DATA ENCRYPTION METHOD, DECRYPTION METHOD, APPARATUS, AND SYSTEM

US 20170373850A1
Filed: 09/07/2017
Published: 12/28/2017
Est. Priority Date: 08/12/2015
Status: Active Grant

First Claim

Patent Images

1. A data encryption method performed at a computing device having one or more processors and memory storing programs to be executed by the computing device, the method comprising:

receiving a data encryption request, the data encryption request indicating original data that needs to be encrypted and at least two target storage devices that are communicatively connected to the computing device;

in response to the data encryption request;

separately obtaining unique device information of the at least two target storage devices;

generating, based on the unique device information, a public key according to a preset policy;

encrypting the original data by using the public key to obtain ciphertext; and

destructing relevant data of the public key from the computing device, and storing the ciphertext into the at least two target storage devices.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A data encryption method performed at a computing device includes: receiving a data encryption request, the data encryption request indicating original data that needs to be encrypted and at least two target storage devices that are communicatively connected to the computing device; in response to the data encryption request: separately obtaining unique device information of the at least two target storage devices; generating, based on the unique device information, a public key according to a preset policy; encrypting the original data by using the public key to obtain ciphertext; and destructing relevant data of the public key from the computing device, and storing the ciphertext into the at least two target storage devices.

32 Citations

20 Claims

1. A data encryption method performed at a computing device having one or more processors and memory storing programs to be executed by the computing device, the method comprising:
- receiving a data encryption request, the data encryption request indicating original data that needs to be encrypted and at least two target storage devices that are communicatively connected to the computing device;
  
  in response to the data encryption request;
  
  separately obtaining unique device information of the at least two target storage devices;
  
  generating, based on the unique device information, a public key according to a preset policy;
  
  encrypting the original data by using the public key to obtain ciphertext; and
  
  destructing relevant data of the public key from the computing device, and storing the ciphertext into the at least two target storage devices.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method according to claim 1, wherein the preset policy for generating the public key comprises one of the following:
    - combining the unique device information according to a preset first sequence to obtain the public key;
      
      separately extracting a portion of the unique device information according to a preset extraction rule to obtain extracted information, and combining the extracted information according to a preset second sequence to obtain the public key;
      
      separately calculating a portion of the unique device information according to a preset first algorithm to obtain calculated information, and combining the calculated information according to a preset third sequence to obtain the public key; and
      
      combining the unique device information according to a preset fourth sequence to obtain combined information and calculating a portion of the combined information according to a preset second algorithm to obtain the public key.
  - 3. The method according to claim 1, wherein the operation of separately obtaining unique device information of the at least two target storage devices comprises:
    - separately sending a first device information obtaining request to the at least two target storage devices; and
      
      separately receiving the unique device information returned by the at least two target storage devices according to the first device information obtaining request.
  - 4. The method according to claim 1, wherein the operation of separately obtaining unique device information of the at least two target storage devices comprises:
    - separately sending a second device information obtaining request to the at least two target storage devices, wherein the second device information obtaining request carries authentication information; and
      
      separately receiving the unique device information returned by the at least two target storage devices, wherein the unique device information is returned by the at least two target storage devices after the at least two target storage devices perform authentication on the second device information obtaining request according to the authentication information and determine that the authentication succeeds.
  - 5. The method according to claim 1, wherein the operation of destructing relevant data of the public key comprises:
    - deleting the obtained unique device information from the computing device.
  - 6. The method according to claim 1, wherein the operation of storing the ciphertext into the at least two target storage devices comprises:
    - dividing, according to a quantity of the at least two target storage devices, the ciphertext into a corresponding quantity of ciphertext segments, and storing each of the ciphertext segments into a corresponding target storage device.
  - 7. The method according to claim 1, wherein the operation of storing the ciphertext into the at least two target storage devices comprises:
    - storing an entire copy of the ciphertext at each of the at least two target storage devices.

8. A data decryption method performed at a computing device having one or more processors and memory storing programs to be executed by the computing device, the method comprising:
- receiving a data decryption request, the decryption request indicating ciphertext that needs to be decrypted;
  
  in response to the data decryption request;
  
  determining at least two target storage devices that store the ciphertext, each target storage device having at least a portion of the ciphertext, wherein the at least two target storage devices are communicatively connected to the computing device;
  
  obtaining unique device information of the at least two target storage devices;
  
  generating, based on the unique device information, a public key according to a preset policy; and
  
  retrieving the ciphertext from the at least two target storage devices and decrypting the ciphertext by using the public key to obtain decrypted data.
- View Dependent Claims (9, 10, 11, 12)
- - 9. The method according to claim 8, wherein the preset policy for generating the public key comprises one of the following:
    - combining the unique device information according to a preset first sequence to obtain the public key;
      
      separately extracting a portion of the unique device information according to a preset extraction rule to obtain extracted information, and combining the extracted information according to a preset second sequence to obtain the public key;
      
      separately calculating a portion of the unique device information according to a preset first algorithm to obtain calculated information, and combining the calculated information according to a preset third sequence to obtain the public key; and
      
