The content of the invention
For defect present in prior art, it is an object of the invention to provide a kind of ciphering and deciphering device andMethod, using the device and method, can be by data safety storage in storage device, even if storage setsStandby to lose, the ciphertext data in equipment cannot also be accessed by lawless person.
To achieve the above object, the technical solution adopted by the present invention is as follows:
A kind of ciphering and deciphering device, including the PIN that is stored with master control safety chip, with master control safetyThe wireless communication module of chip connection, also including the rechargeable battery for being powered for device, chargeable electricityPond is connected with the master control safety chip and wireless communication module respectively.
Further, a kind of ciphering and deciphering device as described above, the device also includes carrying out rechargeable batteryThe power management module charged with power supply management, rechargeable battery is by power management module and master control safetyChip is connected.
Further, a kind of ciphering and deciphering device as described above, the power management module includes Power convertCircuit, rechargeable battery is connected with master control safety chip and wireless communication module respectively by power-switching circuitConnect.
Further, a kind of ciphering and deciphering device as described above, the power management module is included to chargeableBattery carries out the charge management circuit of charge protection, and charge management circuit is connected with rechargeable battery.
Further, a kind of ciphering and deciphering device as described above, the device also includes connecting with master control safety chipThe display module for connecing, the charge management circuit is also connected with master control safety chip.
Further, a kind of ciphering and deciphering device as described above, the master control safety chip is built-in TimeCOSThe safety chip of smart card operating system.
Further, a kind of ciphering and deciphering device as described above, the wireless communication module is Wif i communication mouldsBlock or bluetooth communication.
Further, a kind of ciphering and deciphering device as described above, the device medium of the ciphering and deciphering device is canThe apparatus carriers of wearable intelligent equipment.
Based on above-mentioned ciphering and deciphering device, present invention also offers a kind of encipher-decipher method, including will be to be encryptedThe step of data are encrypted and are decrypted encryption data, the mode that be-encrypted data is encryptedIncluding:
(1) terminal device is connected by wireless communication module with ciphering and deciphering device, and storage device sets with terminalStandby connection, terminal device sends device authentication and asks to ciphering and deciphering device;The device authentication request includesThe PIN of encryption;;
(2) ciphering and deciphering device receiving terminal apparatus send device authentication request, master control safety chip according toThe PIN encrypted described in its decryption key decryption for prestoring, and compare the PIN after decryptionWhether the PIN with its storage inside is identical, if so, then enter next step, if it is not, then master controlSafety chip sends authentication error and points out to terminal device;The decruption key is ciphering and deciphering device and terminalThe decruption key corresponding with the key of terminal device encryption PIN of equipment agreement;
(3) be-encrypted data is sent to master control safety chip by terminal device, and master control safety chip will be to be addedTerminal device is returned to after ciphertext data encryption, be sent to encryption data in storage device and store by terminal device;
The mode that encryption data is decrypted is included:
1) terminal device is connected by wireless communication module with ciphering and deciphering device, storage device and terminal deviceConnection, terminal device sends device authentication and asks to ciphering and deciphering device;The device authentication request includes addingClose PIN;
2) the device authentication request that decryption device receiving terminal apparatus send, master control safety chip is pre- according to itsDescribed in the decryption key decryption deposited encrypt PIN, and compare decryption after PIN and itsWhether the PIN of storage inside is identical, if so, then enter next step, if it is not, then master control safetyChip sends authentication error and points out to terminal device;
3) terminal device obtains the encryption data in storage device, and encryption data is sent into encryption and decryption dressPut, master control safety chip returns to terminal device after encryption data is decrypted.
Further, a kind of encipher-decipher method as described above, it is characterised in that:The storage device includesUSB flash disk.
The beneficial effects of the present invention are:Ciphering and deciphering device provided by the present invention and method, can be by endData safety in end equipment is stored in special storage device, and protects the ciphertext data after encryption to existUnder there is no a participation of ciphering and deciphering device, it is impossible to realize the access to storage device, substantially increase storage and setThe security of standby middle data.
Specific embodiment
With reference to Figure of description, the present invention is described in further detail with specific embodiment.
Fig. 1 shows a kind of structural representation of the ciphering and deciphering device provided in the specific embodiment of the inventionFigure, as can be seen from Figure, the ciphering and deciphering device includes master control safety chip 1, with master control safety chip 1The wireless communication module 2 of connection, also including the rechargeable battery 3 for being powered for device, rechargeable battery3 are connected with the master control safety chip 1 and wireless communication module 2 respectively;Master control safety chip 1 is storedThere is PIN PIN code, the terminal device for realizing being connected with ciphering and deciphering device by PINAuthentication.
