Nothing Special   »   [go: up one dir, main page]

CN106911476B - Encryption and decryption device and method - Google Patents

Encryption and decryption device and method Download PDF

Info

Publication number
CN106911476B
CN106911476B CN201510971267.XA CN201510971267A CN106911476B CN 106911476 B CN106911476 B CN 106911476B CN 201510971267 A CN201510971267 A CN 201510971267A CN 106911476 B CN106911476 B CN 106911476B
Authority
CN
China
Prior art keywords
encryption
terminal equipment
decryption
main control
security chip
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201510971267.XA
Other languages
Chinese (zh)
Other versions
CN106911476A (en
Inventor
郑文德
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing WatchSmart Technologies Co Ltd
Original Assignee
Beijing WatchSmart Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing WatchSmart Technologies Co Ltd filed Critical Beijing WatchSmart Technologies Co Ltd
Priority to CN201510971267.XA priority Critical patent/CN106911476B/en
Publication of CN106911476A publication Critical patent/CN106911476A/en
Application granted granted Critical
Publication of CN106911476B publication Critical patent/CN106911476B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3234Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • H04L9/0897Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage involving additional devices, e.g. trusted platform module [TPM], smartcard or USB
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses an encryption and decryption device and method, and belongs to the technical field of data security storage. The encryption and decryption device comprises a master control security chip (1) with a personal identification code stored therein, a USB interface (2) and a wireless communication module (3) which are respectively connected with the master control security chip (1), and a rechargeable battery (4) used for supplying power to the device, wherein the rechargeable battery (4) is respectively connected with the master control security chip (1) and the wireless communication module (3). The encryption and decryption device and the encryption and decryption method provided by the invention can be used for conveniently encrypting and decrypting data in terminal equipment such as a PC (personal computer) or a mobile phone and the like, and can protect encrypted ciphertext data from accessing without the participation of the encryption and decryption device, so that the security of the data stored in the terminal equipment is greatly improved.

