Protecting master encryption keys in a distributed computing environment
US-9667416-B1 · May 30, 2017 · US
Data encryption method, decryption method, apparatus, and system
US10659226B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10659226-B2 |
| Application number | US-201715698432-A |
| Country | US |
| Kind code | B2 |
| Filing date | Sep 7, 2017 |
| Priority date | Aug 12, 2015 |
| Publication date | May 19, 2020 |
| Grant date | May 19, 2020 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A data encryption method performed at a computing device includes: receiving a data encryption request, the data encryption request indicating original data that needs to be encrypted and at least two target storage devices that are communicatively connected to the computing device; in response to the data encryption request: separately obtaining unique device information of the at least two target storage devices; generating, based on the unique device information, a public key according to a preset policy; encrypting the original data by using the public key to obtain ciphertext; and destructing relevant data of the public key from the computing device, and storing the ciphertext into the at least two target storage devices.
First claim
Opening claim text (preview).
What is claimed is: 1. A data encryption method performed at a computing device having one or more processors and memory storing programs to be executed by the computing device, the method comprising: receiving a data encryption request, the data encryption request indicating original data that needs to be encrypted and identifiers of at least two target mobile phones for storing the encrypted data, wherein the at least two target mobile phones are communicatively connected to the computing device; in response to the data encryption request: separately obtaining unique device information of the at least two target mobile phones; generating, based on the unique device information of the at least two mobile phones, an encryption key that includes a combination of the unique device information of the at least two mobile phones and according to a preset policy; encrypting the original data by using the encryption key to obtain ciphertext, including dividing, according to a quantity of the at least two target mobile phones, the ciphertext into a corresponding quantity of ciphertext segments; destructing relevant data of the encryption key from the computing device; and storing each of the ciphertext segments into a corresponding target mobile phone of the at least two target mobile phones, such that the ciphertext can be obtained only by combining all of the ciphertext segments from the at least two target mobile phones; receiving a data decryption request, the decryption request indicating ciphertext that needs to be decrypted and including addresses of the at least two mobile phones that store the ciphertext to be decrypted; in response to the data decryption request: determining, based on the addresses, that the ciphertext to be decrypted are stored at the at least two target mobile phones and can be obtained by combining the ciphertext segments from the at least two target mobile phones, wherein the at least two target mobile phones are communicatively connected to the computing device via Bluetooth; obtaining the unique device information of the at least two target mobile phones by the Bluetooth connection; retrieving, based on the unique device information, the encryption key that includes the combination of the unique device information of the at least two mobile phones and according to the preset policy; and retrieving the ciphertext by combining the cipertext segments from the at least two target mobile phones and decrypting the ciphertext by using the encryption key to obtain decrypted data. 2. The method according to claim 1 , wherein the preset policy for generating the encryption key comprises one of the following: combining the unique device information according to a preset first sequence to obtain the encryption key; separately extracting a portion of the unique device information according to a preset extraction rule to obtain extracted information, and combining the extracted information according to a preset second sequence to obtain the encryption key; separately calculating a portion of the unique device information according to a preset first algorithm to obtain calculated information, and combining the calculated information according to a preset third sequence to obtain the encryption key; and combining the unique device information according to a preset fourth sequence to obtain combined information and calculating a portion of the combined information according to a preset second algorithm to obtain the encryption key. 3. The method according to claim 1 , wherein the operation of separately obtaining unique device information of the at least two target mobile phones comprises: separately sending a first device information obtaining request to the at least two target mobile phones; and separately receiving the unique device information returned by the at least two target mobile phones according to the first device information obtaining request. 4. The method according to claim 1 , wherein the operation of separately obtaining unique device information of the at least two target mobile phones comprises: separately sending a second device information obtaining request to the at least two target mobile phones, wherein the second device information obtaining request carries authentication information; and separately receiving the unique device information returned by the at least two target mobile phones, wherein the unique device information is returned by the at least two target mobile phones after the at least two target mobile phones perform authentication on the second device information obtaining request according to the authentication information and determine that the authentication succeeds. 5. The method according to claim 1 , wherein the operation of destructing relevant data of the encryption key comprises: deleting the obtained unique device information from the computing device. 6. The method according to claim 1 , further comprising: storing an entire copy of the ciphertext at each of the at least two target mobile phones. 7. The method according to claim 1 , further comprising: locally destructing relevant data of the public key after decrypting the ciphertext by using the encryption key. 8. A computing device for data encryption and data decryption, comprising: one or more processors; memory; and a plurality of programs stored in the memory, wherein the plurality of programs, when executed by the one or more processors, cause the computing device to perform the following operations: receiving a data encryption request, the data encryption request indicating original data that needs to be encrypted and identifiers of at least two target mobile phones for storing the encrypted data, wherein the at least two target mobile phones are communicatively connected to the computing device; in response to the data encryption request: separately obtaining unique device information of the at least two target mobile phones; generating, based on the unique device information of the at least two mobile phones, an encryption key that includes a combination of the unique device information of the at least two mobile phones and according to a preset policy; encrypting the original data by using the encryption key to obtain ciphertext, including dividing, according to a quantity of the at least two target mobile phones, the ciphertext into a corresponding quantity of ciphertext segments; destructing relevant data of the encryption key from the computing device; and storing each of the ciphertext segments into a corresponding target mobile phone of the at least two target mobile phones, such that the ciphertext can be obtained only by combining all of the ciphertext segments from the at least two target mobile phones; receiving a data decryption request, the decryption request indicating ciphertext that needs to be decrypted and including addresses of the at least two mobile phones that store the ciphertext to be decrypted; in response to the data decryption request: determining, based on the addresses, that the ciphertext to be decrypted are stored at the at least two target mobile phones and can be obtained by combining the ciphertext segments from the at least two target mobile phones, wherein the at least two target mobile phones are communicatively connected to the computing device via Bluetooth; obtaining the unique device information of the at least two target mobile phones by the Bluetooth connection; retrieving, based on the unique device information, the encryption key that includes the combination of the unique device information of the at least two mobile phones and according to the preset policy; and retrieving the ciphertext by combining the cipertext segments from the at least tw
Assignees
Inventors
Classifications
wherein the data content is protected, e.g. by encrypting or encapsulating the payload · CPC title
- H04L9/30Primary
Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy · CPC title
Usage controlling of secret information, e.g. techniques for restricting cryptographic keys to pre-authorized uses, different access levels, validity of crypto-period, different key- or password length, or different strong and weak cryptographic algorithms (network architectures or network communication protocols for using time-dependent keys in a packet data network H04L63/068) · CPC title
for supporting key management in a packet data network (cryptographic mechanisms or cryptographic arrangements for key management H04L9/08) · CPC title
Authentication · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10659226B2 cover?
- A data encryption method performed at a computing device includes: receiving a data encryption request, the data encryption request indicating original data that needs to be encrypted and at least two target storage devices that are communicatively connected to the computing device; in response to the data encryption request: separately obtaining unique device information of the at least two ta…
- Who is the assignee on this patent?
- Tencent Tech Shenzhen Co Ltd
- What technology area does this patent fall under?
- Primary CPC classification H04L9/30. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue May 19 2020 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 5 related publications on this page (citations in our corpus or others sharing the same primary CPC).