Movatterモバイル変換

[0]ホーム
URL:

CN103701596A - Document access method, system and equipment and document access request response method, system and equipment - Google Patents

Document access method, system and equipment and document access request response method, system and equipmentDownload PDF

Info

Publication number
CN103701596A
CN103701596ACN201210366938.6ACN201210366938ACN103701596ACN 103701596 ACN103701596 ACN 103701596ACN 201210366938 ACN201210366938 ACN 201210366938ACN 103701596 ACN103701596 ACN 103701596A
Authority
CN
China
Prior art keywords
file
receiving terminal
pki
key
terminal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201210366938.6A
Other languages
Chinese (zh)
Inventor
刘勇
张胜
陈世俊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Siemens Corp
Original Assignee
Siemens Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Siemens CorpfiledCriticalSiemens Corp
Priority to CN201210366938.6ApriorityCriticalpatent/CN103701596A/en
Publication of CN103701596ApublicationCriticalpatent/CN103701596A/en
Pendinglegal-statusCriticalCurrent

Links

Images

Landscapes

Abstract

Translated fromChinese

本发明提供一种文件访问方法,该方法用动态生成的临时密钥加密文件,临时密钥保存在接收端并由接收端保存的公钥加密,在用户需要离线访问该文件时,向发送端发送对该文件的访问请求,接收端获得发送端返回的访问响应中包含的用于用户认证的信息,根据该信息以及用户输入的密码进行用户认证;在认证通过后才能对临时密钥解密,进而对文件进行解密;与现有技术中仅使用密码进行用户认证相比,本发明的认证强度更大,从而提高了文件的安全性;并且,本发明采用双重加密和解密,即使用动态生成的临时密钥加密文件、使用保存的公钥加密临时密钥,以及使用访问响应中的公钥对临时密钥解密、使用解密得到的临时密钥对文件解密。

Figure 201210366938

The invention provides a file access method. The method uses a dynamically generated temporary key to encrypt the file. The temporary key is stored at the receiving end and encrypted by the public key stored at the receiving end. When the user needs to access the file offline, the file is sent to the sending end Send an access request to the file, and the receiving end obtains the information used for user authentication contained in the access response returned by the sending end, and performs user authentication based on the information and the password entered by the user; the temporary key can only be decrypted after the authentication is passed. And then the file is decrypted; Compared with only using passwords in the prior art to carry out user authentication, the authentication strength of the present invention is greater, thereby improving the security of the file; and, the present invention adopts double encryption and decryption, that is, dynamically generated Encrypt the file with the temporary key, encrypt the temporary key with the saved public key, decrypt the temporary key with the public key in the access response, and decrypt the file with the decrypted temporary key.

