[go: up one dir, main page]

CN116366243A - Data transmission and encryption method and system for digital collaborative office - Google Patents

Data transmission and encryption method and system for digital collaborative office Download PDF

Info

Publication number
CN116366243A
CN116366243A CN202310312819.0A CN202310312819A CN116366243A CN 116366243 A CN116366243 A CN 116366243A CN 202310312819 A CN202310312819 A CN 202310312819A CN 116366243 A CN116366243 A CN 116366243A
Authority
CN
China
Prior art keywords
key
data
client
administrator
encrypt
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202310312819.0A
Other languages
Chinese (zh)
Other versions
CN116366243B (en
Inventor
孟海彬
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jiake Cloud Technology Hebei Co ltd
Original Assignee
Jiake Cloud Technology Hebei Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jiake Cloud Technology Hebei Co ltd filed Critical Jiake Cloud Technology Hebei Co ltd
Priority to CN202310312819.0A priority Critical patent/CN116366243B/en
Publication of CN116366243A publication Critical patent/CN116366243A/en
Application granted granted Critical
Publication of CN116366243B publication Critical patent/CN116366243B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Computing Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Storage Device Security (AREA)

Abstract

本发明公开了一种用于数字化协同办公的数据传输与加密方法及系统,方法包括:针对某一数据,通知管理员端设置密钥A,通知用户端设置密钥Bi;将密钥A和密钥Bi组合为密钥ABi,以密钥ABi的形式存储至数据库;在管理员端,采用密钥A对该数据进行加密后存储至数据库;当发送该数据至用户端i时,采用密钥A对存储的密文数据进行解密,并根据解密得到密钥Bi,采用密钥Bi对该数据进行重新加密后发送至用户端i;在用户端i,采用密钥Bi对接收的密文数据进行解密。本发明使管理员端和用户端协同对数据进行加密,用户端只有输对自己的秘钥后才能看到解密数据,防止因数据库外泄或网络劫持造成的数据泄露。

Figure 202310312819

The invention discloses a data transmission and encryption method and system for digital collaborative office. The method includes: for a certain data, notifying the administrator to set the key A, and notifying the user to set the key B i ; Combined with the key B i to form the key AB i , which is stored in the database in the form of the key AB i ; on the administrator side, the data is encrypted with the key A and stored in the database; when the data is sent to the client i When , use the key A to decrypt the stored ciphertext data, and obtain the key B i according to the decryption, use the key B i to re-encrypt the data and send it to the client i; at the client i, use the key B i decrypts the received ciphertext data. The invention enables the administrator terminal and the user terminal to cooperate to encrypt data, and the user terminal can only see the decrypted data after inputting its own secret key, thereby preventing data leakage caused by database leakage or network hijacking.

Figure 202310312819

Description

一种用于数字化协同办公的数据传输与加密方法及系统A data transmission and encryption method and system for digital collaborative office

技术领域technical field

本发明涉及信息安全技术领域,更具体的说是涉及一种用于数字化协同办公的数据传输与加密方法及系统。The present invention relates to the technical field of information security, and more specifically relates to a data transmission and encryption method and system for digital collaborative office.

背景技术Background technique

目前,在众多的数字化系统办公系统当中,对于数据的存储和传输都是用明文实现的,少数系统使用了秘钥加密,将数据加密存储和传输,同时将解密秘钥存储在数据库或文件中,一定程度上保证了数据的保密性。但是,一旦秘钥和密文同时被泄露,就很容易造成密文的破译,无法真正保证数据的安全。如果不加密,系统运维人员能直接看到原始数据。如果使用秘钥加密,并且保存了秘钥,对于开发人员来说,也是无法实现真正的保密,因为程序是开发人员写的,如果将秘钥放到第三方,开发人员可以调用解密工具读取数据。At present, in many digital systems and office systems, the storage and transmission of data are realized in plain text, and a few systems use secret key encryption to store and transmit data encrypted, and store the decryption key in databases or files at the same time. , guaranteeing the confidentiality of the data to a certain extent. However, once the secret key and the ciphertext are leaked at the same time, it is easy to decipher the ciphertext, and the security of the data cannot be truly guaranteed. If it is not encrypted, system operation and maintenance personnel can directly see the original data. If the secret key is used to encrypt and the secret key is saved, it is impossible for the developer to achieve true confidentiality, because the program is written by the developer. If the secret key is placed in a third party, the developer can call the decryption tool to read data.

