bank account authentication, web page browsing, receiving and dispatching mail and other many functions, and along with continuous advancement in technology, its application will be more and more widely.

Yet a large amount of uses of smart mobile phone have but brought new risk, and promptly sensitive data is stolen or lose.In non intelligent mobile phone period, the data security of mobile phone is mainly encrypted data by protocol layer when communicating between the terminal and is ensured; But because the ground of the significant data magnanimity on the current smart mobile phone occurs, this cipher mode has its tangible limitation, and it can only guarantee the safety of data in communication process, and can not guarantee the safety of data in this ground of mobile phone terminal.

Whether the key that the data encryption mode is used during by encryption and decryption identical is divided into symmetric cryptography and asymmetric is encrypted, and wherein symmetric cryptography can be divided into stream encryption and block encryption according to the object size of encrypting is whether fixing.Block cipher mode commonly used has DES, 3DES, AES etc., and the asymmetric cipher mode often uses has RSA, elliptic curve cryptography etc.Because it is too slow that asymmetric is encrypted, nor be fit to this encryption in full, so text encryption mainly uses the symmetric cryptography mode, and the asymmetric encryption generally just is used in the small-sized data encryption.

At present; The encryption method that most of mobile communication terminals adopt is through third party software data or file to be encrypted; But because extensive the popularizing of mobile communication terminal just just begins; Cipher mode single in the encryption technology that third party software is provided at present is more common, uses multiple encryption algorithms that data are carried out complex encryption and still belongs to blank.This single cipher mode only carries out symmetric cryptography to data; And encryption key is not carried out encipherment protection; Its relative confidentiality is relatively poor; The method that cracks that uses force is removed to crack encryption key and also is easier to, and possibly cause the disabled user more easily data or the file of encrypting in the smart mobile phone to be cracked, with the purpose that reaches illegal steal information or file carried out illegal operation.

Summary of the invention

An object of the present invention is to provide a kind of mobile communication terminal data encryption method, do not carry out the problem of encipherment protection to solve that at present single cipher mode only carries out block encryption to data and to encryption key.

Another object of the present invention is that a kind of mobile communication terminal data encryption device that can carry out complex encryption to mobile communication terminal data will be provided.

To achieve these goals, mobile communication terminal data encryption method of the present invention comprises following steps:

According to user instruction invoking block AES, utilize the block encryption algorithm to obtain symmetric key;

Come encrypting plaintext to generate ciphertext with symmetric key;

Call the asymmetric AES, utilize the asymmetric AES to obtain the PKI of asymmetric encryption key;

Come encrypted symmetric key with this PKI.

This encryption method adopts the complex encryption mode, comprises with unsymmetrical key coming encrypted symmetric key and coming encrypting plaintext with symmetric key.The block encryption algorithm that this kind complex encryption mode is given tacit consent to support is 3DES and AES AES, and the user also can use other block encryption algorithm or self-defining block encryption algorithm according to actual needs; The asymmetric AES that acquiescence is supported is RSA and elliptic curve cryptography method, and the user also can select other asymmetric AESs as required.If XML is encrypted, comprise that also from XML document extraction needs the step of ciphered data.In addition; Also can compress ciphertext through complex encryption; The data compression algorithm that compress mode is adopted international standards, like the ZIP data compressing module of standard, the user also can select other compression algorithms according to actual needs or consider the processing time and move without compression algorithm.

To achieve these goals, the present invention has proposed a kind of mobile communication terminal data encryption device on the other hand, and it comprises with lower module:

Symmetric key generation module: be used for according to user instruction invoking block AES, utilize the block encryption algorithm to generate the symmetric key that is used for block encryption;

Unsymmetrical key generation module: be used to call the asymmetric AES, generate the PKI of asymmetric encryption key;

Symmetric key encryption module: be used for through the said symmetric key of said public key encryption;

Data encryption module: be used to utilize said symmetric key encryption expressly to generate ciphertext.

