CN109492384A - Receiving entity access, method, encryption device and the entity for accessing encryption device - Google Patents
Receiving entity access, method, encryption device and the entity for accessing encryption device Download PDFInfo
- Publication number
- CN109492384A CN109492384A CN201811124075.5A CN201811124075A CN109492384A CN 109492384 A CN109492384 A CN 109492384A CN 201811124075 A CN201811124075 A CN 201811124075A CN 109492384 A CN109492384 A CN 109492384A
- Authority
- CN
- China
- Prior art keywords
- encryption device
- entity
- acquisition request
- cipher
- sent
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
- G06F21/46—Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
Abstract
This disclosure relates to method, encryption device and the entity of receiving entity access, access encryption device, this method comprises: each cipher object that the respectively described encryption device includes generates corresponding object ID;Receive the object ID acquisition request that target entity is sent;Judge whether the object ID acquisition request is legal;If the object ID acquisition request is legal, the transmission of Xiang Suoshu target entity respond successfully data packet, wherein the successful data packet of responding is including at least the mapping relations between cipher object and object ID.The disclosure generates corresponding ID to cipher objects to be visited all in encryption device by encryption device itself and manages, when encryption device is received and is accessed, encryption device can inherently make corresponding response according to access request, without being limited by physical quantities, simultaneously, as long as entity has permission, all cipher objects in the accessible encryption device of entity, so as to realize that multiple entities or terminal share the technical purpose of all password resources in encryption device.
Description
Technical field
This disclosure relates to computer safety field, and in particular to a kind of access of receiving entity, access encryption device method,
Encryption device and entity.
Background technique
In the use environment of existing password equipment, usually single encryption device only serves single entities or single password is set
Standby control device, encryption device control device are completed to the management of single or multiple encryption devices, operation, the functions such as use.By
In multiple entities many times, can be related to access the needs of an encryption device, this when, in single encryption device
The concept of container can be introduced, thus multiple entities the password resource in different vessels in same encryption device can be operated and
Do not cause to conflict.
For current technology, when single encryption device is only capable of serving single entities, it is not able to satisfy multiple realities
Body accesses the demand of single encryption device jointly;When the concept for introducing container in encryption device, different entities or terminal can be right
Password resource in same encryption device in different vessels is operated without causing to conflict, but in this scheme, different real
Body or terminal are only capable of the password resource in access encryption device in different vessels, can not achieve multiple entities or terminal shares password
All password resources in equipment.
Summary of the invention
In view of this, the application provides a kind of method of receiving entity access, by encryption device itself to encryption device
Interior all cipher objects to be visited generate corresponding ID and manage, and when encryption device is received and accessed, encryption device inherently may be used
To make corresponding response according to access request, without being limited by physical quantities, meanwhile, as long as entity has permission, entity can be with
All cipher objects in encryption device are accessed, so as to realize that multiple entities or terminal share all password moneys in encryption device
The technical purpose in source.In order to solve the above technical problems, the disclosure is realized by following technological means:
A kind of method of receiving entity access, is applied to encryption device, comprising:
Each cipher object that the respectively described encryption device includes generates corresponding object ID;
Receive the object ID acquisition request that target entity is sent;
Judge whether the object ID acquisition request is legal;
If the object ID acquisition request is legal, the transmission of Xiang Suoshu target entity responds successfully data packet, so that the mesh
Mark entity accesses cipher object in the encryption device based on the successfully data packet that responds, wherein described respond successfully counts
The mapping relations between cipher object and object ID are included at least according to packet.
Further, before each cipher object that the respectively described encryption device includes generates corresponding object ID, also
Include:
According to the cipher object operational order that entity is sent, cipher object is generated;Or,
The cipher object that receiving entity imports.
Further, judging whether the object ID acquisition request is legal includes:
Encrypted instruction is sent to the target entity, is sentenced according to decrypted result of the target entity to the encrypted instruction
Whether the object ID acquisition request of breaking is legal, wherein if the target entity successful decryption, the object ID is obtained
Request is judged as legal, and the object ID acquisition request is otherwise judged as illegal;Or,
The target entity information in the object ID acquisition request is obtained, judges entity letter preset in the encryption device
Whether include the target entity information in the object ID acquisition request in breath, wherein if preset in the encryption device
Comprising the target entity information in the object ID acquisition request in entity information, then the object ID acquisition request is judged as
It is legal, the object ID acquisition request is otherwise judged as illegal.