因此,如何提供一种能够解决运维人员或开发人员获取机密数据的用于数字化协同办公的数据传输与加密方法及系统是本领域技术人员亟需解决的问题。Therefore, how to provide a data transmission and encryption method and system for digital collaborative office that can solve the operation and maintenance personnel or developers to obtain confidential data is an urgent problem to be solved by those skilled in the art.

发明内容Contents of the invention

有鉴于此,本发明提供了一种用于数字化协同办公的数据传输与加密方法及系统,使管理员端和用户端协同对数据进行加密,用户端只有输对自己的秘钥后才能看到解密数据,防止因数据库外泄或网络劫持造成的数据泄露。In view of this, the present invention provides a data transmission and encryption method and system for digital collaborative office, so that the administrator and the user end cooperate to encrypt the data, and the user end can only see it after inputting its own secret key. Decrypt data to prevent data leakage caused by database breach or network hijacking.

为了实现上述目的,本发明采用如下技术方案:In order to achieve the above object, the present invention adopts the following technical solutions:

第一方面,本发明提供一种用于数字化协同办公的数据传输与加密方法,包括:In the first aspect, the present invention provides a data transmission and encryption method for digital collaborative office, including:

针对某一数据,发送密钥协同设置指令至管理员端和至少一个用户端,通知管理员端设置密钥A,通知用户端设置各自的密钥Bi,i表示第i个用户端;For a certain piece of data, send a key coordination setting command to the administrator and at least one client, notify the administrator to set the key A, and notify the client to set their own key B i , where i represents the i-th client;

接收管理员端设置的密钥A以及用户端设置的密钥Bi,并将密钥A分别和各用户端的密钥Bi组合为密钥ABi,以密钥ABi的形式存储至数据库;Receive the key A set by the administrator and the key Bi set by the client, and combine the key A with the key Bi of each client to form the key ABi , and store it in the database in the form of the key ABi ;

在管理员端,采用密钥A对该数据进行加密后存储至数据库;On the administrator side, use key A to encrypt the data and store it in the database;

当发送该数据至用户端i时,采用密钥A对存储的密文数据进行解密,并调取密钥ABi,根据密钥A和密钥ABi解密得到密钥Bi;采用密钥Bi对该数据进行重新加密后发送至用户端i;When sending the data to client i, use the key A to decrypt the stored ciphertext data, and retrieve the key AB i , and decrypt it according to the key A and the key AB i to obtain the key B i ; use the key B i re-encrypts the data and sends it to client i;

在用户端i,采用密钥Bi对接收的密文数据进行解密。At the client i, the received ciphertext data is decrypted using the key Bi .

进一步的,还包括:Further, it also includes:

当某一数据需发送至多个用户端时,每个用户端设置的密钥各不相同,发送数据时,选择指定用户端,并采用指定用户端各自的密钥分别对该数据进行重新加密后,再分发至指定用户端。When a certain data needs to be sent to multiple clients, the key set for each client is different. When sending data, select the specified client and use the respective keys of the specified client to re-encrypt the data respectively. , and then distributed to specified clients.

进一步的,在管理员端,通过密钥A对该数据进行解密,并在对该数据编辑操作后再次保存时,自动启用密钥A对该数据进行加密。Further, on the administrator side, the data is decrypted by the key A, and when the data is saved again after the edit operation, the key A is automatically enabled to encrypt the data.

进一步的,采用3DES算法对数据进行加密和解密操作。Further, the 3DES algorithm is used to encrypt and decrypt the data.

进一步的,在管理员端,执行某一操作之前,提示进行二次密码验证。Further, on the administrator side, before performing a certain operation, a second password verification is prompted.

