Encryption/decryption method, system and device

US 9,548,969 B2
Filed: 08/12/2013
Issued: 01/17/2017
Est. Priority Date: 12/04/2012
Status: Active Grant

First Claim

Patent Images

1. An encryption method, comprising:

performing, by a terminal, an encryption operation for data of the terminal according to information of an encryption sub-node of an Encrypt And Decrypt Management Object (EADMO) node of a local Device Management (DM) tree when receiving an encryption instruction sent from a DM server;

wherein the EADMO node is a node added to the DM tree of the terminal;

reporting to the DM server, by the terminal, encrypted data state information generated after the encryption succeeds;

updating, by the terminal according to an updating instruction sent from the DM server, information of a Store Uniform Resource Locator (URL) sub-node of the EADMO node of the DM tree into a URL for the DM server to locally store the encrypted data state information.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An encryption/decryption method are described, which includes that a terminal performs an encryption operation according to information of an encryption sub-node of an Encrypt And Decrypt Management Object (EADMO) node of a local Device Management (DM) tree and reports to a DM server encrypted data state information generated after the encryption succeeds; and the terminal performs a decryption operation according to the encrypted data state information sent from the DM server. An encryption/decryption system and device are also described. By means of technical solutions of embodiments of the disclosure, operations are simple without causing data loss, and a problem that data of a non-local terminal cannot be encrypted is solved.

Citations

21 Claims

1. An encryption method, comprising:
- performing, by a terminal, an encryption operation for data of the terminal according to information of an encryption sub-node of an Encrypt And Decrypt Management Object (EADMO) node of a local Device Management (DM) tree when receiving an encryption instruction sent from a DM server;
  
  wherein the EADMO node is a node added to the DM tree of the terminal;
  
  reporting to the DM server, by the terminal, encrypted data state information generated after the encryption succeeds;
  
  updating, by the terminal according to an updating instruction sent from the DM server, information of a Store Uniform Resource Locator (URL) sub-node of the EADMO node of the DM tree into a URL for the DM server to locally store the encrypted data state information.
- View Dependent Claims (2, 15, 20, 21)
- - 2. The method according to claim 1, further comprising:
    - before the DM server sends the encryption instruction to the terminal,obtaining, by the DM server, information of a State sub-node of the EADMO node of the DM tree of the terminal, determining whether the information of the State sub-node is unencrypted;
      
      if yes, then sending the encryption instruction to the terminal;
      
      otherwise, sending the terminal or a terminal currently used by a user a message indicating that encryption has been performed.
  - 15. The method according to claim 1, further comprising:
    - after the terminal performs the encryption successfully,requesting the DM server, by the terminal, for encrypted data state information to which a URL stored by the Store URL sub-node of the EADMO node of the DM tree of the terminal is directed, when receiving a decryption instruction sent from the DM server;
      
      performing, by the terminal, a decryption operation according to the encrypted data state information when receiving the encrypted data state information sent from the DM server;
      
      after the terminal performs the encryption successfully, sending, by the terminal, an encryption success message to the DM server, and updating the information of the State sub-node of the EADMO node of the local DM tree to be encrypted according to an updating instruction sent from the DM server.
  - 20. The method according to claim 1, the encryption sub-node of the EADMO node of the local DM tree comprises:
    - an encryption mode sub-node, an encryption key words sub-node and an encryption level sub-node, whereininformation stored by the encryption mode sub-node is a set encryption mode, including encryption by a file name and/or encryption by a file suffix name;
      
      information stored by the encryption key words sub-node is a set encrypted keyword, including a file name keyword and a keyword of a file suffix name, and the file name is a file name without a file suffix name;
      
      information stored by the encryption level sub-node is a set encryption level;
      
      different encryption levels may be set according to different complexities of encryption algorithms, and an encryption level is positively correlated to the complexity of an encryption algorithm;
      
      the step of performing, by a terminal, an encryption operation for data of the terminal according to information of an encryption sub-node of an Encrypt And Decrypt Management Object (EADMO) node of a local Device Management (DM) tree when receiving an encryption instruction sent from a DM server comprises;
      
      when the terminal receives the encryption instruction, which is an instruction for executing a preset instruction string in the encryption sub-node of the EADMO node of the DM tree, sent from the DM server, performing, the encryption operation for data of the terminal according to information stored in the encryption mode, the encryption key words and the encryption level sub-nodes in the encryption sub-node of the EADMO node of the DM tree.
  - 21. The method according to claim 1, the terminal is any terminal used currently by a user or a terminal in which data is to be encrypted or decrypted.