Description

Encryption and decryption device and method
Technical Field
The invention relates to the technical field of data security storage, in particular to an encryption and decryption device and method.
Background
Currently, with the rapid development of electronic devices, users generally store the same data file in different electronic devices, such as data stored in a PC, and also in their mobile phones, so as to conveniently view the data at any time. Users also pay more and more attention to the security of their private data, important documents, confidential data and other information, and do not wish to access and read the information by unauthorized individuals or organizations. Although the user can encrypt and store the data by adopting the encryption software, a lawless person can crack the encrypted data after the mobile phone is lost or stolen. Therefore, a good encryption and decryption mode is urgently needed, so that even if a lawbreaker steals the mobile phone of the user, important personal information stored in the mobile phone cannot be normally accessed and read. The present invention is directed to a novel encryption/decryption apparatus and method.
Disclosure of Invention
In view of the defects in the prior art, the present invention aims to provide an encryption and decryption apparatus and method, by which ciphertext data in a storage user cannot be accessed by lawbreakers even if the terminal device is lost.
In order to achieve the purpose, the technical scheme adopted by the invention is as follows:
the encryption and decryption device comprises a master control security chip, a USB interface, a wireless communication module and a rechargeable battery, wherein the master control security chip stores a personal identification code, the USB interface and the wireless communication module are respectively connected with the master control security chip, and the rechargeable battery is used for supplying power to the device and is respectively connected with the master control security chip and the wireless communication module.
Further, the encryption and decryption device further comprises a power management module for charging and power supply management of the rechargeable battery, and the rechargeable battery is connected with the main control security chip and the wireless communication module through the power management module.
Further, according to the encryption and decryption device, the power management module includes a power conversion circuit and a charging management circuit for performing charging protection on the rechargeable battery, the rechargeable battery is respectively connected with the main control security chip and the wireless communication module through the power conversion circuit, and the charging management circuit is connected with the rechargeable battery.
Further, the encryption and decryption device further comprises a display module connected with the main control security chip, and the charging management circuit is further connected with the main control security chip.
Further, as for the encryption and decryption apparatus described above, the power management module includes a power supply mode control circuit for controlling whether the rechargeable battery supplies power for the main control security chip, and the power supply mode control circuit is connected to the rechargeable battery and the USB interface respectively.
Further, in the encryption and decryption apparatus as described above, the master security chip is a security chip with a built-in TimeCOS smart card operating system.
Further, in the encryption and decryption apparatus as described above, the wireless communication module is a Wif i communication module or a bluetooth communication module.
Further, as for the encryption and decryption apparatus, the apparatus carrier of the encryption and decryption apparatus is a device carrier of the wearable smart device.
Based on the encryption and decryption device, the invention also provides an encryption and decryption method, which comprises the steps of encrypting the data to be encrypted and decrypting the encrypted data, wherein the mode of encrypting the data to be encrypted comprises the following steps:
(1) the terminal equipment is connected with the encryption and decryption device through a USB interface or a wireless communication module and sends an equipment verification request to the encryption and decryption device; the device authentication request includes an encrypted personal identification number;
(2) the encryption and decryption device receives an equipment verification request sent by the terminal equipment, the main control security chip decrypts the encrypted personal identification code according to a decryption key prestored in the main control security chip, and compares whether the decrypted personal identification code is the same as the personal identification code stored in the main control security chip, if so, the next step is carried out, and if not, the main control security chip sends a verification error prompt to the terminal equipment; the decryption key is a decryption key which is appointed by the encryption and decryption device and the terminal equipment and corresponds to a key of the terminal equipment for encrypting the personal identification code;
(3) the terminal equipment sends the data to be encrypted to the main control security chip, and the main control security chip encrypts the data to be encrypted and returns the encrypted data to the terminal equipment;
the method for decrypting the encrypted data comprises the following steps:
1) the terminal equipment is connected with the encryption and decryption device through a USB interface or a wireless communication module and sends an equipment verification request to the encryption and decryption device; the device authentication request includes an encrypted personal identification number;
2) the decryption device receives an equipment verification request sent by the terminal equipment, the main control security chip decrypts the encrypted personal identification code according to a decryption key prestored in the main control security chip, and compares whether the decrypted personal identification code is the same as the personal identification code stored in the main control security chip or not, if yes, the next step is carried out, and if not, the main control security chip sends a verification error prompt to the terminal equipment;