第二方面,本发明还提供一种用于数字化协同办公的数据传输与加密系统,包括:In the second aspect, the present invention also provides a data transmission and encryption system for digital collaborative office, including:

密钥协同设置模块,用于针对某一数据,发送密钥协同设置指令至管理员端和至少一个用户端,通知管理员端设置密钥A,通知用户端设置各自的密钥Bi,i表示第i个用户端;The key coordination setting module is used to send a key coordination setting instruction to the administrator and at least one user end for a certain data, notify the administrator to set the key A, and notify the user to set the respective keys B i , i Indicates the i-th client;

密钥存储管理模块,用于接收管理员端设置的密钥A以及用户端设置的密钥Bi,并将密钥A分别和各用户端的密钥Bi组合为密钥ABi,以密钥ABi的形式存储至数据库;The key storage management module is used to receive the key A set by the administrator and the key B i set by the user end, and combine the key A with the key B i of each user end into a key AB i to encrypt stored in the database in the form of the key AB i ;

管理员端数据加密模块,用于在管理员端,采用密钥A对该数据进行加密后存储至数据库;The data encryption module at the administrator end is used to encrypt the data with key A at the administrator end and store it in the database;

数据发送及重加密模块,用于当发送该数据至用户端i时,采用密钥A对存储的密文数据进行解密,并调取密钥ABi,根据密钥A和密钥ABi解密得到密钥Bi;采用密钥Bi对该数据进行重新加密后发送至用户端i;The data sending and re-encryption module is used to decrypt the stored ciphertext data by using the key A when sending the data to the client i, and call the key AB i , and decrypt it according to the key A and the key AB i Obtain the key B i ; use the key B i to re-encrypt the data and send it to the client i;

用户端数据解密模块,用于在用户端i,采用密钥Bi对接收的密文数据进行解密。The client data decryption module is used to decrypt the received ciphertext data at the client i using the key Bi .

进一步的,所述数据发送及重加密模块还用于在发送数据时,选择指定用户端,并采用指定用户端各自的密钥分别对该数据进行重新加密后,再分发至指定用户端。Further, the data sending and re-encryption module is also used for selecting a designated client when sending data, and re-encrypting the data with the respective keys of the designated client, and then distributing the data to the designated client.

进一步的,所述管理员端数据加密模块还用于在管理员端,通过密钥A对该数据进行解密,并在对该数据编辑操作后再次保存时,自动启用密钥A对该数据进行加密。Further, the data encryption module at the administrator end is also used to decrypt the data through the key A at the administrator end, and when the data is saved again after the editing operation, the key A is automatically enabled to encrypt the data. encryption.

进一步的,该系统还包括:Further, the system also includes:

二次验证模块,用于在管理员端,执行某一操作之前,提示进行二次密码验证。The secondary authentication module is used to prompt the administrator to perform secondary password authentication before performing an operation.

经由上述的技术方案可知,与现有技术相比,本发明公开提供了一种用于数字化协同办公的数据传输与加密方法,针对某一数据,需要管理员端和用户端协同对该数据进行加密,管理员端操作时,数据保存的都是用管理员的秘钥加密后的数据,发送给用户端的数据是用户端的秘钥加密的,发送给每个用户端的数据采用自己掌握秘钥进行解密,也能确保接收人设备遗失等原因造成数据的遗失。It can be seen from the above-mentioned technical solutions that, compared with the prior art, the present invention discloses a data transmission and encryption method for digital collaborative office. For a certain data, it is necessary for the administrator and the user to collaborate on the data. Encryption, when the administrator is operating, the data is stored encrypted with the administrator's secret key, the data sent to the client is encrypted with the client's secret key, and the data sent to each client is encrypted with the secret key held by itself Decryption can also ensure that the data is lost due to the loss of the recipient's device and other reasons.

同时,未存储管理员的秘钥和用户的秘钥,采用不保留秘钥的加密方式将数据存放到数据库,数据无法被运维和技术人员解密,也能够解决通过正常或非正常手段,即使获取到数据库和劫持程序,也因无法通过技术或黑客手段获取到秘钥从而保证数据无法解密。At the same time, the administrator's secret key and user's secret key are not stored, and the data is stored in the database in an encryption method that does not retain the secret key. The data cannot be decrypted by operation and maintenance and technical personnel, and it can also be resolved through normal or abnormal means. Obtaining the database and hijacking program also ensures that the data cannot be decrypted because the secret key cannot be obtained through technical or hacking means.

附图说明Description of drawings

为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据提供的附图获得其他的附图。In order to more clearly illustrate the technical solutions in the embodiments of the present invention or the prior art, the following will briefly introduce the drawings that need to be used in the description of the embodiments or the prior art. Obviously, the accompanying drawings in the following description are only It is an embodiment of the present invention, and those skilled in the art can also obtain other drawings according to the provided drawings without creative work.