3. A decryption method, comprising:
- requesting a Device Management (DM) server, by a terminal, for encrypted data state information to which a Uniform Resource Locator (URL) stored by a Store URL sub-node of an Encrypt And Decrypt Management Object (EADMO) node of a DM tree of the terminal is directed, when receiving a decryption instruction sent from the DM server;
  
  wherein the EADMO node is a node added to the DM tree of the terminal;
  
  performing, by the terminal, a decryption operation for data of the terminal according to the encrypted data state information sent from the DM serverfurther comprising;
  
  before the DM server sends the decryption instruction to the terminal,obtaining, by the DM server, a decryption key held by a user from the terminal or a terminal currently used by a user;
  
  verifying whether the decryption key can be matched with a locally stored decryption key;
  
  if yes, sending the decryption instruction to the terminal;
  
  otherwise, sending a key verification failure message to the corresponding terminal or the terminal currently used by the user.
- View Dependent Claims (4, 16)
- - 4. The method according to claim 3, further comprising:
    - after the terminal performs the decryption successfully,sending, by the terminal, a decryption success message to the DM server; and
      
      updating, by the terminal according to an updating instruction sent from the DM server, the information of the State sub-node of the EADMO node of the local DM tree to be unencrypted.
  - 16. The method according to claim 3, further comprising:
    - before the DM server sends the decryption instruction to the terminal,obtaining, by the DM server, information of a State sub-node of the EADMO node of the DM tree of the terminal;
      
      determining whether the information of the State sub-node has been encrypted;
      
      if yes, sending the decryption instruction to the terminal;
      
      otherwise, sending the terminal or a terminal currently used by a user a message indicating that decryption has been performed.

5. A terminal, comprising:
- a first receiving unit, a first encrypting unit, a first sending unit, and a first storing unit, whereinthe first receiving unit is configured to receive an encryption instruction sent from a Device Management (DM) server;
  
  to receive an updating instruction sent from the DM server, wherein the instruction updates information of a Store Uniform Resource Locator (URL) sub-node of an Encrypt And Decrypt Management Object (EADMO) node of a Device Management (DM) tree of the first storing unit into a URL, wherein the URL is a URL for the DM server to locally store encrypted data state information sent from the first sending unit;
  
  wherein the EADMO node is a node added to the DM tree of the terminal;
  
  the first encrypting unit is configured, when the first receiving unit receives the encryption instruction, to perform an encryption operation for data of the terminal according to information of an encryption sub-node of the EADMO node of the DM tree, wherein the information of the encryption sub-node of the EADMO node of the DM tree is stored by the first storing unit; and
  
  to generate the encrypted data state information after the encryption succeeds;
  
  the first sending unit is configured to send the DM server the encrypted data state information generated after the first encrypting unit performs the encryption successfully;
  
  the first storing unit is configured to store information of the EADMO node of the DM tree, to update, according to the updating instruction received by the first receiving unit, the information of the Store URL sub-node of the EADMO node of the DM tree into the URL for the DM server to locally store the encrypted data state information.
- View Dependent Claims (6, 17)
- - 6. The terminal according to claim 5, further comprising:
    - a second receiving unit, a first decrypting unit, a second sending unit and a second storing unit, whereinthe second receiving unit is configured to receive a decryption instruction sent from the DM server and to receive the encrypted data state information sent from the DM server;
      
      the first decrypting unit is configured to perform a decryption operation according to the encrypted data state information received by the second receiving unit;
      
      the second sending unit is configured, when the second receiving unit receives the decryption instruction, to send the DM server an instruction for obtaining the encrypted data state information, wherein the encrypted data state information is encrypted data state information to which a URL in information of a Store URL sub-node is directed and the Store URL sub-node is located in an EADMO node of a DM tree of the second storing unit;
      
      the second storing unit is configured to store information of the EADMO node of the DM tree.
  - 17. The terminal according to claim 5, whereinthe first receiving unit is further configured to receive from the DM server an instruction for obtaining information of a State sub-node, wherein the information of the state sub-node is stored by the first storing unit, to receive the encryption instruction or a message indicating that encryption has been performed, wherein the encryption instruction or the message indicating that encryption has been performed is sent from the DM server;
    - the first sending unit is further configured to send the information of the State sub-node to the DM server when the first receiving unit receives from the DM server the instruction for obtaining the information of the State sub-node;
      
      the first sending unit is further configured to send an encryption success message to the DM server after the first encrypting unit performs the encryption successfully;
      
      the first receiving unit is further configured to receive the updating instruction from the DM server;
      
      the first storing unit is further configured to update, according to the updating instruction received by the first receiving unit, the information of the State sub-node of the EADMO node of the DM tree to be encrypted.

7. A terminal, wherein the terminal includes:
- a second receiving unit, a first decrypting unit, a second sending unit and a second storing unit, whereinthe second receiving unit is configured to receive a decryption instruction sent from a Device Management (DM) server, and to receive encrypted data state information sent from the DM server;
  
  the first decrypting unit is configured, when the second receiving unit receives the encrypted data state information sent from the DM server, to perform a decryption operation for data of the terminal according to the encrypted data state information;
  
  the second sending unit is configured, when the second receiving unit receives the decryption instruction, to send the DM server an instruction for obtaining the encrypted data state information, wherein the encrypted data state information is encrypted data state information to which a Uniform Resource Locator (URL) in information of a Store URL sub-node is directed, and the Store URL sub-node is located in an Encrypt And Decrypt Management Object (EADMO) node of a DM tree of the second storing unit;
  
  wherein the EADMO node is a node added to the DM tree of the terminal;
  
  the second storing unit is configured to store information of the EADMO node of the DM tree;
  
  the second receiving unit is further configured to receive an instruction for obtaining a decryption key held by a user, wherein the instruction is sent from the DM server;
  
  the second sending unit is further configured, when the second receiving unit receives the instruction for obtaining the decryption key held by the user, to send the decryption key held by the user to the DM server.
- View Dependent Claims (8, 18)
- - 8. The terminal according to claim 7, whereinthe second sending unit is further configured, when the first decryption unit performs the decryption successfully, to send a decryption success message to the DM server;
    - the second receiving unit is further configured to receive an updating instruction from the DM server;
      
      the second storing unit is further configured to update, according to the updating instruction received by the first receiving unit, the stored information of the State sub-node of the EADMO node of the DM tree to be unencrypted.
  - 18. The terminal according to claim 7, whereinthe second receiving unit is further configured to receive from the DM server an instruction for obtaining information of a State sub-node of the EADMO node of the DM tree of the second storing unit;
    - the second sending unit is further configured, when the second receiving unit receives from the DM server the instruction for obtaining the information of the State sub-node, to send the information of the State sub-node to the DM server.

9. A Device Management (DM) server, comprising:
- a third sending unit, a third receiving unit and a third storing unit, whereinthe third sending unit is configured to send an encryption instruction to a terminal;
  
  when the third receiving unit receives encrypted data state information generated and sent after the terminal performs encryption successfully, to indicate the terminal to update information of a Store Uniform Resource Locator (URL) sub-node of an Encrypt And Decrypt Management Object (EADMO) node of a local DM tree of the terminal, wherein the updated information of the Store URL sub-node is a URL for the third storing unit to store the encrypted data state information;
  
  wherein the EADMO node is a node added to the DM tree of the terminal;
  
  the third receiving unit is configured to generate and send the encrypted data state information after the terminal performs the encryption successfully;
  
  the third storing unit is configured to store the encrypted data state information received by the third receiving unit.
- View Dependent Claims (10, 11, 19)
- - 10. The DM server according to claim 9, further comprising:
    - a first determining unit configured, when the third receiving unit receives information of a State sub-node of the EADMO node of the DM tree of the terminal, to determine whether the information of the State sub-node is unencrypted;
      
      the third sending unit is further configured to send the terminal an instruction for obtaining the information of the State sub-node;
      
      when a determination result of the first determining unit is yes, to send an encryption instruction to the terminal; and
      
      when a determination result of the first determining unit is no, to send the terminal or a terminal used by a user a message indicating that encryption has been performed;
      
      the third receiving unit is further configured to receive the information of the State sub-node from the terminal.
  - 11. The DM server according to claim 9, further comprising:
    - a fourth sending unit, a fourth receiving unit and a fourth storing unit, whereinthe fourth sending unit is configured to send a decryption instruction to the terminal;
      
      when the fourth receiving unit receives from the terminal an instruction for requesting for the encrypted data state information, to send the encrypted data state information to the terminal;
      
      the fourth receiving unit is configured to receive from the terminal an instruction for requesting for the encrypted data state information to which the URL stored by the Store URL sub-node is directed;
      
      the fourth storing unit is configured to store the encrypted data state information.
  - 19. The DM server according to claim 9, whereinthe third receiving unit is further configured to receive a decryption key generated and sent after the terminal performs the encryption successfully;
    - the third storing unit is further configured to store the decryption key generated and sent after the terminal performs the encryption successfully;
      
      the third receiving unit is further configured to receive an encryption success message sent after the terminal performs the encryption successfully;
      
      the third sending unit is further configured, when the third receiving unit receives the encryption success message sent after the terminal performs the encryption successfully, to send an updating instruction to the terminal to indicate the terminal to update the information of the State sub-node of the EADMO node of the local DM tree to be encrypted.

12. A Device Management (DM) server, comprising:
- a fourth sending unit, a fourth receiving unit, and a fourth storing unit, whereinthe fourth sending unit is configured to send a decryption instruction to a terminal; and
  
  when the fourth receiving unit receives from the terminal an instruction for requesting for encrypted data state information to which a Uniform Resource Locator (URL) is directed and which is stored by the fourth storing unit, to send the terminal the encrypted data state information to which the URL is directed;
  
  the fourth receiving unit is configured to receive from the terminal the instruction for requesting for the encrypted data state information to which the URL is directed, wherein the URL is located in a Store URL of an Encrypt And Decrypt Management Object (EADMO) node of a DM tree of the terminal;
  
  wherein the EADMO node is a node added to the DM tree of the terminal;
  
  the fourth storing unit is configured store the encrypted data state information;
  
  further comprising;
  
  a first verifying unit, configured to verify whether a decryption key held by a user and received by the fourth receiving unit can be matched with a decryption key stored by the fourth storing unit;
  
  the fourth sending unit is further configured to send the terminal or a terminal currently used by a user an instruction for obtaining the decryption key held by the user;
  
  when a verifying result of the first verifying unit is yes, to send a decryption instruction to the terminal; and
  
  when a verifying result of the first verifying unit is no, to send the corresponding terminal or the terminal currently used by the user a key verification failure message;
  
  the fourth receiving unit is further configured to receive the decryption key sent from the terminal or the terminal currently used by the user;
  
  the fourth storing unit is further configured to store the decryption key.
- View Dependent Claims (13, 14)
- - 13. The DM server according to claim 12, further comprising:
    - a second determining unit configured, when the fourth receiving unit receives information of a State sub-node, to determine whether the information of the State sub-node is encrypted;
      
      the fourth sending unit is further configured to send the terminal an instruction for obtaining the information of the State sub-node;
      
      when a determining result of the second determining unit is yes, to send a decryption instruction to the terminal, and when a determining result of the second determining unit is no, to send the terminal or a terminal currently used by a user a message indicating that decryption has been performed;
      
      the fourth receiving unit is configured to receive from the terminal the information of the State sub-node of the EADMO of the DM tree.
  - 14. The DM server according to claim 12, whereinthe fourth receiving unit is further configured to receive a decryption success message sent after the terminal performs the decryption successfully;
    - the fourth sending unit is further configured, when the fourth receiving unit receives the decryption success message sent after the terminal performs the decryption successfully, to indicate the terminal to update the information of the State sub-node of the EADMO of the DM tree to be unencrypted.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
ZTE Corporation
Original Assignee
ZTE Corporation
Inventors
Qiu, Jiong
Primary Examiner(s)
Brown, Anthony

Application Number

US14/649,311
Publication Number

US 20150319140A1
Time in Patent Office

1,254 Days
Field of Search

713/162
US Class Current

1/1
CPC Class Codes

G06F 21/602   Providing cryptographic fac...

H04L 63/04   for providing a confidentia...

H04L 63/0428   wherein the data content is...

H04L 67/02   based on web technology, e....

H04L 67/04   specially adapted for termi...

H04W 12/02   Protecting privacy or anony...

H04W 12/03   Protecting confidentiality,...

H04W 12/04   Key management, e.g. using ...

H04W 4/50   Service provisioning or rec...

Encryption/decryption method, system and device

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Encryption/decryption method, system and device

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links