Data encryption and decryption system supporting device revoking operation and implementing method

The invention relates to a data encryption and decryption system supporting device revoking operation and an implementing method. The system comprises mobile devices, an encryption control branch network and an enterprise network. Two firewalls are arranged inside the enterprise network, a mail server of an enterprise and a certificate control server of the enterprise are placed in a DMZ area, isolated from the Internet, of the first firewall, the encryption control branch network is arranged behind the second firewall, the encryption control branch network is isolated from the enterprise network, and the encryption control branch network is only connected with encryption machines and a manager working machine. On the mobile devices, symmetric keys for encrypting and decrypting data need to be double encrypted by RSA secret keys of the encryption machines and RSA secret keys of the mobile devices, all the encryption machines share a blacklist information bank, and service requests sent by the mobile devices on a blacklist are rejected. The data encryption and decryption system supporting device revoking operation and the implementing method have the advantages that TF cards in the mobile devices can be rapidly revoked through simple operation after the mobile devices and the TF cards are lost, and enciphered data in the mobile devices can not be decrypted after the TF cards are revoked even when people picking up the lost mobile devices know access passwords.