图1为本发明提供的用于数字化协同办公的数据传输与加密方法的流程图;Fig. 1 is a flow chart of the data transmission and encryption method for digital collaborative office provided by the present invention;

图2为本发明提供的用于数字化协同办公的数据传输与加密系统的结构框图。Fig. 2 is a structural block diagram of a data transmission and encryption system for digital collaborative office provided by the present invention.

具体实施方式Detailed ways

下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。The following will clearly and completely describe the technical solutions in the embodiments of the present invention with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only some, not all, embodiments of the present invention. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.

如图1所示,本发明实施例公开了一种用于数字化协同办公的数据传输与加密方法,包括以下步骤:As shown in Figure 1, the embodiment of the present invention discloses a data transmission and encryption method for digital collaborative office, including the following steps:

针对某一数据,发送密钥协同设置指令至管理员端和至少一个用户端,通知管理员端设置密钥A,通知用户端设置各自的密钥Bi,i表示第i个用户端;For a certain piece of data, send a key coordination setting command to the administrator and at least one client, notify the administrator to set the key A, and notify the client to set their own key B i , where i represents the i-th client;

接收管理员端设置的密钥A以及用户端设置的密钥Bi,并将密钥A分别和各用户端的密钥Bi组合为密钥ABi,以密钥ABi的形式存储至数据库;Receive the key A set by the administrator and the key Bi set by the client, and combine the key A with the key Bi of each client to form the key ABi , and store it in the database in the form of the key ABi ;

在管理员端,采用密钥A对该数据进行加密后存储至数据库;On the administrator side, use key A to encrypt the data and store it in the database;

当发送该数据至用户端i时,采用密钥A对存储的密文数据进行解密,并调取密钥ABi,根据密钥A和密钥ABi解密得到密钥Bi;采用密钥Bi对该数据进行重新加密后发送至用户端i;When sending the data to client i, use the key A to decrypt the stored ciphertext data, and retrieve the key AB i , and decrypt it according to the key A and the key AB i to obtain the key B i ; use the key B i re-encrypts the data and sends it to client i;

在用户端i,采用密钥Bi对接收的密文数据进行解密。At the client i, the received ciphertext data is decrypted using the key Bi .

本发明实施例需要管理员端和用户端协同操作,在管理员端,管理员对数据进行操作前需要输入解密秘钥A,用秘钥A解密数据库中的加密数据,如果秘钥A不正确,将无法得到正确的解密结果,如果秘钥A正确,则可以得到解密后的数据并在页面临时展示明文,管理员端可对数据进行编辑,再次保存的时候,自动启用秘钥A将数据加密后保存到数据库。The embodiment of the present invention requires the cooperative operation of the administrator end and the user end. On the administrator end, the administrator needs to input the decryption key A before operating the data, and use the key A to decrypt the encrypted data in the database. If the key A is incorrect , the correct decryption result cannot be obtained. If the secret key A is correct, the decrypted data can be obtained and the plaintext will be temporarily displayed on the page. The administrator can edit the data. When saving again, the secret key A will be automatically enabled to save the data Encrypted and saved to the database.

管理员端发起设置用户秘钥的协同工作给用户端,管理员输入秘钥A,用户输入秘钥B,提交保存时,将秘钥A和秘钥B组合得到秘钥AB,并将秘钥AB存到数据库,秘钥A和秘钥B均不保存。The administrator initiates the collaborative work of setting the user’s secret key to the user’s end. The administrator enters secret key A, and the user enters secret key B. When submitting and saving, the secret key A and secret key B are combined to obtain secret key AB, and the secret AB is stored in the database, but neither key A nor key B is saved.

管理员端将数据发送给用户时,需输入秘钥A,通过A秘钥将数据库中加密的数据解密得到原始数据,同时取出秘钥AB,用A秘钥将AB秘钥解密得出B秘钥,再用B秘钥将原始数据加密后传送给用户端。When the administrator sends the data to the user, he needs to input the secret key A, decrypt the encrypted data in the database through the secret key A to obtain the original data, and take out the secret key AB at the same time, use the secret key A to decrypt the secret key AB to obtain the secret key B key, and then use the B key to encrypt the original data and send it to the client.

用户端收到加密数据后,每次查看需要输入秘钥B才能查看到原始数据,若秘钥错误,将无法得到解密后的数据。After receiving the encrypted data, the client needs to enter the secret key B to view the original data every time it is viewed. If the secret key is wrong, the decrypted data will not be obtained.

本发明实施例中,数据在数据库中是加密存储的,因未存储管理员端的秘钥和用户端的秘钥,一旦数据库被泄露,泄露的数据是无法识别的,因此数据无法被运维和技术人员解密。In the embodiment of the present invention, the data is encrypted and stored in the database. Because the administrator’s secret key and the user’s secret key are not stored, once the database is leaked, the leaked data cannot be identified, so the data cannot be accessed by operation and maintenance and technical Personnel decrypted.

更有利的,该方法还包括:当某一数据需发送至多个用户端时,每个用户端设置的密钥各不相同,发送数据时,选择指定用户端,并采用指定用户端各自的密钥分别对该数据进行重新加密后,再分发至指定用户端。More advantageously, the method also includes: when a certain data needs to be sent to multiple client terminals, the keys set by each client terminal are different; Keys are used to re-encrypt the data before distributing them to designated clients.

本发明实施例可以选择一个或多个指定用户端对数据进行选择性发送,根据各指定用户端各自的密钥对该数据进行重新加密,将重新加密的数据发送至对应的用户端,由于每个用户端的密钥是不同的,所以发送给每个用户端的数据都通过不一样的加密方式加密,加密的数据需要每个用户端用自己的秘钥,解密自己的数据,才能看到结果,即使接收人设备遗失,也不会被轻易破解造成数据的遗失。In this embodiment of the present invention, one or more specified clients can be selected to selectively send data, and the data is re-encrypted according to the respective keys of each specified client, and the re-encrypted data is sent to the corresponding client. The keys of each client are different, so the data sent to each client is encrypted by different encryption methods. The encrypted data requires each client to use its own secret key to decrypt its own data in order to see the result. Even if the recipient's device is lost, it will not be easily cracked to cause data loss.

具体来说,无论是在管理员端采用密钥A对数据进行加解密,或采用密钥B对数据进行加密,还是在用户端采用密钥B对数据进行解密,均可以采用3DES算法对数据进行加密和解密操作。Specifically, whether the data is encrypted and decrypted with key A on the administrator side, or encrypted with key B at the user side, or decrypted at the user side with key B, the 3DES algorithm can be used to decrypt the data. Perform encryption and decryption operations.

更有利的,在管理员端,执行某一操作之前,提示进行二次密码验证。本发明实施例通过在进入相关页面前,提示输入二次密码验证,可以避免管理员端被其他人使用造成数据泄露的情况。More advantageously, on the administrator side, before performing a certain operation, a second password verification is prompted. In the embodiment of the present invention, by prompting to enter a second password verification before entering the relevant page, it can avoid the situation that the administrator terminal is used by other people to cause data leakage.

如图2所示,本发明实施例还提供一种用于数字化协同办公的数据传输与加密系统,包括:As shown in Figure 2, the embodiment of the present invention also provides a data transmission and encryption system for digital collaborative office, including:

密钥协同设置模块,用于针对某一数据,发送密钥协同设置指令至管理员端和至少一个用户端,通知管理员端设置密钥A,通知用户端设置各自的密钥Bi,i表示第i个用户端;The key coordination setting module is used to send a key coordination setting instruction to the administrator and at least one user end for a certain data, notify the administrator to set the key A, and notify the user to set the respective keys B i , i Indicates the i-th client;

密钥存储管理模块,用于接收管理员端设置的密钥A以及用户端设置的密钥Bi,并将密钥A分别和各用户端的密钥Bi组合为密钥ABi,以密钥ABi的形式存储至数据库;The key storage management module is used to receive the key A set by the administrator and the key B i set by the user end, and combine the key A with the key B i of each user end into a key AB i to encrypt stored in the database in the form of the key AB i ;

管理员端数据加密模块,用于在管理员端,采用密钥A对该数据进行加密后存储至数据库;The data encryption module at the administrator end is used to encrypt the data with key A at the administrator end and store it in the database;

数据发送及重加密模块,用于当发送该数据至用户端i时,采用密钥A对存储的密文数据进行解密,并调取密钥ABi,根据密钥A和密钥ABi解密得到密钥Bi;采用密钥Bi对该数据进行重新加密后发送至用户端i;The data sending and re-encryption module is used to decrypt the stored ciphertext data by using the key A when sending the data to the client i, and call the key AB i , and decrypt it according to the key A and the key AB i Obtain the key B i ; use the key B i to re-encrypt the data and send it to the client i;

用户端数据解密模块,用于在用户端i,采用密钥Bi对接收的密文数据进行解密。The client data decryption module is used to decrypt the received ciphertext data at the client i using the key Bi .

其中,管理员端数据加密模块还用于在管理员端,通过密钥A对该数据进行解密,并在对该数据编辑操作后再次保存时,自动启用密钥A对该数据进行加密。Wherein, the data encryption module at the administrator end is also used to decrypt the data through the key A at the administrator end, and automatically enable the key A to encrypt the data when the data is saved again after the editing operation.

更有利的,数据发送及重加密模块还用于在发送数据时,选择指定用户端,并采用指定用户端各自的密钥分别对该数据进行重新加密后,再分发至指定用户端。More advantageously, the data sending and re-encryption module is also used for selecting a designated client when sending data, and re-encrypting the data with their respective keys respectively, and then distributing the data to the designated client.

在其他实施例中,本发明系统还包括:In other embodiments, the system of the present invention also includes:

二次验证模块,用于在管理员端,执行某一操作之前,提示进行二次密码验证。The secondary authentication module is used to prompt the administrator to perform secondary password authentication before performing an operation.

本发明系统可以应用于各数字化协同办公软件中,提高数字化协同办公软件的安全性。The system of the invention can be applied to various digital collaborative office software, and improves the security of the digital collaborative office software.

本说明书中各个实施例采用递进的方式描述,每个实施例重点说明的都是与其他实施例的不同之处,各个实施例之间相同相似部分互相参见即可。对于实施例公开的装置而言,由于其与实施例公开的方法相对应,所以描述的比较简单,相关之处参见方法部分说明即可。Each embodiment in this specification is described in a progressive manner, each embodiment focuses on the difference from other embodiments, and the same and similar parts of each embodiment can be referred to each other. As for the device disclosed in the embodiment, since it corresponds to the method disclosed in the embodiment, the description is relatively simple, and for relevant details, please refer to the description of the method part.

对所公开的实施例的上述说明,使本领域专业技术人员能够实现或使用本发明。对这些实施例的多种修改对本领域的专业技术人员来说将是显而易见的,本文中所定义的一般原理可以在不脱离本发明的精神或范围的情况下,在其它实施例中实现。因此,本发明将不会被限制于本文所示的这些实施例,而是要符合与本文所公开的原理和新颖特点相一致的最宽的范围。The above description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the general principles defined herein may be implemented in other embodiments without departing from the spirit or scope of the invention. Therefore, the present invention will not be limited to the embodiments shown herein, but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims (9)

1.一种用于数字化协同办公的数据传输与加密方法,其特征在于,包括:1. A data transmission and encryption method for digital collaborative office, characterized in that it comprises: 针对某一数据,发送密钥协同设置指令至管理员端和至少一个用户端,通知管理员端设置密钥A,通知用户端设置各自的密钥Bi,i表示第i个用户端;For a certain piece of data, send a key coordination setting command to the administrator and at least one client, notify the administrator to set the key A, and notify the client to set their own key B i , where i represents the i-th client; 接收管理员端设置的密钥A以及用户端设置的密钥Bi,并将密钥A分别和各用户端的密钥Bi组合为密钥ABi,以密钥ABi的形式存储至数据库;Receive the key A set by the administrator and the key Bi set by the client, and combine the key A with the key Bi of each client to form the key ABi , and store it in the database in the form of the key ABi ; 在管理员端,采用密钥A对该数据进行加密后存储至数据库;On the administrator side, use key A to encrypt the data and store it in the database; 当发送该数据至用户端i时,采用密钥A对存储的密文数据进行解密,并调取密钥ABi,根据密钥A和密钥ABi解密得到密钥Bi;采用密钥Bi对该数据进行重新加密后发送至用户端i;When sending the data to client i, use the key A to decrypt the stored ciphertext data, and retrieve the key AB i , and decrypt it according to the key A and the key AB i to obtain the key B i ; use the key B i re-encrypts the data and sends it to client i; 在用户端i,采用密钥Bi对接收的密文数据进行解密。At the client i, the received ciphertext data is decrypted using the key Bi . 2.根据权利要求1所述的用于数字化协同办公的数据传输与加密方法,其特征在于,还包括:2. The data transmission and encryption method for digital collaborative office according to claim 1, further comprising: 当某一数据需发送至多个用户端时,每个用户端设置的密钥各不相同,发送数据时,选择指定用户端,并采用指定用户端各自的密钥分别对该数据进行重新加密后,再分发至指定用户端。When a certain data needs to be sent to multiple clients, the key set for each client is different. When sending data, select the specified client and use the respective keys of the specified client to re-encrypt the data respectively. , and then distributed to specified clients. 3.根据权利要求1所述的用于数字化协同办公的数据传输与加密方法,其特征在于,在管理员端,通过密钥A对该数据进行解密,并在对该数据编辑操作后再次保存时,自动启用密钥A对该数据进行加密。3. The data transmission and encryption method for digital collaborative office according to claim 1, characterized in that, at the administrator side, the data is decrypted by key A, and saved again after editing the data , key A is automatically enabled to encrypt the data. 4.根据权利要求1所述的用于数字化协同办公的数据传输与加密方法,其特征在于,采用3DES算法对数据进行加密和解密操作。4. The data transmission and encryption method for digital collaborative office according to claim 1, characterized in that 3DES algorithm is used to encrypt and decrypt data. 5.根据权利要求1所述的用于数字化协同办公的数据传输与加密方法,其特征在于,在管理员端,执行某一操作之前,提示进行二次密码验证。5. The data transmission and encryption method for digital collaborative office according to claim 1, characterized in that, at the administrator end, before performing a certain operation, it prompts for a second password verification. 6.一种用于数字化协同办公的数据传输与加密系统,其特征在于,包括:6. A data transmission and encryption system for digital collaborative office, characterized in that it includes: 密钥协同设置模块,用于针对某一数据,发送密钥协同设置指令至管理员端和至少一个用户端,通知管理员端设置密钥A,通知用户端设置各自的密钥Bi,i表示第i个用户端;The key coordination setting module is used to send a key coordination setting instruction to the administrator and at least one user end for a certain data, notify the administrator to set the key A, and notify the user to set the respective keys B i , i Indicates the i-th client; 密钥存储管理模块,用于接收管理员端设置的密钥A以及用户端设置的密钥Bi,并将密钥A分别和各用户端的密钥Bi组合为密钥ABi,以密钥ABi的形式存储至数据库;The key storage management module is used to receive the key A set by the administrator and the key B i set by the user end, and combine the key A with the key B i of each user end into a key AB i to encrypt stored in the database in the form of the key AB i ; 管理员端数据加密模块,用于在管理员端,采用密钥A对该数据进行加密后存储至数据库;The data encryption module at the administrator end is used to encrypt the data with key A at the administrator end and store it in the database; 数据发送及重加密模块,用于当发送该数据至用户端i时,采用密钥A对存储的密文数据进行解密,并调取密钥ABi,根据密钥A和密钥ABi解密得到密钥Bi;采用密钥Bi对该数据进行重新加密后发送至用户端i;The data sending and re-encryption module is used to decrypt the stored ciphertext data by using the key A when sending the data to the client i, and call the key AB i , and decrypt it according to the key A and the key AB i Obtain the key B i ; use the key B i to re-encrypt the data and send it to the client i; 用户端数据解密模块,用于在用户端i,采用密钥Bi对接收的密文数据进行解密。The client data decryption module is used to decrypt the received ciphertext data at the client i using the key Bi . 7.根据权利要求6所述的用于数字化协同办公的数据传输与加密系统,其特征在于,所述数据发送及重加密模块还用于在发送数据时,选择指定用户端,并采用指定用户端各自的密钥分别对该数据进行重新加密后,再分发至指定用户端。7. The data transmission and encryption system for digital collaborative office according to claim 6, characterized in that, the data transmission and re-encryption module is also used to select a designated user end when sending data, and adopt a designated user After re-encrypting the data with their respective keys, the data is distributed to the specified client. 8.根据权利要求6所述的用于数字化协同办公的数据传输与加密系统,其特征在于,所述管理员端数据加密模块还用于在管理员端,通过密钥A对该数据进行解密,并在对该数据编辑操作后再次保存时,自动启用密钥A对该数据进行加密。8. The data transmission and encryption system for digital collaborative office according to claim 6, characterized in that, the data encryption module at the administrator end is also used to decrypt the data through key A at the administrator end , and when the data is saved again after editing, the key A is automatically enabled to encrypt the data. 9.根据权利要求6所述的用于数字化协同办公的数据传输与加密系统,其特征在于,还包括:9. The data transmission and encryption system for digital collaborative office according to claim 6, further comprising: 二次验证模块,用于在管理员端,执行某一操作之前,提示进行二次密码验证。The secondary authentication module is used to prompt the administrator to perform secondary password authentication before performing an operation.
CN202310312819.0A 2023-03-28 2023-03-28 Data transmission and encryption method and system for digital collaborative office Active CN116366243B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310312819.0A CN116366243B (en) 2023-03-28 2023-03-28 Data transmission and encryption method and system for digital collaborative office