In present embodiment, master control safety chip 1 can be using built-in TimeCOS smart card operations systemThe safety chip of system, be stored with safely various keys, PIN code and associated documents in master control safety chip 1,Possess the security algorithms such as encryption, decryption, signature and checking, therefore, exterior terminal equipment can be by theAfter wireless communication module 2 is connected with ciphering and deciphering device, the peace to data is realized by master control safety chip 1Full encryption, then by storage in the data is activation after encryption to special storage device (such as USB flash disk), storeEncryption data only have and can be decrypted by the ciphering and deciphering device, therefore, using the device, that is, useThe storage device at family is lost or stolen, and the encryption data stored in equipment cannot also be accessed.
As shown in figure 1, in present embodiment, the ciphering and deciphering device also includes carrying out rechargeable battery 3The power management module 4 charged with power supply management, rechargeable battery 3 is distinguished by power management module 3It is connected with master control safety chip 1 and wireless communication module 2.
In present embodiment, the power management module 4 includes power-switching circuit 5 and to chargeable electricityPond 3 carries out the charge management circuit 6 of charge protection, and rechargeable battery 3 passes through 5 points of power-switching circuitIt is not connected with master control safety chip 1 and wireless communication module 2, charge management circuit 6 and rechargeable battery4 connections.Master control safety chip 1 and wireless communication module 2 are by rechargeable battery 3 through power-switching circuit 5Voltage stabilizing is into being master control safety chip after the operating voltage of master control safety chip 1 and wireless communication module 2 respectively1 and wireless communication module 2 power respectively.Operating voltage such as master control safety chip 1 is 3.3V, then may be usedRechargeable battery 3 exports 3.3V voltages to master control safety chip 1 after power-switching circuit 5, is master control peaceFull chip 1 is powered.The power-switching circuit 5 can use low pressure difference linear voltage regulator LDO, also may be usedWith using dc voltage changer DC/DC.
In present embodiment, the charge management circuit 6 can also be connected with master control safety chip 1,When being charged to rechargeable battery 3, master control safety chip 1 is supervised by monitoring charge management circuit 6Whether control rechargeable battery 3 is full of, full of when can on a display screen show the prompt message that has been filled with,Therefore, the ciphering and deciphering device can also include the display module 7 being connected with master control safety chip 1.
In present embodiment, the wireless communication module 2 can be Wif i communication modules or Bluetooth communication mouldBlock or other wireless communication modules.The device medium of the ciphering and deciphering device is setting for wearable smart machineStandby carrier, that is to say, that the ciphering and deciphering device can be fabricated to the form of wearable device, such as bracelet orWrist-watch, is convenient for carrying.
Based on the ciphering and deciphering device shown in Fig. 1, present embodiment additionally provides a kind of encipher-decipher method,Separately it is stored to storage device after the data encryption that the encipher-decipher method needs terminal device suitable for user,Even if storage device is lost or stolen, other lawless persons cannot also access the data in storage device.ShouldMethod includes the step of being encrypted be-encrypted data and be decrypted the data after encryption.Wherein,The mode that be-encrypted data is encrypted is as shown in Fig. 2 mainly include the following steps that:
Step S11:Terminal device is connected by wireless communication module with ciphering and deciphering device, storage device withTerminal device is connected, and terminal device will send the PIN of encryption to ciphering and deciphering device;
Step S23:The PIN that master control safety chip is sent by comparison terminal equipment with its insideWhether the PIN of storage is identical to be verified to terminal device;
Terminal device with wireless communication module, by the wireless communication module and plus solution of ciphering and deciphering deviceClose device connection, after connection, terminal device sends device authentication and asks to ciphering and deciphering device, device authenticationRequest includes the PIN of encryption, and the PIN is used for identity of the ciphering and deciphering device to equipmentChecking, verifies whether user is validated user.In practical application, installing terminal equipment and the encryption and decryptionThe corresponding encryption and decryption client software of device, data friendship is carried out by wireless communication module and ciphering and deciphering deviceMutually.
After ciphering and deciphering device receives the device authentication request of the transmission of terminal device, master control safety chip is adoptedThe PIN encrypted is decrypted with its decruption key for prestoring, obtains the individual of terminal device transmissionPeople's identification code, will decrypt the PIN prestored in the PIN and ciphering and deciphering device for obtainingCompare, if two PINs are consistent, after terminal device can be carried out by ciphering and deciphering deviceContinuous operation, if it is inconsistent, ciphering and deciphering device does not pass through to terminal device checking, master control safety chipAuthentication error is sent to terminal device to point out.
