Data encryption method, decryption method, apparatus, and system

US 10,659,226 B2
Filed: 09/07/2017
Issued: 05/19/2020
Est. Priority Date: 08/12/2015
Status: Active Grant

First Claim

Patent Images

1. A data encryption method performed at a computing device having one or more processors and memory storing programs to be executed by the computing device, the method comprising:

receiving a data encryption request, the data encryption request indicating original data that needs to be encrypted and identifiers of at least two target mobile phones for storing the encrypted data, wherein the at least two target mobile phones are communicatively connected to the computing device;

in response to the data encryption request;

separately obtaining unique device information of the at least two target mobile phones;

generating, based on the unique device information of the at least two mobile phones, an encryption key that includes a combination of the unique device information of the at least two mobile phones and according to a preset policy;

encrypting the original data by using the encryption key to obtain ciphertext, including dividing, according to a quantity of the at least two target mobile phones, the ciphertext into a corresponding quantity of ciphertext segments;

destructing relevant data of the encryption key from the computing device; and

storing each of the ciphertext segments into a corresponding target mobile phone of the at least two target mobile phones, such that the ciphertext can be obtained only by combining all of the ciphertext segments from the at least two target mobile phones;

receiving a data decryption request, the decryption request indicating ciphertext that needs to be decrypted and including addresses of the at least two mobile phones that store the ciphertext to be decrypted;

in response to the data decryption request;

determining, based on the addresses, that the ciphertext to be decrypted are stored at the at least two target mobile phones and can be obtained by combining the ciphertext segments from the at least two target mobile phones, wherein the at least two target mobile phones are communicatively connected to the computing device via Bluetooth;

obtaining the unique device information of the at least two target mobile phones by the Bluetooth connection;

retrieving, based on the unique device information, the encryption key that includes the combination of the unique device information of the at least two mobile phones and according to the preset policy; and

retrieving the ciphertext by combining the cipertext segments from the at least two target mobile phones and decrypting the ciphertext by using the encryption key to obtain decrypted data.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A data encryption method performed at a computing device includes: receiving a data encryption request, the data encryption request indicating original data that needs to be encrypted and at least two target storage devices that are communicatively connected to the computing device; in response to the data encryption request: separately obtaining unique device information of the at least two target storage devices; generating, based on the unique device information, a public key according to a preset policy; encrypting the original data by using the public key to obtain ciphertext; and destructing relevant data of the public key from the computing device, and storing the ciphertext into the at least two target storage devices.

34 Citations

13 Claims

1. A data encryption method performed at a computing device having one or more processors and memory storing programs to be executed by the computing device, the method comprising:
- receiving a data encryption request, the data encryption request indicating original data that needs to be encrypted and identifiers of at least two target mobile phones for storing the encrypted data, wherein the at least two target mobile phones are communicatively connected to the computing device;
  
  in response to the data encryption request;
  
  separately obtaining unique device information of the at least two target mobile phones;
  
  generating, based on the unique device information of the at least two mobile phones, an encryption key that includes a combination of the unique device information of the at least two mobile phones and according to a preset policy;
  
  encrypting the original data by using the encryption key to obtain ciphertext, including dividing, according to a quantity of the at least two target mobile phones, the ciphertext into a corresponding quantity of ciphertext segments;
  
  destructing relevant data of the encryption key from the computing device; and
  
  storing each of the ciphertext segments into a corresponding target mobile phone of the at least two target mobile phones, such that the ciphertext can be obtained only by combining all of the ciphertext segments from the at least two target mobile phones;
  
  receiving a data decryption request, the decryption request indicating ciphertext that needs to be decrypted and including addresses of the at least two mobile phones that store the ciphertext to be decrypted;
  
  in response to the data decryption request;
  
  determining, based on the addresses, that the ciphertext to be decrypted are stored at the at least two target mobile phones and can be obtained by combining the ciphertext segments from the at least two target mobile phones, wherein the at least two target mobile phones are communicatively connected to the computing device via Bluetooth;
  
  obtaining the unique device information of the at least two target mobile phones by the Bluetooth connection;
  
  retrieving, based on the unique device information, the encryption key that includes the combination of the unique device information of the at least two mobile phones and according to the preset policy; and
  
  retrieving the ciphertext by combining the cipertext segments from the at least two target mobile phones and decrypting the ciphertext by using the encryption key to obtain decrypted data.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method according to claim 1, wherein the preset policy for generating the encryption key comprises one of the following:
    - combining the unique device information according to a preset first sequence to obtain the encryption key;
      
      separately extracting a portion of the unique device information according to a preset extraction rule to obtain extracted information, and combining the extracted information according to a preset second sequence to obtain the encryption key;
      
      separately calculating a portion of the unique device information according to a preset first algorithm to obtain calculated information, and combining the calculated information according to a preset third sequence to obtain the encryption key; and
      
      combining the unique device information according to a preset fourth sequence to obtain combined information and calculating a portion of the combined information according to a preset second algorithm to obtain the encryption key.
  - 3. The method according to claim 1, wherein the operation of separately obtaining unique device information of the at least two target mobile phones comprises:
    - separately sending a first device information obtaining request to the at least two target mobile phones; and
      
      separately receiving the unique device information returned by the at least two target mobile phones according to the first device information obtaining request.
  - 4. The method according to claim 1, wherein the operation of separately obtaining unique device information of the at least two target mobile phones comprises:
    - separately sending a second device information obtaining request to the at least two target mobile phones, wherein the second device information obtaining request carries authentication information; and
      
      separately receiving the unique device information returned by the at least two target mobile phones, wherein the unique device information is returned by the at least two target mobile phones after the at least two target mobile phones perform authentication on the second device information obtaining request according to the authentication information and determine that the authentication succeeds.
  - 5. The method according to claim 1, wherein the operation of destructing relevant data of the encryption key comprises:
    - deleting the obtained unique device information from the computing device.
  - 6. The method according to claim 1, further comprising:
    - storing an entire copy of the ciphertext at each of the at least two target mobile phones.
  - 7. The method according to claim 1, further comprising:
    - locally destructing relevant data of the public key after decrypting the ciphertext by using the encryption key.