Mobile communication terminal data encryption method provided by the invention and device; Adopt the complex encryption mode; To expressly carrying out block encryption, encryption key to be carried out asymmetric encrypt, this complex encryption mode has not only guaranteed the safety of data in the mobile communication terminal; And the protection encryption key is not stolen; The disabled user can't illegally be obtained and destroy data and file wherein, solved the relatively poor problem of the relative confidentiality of single cipher mode, improved safety of data in the mobile communication terminal greatly.

Description of drawings

Fig. 1 is a mobile communication terminal data encryption method flow chart;

Fig. 2 is single data encryption module;

Fig. 3 is the XML document encrypting module.

Embodiment

Below, will be elaborated to embodiments of the invention with reference to accompanying drawing.

Fig. 1 is a mobile communication terminal data encryption method flow chart.As shown in Figure 1, this mobile communication terminal data encryption method comprises the encryption and the deciphering of single data and XML document.Wherein, Single data encryption is used to protect the safety of mobile communication terminal local data; When being used to protect online, XML document transmits the safety of data; Two kinds of cipher modes can separately move, and all adopt the complex encryption mode that data are encrypted, and promptly come enciphered data and come encrypted symmetric key with the PKI of unsymmetrical key with symmetric key.Single data decryption is the reverse flow processs of single data for encrypting, and the XML document deciphering is the reverse flow process of XML document for encrypting.

Fig. 2 is single data encryption module.As shown in Figure 2, this single data encryption module comprises data encryption module, symmetric key generation module, unsymmetrical key generation module, symmetric key encryption module.Wherein, The symmetric key generation module is used to generate and is used for the symmetric key of encrypting plaintext; The unsymmetrical key generation module is used to generate and is used for the PKI of unsymmetrical key of encrypted symmetric key; The symmetric key encryption module is come encrypted symmetric key with unsymmetrical key, and data encryption module utilizes said symmetric key encryption expressly to generate ciphertext.The concrete workflow of this single data encryption module is following:

Step 1: call corresponding block encryption algorithm according to user's selection, the symmetric key generation module generates the symmetric key that is used for block encryption automatically;

The block encryption algorithm that acquiescence is supported is 3DES or AES AES, also can select other calibrated bolck AESs or user-defined block encryption algorithm, and this algorithm is kept in the module, uses during for deciphering;

Step 2: the symmetric key that data encryption module utilizes step 1 to generate produces ciphertext to expressly carrying out block encryption;

Step 3: call unsymmetrical key generation module in the local system, generate the PKI of unsymmetrical key automatically;

Step 4: the symmetric key encryption module is come encrypted symmetric key with the PKI of unsymmetrical key;

The asymmetric AES is defaulted as RSA or elliptic curve encryption algorithm, and the user also can select other asymmetric AESs as required;

In order data encrypted better to be managed and to protect, can also encrypt the ciphertext that produces to this single data encryption module and adopt data compressing module to compress.The data compression algorithm that data compressing module is adopted international standards, like the ZIP data compressing module, the user also can select other compression algorithms according to actual needs or consider the processing time and move without compression algorithm.

Single data decryption method is the reverse flow process of above-mentioned single data ciphering method.

Fig. 3 is the XML document encrypting module.As shown in Figure 3, this XML document encrypting module comprises XML PARSING module, symmetric key generation module, unsymmetrical key generation module, symmetric key encryption module, data encryption module and XML and encrypts editor module.Wherein XML PARSING module is used to explain XML document and extracts and will carry out ciphered data; The symmetric key generation module is used to generate and is used for the symmetric key of enciphered data; The unsymmetrical key generation module is used to generate and is used for the PKI of unsymmetrical key of encrypted symmetric key; The symmetric key encryption module is used for encrypted symmetric key, and data encryption module is used for data are carried out block encryption, and the symmetric key that XML encryption editor module is used for editing ciphered data and encryption is to XML document.The concrete performing step of this XML document encrypting module is following:

Step 1:XML PARSING module makes an explanation to XML document and extracts and wherein want ciphered data;

Step 1.1: convert XML document to the DOM object;

Step 1.2: utilize the XPath definition and need to point out ciphered data, can select that XML document is carried out part and encrypt or encrypt in full;

Step 2: call corresponding block encryption algorithm according to user's selection, the symmetric key generation module generates symmetric key automatically;

Can select 3DES, AES AES, also can select other calibrated bolck AESs or user-defined block encryption algorithm, and this algorithm is kept in the module, use during for deciphering; The key of block encryption since directly after by asymmetric encryption along with XML document sends together, so the user needn't know the key information of block encryption;

Step 3: data encryption module is carried out block encryption to the ciphered data of being extracted of wanting;

Step 4: call unsymmetrical key generation module in the local system, generate the PKI of the unsymmetrical key that is used for encrypted symmetric key;

Step 5: the symmetric key encryption module is carried out the asymmetric encryption to symmetric key, and adds to it in XML document of encryption according to the standard among the W3C;

Step 6:XML encrypts editor module and uses the data that produce through step 6 encryption to replace primary data generation XML ciphertext.

The XML document decryption method is the reverse flow process of above-mentioned XML document encryption method.

Single data encryption module is included in the XML document encrypting module, and when needs were encrypted data, at first to need ciphered data be local data or the data that need transmit on the net in judgement, selects corresponding encrypting module to carry out data encryption then.

A kind of mobile communication terminal data encryption method provided by the invention and device can use multiple encryption algorithms that single data and XML document are carried out complex encryption, comprise with symmetric key coming enciphered data and coming encrypted symmetric key with unsymmetrical key.This complex encryption mode has been guaranteed the safety of data in the mobile communication terminal through the double-encryption to data and encryption key.

Claims

1. a mobile communication terminal data encryption method is characterized in that, comprises following steps:

According to user instruction invoking block AES, utilize the block encryption algorithm to generate the symmetric key that is used for block encryption;

Come encrypting plaintext to generate ciphertext with said symmetric key;

Call the asymmetric AES, utilize the asymmetric AES to generate the PKI of asymmetric encryption key;

Encrypt said symmetric key with said PKI.

2. mobile communication terminal data encryption method according to claim 1 is characterized in that, described block encryption algorithm is 3DES or AES AES.

3. mobile communication terminal data encryption method according to claim 1 is characterized in that, described asymmetric AES is RSA or elliptic curve encryption algorithm.

4. mobile communication terminal data encryption method according to claim 1; It is characterized in that; Said according to user instruction invoking block AES before; Comprise that also extraction needs the step of ciphered data as said plaintext from destination document, then after the said PKI of said usefulness is encrypted said symmetric key, also comprise adding the step in the said destination document through the symmetric key and the said ciphertext of encrypting.

5. according to each described mobile communication terminal data encryption method in the claim 1 to 4, it is characterized in that, also comprise said ciphertext is carried out the step that the ZIP compression obtains compressed file.

6. a mobile communication terminal data encryption device is characterized in that, comprising:

Symmetric key encryption module: be used for encrypting said symmetric key through said PKI;

7. mobile communication terminal data encryption device according to claim 5 is characterized in that, said symmetric key generation module is configured to use 3DES or AES AES to generate said symmetric key.

8. mobile communication terminal data encryption device according to claim 5 is characterized in that, said unsymmetrical key generation module is configured to use RSA or elliptic curve encryption algorithm to generate said PKI.

9. mobile communication terminal data encryption device according to claim 5 is characterized in that, also comprises:

Extraction module, it is configured to, and extraction needs ciphered data as said plaintext from destination document; And

Editor module, it is configured to adding in the said destination document through the symmetric key and the said ciphertext of encrypting.

10. mobile communication terminal data encryption device according to claim 5 is characterized in that, also comprises data compressing module, and it is configured to said ciphertext is carried out the ZIP compression to obtain compressed file.