3) the terminal equipment sends the encrypted data to the encryption and decryption device, and the main control security chip decrypts the encrypted data and returns the decrypted data to the terminal equipment.
The invention also provides another encryption and decryption method, which comprises the steps of encrypting the data to be encrypted and decrypting the encrypted data, wherein the mode of encrypting the data to be encrypted comprises the following steps:
(1) the first terminal equipment with a USB interface is connected with the encryption and decryption device through the USB interface, the second terminal equipment with a wireless communication module is connected with the encryption and decryption device through the wireless communication module, and the first terminal equipment and the second terminal equipment respectively send equipment verification requests to the encryption and decryption device; the device authentication request includes an encrypted personal identification number;
(2) the encryption and decryption device respectively receives equipment verification requests sent by first terminal equipment and second terminal equipment, the main control security chip decrypts encrypted personal identification codes sent by the first terminal equipment according to a first decryption key prestored in the main control security chip, decrypts the encrypted personal identification codes sent by the second terminal equipment by adopting a second decryption key, respectively compares whether the personal identification codes sent by the first terminal equipment and the second terminal equipment are the same as the personal identification codes stored in the main control security chip or not, if yes, the next step is carried out, and if not, the main control security chip sends verification error prompts to different terminal equipment;
the first decryption key is a decryption key which is appointed by the encryption and decryption device and the first terminal equipment and corresponds to a key of the first terminal equipment for encrypting the personal identification code; the second decryption key is a decryption key which is agreed by the encryption and decryption device and the second terminal equipment and corresponds to the key of the second terminal equipment for encrypting the personal identification code;
(3) the first terminal equipment sends an instruction for safely storing the data to be encrypted to the second terminal equipment to the encryption and decryption device, and the main control security chip encrypts the data to be encrypted and sends the encrypted data to the second terminal equipment according to the instruction of the first terminal equipment;
the method for decrypting the encrypted data comprises the following steps:
1) the first terminal equipment with a USB interface is connected with the encryption and decryption device through the USB interface, the second terminal equipment with a wireless communication module is connected with the encryption and decryption device through the wireless communication module, and the first terminal equipment and the second terminal equipment respectively send equipment verification requests to the encryption and decryption device; the device authentication request includes an encrypted personal identification number;
2) the encryption and decryption device respectively receives equipment verification requests sent by first terminal equipment and second terminal equipment, the main control security chip decrypts encrypted personal identification codes sent by the first terminal equipment according to a first decryption key prestored in the main control security chip, decrypts the encrypted personal identification codes sent by the second terminal equipment by adopting a second decryption key, and respectively compares whether the personal identification codes sent by the first terminal equipment and the second terminal equipment are the same as the personal identification codes stored in the main control security chip or not, if yes, the next step is carried out, and if not, the main control security chip sends verification error prompts to different terminal equipment;
3) the second terminal device sends an instruction to the encryption and decryption device, the instruction is sent to the first terminal device after the encrypted data are decrypted, and the main control security chip sends the encrypted data to the first terminal device after the encrypted data are decrypted according to the instruction of the second terminal device.
The invention has the beneficial effects that: the encryption and decryption device and the encryption and decryption method provided by the invention can conveniently carry out encryption and decryption operations on data in terminal equipment such as a PC (personal computer) or a mobile phone and the like, and can protect encrypted ciphertext data from accessing without the participation of the encryption and decryption device, so that the security of the data stored in the terminal equipment is greatly improved.
Drawings
FIG. 1 is a schematic structural diagram of an encryption/decryption apparatus according to an embodiment of the present invention;
fig. 2 is a flowchart of an encryption and decryption method according to an embodiment of the present invention;
fig. 3 is a flowchart of another encryption and decryption method according to an embodiment of the present invention.
Detailed Description
The invention is described in further detail below with reference to the drawings and the detailed description.
Fig. 1 shows a schematic structural diagram of an encryption and decryption apparatus provided in an embodiment of the present invention, and as can be seen from the diagram, the encryption and decryption apparatus includes a main control security chip 1, a USB interface 2 and a wireless communication module 3 respectively connected to the main control security chip 1, and a rechargeable battery 4 for supplying power to the apparatus, where the rechargeable battery 4 is respectively connected to the main control security chip 1 and the wireless communication module 3; the main control security chip 1 stores a personal identification number PIN code, and the identity verification of the terminal equipment connected with the encryption and decryption device is realized through the personal identification number.
In this embodiment, the main control security chip 1 may adopt a security chip with a built-in TimeCOS smart card operating system, various keys, PIN codes and related files are stored in the main control security chip 1 safely, and the main control security chip has security algorithms such as encryption, decryption, signature and verification, so that after the external terminal device is connected with the encryption and decryption device through the USB interface 2 or the wireless communication module 3, the data is encrypted safely by the main control security chip 1, and the encrypted data can be decrypted only by the main control security chip 1 of the encryption and decryption device, so that, by adopting the device, even if the terminal device of the user is lost or stolen, the encrypted data stored in the device cannot be accessed.
As shown in fig. 1, in this embodiment, the encryption and decryption apparatus further includes a power management module 5 for performing charging and power supply management on the rechargeable battery 4, and the rechargeable battery 4 is connected to the main control security chip 1 and the wireless communication module 2 through the power management module 5.
The power management module 5 comprises a power conversion circuit 6 and a charging management circuit 7 for charging and protecting the rechargeable battery 4, the rechargeable battery 4 is respectively connected with the main control safety chip 1 and the wireless communication module 3 through the power conversion circuit 6, and the charging management circuit 7 is connected with the rechargeable battery 4.
The main control safety chip 1 and the wireless communication module 3 are respectively supplied with power after the rechargeable battery 4 is stabilized to working voltage of the main control safety chip 1 and the wireless communication module 2 through the power conversion circuit 6. If the working voltage of the main control safety chip 1 is 3.3V, the rechargeable battery 4 outputs 3.3V voltage to the main control safety chip 1 through the power conversion circuit 6 to supply power to the main control safety chip 1. The power conversion circuit 6 can adopt a low dropout regulator LDO, and can also adopt a direct current voltage converter DC/DC.
In this embodiment, the charging management circuit 7 may be further connected to the main control security chip 1, and when the rechargeable battery 4 is charged, the main control security chip 1 monitors whether the rechargeable battery 4 is fully charged through monitoring the charging management circuit 7, and when the rechargeable battery is fully charged, the full prompt information may be displayed on the display screen, so that the encryption and decryption apparatus may further include a display module 8 connected to the main control security chip 1.
The power management module 5 may further include a power supply mode control circuit 9 for controlling whether the rechargeable battery 4 supplies power to the main control security chip 1, where the power supply mode control circuit 9 is connected to the rechargeable battery 4 and the USB interface 2, respectively. The power supply mode control circuit 9 can be implemented by an analog switch, when the power supply mode control circuit 9 monitors that the encryption and decryption device is connected with the external terminal equipment through the USB interface 2, the working voltage of the main control security chip 2 can be provided by the external terminal equipment through the USB interface 2, and the power supply mode control circuit 9 controls to disconnect the connection between the rechargeable battery 4 and the main control security chip 1.
In this embodiment, the wireless communication module 3 may be a Wifi communication module, a bluetooth communication module, or another wireless communication module. The device carrier of the encryption and decryption device is an equipment carrier of the wearable intelligent equipment, namely, the encryption and decryption device can be manufactured into the form of the wearable equipment, such as a bracelet or a watch, and is convenient to carry.
Based on the encryption and decryption apparatus shown in fig. 1, the present embodiment further provides an encryption and decryption method, which is suitable for a user to encrypt and securely store data of a terminal device, and even if the terminal device is lost or stolen, other lawbreakers cannot access the data. The method comprises the steps of encrypting data to be encrypted and decrypting the encrypted data. The method for encrypting the data to be encrypted is shown in fig. 2, and mainly includes the following steps:
step S11: the terminal equipment is connected with the encryption and decryption device through a USB interface or a wireless communication module and sends an encrypted personal identification code to the encryption and decryption device;
step S12: the master control security chip verifies the terminal equipment by comparing whether the personal identification code sent by the terminal equipment is the same as the personal identification code stored in the terminal equipment;
the terminal equipment with the USB interface and/or the wireless communication module is connected with the encryption and decryption device through the USB interface of the encryption and decryption device or the wireless communication module, after connection, the terminal equipment sends an equipment verification request to the encryption and decryption device, the equipment verification request comprises an encrypted personal identification code, and the personal identification code is used for verifying the identity of the equipment by the encryption and decryption device and verifying whether a user is a legal user. In practical application, the terminal equipment is provided with encryption and decryption client software corresponding to the encryption and decryption device, and performs data interaction with the encryption and decryption device through a USB interface.
After the encryption and decryption device receives a device verification request sent by the terminal device, the master control security chip decrypts the encrypted personal identification code by adopting a decryption key prestored in the master control security chip to obtain the personal identification code sent by the terminal device, the personal identification code obtained by decryption is compared with the personal identification code prestored in the encryption and decryption device, if the two personal identification codes are consistent, the terminal device can carry out subsequent operation through the encryption and decryption device, if the two personal identification codes are inconsistent, the terminal device cannot be verified by the encryption and decryption device, and the master control security chip sends a verification error prompt to the terminal device.
The decryption key is a decryption key which is appointed by the encryption and decryption device and the terminal equipment and corresponds to the key of the terminal equipment for encrypting the personal identification code. The encryption key or decryption key involved in the device authentication is different from the key for encrypting or decrypting the data to be encrypted by the subsequent encryption and decryption device.
Step S13: after the terminal equipment passes the verification, the terminal equipment sends the data to be encrypted to the main control security chip, and the main control security chip encrypts the data to be encrypted and returns the encrypted data to the terminal equipment.
After the terminal equipment passes the verification, the encryption and decryption device prompts the terminal equipment to send a prompt of data to be encrypted, after receiving the data to be encrypted sent by the terminal equipment, the encryption and decryption device encrypts the data by the main control security chip, and the data is sent back to the terminal equipment after being encrypted.
When the terminal device needs to access and read the data encrypted by the encryption and decryption device, the encryption and decryption method decrypts the encrypted data in a manner similar to the encryption manner, and mainly comprises the following steps:
(1) the terminal equipment is connected with the encryption and decryption device through a USB interface or a wireless communication module and sends an equipment verification request to the encryption and decryption device; the device authentication request includes an encrypted personal identification number;
(2) the decryption device receives an equipment verification request sent by the terminal equipment, the main control security chip decrypts the encrypted personal identification code according to a decryption key prestored in the main control security chip, and compares whether the decrypted personal identification code is the same as the personal identification code stored in the main control security chip or not, if yes, the next step is carried out, and if not, the main control security chip sends a verification error prompt to the terminal equipment;
(3) the terminal equipment sends the encrypted data to the encryption and decryption device, and the main control security chip decrypts the encrypted data and returns the decrypted data to the terminal equipment.
By the above encryption and decryption method shown in fig. 2, data that needs to be securely stored in the terminal device is encrypted by the encryption and decryption device and then stored in the terminal device, and when the terminal device needs to read the data, the encryption and decryption device performs secure decryption on the encrypted data and then returns the decrypted data to the terminal device, thereby implementing secure storage and access of the data in the terminal device. For example, when important data on a PC needs to be encrypted and stored, the PC is connected to the encryption and decryption device through the USB interface, and sends the data to the encryption and decryption device through the USB interface by using the encryption and decryption client software of the PC, and the master security chip of the encryption and decryption device encrypts the data through a secret key and an encryption algorithm stored in the master security chip and returns the encrypted data to the PC through the USB interface. Similarly, when a user needs to encrypt and store important data in a mobile phone, the user can connect with the encryption and decryption device through the wireless communication module and then send the data to the device for encryption, and then the device returns the encrypted data to the mobile phone for storage.
The present embodiment also provides another encryption and decryption method, where the encryption and decryption method is suitable for a user to encrypt data of one terminal device and then securely store the encrypted data in another terminal device. The method also includes the steps of encrypting data to be encrypted and decrypting the encrypted data. The method for encrypting the data to be encrypted is shown in fig. 3, and mainly includes the following steps:
step S21: the two terminal devices are respectively connected with the encryption and decryption device and respectively send encrypted personal identification codes to the encryption and decryption device;
step S22: the encryption and decryption device respectively compares whether the personal identification codes sent by the first terminal equipment and the second terminal equipment are the same as the stored personal identification codes;
the first terminal equipment with the USB interface is connected with the encryption and decryption device through the USB interface, the second terminal equipment with the wireless communication module is connected with the encryption and decryption device through the wireless communication module, after connection, the first terminal equipment and the second terminal equipment respectively send equipment verification requests to the encryption and decryption device, wherein the equipment verification requests comprise encrypted personal identification codes, and the personal identification codes are used for verifying the equipment by the encryption and decryption device.
After the encryption and decryption device receives requests for verifying personal identification codes sent by a first terminal device and a second terminal device, the main control security chip decrypts the encrypted personal identification code sent by the first terminal device by adopting a first decryption key to obtain the personal identification code sent by the first terminal device, decrypts the encrypted personal identification code sent by the second terminal device by adopting a second decryption key to obtain the personal identification code sent by the second terminal device, compares the personal identification code sent by the first terminal device and the personal identification code sent by the second terminal device with the personal identification codes stored in advance respectively, and can perform the next step only after two comparison results are the same, namely, the two terminal devices pass the verification, otherwise, the main control security chip sends a verification error prompt to the terminal devices which do not pass the verification.
The first decryption key is a decryption key which is appointed by the encryption and decryption device and the first terminal equipment and corresponds to a key of the first terminal equipment for encrypting the personal identification code; the second decryption key is a decryption key which is agreed by the encryption and decryption device and the second terminal equipment and corresponds to the key of the second terminal equipment for encrypting the personal identification code. In practical applications, the first decryption key and the second decryption key may be the same or different.
Step S23: after the two terminal devices pass the verification, the first terminal device sends an instruction for safely storing the data to be encrypted to the second terminal device to the encryption and decryption device, the instruction comprises the data to be encrypted, and the main control security chip encrypts the data to be encrypted and sends the encrypted data to the second terminal device according to the instruction of the first terminal device.
Corresponding to the encryption method shown in fig. 3, the manner of decrypting the encrypted data includes:
(1) the first terminal equipment with a USB interface is connected with the encryption and decryption device through the USB interface, the second terminal equipment with a wireless communication module is connected with the encryption and decryption device through the wireless communication module, and the first terminal equipment and the second terminal equipment respectively send equipment verification requests to the encryption and decryption device; the device authentication request includes an encrypted personal identification number;
(2) the encryption and decryption device respectively receives equipment verification requests sent by first terminal equipment and second terminal equipment, the main control security chip decrypts encrypted personal identification codes sent by the first terminal equipment according to a first decryption key prestored in the main control security chip, decrypts the encrypted personal identification codes sent by the second terminal equipment by adopting a second decryption key, and respectively compares whether the personal identification codes sent by the first terminal equipment and the second terminal equipment are the same as the personal identification codes stored in the main control security chip or not, if yes, the next step is carried out, and if not, the main control security chip sends verification error prompts to different terminal equipment;
(3) the second terminal device sends an instruction to the encryption and decryption device, the instruction is sent to the first terminal device after the encrypted data are decrypted, and the main control security chip sends the encrypted data to the first terminal device after the encrypted data are decrypted according to the instruction of the second terminal device, wherein the instruction comprises the encrypted data.
By the encryption and decryption method shown in fig. 3, data in the first terminal device is encrypted by the encryption and decryption device and then sent to the second terminal device for safe storage, and when the first terminal device needs to read the data, the encryption and decryption device performs safe decryption on the encrypted data in the second terminal device and then returns the decrypted data to the first terminal device, so that safe additional storage and access of the data in the first terminal device in the second terminal device are realized. For example, when a user needs to encrypt important data on a PC and store the encrypted data in a mobile phone, the PC is connected to the encryption and decryption device through a USB interface, the data to be stored in the mobile phone is sent to the encryption and decryption device through the encryption and decryption client software, and the data is encrypted by the encryption and decryption device and then sent to the mobile phone through the wireless communication module for storage.
In practical application, when the two encryption and decryption methods provided by the invention are adopted, the encryption and decryption device can verify that the terminal equipment passes the personal identification code only when the terminal identifies the first connection of the terminal equipment, after the first verification is passed, the terminal equipment and the encryption and decryption device can be bound by default, and if the terminal equipment uses the encryption and decryption device again, the re-verification is not needed, so that the efficiency is improved.
By adopting the encryption and decryption device and the encryption and decryption method provided by the invention, when terminal equipment such as a mobile phone or a PC (personal computer) communicates with the encryption and decryption device to encrypt data or read ciphertext data, the subsequent operation can be carried out only by carrying out PIN (personal identification number) code verification, the encrypted data stored in the mobile phone or the PC cannot be accessed without the participation of the encryption and decryption device, other users cannot read the encrypted data in the mobile phone or the PC at any time, and the safe storage of the data in the equipment is realized.
The encryption and decryption device provided by the invention can meet the requirement of a user on safe data storage in terminal equipment, has few components, and can be manufactured into a bracelet or other portable equipment with small volume and convenient carrying. Through the use of the bracelet, a user can encrypt and store data files needing to be protected of the PC into the mobile phone. The user of the "bracelet" must be accessible after authentication, for example PIN code verification. The user holding the bracelet can conveniently access the encrypted data in the mobile phone through the encryption and decryption client side of the mobile phone.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is intended to include such modifications and variations.

Claims (8)

1. An encryption and decryption method is applied to an encryption and decryption device and comprises a main control security chip (1) storing a personal identification code, a USB interface (2) and a wireless communication module (3) which are respectively connected with the main control security chip (1), and a rechargeable battery (4) used for supplying power to the device, wherein the rechargeable battery (4) is respectively connected with the main control security chip (1) and the wireless communication module (3);
the encryption and decryption method comprises the steps of encrypting data to be encrypted and decrypting the encrypted data, and is characterized in that: the method for encrypting the data to be encrypted comprises the following steps:
(1) the first terminal equipment with a USB interface is connected with the encryption and decryption device through the USB interface, the second terminal equipment with a wireless communication module is connected with the encryption and decryption device through the wireless communication module, and the first terminal equipment and the second terminal equipment respectively send equipment verification requests to the encryption and decryption device; the device authentication request includes an encrypted personal identification number;
(2) the encryption and decryption device respectively receives equipment verification requests sent by first terminal equipment and second terminal equipment, the main control security chip decrypts encrypted personal identification codes sent by the first terminal equipment according to a first decryption key prestored in the main control security chip, decrypts the encrypted personal identification codes sent by the second terminal equipment by adopting a second decryption key, respectively compares whether the personal identification codes sent by the first terminal equipment and the second terminal equipment are the same as the personal identification codes stored in the main control security chip or not, if yes, the next step is carried out, and if not, the main control security chip sends verification error prompts to different terminal equipment;
the first decryption key is a decryption key which is appointed by the encryption and decryption device and the first terminal equipment and corresponds to a key of the first terminal equipment for encrypting the personal identification code; the second decryption key is a decryption key which is agreed by the encryption and decryption device and the second terminal equipment and corresponds to the key of the second terminal equipment for encrypting the personal identification code;
(3) the first terminal equipment sends an instruction for safely storing the data to be encrypted to the second terminal equipment to the encryption and decryption device, and the main control security chip encrypts the data to be encrypted and sends the encrypted data to the second terminal equipment according to the instruction of the first terminal equipment;
the method for decrypting the encrypted data comprises the following steps:
1) the first terminal equipment with a USB interface is connected with the encryption and decryption device through the USB interface, the second terminal equipment with a wireless communication module is connected with the encryption and decryption device through the wireless communication module, and the first terminal equipment and the second terminal equipment respectively send equipment verification requests to the encryption and decryption device; the device authentication request includes an encrypted personal identification number;
2) the encryption and decryption device respectively receives equipment verification requests sent by first terminal equipment and second terminal equipment, the main control security chip decrypts encrypted personal identification codes sent by the first terminal equipment according to a first decryption key prestored in the main control security chip, decrypts the encrypted personal identification codes sent by the second terminal equipment by adopting a second decryption key, and respectively compares whether the personal identification codes sent by the first terminal equipment and the second terminal equipment are the same as the personal identification codes stored in the main control security chip or not, if yes, the next step is carried out, and if not, the main control security chip sends verification error prompts to different terminal equipment;
3) the second terminal device sends an instruction to the encryption and decryption device, the instruction is sent to the first terminal device after the encrypted data are decrypted, and the main control security chip sends the encrypted data to the first terminal device after the encrypted data are decrypted according to the instruction of the second terminal device.
2. An encryption/decryption method according to claim 1, wherein: the device also comprises a power management module (5) for charging and power supply management of the rechargeable battery (4), wherein the rechargeable battery (4) is respectively connected with the main control safety chip (1) and the wireless communication module (3) through the power management module (5).
3. An encryption/decryption method according to claim 2, wherein: the power supply management module (5) comprises a power supply conversion circuit (6) and a charging management circuit (7) for charging and protecting the rechargeable battery (4), the rechargeable battery (4) is respectively connected with the main control safety chip (1) and the wireless communication module (3) through the power supply conversion circuit (6), and the charging management circuit (7) is connected with the rechargeable battery (4).
4. An encryption/decryption method according to claim 3, characterized in that: the device also comprises a display module (8) connected with the main control safety chip (1), and the charging management circuit (7) is also connected with the main control safety chip (1).
5. An encryption/decryption method according to claim 3, characterized in that: the power management module (5) comprises a power supply mode control circuit (9) used for controlling whether a rechargeable battery (4) supplies power for the main control safety chip (1), and the power supply mode control circuit (9) is connected with the rechargeable battery (4) and the USB interface (2) respectively.
6. An encryption/decryption method according to claim 1, wherein: the main control security chip (1) is a security chip with a built-in TimeCOS smart card operating system.
7. An encryption/decryption method according to claim 1, wherein: the wireless communication module (3) is a Wifi communication module or a Bluetooth communication module.
8. An encryption/decryption method according to any one of claims 1 to 7, wherein: the device carrier of the encryption and decryption device is an equipment carrier of the wearable intelligent equipment.
CN201510971267.XA 2015-12-22 2015-12-22 Encryption and decryption device and method Expired - Fee Related CN106911476B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510971267.XA CN106911476B (en) 2015-12-22 2015-12-22 Encryption and decryption device and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510971267.XA CN106911476B (en) 2015-12-22 2015-12-22 Encryption and decryption device and method

Publications (2)

Publication Number Publication Date
CN106911476A CN106911476A (en) 2017-06-30
CN106911476B true CN106911476B (en) 2020-01-17

Family

ID=59199813

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510971267.XA Expired - Fee Related CN106911476B (en) 2015-12-22 2015-12-22 Encryption and decryption device and method

Country Status (1)

Country Link
CN (1) CN106911476B (en)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108601008A (en) * 2018-05-04 2018-09-28 济南浪潮高新科技投资发展有限公司 It is a kind of based on encryption device of the quantum true random number with bluetooth
CN108696351A (en) * 2018-05-04 2018-10-23 济南浪潮高新科技投资发展有限公司 A kind of encryption device based on quantum true random number
CN108819486B (en) * 2018-05-11 2019-06-21 杭州旗捷科技有限公司 Consumable chip and its communication means, consumable chip and imaging device communication system, method
CN109743533B (en) * 2018-11-23 2021-07-23 浙江星月安防科技有限公司 Intelligent anti-theft door
CN110061894B (en) * 2019-03-29 2023-09-19 国民技术股份有限公司 Household control method and system and household master control device
CN112260721B (en) * 2020-10-21 2022-08-02 深圳创维-Rgb电子有限公司 A-CAS communication circuit, control method and A-CAS communication device
CN113312648B (en) * 2021-06-23 2023-10-31 国网黑龙江省电力有限公司绥化供电公司 Communication module and communication method based on data encryption

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN201601679U (en) * 2010-01-18 2010-10-06 北京天地融科技有限公司 Electronic signature tool supporting wireless communication
CN104063646A (en) * 2013-03-19 2014-09-24 优比泰克(北京)科技有限公司 Wireless USB key supporting mobile terminals
CN104182676A (en) * 2014-09-04 2014-12-03 北京邮电大学 Intelligent terminal data encryption method and device

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090113093A1 (en) * 2007-10-29 2009-04-30 Mike Chen Mobile storage device

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN201601679U (en) * 2010-01-18 2010-10-06 北京天地融科技有限公司 Electronic signature tool supporting wireless communication
CN104063646A (en) * 2013-03-19 2014-09-24 优比泰克(北京)科技有限公司 Wireless USB key supporting mobile terminals
CN104182676A (en) * 2014-09-04 2014-12-03 北京邮电大学 Intelligent terminal data encryption method and device

Also Published As

Publication number Publication date
CN106911476A (en) 2017-06-30

Similar Documents

Publication Publication Date Title
CN106911476B (en) Encryption and decryption device and method
CN102255109B (en) Authentication method for mobile terminal battery, and mobile terminal thereof
CN106611310B (en) Data processing method, wearable electronic device and system
CN107864124B (en) Terminal information security protection method, terminal and Bluetooth lock
JP2008028940A (en) Information processing system, information processor, mobile terminal, and access control method
CN104636679A (en) Method and apparatus for controlling access to encrypted data
CN105631298B (en) A kind of ciphering and deciphering device and method
CN103838988B (en) Information safety protecting method and device
CN102867157A (en) Mobile terminal and data protecting method
KR20120051344A (en) Portable integrated security memory device and service processing apparatus and method using the same
CN104867004A (en) Mobile payment system and mobile payment method thereof
WO2011130970A1 (en) Device and method for protecting data of mobile terminal
CN106909824A (en) A kind of ciphering and deciphering device and method
KR20140017035A (en) Audio security storage system and method for managing certification using the same
CN103164661A (en) Device and method used for managing data in terminal
CN104732134B (en) Information safety devices and its authentication method with software protection function
CN201130381Y (en) Electric signature tool with cryptogram management function
CN203260066U (en) Electronic payment device based on fingerprint identification and audio interface
CN105187419B (en) A kind of authorization method, device, terminal and system
CN104239809A (en) File protecting method, file protecting device, file decryption method, file decryption device and terminal
CN103258269A (en) Electronic payment device for mobile equipment
CN102831360B (en) Personal electronic document safety management system and management method thereof
CN105654294A (en) Safety authentication method, apparatus and mobile terminal thereof
CN105847261A (en) Bluetooth wireless encryption and decryption-based electronic signature method
JP5169904B2 (en) Data backup system, decryption device, and data backup method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20200117

Termination date: 20211222

CF01 Termination of patent right due to non-payment of annual fee