Figure 201210366938

Description

The method of file access and response file access request, system and equipment
Technical field
The present invention relates to computer safety field, relate in particular to method, system and the equipment of a kind of file access and response file access request.
Background technology
Universal along with network technology, the access of information, shares and issue becomes more and more convenient, but has also increased the danger that important information is revealed simultaneously.At present; protect the major technique of important electronic document to comprise file encryption storage and strict user access control; for the offline e file (file that has departed from document security system; the e-file that has for example departed from enterprise security network) safeguard protection, current solution is that user authenticates with file encryption and stores.
The security protection technology of existing offline e file is that user selects correct method to read the electronic document in document security client; this client is downloaded encryption key from document security system server automatically; and use temporary key encrypted electronic document, thereby reach the object of the safeguard protection of offline e document.
But there is following defect in prior art: the temporary key of the static password protection off-line files that user arranges, static password can not change during off-line, and fail safe is lower, thereby is easily cracked.
Summary of the invention
The embodiment of the present invention provides method, system and the equipment of a kind of file access and response file access request, for improving the fail safe of the file on receiving terminal.
The embodiment of the present invention provides a kind of file access method, and the method comprises:
When the file of the interim password encryption dynamically generating is used in needs access, receiving terminal sends the request of access file to transmitting terminal, and wherein, described interim password is kept at the receiving terminal of described encrypt file the public key encryption of being preserved by described receiving terminal; Then the PKI that comprises dynamic generation that receiving terminal receiving end/sending end returns and the response of private key, the static password that the PKI that described transmitting terminal returns and private key are set in advance by user is encrypted;
PKI and private key that the password of receiving terminal user input returns described transmitting terminal are decrypted, if Decryption failures, authentification failure; If successful decryption, the PKI obtaining according to deciphering determines with the PKI of preserving at receiving terminal whether authentication is passed through, if authentification failure forbids that user accesses described file; If authentication is passed through,
The private key that the described transmitting terminal that receiving terminal is used deciphering to obtain returns is decrypted described interim password, and the interim password that uses deciphering to obtain is decrypted described file;
The PKI that the public-key substitution that receiving terminal returns with transmitting terminal is preserved at receiving terminal, and generate new interim password; When receiving terminal need to be closed described file, with described new interim password, file is carried out to re-encrypted, then the PKI that uses transmitting terminal to preserve is encrypted described new temporary key, and the interim password of preserving at receiving terminal with the interim Coden replacement after encrypting.
Preferably, the receiving terminal in said method comprises mobile subscriber terminal (for example mobile phone).The access response that can utilize mobile subscriber terminal transmission access request and/or receiving end/sending end to return, in said method, other operation can have traditional receiving device (such as computer) to implement.Add the execution mode meeting after mobile subscriber terminal safer.
In embodiments of the present invention, file is encrypted with the temporary key dynamically generating, and the public key encryption that temporary key is kept at receiving terminal and is preserved by receiving terminal, when user needs offline access this document at every turn, to transmitting terminal, send the access request to this document, the information authenticating for user comprising in the access response that receiving terminal acquisition transmitting terminal returns, carries out user according to the password of this information and user's input and authenticates; After authentication is passed through, could decipher temporary key, and then file is decrypted; Carry out user and authenticate and compare with only accessing to your password in prior art, the authentication strength in embodiment of the present invention is larger, thereby has improved the fail safe of file; And, this programme adopts double-encryption and deciphering, use the temporary key encrypt file dynamically generating, the public key encryption temporary key that uses preservation, and the PKI in use access response to temporary key deciphering, use temporary key that deciphering obtains to file decryption, double-encryption and deciphering have further improved the fail safe that departs from the file of document security system.
Preferably, before receiving terminal sends access request to transmitting terminal, further comprise:
The described static password that receiving terminal arranges user sends to transmitting terminal;
The transmitting terminal that receiving terminal receiving end/sending end returns is encrypted the file encryption key that described file is used, and receiving terminal is encrypted used PKI to the temporary key of dynamic generation;
Receiving terminal is used the described file encryption key receiving to be decrypted described file, the file after being deciphered;
Receiving terminal is being used the temporary key dynamically generating to carry out after re-encrypted file, use described receiving terminal to be encrypted used PKI to the temporary key of dynamic generation, temporary key to described dynamic generation is encrypted, and temporary key and this PKI after encrypting are preserved.
In embodiment of the present invention, the static password that receiving terminal arranges user in advance sends to transmitting terminal, then receiving end/sending end returns file encryption key and PKI, receiving terminal can be used the first declassified document of file encryption key, and after using the dynamic temporary key generating to file re-encrypted, can use this PKI to be encrypted the temporary key generating.
Preferably, described receiving terminal is encrypted used PKI for comprising from h that transmitting terminal use hash algorithm produces to the temporary key of dynamic generation0(X) to hn(X), in the hash chain of a n+1 cryptographic Hash, n is greater than 0 integer; PKI in described access response is hn-i(X), the private key in described access response is shn-i+1(X), s is system private key, and the value of i is the number of times that transmitting terminal receives described access request;
The described PKI obtaining according to deciphering determines that with the PKI of preserving at receiving terminal whether authentication is passed through, and specifically comprises:
Use the cryptographic Hash of the PKI that described hash algorithm secure processing device encrypts obtains, according to the cryptographic Hash calculating and the cryptographic Hash of the PKI of preserving at receiving terminal, determine whether authentication is passed through.
In embodiment of the present invention, utilize in the hash chain that hash algorithm produces cryptographic Hash to carry out user and authenticate, can further improve the fail safe that user authenticates.
The embodiment of the present invention also provides a kind of method of response file access request, and the method comprises:
Transmitting terminal receives the access request of the file that the temporary key with dynamically generating is encrypted; Wherein, the public key encryption that described temporary key is kept at receiving terminal and is preserved by described receiving terminal;
Transmitting terminal returns to the PKI that comprises dynamic generation and the access response of private key, and the static password that the PKI comprising in described access response and private key are set in advance by user is encrypted.
In embodiment of the present invention, transmitting terminal, after receiving the access request of file, need to return to the relevant information authenticating for user, thereby guarantee the fail safe of the file on receiving terminal.
Preferably, before transmitting terminal receives described access request, further comprise:
Transmitting terminal receives the described static password of user's setting of receiving terminal transmission;
Transmitting terminal returns to transmitting terminal to receiving terminal and encrypts the file encryption key that described file is used, and receiving terminal is encrypted used PKI to the temporary key of dynamic generation.
In embodiment of the present invention, transmitting terminal receives the static password that receiving terminal sends in advance, and to receiving terminal backspace file encryption key and PKI, make receiving terminal can use the first declassified document of file encryption key, and after using the dynamic temporary key generating to file re-encrypted, can use this PKI to be encrypted the temporary key generating.
Preferably, described receiving terminal is encrypted used PKI to the temporary key of dynamic generation and is: transmitting terminal is used comprising from h that hash algorithm produces0(X) to hn(X) hash chain of a n+1 cryptographic Hash, n is greater than 0 integer; PKI in described access response is hn-i(X), the private key in described access response is shn-i+1(X), s is system private key, and the value of i is the number of times that transmitting terminal receives described access request.
In embodiment of the present invention, utilize in the hash chain that hash algorithm produces cryptographic Hash to carry out user and authenticate, can further improve the fail safe that user authenticates.
Preferably, after transmitting terminal receives described access request, return to described access response before, further comprise:
Transmitting terminal determines whether the access times of described file are surpassed to the access times maximum that user sets in advance;
Described transmitting terminal returns to the PKI that comprises dynamic generation and the access response of private key, specifically comprises:
Described transmitting terminal determining when the access times of described file are not surpassed to the access times maximum that user sets in advance, and returns to the PKI that comprises dynamic generation and the access response of private key.
In embodiment of the present invention, by the access times maximum to the file on receiving terminal is set, make the user can not unlimited access file, thus the fail safe that can further improve file.
The embodiment of the present invention provides a kind of file access system, and this system comprises receiving terminal and transmitting terminal,
Wherein receiving terminal is used for, after the access request of the file of encrypting with the temporary key dynamically generating on sending receiving terminal to civilian transmitting terminal, PKI and the private key of the dynamic generation comprising in the access response that acquisition transmitting terminal returns, the static password that the PKI comprising in described access response and private key are set in advance by user is encrypted; Wherein, the public key encryption that described temporary key is kept at receiving terminal and is preserved by described receiving terminal;
The password of user's input is decrypted the PKI comprising in described access response and private key, if Decryption failures, authentification failure; If successful decryption, the PKI obtaining according to deciphering determines with the PKI of preserving at receiving terminal whether authentication is passed through, if authentification failure forbids that user accesses described file; If authentication is passed through,
The private key comprising in the described access response of using deciphering to obtain is decrypted described temporary key, and the temporary key that uses deciphering to obtain is decrypted described file;
The PKI that the public-key substitution comprising in the described access response obtaining with deciphering is preserved at receiving terminal, and generate new temporary key; When receiving terminal need to be closed described file, with this new temporary key, file is carried out to re-encrypted, then the PKI that uses receiving terminal to preserve is encrypted described newly-generated temporary key, and replaces with the temporary key after encrypting the temporary key of preserving at receiving terminal;
Transmitting terminal, for after receiving described access request, returns to the PKI that comprises dynamic generation and the access response of private key, and the static password that the PKI comprising in described access response and private key are set in advance by user is encrypted.
In embodiment of the present invention, temporary key encrypt file with dynamic generation, and the public key encryption that temporary key is kept at receiving terminal and is preserved by receiving terminal, when user needs offline access this document at every turn, to transmitting terminal, send the access request to this document, receiving terminal obtains the information authenticating for user comprising in the access response that transmitting terminal returns, and carries out user authenticate according to the password of this information and user's input; After authentication is passed through, could decipher temporary key, and then file is decrypted; Carry out user and authenticate and compare with only accessing to your password in prior art, authentication strength is larger, thereby has improved the fail safe of file; And, this embodiment of the present invention adopts double-encryption and deciphering, use the temporary key encrypt file dynamically generating, the public key encryption temporary key that uses preservation, and the PKI in use access response to temporary key deciphering, use temporary key that deciphering obtains to file decryption, the fail safe that double-encryption and deciphering have further improved file.
The embodiment of the present invention provides a kind of receiving terminal, and this receiving terminal comprises:
Obtain unit, after access request for file from receiving terminal to transmitting terminal that encrypt with the temporary key dynamically generating on sending receiving terminal at, PKI and the private key of the dynamic generation comprising in the access response that acquisition transmitting terminal returns, the static password that the PKI comprising in described access response and private key are set in advance by user is encrypted; Wherein, the public key encryption that described temporary key is kept at receiving terminal and is preserved by described receiving terminal;
Decryption unit, PKI and private key that the password of inputting for user comprises described access response are decrypted, if Decryption failures, authentification failure; If successful decryption, the PKI obtaining according to deciphering determines with the PKI of preserving at receiving terminal whether authentication is passed through, if authentification failure forbids that user accesses described file; If authentication is passed through,
The private key comprising in the described access response of using deciphering to obtain is decrypted described temporary key, and the temporary key that uses deciphering to obtain is decrypted described file;
The PKI that the public-key substitution comprising in the described access response obtaining with deciphering is preserved at receiving terminal, and generate new temporary key; When receiving terminal need to be closed described file, with this new temporary key, file is carried out to re-encrypted, then the PKI that uses receiving terminal to preserve is encrypted described newly-generated temporary key, and replaces with the temporary key after encrypting the temporary key of preserving at receiving terminal.
In embodiment of the present invention, file on receiving terminal is encrypted with the temporary key dynamically generating, and the public key encryption that temporary key is kept at receiving terminal and is preserved by receiving terminal, when user needs offline access this document at every turn, to transmitting terminal, send the access request to this document, receiving terminal obtains the information authenticating for user comprising in the access response that transmitting terminal returns, and carries out user authenticate according to the password of this information and user's input; After authentication is passed through, could decipher temporary key, and then file is decrypted; Carry out user and authenticate and compare with only accessing to your password in prior art, authentication strength is larger, thereby has improved the fail safe of file; And, this programme adopts double-encryption and deciphering, use the temporary key encrypt file dynamically generating, the public key encryption temporary key that uses preservation, and the PKI in use access response to temporary key deciphering, use temporary key that deciphering obtains to file decryption, the fail safe that double-encryption and deciphering have further improved file.
The embodiment of the present invention provides a kind of transmitting terminal, and this transmitting terminal comprises:
Receiving element, the access request to the file of the temporary key encryption with dynamically generating sending for receiving user; Wherein, the public key encryption that described temporary key is kept at receiving terminal and is preserved by described receiving terminal;
Response unit, for returning to the PKI that comprises dynamic generation and the access response of private key, the static password that the PKI comprising in described access response and private key are set in advance by user is encrypted.
In embodiment of the present invention, transmitting terminal, after receiving the access request of above-mentioned file, need to return to the relevant information authenticating for user, thereby has guaranteed the fail safe of file.Especially for example, when file has departed from after safety system (when file has downloaded in its employee's computer from the safety database of enterprise), use this execution mode of the present invention can to limit the propagation of file, protected file.
Preferably, this transmitting terminal also comprises:
Transmitting element, before receiving described access request at receiving element, receives the described static password that user arranges; And return to transmitting terminal and encrypt the file encryption key that described file is used, and the temporary key of dynamic generation is encrypted to used PKI.
In embodiment of the present invention, transmitting terminal receives the static password that receiving terminal sends in advance, and to receiving terminal backspace file encryption key and PKI, make receiving terminal can use the first declassified document of file encryption key, and after using the dynamic temporary key generating to file re-encrypted, can use this PKI to be encrypted the temporary key generating.
Preferably, described transmitting element also for:
Using hash algorithm to produce comprises from h0(X) to hn(X) hash chain of a n+1 cryptographic Hash, the cryptographic Hash that correspondence is each is encrypted used PKI as receiving terminal to the temporary key of dynamic generation, and n is greater than 0 integer;
Described response unit is by hn-i(X) as the PKI in access response, by shn-i+1(X) as the private key in access response, s is system private key, and the value of i is the number of times that transmitting terminal receives access request.
In embodiment of the present invention, utilize in the hash chain that hash algorithm produces cryptographic Hash to carry out user and authenticate, can further improve the fail safe that user authenticates.
Preferably, described response unit also for:
Before returning to described access response, determine whether the access times of described file are surpassed to the access times maximum that user sets in advance; Determining when the access times of described file are not surpassed to the access times maximum that user sets in advance, to receiving terminal, returning to the PKI that comprises dynamic generation and the access response of private key.