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310312819.0A CN116366243B (en) 2023-03-28 2023-03-28 Data transmission and encryption method and system for digital collaborative office

Publications (2)

Publication Number Publication Date
CN116366243A true CN116366243A (en) 2023-06-30
CN116366243B CN116366243B (en) 2025-07-25

Family

ID=86917607

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310312819.0A Active CN116366243B (en) 2023-03-28 2023-03-28 Data transmission and encryption method and system for digital collaborative office

Country Status (1)

Country Link
CN (1) CN116366243B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102841902A (en) * 2011-06-23 2012-12-26 捷达世软件(深圳)有限公司 Database data management method and system
CN103561034A (en) * 2013-11-11 2014-02-05 武汉理工大学 Secure file sharing system
CN105659231A (en) * 2013-08-19 2016-06-08 Visa欧洲有限公司 Enabling access to data
CN108701094A (en) * 2016-02-10 2018-10-23 移动熨斗公司 The safely storage and distribution sensitive data in application based on cloud
CN111917710A (en) * 2020-06-12 2020-11-10 北京智芯微电子科技有限公司 PCI-E cipher card, its key protection method and computer readable storage medium

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102841902A (en) * 2011-06-23 2012-12-26 捷达世软件(深圳)有限公司 Database data management method and system
CN105659231A (en) * 2013-08-19 2016-06-08 Visa欧洲有限公司 Enabling access to data
CN103561034A (en) * 2013-11-11 2014-02-05 武汉理工大学 Secure file sharing system
CN108701094A (en) * 2016-02-10 2018-10-23 移动熨斗公司 The safely storage and distribution sensitive data in application based on cloud
CN111917710A (en) * 2020-06-12 2020-11-10 北京智芯微电子科技有限公司 PCI-E cipher card, its key protection method and computer readable storage medium

Also Published As

Publication number Publication date
CN116366243B (en) 2025-07-25

Similar Documents

Publication Publication Date Title
EP3451575B1 (en) Methods, systems and computer program product for providing encryption on a plurality of devices
KR100969241B1 (en) Method and system for managing data on a network
US7272230B2 (en) Encryption system and control method thereof
KR100753932B1 (en) contents encryption method, system and method for providing contents through network using the encryption method
CN101515319B (en) Cipher key processing method, cipher key cryptography service system and cipher key consultation method
CN105103488A (en) Policy enforcement with associated data
CN113868684A (en) Signature method, device, server, medium and signature system
CN112685786B (en) Financial data encryption and decryption method, system, equipment and storage medium
KR20220039779A (en) Enhanced security encryption and decryption system
CN109063451B (en) Method for verifying BIOS user login through mobile phone two-dimensional code
CN105279447A (en) Method and device for data encryption, and method and device for data decryption
US11522691B2 (en) Techniques for virtual cryptographic key ceremonies
CN110445757A (en) Personnel information encryption method, device, computer equipment and storage medium
CN111818466B (en) Information sending and receiving method and device, electronic equipment and readable storage medium
JP3690237B2 (en) Authentication method, recording medium, authentication system, terminal device, and authentication recording medium creation device
CN116366243B (en) Data transmission and encryption method and system for digital collaborative office
CN115412236A (en) Method for key management and password calculation, encryption method and device
US20080154622A1 (en) Method of and System for Security and Privacy Protection in Medical Forms
CN115883211B (en) File transfer system oriented to enterprise data security
JP7086163B1 (en) Data processing system
KR100842014B1 (en) Access to protected data on network storage from multiple devices
JP4774446B2 (en) Management server and program
JP2006197640A (en) Encrypted data distribution service system
CN116319059A (en) Multi-party simultaneous authentication mechanism for end-to-end encryption
CN120238533A (en) A method for sending and receiving attachment files, and a device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant