阅读说明：本技术 一种基于非对称加密的网络账户共享和分发系统及方法 (Network account sharing and distributing system and method based on asymmetric encryption ) 是由 沈谷丰 于 2021-07-09 设计创作，主要内容包括：本发明公开了一种基于非对称加密的网络账户共享和分发系统及方法,系统包括分享者模块和接收者模块,分享者模块包括密钥生成模块、密钥加密模块、分发模块,接收者模块设置有密钥解密模块、数据解密模块、接收模块,密钥生成模块采用随机算法生成密钥A,使用密钥A加密分享数据；密钥加密模块采用密钥演变算法对密钥A进行加密生成专用密钥K,并对密钥A进行加密；密钥解密模块采用密钥演变算法得到专用密钥K,并利用专用密钥K对密钥A进行解密；数据解密模块根据密钥解密模块得到的密钥A对上传的加密数据进行解密得到分享数据。本发明非常安全,允许家人、朋友之间安全的分享网站登录信息,也为企业大大简化了工作量。(The invention discloses a network account sharing and distributing system and method based on asymmetric encryption, the system comprises a sharer module and a receiver module, the sharer module comprises a key generation module, a key encryption module and a distribution module, the receiver module is provided with a key decryption module, a data decryption module and a receiving module, the key generation module adopts a random algorithm to generate a key A, and the key A is used for encrypting shared data; the key encryption module encrypts the key A by adopting a key evolution algorithm to generate a special key K and encrypts the key A; the key decryption module obtains a special key K by adopting a key evolution algorithm and decrypts the key A by utilizing the special key K; and the data decryption module decrypts the uploaded encrypted data according to the key A obtained by the key decryption module to obtain the shared data. The invention is very safe, allows family and friends to safely share website login information, and greatly simplifies the workload for enterprises.)

1. A network account sharing and distributing system based on asymmetric encryption is characterized by comprising a sharer module and a receiver module, wherein the sharer module comprises a key generation module, a key encryption module and a distribution module, the receiver module is provided with a key decryption module, a data decryption module and a receiving module which correspond to the sharer module, the sharer module generates a pair of asymmetric keys and then sends a public key to the receiver module, the receiver module generates a pair of asymmetric keys and then sends the public key to the sharer module,

the key generation module generates a key A by adopting a random algorithm, and encrypts shared data by using the key A;

the key encryption module encrypts a key A by adopting a key evolution algorithm to generate a special key K and encrypts the key A;

the distribution module is used for uploading the key and the encrypted data,

the receiving module downloads the uploaded data to the key decryption module,

the key decryption module obtains a special key K by adopting a key evolution algorithm and decrypts the key A by utilizing the special key K;

and the data decryption module decrypts the uploaded encrypted data according to the key A obtained by the key decryption module to obtain the shared data.

2. The asymmetric encryption based network account sharing and distribution system as claimed in claim 1, wherein the sharer module further comprises a signature module, and the signature module adds other meta information to the key and signs the key to obtain the key distribution package.

3. The asymmetric encryption based network account sharing and distribution system as claimed in claim 2, wherein said receiver module further comprises a verification module, said verification module verifies the signature of the key distribution package according to the public key, and determines whether the key distribution package is revoked.

4. The asymmetric encryption based network account sharing and distribution system as claimed in claim 1, further comprising a third party node server, wherein the third party node server is configured to receive the uploaded encrypted data and update the uploaded encrypted data in real time.

5. A network account sharing and distributing method based on asymmetric encryption is characterized by comprising the following steps:

s1: registering: the receiver must generate a pair of asymmetric keys and then send the public key to the sharing person; the sharer must generate a pair of asymmetric keys and then send the public key to the receiver;

s2: the sharer publishes sharing: generating a key A by adopting a random algorithm, encrypting shared data by using the key A, encrypting the key A by adopting a key evolution algorithm to generate a special key K, encrypting the key A, signing the key and adding other meta-information to obtain a key distribution package, and uploading the key distribution package and the encrypted data;

s3: verifying the signature of the key distribution package according to the public key, and determining whether the key distribution package is revoked; obtaining a special key K by adopting a key evolution algorithm, and decrypting the key A by using the special key K; and decrypting the uploaded encrypted data according to the obtained secret key A to obtain shared data.

Technical Field

The invention relates to the technical field of information security protection, in particular to a network account sharing and distributing system and method based on asymmetric encryption.

Background

With the popularity of internet and cloud technologies, more and more people and enterprises are beginning to pay attention to data security. For individuals, privacy information including but not limited to personal photos, chat records, payment records, address book, etc.; for enterprises, important data such as public and private keys of an enterprise root certificate, server passwords, confidential data and the like are included. To view this information, the correct username and password combination is often entered into a particular system to read the correct content. The security risk increases significantly if the user uses the same password collocation in all systems. For security reasons, the user should use different mailboxes, usernames, and password collocations in different applications, websites. In order to allow users to easily respond to the demand, various password management software is also derived in the market.

Password management software is often stored by encrypting the entire database, and such storage is end-to-end encrypted. However, enterprise employees occasionally need to share a specific account, or relatives and friends need to share a specific account, and such a storage manner of full disk encryption obviously cannot meet the requirement of sharing only one login item, so the existing password management software often directly copies the plaintext content for delivery, or encodes the plaintext content for confusion (not encryption in nature). It is neither controllable nor presents a safety risk.

Disclosure of Invention

To solve at least or partially the above problems, a system and method for sharing and distributing a network account based on asymmetric encryption are provided.

In order to achieve the purpose, the invention provides the following technical scheme:

the invention relates to a network account sharing and distributing system based on asymmetric encryption, which comprises a sharer module and a receiver module, wherein the sharer module comprises a key generation module, a key encryption module and a distribution module, the receiver module is provided with a key decryption module, a data decryption module and a receiving module which correspond to the sharer module, the sharer module generates a pair of asymmetric keys and then sends a public key to the receiver module, the receiver module generates a pair of asymmetric keys and then sends the public key to the sharer module,

the key generation module generates a key A by adopting a random algorithm, and encrypts shared data by using the key A;

the key encryption module encrypts a key A by adopting a key evolution algorithm to generate a special key K and encrypts the key A;

the distribution module is used for uploading the key and the encrypted data,

the receiving module downloads the uploaded data to the key decryption module,

the key decryption module obtains a special key K by adopting a key evolution algorithm and decrypts the key A by utilizing the special key K;

and the data decryption module decrypts the uploaded encrypted data according to the key A obtained by the key decryption module to obtain the shared data.

As a preferred technical solution of the present invention, the sharer module further includes a signature module, and the signature module adds other meta-information to the key and performs signature to obtain the key distribution package.

As a preferred technical solution of the present invention, the receiver module further includes a verification module, and the verification module verifies a signature of the key distribution package according to the public key, and determines whether the key distribution package is revoked.

As a preferred technical solution of the present invention, the present invention further includes a third party node server, and the third party node server is configured to receive the uploaded encrypted data and update the encrypted data in real time.

The invention also provides a network account sharing and distributing method based on asymmetric encryption, which comprises the following steps:

s1: registering: the receiver must generate a pair of asymmetric keys and then send the public key to the sharing person; the sharer must generate a pair of asymmetric keys and then send the public key to the receiver;

s2: the sharer publishes sharing: generating a key A by adopting a random algorithm, encrypting shared data by using the key A, encrypting the key A by adopting a key evolution algorithm to generate a special key K, encrypting the key A, signing the key and adding other meta-information to obtain a key distribution package, and uploading the key distribution package and the encrypted data;

s3: verifying the signature of the key distribution package according to the public key, and determining whether the key distribution package is revoked; obtaining a special key K by adopting a key evolution algorithm, and decrypting the key A by using the special key K; and decrypting the uploaded encrypted data according to the obtained secret key A to obtain shared data.

Compared with the prior art, the invention has the following beneficial effects:

the invention is very safe, even if all communication processes are monitored and recorded, the computing speed of the existing computer can not be cracked in a short time.

The method allows family and friends to share website login information safely, and greatly simplifies the workload of setting a complex password for each employee account for an enterprise. Meanwhile, the sharing method still allows a user to input manually or use a two-dimensional code for quick transmission.

Drawings

The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the principles of the invention and not to limit the invention. In the drawings:

FIG. 1 is a flow chart of the registration phase of the present invention;

fig. 2 is a schematic diagram of the system architecture of the present invention.

Detailed Description

The preferred embodiments of the present invention will be described in conjunction with the accompanying drawings, and it will be understood that they are described herein for the purpose of illustration and explanation and not limitation.

In addition, if a detailed description of the known art is not necessary to show the features of the present invention, it is omitted.

Example 1

As shown in fig. 1-2, the present invention provides a network account sharing and distributing system based on asymmetric encryption, which includes a sharer module and a receiver module, wherein the sharer module includes a key generation module, a key encryption module, and a distribution module, the receiver module is provided with a key decryption module, a data decryption module, and a reception module corresponding to the sharer module, the sharer module generates a pair of asymmetric keys and then sends a public key to the receiver module, the receiver module generates a pair of asymmetric keys and then sends the public key to the sharer module,

the key generation module generates a key A by adopting a random algorithm, and encrypts shared data by using the key A;

the key encryption module encrypts a key A by adopting a key evolution algorithm to generate a special key K and encrypts the key A;

the distribution module is used for uploading the key and the encrypted data,

the receiving module downloads the uploaded data to the key decryption module,

the key decryption module obtains a special key K by adopting a key evolution algorithm and decrypts the key A by utilizing the special key K;

and the data decryption module decrypts the uploaded encrypted data according to the key A obtained by the key decryption module to obtain the shared data.

The sharing system is designed into a sharer and a receiver, login information sharing is respectively issued and received, and each login information sharing has a unique UUID. The system also allows for the presence of multifunctional third parties that are trusted by the sharee. Third parties include, but are not limited to, update nodes, key revoke nodes, and the like.

The update node is a server URI used for information update, and the update node at least needs to obtain UUID information shared by login information and then returns the latest login information ciphertext to download basic information such as the URI, the latest version and the like.

The key revoking node is a server URI for checking whether the public key of the receiver has been revoked, and the server needs to obtain at least a login information sharing ID to be queried by the receiver and a public key digest of the receiver itself, compare the login information sharing ID with a database, and return to the revoking condition.

Symmetric encryption is an encryption technique that uses the same key for encryption and decryption.

Asymmetric encryption is an encryption technique that involves a pair (2, called public and private) of keys, encryption and decryption must be used alternately. For example, content encrypted using a private key must be decrypted using a public key, and content encrypted using a public key must be decrypted using a private key. The public key can be derived from the private key but cannot be derived back from the public key, so the public key can be kept at will while the private key must be stored securely.

The following is a network account sharing and distributing method based on asymmetric encryption, which is totally divided into three steps, namely registration, sharer request issuing of new sharing, receiver verification and reading sharing. Wherein, in multiple sharing, the registration only needs to be performed once. The participants are two parties in total, namely a sharer and a receiver.

The first step is as follows: registration

Any recipient must generate a pair of asymmetric keys and then send the public key to the sharer (the process can be snooped, but the data cannot be tampered with).

Any sharer must generate a pair of asymmetric keys and then send the public key to the receiver (the process can be snooped, but the data cannot be tampered with).

One sharer may publish to multiple recipients.

The asymmetric keys generated by both parties can be reused.

The second step is that: sharer requests to publish new shares

The sharer generates a symmetric key A, combines the login information with the version information and the UUID, and encrypts the key A, wherein the selected encryption method should support AEAD to obtain a ciphertext A. (this process implements forward secrecy)

The sharer obtains n secret keys B by respectively using the own private key and the public keys of the n receivers through a key evolution algorithm (the process realizes AEAD)

The sharer uses n keys B to encrypt the key A respectively to obtain n ciphertexts K.

Sharer randomly generates UUID

The sharer respectively corresponds the n ciphertexts K with the receiver, and finally adds corresponding metadata such as a plaintext effective date, an expiration date, a UUID, the receiver, an update node, a key revoke node and the like to obtain n information P.

The sharer uses the private key to encrypt all contents in the information P respectively to obtain n ciphertext C.

And the sharer adds the n ciphertexts C to the end of the n information P respectively to obtain n information Q.

And coding the information Q and the ciphertext A so as to enable data to be transmitted in any medium more conveniently, and obtaining n information T and n information R. The information T is a key distribution package, and the information R is encrypted shared data.

And the sharer respectively sends the n key distribution packages and the encrypted sharing data I to the n receivers. No security protection is required during the transmission.

Or the sharer sends the n key distribution packages to the n receivers, and uploads the encrypted shared data to the update node.

The third step: recipient authentication and read sharing

The sharer requests to generate a new symmetric encryption key, the sharing system is designed into the sharer and the receiver and respectively issues and receives login information sharing, and each login information sharing has a unique UUID.

(if the receiver has n)

Respectively carrying out inverse coding operation on the information T and the information R to obtain information Q and ciphertext A

Separating the information Q to obtain a ciphertext C and an information P

And encrypting and calculating the information P by using the public key of the sharer, and comparing the information P with the ciphertext C. If the result is consistent, the shared metadata is correct.

The system verifies whether the current time is between the validation date and the expiration date provided in the information P. And if the current time interval is not in the interval, refusing to perform the next operation.

The system verifies whether its own public key has been revoked by the key revocation server provided in the information P. If the public key has been revoked, the next operation is refused.

If cipher text A does not exist in the system (only the key distribution package is received), downloading the cipher text A from the update node

The system uses the private key of the receiver and the public key of the publisher to obtain the key B by using a key evolution algorithm

The system decrypts the ciphertext K provided in the information P by using the secret key B to obtain a secret key A

The receiver decrypts the ciphertext A by using the key A to obtain the originally shared login information

The system can select the update node and the key revoke node provided in the information P to verify whether the ciphertext has a new version, and selectively update.

Finally, it should be noted that: although the present invention has been described in detail with reference to the foregoing embodiments, it will be apparent to those skilled in the art that changes may be made in the embodiments and/or equivalents thereof without departing from the spirit and scope of the invention. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.