In embodiment of the present invention, by the access times maximum to the file on receiving terminal is set, make the user can not unlimited access file, thus the fail safe that can further improve file.
Accompanying drawing explanation
Below by the mode with clearly understandable by the explanation of preferred implementation come by reference to the accompanying drawings the above-mentioned characteristic of the present invention, technical characterictic, advantage and execution mode thereof to be further described, wherein:
Fig. 1 is the schematic flow sheet of the file access method of embodiment of the present invention;
Fig. 2 is the schematic flow sheet of the response file access request method of embodiment of the present invention;
Fig. 3 is the mutual overall flow schematic diagram of the receiving terminal of embodiment of the present invention and transmitting terminal;
Fig. 4 is the structural representation of the file access system of embodiment of the present invention;
Fig. 5 is the structural representation of the receiving terminal of embodiment of the present invention;
Fig. 6 is the structural representation of the transmitting terminal of embodiment of the present invention.
Embodiment
Embodiment mono-:
Referring to Fig. 1, the file access method of the present embodiment comprises the following steps:
Step 10: send to transmitting terminal after the access request of the file that the temporary key with dynamically generating is encrypted, PKI and the private key of the dynamic generation comprising in the access response that receiving terminal acquisition transmitting terminal returns, the static password that the PKI comprising in this access response and private key are set in advance by user is encrypted; Wherein, the public key encryption that the temporary key dynamically generating is kept at receiving terminal and is preserved by receiving terminal;
Step 11: the password of receiving terminal user input is decrypted the PKI comprising in access response and private key, if Decryption failures arrivesstep 12; If successful decryption, arrivesstep 13;
Step 12, determines authentification failure, and this flow process finishes;
Step 13: the PKI obtaining according to deciphering determines with the PKI of preserving at receiving terminal whether authentication is passed through, if authentification failure arrivesstep 14, if authentication is passed through, arrivesstep 15;
Step 14: forbid that user accesses this document, this flow process finishes;
Step 15: the private key comprising in the access response of using deciphering to obtain is decrypted described temporary key, and the temporary key that uses deciphering to obtain is decrypted this document;
The PKI that the public-key substitution comprising in the access response obtaining with deciphering is preserved at receiving terminal, and generate new temporary key; When receiving terminal need to be closed this document, with this new temporary key, file is carried out to re-encrypted, the PKI that then uses receiving terminal to preserve is encrypted newly-generated temporary key, and replaces with the temporary key after encrypting the temporary key of preserving at receiving terminal.
Preferably, beforestep 10, the static password that receiving terminal can arrange user sends to transmitting terminal; The transmitting terminal that receiving terminal receiving end/sending end returns is encrypted the file encryption key that this document is used, and receiving terminal is encrypted used PKI to the temporary key of dynamic generation; Receiving terminal is used the file encryption key receiving to be decrypted this document, the file after being deciphered; Then receiving terminal is being used the temporary key dynamically generating to carry out after re-encrypted this document, use receiving terminal to be encrypted used PKI to the temporary key of dynamic generation, temporary key to dynamic generation is encrypted, and temporary key and this PKI after encrypting are preserved.
Preferably, receiving terminal is when the static password k that user is arranged sends to transmitting terminal, and the access times maximum n that can also simultaneously user be arranged sends to transmitting terminal.Receiving terminal, when static password k is sent to transmitting terminal, can also send to transmitting terminal by this user's user name, filename etc. simultaneously.
Preferably, receiving terminal is encrypted used PKI to the temporary key of dynamic generation and can is: transmitting terminal is used comprising from h that hash algorithm produces0(X) to hn(X) hash chain of a n+1 cryptographic Hash, n is greater than 0 integer; PKI in access response is hn-i(X), the private key in access response is shn-i+1(X), s is system private key, and the value of i is the number of times that transmitting terminal receives access request; Accordingly, the PKI that instep 13, receiving terminal obtains according to deciphering determines with the PKI of preserving at receiving terminal whether authentication is passed through, specific implementation can be: the cryptographic Hash of the PKI that use hash algorithm secure processing device encrypts obtains, according to the cryptographic Hash calculating and the cryptographic Hash of the PKI of preserving at receiving terminal, determine whether authentication is passed through.
In this embodiment, receiving terminal can be the computer that user often uses, and is completed the work of receiving terminal by PC.Receiving terminal also can comprise computer that user uses and the mobile subscriber terminal as mobile phone.The access response of utilizing mobile phone transmission access request receiving end/sending end to return.Being used in combination computer and mobile communication terminal can be safer.
Embodiment bis-:
Referring to Fig. 2, the method for the response file access request that the present embodiment provides for transmitting terminal, comprises the following steps:
Step 20: transmitting terminal receives the access request of the file that the temporary key with dynamically generating is encrypted; Wherein, the public key encryption that this temporary key dynamically generating is kept at receiving terminal and is preserved by receiving terminal;
Step 21: transmitting terminal returns to the PKI that comprises dynamic generation and the access response of private key to user terminal, and the static password that the PKI comprising in described access response and private key are set in advance by user is encrypted.
Preferably, beforestep 20, transmitting terminal receives the static password of user's setting of receiving terminal transmission; Transmitting terminal returns to transmitting terminal to receiving terminal and encrypts the file encryption key that this document is used, and receiving terminal is encrypted used PKI to the temporary key of dynamic generation.
Preferably, receiving terminal is encrypted used PKI to the temporary key of dynamic generation and can is: transmitting terminal is used comprising from h that hash algorithm produces0(X) to hn(X) hash chain of a n+1 cryptographic Hash, n is greater than 0 integer; PKI in access response is hn-i(X), the private key in access response is shn-i+1(X), s is system private key, and the value of i is the number of times that transmitting terminal receives access request.
Preferably, after transmitting terminal receives access request and before backward reference response, transmitting terminal determines whether the access times of this document are surpassed to the access times maximum that user sets in advance; Determining when the access times of this document are not surpassed to the access times maximum that user sets in advance, returning to the PKI that comprises dynamic generation and the access response of private key.
Embodiment tri-:
Referring to Fig. 3, the overall flow that the receiving terminal that the present embodiment provides and transmitting terminal are mutual, comprises the following steps:
Step 30: the static password k that receiving terminal arranges user sends to transmitting terminal;
Step 31: transmitting terminal receives and preserve the static password k that receiving terminal is sent, the file encryption key K that transmitting terminal encrypt file is used and receiving terminal are for the temporary key K to dynamic generationibe encrypted and need the PKI using to send to receiving terminal; Here the initial value of i is that 1(represents user's access file for the first time);
Step 32: receiving terminal is used the file encryption key K receiving to be decrypted file, the file after being deciphered;
Step 33: receiving terminal is being used the random temporary key K generatingifile is carried out after re-encrypted to the PKI and the temporary key K of asymmetric arithmetic to generation that use transmitting terminal to sendibe encrypted, by the temporary key K after encryptingipreserve with this PKI;
Step 34: when user need to access the file on the receiving terminal in off-line state, can send access request to transmitting terminal by user terminal; User terminal can be mobile phone etc.;
Step 35: transmitting terminal, after receiving the access request that user terminal sends, returns to the PKI h that comprises dynamic generationn-iand private key sh (X)n-i+1(X) access response, the PKI h comprising in access responsen-iand private key sh (X)n-i+1(X) the static password k being set in advance by user encrypts;
Step 36: at user terminal, receive after the access response that transmitting terminal sends, user to receiving terminal input for to accessing sound
The PKI h that the static password k that the user who comprises in the password that information in answering is decrypted and access response sets in advance encryptsn-iand private key sh (X)n-i+1(X);
Step 37: the password of receiving terminal user input is to the PKI h that uses static password k to encryptn-iand private key sh (X)n-i+1(X) be decrypted, if Decryption failures, authentification failure; If successful decryption, the PKI h obtaining according to decipheringn-i(X) determine with the PKI of preserving at receiving terminal whether authentication is passed through, if authentification failure is forbidden user's access file; If authentication is passed through, the private key sh that uses deciphering to obtainn-i+1(X) to the temporary key K after the encryption of preservingibe decrypted, and the temporary key K that uses deciphering to obtainifile is decrypted to the file after being deciphered;
Step 38: the PKI h that receiving terminal obtains with decipheringn-i(X) replace the PKI of preserving at receiving terminal, and generate at random new temporary key Ki+1; When receiving terminal need to be closed this document, with this new temporary key Ki+1file is carried out to re-encrypted, the PKI h that then uses receiving terminal to preserven-i(X) to newly-generated temporary key Ki+1be encrypted, and with the temporary key K after encryptingi+1the temporary key K that replacement is preserved at receiving terminali, when user need to access this document again, the value of i is added to 1, and returns to step 34.
Preferably, in step 30, receiving terminal is when the static password k that user is arranged sends to transmitting terminal, and the access times maximum n that can also simultaneously user be arranged sends to transmitting terminal.So, after in step 35, transmitting terminal receives access request and before backward reference response, first transmitting terminal can determine whether user surpasses this access times maximum to the access times of file; When definite user does not surpass this access times maximum to the access times of file, backward reference response.Otherwise, refuse this access request.Receiving terminal, when static password k is sent to transmitting terminal, can also send to transmitting terminal by this user's user name, filename etc. simultaneously.
Preferably, in step 31, receiving terminal is to the temporary key K generatingibe encrypted used PKI hn(X) can be: transmitting terminal is used comprising from h of hash algorithm generation0(X) to hn(X) hash chain of a n+1 cryptographic Hash, n is greater than 0 integer; PKI in the access response that step 35 transmitting terminal returns is hn-i(X), the private key in this access response is shn-i+1(X), s is the random system private key of selecting of transmitting terminal, the value of i is the number of times that transmitting terminal receives access request, for example, if transmitting terminal is to receive for the first time the access request to this document that this user terminal sends in step 35, the value of i is 1, if transmitting terminal is to receive for the second time the access request to this document that this user terminal sends in step 35, the value of i is 2, and the rest may be inferred.Here, the value of n can be the access times maximum of user's setting.
Accordingly, the PKI h obtaining according to deciphering in step 37n-i(X) determine with the PKI of preserving at receiving terminal whether authentication is passed through, and specific implementation can be as follows: the PKI h that receiving terminal is used hash algorithm secure processing device encrypts to obtainn-i(X) cryptographic Hash, determines to authenticate according to the PKI of the cryptographic Hash calculating and preservation and passes through, otherwise, authentification failure.
Preferably, in step 32, after the file after being deciphered, can open this document, for user, access this document.
Preferably, in step 33, receiving terminal can for example be closed after this document after user completes the access of this document, uses the temporary key K generatingifile is carried out to re-encrypted.Simultaneously can also be by the temporary key K after encryptingibe kept in the extendfile head of file with PKI.
Preferably, in step 34, transmitting terminal in the access request that user terminal sends, can comprise this user's user name, the information such as filename of file, so that can find static password k that this user sets in advance for this document and the hash chain of generation according to this user name, filename in step 35.
Take below and use for the first time and for the second time method in the present embodiment how to implement as example explanation the present embodiment.In the present embodiment, user accesses the file on receiving terminal for the first time, and its idiographic flow is as follows:
Step 301: the static password k that receiving terminal arranges user sends to transmitting terminal;
Step 311: transmitting terminal receives and preserve the static password k that receiving terminal is sent, the file encryption key K that transmitting terminal encrypt file is used and receiving terminal are for the temporary key K to dynamic generation1be encrypted the PKI h that needs usen(X) send to receiving terminal;
Step 321: receiving terminal is used the file encryption key K receiving to be decrypted file, the file after being deciphered;
Step 331: receiving terminal is being used the random temporary key K generating1file is carried out after re-encrypted to the PKI h that uses transmitting terminal to sendn(X) and asymmetric arithmetic to the temporary key K generating1be encrypted, by the temporary key K after encrypting1with this PKI hn(X) preserve;
Step 341: when user need to access the file on the receiving terminal in off-line state, can be by user terminal to sending out
Sending end sends access request; User terminal can be mobile phone etc.;
Step 351: transmitting terminal, after receiving the access request that user terminal sends, returns to the PKI that comprises dynamic generation
Hn-1and private key sh (X)n(X) access response, the PKI h comprising in access responsen-1and private key sh (X)n(X) the static password k being set in advance by user encrypts;
Step 361: receive after the access response that transmitting terminal sends the PKI h that the static password k that user sets in advance for the user who comprises in password that the information of access response is decrypted and access response to receiving terminal input encrypts at user terminaln-1and private key sh (X)n(X);
Step 371: the password of receiving terminal user input is to the PKI h that uses static password k to encryptn-1and private key sh (X)n(X) be decrypted, if Decryption failures, authentification failure; If successful decryption, the PKI h obtaining according to hash algorithm secure processing device encryptsn-1(X) the PKI h that cryptographic Hash and receiving terminal are preservedn(X) determine whether authentication is passed through.If the two is inconsistent, determine authentification failure, forbid user's access file; If the two is consistent, determines to authenticate and pass through, the private key sh that uses deciphering to obtainn(X) to the temporary key K after the encryption of preserving1be decrypted, and the temporary key K that uses deciphering to obtain1file is decrypted to the file after being deciphered;
Step 381: the PKI h that receiving terminal obtains with decipheringn-1(X) replace the PKI h preserving at receiving terminaln(X), and at random generate new temporary key K2; When receiving terminal need to be closed this document, with this new temporary key K2file is carried out to re-encrypted, the PKI h that then uses receiving terminal to preserven-1(X) to newly-generated temporary key K2be encrypted, and with the temporary key K after encrypting2the temporary key K that replacement is preserved at receiving terminal1.
When user needs back-call this document, idiographic flow is as follows:
Step 342: user can send access request to transmitting terminal again by user terminal; User terminal can be mobile phone etc.;
Step 352: transmitting terminal, after receiving the access request that user terminal sends, returns to the PKI h that comprises dynamic generationn-2and private key sh (X)n-1(X) access response, the PKI h comprising in access responsen-2and private key sh (X)n-1(X) the static password k being set in advance by user encrypts;
Step 362: receive after the access response that transmitting terminal sends the PKI h that the static password k that user sets in advance for the user who comprises in password that the information of access response is decrypted and access response to receiving terminal input encrypts at user terminaln-2and private key sh (X)n-1(X);
Step 372: the password of receiving terminal user input is to the PKI h that uses static password k to encryptn-2and private key sh (X)n-1(X) be decrypted, if Decryption failures, authentification failure; If successful decryption, the PKI h obtaining according to hash algorithm secure processing device encryptsn-2(X) the PKI h that cryptographic Hash and receiving terminal are preservedn-1(X) determine whether authentication is passed through.If the two is inconsistent, determine authentification failure, forbid user's access file; If consistent, determine to authenticate and pass through, the private key sh that uses deciphering to obtainn-1(X) to the temporary key K after the encryption of preserving2be decrypted, and the temporary key K that uses deciphering to obtain2file is decrypted to the file after being deciphered;
Step 382: the PKI h that receiving terminal obtains with decipheringn-2(X) replace the PKI h preserving at receiving terminaln-1(X), and at random generate new temporary key K3; When receiving terminal need to be closed this document, with this new temporary key K3file is carried out to re-encrypted, the PKI h that then uses receiving terminal to preserven-2(X) to newly-generated temporary key K3be encrypted, and with the temporary key K after encrypting3the temporary key K that replacement is preserved at receiving terminal2.
Embodiment tetra-:
Referring to Fig. 4, the present embodiment provides a kind of file access system, and this system comprises:
Receivingterminal 40, for sending to transmitting terminal after the access request of the file that the temporary key with dynamically generating is encrypted, PKI and the private key of the dynamic generation comprising in the access response that acquisition transmitting terminal returns, the static password that the PKI comprising in described access response and private key are set in advance by user is encrypted; Wherein, the public key encryption that described temporary key is kept at receiving terminal and is preserved by described receiving terminal;
The password of user's input is decrypted the PKI comprising in described access response and private key, if Decryption failures, authentification failure; If successful decryption, the PKI obtaining according to deciphering determines with the PKI of preserving at receiving terminal whether authentication is passed through, if authentification failure forbids that user accesses described file; If authentication is passed through,
The private key comprising in the described access response of using deciphering to obtain is decrypted described temporary key, and the temporary key that uses deciphering to obtain is decrypted described file;
The PKI that the public-key substitution comprising in the described access response obtaining with deciphering is preserved at receiving terminal, and generate new temporary key; When receiving terminal need to be closed described file, with this new temporary key, file is carried out to re-encrypted, then the PKI that uses receiving terminal to preserve is encrypted described newly-generated temporary key, and replaces with the temporary key after encrypting the temporary key of preserving at receiving terminal;
Preferably receivingterminal 40 also comprises for example mobile phone of user terminal 41(), for need to access the file of encrypting with the temporary key dynamically generating on receiving terminal user time, to transmitting terminal, send access request;
Transmittingterminal 42, for after receiving the access request that user terminal sends, returns to the PKI that comprises dynamic generation and the access response of private key to user terminal, and the static password that the PKI comprising in this access response and private key are set in advance by user is encrypted.
Further, receivingterminal 40 also for: before user terminal sends access request to transmitting terminal, the described static password that user is arranged sends to transmitting terminal; The transmitting terminal that receiving end/sending end returns is encrypted the file encryption key that described file is used, and receiving terminal is encrypted used PKI to the temporary key of dynamic generation; The described file encryption key that use receives is decrypted described file, the file after being deciphered; Using the temporary key dynamically generating to carry out after re-encrypted file, use described receiving terminal to be encrypted used PKI to the temporary key of dynamic generation, temporary key to described dynamic generation is encrypted, and temporary key and this PKI after encrypting are preserved.
Further, the temporary keys that 40 pairs of receiving terminals dynamically generate are encrypted used PKI and are: transmitting terminal is used comprising from h that hash algorithm produces0(X) to hn(X) hash chain of a n+1 cryptographic Hash, n is greater than 0 integer; PKI in described access response is hn-i(X), the private key in described access response is shn-i+1(X), s is system private key, and the value of i is the number of times that transmitting terminal receives described access request;
Receivingterminal 40 determines whether authentication is passed through as follows: according to the cryptographic Hash of the PKI obtaining by described hash algorithm secure processing device encrypts and the cryptographic Hash of the PKI of preserving at receiving terminal, determine whether authentication is passed through.
Further, transmittingterminal 42 also for:
Before receiving described access request, receive the described static password of user's setting of receiving terminal transmission; To receiving terminal, returning to transmitting terminal encrypts file encryption key and the receiving terminal that described file uses the temporary key of dynamic generation is encrypted to used PKI.
Further, transmittingterminal 42 also for:
After receiving access request and before backward reference response, determine whether the access times of described file are surpassed to the access times maximum that user sets in advance; Determining when the access times of described file are not surpassed to the access times maximum that user sets in advance, to user terminal, returning to the PKI that comprises dynamic generation and the access response of private key.
Preferably receiving terminal comprisesmobile subscriber terminal 41, for example mobile phone.For example, by using mobile communication terminal to send the access request mode of mobile phone short message (with) and receive the PKI that comprises dynamic generation and the access response information of private key to transmitting terminal; Transmittingterminal 42 also can respond by the mode backward reference of short message.
Embodiment five:
Referring to Fig. 5, the present embodiment provides a kind of receiving terminal, and this receiving terminal comprises:
Obtainunit 50, after access request for file from mobile subscriber terminal to transmitting terminal that encrypt with the temporary key dynamically generating on sending receiving terminal at, PKI and the private key of the dynamic generation comprising in the access response that acquisition transmitting terminal returns to mobile subscriber terminal, the static password that the PKI comprising in described access response and private key are set in advance by user is encrypted; Wherein, the public key encryption that described temporary key is kept at receiving terminal and is preserved by described receiving terminal;
Decryption unit 51, PKI and private key that the password of inputting for user comprises described access response are decrypted, if Decryption failures, authentification failure; If successful decryption, the PKI obtaining according to deciphering determines with the PKI of preserving at receiving terminal whether authentication is passed through, if authentification failure forbids that user accesses described file; If authentication is passed through,
The private key comprising in the described access response of using deciphering to obtain is decrypted described temporary key, and the temporary key that uses deciphering to obtain is decrypted described file;
The PKI that the public-key substitution comprising in the described access response obtaining with deciphering is preserved at receiving terminal, and generate new temporary key; When receiving terminal need to be closed described file, with this new temporary key, file is carried out to re-encrypted, then the PKI that uses receiving terminal to preserve is encrypted described newly-generated temporary key, and replaces with the temporary key after encrypting the temporary key of preserving at receiving terminal.
Further, receiving terminal also comprises:
Cipheringunit 52, sends to transmitting terminal for the described static password that user is arranged; The transmitting terminal that receiving end/sending end returns is encrypted file encryption key and the receiving terminal that described file uses the temporary key of dynamic generation is encrypted to used PKI; The described file encryption key that use receives is decrypted described file, the file after being deciphered; Using the temporary key dynamically generating to carry out after re-encrypted file, use described receiving terminal to be encrypted used PKI to the temporary key of dynamic generation, temporary key to described dynamic generation is encrypted, and temporary key and this PKI after encrypting are preserved.
Further, 52 pairs of temporary keys that dynamically generate of ciphering unit are encrypted used PKI for comprising from h that transmitting terminal use hash algorithm produces0(X) to hn(X) hash chain of a n+1 cryptographic Hash, n is greater than 0 integer; PKI in access response is hn-i(X), the private key in access response is shn-i+1(X), s is system private key, and the value of i is the number of times that transmitting terminal receives access request;
Decryption unit 51 determines for: the PKI obtaining according to deciphering as follows and the PKI of preserving at receiving terminal whether authentication is passed through: the cryptographic Hash of using the PKI that described hash algorithm secure processing device encrypts obtains, whether the cryptographic Hash relatively calculating is consistent with the PKI of preserving at receiving terminal, if consistent, authentication is passed through, otherwise, authentification failure.
Embodiment six:
Referring to Fig. 6, the present embodiment provides a kind of transmitting terminal, and this transmitting terminal comprises:
Receivingelement 60, the access request to the file of encrypting with the temporary key dynamically generating on receiving terminal sending for receiving mobile subscriber terminal; Wherein, the public key encryption that described temporary key is kept at receiving terminal and is preserved by described receiving terminal;
Response unit 61, for return to the PKI that comprises dynamic generation and the access response of private key to mobile subscriber terminal, the static password that the PKI comprising in described access response and private key are set in advance by user is encrypted.
Further, this transmitting terminal also comprises: transmittingelement 62, before receiving described access request at receiving element, receives the described static password of user's setting of receiving terminal transmission; To receiving terminal, returning to transmitting terminal encrypts file encryption key and the receiving terminal that described file uses the temporary key of dynamic generation is encrypted to used PKI.
Further, transmittingelement 62 is used hash algorithm generation to comprise from h0(X) to hn(X) hash chain of a n+1 cryptographic Hash, the cryptographic Hash that correspondence is each is encrypted used PKI as receiving terminal to the temporary key of dynamic generation, and n is greater than 0 integer;
Describedresponse unit 61 is by hn-i(X) as the PKI in access response, by shn-i+1(X) as the private key in access response, s is system private key, and the value of i is the number of times that transmitting terminal receives access request.
Further,response unit 61 also for:
Before returning to described access response, determine whether the access times of described file are surpassed to the access times maximum that user sets in advance; Determining when the access times of described file are not surpassed to the access times maximum that user sets in advance, to mobile subscriber terminal, returning to the PKI that comprises dynamic generation and the access response of private key.
Further,response unit 61 for: by short message backward reference, respond.
By accompanying drawing and preferred embodiment, the present invention has been carried out to detail display and explanation above, yet the invention is not restricted to the embodiment that these have disclosed, other schemes that those skilled in the art therefrom derive are also within protection scope of the present invention.

Claims (15)

1. a file access method, is characterized in that, the method comprises:
When the file of the interim password encryption dynamically generating is used in needs access, receiving terminal sends the request of access file to transmitting terminal, and wherein, described interim password is kept at the receiving terminal of described encrypt file the public key encryption of being preserved by described receiving terminal; Then the PKI that comprises dynamic generation that receiving terminal receiving end/sending end returns and the response of private key, the static password that the PKI that described transmitting terminal returns and private key are set in advance by user is encrypted;
PKI and private key that the password of receiving terminal user input returns described transmitting terminal are decrypted, if Decryption failures, authentification failure; If successful decryption, the PKI obtaining according to deciphering determines with the PKI of preserving at receiving terminal whether authentication is passed through, if authentification failure forbids that user accesses described file; If authentication is passed through,
The private key that the described transmitting terminal that receiving terminal is used deciphering to obtain returns is decrypted described interim password, and the interim password that uses deciphering to obtain is decrypted described file;
The PKI that the public-key substitution that receiving terminal returns with transmitting terminal is preserved at receiving terminal, and generate new interim password; When receiving terminal need to be closed described file, with described new interim password, file is carried out to re-encrypted, then the PKI that uses transmitting terminal to preserve is encrypted described new temporary key, and the interim password of preserving at receiving terminal with the interim Coden replacement after encrypting.
2. the method for claim 1, is characterized in that, before sending described access request to transmitting terminal, further comprises the receiving terminal of described encrypt file:
The described static password that user is arranged sends to transmitting terminal;
File encryption key and receiving terminal that the transmitting terminal that receiving end/sending end returns is encrypted described file use are encrypted used PKI to the temporary key of described dynamic generation;
The described file encryption key that use receives is decrypted described file, the file after being deciphered;
Use the temporary key dynamically generating to carry out re-encrypted to described file, re-use receiving terminal and the temporary key of described dynamic generation is encrypted to used PKI the temporary key of described dynamic generation is encrypted, and preserve temporary key and this PKI after encrypting.
3. method as claimed in claim 1 or 2, is characterized in that, described receiving terminal is encrypted used PKI for comprising from h that transmitting terminal use hash algorithm produces to the temporary key of dynamic generation0(X) to hn(X) hash chain of a n+1 cryptographic Hash, n is greater than 0 integer; PKI in the response that described transmitting terminal returns is hn-i(X), private key is shn-i+1(X), s is system private key, and the value of i is the number of times that transmitting terminal receives described access request;
The described PKI obtaining according to deciphering determines that with the PKI of preserving at receiving terminal whether authentication is by specifically comprising:
Use the cryptographic Hash of the PKI that described hash algorithm secure processing device encrypts obtains, according to the described cryptographic Hash calculating and the cryptographic Hash of the PKI of preserving at receiving terminal, determine whether authentication is passed through.、
4. method as claimed in claim 1 or 2, is characterized in that, described receiving terminal comprises customer mobile terminal.
5. a method for response file access request, is characterized in that, the method comprises:
Transmitting terminal receives the access request to the file of encrypting with the dynamic temporary key generating that receiving terminal sends; Wherein, the public key encryption that described temporary key is kept at receiving terminal and is preserved by described receiving terminal;
Transmitting terminal returns to the PKI that comprises dynamic generation and the access response of private key to receiving terminal, and the static password that the PKI comprising in described access response and private key are set in advance by user is encrypted.
6. method as claimed in claim 5, is characterized in that, before transmitting terminal receives described access request, further comprises:
Transmitting terminal receives the static password that user arranges;
Transmitting terminal returns to transmitting terminal to receiving terminal and encrypts file encryption key that described file uses and receiving terminal and be used for the temporary key of dynamic generation to be encrypted and to need the PKI that uses.
7. method as claimed in claim 6, is characterized in that, transmitting terminal is used hash algorithm generation to comprise from h0(X) to hn(X) hash chain of n+1 cryptographic Hash, the cryptographic Hash that correspondence is each is encrypted used PKI as receiving terminal to the temporary key of dynamic generation, and wherein n is greater than 0 integer; PKI in the described access response that transmitting terminal returns is hn-i(X), the private key in described access response is shn-i+1(X), s is system private key, and the value of i is the number of times that transmitting terminal receives described access request.
8. the method as described in claim 5 or 6 or 7, is characterized in that, after transmitting terminal receives described access request and before returning to described response, further comprises:
Transmitting terminal determines whether user surpasses to the access times of described file the access times maximum that user sets in advance;
Described transmitting terminal returns to the PKI that comprises dynamic generation and the access response of private key specifically comprises to receiving terminal:
Described transmitting terminal, when determining the access times maximum that user does not set in advance over user the access times of described file, comprises the response of PKI and the private key of dynamic generation described in returning.
9. a file access system, is characterized in that, this system comprises receiving terminal and transmitting terminal, wherein,
When receiving terminal sends the access request of the file that the temporary key with dynamically generating is encrypted to transmitting terminal, PKI and the private key of the dynamic generation comprising in the access response that receiving terminal acquisition transmitting terminal returns, the static password that the PKI comprising in described access response and private key are set in advance by user is encrypted; Wherein, the public key encryption that described temporary key is kept at receiving terminal and is preserved by described receiving terminal;
The password of receiving terminal user input is decrypted the PKI comprising in described access response and private key, if Decryption failures, authentification failure; If successful decryption, the PKI obtaining according to deciphering determines with the PKI of preserving at receiving terminal whether authentication is passed through, if authentification failure forbids that user accesses described file; If authentication is passed through,
The private key comprising in the described response that receiving terminal is used deciphering to obtain is decrypted described temporary key, and the temporary key that uses deciphering to obtain is decrypted described file;
The PKI that the public-key substitution comprising in the access response that receiving terminal obtains with deciphering is preserved at receiving terminal, and generate new temporary key; When needs are closed described file, receiving terminal carries out re-encrypted with this new temporary key to file, then the PKI that uses receiving terminal to preserve is encrypted described newly-generated temporary key, and replaces with the temporary key after encrypting the temporary key of preserving at receiving terminal;
Transmitting terminal is used for receiving the described access request of receiving terminal to the file of the temporary key encryption with dynamically generating, and after receiving described access request, returns to described access response.
10. a kind of file access system as claimed in claim 9, it is characterized in that, described receiving terminal also comprises mobile subscriber terminal, when user need to access the file of encrypting with the temporary key dynamically generating, by described mobile subscriber terminal, to transmitting terminal, send the response that access request receiving end/sending end return.
11. 1 kinds of receiving terminals, is characterized in that, this receiving terminal comprises:
Obtain unit, for when sending the access request of the file that the temporary key with dynamically generating is encrypted to transmitting terminal, the PKI that comprises dynamic generation that receiving end/sending end returns and the access response of private key, the static password that the PKI comprising in described access response and private key are set in advance by user is encrypted; Wherein, the public key encryption that described temporary key is kept at receiving terminal and is preserved by described receiving terminal;
Decryption unit, PKI and private key that the password of inputting for user comprises described access response are decrypted, if Decryption failures, authentification failure; If successful decryption, the PKI obtaining according to deciphering determines with the PKI of preserving at receiving terminal whether authentication is passed through, if authentification failure forbids that user accesses described file; If authentication is passed through,
The private key comprising in the described access response of using deciphering to obtain is decrypted described temporary key, and the temporary key that uses deciphering to obtain is decrypted described file;
The PKI that the public-key substitution comprising in the described access response obtaining with deciphering is preserved at receiving terminal, and generate new temporary key; When receiving terminal need to be closed described file, with described new temporary key, file is carried out to re-encrypted, then the PKI that uses receiving terminal to preserve is encrypted described new temporary key, and replaces with the temporary key after encrypting the temporary key of preserving at receiving terminal.
12. 1 kinds of transmitting terminals, is characterized in that, this transmitting terminal comprises:
Receiving element, for receiving the access request of receiving terminal to the file of the temporary key encryption with dynamically generating; Wherein, described temporary key is kept at the receiving terminal of described encrypt file the public key encryption of being preserved by described receiving terminal;
Response unit, for return to the PKI that comprises dynamic generation and the access response of private key to described receiving terminal, the static password that the PKI comprising in described access response and private key are set in advance by user is encrypted.
13. transmitting terminals as claimed in claim 12, is characterized in that, this transmitting terminal also comprises:
Transmitting element, before receiving described access request at receiving element, receives the described static password that user arranges; To receiving terminal, returning to transmitting terminal encrypts file encryption key and the described receiving terminal that described file uses the temporary key of dynamic generation is encrypted to used PKI.
14. transmitting terminals as claimed in claim 13, is characterized in that, described transmitting element also for:
Using hash algorithm to produce comprises from h0(X) to hn(X) hash chain of n+1 cryptographic Hash, the cryptographic Hash that correspondence is each is encrypted used PKI as receiving terminal to the temporary key of dynamic generation, and wherein n is greater than 0 integer;
Described response unit is by hn-i(X) as the PKI in access response, by shn-i+1(X) as the private key in access response, s is system private key, and the value of i is the number of times that transmitting terminal receives access request.
15. transmitting terminals as described in any one in claim 12 to 14, is characterized in that, described response unit also for:
Before returning to described access response, determine whether the access times of described file are surpassed to the access times maximum that user sets in advance; Determining when the access times of described file are not surpassed to the access times maximum that user sets in advance, returning to the PKI that comprises dynamic generation and the access response of private key.
CN201210366938.6A2012-09-272012-09-27Document access method, system and equipment and document access request response method, system and equipmentPendingCN103701596A (en)

