CN103686714B - A kind of mobile encrypted equipment room based on off-line hardware device sets up the implementation method trusted - Google Patents
A kind of mobile encrypted equipment room based on off-line hardware device sets up the implementation method trusted Download PDFInfo
- Publication number
- CN103686714B CN103686714B CN201310571521.8A CN201310571521A CN103686714B CN 103686714 B CN103686714 B CN 103686714B CN 201310571521 A CN201310571521 A CN 201310571521A CN 103686714 B CN103686714 B CN 103686714B
- Authority
- CN
- China
- Prior art keywords
- mouth
- encryption
- equipment
- encryption device
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Storage Device Security (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The present invention relates to a kind of mobile encrypted equipment room based on off-line hardware device and set up the implementation method trusted, a group encryption equipment of user includes a main encryption equipment and multiple common encryption equipment;It specifically comprises the following steps that 1, main encryption equipment initializes 1, generate " KI to ", 2, generate " symmetric key protection double secret key ";User setup PIN code;2, the most initialized main encryption equipment or common encryption equipment insert the A mouth of female shield, and encryption device to be initiated inserts the B mouth of female shield;3, user needs to input the PIN code of the encryption device being inserted in A mouth, and after PIN code is verified, female shield processes.The invention have the advantages that: the file needs of encryption in any client of a user can be decrypted in other clients of this user;Need during setting up trusting relationship between encryption device to prevent hackers from attacking, and set up trusting relationship between my encryption device non-.
Description
Technical field
The present invention relates to mobile encrypted equipment room and set up the technical field trusted, a kind of mobile encrypted equipment room based on off-line hardware device is built
The vertical implementation method trusted.
Background technology
During encryption cloud disk realizes, the problem that user's scene and needs solve is: 1, a user has multiple stage client (PC or mobile device),
A hardware encryption device (USB or TF card interface form) it is inserted with in every client;2, each encryption device is no initializtion when consigning to user
State, needs user to complete it and initializes.3, in any client of a user, the file of encryption needs other clients this user
Can be decrypted on Duan;4, need to prevent hackers from attacking during setting up trusting relationship between encryption device, and my encryption non-sets
Trusting relationship is set up between Bei.
Summary of the invention
The shortcoming that the invention solves the problems that above-mentioned prior art, it is provided that a kind of mobile encrypted equipment room based on off-line hardware device sets up the realization side trusted
Method.
The present invention solves the technical scheme that its technical problem uses: this mobile encrypted equipment room based on off-line hardware device sets up the realization side trusted
Method, a group encryption equipment of user includes a main encryption equipment and multiple common encryption equipment, and for no initializtion state, inside does not comprise any close
Key;It specifically comprises the following steps that
(1), main encryption equipment initializes: main encryption equipment inserts the A mouth of female shield, and female shield reads its facility information, learns that it is main encryption equipment,
And also be not initialised, then carry out following initialization procedure, (1), generate " KI to ", (2), generate that " symmetric key is protected
Double secret key ";User setup PIN code;
(2), the most initialized main encryption equipment or common encryption equipment insert the A mouth of female shield, encryption device to be initiated is inserted female shield
B mouth;If the equipment that A mouth inserts is the equipment that no initializtion equipment or B mouth insert is initialization apparatus, then point out error message;
(3), user need to input the PIN code of the encryption device being inserted in A mouth, after PIN code is verified, female shield is handled as follows:
1. the encryption device of pre-initialize B mouth, generates " KI to ";
2. " KI to " PKI of B mouth encryption device is taken out, pass to the encryption device of A mouth;
3. the encryption device of A mouth uses " KI to " PKI of B mouth encryption device to " symmetric key protection double secret key "
It is encrypted, returns to the encryption device of B mouth;
4. the encryption device of B mouth uses " KI to " private key of oneself, is decrypted the data obtained, and it is " right to obtain
Claim key-protection key to ", and be saved in the nonvolatile storage of oneself;
5. the PIN code of user setup B mouth encryption device.
The invention have the advantages that: provide a kind of mobile encrypted equipment room based on off-line hardware device and set up the implementation method trusted, at one
The file needs of encryption in any client of user can be decrypted in other clients of this user;Set up between encryption device and trust
Need during relation to prevent hackers from attacking, and set up trusting relationship between my encryption device non-.