8. A computing device for data encryption and data decryption, comprising:
- one or more processors;
  
  memory; and
  
  a plurality of programs stored in the memory, wherein the plurality of programs, when executed by the one or more processors, cause the computing device to perform the following operations;
  
  receiving a data encryption request, the data encryption request indicating original data that needs to be encrypted and identifiers of at least two target mobile phones for storing the encrypted data, wherein the at least two target mobile phones are communicatively connected to the computing device;
  
  in response to the data encryption request;
  
  separately obtaining unique device information of the at least two target mobile phones;
  
  generating, based on the unique device information of the at least two mobile phones, an encryption key that includes a combination of the unique device information of the at least two mobile phones and according to a preset policy;
  
  encrypting the original data by using the encryption key to obtain ciphertext, including dividing, according to a quantity of the at least two target mobile phones, the ciphertext into a corresponding quantity of ciphertext segments;
  
  destructing relevant data of the encryption key from the computing device; and
  
  storing each of the ciphertext segments into a corresponding target mobile phone of the at least two target mobile phones, such that the ciphertext can be obtained only by combining all of the ciphertext segments from the at least two target mobile phones;
  
  receiving a data decryption request, the decryption request indicating ciphertext that needs to be decrypted and including addresses of the at least two mobile phones that store the ciphertext to be decrypted;
  
  in response to the data decryption request;
  
  determining, based on the addresses, that the ciphertext to be decrypted are stored at the at least two target mobile phones and can be obtained by combining the ciphertext segments from the at least two target mobile phones, wherein the at least two target mobile phones are communicatively connected to the computing device via Bluetooth;
  
  obtaining the unique device information of the at least two target mobile phones by the Bluetooth connection;
  
  retrieving, based on the unique device information, the encryption key that includes the combination of the unique device information of the at least two mobile phones and according to the preset policy; and
  
  retrieving the ciphertext by combining the cipertext segments from the at least two target mobile phones and decrypting the ciphertext by using the encryption key to obtain decrypted data.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The computing device according to claim 8, wherein the preset policy for generating the encryption key comprises one of the following:
    - combining the unique device information according to a preset first sequence to obtain the encryption key;
      
      separately extracting a portion of the unique device information according to a preset extraction rule to obtain extracted information, and combining the extracted information according to a preset second sequence to obtain the encryption key;
      
      separately calculating a portion of the unique device information according to a preset first algorithm to obtain calculated information, and combining the calculated information according to a preset third sequence to obtain the encryption key; and
      
      combining the unique device information according to a preset fourth sequence to obtain combined information and calculating a portion of the combined information according to a preset second algorithm to obtain the encryption key.
  - 10. The computing device according to claim 8, wherein the operation of separately obtaining unique device information of the at least two target mobile phones comprises:
    - separately sending a first device information obtaining request to the at least two target mobile phones; and
      
      separately receiving the unique device information returned by the at least two target mobile phones according to the first device information obtaining request.
  - 11. The computing device according to claim 8, wherein the operation of separately obtaining unique device information of the at least two target mobile phones comprises:
    - separately sending a second device information obtaining request to the at least two target mobile phones, wherein the second device information obtaining request carries authentication information; and
      
      separately receiving the unique device information returned by the at least two target mobile phones, wherein the unique device information is returned by the at least two target mobile phones after the at least two target mobile phones perform authentication on the second device information obtaining request according to the authentication information and determine that the authentication succeeds.
  - 12. The computing device according to claim 8, wherein the operation of destructing relevant data of the encryption key comprises:
    - deleting the obtained unique device information from the computing device.
  - 13. The computing device according to claim 8, the operations further comprising:
    - storing an entire copy of the ciphertext at each of the at least two target mobile phones.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Tencent Technology Company Limited (Tencent Holdings Limited)
Original Assignee
Tencent Technology Company Limited (Tencent Holdings Limited)
Inventors
Lin, Luyi, Wang, Yufei
Primary Examiner(s)
Simitoski, Michael

Application Number

US15/698,432
Publication Number

US 20170373850A1
Time in Patent Office

985 Days
Field of Search
US Class Current
CPC Class Codes

H04L 2209/80   Wireless network architectu...

H04L 63/0428   wherein the data content is...

H04L 63/06   for supporting key manageme...

H04L 9/0847   involving identity based en...

H04L 9/0866   involving user or device id...

H04L 9/088   Usage controlling of secret...

H04L 9/30   Public key, i.e. encryption...

H04W 12/06   Authentication

Data encryption method, decryption method, apparatus, and system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

34 Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Data encryption method, decryption method, apparatus, and system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

34 Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links