Further, after responding successfully data packet to target entity transmission, further includes:
The cipher object operational order that the target entity is sent is received, the cipher object operational order is object accesses
Instruction, object generate instruction, object more new command or object and delete instruction;
Determine the operating right of the target entity;
The Object Operations instruction is responded within the scope of the operating right of the target entity.
A method of access encryption device is applied to entity, comprising:
To encryption device sending object ID acquisition request;
Receive the feedback information that the encryption device is sent;
If the feedback information is to respond successfully data packet, successfully data packet is responded according to described, Xiang Suoshu password is set
Preparation send the access request for requesting access to target password object, wherein the successfully data packet that responds includes at least cipher object
Mapping relations between object ID.
Further, the feedback information is response failure information, the method also includes:
The object ID acquisition request is sent to the encryption device again, wherein if continuous n times send the object
After ID acquisition request, response failure information is received, stops sending the object ID acquisition request.
Further, the method also includes:
Cipher object operational order is sent to the encryption device, to generate cipher object in the encryption device;With/
Or,
Cipher object is imported to the encryption device.
Further, if the feedback information is to respond successfully data packet, the method also includes:
Cipher object operational order is sent to the encryption device, the cipher object operational order refers to for object accesses
It enables, object generates instruction, object more new command or object and deletes instruction;
Receive the instruction operational feedback information that the encryption device is sent.
A kind of encryption device, the encryption device include:
Object ID generation module: for being respectively that the encryption device each cipher object for including generates corresponding object
ID;
Object ID acquisition request receiving module: for receiving the object ID acquisition request of target entity transmission;
First judging unit: whether the acquisition request for judging that the object ID acquisition request receiving module receives closes
Method;
Sending module: for when the acquisition request is legal, according to the acquisition request, Xiang Suoshu target entity to be sent
Successfully data packet is responded, so that the target entity accesses password in the encryption device based on the successfully data packet that responds
Object, wherein the successful data packet of responding includes at least mapping relations between cipher object and object ID.
A kind of entity, the entity include:
Object ID acquisition request sending module: it is used for encryption device sending object ID acquisition request;
Receiving module: for receiving the feedback information of encryption device transmission;
Second judgment unit: for judging whether the feedback information that encryption device is sent is response successful information;
Cipher object access request sending module: for being set to password when the feedback information is response successful information
Preparation send the access request for requesting access to target password object, wherein response successful information includes at least cipher object and object
Mapping relations between ID.
The disclosure generates corresponding ID to cipher objects to be visited all in encryption device by encryption device itself and manages
Reason, when encryption device is received and accessed, encryption device can inherently make corresponding response according to access request, without by entity
The limitation of quantity, meanwhile, as long as entity has permission, all cipher objects in the accessible encryption device of entity, so as to reality
Existing multiple entities or terminal share the technical purpose of all password resources in encryption device.
Detailed description of the invention
Attached drawing is and to constitute part of specification for providing further understanding of the disclosure, with following tool
Body embodiment is used to explain the disclosure together, but does not constitute the limitation to the disclosure.In the accompanying drawings:
Fig. 1 is a kind of method flow diagram of receiving entity access shown according to an exemplary embodiment.
Fig. 2 is a kind of method flow diagram for accessing encryption device shown according to an exemplary embodiment.
Fig. 3 is a kind of encryption device structural schematic diagram shown according to an exemplary embodiment.
Fig. 4 is a kind of entity structure schematic diagram shown according to an exemplary embodiment.
Specific embodiment
It is with reference to the accompanying drawing and specific real in order to make those skilled in the art more fully understand the technical solution of the disclosure
Example is applied to be described in further detail the disclosure.
Embodiment 1
As shown in Figure 1, being applied to encryption device the present embodiment provides a kind of method of receiving entity access, comprising:
S1: being respectively the corresponding object ID of each cipher object generation that the encryption device includes;
S2: the object ID acquisition request that target entity is sent is received;
S3: judge whether the object ID acquisition request is legal;
S4: if the object ID acquisition request is legal, the transmission of Xiang Suoshu target entity responds successfully data packet, so that described
Target entity accesses cipher object in the encryption device based on the successfully data packet that responds, wherein described to respond successfully
Data packet includes at least the mapping relations between cipher object and object ID.
What needs to be explained here is that the target entity in the present embodiment refers to the reality interacted with encryption device
Body, in the present embodiment, cipher object and object ID are that unique association is corresponding, and cipher object is stored in encryption device, works as reality
After body gets object ID, the corresponding cipher object in encryption device, the object ID in an encryption device can be also accessed
It is to be generated and managed by encryption device itself, specifically, in the present embodiment, cipher object, which can be, accuses of book, key (key
Can be used as cipher object), data etc., the definition of object ID is by self-setting inside encryption device, cipher object and object ID
Between association also by self-defining inside encryption device, can be by the head word of the storage space of cipher object when practical operation
Section is defined as object ID, can also make other definition.In addition, the entity in the present embodiment can refer to terminal, may also mean that
Encryption device control device can also refer to the chip or processor for needing to access to cipher object in encryption device, this
In chip or processor can be inside encryption device, be also possible in exterior terminal or encryption device control device.
It should also be noted that, respond described in step S4 successfully data packet in addition to including between cipher object and object ID
Mapping relations, can also include information relevant to object ID, can be object ID itself, be also possible to object ID key
(object ID can be calculated by object ID key), can also be other characteristic informations that can uniquely determine object ID,
Entity receive respond successfully data packet after can according to acquisition of information relevant to object ID to object ID, thus according to
Cipher object is accessed in mapping relations between cipher object and object ID.In addition, if the object ID acquisition request does not conform to
Method, encryption device can send this feedback information of response failure to the target entity.
When the present embodiment is embodied, encryption device itself generates phase to cipher objects to be visited all in encryption device
It answers ID and manages, when encryption device receives the access for verifying legal entity, encryption device can inherently be asked according to access
It asks and makes corresponding response, without being limited by physical quantities, meanwhile, as long as entity has permission, entity can be according to getting
Object ID accesses all cipher objects in encryption device, so as to realize that it is all in encryption device that multiple entities or terminal are shared
The technical purpose of password resource.
Preferably, corresponding object ID, i.e. step S1 are generated in each cipher object that the respectively described encryption device includes
Before, further includes:
S01: the cipher object operational order sent according to entity generates cipher object;Or,
S02: the cipher object that receiving entity imports.
In order to be preferably illustrated to the present embodiment, for example according to the business needs of application, can be wanted by external command
The key for generating specified type inside encryption device is asked (such as to generate signature public private key pair, session key, this when, password
Object is certain key);Encryption device can also import special object (as imported and generated by external entity according to external command
Device certificate or other data, this when, cipher object are device certificate or data).
Preferably, judge whether the object ID acquisition request is legal, i.e. step S3 includes:
Encrypted instruction is sent to the target entity, is sentenced according to decrypted result of the target entity to the encrypted instruction
Whether the object ID acquisition request of breaking is legal, wherein if the target entity successful decryption, the object ID is obtained
Request is judged as legal, and the object ID acquisition request is otherwise judged as illegal;Or,
The target entity information in the object ID acquisition request is obtained, judges entity letter preset in the encryption device
Whether include the target entity information in the object ID acquisition request in breath, wherein if preset in the encryption device
Comprising the target entity information in the object ID acquisition request in entity information, then the object ID acquisition request is judged as
It is legal, the object ID acquisition request is otherwise judged as illegal.
What needs to be explained here is that the encrypted instruction can be encrypted instruction in general sense, or coding
Instruction, when encrypted instruction is coded command, entity needs to be decoded coded command, when it is implemented, encryption device is sent out
The encrypted instruction sent is that the method for being known or being arranged jointly using encryption device and entity is encrypted, therefore, if target
Encrypted instruction successful decryption can then be may determine that the target entity has the entity of access authority, the target entity by entity
The object ID acquisition request of transmission is also legal.
It (is used for unique true alternatively, it is also possible to preset the relevant information of the entity of access authority in encryption device in advance
Determine entity, such as entity number etc.), when it is implemented, the relevant information of multiple entities for having access authority can be preset at
Entity information collection is formed in encryption device, if encryption device receives the object ID acquisition request that a certain target entity is sent
It, can be by judging entity information preset in encryption device after (may include target entity information in object ID acquisition request)
Whether concentrate includes whether target entity information is legal come the object ID acquisition request for determining that the target entity is sent.
In order to preferably be illustrated to the present embodiment, for example the external entity 1 that entity number is 0x10001234 is to close
Decoding apparatus has sent object ID acquisition request, if it is determined that entity number 0x10001234 is the entity being preset in encryption device
One of information concentration, then illustrating that external entity 1 has access authority, the object ID acquisition request that external entity 1 is sent is
It is legal, then encryption device can generate relevant to object ID information (such as object ID key, according to object ID in inside
Key can calculate object ID), and make the successful response of access to external entity 1 and (responded successfully to the transmission of external entity 1
Data packet);For another example entity number is that the external entity 2 of 0x20001234 has sent object ID acquisition request to encryption device,
Entity number 0x20001234 is not one that the entity information being preset in encryption device is concentrated, then illustrating external entity 1
Without access authority, external entity 2 send object ID acquisition request be it is illegal, encryption device then does external entity 2
It haunts and has permission or request the response to fail.
As a kind of optimization of the present embodiment, after responding successfully data packet to target entity transmission, further includes:
S5: receiving the cipher object operational order that the target entity is sent, and the cipher object operational order is object
Access instruction, object generate instruction, object more new command or object and delete instruction;
S6: the operating right of the target entity is determined;
S7: the Object Operations instruction is responded within the scope of the operating right of the target entity.
What needs to be explained here is that legal entity has the device identification of oneself, the behaviour that different legal entities has
Making permission may be different, and device identification and the corresponding entity of each device identification of different legal entities are stored in encryption device
Operating right, due to containing device identification in Object Operations instruction, encryption device can determine physical operation according to device identification
Permission, then respond, than if any entity can only read cipher object, cipher object cannot be deleted, then, can only read close
After the entity of code object has sent object deletion instruction to encryption device, the response failure of encryption device transmission will be received
Feedback information, in the specific implementation, the permission of entity setting up deletion cipher object that can be high to permission.
In the present embodiment, the cipher object operational order is atomization operation, and cipher object operational order is to pass through finger
Collection is enabled to realize that instruction set here can be the command history that entity is communicated with encryption device, it can be understood as entity
The shared interface protocol made an appointment with encryption device.For example entity is connected by specific physical connection interface and encryption device
It connects, interface transmits specific bit stream 0x10001234 instruction encryption device and generates object ID, and encryption device returns to production in the response
Raw object ID success or not and relevant information.
It should also be noted that, atomization operation refers to the operation that will not be interrupted by thread scheduling mechanism, this operation one
Denier starts, and just runs to end always, it is to be understood that be realized by defining exclusive, the exclusive instruction of cancellation, specifically,
Specific external entity sends exclusive instruction before carrying out the encryption device operation that series can not be interrupted, after completing encryption device operation
It sends and cancels exclusive instruction, in monopolizing/cancelling exclusive command interval, other external entity access encryption devices will be accessed
Failure information.
Preferably, method provided in this embodiment further include:
T1: while receiving the object ID acquisition request that multiple target entities are sent;
T2: the target entity information in each object ID acquisition request is obtained;
T3: it is obtained according to the object ID that entity information prioritization response preset in the encryption device receives
Request.
What needs to be explained here is that since an encryption device may receive the object ID of multiple target entities simultaneously
Acquisition request, this when, if the object ID acquisition request quantity received be more than encryption device itself can simultaneously into
The number of requests of row processing needs to respond correspondence according to the significance level of request source (entity) to improve working efficiency
Object ID acquisition request, therefore, the present embodiment can by the significance level of entity sort with entity information prioritization
Form be preset in encryption device, here, entity information can refer to entity number etc. uniquely determine where entity feature
Information.It should also be noted that, if it is determined that whether cross the object ID acquisition request that receives legal before step T3, that
The object ID acquisition request that response in step T3 receives refers to that the encryption device directly sends feedback information to entity,
If not judging whether the object ID acquisition request received is legal before step T3, the response in step T3 is received
To object ID acquisition request refer to that the encryption device first judges whether the object ID acquisition request received legal, further according to
Judging result sends feedback information to entity.
Embodiment 2
As shown in Fig. 2, being applied to entity the present embodiment provides a kind of method for accessing encryption device, comprising:
P1: to encryption device sending object ID acquisition request;
P2: the feedback information that the encryption device is sent is received;
P3: if the feedback information is to respond successfully data packet, successfully data packet, Xiang Suoshu password are responded according to described
Equipment sends the access request for requesting access to target password object, wherein the successfully data packet that responds includes at least password pair
As the mapping relations between object ID.
What needs to be explained here is that cipher object and object ID in encryption device are unique associations pair in the present embodiment
It answers, when entity wants access to cipher object, needs first to get the object ID of target password object, that is to say, that need elder generation
To encryption device sending object ID acquisition request, whether encryption device responds successful information according to request feedback, if response
Success, then the feedback information that encryption device is sent is to respond successfully data packet described in step P3, in addition, the reality in the present embodiment
Body can refer to terminal, may also mean that encryption device control device, can also refer to need to cipher object in encryption device
The chip or processor to access, chip or processor here can be inside encryption device, be also possible to external whole
In end or encryption device control device.
It should also be noted that, respond described in step P3 successfully data packet in addition to including between cipher object and object ID
Mapping relations, can also include information relevant to object ID, can be object ID itself, be also possible to object ID key,
Can also be other characteristic informations that can uniquely determine object ID, entity receive respond successfully data packet after can root
According to acquisition of information relevant to object ID to object ID, to be accessed according to the mapping relations between cipher object and object ID
Cipher object.
Preferably, the feedback information is response failure information, the method also includes:
The object ID acquisition request is sent to the encryption device again, wherein if continuous n times send the object
After ID acquisition request, response failure information is received, stops sending the object ID acquisition request.
Preferably, further include P4: the feedback information is response failure information, the method also includes:
The object ID acquisition request is sent to the encryption device again, wherein if continuous n times send the object
After ID acquisition request, response failure information is received, stops sending the object ID acquisition request
It what needs to be explained here is that N value is entity self-setting, can change at any time, why use continuous several times
Access failure just stops accessing such mode, is because access failure is in addition to being entity originally without this reason of access authority
Except caused, it is also possible to because operation, information read fault etc. caused by reasons, if in access process, be not by
Failure is accessed caused by rights concerns, then access failure the result is that can be changed by requesting access to again, from
And improve the efficiency and accuracy of entity access.
Preferably, the method also includes:
P01: Xiang Suoshu encryption device sends cipher object operational order, to generate password pair in the encryption device
As;And/or
P02: Xiang Suoshu encryption device imports cipher object.
As advanced optimizing for the present embodiment, the feedback information is to respond successfully data packet, the method also includes:
P4: Xiang Suoshu encryption device sends cipher object operational order, and the cipher object operational order is object accesses
Instruction, object generate instruction, object more new command or object and delete instruction;
P5: the instruction operational feedback information that the encryption device is sent is received.
When the present embodiment is embodied, the cipher object operational order operates completion by atomization, due to different
Legal entity has different cipher object operating rights, and what it is such as sporocarp transmission is that there is the cipher object of operating right to operate
Instruction, then next instruction that entity can receive encryption device transmission responds successfully this feedback information, as sporocarp sends out
What is sent is the operational order without operating right, then next instruction response that entity can receive encryption device transmission is lost
Lose this feedback information.
Embodiment 3 is as shown in figure 3, the present embodiment provides a kind of encryption devices, comprising:
Object ID generation module 100: for be respectively the encryption device include each cipher object generate it is corresponding right
As ID;
Object ID acquisition request receiving module 110: for receiving the object ID acquisition request of target entity transmission;
First judging unit 120: the acquisition request for judging that the object ID acquisition request receiving module receives is
It is no legal;
Sending module 130: it is used for when the acquisition request is legal, according to the acquisition request, Xiang Suoshu target entity
Transmission responds successfully data packet, so that the target entity is accessed in the encryption device based on the successfully data packet that responds
Cipher object, wherein the successful data packet of responding includes at least mapping relations between cipher object and object ID.
Preferably, the encryption device in the present embodiment can also include:
Cipher object generation module 140: the cipher object for being sent according to entity generates instruction and generates cipher object.
Preferably, the present embodiment can also include:
Cipher object receiving module 150: the cipher object imported for receiving entity.
Preferably, the present embodiment can also include:
Cipher object update module 160: the object more new command for being sent according to entity updates target password object;
Cipher object removing module 170: the object for being sent according to entity deletes instruction delete target cipher object.
About the encryption device in above-described embodiment, modules execute the concrete mode of operation in related this method
Embodiment in be described in detail, explanation will not be elaborated herein.
Embodiment 4
As shown in figure 4, the present embodiment provides a kind of entities, comprising:
Object ID acquisition request sending module 200: it is used for encryption device sending object ID acquisition request;
Receiving module 210: for receiving the feedback information of encryption device transmission;
Second judgment unit 220: for judging whether the feedback information that encryption device is sent is response successful information;
Cipher object access request sending module 230: it is used for when the feedback information is response successful information, to password
Equipment, which is sent, requests access to the access request of target password object, wherein response successful information include at least cipher object with it is right
As the mapping relations between ID.
Preferably, the present embodiment can also include:
Computing module 240: judge that feedback information is response failure information for calculating the continuous how many times of judging unit, such as
Fruit judging unit continuously judges that feedback information is to respond the number of failure information less than or equal to N, and object ID acquisition request is sent
Module is again to encryption device sending object ID acquisition request.
Preferably, the present embodiment can also include:
Cipher object generates instruction sending module 250: generating instruction for sending cipher object to encryption device;
Preferably, the present embodiment can also include:
Cipher object sending module 260: for sending cipher object to encryption device;
Preferably, the present embodiment can also include:
Cipher object updates instruction sending module 270: for sending cipher object more new command to encryption device;
Cipher object deletes instruction sending module 280: deleting instruction for sending cipher object to encryption device;
Cipher object access instruction sending module 290: for sending cipher object access instruction to encryption device.
What needs to be explained here is that the cipher object sent to encryption device generates instruction, cipher object in the present embodiment
More new command, cipher object delete instruction and cipher object access instruction is atomization operational order.
About the entity in above-described embodiment, modules execute the concrete mode of operation in the reality in relation to this method
It applies in example and is described in detail, explanation will not be elaborated herein.
The above is only the preferred embodiments of the disclosure, it is noted that above-mentioned preferred embodiment is not construed as pair
The protection scope of the limitation of the disclosure, the disclosure should be defined by the scope defined by the claims..For the art
It for those of ordinary skill, is not departing from spirit and scope of the present disclosure, several improvements and modifications can also be made, these change
Into the protection scope that also should be regarded as the disclosure with retouching.
Claims (10)
1. a kind of method of receiving entity access, which is characterized in that be applied to encryption device, comprising:
Each cipher object that the respectively described encryption device includes generates corresponding object ID;
Receive the object ID acquisition request that target entity is sent;
Judge whether the object ID acquisition request is legal;
If the object ID acquisition request is legal, the transmission of Xiang Suoshu target entity responds successfully data packet, so that the target is real
Body accesses cipher object in the encryption device based on the successfully data packet that responds, wherein described to respond successfully data packet
Including at least the mapping relations between cipher object and object ID.
2. the method according to claim 1, wherein each cipher object for including in the respectively described encryption device
Before generating corresponding object ID, further includes:
According to the cipher object operational order that entity is sent, cipher object is generated;Or,
The cipher object that receiving entity imports.
3. the method according to claim 1, wherein judging whether the object ID acquisition request is legal, comprising:
Encrypted instruction is sent to the target entity, institute is judged according to decrypted result of the target entity to the encrypted instruction
Whether legal state object ID acquisition request, wherein if the target entity successful decryption, by the object ID acquisition request
It is judged as legal, the object ID acquisition request is otherwise judged as illegal;Or,
The target entity information in the object ID acquisition request is obtained, is judged in entity information preset in the encryption device
Whether the target entity information in the object ID acquisition request is included, wherein if entity preset in the encryption device
Comprising the target entity information in the object ID acquisition request in information, then the object ID acquisition request is judged as conjunction
Otherwise the object ID acquisition request is judged as illegal by method.
4. the method according to claim 1, wherein to the target entity transmission respond successfully data packet it
Afterwards, further includes:
The cipher object operational order that the target entity is sent is received, the cipher object operational order refers to for object accesses
It enables, object generates instruction, object more new command or object and deletes instruction;
Determine the operating right of the target entity;
The Object Operations instruction is responded within the scope of the operating right of the target entity.
5. a kind of method for accessing encryption device, which is characterized in that be applied to entity, comprising:
To encryption device sending object ID acquisition request;
Receive the feedback information that the encryption device is sent;
If the feedback information is to respond successfully data packet, successfully data packet, Xiang Suoshu encryption device hair are responded according to described
Send the access request for requesting access to target password object, wherein it is described respond successfully data packet include at least cipher object with it is right
As the mapping relations between ID.
6. according to the method described in claim 5, it is characterized in that, the feedback information is response failure information, the method
Further include:
The object ID acquisition request is sent to the encryption device again, wherein is obtained if continuous n times send the object ID
After taking request, response failure information is received, stops sending the object ID acquisition request.
7. according to the method described in claim 5, it is characterized in that, the method also includes:
Cipher object operational order is sent to the encryption device, to generate cipher object in the encryption device;And/or
Cipher object is imported to the encryption device.
8. according to the method described in claim 5, it is characterized in that, the feedback information is to respond successfully data packet, the side
Method further include:
Cipher object operational order is sent to the encryption device, the cipher object operational order is that object accesses instruct, is right
Instruction is deleted as generating instruction, object more new command or object;
Receive the instruction operational feedback information that the encryption device is sent.
9. a kind of encryption device, which is characterized in that the encryption device includes:
Object ID generation module: for being respectively that the encryption device each cipher object for including generates corresponding object ID;
Object ID acquisition request receiving module: for receiving the object ID acquisition request of target entity transmission;
First judging unit: whether the acquisition request for judging that the object ID acquisition request receiving module receives is legal;
Sending module: for when the acquisition request is legal, according to the acquisition request, Xiang Suoshu target entity to send response
Successful data packet, so that the target entity accesses password pair in the encryption device based on the successfully data packet that responds
As, wherein the successful data packet of responding includes at least mapping relations between cipher object and object ID.
10. a kind of entity, which is characterized in that the entity includes:
Object ID acquisition request sending module: it is used for encryption device sending object ID acquisition request;
Receiving module: for receiving the feedback information of encryption device transmission;
Second judgment unit: for judging whether the feedback information that encryption device is sent is response successful information;
Cipher object access request sending module: for being sent out to encryption device when the feedback information is response successful information
Send the access request for requesting access to target password object, wherein response successful information include at least cipher object and object ID it
Between mapping relations.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811124075.5A CN109492384B (en) | 2018-09-26 | 2018-09-26 | Method for receiving entity access and accessing password device, password device and entity |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811124075.5A CN109492384B (en) | 2018-09-26 | 2018-09-26 | Method for receiving entity access and accessing password device, password device and entity |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109492384A true CN109492384A (en) | 2019-03-19 |
| CN109492384B CN109492384B (en) | 2021-07-20 |
Family
ID=65689894
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811124075.5A Active CN109492384B (en) | 2018-09-26 | 2018-09-26 | Method for receiving entity access and accessing password device, password device and entity |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109492384B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110048837A (en) * | 2019-04-17 | 2019-07-23 | 深思数盾(天津)科技有限公司 | For replicating the method and system and password machine equipment of password machine equipment |
| CN111597575A (en) * | 2020-05-25 | 2020-08-28 | 成都卫士通信息产业股份有限公司 | Data storage method, device, equipment and storage medium |
| CN115630400A (en) * | 2022-12-21 | 2023-01-20 | 成都卫士通信息产业股份有限公司 | Query method, device, equipment and storage medium for de-identified data |
Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1801699A (en) * | 2004-12-31 | 2006-07-12 | 联想(北京)有限公司 | Method for accessing cipher device |
| CN101159556A (en) * | 2007-11-09 | 2008-04-09 | 清华大学 | Group key server based key management method in sharing encryption file system |
| CN102023935A (en) * | 2009-09-22 | 2011-04-20 | 三星电子株式会社 | Data storage apparatus having cryption and method thereof |
| US20130311784A1 (en) * | 2008-02-20 | 2013-11-21 | Micheal Bleahen | System and method for preventing unauthorized access to information |
| US8613103B2 (en) * | 2006-07-07 | 2013-12-17 | Sandisk Technologies Inc. | Content control method using versatile control structure |
| CN103812650A (en) * | 2012-11-12 | 2014-05-21 | 华为技术有限公司 | Information processing method, user device and encryption device |
| CN104158657A (en) * | 2014-07-16 | 2014-11-19 | 中兴通讯股份有限公司 | Information processing method and device, as well as encryption equipment |
| US9020149B1 (en) * | 2012-09-14 | 2015-04-28 | Amazon Technologies, Inc. | Protected storage for cryptographic materials |
| CN104993961A (en) * | 2015-06-30 | 2015-10-21 | 广州华多网络科技有限公司 | Equipment control methods, devices and system |
| CN105426746A (en) * | 2015-10-30 | 2016-03-23 | 努比亚技术有限公司 | Password setting apparatus and method |
| CN107315610A (en) * | 2017-06-21 | 2017-11-03 | 深圳白骑士大数据有限公司 | Realize method, device and the computer-readable recording medium of cryptographic function |
| CN108460261A (en) * | 2017-01-03 | 2018-08-28 | 三星电子株式会社 | Method for managing content and its electronic equipment |
-
2018
- 2018-09-26 CN CN201811124075.5A patent/CN109492384B/en active Active
Patent Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1801699A (en) * | 2004-12-31 | 2006-07-12 | 联想(北京)有限公司 | Method for accessing cipher device |
| US8613103B2 (en) * | 2006-07-07 | 2013-12-17 | Sandisk Technologies Inc. | Content control method using versatile control structure |
| CN101159556A (en) * | 2007-11-09 | 2008-04-09 | 清华大学 | Group key server based key management method in sharing encryption file system |
| US20130311784A1 (en) * | 2008-02-20 | 2013-11-21 | Micheal Bleahen | System and method for preventing unauthorized access to information |
| CN102023935A (en) * | 2009-09-22 | 2011-04-20 | 三星电子株式会社 | Data storage apparatus having cryption and method thereof |
| US9020149B1 (en) * | 2012-09-14 | 2015-04-28 | Amazon Technologies, Inc. | Protected storage for cryptographic materials |
| CN103812650A (en) * | 2012-11-12 | 2014-05-21 | 华为技术有限公司 | Information processing method, user device and encryption device |
| CN104158657A (en) * | 2014-07-16 | 2014-11-19 | 中兴通讯股份有限公司 | Information processing method and device, as well as encryption equipment |
| CN104993961A (en) * | 2015-06-30 | 2015-10-21 | 广州华多网络科技有限公司 | Equipment control methods, devices and system |
| CN105426746A (en) * | 2015-10-30 | 2016-03-23 | 努比亚技术有限公司 | Password setting apparatus and method |
| CN108460261A (en) * | 2017-01-03 | 2018-08-28 | 三星电子株式会社 | Method for managing content and its electronic equipment |
| CN107315610A (en) * | 2017-06-21 | 2017-11-03 | 深圳白骑士大数据有限公司 | Realize method, device and the computer-readable recording medium of cryptographic function |
Non-Patent Citations (3)
| Title |
|---|
| YU-ICHI HAYASHI 等: "Analysis of Electromagnetic Information Leakage From Cryptographic Devices With Different Physical Structures", 《 IEEE TRANSACTIONS ON ELECTROMAGNETIC COMPATIBILITY 》 * |
| 王俊人 等: "基于国密标准的密码服务中间件设计思路", 《通信技术》 * |
| 陈亚东 等: "密钥管理系统研究与实现", 《计算机技术与发展》 * |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110048837A (en) * | 2019-04-17 | 2019-07-23 | 深思数盾(天津)科技有限公司 | For replicating the method and system and password machine equipment of password machine equipment |
| CN111597575A (en) * | 2020-05-25 | 2020-08-28 | 成都卫士通信息产业股份有限公司 | Data storage method, device, equipment and storage medium |
| CN115630400A (en) * | 2022-12-21 | 2023-01-20 | 成都卫士通信息产业股份有限公司 | Query method, device, equipment and storage medium for de-identified data |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109492384B (en) | 2021-07-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108923908B (en) | Authorization processing method, device, equipment and storage medium | |
| CN110535833B (en) | Data sharing control method based on block chain | |
| CN111492624B (en) | Method and control system for controlling and/or monitoring a device | |
| US20090094682A1 (en) | Methods and systems for user authorization | |
| CN110944046B (en) | Control method of consensus mechanism and related equipment | |
| CN108011862A (en) | The mandate of mirror image warehouse, access, management method and server and client side | |
| CN104639650B (en) | A kind of fine granularity distributed interface access control method and device | |
| CN109492384A (en) | Receiving entity access, method, encryption device and the entity for accessing encryption device | |
| CN112134956A (en) | Distributed Internet of things instruction management method and system based on block chain | |
| EP3185507B1 (en) | Access control method and apparatus | |
| CN112313908B (en) | Method and control system for controlling and/or monitoring a device | |
| US10360057B1 (en) | Network-accessible volume creation and leasing | |
| CN106034112A (en) | Access control, policy obtaining, attribute obtaining methods and correlated device | |
| CN109587142A (en) | A kind of the data safety AM access module and equipment of service-oriented stream | |
| CN106358246B (en) | Access token issuing method and related equipment | |
| WO2021260495A1 (en) | Secure management of a robotic process automation environment | |
| US20230085367A1 (en) | Authorization processing method, electronic device, and non-transitory computer-readable storage medium | |
| CN114205072B (en) | Authentication method, device and system | |
| CN114024692A (en) | Signing method, device and system | |
| CN214403105U (en) | Intelligent door lock and intelligent door lock system | |
| CN115022021B (en) | Method, system, equipment and computer readable storage medium for accessing k8s | |
| Idrissi et al. | Access control using mobile agents | |
| CN116166429B (en) | Channel attribute determining method of multiple security chips and security chip device | |
| KR20200059908A (en) | Apparatus and method for managing user personal information | |
| CN116578505B (en) | Data sharing method, device, equipment and storage medium based on disk encryption |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP01 | Change in the name or title of a patent holder | ||
| CP01 | Change in the name or title of a patent holder |
Address after: No. 333, Yunhua Road, high tech Zone, Chengdu, Sichuan 610041 Patentee after: China Electronics Technology Network Security Technology Co.,Ltd. Address before: No. 333, Yunhua Road, high tech Zone, Chengdu, Sichuan 610041 Patentee before: CHENGDU WESTONE INFORMATION INDUSTRY Inc. |