      combining the unique device information according to a preset fourth sequence to obtain combined information and calculating a portion of the combined information according to a preset second algorithm to obtain the public key.
  - 10. The method according to claim 8, wherein the operation of obtaining unique device information of the at least two target storage devices comprises:
    - separately sending a first device information obtaining request to the at least two target storage devices; and
      
      separately receiving the unique device information returned by the at least two target storage devices according to the first device information obtaining request.
  - 11. The method according to claim 8, wherein the operation of obtaining unique device information of the at least two target storage devices comprises:
    - separately sending a second device information obtaining request to the at least two target storage devices, wherein the second device information obtaining request carries authentication information; and
      
      separately receiving the unique device information returned by the at least two target storage devices, wherein the unique device information is returned by the at least two target storage devices when the at least two target storage devices perform authentication on the second device information obtaining request according to the authentication information and determine that the authentication succeeds.
  - 12. The method according to claim 8, further comprising:
    - locally destructing relevant data of the public key after decrypting the ciphertext by using the public key.

13. A computing device for data encryption and data decryption, comprising:
- one or more processors;
  
  memory; and
  
  a plurality of programs stored in the memory, wherein the plurality of programs, when executed by the one or more processors, cause the computing device to perform the following operations;
  
  receiving a data encryption request, the data encryption request indicating original data that needs to be encrypted and at least two target storage devices that are communicatively connected to the computing device;
  
  in response to the data encryption request;
  
  separately obtaining unique device information of the at least two target storage devices;
  
  generating, based on the unique device information, a public key according to a preset policy;
  
  encrypting the original data by using the public key to obtain ciphertext; and
  
  destructing relevant data of the public key from the computing device, and storing the ciphertext into the at least two target storage devices.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
- - 14. The computing device according to claim 13, wherein the preset policy for generating the public key comprises one of the following:
    - combining the unique device information according to a preset first sequence to obtain the public key;
      
      separately extracting a portion of the unique device information according to a preset extraction rule to obtain extracted information, and combining the extracted information according to a preset second sequence to obtain the public key;
      
      separately calculating a portion of the unique device information according to a preset first algorithm to obtain calculated information, and combining the calculated information according to a preset third sequence to obtain the public key; and
      
      combining the unique device information according to a preset fourth sequence to obtain combined information and calculating a portion of the combined information according to a preset second algorithm to obtain the public key.
  - 15. The computing device according to claim 13, wherein the operation of separately obtaining unique device information of the at least two target storage devices comprises:
    - separately sending a first device information obtaining request to the at least two target storage devices; and
      
      separately receiving the unique device information returned by the at least two target storage devices according to the first device information obtaining request.
  - 16. The computing device according to claim 13, wherein the operation of separately obtaining unique device information of the at least two target storage devices comprises:
    - separately sending a second device information obtaining request to the at least two target storage devices, wherein the second device information obtaining request carries authentication information; and
      
      separately receiving the unique device information returned by the at least two target storage devices, wherein the unique device information is returned by the at least two target storage devices after the at least two target storage devices perform authentication on the second device information obtaining request according to the authentication information and determine that the authentication succeeds.
  - 17. The computing device according to claim 13, wherein the operation of destructing relevant data of the public key comprises:
    - deleting the obtained unique device information from the computing device.
  - 18. The computing device according to claim 13, wherein the operation of storing the ciphertext into the at least two target storage devices comprises:
    - dividing, according to a quantity of the at least two target storage devices, the ciphertext into a corresponding quantity of ciphertext segments, and storing each of the ciphertext segments into a corresponding target storage device.
  - 19. The computing device according to claim 13, wherein the operation of storing the ciphertext into the at least two target storage devices comprises:
    - storing an entire copy of the ciphertext at each of the at least two target storage devices.
  - 20. The computing device according to claim 13, wherein the plurality of programs, when executed by the one or more processors, cause the computing device to perform the following operations:
    - receiving a data decryption request, the decryption request indicating ciphertext that needs to be decrypted;
      
      in response to the data decryption request;
      
      determining at least two target storage devices that store the ciphertext, each target storage device having at least a portion of the ciphertext, wherein the at least two target storage devices are communicatively connected to the computing device;
      
      obtaining unique device information of the at least two target storage devices;
      
      generating, based on the unique device information, a public key according to a preset policy; and
      
      retrieving the ciphertext from the at least two target storage devices and decrypting the ciphertext by using the public key to obtain decrypted data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Tencent Technology Company Limited (Tencent Holdings Limited)
Original Assignee
Tencent Technology Company Limited (Tencent Holdings Limited)
Inventors
LIN, Luyi, WANG, Yufei

Granted Patent

US 10,659,226 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

H04L 2209/80   Wireless network architectu...

H04L 63/0428   wherein the data content is...

H04L 63/06   for supporting key manageme...

H04L 9/0847   involving identity based en...

H04L 9/0866   involving user or device id...

H04L 9/088   Usage controlling of secret...

H04L 9/30   Public key, i.e. encryption...

H04W 12/06   Authentication

DATA ENCRYPTION METHOD, DECRYPTION METHOD, APPARATUS, AND SYSTEM

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

32 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

DATA ENCRYPTION METHOD, DECRYPTION METHOD, APPARATUS, AND SYSTEM

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

32 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links