Priority Applications (1)

Application NumberPriority DateFiling DateTitle
CN201210366938.6ACN103701596A (en)2012-09-272012-09-27Document access method, system and equipment and document access request response method, system and equipment

Applications Claiming Priority (1)

Application NumberPriority DateFiling DateTitle
CN201210366938.6ACN103701596A (en)2012-09-272012-09-27Document access method, system and equipment and document access request response method, system and equipment

Publications (1)

Publication NumberPublication Date
CN103701596Atrue CN103701596A (en)2014-04-02

Family

ID=50363002

Family Applications (1)

Application NumberTitlePriority DateFiling Date
CN201210366938.6APendingCN103701596A (en)2012-09-272012-09-27Document access method, system and equipment and document access request response method, system and equipment

Country Status (1)

CountryLink
CN (1)CN103701596A (en)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication numberPriority datePublication dateAssigneeTitle
CN106664206A (en)*2014-06-182017-05-10维萨国际服务协会 Efficient method for authenticated communication
CN106682520A (en)*2016-11-172017-05-17精硕科技(北京)股份有限公司Data exchange method and system
WO2018053844A1 (en)*2016-09-262018-03-29华为技术有限公司Security authentication method, integrated circuit and system
CN108268797A (en)*2017-01-042018-07-10珠海金山办公软件有限公司A kind of offline document operation duration method for limiting and device
CN108521419A (en)*2018-04-042018-09-11广州赛姆科技资讯股份有限公司Access processing method, device and the computer equipment of observation system file
CN108537052A (en)*2018-04-042018-09-14广州赛姆科技资讯股份有限公司The access response method, apparatus and internal control safety monitor system of observation system file
CN111586062A (en)*2020-05-112020-08-25广州中科智巡科技有限公司Method and system for label management
CN112437044A (en)*2020-11-032021-03-02建信金融科技有限责任公司Instant messaging method and device
CN113221134A (en)*2021-04-092021-08-06北京复兴华创技术有限公司Offline security data exchange method and device
CN117411728A (en)*2023-12-142024-01-16成都极数链科技有限公司Personnel resume privatization management method, computer equipment and storage medium

Cited By (17)

* Cited by examiner, † Cited by third party
Publication numberPriority datePublication dateAssigneeTitle
US11394697B2 (en)2014-06-182022-07-19Visa International Service AssociationEfficient methods for authenticated communication
US10574633B2 (en)2014-06-182020-02-25Visa International Service AssociationEfficient methods for authenticated communication
CN106664206A (en)*2014-06-182017-05-10维萨国际服务协会 Efficient method for authenticated communication
US12021850B2 (en)2014-06-182024-06-25Visa International Service AssociationEfficient methods for authenticated communication
WO2018053844A1 (en)*2016-09-262018-03-29华为技术有限公司Security authentication method, integrated circuit and system
CN106682520A (en)*2016-11-172017-05-17精硕科技(北京)股份有限公司Data exchange method and system
CN108268797A (en)*2017-01-042018-07-10珠海金山办公软件有限公司A kind of offline document operation duration method for limiting and device
CN108268797B (en)*2017-01-042021-12-03珠海金山办公软件有限公司Offline document operation duration limiting method and device
CN108521419A (en)*2018-04-042018-09-11广州赛姆科技资讯股份有限公司Access processing method, device and the computer equipment of observation system file
CN108537052A (en)*2018-04-042018-09-14广州赛姆科技资讯股份有限公司The access response method, apparatus and internal control safety monitor system of observation system file
CN111586062A (en)*2020-05-112020-08-25广州中科智巡科技有限公司Method and system for label management
CN112437044A (en)*2020-11-032021-03-02建信金融科技有限责任公司Instant messaging method and device
CN112437044B (en)*2020-11-032022-12-13建信金融科技有限责任公司Instant messaging method and device
CN113221134B (en)*2021-04-092024-03-22北京复兴华创技术有限公司Offline secure data exchange method and device
CN113221134A (en)*2021-04-092021-08-06北京复兴华创技术有限公司Offline security data exchange method and device
CN117411728A (en)*2023-12-142024-01-16成都极数链科技有限公司Personnel resume privatization management method, computer equipment and storage medium
CN117411728B (en)*2023-12-142024-02-13成都极数链科技有限公司Personnel resume privatization management method, computer equipment and storage medium

Similar Documents

PublicationPublication DateTitle
CN103701596A (en)Document access method, system and equipment and document access request response method, system and equipment
CN106104562B (en)System and method for securely storing and recovering confidential data
CN107251035B (en)Account recovery protocol
CN106716914B (en)Secure key management for roaming protected content
CN104092550B (en)Cipher code protection method, system and device
JP6399382B2 (en) Authentication system
CN104660605B (en)A kind of multiple-factor auth method and its system
CN109684129B (en)Data backup recovery method, storage medium, encryption machine, client and server
CN101510888B (en)Method, device and system for improving data security for SaaS application
CN107920052B (en)Encryption method and intelligent device
US10057060B2 (en)Password-based generation and management of secret cryptographic keys
CA3166510A1 (en)Sharing encrypted items with participants verification
CN101815091A (en)Cipher providing equipment, cipher authentication system and cipher authentication method
US20160021101A1 (en)Method for backing up a user secret and method for recovering a user secret
CN102404337A (en)Data encryption method and device
CN110213195A (en)A kind of login authentication method, server and user terminal
WO2020176950A1 (en)Systems, methods and devices for provision of a secret
CN107707562A (en) Method and device for asymmetric dynamic token encryption and decryption algorithm
CN106656955A (en)Communication method and system and user terminal
CN103973543A (en)Method and device for instant messaging
CN115941328A (en)Sharable user data encryption processing method, device and system
WO2017202136A1 (en)One-time-password authentication method and device
CN106257859A (en)A kind of password using method
CN105827652B (en) Method and device for authenticating dynamic password
AU2024202015A1 (en)User verification systems and methods

Legal Events

DateCodeTitleDescription
C06Publication
PB01Publication
C10Entry into substantive examination
SE01Entry into force of request for substantive examination
WD01Invention patent application deemed withdrawn after publication

Application publication date:20140402

WD01Invention patent application deemed withdrawn after publication
[8]ページ先頭
©2009-2025 Movatter.jp