Detailed description of the invention
Below in conjunction with embodiment, the invention will be further described:
This mobile encrypted equipment room based on off-line hardware device sets up the implementation method trusted, it is achieved method is as follows: a group encryption equipment of user
Including a main encryption equipment and multiple common encryption equipment, for no initializtion state, inside does not comprise any key;It specifically comprises the following steps that
(1), main encryption equipment initializes: main encryption equipment inserts the A mouth of female shield, and female shield reads its facility information, learns that it is main encryption equipment,
And also be not initialised, then carry out following initialization procedure, (1), generate " KI to ", (2), generate that " symmetric key is protected
Double secret key ";User setup PIN code;
(2), the most initialized main encryption equipment or common encryption equipment insert the A mouth of female shield, encryption device to be initiated is inserted female shield
B mouth;If the equipment that A mouth inserts is the equipment that no initializtion equipment or B mouth insert is initialization apparatus, then point out error message;
(3), user need to input the PIN code of the encryption device being inserted in A mouth, after PIN code is verified, female shield is handled as follows:
6. the encryption device of pre-initialize B mouth, generates " KI to ";
7. " KI to " PKI of B mouth encryption device is taken out, pass to the encryption device of A mouth;
8. the encryption device of A mouth uses " KI to " PKI of B mouth encryption device to " symmetric key protection double secret key "
It is encrypted, returns to the encryption device of B mouth;
9. the encryption device of B mouth uses " KI to " private key of oneself, is decrypted the data obtained, and it is " right to obtain
Claim key-protection key to ", and be saved in the nonvolatile storage of oneself;
10. the PIN code of user setup B mouth encryption device.
1. cloud shield i.e. " hardware encryption device ", has USB and TF card packing forms.The encryption device of TF card packing forms can use
The switching of TF-USB adapter is USB packing forms
2. encryption device can consign to user by the way of express delivery, and the encryption device that user receives is no initializtion state, and inside is not
Comprise any key.
3., after encryption device needs to use female shield to initialize, could be used.
4. complete inside initialized encryption device, to comprise two pairs of unsymmetrical key pair
1. KI pair
2. symmetric key protection double secret key
5. in the group encryption equipment that user obtains, there is a main encryption equipment, use shell and other encryption device district of different colours
Point.
6. the difference of main encryption equipment and common encryption equipment is:
1., when upper layer application obtains encryption device information, main encryption equipment can return distinctive mark, shows it oneself is main encryption
Equipment
2., when carrying out main encryption equipment and initializing, female shield can call the interface of main encryption equipment, generates " KI respectively
Right " and " symmetric key protection double secret key ", and when carrying out the initialization of common encryption equipment, only generate and " authenticate close
Key to ", " symmetric key protection double secret key " is injected into.
1. female shield is an embedded device, comprises with lower component:
1. power supply adaptor
2. LCDs
The most some buttons
4. two USB interface
A) A mouth: for inserting the encryption device being initialised, or the main encryption equipment not being initialised
B) B mouth: for inserting the encryption device not being initialised;
2. in female shield, do not preserve any PKI and private key information.
In addition to the implementation, the present invention can also have other embodiments.The technical scheme that all employing equivalents or equivalent transformation are formed, all falls
Protection domain at application claims.
Claims (1)
1. a mobile encrypted equipment room based on off-line hardware device sets up the implementation method trusted, it is characterised in that: a group encryption of user sets
For including a main encryption equipment and multiple common encryption equipment, for no initializtion state, inside does not comprise any key;It specifically comprises the following steps that
(1), main encryption equipment initializes: main encryption equipment inserts the A mouth of female shield, and female shield reads its facility information, learns that it is main encryption equipment,
And also be not initialised, then carry out following initialization procedure, (a), generate " KI to ", (b), generate that " symmetric key is protected
Double secret key ";User setup PIN code;
(2), the most initialized main encryption equipment insert the A mouth of female shield, encryption device to be initiated is inserted the B mouth of female shield;If A mouth
The equipment inserted be the equipment that no initializtion equipment or B mouth insert be initialization apparatus, then point out error message;
(3), user need to input the PIN code of the encryption device being inserted in A mouth, after PIN code is verified, female shield is handled as follows:
1. the encryption device of pre-initialize B mouth, generates " KI to ";
2. " KI to " PKI of B mouth encryption device is taken out, pass to the encryption device of A mouth;
3. the encryption device of A mouth uses " KI to " PKI of B mouth encryption device to " symmetric key protection double secret key "
It is encrypted, returns to the encryption device of B mouth;
4. the encryption device of B mouth uses " KI to " private key of oneself, is decrypted the data obtained, and it is " right to obtain
Claim key-protection key to ", and be saved in the nonvolatile storage of oneself;
5. the PIN code of user setup B mouth encryption device.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310571521.8A CN103686714B (en) | 2013-11-13 | 2013-11-13 | A kind of mobile encrypted equipment room based on off-line hardware device sets up the implementation method trusted |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310571521.8A CN103686714B (en) | 2013-11-13 | 2013-11-13 | A kind of mobile encrypted equipment room based on off-line hardware device sets up the implementation method trusted |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103686714A CN103686714A (en) | 2014-03-26 |
| CN103686714B true CN103686714B (en) | 2017-01-04 |
Family
ID=50322721
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310571521.8A Active CN103686714B (en) | 2013-11-13 | 2013-11-13 | A kind of mobile encrypted equipment room based on off-line hardware device sets up the implementation method trusted |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103686714B (en) |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101515853A (en) * | 2009-03-09 | 2009-08-26 | 深圳同方电子设备有限公司 | Information terminal and information safety device thereof |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8745386B2 (en) * | 2010-06-21 | 2014-06-03 | Microsoft Corporation | Single-use authentication methods for accessing encrypted data |
-
2013
- 2013-11-13 CN CN201310571521.8A patent/CN103686714B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101515853A (en) * | 2009-03-09 | 2009-08-26 | 深圳同方电子设备有限公司 | Information terminal and information safety device thereof |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103686714A (en) | 2014-03-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10601801B2 (en) | Identity authentication method and apparatus | |
| US11880831B2 (en) | Encryption system, encryption key wallet and method | |
| US9467430B2 (en) | Device, method, and system for secure trust anchor provisioning and protection using tamper-resistant hardware | |
| TWI515601B (en) | Electronic device, method for establishing and enforcing a security policy associated with anaccess control element, and secure element | |
| SG10201901366WA (en) | Key exchange through partially trusted third party | |
| WO2014083335A3 (en) | A method and system of providing authentication of user access to a computer resource via a mobile device using multiple separate security factors | |
| EP2639997A1 (en) | Method and system for secure access of a first computer to a second computer | |
| NZ592061A (en) | Secure negotiation of authentication capabilities | |
| CN104468627B (en) | A kind of data ciphering method and system carrying out terminal data backup by server | |
| WO2011159715A3 (en) | Key management systems and methods for shared secret ciphers | |
| WO2015158172A1 (en) | User identity identification card | |
| US20200195446A1 (en) | System and method for ensuring forward & backward secrecy using physically unclonable functions | |
| US10091189B2 (en) | Secured data channel authentication implying a shared secret | |
| JP2018505620A5 (en) | Communication system and authentication method | |
| SI2150915T1 (en) | Secure login protocol | |
| KR100668446B1 (en) | Safe --method for transferring digital certificate | |
| CN105142134A (en) | Parameter obtaining and transmission methods/devices | |
| CN104639327A (en) | Method for identifying and correlating equipment by digital certificate | |
| CN103686714B (en) | A kind of mobile encrypted equipment room based on off-line hardware device sets up the implementation method trusted | |
| CN104469752A (en) | Encryption method and device and terminal | |
| US9876774B2 (en) | Communication security system and method | |
| Xie et al. | Secure mobile user authentication and key agreement protocol with privacy protection in global mobility networks | |
| KR20140043836A (en) | Communication system utilizing fingerprint information and use of the system | |
| EP3556046B1 (en) | Method for secure management of secrets in a hierarchical multi-tenant environment | |
| CN106487509B (en) | A kind of method and host equipment generating key |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20170418 Address after: 234000 Suzhou province high tech Zone, Anhui, Chen Chen Road, No. 8 Patentee after: Suzhou Huarui Network Information Service Co. Ltd. Address before: Hangzhou City, Zhejiang province Xihu District 310012 No. 252 Wensanlu Road Weixing building 3A-1 Patentee before: Anhui Yun Dun Information Technology Co., Ltd |
|
| TR01 | Transfer of patent right |