Wherein, the decruption key is that ciphering and deciphering device is arranged with terminal device and terminal device encryptionThe corresponding decruption key of the key of PIN.Carry out encryption key involved during device authenticationOr the key that be-encrypted data is encrypted or decrypts is different from follow-up ciphering and deciphering device by decruption key's.
In present embodiment, the storage device refers to the equipment dedicated for data storage, and storage setsIt is standby to use different connected modes, such as wireless connection or wired company according to actual conditions from terminal deviceConnect.For example, for storage U disk, USB flash disk is connected by USB interface with terminal device.
Step S13:Be-encrypted data is sent to master control safety chip, master control safety chip by terminal deviceTerminal device is returned to after be-encrypted data is encrypted, encryption data is sent to storage device by terminal deviceMiddle storage.
After terminal device is verified, ciphering and deciphering device meeting prompt terminal equipment sends be-encrypted dataPrompting, after ciphering and deciphering device receives the be-encrypted data of terminal device transmission, master control safety chip is to dataReturn to terminal device after being encrypted, be sent to for encryption data another in storage device by terminal deviceDeposit.
Stored in storage device when terminal device needs to access to read after it is encrypted by ciphering and deciphering deviceDuring data, the mode that be decrypted for encryption data by the encipher-decipher method is similar with above-mentioned cipher mode, mainComprise the following steps:
1) terminal device is connected by wireless communication module with ciphering and deciphering device, storage device and terminal deviceConnection, terminal device sends device authentication and asks to ciphering and deciphering device;The device authentication request includes addingClose PIN;
2) the device authentication request that decryption device receiving terminal apparatus send, master control safety chip is pre- according to itsDescribed in the decryption key decryption deposited encrypt PIN, and compare decryption after PIN and itsWhether the PIN of storage inside is identical, if so, then enter next step, if it is not, then master control safetyChip sends authentication error and points out to terminal device;
3) terminal device obtains the encryption data in storage device, and encryption data is sent into encryption and decryption dressPut, master control safety chip returns to terminal device after encryption data is decrypted.
By the above-mentioned encipher-decipher method shown in Fig. 2, the data of safety storage will be needed in terminal deviceStorage is led again after ciphering and deciphering device is encrypted in special storage device, and is needed in the terminal deviceWhen reading the data in storage device, will be solved again after the secure decryption of data is encrypted by ciphering and deciphering deviceData after close return to the terminal device, and the safety for realizing data in terminal device is separately deposited and access.For example, for needing for the significant data on a PC to be safely stored into USB flash disk, PC is by wirelessCommunication module and ciphering and deciphering device are connected, and data are passed through nothing by encryption and decryption client software by PCLine communication module is sent to ciphering and deciphering device, and the master control safety chip of ciphering and deciphering device is by the close of its internal memoryKey and AES will be added to returning to PC by communication again after data encryption by PCCiphertext data is stored in being sent to USB flash disk.
When in actual applications, using above-mentioned encipher-decipher method provided by the present invention, ciphering and deciphering device canOnly to be tested by PIN terminal device in terminal recognition First Contact Connections terminal deviceCard, after being verified for the first time, can give tacit consent to terminal device and encryption and decryption apparatus bound, terminal deviceReusing ciphering and deciphering device is, can verify again, to improve efficiency.
Using ciphering and deciphering device provided by the present invention and method, the terminal device such as mobile phone or PC with plusWhen decryption device communicates, be required for first carrying out the operation that PIN code checking can carry out below, without plusThe participation of device is decrypted, the encryption data in storage device cannot be accessed, and realize the peace of data in equipmentFull storage.
Ciphering and deciphering device proposed by the present invention can solve user in storage device safe data storage willAsk, and the composition device of device is few, can be fabricated to small volume, bracelet easy to carry or other justPortable device.By the use of " bracelet ", user can be by the terminal devices such as PC or mobile phoneData file encrypted secure to be protected is needed to store in storage device.The user of " bracelet " must lead toCross authentication rear can be used, such as PIN code checking.User must could visit by " bracelet "Ask the encryption data in storage device.
Obviously, those skilled in the art can carry out various changes and modification without deviating from this to the present inventionThe spirit and scope of invention.So, if these modifications of the invention and modification belong to right of the present invention and wantAsk and its equivalent technology within the scope of, then the present invention be also intended to comprising these change and modification.