CN109150510A - A kind of method and apparatus obtaining symmetric key - Google Patents
A kind of method and apparatus obtaining symmetric key Download PDFInfo
- Publication number
- CN109150510A CN109150510A CN201810930698.5A CN201810930698A CN109150510A CN 109150510 A CN109150510 A CN 109150510A CN 201810930698 A CN201810930698 A CN 201810930698A CN 109150510 A CN109150510 A CN 109150510A
- Authority
- CN
- China
- Prior art keywords
- data
- key
- calculated
- obtains
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0891—Revocation or update of secret information, e.g. encryption key update or rekeying
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0822—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
Abstract
The present invention discloses a kind of method and apparatus for obtaining symmetric key, is related to field of communication security;The cipher key delivery for receiving and parsing through host computer transmission the method includes equipment instructs to obtain key block header field, cipher key block data domain and key block MAC value;First key and the second key are obtained according to protection key, the first preset data, the second preset data, the 9th preset data and the tenth preset data;Encryption key and MAC key are obtained according to protection key, first key, third preset data to the 5th preset data and the 6th preset data to the 8th preset data;The first clear data is obtained according to encryption key, cipher key block data domain and key block MAC value;The second MAC value is obtained according to MAC key, the first clear data, key block header field and the second key;When the second MAC value is identical with key block MAC value, symmetric key is obtained from the first clear data and is stored, is responded to host computer " return " key" transmission success.
Description
Technical field
The present invention relates to field of communication security more particularly to a kind of method and apparatus for obtaining symmetric key.
Background technique
When carrying out Transaction Information transmission between the equipment that two are supported symmetric key system, need quick with symmetric key etc.
Sense data carry out encryption and checking data integrity to information such as Transaction Informations, but firstly the need of by sensitive datas such as symmetric keys
It is stored in inside equipment to be encrypted and to be verified to Transaction Information.In the prior art, universal method is set using dedicated
It is standby that the sensitive datas such as symmetric key are injected into equipment in a manner of plaintext or simple encryption;If user want update or
The symmetric key of updating apparatus must just carry out equipment returning factory (manufacturer is allowed to update or upgrade symmetric key), process
It is very complicated;Furthermore user is the symmetric key that can use the update of non-dedicated equipment or updating apparatus, but symmetrically close at this time
The sensitive datas such as key are easy to be stolen, and safety is low.
Summary of the invention
To solve problems of the prior art, the invention proposes a kind of method and apparatus for obtaining symmetric key.
Realize The technical solution adopted by the invention is as follows:
The present embodiment provides a kind of methods for obtaining symmetric key, comprising the following steps:
Step S1: equipment receives the cipher key delivery instruction that host computer is sent, and parses the cipher key delivery and instructs to obtain key
Block number evidence;
Step S2: the equipment obtains preset protection key;According to the protection key, the first preset data and second
Preset data obtains first key;
Step S3: the equipment is according to the protection key, the first key, third preset data, the 4th present count
Encryption key is obtained according to the 5th preset data;According to the protection key, the first key, the 6th preset data, the 7th
Preset data and the 8th preset data obtain MAC key;
Step S4: the equipment obtains first in plain text according to the encryption key, cipher key block data domain and key block MAC value
Data;The second MAC value is obtained according to the MAC key, first clear data, key block header field and the second key;
Step S5: it when second MAC value is identical with the key block MAC value, is obtained from first clear data
It takes symmetric key and stores, responded to host computer " return " key" transmission success;
Between the step S1 and the step S4, further includes:
The equipment parses the cipher key block data and obtains key block header field, cipher key block data domain and key block MAC value;
It is described that 2nd MAC is obtained according to the MAC key, first clear data, key block header field and the second key
Before value, the equipment is obtained after preset protection key, further includes:
The equipment carries out being calculated second close according to the protection key, the 9th preset data and the tenth preset data
Key;
The present embodiment provides a kind of equipment for obtaining symmetric key, including receiving module, the first parsing module, the second solution again
Analysis module, the first acquisition module, first obtaining module, second obtain module, third obtains module, the 4th obtains module, the 5th
Module is obtained, the 6th module is obtained, second obtains module, memory module and sending module;
The receiving module, for receiving the cipher key delivery instruction of host computer transmission;
First parsing module instructs to obtain key block for parsing the received cipher key delivery of the receiving module
Data;
Second parsing module is obtained for parsing the cipher key block data that first parsing module parses
Key block header field, cipher key block data domain and key block MAC value;
Described first obtains module, for obtaining preset protection key;
The first obtaining module, it is default for obtaining the protection key, first that module obtains according to described first
Data and the second preset data obtain first key;
Described second obtains module, default for obtaining the protection key, the 9th that module obtains according to described first
Data and the tenth preset data carry out that the second key is calculated;
The third obtains module, for according to it is described first obtain module obtain the protection key, described first
Obtain the first key, third preset data, the 4th preset data and the 5th preset data that module obtains obtain encrypting it is close
Key;
Described 4th obtains module, for according to it is described first obtain module obtain the protection key, described first
Obtaining the first key, the 6th preset data, the 7th preset data and the 8th preset data that module obtains, to obtain MAC close
Key;
Described 5th obtains module, for obtaining the encryption key, described second that module obtains according to the third
The key block MAC value that the cipher key block data domain and second parsing module that parsing module parses parse obtains first
Clear data;
Described 6th obtains module, for obtaining the MAC key, the described 5th that module obtains according to the described 4th
The key block header field and described second that first clear data, second parsing module obtained to module parses obtain
The second key obtained to module obtains the second MAC value;
Described second obtains module, obtains second MAC value and described second that module obtains for working as the described 6th
When the key block MAC value that parsing module parses is identical, first plaintext that module obtains is obtained from the described 5th
Symmetric key is obtained in data;
The memory module obtains the symmetric key that module obtains for storing described second;
The sending module, for being responded to host computer " return " key" transmission success.
Equipment can not be returned into factory the beneficial effects of the present invention are: user and directly and safely update or upgrade symmetrical
Secret, when equipment receives the cipher key delivery instruction of host computer transmission, equipment parsing cipher key delivery instructs to obtain key block number
According to being decrypted to obtain the sensitive datas such as symmetric key to cipher key block data, can be convenient and quickly update or upgrade symmetrical
The sensitive datas such as key enhance the safety of the sensitive datas processes such as transmission symmetric key.
Detailed description of the invention
Fig. 1 is a kind of method flow diagram for acquisition symmetric key that embodiment two provides;
Fig. 2 is a kind of equipment block scheme for acquisition symmetric key that embodiment three provides.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on
Embodiment in the present invention, those skilled in the art's every other reality obtained without making creative work
Example is applied, shall fall within the protection scope of the present invention.
Embodiment one
The present embodiment one provides a kind of method for obtaining symmetric key, comprising the following steps:
Step 101: equipment receives the cipher key delivery instruction that host computer is sent, and parsing cipher key delivery instructs to obtain key block number
According to;
Step 102: equipment obtains preset protection key;According to protection key, the first preset data and the second present count
According to obtaining first key;
Optionally, in step 102, first key is obtained according to protection key, the first preset data and the second preset data,
Specifically:
Equipment according to protection the first preset data of key pair carries out that the first data are calculated, according to the first data and second
Preset data obtains first key;
Further, equipment according to protection the first preset data of key pair carries out that the first data are calculated, according to first
Data and the second preset data obtain first key, specifically:
Equipment carries out the first preset data using the first algorithm the first data are calculated according to protection key, judges the
Whether one data, which need, updates, and is then to update the first data according to the second preset data, remembers that updated first data are first
Key;Otherwise remember that the first data are first key.
Step 103: equipment is default according to protection key, first key, third preset data, the 4th preset data and the 5th
Data obtain encryption key;According to protection key, first key, the 6th preset data, the 7th preset data and the 8th present count
According to obtaining MAC key;
Optionally, in step 103, according to protection key, first key, third preset data, the 4th preset data and the
Five preset datas obtain encryption key, specifically:
Equipment is using protection key and first key respectively to third preset data, the 4th preset data and the 5th present count
First part's encryption data, second part encryption data and Part III encryption data are respectively obtained according to calculate, and according to
First part's encryption data, second part encryption data and Part III encryption data form encryption key;
Further, equipment using protection key and first key respectively to third preset data, the 4th preset data and
5th preset data, which calculate, respectively obtains first part's encryption data, second part encryption data and Part III encryption number
According to, and encryption key is formed according to first part's encryption data, second part encryption data and Part III encryption data, specifically
Are as follows:
Equipment obtains the first intermediate data according to first key and third preset data, among protection key and first
Data obtain first part's encryption data;The second intermediate data is obtained according to first key and the 4th preset data, according to protection
Key and the second intermediate data obtain second part encryption data;It is obtained among third according to first key and the 5th preset data
Data obtain Part III encryption data according to protection key and third intermediate data;According to first part's encryption data, second
Partial encryption data and Part III encryption data form encryption key.
Optionally, in step 103, according to protection key, first key, the 6th preset data, the 7th preset data and the
Eight preset datas obtain MAC key, specifically:
Equipment is using protection key and first key respectively to the 6th preset data, the 7th preset data and the 8th present count
First part's MAC data, second part MAC data and Part III MAC data are respectively obtained according to calculate, and according to first
Part MAC data, second part MAC data and Part III MAC data form MAC key;
Further, equipment using protection key and first key respectively to the 6th preset data, the 7th preset data and
8th preset data, which calculate, respectively obtains first part's MAC data, second part MAC data and Part III MAC data,
And MAC key is formed according to first part's MAC data, second part MAC data and Part III MAC data, specifically:
Equipment obtains the 4th intermediate data according to first key and the 6th preset data, among protection key and the 4th
Data obtain first part's MAC data;The 5th intermediate data is obtained according to first key and the 7th preset data, it is close according to protecting
Key and the 5th intermediate data obtain second part MAC data;The 6th mediant is obtained according to first key and the 8th preset data
According to, according to protection key and the 6th intermediate data obtain Part III MAC data;According to first part's MAC data, second part
MAC data and Part III MAC data form MAC key.
Step 104: equipment obtains the first clear data according to encryption key, cipher key block data domain and key block MAC value;Root
The second MAC value is obtained according to MAC key, the first clear data, key block header field and the second key;
Optionally, in step 104, it is bright that equipment according to encryption key, cipher key block data domain and key block MAC value obtains first
Literary data, specifically:
Cipher key block data domain is divided into four parts by equipment;Using encryption key respectively to four parts in cipher key block data domain
It is calculated, the first calculated result being calculated, the second calculated result, third calculated result and the 4th calculated result is distinguished
It is calculated with key block MAC value, obtains the first plaintext number according to the second plaintext data being calculated to the 5th clear data
According to;
Further, cipher key block data domain is divided into four parts by equipment;Using encryption key respectively to cipher key block data
Four parts in domain are calculated, by the first calculated result being calculated, the second calculated result, third calculated result and the 4th meter
It calculates result to be calculated with key block MAC value respectively, be obtained according to the second plaintext data being calculated to the 5th clear data
First clear data, specifically:
Cipher key block data domain is divided into first key data, the second key data, third key data and the 4th by equipment
Key data;First key data are carried out using the first algorithm according to encryption key the first calculated result is calculated, and made
It carries out the first calculated result and key block MAC value that second plaintext data are calculated with the second algorithm;Made according to encryption key
The second key data is carried out with the first algorithm the second calculated result is calculated, and using the second algorithm to the second calculated result
It carries out that third clear data is calculated with key block MAC value;According to encryption key using the first algorithm to third key data
It carries out that third calculated result is calculated, and third calculated result and key block MAC value calculate using the second algorithm
To the 4th clear data;The 4th key data is carried out using the first algorithm according to encryption key the 4th calculating knot is calculated
Fruit, and the 4th calculated result and key block MAC value are carried out that the 5th clear data is calculated using the second algorithm;Use third
Algorithm to second plaintext data to the 5th clear data carries out that the first clear data is calculated.
Optionally, in step 104, is obtained according to MAC key, the first clear data, key block header field and the second key
Two MAC values, specifically:
Equipment to the first clear data and key block header field carries out that the first recombination data is calculated;By the first recombination data
It is divided into six part of the second recombination data to the 7th recombination data;It is calculated using the second recombination data of MAC key pair
First encryption data;Using MAC key pair third recombination data and the first encryption data carry out that the second encryption data is calculated;
Using the 4th recombination data of MAC key pair and the second encryption data carry out that third encryption data is calculated;Use MAC key pair
Quintet data and third encryption data carry out that the 4th encryption data is calculated;Use the 6th recombination data of MAC key pair
With the 4th encryption data carry out that the 5th encryption data is calculated;Use the 7th recombination data of MAC key pair, the 5th encryption data
It carries out that the second MAC value is calculated with the second key.
Step 105: when the second MAC value is identical with key block MAC value, obtaining symmetric key simultaneously from the first clear data
Storage is responded to host computer " return " key" transmission success;
Optionally, in step 105, further includes: equipment judges whether the second MAC value and key block MAC value identical, be then from
Symmetric key is obtained in first clear data and is stored, and is responded to host computer " return " key" transmission success, is otherwise returned to host computer
Return error code.
Between step 101 and step 104, further includes:
Equipment parsing cipher key block data obtains key block header field, cipher key block data domain and key block MAC value;
Before obtaining the second MAC value according to MAC key, the first clear data, key block header field and the second key, equipment is obtained
After taking preset protection key, further includes:
Equipment according to protection key, the 9th preset data and the tenth preset data carries out that the second key is calculated;
Optionally, equipment carries out being calculated second close according to protection key, the 9th preset data and the tenth preset data
Key, specifically:
Equipment according to protection the 9th preset data of key pair carries out that the second data are calculated, according to the second data and the tenth
Preset data obtains the second key;
Further, equipment according to protection the 9th preset data of key pair carries out that the second data are calculated, according to second
Data and the tenth preset data obtain the second key, specifically:
Equipment using the first algorithm to the 9th preset data carries out that the second data are calculated according to protection key, judges the
Whether two data, which need, updates, and is then to update the second data according to the tenth preset data, remembers that updated second data are second
Key;Otherwise remember that the second data are the second key.
Present embodiments provide a kind of method for obtaining symmetric key, user equipment can not return to factory and directly and safely
Symmetric secret is updated or upgrades, when equipment receives the cipher key delivery instruction of host computer transmission, equipment parses cipher key delivery
Instruction obtains cipher key block data, is decrypted to obtain the sensitive datas such as symmetric key to cipher key block data, can be convenient quickly
The sensitive datas such as symmetric key are updated or upgraded, the safety of the sensitive datas processes such as transmission symmetric key is enhanced.
Embodiment two
The present embodiment two provides a kind of method for obtaining symmetric key, and this method can be direct without using special equipment
It is carried out under public network environment;Method is as shown in Figure 2, comprising the following steps:
Step 201: equipment receives the cipher key delivery instruction that host computer is sent, and parsing cipher key delivery instructs to obtain key block number
According to;
For example, cipher key block data is 423030433050305445303045303030303643383542463234373
8333339393844323039464337434137393145314641413534333943373530303937394641313
2463943363937334539373639354346323041373137423232 3131373738384437;
Step 202: whether equipment is legal according to the total length for the cipher key block data that preset length judgement receives, and is to hold
Otherwise row step 203 returns to error code to host computer;
Specifically, whether the total length of cipher key block data that equipment judgement receives is equal to preset length, is then key block
The total length of data is legal, executes step 203, otherwise returns to error code;
For example, preset length is 96 bytes;
Step 203: equipment parsing cipher key block data obtains key block header field, cipher key block data domain and key block MAC value;
Specifically, equipment parses cipher key block data, obtains the data of preceding 16 byte as key block header field, obtains intermediate 64
The data of byte obtain the data of last 16 byte as key block MAC value as cipher key block data domain;
For example, key block header field is 4,230,304,330,503,054 4530304530303030;
Cipher key block data domain is 364338354246323437383333393938443230394643374341373931
45314641413534333943373530303937394641313246394336393733453937363935434632;
Key block MAC value is 30413731374232323131373738384437;
Further, this step further includes that cipher key block data domain and key block MAC value are converted to HEX format, after conversion
Cipher key block data length of field be 32 bytes, the length of key block MAC value is 8 bytes;
For example, the cipher key block data domain after being converted to HEX format is 0x6C85BF247833998D209FC7CA791E
1FAA 5439C7500979FA12F9C6973E97695CF2;
Key block MAC value is 0x0A717B22117788D7;
Step 204: equipment judges whether each composition field of key block header field is legal, is to then follow the steps 205, no
Then error code is returned to host computer;
It specifically, include the information such as purposes, algorithm, the version of symmetric key for identification transmission in key block header field
Field;For example, key block length field, key purposes field, key algorithm field, key application method field, key version
This number field, key fan-out capability field, the optional number of blocks field of key block and key block reserved field;
Preferably, the composition field of key block header field includes key block revision ID (the 1st byte), key block length field
(2-5 byte), key purposes field (the 6th, 7 bytes), key algorithm field (the 8th byte), key application method field (
9 bytes), key version number field (the 10th, 11 bytes), key fan-out capability field (the 12nd byte), the optional block number of key block
Measure field (the 13rd, 14 bytes) and key block reserved field (the 15th, 16 bytes);
Specifically, equipment judges whether each composition field of key block header field is legal and includes:
1) equipment judges whether key block revision ID is 0x42, is that then key block revision ID is legal, otherwise illegal;
2) equipment judges whether key block length field is 0x30304330, is that then key block length field is legal, otherwise
It is illegal;
3) equipment judges whether key purposes field is 0x4430 or 0x4B30 or 0x4D31 or 0x5030, is that then key is used
Way field is legal, otherwise illegal;(wherein, key description of use is as follows: 0x4430 indicates to be used for data encryption;0x4B30 table
Show for being encrypted to the key of transmitting;0x4D31 indicates to use ISO9797-1MAC algorithm for encryption;0x5030 expression is used for
PIN code encryption);
4) equipment judges whether key algorithm field is 0x41 or 0x54, is that then key algorithm field is legal, does not otherwise conform to
Method;(wherein, 0x41 indicates to support AES;0x54 indicates to support 3DES);
5) equipment judges whether key application method field is 0x42 or 0x43 or 0x45, is then key application method field
It is legal, it is otherwise illegal;(wherein, 0x42 is indicated for encrypting or decrypting, and 0x43 indicates that, for calculating MAC, 0x45 indicates only to use
In encryption);
6) equipment judges whether key version number field is 0x3030, is that then key version number field is legal, does not otherwise conform to
Method;
7) equipment judges whether key fan-out capability field is 0x45, is that then key fan-out capability field is legal, otherwise not
It is legal;
8) equipment judges whether the optional number of blocks field of key block is 0x3030, is that then the optional number of blocks field of key block is closed
Method, it is otherwise illegal;
9) equipment judge key block reserved field whether be secondary key index value, be then key block reserved field conjunction
Method, it is otherwise illegal;(explanation: in the present embodiment, this index value legal range is between 0-F);
Optionally, step 202 to step 204 can be located at any position before step 209;
Step 205: equipment obtains preset protection key, is calculated according to protection the first preset data of key pair
First data obtain first key according to the first data and the second preset data;
Specifically, equipment obtains preset protection key, according to protection key using the first algorithm to the first preset data
It carries out that the first data are calculated, judges whether the first data need to update, be that the first number is then updated according to the second preset data
According to updated first data of note are first key, execute step 206;Otherwise remember that the first data are first key, execute step
206;
More specifically, equipment obtains preset protection key, according to protection key using the first algorithm to the first present count
According to carrying out that the first data are calculated, judge whether the numerical value of the first default position of the first data is the first preset value, is to remember
First data are first key, execute step 206;Otherwise the first data are deviated into the second preset value bit to the left, with
The bit vacated in the first data after the filling offset of three preset values, using the second algorithm to filled first data and the
Two preset datas carry out that first key is calculated, and execute step 206;
For example, finance device obtains preset protection key;3DSE fortune is carried out according to protection the first preset data of key pair
Calculation obtains the first data;Whether the highest byte for judging the first data is 0x00, is to remember that the first data are first key, executes
Step 206;Otherwise the first data are deviated into 1 bit to the left, with the bit that the first data after 0 filling offset are last
Filled first data and the second preset data are carried out exclusive or and obtain first key, execute step 206 by position;First data
Highest byte be generally the first character section of sequence from left to right;
For example, protection key is 0xA8BF12C8CD1B3194C91C28A5E38D712C;
First preset data is 0x0000000000000000;
Second preset data is 0x0000000000000001B;
First data are 0x3131114FC8DB13E6;
First key is 0x6262229F91B627D7;
Step 206: equipment is using protection key and first key respectively to third preset data, the 4th preset data and the
Five preset datas, which calculate, respectively obtains first part's encryption data, second part encryption data and Part III encryption number
According to, and encryption key is formed according to first part's encryption data, second part encryption data and Part III encryption data;
Specifically, equipment obtains the first intermediate data according to first key and third preset data, according to protection key and
First intermediate data obtains first part's encryption data;The second intermediate data is obtained according to first key and the 4th preset data,
Second part encryption data is obtained according to protection key and the second intermediate data;It is obtained according to first key and the 5th preset data
Third intermediate data obtains Part III encryption data according to protection key and third intermediate data;It is encrypted according to first part
Data, second part encryption data and Part III encryption data form encryption key;
More specifically, equipment be calculated in first to third preset data according to first key using the second algorithm
Between data, according to protection key the first intermediate data is carried out using the first algorithm first part's encryption data is calculated;Root
The 4th preset data is carried out that the second intermediate data is calculated using the second algorithm according to first key, is used according to protection key
First algorithm carries out the second intermediate data second part encryption data is calculated;The second algorithm pair is used according to first key
5th preset data carries out that third intermediate data is calculated, according to protection key using the first algorithm to third intermediate data into
Part III encryption data is calculated in row;Using third algorithm to first part's encryption data, second part encryption data and
Part III encryption data carries out that encryption key is calculated;
For example, equipment, which carries out exclusive or to third preset data according to first key, obtains the first intermediate data, according to protection
The first intermediate data of key pair carries out 3DES operation and obtains first part's encryption data;According to first key to the 4th preset data
It carries out exclusive or and obtains the second intermediate data, second part is obtained according to protection the second intermediate data of key pair progress 3DES operation and is added
Ciphertext data;Exclusive or is carried out to the 5th preset data according to first key and obtains third intermediate data, according to protection key pair third
Intermediate data carries out 3DES operation and obtains Part III encryption data;By first part's encryption data, second part encryption data
Sequential concatenation, which is carried out, with Part III encryption data obtains the encryption key of 24 bytes;
For example, third preset data is 0x0100000000000080;
4th preset data is 0x0200000000000080;
5th preset data is 0x0300000000000080;
First intermediate data is 0x6362229F91B62757;
Second intermediate data is 0x6062229F91B62757;
Third intermediate data is 0x6162229F91B62757;
First part's encryption data is 0xE4F5A9555F78DFA1;
Second part encryption data is 0x83CF8CEA8079D995;
Part III encryption data is 0x3A2946A841FCEE7E;
Encryption key is 0xE4F5A9555F78DFA1 83CF8CEA8079D995 3A2946A841FCEE7E;
Step 207: equipment is using protection key and first key respectively to the 6th preset data, the 7th preset data and the
Eight preset datas, which calculate, respectively obtains first part's MAC data, second part MAC data and Part III MAC data, and
MAC key is formed according to first part's MAC data, second part MAC data and Part III MAC data;
Specifically, equipment obtains the 4th intermediate data according to first key and the 6th preset data, according to protection key and
4th intermediate data obtains first part's MAC data;The 5th intermediate data, root are obtained according to first key and the 7th preset data
Second part MAC data is obtained according to protection key and the 5th intermediate data;Is obtained according to first key and the 8th preset data
Six intermediate data obtain Part III MAC data according to protection key and the 6th intermediate data;According to first part's MAC data,
Second part MAC data and Part III MAC data form MAC key;
More specifically, equipment be calculated in the 4th to the 6th preset data according to first key using the second algorithm
Between data, using the first algorithm the 4th intermediate data is carried out that first part's MAC data is calculated according to protection key;According to
First key to the 7th preset data carries out that the 5th intermediate data is calculated using the second algorithm, uses the according to protection key
One algorithm to the 5th intermediate data carries out that second part MAC data is calculated;According to first key using the second algorithm to the
Eight preset datas carry out that the 6th intermediate data is calculated, and are carried out using the first algorithm to the 6th intermediate data according to protection key
Part III MAC data is calculated;Using third algorithm to first part's MAC data, second part MAC data and third portion
Point MAC data carries out that MAC key is calculated;
For example, equipment, which carries out exclusive or to the 6th preset data according to first key, obtains the 4th intermediate data, according to protection
The 4th intermediate data of key pair carries out 3DES operation and obtains first part's MAC data;According to first key to the 7th preset data
It carries out exclusive or and obtains the 5th intermediate data, 3DES operation is carried out according to protection the 5th intermediate data of key pair and obtains second part
MAC data;Exclusive or is carried out to the 8th preset data according to first key and obtains the 6th intermediate data, according to protection key pair the 6th
Intermediate data carries out 3DES operation and obtains Part III MAC data;By first part's MAC data, second part MAC data and
Three parts MAC data carries out sequential concatenation and obtains the MAC key of 24 bytes;
For example, the 6th preset data is 0x0100010000000080;
7th preset data is 0x0200010000000080;
8th preset data is 0x0300010000000080;
4th intermediate data is 0x6362239F91B62757;
5th intermediate data is 0x6062239F91B62757;
6th intermediate data is 0x6162239F91B62757;
First part's MAC data is 0xC1EE1F1B6E15BB4C;
Second part MAC data is 0x095233380CCB4766;
Part III MAC data is 0x1096BE7DE22D4185;
MAC key is 0xC1EE1F1B6E15BB4C095233380CCB47661096BE7DE22D4185;
Step 208: equipment according to protection the 9th preset data of key pair carries out that the second data are calculated, according to the second number
The second key is obtained according to the tenth preset data;
Specifically, equipment carries out the 9th preset data using the first algorithm according to protection key the second number is calculated
According to, judge whether the second data need to update, be then according to the tenth preset data update the second data, remember it is updated second number
According to for the second key, step 209 is executed;Otherwise remember that the second data are the second key, execute step 209;
More specifically, equipment carries out the 9th preset data using the first algorithm according to protection key the second number is calculated
According to, judge whether the numerical value of the second default position of the second data is the 4th preset value, be remember the second data be the second key, hold
Row step 209;Otherwise the second data deviate the 5th preset value bit to the left, with second after the filling offset of the 6th preset value
The bit vacated in data carries out filled second data and the tenth preset data using the second algorithm to be calculated
Two keys execute step 209;
For example, finance device obtains preset protection key;3DSE fortune is carried out according to protection the 9th preset data of key pair
Calculation obtains the second data;Whether the highest byte for judging the second data is 0x00, is to remember that the second data are the second key, executes
Step 209;Otherwise the second data are deviated into 1 bit to the left, with the bit that the second data after 0 filling offset are last
Filled second data and the tenth preset data are carried out exclusive or and obtain the second key, execute step 209 by position;Second data
Highest byte be generally the first character section of sequence from left to right;
For example, protection key is 0xC1EE1F1B6E15BB4C095233380CCB47661096BE7DE22D4185;
9th preset data is 0x0000000000000000;
Tenth preset data is 0x0000000000000001B;
Second data are 0x17EEBB7FB49E8AAF;
Second key is 0x2FDD76FF693D1545;
Optionally, step 208 can be located at any position after step 205 and before step 211;
Step 209: equipment obtains the first clear data according to encryption key, cipher key block data domain and key block MAC value;
Specifically, cipher key block data domain is divided into four parts by equipment;Using encryption key respectively to cipher key block data domain
Four parts calculated, by the first calculated result being calculated, the second calculated result, third calculated result and the 4th calculate
As a result it is calculated respectively with key block MAC value, obtains according to the second plaintext data being calculated to the 5th clear data
One clear data;
More specifically, cipher key block data domain is divided into first key data, the second key data, third cipher key number by equipment
According to the 4th key data;First key data are carried out using the first algorithm according to encryption key the first calculating knot is calculated
Fruit, and carry out the first calculated result and key block MAC value that second plaintext data are calculated using the second algorithm;According to encryption
Key carries out the second key data using the first algorithm the second calculated result is calculated, and is counted using the second algorithm to second
It calculates result and key block MAC value carries out that third clear data is calculated;It is close to third using the first algorithm according to encryption key
Key data carry out that third calculated result is calculated, and are carried out using the second algorithm to third calculated result and key block MAC value
The 4th clear data is calculated;The 4th key data is carried out using the first algorithm according to encryption key the 4th meter is calculated
It calculates as a result, and to the 4th calculated result and key block MAC value carrying out that the 5th clear data is calculated using the second algorithm;It uses
Third algorithm to second plaintext data to the 5th clear data carries out that the first clear data is calculated;
For example, preceding 8 bytes in equipment point cipher key block data domain are first key data, the 9-16 byte is second close
Key data, the 17-24 byte are third key data and the 25-32 byte is the 4th key data;According to encryption key
3DES operation is carried out to first key data and obtains the first calculated result, the first calculated result and key block MAC value are carried out different
Or obtain second plaintext data;3DES operation is carried out to the second key data according to encryption key and obtains the second calculated result, it will
Second calculated result and key block MAC value carry out exclusive or and obtain second plaintext data;According to encryption key to third key data
It carries out 3DES operation and obtains third calculated result, third calculated result and key block MAC value are subjected to exclusive or and obtain the 4th in plain text
Data;3DES operation is carried out to the 4th key data according to encryption key and obtains the 4th calculated result, by the 4th calculated result and
Key block MAC value carries out exclusive or and obtains the 5th clear data;Second plaintext data to the 5th clear data are subjected to sequential concatenation
Obtain the first clear data;
For example, cipher key block data domain is 0x6C85BF247833998D 209FC7CA791E1FAA
5439C7500979FA12 F9C6973E97695CF2;
First key data are 0x6C85BF247833998D;
Second key data is 0x209FC7CA791E1FAA;
Third key data is 0x5439C7500979FA12;
4th key data is 0xF9C6973E97695CF2;
Second plaintext data are 0x 00C0111213141516
Third clear data is 0x1718090A0B0C0D0E;
4th clear data is 0x1011202122232425;
5th clear data is 0x26274B0D3A093802;
First clear data is 0x00C01112131415161718090A0B0C0D0E10112021222324252627
4B0D3A093802;
In the present embodiment, the data format in cipher key block data domain can specifically: symmetric key length value (2 bytes)+solution
Ciphertext data (30 bytes), wherein the composition format of ciphertext data are as follows: symmetric key data (24 bytes)+filling data (6
A byte);
Step 210: equipment to the first clear data and key block header field carries out that the first recombination data is calculated;
Specifically, finance device carries out being calculated first according to third algorithm to key block header field and the first clear data
Recombination data;
More specifically, finance device the key block header field of 16 bytes and the first clear data of 32 bytes are carried out it is suitable
Sequence splices to obtain first recombination data of 48 bytes;
For example, the first recombination data is 0x4,230,304,330,503,054 4530304530303030
00C0111213141516 1718090A0B0C0D0E 1011202122232425 26274B0D3A093802
Step 211: equipment using the first recombination data of MAC key pair and the second key carries out that the second MAC value is calculated;
Specifically, the first recombination data is divided into six part of the second recombination data to the 7th recombination data by equipment;It uses
The second recombination data of MAC key pair carries out that the first encryption data is calculated;Use MAC key pair third recombination data and first
Encryption data carries out that the second encryption data is calculated;It is carried out using the 4th recombination data of MAC key pair and the second encryption data
Third encryption data is calculated;It carries out being calculated the 4th using MAC key pair quintet data and third encryption data
Encryption data;Using the 6th recombination data of MAC key pair and the 4th encryption data carry out that the 5th encryption data is calculated;It uses
The 7th recombination data of MAC key pair, the 5th encryption data and the second key carry out that the second MAC value is calculated;
More specifically, the first recombination data is divided into six part of the second recombination data to the 7th recombination data by equipment;Make
With the second recombination data of MAC key pair carry out that the first encryption data is calculated;By the first encryption data and third recombination data
It is calculated, using MAC key pair calculated result carries out that the second encryption data is calculated;By the second encryption data and quadruple
Group data are calculated, and using MAC key pair calculated result carry out that third encryption data is calculated;By third encryption data and
Quintet data are calculated, and using MAC key pair calculated result carry out that the 4th encryption data is calculated;By the 4th encryption
Data and the 6th recombination data are calculated, and using MAC key pair calculated result carry out that the 5th encryption data is calculated;By
Five encryption datas, the second key and the 7th recombination data are calculated, and carry out being calculated using MAC key pair calculated result
Two MAC values;
Further, the first recombination data is divided into second to six part of the 7th recombination data by equipment;It is close using MAC
Key carries out the second recombination data according to the first algorithm the first encryption data is calculated;Using the second algorithm to the first encryption number
Calculated according to third recombination data, using MAC key according to the first algorithm to calculated result be calculated second plus
Ciphertext data;The second encryption data and the 4th recombination data are calculated using the second algorithm, calculated using MAC key according to first
Method carries out calculated result third encryption data is calculated;Using the second algorithm to third encryption data and quintet data
It is calculated, calculated result is carried out according to the first algorithm using MAC key the 4th encryption data is calculated;It is calculated using second
Method calculates the 4th encryption data and the 6th recombination data, is carried out according to the first algorithm to calculated result using MAC key
The 5th encryption data is calculated;The 7th recombination data and the second key are calculated using the second algorithm, calculated using second
Method calculates calculated result and the 5th encryption data, is calculated according to the first algorithm calculated result using MAC key
Obtain the second MAC value;
For example, preceding 8 bytes of the first recombination data of equipment point are the second recombination data, the 9-16 byte is third weight
Group data, the 17-24 byte are the 4th recombination data, and the 25-32 byte is quintet data, the 33-40 byte
For the 6th recombination data, the 41-48 byte is the 7th recombination data;3DES is carried out using the second recombination data of MAC key pair
Operation obtains the first encryption data;First encryption data and third recombination data are subjected to exclusive or, use MAC key pair exclusive or knot
Fruit carries out 3DES operation and obtains the second encryption data;Second encryption data and the 4th recombination data are subjected to exclusive or, it is close using MAC
Key carries out 3DES operation to exclusive or result and obtains third encryption data;Third encryption data and quintet data are carried out different
Or, carrying out 3DES operation using MAC key pair exclusive or result obtains the 4th encryption data;By the 4th encryption data and sixfold group
Data carry out exclusive or, carry out 3DES operation using MAC key pair exclusive or result and obtain the 5th encryption data;By the 7th recombination data
Xor is carried out with the second key, second of xor is carried out according to exclusive or result and the 5th encryption data, uses MAC key pair
Secondary exclusive or result carries out 3DES operation and obtains the second MAC value;
For example, the second recombination data is 0x4230304330503054;
Third recombination data is 0x4530304530303030;
4th recombination data is 0x00C0111213141516;
Quintet data are 0x1718090A0B0C0D0E;
6th recombination data is 0x1011202122232425;
7th recombination data is 0x26274B0D3A093802;
First encryption data is 0x77242933621CC091;
Second encryption data is 0xB7B56CF039FB1145;
Third encryption data is 0xD609503AA7631E0A;
4th encryption data is 0xA1EB8C2CAFDD6E63;
5th encryption data is 0xB0A7739DE1FF43E3;
Second MAC value is 0x0A717B22117788D7;
Step 212: equipment judges whether the second MAC value and key block MAC value are identical, is then to pass to host computer " return " key"
Defeated success response executes step 213, otherwise returns to error code to host computer;
Step 213: equipment obtains symmetric key according to symmetric key length value and is stored from the first clear data;
Specifically, equipment obtains the 3rd to 26 byte according to the symmetric key length value of 24 bytes from the first clear data
Data as symmetric key;
Optionally, after step 213 further include: the symmetric key of device authentication storage, when the authentication succeeds, symmetric key
It obtains successfully, otherwise symmetric key obtains failure;
Specifically, equipment obtains the symmetric key of storage, judge storage symmetric key whether with from the first clear data
The symmetric key of middle acquisition is identical, is that then symmetric key obtains successfully, and otherwise symmetric key obtains failure;
For example, the symmetric key obtained from the first clear data is 0x1112131415161718090A0B0C0D0E1
0112021222324252627;
Present embodiments provide a kind of method for obtaining symmetric key, user equipment can not return to factory and directly and safely
Symmetric secret is updated or upgrades, when equipment receives the cipher key delivery instruction of host computer transmission, equipment parses cipher key delivery
Instruction obtains cipher key block data, is decrypted to obtain the sensitive datas such as symmetric key to cipher key block data, can be convenient quickly
The sensitive datas such as symmetric key are updated or upgraded, the safety of the sensitive datas processes such as transmission symmetric key is enhanced.
Embodiment three
The present embodiment three provides a kind of equipment for obtaining symmetric key, including receiving module 301, the first parsing module
302, the second parsing module 303, first obtain module 304, first obtaining module 305, second obtain module 306, third obtains
Module the 307, the 4th obtain module the 308, the 5th obtain module the 309, the 6th obtain module 310, second obtain module 311, storage
Module 312 and sending module 313;
Receiving module 301, for receiving the cipher key delivery instruction of host computer transmission;
First parsing module 302 instructs to obtain cipher key block data for parsing the received cipher key delivery of receiving module 301;
Second parsing module 303 obtains key block for parsing the cipher key block data that the parsing of the first parsing module 302 obtains
Header field, cipher key block data domain and key block MAC value;
First obtains module 304, for obtaining preset protection key;
First obtaining module 305, for according to first obtain module 304 obtain protection key, the first preset data and
Second preset data obtains first key;
Optionally, first obtaining module 305 includes that the first computational submodule and first obtains submodule;
Correspondingly, the first computational submodule, it is default for obtaining the protection key pair first that module 304 obtains according to first
Data carry out that the first data are calculated;
Correspondingly, first submodule is obtained, the first data and second for being calculated according to the first computational submodule
Preset data obtains first key;
Further, it first obtains submodule and includes the first judging unit, the first updating unit, first is denoted as unit and the
Two are denoted as unit;
Correspondingly, the first computational submodule uses the specifically for obtaining the protection key that module 304 obtains according to first
One algorithm carries out the first preset data the first data are calculated;
Correspondingly, whether the first judging unit, the first data for judging that the first computational submodule is calculated need
It updates;
Correspondingly, the first updating unit, for being updated according to the second preset data when the first judging unit is judged as YES
The first data that first computational submodule is calculated;
Correspondingly, first it is denoted as unit, for remembering that updated first data of the first updating unit are first key;
Correspondingly, second it is denoted as unit, for when the first judging unit is judged as NO, the first computational submodule of note to be calculated
The first obtained data are first key.
Second obtains module 306, for according to first obtain module 304 obtain protection key, the 9th preset data and
Tenth preset data carries out that the second key is calculated;
Optionally, second obtain module 306 include the 12nd computational submodule and second obtain submodule;
Correspondingly, the 12nd computational submodule, it is pre- for obtaining the protection key pair the 9th that module 304 obtains according to first
If data carry out that the second data are calculated;
Correspondingly, second submodule is obtained, the second data for being calculated according to the 12nd computational submodule and
Ten preset datas obtain the second key;
Further, second to obtain submodule include that second judgment unit, the second updating unit, third are denoted as unit and
Four are denoted as unit;
Correspondingly, the 12nd computational submodule is used specifically for obtaining the protection key that module 304 obtains according to first
First algorithm to the 9th preset data carries out that the second data are calculated;
Correspondingly, whether second judgment unit, the second data for judging that the 12nd computational submodule is calculated need
It updates;
Correspondingly, the second updating unit, for being updated according to the tenth preset data when second judgment unit is judged as YES
The second data that 12nd computational submodule is calculated;
Correspondingly, third is denoted as unit, for remembering that updated second data of the second updating unit are the second key;
Correspondingly, the 4th it is denoted as unit, for remembering that the second data that the 12nd computational submodule is calculated are second close
Key.
Third obtains module 307, for obtaining protection key, the first obtaining module 305 that module 304 obtains according to first
Obtained first key, third preset data, the 4th preset data and the 5th preset data obtains encryption key;
Optionally, it includes the second computational submodule, third computational submodule, the 4th calculating submodule that third, which obtains module 307,
Block and the first composition submodule;
Correspondingly, the second computational submodule, the protection key and first for being obtained using the first acquisition module 304 are obtained
The first key that module 305 obtains carries out third present count first part's encryption data is calculated;
Correspondingly, third computational submodule, the protection key and first for being obtained using the first acquisition module 304 are obtained
The first key that module 305 obtains to the 4th present count carries out that second part encryption data is calculated;
Correspondingly, the 4th computational submodule, the protection key and first for being obtained using the first acquisition module 304 are obtained
The first key that module 305 obtains to the 5th present count carries out that Part III encryption data is calculated;
Correspondingly, the first composition submodule, the first part for being calculated according to the second computational submodule encrypt number
The Part III that the second part encryption data and the 4th computational submodule being calculated according to, third computational submodule are calculated
Encryption data forms encryption key;
Further, the second computational submodule, specifically for the first key obtained according to first obtaining module 305 and
Three preset datas obtain the first intermediate data, and the protection key and the first intermediate data obtained according to the first acquisition module 304 obtains
To first part's encryption data;
Correspondingly, third computational submodule, specifically for the first key obtained according to first obtaining module 305 and the 4th
Preset data obtains the second intermediate data, and the protection key and the second intermediate data obtained according to the first acquisition module 304 obtains
Second part encryption data;
Correspondingly, the 4th computational submodule, specifically for the first key obtained according to first obtaining module 305 and the 5th
Preset data obtains third intermediate data, and the protection key and third intermediate data obtained according to the first acquisition module 304 obtains
Part III encryption data.
4th obtains module 308, for obtaining protection key, the first obtaining module 305 that module 304 obtains according to first
Obtained first key, the 6th preset data, the 7th preset data and the 8th preset data obtains MAC key;
Optionally, the 4th obtain module 308 include the 5th computational submodule, the 6th computational submodule, the 7th calculate submodule
Block and the second composition submodule;
Correspondingly, the 5th computational submodule, the protection key and first for being obtained using the first acquisition module 304 are obtained
The first key that module 305 obtains to the 6th present count carries out that first part's MAC data is calculated;
Correspondingly, the 6th computational submodule, the protection key and first for being obtained using the first acquisition module 304 are obtained
The first key that module 305 obtains to the 7th present count carries out that second part MAC data is calculated;
Correspondingly, the 7th computational submodule, the protection key and first for being obtained using the first acquisition module 304 are obtained
The first key that module 305 obtains to the 8th present count carries out that Part III MAC data is calculated;
Correspondingly, the second composition submodule, first part's MAC number for being calculated according to the 5th computational submodule
The Part III that the second part MAC data and the 7th computational submodule being calculated according to, the 6th computational submodule are calculated
MAC data forms MAC key;
Further, the 5th computational submodule, specifically for the first key obtained according to first obtaining module 305 and
Six preset datas obtain the 4th intermediate data, and the protection key and the 4th intermediate data obtained according to the first acquisition module 304 obtains
To first part's MAC data;
Correspondingly, the 6th computational submodule, specifically for the first key obtained according to first obtaining module 305 and the 7th
Preset data obtains the 5th intermediate data, and the protection key and the 5th intermediate data obtained according to the first acquisition module 304 obtains
Second part MAC data;
Correspondingly, the 7th computational submodule, specifically for the first key obtained according to first obtaining module 305 and the 8th
Preset data obtains the 6th intermediate data, and the protection key and the 6th intermediate data obtained according to the first acquisition module 304 obtains
Part III MAC data.
5th obtains module 309, for obtaining encryption key, the second parsing module 303 that module 307 obtains according to third
It parses obtained cipher key block data domain and the second parsing module 303 parses obtained key block MAC value and obtains the first clear data;
Optionally, the 5th module 309 molecular modules, the 8th computational submodule, the 9th calculating submodule such as including first are obtained
Block, the tenth computational submodule, the 11st computational submodule and third form submodule;
Correspondingly, the first equal molecular modules, for the second parsing module 303 to be parsed obtained cipher key block data domain equal part
For four parts;
Correspondingly, the 8th computational submodule, for obtaining encryption key that module 307 obtains to the first equal part using third
The first part that submodule equal part obtains carries out that the first calculated result is calculated, by the first calculated result and the second parsing module
The key block MAC value that 303 parsings obtain carries out that second plaintext data are calculated;
Correspondingly, the 9th computational submodule, for obtaining encryption key that module 307 obtains to the first equal part using third
The second part that submodule equal part obtains carries out that the second calculated result is calculated, by the second calculated result and the second parsing module
The key block MAC value that 303 parsings obtain carries out that third clear data is calculated;
Correspondingly, the tenth computational submodule, for obtaining encryption key that module 307 obtains to the first equal part using third
The Part III that submodule equal part obtains carries out that third calculated result is calculated, by third calculated result and the second parsing module
The key block MAC value that 303 parsings obtain carries out that the 4th clear data is calculated;
Correspondingly, the 11st computational submodule, for obtaining encryption key that module 307 obtains to first etc. using third
The Part IV that molecular modules equal part obtains carries out that the 4th calculated result is calculated, by the 4th calculated result and the second parsing mould
Block 303 parses obtained key block MAC value and carries out that the 5th clear data is calculated;
Correspondingly, third forms submodule, second plaintext data for being calculated according to the 8th computational submodule, the
The 4th clear data and the tenth that third clear data that nine computational submodules are calculated, the tenth computational submodule are calculated
The 5th clear data that one computational submodule is calculated obtains the first clear data;
Further, the first equal molecular modules, specifically for the second parsing module 303 is parsed obtained cipher key block data
Domain is divided into first key data, four part of the second key data, third key data and the 4th key data;
Correspondingly, the 8th computational submodule uses the specifically for obtaining encryption key that module 307 obtains according to third
The first key data that one algorithm obtains the first equal molecular modules equal part be calculated the first calculated result, and use the
Two algorithms carry out being calculated second bright to the first calculated result and the obtained key block MAC value of the second parsing module 303 parsing
Literary data;
Correspondingly, the 9th computational submodule uses the specifically for obtaining encryption key that module 307 obtains according to third
The second key data that one algorithm obtains the first equal molecular modules equal part be calculated the second calculated result, and uses the
Two algorithms carry out third is calculated bright to the second calculated result and the obtained key block MAC value of the second parsing module 303 parsing
Literary data;
Correspondingly, the tenth computational submodule uses the specifically for obtaining encryption key that module 307 obtains according to third
The third key data that one algorithm obtains the first equal molecular modules equal part be calculated third calculated result, and uses the
Two algorithms carry out being calculated the 4th bright to third calculated result and the obtained key block MAC value of the second parsing module 303 parsing
Literary data;
Correspondingly, the 11st computational submodule is used specifically for obtaining the encryption key that module 307 obtains according to third
The 4th key data that first algorithm obtains the first equal molecular modules equal part carries out that the 4th calculated result is calculated, and uses
The key block MAC value that second algorithm obtains the 4th calculated result and the parsing of the second parsing module 303 carries out being calculated the 5th
Clear data.
6th obtains module 310, obtains module 309 for obtaining MAC key, the 5th that module 308 obtains according to the 4th
Obtained the first clear data, the second parsing module 303 parses obtained key block header field and second and obtains what module 306 obtained
Second key obtains the second MAC value;
Optionally, it the 6th obtains module 310 and includes the 13rd computational submodule, the molecular modules such as second, the 14th calculates
Submodule, the 15th computational submodule, the 16th computational submodule, the 17th computational submodule, the 18th computational submodule and
19th computational submodule;
Correspondingly, the 13rd computational submodule, for obtaining the first clear data and second that module 311 obtains to second
Parsing module 303 parses obtained key block header field and carries out that the first recombination data is calculated;
Correspondingly, the second equal molecular modules, the first recombination data etc. for the 13rd computational submodule to be calculated
It is divided into six part of the second recombination data to the 7th recombination data;
Correspondingly, the 14th computational submodule, for obtaining the MAC key pair second etc. that module 308 obtains using the 4th
The second recombination data that molecular modules equal part obtains carries out that the first encryption data is calculated;
Correspondingly, the 15th computational submodule, for obtaining the MAC key pair second etc. that module 308 obtains using the 4th
The third recombination data and the first encryption data that molecular modules equal part obtains carry out that the second encryption data is calculated;
Correspondingly, the 16th computational submodule, for obtaining the MAC key pair second etc. that module 308 obtains using the 4th
The 4th recombination data and the second encryption data that molecular modules equal part obtains carry out that third encryption data is calculated;
Correspondingly, the 17th computational submodule, for obtaining the MAC key pair second etc. that module 308 obtains using the 4th
The quintet data and third encryption data that molecular modules equal part obtains carry out that the 4th encryption data is calculated;
Correspondingly, the 18th computational submodule, for obtaining the MAC key pair second etc. that module 308 obtains using the 4th
The 4th encryption data that the 6th recombination data and the 17th computational submodule that molecular modules equal part obtains are calculated is counted
Calculation obtains the 5th encryption data;
Correspondingly, the 19th computational submodule, for obtaining the MAC key pair second etc. that module 308 obtains using the 4th
The 5th encryption data that the 7th recombination data that molecular modules equal part obtains, the 18th computational submodule are calculated and second
The second key obtained to module 306 carries out that the second MAC value is calculated.
Second obtains module 311, obtains the second MAC value and the second parsing module 303 that module 310 obtains for working as the 6th
When the key block MAC value that parsing obtains is identical, obtain obtaining in the first clear data that module 309 obtains from the 5th symmetrical close
Key;
Memory module 312, the symmetric key obtained for storing the second acquisition module 311;
Sending module 313, for being responded to host computer " return " key" transmission success;
Optionally, the equipment in the present embodiment further includes judgment module;
Correspondingly, judgment module, for judging that the 6th obtains the second MAC value and the second parsing module that module 310 obtains
Whether the key block MAC value that 303 parsings obtain is identical;
Correspondingly, second obtain module 311, specifically for when judgment module judge the 6th obtain that module 310 obtains the
When two MAC values and the identical obtained key block MAC value of the second parsing module 303 parsing, obtain that module 309 obtains from the 5th the
Symmetric key is obtained in one clear data;
Correspondingly, sending module 313 are also used to judge that the 6th obtains the second MAC value that module 310 obtains when judgment module
When not identical with the obtained key block MAC value of the second parsing module 303 parsing, error code is returned to host computer.
Present embodiments provide a kind of equipment for obtaining symmetric key, user equipment can not return to factory and directly and safely
Symmetric secret is updated or upgrades, when equipment receives the cipher key delivery instruction of host computer transmission, equipment parses cipher key delivery
Instruction obtains cipher key block data, is decrypted to obtain the sensitive datas such as symmetric key to cipher key block data, can be convenient quickly
The sensitive datas such as symmetric key are updated or are upgraded, the safeties of sensitive datas process such as transmission symmetric key or more are enhanced,
Only a specific embodiment of the invention, but scope of protection of the present invention is not limited thereto, it is any to be familiar with the art
In the technical scope disclosed by the present invention, any changes or substitutions that can be easily thought of by technical staff, should all cover in guarantor of the invention
Within the scope of shield.Therefore, protection scope of the present invention should be subject to the protection scope in claims.
Claims (26)
1. a kind of method for obtaining symmetric key, which comprises the following steps:
Step S1: equipment receives the cipher key delivery instruction that host computer is sent, and parses the cipher key delivery and instructs to obtain key block number
According to;
Step S2: the equipment obtains preset protection key;It is default according to the protection key, the first preset data and second
Data obtain first key;
Step S3: the equipment according to the protection key, the first key, third preset data, the 4th preset data and
5th preset data obtains encryption key;It is preset according to the protection key, the first key, the 6th preset data, the 7th
Data and the 8th preset data obtain MAC key;
Step S4: the equipment obtains the first plaintext number according to the encryption key, cipher key block data domain and key block MAC value
According to;The second MAC value is obtained according to the MAC key, first clear data, key block header field and the second key;
Step S5: when second MAC value is identical with the key block MAC value, the acquisition pair from first clear data
Claim key and store, is responded to host computer " return " key" transmission success;
Between the step S1 and the step S4, further includes:
The equipment parses the cipher key block data and obtains key block header field, cipher key block data domain and key block MAC value;
It is described according to the MAC key, first clear data, key block header field and the second key obtain the second MAC value it
Before, the equipment obtains after preset protection key, further includes:
The equipment according to the protection key, the 9th preset data and the tenth preset data carries out that the second key is calculated.
2. the method as described in claim 1, which is characterized in that described according to the protection key, first in the step S2
Preset data and the second preset data obtain first key, specifically:
The equipment according to the first preset data of the protection key pair carries out that the first data are calculated, according to first number
First key is obtained according to the second preset data.
3. method according to claim 2, which is characterized in that the equipment is according to the first preset data of the protection key pair
It carries out that the first data are calculated, obtains first key according to first data and the second preset data, specifically:
The equipment carries out the first preset data using the first algorithm the first data are calculated according to the protection key, sentences
Whether first data of breaking need to update, and are then to update first data according to the second preset data, remember updated the
One data are first key;Otherwise remember that first data are first key.
4. the method as described in claim 1, which is characterized in that in the step S3, it is described according to the protection key, it is described
First key, third preset data, the 4th preset data and the 5th preset data obtain encryption key, specifically:
The equipment is using the protection key and the first key respectively to third preset data, the 4th preset data and the
Five preset datas, which calculate, respectively obtains first part's encryption data, second part encryption data and Part III encryption number
According to, and formed according to first part's encryption data, the second part encryption data and the Part III encryption data
Encryption key.
5. method as claimed in claim 4, which is characterized in that the equipment uses the protection key and the first key
Respectively third preset data, the 4th preset data and the 5th preset data calculate and respectively obtains first part's encryption number
According to, second part encryption data and Part III encryption data, and according to first part's encryption data, the second part
Encryption data and the Part III encryption data form encryption key, specifically:
The equipment obtains the first intermediate data according to the first key and third preset data, according to the protection key and
First intermediate data obtains first part's encryption data;The second mediant is obtained according to the first key and the 4th preset data
According to obtaining second part encryption data according to the protection key and the second intermediate data;According to the first key and the 5th
Preset data obtains third intermediate data, obtains Part III encryption data according to the protection key and third intermediate data;
Encryption key is formed according to first part's encryption data, second part encryption data and Part III encryption data.
6. the method as described in claim 1, which is characterized in that in the step S3, it is described according to the protection key, it is described
First key, the 6th preset data, the 7th preset data and the 8th preset data obtain MAC key, specifically:
The equipment is using the protection key and the first key respectively to the 6th preset data, the 7th preset data and the
Eight preset datas, which calculate, respectively obtains first part's MAC data, second part MAC data and Part III MAC data, and
MAC key is formed according to first part's MAC data, the second part MAC data and the Part III MAC data.
7. method as claimed in claim 6, which is characterized in that the equipment uses the protection key and the first key
Respectively to the 6th preset data, the 7th preset data and the 8th preset data carry out calculate respectively obtain first part's MAC data,
Second part MAC data and Part III MAC data, and according to first part's MAC data, the second part MAC number
MAC key is formed according to the Part III MAC data, specifically:
The equipment obtains the 4th intermediate data according to the first key and the 6th preset data, according to the protection key and
4th intermediate data obtains first part's MAC data;It is obtained in the 5th according to the first key and the 7th preset data
Between data, second part MAC data is obtained according to the protection key and the 5th intermediate data;According to the first key
The 6th intermediate data is obtained with the 8th preset data, Part III is obtained according to the protection key and the 6th intermediate data
MAC data;It is formed according to first part's MAC data, the second part MAC data and the Part III MAC data
MAC key.
8. the method as described in claim 1, which is characterized in that in the step S4, the equipment according to the encryption key,
Cipher key block data domain and key block MAC value obtain the first clear data, specifically:
The cipher key block data domain is divided into four parts by the equipment;Using the encryption key respectively to the key block number
It is calculated according to four parts in domain, by the first calculated result being calculated, the second calculated result, third calculated result and the 4th
Calculated result is calculated with the key block MAC value respectively, according to the second plaintext data being calculated to the 5th plaintext number
According to obtaining the first clear data.
9. method according to claim 8, which is characterized in that the cipher key block data domain is divided into four by the equipment
Point;Four parts in the cipher key block data domain are calculated respectively using the encryption key, by the be calculated first meter
Result, the second calculated result, third calculated result and the 4th calculated result is calculated to be calculated with the key block MAC value respectively,
The first clear data is obtained according to the second plaintext data being calculated to the 5th clear data, specifically:
The equipment by the cipher key block data domain be divided into first key data, the second key data, third key data and
4th key data;The first key data are carried out that the first meter is calculated using the first algorithm according to the encryption key
It calculates as a result, and carrying out the first calculated result and the key block MAC value that second plaintext data are calculated using the second algorithm;
The second key data is carried out using the first algorithm according to the encryption key the second calculated result is calculated, and uses second
Algorithm to the second calculated result and the key block MAC value carries out that third clear data is calculated;According to the encryption key
The third key data is carried out using the first algorithm third calculated result is calculated, and using the second algorithm to third meter
It calculates result and the key block MAC value carries out that the 4th clear data is calculated;The first algorithm is used according to the encryption key
Be calculated the 4th calculated result to the 4th key data, and using the second algorithm to the 4th calculated result and described
Key block MAC value carries out that the 5th clear data is calculated;Using third algorithm to the second plaintext data to the described 5th
Clear data carries out that the first clear data is calculated.
10. the method as described in claim 1, which is characterized in that the equipment is according to the protection key, the 9th preset data
With the tenth preset data carry out that the second key is calculated, specifically:
The equipment according to the 9th preset data of protection key pair carries out that the second data are calculated, according to second number
The second key is obtained according to the tenth preset data.
11. method as claimed in claim 10, which is characterized in that the equipment is according to the 9th present count of protection key pair
According to carrying out that the second data are calculated, the second key is obtained according to second data and the tenth preset data, specifically:
The equipment to the 9th preset data carries out that the second data are calculated according to the protection key using the first algorithm, sentences
Whether second data of breaking need to update, and are then to update second data according to the tenth preset data, remember updated the
Two data are the second key;Otherwise remember that second data are the second key.
12. the method as described in claim 1, which is characterized in that in the step S4, it is described according to the MAC key, it is described
First clear data, key block header field and the second key obtain the second MAC value, specifically:
The equipment to first clear data and the key block header field carries out that the first recombination data is calculated;It will be described
First recombination data is divided into six part of the second recombination data to the 7th recombination data;Using second described in the MAC key pair
Recombination data carries out that the first encryption data is calculated;Use third recombination data described in the MAC key pair and described first
Encryption data carries out that the second encryption data is calculated;Use the 4th recombination data and described second described in the MAC key pair
Encryption data carries out that third encryption data is calculated;Use quintet data and the third described in the MAC key pair
Encryption data carries out that the 4th encryption data is calculated;It is encrypted using the 6th recombination data described in the MAC key pair and the 4th
Data carry out that the 5th encryption data is calculated;Use the 7th recombination data described in the MAC key pair, the 5th encryption number
According to carrying out that the second MAC value is calculated with the second key.
13. the method as described in claim 1, which is characterized in that in the step S5, further includes: described in the equipment judgement
Whether the second MAC value and the key block MAC value are identical, are, symmetric key is obtained from first clear data and is deposited
Storage is responded to host computer " return " key" transmission success, otherwise returns to error code to host computer.
14. a kind of equipment for obtaining symmetric key, which is characterized in that including receiving module, the first parsing module, the second parsing mould
Block, the first acquisition module, first obtaining module, second obtain module, third obtains module, the 4th obtains module, the 5th obtains
Module, the 6th obtain module, the second acquisition module, memory module and sending module;
The receiving module, for receiving the cipher key delivery instruction of host computer transmission;
First parsing module instructs to obtain key block number for parsing the received cipher key delivery of the receiving module
According to;
Second parsing module obtains key for parsing the cipher key block data that first parsing module parses
Build domain, cipher key block data domain and key block MAC value;
Described first obtains module, for obtaining preset protection key;
The first obtaining module, for obtaining the protection key, the first preset data that module obtains according to described first
First key is obtained with the second preset data;
Described second obtains module, for obtaining the protection key, the 9th preset data that module obtains according to described first
With the tenth preset data carry out that the second key is calculated;
The third obtains module, and the protection key for being obtained according to the first acquisition module described first obtains
The first key, third preset data, the 4th preset data and the 5th preset data that module obtains obtain encryption key;
Described 4th obtains module, and the protection key for being obtained according to the first acquisition module described first obtains
The first key, the 6th preset data, the 7th preset data and the 8th preset data that module obtains obtain MAC key;
Described 5th obtains module, for obtaining the encryption key, second parsing that module obtains according to the third
The key block MAC value that the cipher key block data domain and second parsing module that module parses parse obtains first in plain text
Data;
Described 6th obtains module, obtains mould for obtaining the MAC key, the described 5th that module obtains according to the described 4th
The key block header field and described second that first clear data that block obtains, second parsing module parse obtains mould
The second key that block obtains obtains the second MAC value;
Described second obtains module, obtains second MAC value and second parsing that module obtains for working as the described 6th
When the key block MAC value that module parses is identical, first clear data that module obtains is obtained from the described 5th
Middle acquisition symmetric key;
The memory module obtains the symmetric key that module obtains for storing described second;
The sending module, for being responded to host computer " return " key" transmission success.
15. equipment as claimed in claim 14, which is characterized in that the first obtaining module include the first computational submodule and
First obtains submodule;
First computational submodule, for obtaining first present count of protection key pair that module obtains according to described first
According to carrying out that the first data are calculated;
Described first obtains submodule, first data and second for being calculated according to first computational submodule
Preset data obtains first key.
16. equipment as claimed in claim 15, which is characterized in that described first obtain submodule include the first judging unit,
First updating unit, first are denoted as unit and second and are denoted as unit;
First computational submodule uses first specifically for obtaining the protection key that module obtains according to described first
Algorithm carries out the first preset data the first data are calculated;
Whether first judging unit, first data for judging that first computational submodule is calculated need
It updates;
First updating unit, for updating institute according to the second preset data when first judging unit is judged as YES
State first data that the first computational submodule is calculated;
Described first is denoted as unit, for remembering that updated first data of first updating unit are first key;
Described second is denoted as unit, for remembering the first computational submodule meter when first judging unit is judged as NO
Obtained first data are first key.
17. equipment as claimed in claim 14, which is characterized in that the third obtain module include the second computational submodule,
Third computational submodule, the 4th computational submodule and the first composition submodule;
Second computational submodule is obtained for using described first to obtain the protection key and described first that module obtains
The first key obtained to module carries out third present count first part's encryption data is calculated;
The third computational submodule is obtained for using described first to obtain the protection key and described first that module obtains
The first key obtained to module to the 4th present count carries out that second part encryption data is calculated;
4th computational submodule is obtained for using described first to obtain the protection key and described first that module obtains
The first key obtained to module to the 5th present count carries out that Part III encryption data is calculated;
The first composition submodule, the first part for being calculated according to second computational submodule encrypt number
The second part encryption data and the 4th computational submodule being calculated according to, the third computational submodule calculate
The Part III encryption data composition encryption key arrived.
18. equipment as claimed in claim 17, which is characterized in that second computational submodule is specifically used for according to
The first key and third preset data that first obtaining module obtains obtain the first intermediate data, obtain according to described first
The protection key and the first intermediate data that module obtains obtain first part's encryption data;
The third computational submodule, it is pre- specifically for the first key obtained according to the first obtaining module and the 4th
If data obtain the second intermediate data, the protection key and the second intermediate data obtained according to the first acquisition module is obtained
To second part encryption data;
4th computational submodule, it is pre- specifically for the first key obtained according to the first obtaining module and the 5th
If data obtain third intermediate data, the protection key and third intermediate data obtained according to the first acquisition module is obtained
To Part III encryption data.
19. equipment as claimed in claim 14, which is characterized in that the described 4th obtain module include the 5th computational submodule,
6th computational submodule, the 7th computational submodule and the second composition submodule;
5th computational submodule is obtained for using described first to obtain the protection key and described first that module obtains
The first key obtained to module to the 6th present count carries out that first part's MAC data is calculated;
6th computational submodule is obtained for using described first to obtain the protection key and described first that module obtains
The first key obtained to module to the 7th present count carries out that second part MAC data is calculated;
7th computational submodule is obtained for using described first to obtain the protection key and described first that module obtains
The first key obtained to module to the 8th present count carries out that Part III MAC data is calculated;
The second composition submodule, first part's MAC number for being calculated according to the 5th computational submodule
The second part MAC data and the 7th computational submodule being calculated according to, the 6th computational submodule calculate
The Part III MAC data composition MAC key arrived.
20. equipment as claimed in claim 19, which is characterized in that the 5th computational submodule is specifically used for according to
The first key and the 6th preset data that first obtaining module obtains obtain the 4th intermediate data, obtain according to described first
The protection key and the 4th intermediate data that module obtains obtain first part's MAC data;
6th computational submodule, it is pre- specifically for the first key obtained according to the first obtaining module and the 7th
If data obtain the 5th intermediate data, the protection key and the 5th intermediate data obtained according to the first acquisition module is obtained
To second part MAC data;
7th computational submodule, it is pre- specifically for the first key obtained according to the first obtaining module and the 8th
If data obtain the 6th intermediate data, the protection key and the 6th intermediate data obtained according to the first acquisition module is obtained
To Part III MAC data.
21. equipment as claimed in claim 14, which is characterized in that the described 5th obtain module including first etc. molecular modules,
8th computational submodule, the 9th computational submodule, the tenth computational submodule, the 11st computational submodule and third form submodule
Block;
Described first equal molecular modules, the cipher key block data domain for parsing second parsing module is divided into
Four parts;
8th computational submodule, for obtaining the encryption key that module obtains to described first etc. using the third
The first part that molecular modules equal part obtains carries out that the first calculated result is calculated, by first calculated result and described
The key block MAC value that two parsing modules parse carries out that second plaintext data are calculated;
9th computational submodule, for obtaining the encryption key that module obtains to described first etc. using the third
The second part that molecular modules equal part obtains carries out that the second calculated result is calculated, by second calculated result and described
The key block MAC value that two parsing modules parse carries out that third clear data is calculated;
Tenth computational submodule, for obtaining the encryption key that module obtains to described first etc. using the third
The Part III that molecular modules equal part obtains carries out that third calculated result is calculated, by the third calculated result and described
The key block MAC value that two parsing modules parse carries out that the 4th clear data is calculated;
11st computational submodule, for obtaining the encryption key that module obtains to described first using the third
The Part IV that equal molecular modules equal part obtains carries out that the 4th calculated result is calculated, by the 4th calculated result and described
The key block MAC value that second parsing module parses carries out that the 5th clear data is calculated;
The third forms submodule, second plaintext data for being calculated according to the 8th computational submodule, described
The 4th clear data that third clear data that 9th computational submodule is calculated, the tenth computational submodule are calculated
The 5th clear data being calculated with the 11st computational submodule obtains the first clear data.
22. equipment as claimed in claim 21, which is characterized in that first equal molecular modules are specifically used for described the
The cipher key block data domain that two parsing modules parse is divided into first key data, the second key data, third key
Four part of data and the 4th key data;
8th computational submodule uses first specifically for obtaining the encryption key that module obtains according to the third
The first key data that algorithm obtains the described first equal molecular modules equal part carry out that the first calculated result is calculated, and
It is calculated using the key block MAC value that the second algorithm parses the first calculated result and second parsing module
Obtain second plaintext data;
9th computational submodule uses first specifically for obtaining the encryption key that module obtains according to the third
Second key data that algorithm obtains the described first equal molecular modules equal part carries out that the second calculated result is calculated, and
It is calculated using the key block MAC value that the second algorithm parses the second calculated result and second parsing module
Obtain third clear data;
Tenth computational submodule uses first specifically for obtaining the encryption key that module obtains according to the third
The third key data that algorithm obtains the described first equal molecular modules equal part carries out that third calculated result is calculated, and
It is calculated using the key block MAC value that the second algorithm parses third calculated result and second parsing module
Obtain the 4th clear data;
11st computational submodule uses the specifically for obtaining the encryption key that module obtains according to the third
The 4th key data that one algorithm obtains the described first equal molecular modules equal part carries out that the 4th calculated result is calculated,
And it is counted using the key block MAC value that the second algorithm parses the 4th calculated result and second parsing module
Calculation obtains the 5th clear data.
23. equipment as claimed in claim 14, which is characterized in that described second, which obtains module, includes the 12nd computational submodule
Submodule is obtained with second;
12nd computational submodule, it is default for obtaining the protection key pair the 9th that module obtains according to described first
Data carry out that the second data are calculated;
Described second obtains submodule, second data for being calculated according to the 12nd computational submodule and
Ten preset datas obtain the second key.
24. equipment as claimed in claim 23, described second obtain submodule include second judgment unit, second update it is single
Member, third are denoted as unit and the 4th and are denoted as unit;
12nd computational submodule uses the specifically for obtaining the protection key that module obtains according to described first
One algorithm to the 9th preset data carries out that the second data are calculated;
Whether the second judgment unit, second data for judging that the 12nd computational submodule is calculated need
It updates;
Second updating unit, for updating institute according to the tenth preset data when the second judgment unit is judged as YES
State second data that the 12nd computational submodule is calculated;
The third is denoted as unit, for remembering that updated second data of second updating unit are the second key;
Described 4th is denoted as unit, for remembering that second data that the 12nd computational submodule is calculated are second close
Key.
25. equipment as claimed in claim 14, which is characterized in that the described 6th, which obtains module, calculates submodule including the 13rd
The molecular modules such as block, second, the 14th computational submodule, the 15th computational submodule, the 16th computational submodule, the 17th meter
Operator module, the 18th computational submodule and the 19th computational submodule;
13rd computational submodule, for obtaining first clear data and described that module obtains to described second
The key block header field that two parsing modules parse carries out that the first recombination data is calculated;
Described second equal molecular modules, first recombination data etc. for the 13rd computational submodule to be calculated
It is divided into six part of the second recombination data to the 7th recombination data;
14th computational submodule, for being obtained second described in the MAC key pair that module obtains using the described 4th
Second recombination data that equal molecular modules equal part obtains carries out that the first encryption data is calculated;
15th computational submodule, for being obtained second described in the MAC key pair that module obtains using the described 4th
The third recombination data and first encryption data that equal molecular modules equal part obtains carry out that the second encryption number is calculated
According to;
16th computational submodule, for being obtained second described in the MAC key pair that module obtains using the described 4th
The 4th recombination data and second encryption data that equal molecular modules equal part obtains carry out that third encryption number is calculated
According to;
17th computational submodule, for being obtained second described in the MAC key pair that module obtains using the described 4th
The quintet data and the third encryption data that equal molecular modules equal part obtains carry out that the 4th encryption number is calculated
According to;
18th computational submodule, for being obtained second described in the MAC key pair that module obtains using the described 4th
The 4th encryption data that the 6th recombination data and the 17th computational submodule that equal molecular modules equal part obtains are calculated
It carries out that the 5th encryption data is calculated;
19th computational submodule, for being obtained second described in the MAC key pair that module obtains using the described 4th
The slender acanthopanax that the 7th recombination data that equal molecular modules equal part obtains, the 18th computational submodule are calculated
Ciphertext data and described second obtains the second key that module obtains and carries out that the second MAC value is calculated.
26. equipment as claimed in claim 14, which is characterized in that further include judgment module;
The judgment module, for judging that the described 6th obtains second MAC value that module obtains and the second parsing mould
Whether the key block MAC value that block parses is identical;
Described second obtains module, specifically for judging that the described 6th obtains described second that module obtains when the judgment module
When the key block MAC value that MAC value and second parsing module parse is identical, module is obtained from the described 5th and is obtained
First clear data in obtain symmetric key;
The sending module is also used to judge that the described 6th obtains second MAC value that module obtains when the judgment module
When the key block MAC value parsed with second parsing module is not identical, error code is returned to host computer.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810930698.5A CN109150510B (en) | 2018-08-15 | 2018-08-15 | Method and equipment for obtaining symmetric key |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810930698.5A CN109150510B (en) | 2018-08-15 | 2018-08-15 | Method and equipment for obtaining symmetric key |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109150510A true CN109150510A (en) | 2019-01-04 |
| CN109150510B CN109150510B (en) | 2021-03-16 |
Family
ID=64789685
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810930698.5A Active CN109150510B (en) | 2018-08-15 | 2018-08-15 | Method and equipment for obtaining symmetric key |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109150510B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111565206A (en) * | 2020-07-16 | 2020-08-21 | 飞天诚信科技股份有限公司 | Method and terminal for safely transmitting secret key |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030115452A1 (en) * | 2000-12-19 | 2003-06-19 | Ravi Sandhu | One time password entry to access multiple network sites |
| CN103051446A (en) * | 2012-12-26 | 2013-04-17 | 公安部第一研究所 | Key encryption and storage method |
| CN103475474A (en) * | 2013-08-28 | 2013-12-25 | 华为技术有限公司 | Method for providing and acquiring shared enciphered data and identity authentication equipment |
| CN105897748A (en) * | 2016-05-27 | 2016-08-24 | 飞天诚信科技股份有限公司 | Symmetric secrete key transmission method and device |
| US20180069699A1 (en) * | 2016-09-02 | 2018-03-08 | Blackberry Limited | Decrypting encrypted data on an electronic device |
-
2018
- 2018-08-15 CN CN201810930698.5A patent/CN109150510B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030115452A1 (en) * | 2000-12-19 | 2003-06-19 | Ravi Sandhu | One time password entry to access multiple network sites |
| CN103051446A (en) * | 2012-12-26 | 2013-04-17 | 公安部第一研究所 | Key encryption and storage method |
| CN103475474A (en) * | 2013-08-28 | 2013-12-25 | 华为技术有限公司 | Method for providing and acquiring shared enciphered data and identity authentication equipment |
| CN105897748A (en) * | 2016-05-27 | 2016-08-24 | 飞天诚信科技股份有限公司 | Symmetric secrete key transmission method and device |
| US20180069699A1 (en) * | 2016-09-02 | 2018-03-08 | Blackberry Limited | Decrypting encrypted data on an electronic device |
Non-Patent Citations (1)
| Title |
|---|
| 孟彦: "IEEE802.11i密钥管理机制的分析与改进", 《中国优秀硕士学位论文全文数据库》 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111565206A (en) * | 2020-07-16 | 2020-08-21 | 飞天诚信科技股份有限公司 | Method and terminal for safely transmitting secret key |
| CN111565206B (en) * | 2020-07-16 | 2020-10-16 | 飞天诚信科技股份有限公司 | Method and terminal for safely transmitting secret key |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109150510B (en) | 2021-03-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104641375B (en) | The safe communication between medical treatment device and its remote-control device | |
| CN106357393B (en) | A kind of safe data transmission method and device | |
| US5200999A (en) | Public key cryptosystem key management based on control vectors | |
| CN105897748B (en) | A kind of transmission method and equipment of symmetric key | |
| CN107678763A (en) | Electric energy meter upgrade method and system based on digital signature technology | |
| CN101344906B (en) | Sectional type remote updating method | |
| CN110073634A (en) | Data conversion system and method | |
| CN102932349B (en) | Data transmission method, device and system | |
| CN101251883B (en) | Method for performing safety controllable remote upgrade for software protecting device | |
| CN106059757A (en) | Audio and video monitoring device, data encryption and decryption method, and audio and video display device | |
| CN109560931A (en) | A kind of equipment remote upgrade method based on no Certification system | |
| CN102792629A (en) | Method and device for providing at least one secure cryptographic key | |
| CN107135070A (en) | Method for implanting, framework and the system of RSA key pair and certificate | |
| CN101977193A (en) | Method and system for safely downloading certificate | |
| CN104579680B (en) | A kind of method of secure distribution seed | |
| CN103490894B (en) | A kind of implementation method determining intelligent cipher key equipment life cycle and device | |
| CN109743176A (en) | A kind of certificate update method, server and the POS terminal of POS terminal | |
| CN103957196B (en) | Synchronization method and system for information security equipment | |
| CN107104795B (en) | Method, framework and system for injecting RSA key pair and certificate | |
| CN102282799A (en) | System and device for protection control instrumentation, and data transmission method | |
| CN110190950B (en) | Method and device for realizing security signature | |
| CN113868672B (en) | Module wireless firmware upgrading method, security chip and wireless firmware upgrading platform | |
| CN108270791A (en) | A kind of method and system of safe operation executable file | |
| CN105978686A (en) | Key management method and system | |
| WO2010053885A1 (en) | Method and apparatus for generating and updating security codes |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |