CN116668026B - Method, device, equipment and storage medium for processing password card data - Google Patents
Method, device, equipment and storage medium for processing password card data Download PDFInfo
- Publication number
- CN116668026B CN116668026B CN202310962010.2A CN202310962010A CN116668026B CN 116668026 B CN116668026 B CN 116668026B CN 202310962010 A CN202310962010 A CN 202310962010A CN 116668026 B CN116668026 B CN 116668026B
- Authority
- CN
- China
- Prior art keywords
- key
- card
- cipher
- target
- cryptographic
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000012545 processing Methods 0.000 title claims abstract description 38
- 238000000034 method Methods 0.000 title claims abstract description 37
- 238000007789 sealing Methods 0.000 claims abstract description 30
- 238000004590 computer program Methods 0.000 claims description 16
- 230000008859 change Effects 0.000 claims description 9
- 238000003672 processing method Methods 0.000 claims description 8
- 239000004973 liquid crystal related substance Substances 0.000 claims description 5
- 238000001514 detection method Methods 0.000 claims description 4
- 238000004891 communication Methods 0.000 description 8
- 230000006870 function Effects 0.000 description 7
- 230000008569 process Effects 0.000 description 7
- 241000283216 Phocidae Species 0.000 description 6
- 238000010586 diagram Methods 0.000 description 5
- 230000004048 modification Effects 0.000 description 5
- 238000012986 modification Methods 0.000 description 5
- 230000003287 optical effect Effects 0.000 description 3
- 230000003993 interaction Effects 0.000 description 2
- 238000003491 array Methods 0.000 description 1
- 238000013473 artificial intelligence Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 230000008878 coupling Effects 0.000 description 1
- 238000010168 coupling process Methods 0.000 description 1
- 238000005859 coupling reaction Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 239000011521 glass Substances 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 230000001953 sensory effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
- H04L9/0897—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage involving additional devices, e.g. trusted platform module [TPM], smartcard or USB
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y04—INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
- Y04S—SYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
- Y04S40/00—Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
- Y04S40/20—Information technology specific aspects, e.g. CAD, simulation, modelling, system security
Abstract
The invention discloses a method, a device, equipment and a storage medium for processing password card data, which comprise the following steps: when a starting instruction of the cipher machine is obtained, detecting whether system parameters of a basic input/output system of the cipher machine are changed or not; if not, carrying out deblocking treatment on the sealing root key of the target cipher card, and determining the cipher card key of the target cipher card; and decrypting the upper-layer key of the target cipher card by adopting the cipher card key, and determining whether the target cipher card can provide cipher operation service or not according to the decrypted upper-layer key. The data security of the application data can be ensured when the password operation service is improved through the password card.
Description
Technical Field
The embodiment of the invention relates to the field of computers, in particular to a method, a device, equipment and a storage medium for processing password card data.
Background
When the cipher card is used in the cipher machine, no matter the single cipher card or the multiple cipher cards are used, the cipher card has independent cipher key management and interface functions, and if the cipher machine is opened illegally, the cipher card is exposed completely, the cipher card has safe cipher key, but the cipher card has cipher key and cipher card function interface capable of being called, so that the application data protected by the cipher card may be stolen and the data safety of the application data may not be ensured. Therefore, how to ensure the data security of application data when the cryptographic operation service is improved by the cryptographic card is a problem to be solved.
Disclosure of Invention
The invention provides a method, a device, equipment and a storage medium for processing password card data, which can ensure the data security of application data when password operation service is improved through a password card.
When a starting instruction of the cipher machine is obtained, detecting whether system parameters of a basic input/output system of the cipher machine are changed or not;
if not, carrying out deblocking treatment on the sealing root key of the target cipher card, and determining the cipher card key of the target cipher card;
and decrypting the upper-layer key of the target cipher card by adopting the cipher card key, and determining whether the target cipher card can provide cipher operation service or not according to the decrypted upper-layer key.
According to another aspect of the present invention, there is provided a cryptographic card data processing apparatus comprising:
the system parameter detection module is used for detecting whether the system parameters of the basic input and output system of the cipher machine are changed or not when the cipher machine starting instruction is acquired;
the cipher card key determining module is used for performing deblocking processing on the sealing root key of the target cipher card if not, and determining the cipher card key of the target cipher card;
and the upper-layer key decryption module is used for decrypting the upper-layer key of the target cipher card by adopting the cipher card key, and determining whether the target cipher card can provide cipher operation service or not according to the decrypted upper-layer key.
According to another aspect of the present invention, there is provided an electronic apparatus including:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein, the liquid crystal display device comprises a liquid crystal display device,
the memory stores a computer program executable by the at least one processor to enable the at least one processor to perform the cryptographic card data processing method according to any one of the embodiments of the invention.
According to another aspect of the present invention, there is provided a computer readable storage medium storing computer instructions for causing a processor to execute the method for processing cryptographic card data according to any one of the embodiments of the present invention.
According to the technical scheme, when a starting instruction of the cipher machine is acquired, whether system parameters of a basic input and output system of the cipher machine are changed or not is detected; if not, carrying out deblocking treatment on the sealing root key of the target cipher card, and determining the cipher card key of the target cipher card; and decrypting the upper-layer key of the target cipher card by adopting the cipher card key, and determining whether the target cipher card can provide cipher operation service or not according to the decrypted upper-layer key. By the scheme, the problem of application data leakage caused by the loss of the password card due to the fact that the key is lost when the password card loses physical protection and is directly obtained illegally in the application process is solved. When the cipher machine is started, detecting whether the system parameters of the basic input and output system of the cipher machine are changed, if the system parameters are changed, determining that the application data in the cipher machine are illegally stolen, and at the moment, unpacking the sealing root key of the code card is not needed to ensure the data security of the application data. If the system parameters are not changed, the seal root key of the target cipher card is subjected to deblocking processing to determine the cipher card key of the target cipher card, so that the upper layer key of the target cipher card is subjected to decryption processing according to the cipher card key, whether the target cipher card can provide cipher operation service or not is determined according to the decrypted upper layer key, and when the cipher operation service is improved through the cipher card, the data security of application data is ensured, and the problem of data leakage is avoided.
It should be understood that the description in this section is not intended to identify key or critical features of the embodiments of the invention or to delineate the scope of the invention. Other features of the present invention will become apparent from the description that follows.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings required for the description of the embodiments will be briefly described below, and it is apparent that the drawings in the following description are only some embodiments of the present invention, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flowchart of a method for processing data of a cryptographic card according to a first embodiment of the present invention;
FIG. 2 is a flowchart of a method for processing data of a cryptographic card according to a second embodiment of the present invention;
FIG. 3 is a schematic structural diagram of a cryptographic card data processing apparatus according to a third embodiment of the present invention;
fig. 4 is a schematic structural diagram of an electronic device according to a fourth embodiment of the present invention.
Detailed Description
In order that those skilled in the art will better understand the present invention, a technical solution in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in which it is apparent that the described embodiments are only some embodiments of the present invention, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the present invention without making any inventive effort, shall fall within the scope of the present invention.
It should be noted that the terms "candidate" and "target" and the like in the description of the present invention and the claims and the above-described drawings are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the embodiments of the invention described herein may be implemented in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "includes," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
Example 1
Fig. 1 is a flowchart of a method for processing data of a cryptographic card according to an embodiment of the present invention, where the embodiment is applicable to a situation where a cryptographic operation service is provided by a cryptographic card. The method may be performed by a cryptographic card data processing device, which may be implemented in hardware and/or software, which may be configured in an electronic apparatus. As shown in fig. 1, the method includes:
s110, detecting whether system parameters of a basic input and output system of the cipher machine are changed or not when a cipher machine starting instruction is acquired.
The cipher machine is special equipment for encrypting and decrypting information and authenticating by using cipher. And a special device for encrypting and decrypting the information and authenticating the information by using the password. The basic input output system is used for providing the lowest layer and the most direct hardware setting and control for the computer.
The system parameters include: hardware configuration parameters, basic input output system version parameters, operating system version parameters and custom parameters.
Specifically, when a cryptographic engine starting instruction is obtained, whether the hardware configuration parameters, the basic input/output system version parameters, the operating system version parameters and the custom parameters of the cryptographic engine are changed or not is detected. The custom parameters mainly include software parameters such as software size and the location of the software stored in the hard disk.
For example, if the system parameters of the basic input/output system of the cryptographic engine are changed, the changed parameters of the cryptographic engine are obtained, and early warning information is generated according to the changed parameters.
Wherein, the changed parameter refers to the changed system parameter. The early warning information can comprise system parameters before modification, system parameters after modification and early warning prompt information corresponding to the modification parameters. The early warning prompt information can be voice information, lamplight information or character information.
Specifically, if the system parameters of the bios of the crypto-engine are changed, the system parameters in the crypto-engine may be stolen or copied to other locations. At the moment, the system parameters before the change corresponding to the change parameters can be obtained, the early warning prompt information corresponding to the change parameters is determined, and the early warning information is determined according to the change parameters, the system parameters before the change and the early warning prompt information corresponding to the change parameters.
It can be understood that the early warning information is generated according to the changing parameters of the cipher machine, and the early warning information can be timely sent to the staff when the system parameters of the basic input and output system of the cipher machine are changed, so that the staff can check the system parameters according to the early warning information, and the data security of the application data is ensured.
And S120, if not, performing deblocking processing on the sealing root key of the target password card to determine the password card key of the target password card.
Wherein the number of the target password cards is at least two. It should be noted that the mode of combining multiple password cards is a mode for improving the password operation efficiency of the password server in the field of information security. For example, when the password card is applied to the server password machine, the password card can be used as a source of a password algorithm used by the server password machine, and when a single password card is used, the algorithm requirement of the server password machine can be completely met. However, when the server receives a high concurrency request, a single password card is often difficult to meet the actual password service requirement, and the performance is not controllable. Therefore, a scheme of multi-card combined use of the password card is gradually developed in the market, the use mode is that a plurality of PCIE (peripheral component interconnect express, high-speed serial computer expansion bus standard) interfaces are added on a main board of the password machine, and a plurality of password cards are simultaneously inserted on the password machine to provide the bottom algorithm service. The cipher card key is the root key of the target cipher card.
Specifically, if the system parameters of the basic input and output system of the crypto machine are not changed, the seal root key of each target crypto card is subjected to deblocking processing, and the crypto card key of each target crypto card is determined.
The method for obtaining the seal root key of the target password card may be: generating a sealing key according to hardware configuration parameters, basic input/output system version parameters, operating system version parameters and custom parameters of the cryptographic machine by adopting a trusted platform module; and sealing the cipher root key of the target cipher card according to the sealing key through the trusted platform module to obtain the sealing root key.
The scheme provides the method for sealing the root key of the password card, the root key of the password card is sealed through the sealing key, so that the problem that the secret key in the password card and the function interface of the password card can still be called when the password card is completely exposed by illegally opening the shell of the server password machine is avoided, the data leakage of application data protected by the password card is avoided, and the data security of the application data is ensured.
S130, decrypting the upper layer key of the target cipher card by adopting the cipher card key, and determining whether the target cipher card can provide cipher operation service or not according to the decrypted upper layer key.
Specifically, the upper layer key of the target cipher card is decrypted by adopting the cipher card key, the decrypted upper layer key is adopted to carry out self-checking on the target cipher card, and if the self-checking passes, the target cipher card is adopted to provide cipher operation service.
According to the technical scheme provided by the embodiment, when a starting instruction of the cipher machine is acquired, whether system parameters of a basic input/output system of the cipher machine are changed or not is detected; if not, carrying out deblocking treatment on the sealing root key of the target cipher card, and determining the cipher card key of the target cipher card; and decrypting the upper-layer key of the target cipher card by adopting the cipher card key, and determining whether the target cipher card can provide cipher operation service or not according to the decrypted upper-layer key. By the scheme, the problem of application data leakage caused by the loss of the password card due to the fact that the key is lost when the password card loses physical protection and is directly obtained illegally in the application process is solved. When the cipher machine is started, detecting whether the system parameters of the basic input and output system of the cipher machine are changed, if the system parameters are changed, determining that the application data in the cipher machine are illegally stolen, and at the moment, unpacking the sealing root key of the code card is not needed to ensure the data security of the application data. If the system parameters are not changed, the seal root key of the target cipher card is subjected to deblocking processing to determine the cipher card key of the target cipher card, so that the upper layer key of the target cipher card is subjected to decryption processing according to the cipher card key, whether the target cipher card can provide cipher operation service or not is determined according to the decrypted upper layer key, and when the cipher operation service is improved through the cipher card, the data security of application data is ensured, and the problem of data leakage is avoided.
Example two
Fig. 2 is a flowchart of a method for processing data of a target cryptographic card according to a second embodiment of the present invention, where the method is optimized based on the foregoing embodiment, and a preferred implementation manner of decrypting an upper layer key of the target cryptographic card by using a cryptographic card key and determining whether the target cryptographic card can provide a cryptographic operation service according to the decrypted upper layer key is provided. Specifically, as shown in fig. 2, the method includes:
s210, detecting whether system parameters of a basic input/output system of the cipher machine are changed or not when a cipher machine starting instruction is acquired.
And S220, if not, performing deblocking processing on the sealing root key of the target password card to determine the password card key of the target password card.
S230, decrypting the upper layer key of the target cipher card by adopting the cipher card key to determine the equipment key, the user key and the key encryption key in the target cipher card.
The device key is an identity key of the server cipher machine, and comprises a signature key pair and an encryption key pair which are used for device management and represent the identity of the server cipher machine. The signing key is generated or installed at device initialization using a management tool, and the encryption key is issued into the device by the key management system. The user key is an identity key of the user, including a signing key pair and an encryption key pair. The key encryption key is a periodically replaced symmetric key for protection of the session key in case of pre-assigned keys. Generated or installed by a cryptographic device management tool.
Specifically, after the cryptographic card key of each target cryptographic card is obtained, the upper layer key corresponding to each target cryptographic card is decrypted according to the cryptographic card key of each target cryptographic card, and the device key, the user key and the key encryption key in each target cryptographic card are respectively determined.
S240, determining whether the target cipher card can provide the cipher operation service according to the device key, the user key and the key encryption key.
Specifically, according to the device key, the user key and the key encryption key of each target password card, the target password cards are subjected to self-checking respectively according to preset password card self-checking specifications, if the self-checking is passed, the target password cards are determined to be capable of providing password operation services, the password cards are controlled to work normally, and the password operation services are provided through the password cards.
Illustratively, the method for determining whether the target cryptographic card is capable of providing the cryptographic operation service according to the device key, the user key and the key encryption key may be: performing algorithm self-checking on the target cipher card by adopting a device key, a user key and a key encryption key; if the self-check passes, providing a password operation service by adopting a target password card; if the self-check is not passed, the feedback information that the target password card cannot be adopted to provide the password operation service is sent.
Specifically, performing algorithm self-checking on the target password card by adopting a device key, a user key and a key encryption key; if the self-check passes, providing a password operation service by adopting a target password card; if the self-check is not passed, determining the password card identification of the target password card which is not passed by the self-check, generating feedback information which cannot adopt the target password card to provide the password operation service according to the password card identification, and sending the feedback information to staff.
It can be understood that in the above scheme, when the target password card passes the self-check, the target password card is adopted to provide the password operation service, and when the target password card does not pass the self-check, the feedback information that the target password card cannot be adopted to provide the password operation service is generated, so that the information that the password operation service cannot be provided can be timely fed back to the staff, so that the staff can timely process the information, and the operation efficiency of the password machine is ensured.
According to the technical scheme, when a starting instruction of the cipher machine is acquired, whether system parameters of a basic input and output system of the cipher machine are changed or not is detected; if not, carrying out deblocking treatment on the sealing root key of the target cipher card, and determining the cipher card key of the target cipher card; decrypting the upper layer key of the target cipher card by adopting the cipher card key to determine the equipment key, the user key and the key encryption key in the target cipher card; and determining whether the target cipher card can provide cipher operation service according to the device key, the user key and the key encryption key. According to the scheme, the multi-card high concurrency operation performance and the multi-card safe coupling are organically combined through multi-card hierarchical key management, the problem that when a server cipher machine is illegally opened, a cipher card is completely exposed, a cipher card inner key and a cipher card function interface can still be called, and when cipher card operation service is improved through the cipher card, data security of application data is guaranteed.
Example III
Fig. 3 is a schematic structural diagram of a data processing device for a cryptographic card according to a third embodiment of the present invention. The present embodiment is applicable to a case where a cryptographic operation service is provided by a cryptographic card. As shown in fig. 3, the cryptographic card data processing apparatus includes: a system parameter detection module 310, a cryptographic card key determination module 320, and an upper layer key decryption module 330.
The system parameter detection module 310 is configured to detect whether a system parameter of a basic input/output system of the cryptographic engine is changed when a cryptographic engine start instruction is acquired;
the cryptographic card key determining module 320 is configured to, if not, perform deblocking processing on the seal root key of the target cryptographic card to determine the cryptographic card key of the target cryptographic card;
the upper layer key decryption module 330 is configured to decrypt an upper layer key of the target cryptographic card by using the cryptographic card key, and determine whether the target cryptographic card can provide the cryptographic operation service according to the decrypted upper layer key.
According to the technical scheme provided by the embodiment, when a starting instruction of the cipher machine is acquired, whether system parameters of a basic input/output system of the cipher machine are changed or not is detected; if not, carrying out deblocking treatment on the sealing root key of the target cipher card, and determining the cipher card key of the target cipher card; and decrypting the upper-layer key of the target cipher card by adopting the cipher card key, and determining whether the target cipher card can provide cipher operation service or not according to the decrypted upper-layer key. By the scheme, the problem of application data leakage caused by the loss of the password card due to the fact that the key is lost when the password card loses physical protection and is directly obtained illegally in the application process is solved. When the cipher machine is started, detecting whether the system parameters of the basic input and output system of the cipher machine are changed, if the system parameters are changed, determining that the application data in the cipher machine are illegally stolen, and at the moment, unpacking the sealing root key of the code card is not needed to ensure the data security of the application data. If the system parameters are not changed, the seal root key of the target cipher card is subjected to deblocking processing to determine the cipher card key of the target cipher card, so that the upper layer key of the target cipher card is subjected to decryption processing according to the cipher card key, whether the target cipher card can provide cipher operation service or not is determined according to the decrypted upper layer key, and when the cipher operation service is improved through the cipher card, the data security of application data is ensured, and the problem of data leakage is avoided.
Illustratively, the upper layer key decryption module 330 includes:
the upper-layer key decryption unit is used for decrypting the upper-layer key of the target cipher card by adopting the cipher card key to determine the equipment key, the user key and the key encryption key in the target cipher card;
and a cryptographic operation service determining unit for determining whether the target cryptographic card can provide the cryptographic operation service according to the device key, the user key and the key encryption key.
Illustratively, the cryptographic operation service determining unit is specifically configured to:
performing algorithm self-checking on the target cipher card by adopting a device key, a user key and a key encryption key;
if the self-check passes, providing a password operation service by adopting a target password card;
if the self-check is not passed, the feedback information that the target password card cannot be adopted to provide the password operation service is sent.
Illustratively, the above cryptographic card data processing apparatus further includes:
the sealing key determining module is used for generating a sealing key according to hardware configuration parameters, basic input/output system version parameters, operating system version parameters and custom parameters of the cryptographic machine by adopting the trusted platform module;
and the sealing root key determining module is used for sealing the cryptographic root key of the target cryptographic card according to the sealing key through the trusted platform module to obtain the sealing root key.
Illustratively, the above cryptographic card data processing apparatus further includes:
and the early warning information generation module is used for acquiring the changed parameters of the password machine if the system parameters of the basic input and output system of the password machine are not changed, and generating early warning information according to the changed parameters.
Illustratively, the above system parameters include: hardware configuration parameters, basic input output system version parameters, operating system version parameters and custom parameters.
The cryptographic card data processing device provided by the embodiment is applicable to the cryptographic card data processing method provided by any embodiment, and has corresponding functions and beneficial effects.
Example IV
Fig. 4 shows a schematic diagram of the structure of an electronic device 10 that may be used to implement an embodiment of the invention. Electronic devices are intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other appropriate computers. Electronic equipment may also represent various forms of mobile devices, such as personal digital processing, cellular telephones, smartphones, wearable devices (e.g., helmets, glasses, watches, etc.), and other similar computing devices. The components shown herein, their connections and relationships, and their functions, are meant to be exemplary only, and are not meant to limit implementations of the inventions described and/or claimed herein.
As shown in fig. 4, the electronic device 10 includes at least one processor 11, and a memory, such as a Read Only Memory (ROM) 12, a Random Access Memory (RAM) 13, etc., communicatively connected to the at least one processor 11, in which the memory stores a computer program executable by the at least one processor, and the processor 11 may perform various appropriate actions and processes according to the computer program stored in the Read Only Memory (ROM) 12 or the computer program loaded from the storage unit 18 into the Random Access Memory (RAM) 13. In the RAM 13, various programs and data required for the operation of the electronic device 10 may also be stored. The processor 11, the ROM 12 and the RAM 13 are connected to each other via a bus 14. An input/output (I/O) interface 15 is also connected to bus 14.
Various components in the electronic device 10 are connected to the I/O interface 15, including: an input unit 16 such as a keyboard, a mouse, etc.; an output unit 17 such as various types of displays, speakers, and the like; a storage unit 18 such as a magnetic disk, an optical disk, or the like; and a communication unit 19 such as a network card, modem, wireless communication transceiver, etc. The communication unit 19 allows the electronic device 10 to exchange information/data with other devices via a computer network, such as the internet, and/or various telecommunication networks.
The processor 11 may be a variety of general and/or special purpose processing components having processing and computing capabilities. Some examples of processor 11 include, but are not limited to, a Central Processing Unit (CPU), a Graphics Processing Unit (GPU), various specialized Artificial Intelligence (AI) computing chips, various processors running machine learning model algorithms, digital Signal Processors (DSPs), and any suitable processor, controller, microcontroller, etc. The processor 11 performs the various methods and processes described above, such as the cryptographic card data processing method.
In some embodiments, the cryptographic card data processing method may be implemented as a computer program tangibly embodied on a computer-readable storage medium, such as the storage unit 18. In some embodiments, part or all of the computer program may be loaded and/or installed onto the electronic device 10 via the ROM 12 and/or the communication unit 19. When the computer program is loaded into RAM 13 and executed by processor 11, one or more steps of the cryptographic card data processing method described above may be performed. Alternatively, in other embodiments, the processor 11 may be configured to perform the cryptographic card data processing method in any other suitable way (e.g., by means of firmware).
Various implementations of the systems and techniques described here above may be implemented in digital electronic circuitry, integrated circuit systems, field Programmable Gate Arrays (FPGAs), application Specific Integrated Circuits (ASICs), application Specific Standard Products (ASSPs), systems On Chip (SOCs), load programmable logic devices (CPLDs), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include: implemented in one or more computer programs, the one or more computer programs may be executed and/or interpreted on a programmable system including at least one programmable processor, which may be a special purpose or general-purpose programmable processor, that may receive data and instructions from, and transmit data and instructions to, a storage system, at least one input device, and at least one output device.
A computer program for carrying out methods of the present invention may be written in any combination of one or more programming languages. These computer programs may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus, such that the computer programs, when executed by the processor, cause the functions/acts specified in the flowchart and/or block diagram block or blocks to be implemented. The computer program may execute entirely on the machine, partly on the machine, as a stand-alone software package, partly on the machine and partly on a remote machine or entirely on the remote machine or server.
In the context of the present invention, a computer-readable storage medium may be a tangible medium that can contain, or store a computer program for use by or in connection with an instruction execution system, apparatus, or device. The computer readable storage medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. Alternatively, the computer readable storage medium may be a machine readable signal medium. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
To provide for interaction with a user, the systems and techniques described here can be implemented on an electronic device having: a display device (e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor) for displaying information to a user; and a keyboard and a pointing device (e.g., a mouse or a trackball) through which a user can provide input to the electronic device. Other kinds of devices may also be used to provide for interaction with a user; for example, feedback provided to the user may be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user may be received in any form, including acoustic input, speech input, or tactile input.
The systems and techniques described here can be implemented in a computing system that includes a background component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such background, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include: local Area Networks (LANs), wide Area Networks (WANs), blockchain networks, and the internet.
The computing system may include clients and servers. The client and server are typically remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other. The server can be a cloud server, also called a cloud computing server or a cloud host, and is a host product in a cloud computing service system, so that the defects of high management difficulty and weak service expansibility in the traditional physical hosts and VPS service are overcome.
It should be appreciated that various forms of the flows shown above may be used to reorder, add, or delete steps. For example, the steps described in the present invention may be performed in parallel, sequentially, or in a different order, so long as the desired results of the technical solution of the present invention are achieved, and the present invention is not limited herein.
The above embodiments do not limit the scope of the present invention. It will be apparent to those skilled in the art that various modifications, combinations, sub-combinations and alternatives are possible, depending on design requirements and other factors. Any modifications, equivalent substitutions and improvements made within the spirit and principles of the present invention should be included in the scope of the present invention.
Claims (7)
1. A method for processing data of a cryptographic card, comprising:
when a starting instruction of the cipher machine is obtained, detecting whether system parameters of a basic input/output system of the cipher machine are changed or not;
if not, carrying out deblocking treatment on the sealing root key of the target cipher card, and determining the cipher card key of the target cipher card;
decrypting the upper layer key of the target cipher card by adopting the cipher card key, and determining whether the target cipher card can provide cipher operation service or not according to the decrypted upper layer key, wherein the method comprises the following steps: decrypting the upper layer key of the target cipher card by adopting the cipher card key to determine the equipment key, the user key and the key encryption key in the target cipher card; determining whether the target cryptographic card can provide a cryptographic operation service according to the device key, the user key and the key encryption key;
wherein determining whether the target cryptographic card is capable of providing a cryptographic operation service according to the device key, the user key, and the key encryption key comprises:
performing algorithm self-checking on the target cipher card by adopting a device key, a user key and a key encryption key; if the self-check passes, providing a password operation service by adopting a target password card; if the self-check is not passed, the feedback information that the target password card cannot be adopted to provide the password operation service is sent.
2. The method as recited in claim 1, further comprising:
generating a sealing key according to hardware configuration parameters, basic input/output system version parameters, operating system version parameters and custom parameters of the cryptographic machine by adopting a trusted platform module;
and sealing the cryptographic root key of the target cryptographic card according to the sealing key by the trusted platform module to obtain a sealing root key.
3. The method of claim 1, wherein detecting whether a change has occurred in a system parameter of a basic input output system of a cryptographic engine when a cryptographic engine start instruction is acquired, further comprises:
if yes, acquiring the change parameters of the cipher machine, and generating early warning information according to the change parameters.
4. The method of claim 1, the system parameters comprising: hardware configuration parameters, basic input output system version parameters, operating system version parameters and custom parameters.
5. A cryptographic card data processing apparatus, comprising:
the system parameter detection module is used for detecting whether the system parameters of the basic input and output system of the cipher machine are changed or not when the cipher machine starting instruction is acquired;
the cipher card key determining module is used for performing deblocking processing on the sealing root key of the target cipher card if not, and determining the cipher card key of the target cipher card;
the upper-layer key decryption module is used for decrypting the upper-layer key of the target cipher card by adopting the cipher card key, and determining whether the target cipher card can provide cipher operation service or not according to the decrypted upper-layer key;
wherein, upper layer key decryption module includes:
the upper-layer key decryption unit is used for decrypting the upper-layer key of the target cipher card by adopting the cipher card key to determine the equipment key, the user key and the key encryption key in the target cipher card;
a cryptographic operation service determining unit that determines whether the target cryptographic card is capable of providing a cryptographic operation service, based on the device key, the user key, and the key encryption key;
the cryptographic operation service determining unit is specifically configured to: performing algorithm self-checking on the target cipher card by adopting a device key, a user key and a key encryption key; if the self-check passes, providing a password operation service by adopting a target password card; if the self-check is not passed, the feedback information that the target password card cannot be adopted to provide the password operation service is sent.
6. An electronic device, the electronic device comprising:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein, the liquid crystal display device comprises a liquid crystal display device,
the memory stores a computer program executable by the at least one processor to enable the at least one processor to perform the cryptographic card data processing method of any one of claims 1-4.
7. A computer readable storage medium storing computer instructions for causing a processor to perform the cryptographic card data processing method of any one of claims 1-4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310962010.2A CN116668026B (en) | 2023-08-02 | 2023-08-02 | Method, device, equipment and storage medium for processing password card data |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310962010.2A CN116668026B (en) | 2023-08-02 | 2023-08-02 | Method, device, equipment and storage medium for processing password card data |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116668026A CN116668026A (en) | 2023-08-29 |
| CN116668026B true CN116668026B (en) | 2023-10-31 |
Family
ID=87724697
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310962010.2A Active CN116668026B (en) | 2023-08-02 | 2023-08-02 | Method, device, equipment and storage medium for processing password card data |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116668026B (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN209803788U (en) * | 2019-06-18 | 2019-12-17 | 苏州国芯科技股份有限公司 | PCIE credible password card |
| CN111327422A (en) * | 2020-03-05 | 2020-06-23 | 中安云科科技发展(山东)有限公司 | Cipher machine with key destruction function and key destruction method |
| CN112073192A (en) * | 2020-09-07 | 2020-12-11 | 北京天融信网络安全技术有限公司 | Data processing method and device and cipher machine |
| CN112906849A (en) * | 2021-05-06 | 2021-06-04 | 北京数盾信息科技有限公司 | Password card cover opening detection method and device and password card |
| CN114329605A (en) * | 2021-12-31 | 2022-04-12 | 北京天融信网络安全技术有限公司 | Cipher card key management method and device |
| CN115576647A (en) * | 2022-09-29 | 2023-01-06 | 三未信安科技股份有限公司 | Cloud cipher machine virtual machine hot migration method |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2010053885A1 (en) * | 2008-11-05 | 2010-05-14 | Mustang Microsystems, Inc. | Method and apparatus for generating and updating security codes |
-
2023
- 2023-08-02 CN CN202310962010.2A patent/CN116668026B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN209803788U (en) * | 2019-06-18 | 2019-12-17 | 苏州国芯科技股份有限公司 | PCIE credible password card |
| CN111327422A (en) * | 2020-03-05 | 2020-06-23 | 中安云科科技发展(山东)有限公司 | Cipher machine with key destruction function and key destruction method |
| CN112073192A (en) * | 2020-09-07 | 2020-12-11 | 北京天融信网络安全技术有限公司 | Data processing method and device and cipher machine |
| CN112906849A (en) * | 2021-05-06 | 2021-06-04 | 北京数盾信息科技有限公司 | Password card cover opening detection method and device and password card |
| CN114329605A (en) * | 2021-12-31 | 2022-04-12 | 北京天融信网络安全技术有限公司 | Cipher card key management method and device |
| CN115576647A (en) * | 2022-09-29 | 2023-01-06 | 三未信安科技股份有限公司 | Cloud cipher machine virtual machine hot migration method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116668026A (en) | 2023-08-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3694170B1 (en) | Method and device for withstanding denial-of-service attack | |
| CN107506663A (en) | Server security based on credible BMC starts method | |
| CN109523261B (en) | Transaction verification method of block chain terminal, related device and readable storage medium | |
| EP3188067B1 (en) | Security control method and network device | |
| CN103198247A (en) | Computer safety protection method and computer safety protection system | |
| CN102024115B (en) | Computer with user security subsystem | |
| US10496974B2 (en) | Secure transactions with connected peripherals | |
| CN115033923A (en) | Method, device, equipment and storage medium for protecting transaction privacy data | |
| CN112987942B (en) | Method, device and system for inputting information by keyboard, electronic equipment and storage medium | |
| CN116668026B (en) | Method, device, equipment and storage medium for processing password card data | |
| US8904508B2 (en) | System and method for real time secure image based key generation using partial polygons assembled into a master composite image | |
| US20210359867A1 (en) | Capability Enabling Method and Apparatus | |
| CN114884714B (en) | Task processing method, device, equipment and storage medium | |
| US20200034832A1 (en) | Tokenization devices, systems, and methods | |
| CN105357005A (en) | Electric power trusted computing cryptographic module for PCI/PCI-E interface | |
| CN112825093B (en) | Security baseline checking method, host, server, electronic device and storage medium | |
| JP6284301B2 (en) | Maintenance work determination apparatus and maintenance work determination method | |
| CN117240573A (en) | White box key management system, method, equipment and storage medium | |
| CN111814157A (en) | Data security processing system, method, storage medium, processor and hardware security card | |
| CN117150451A (en) | Radar starting method, radar starting device, electronic equipment and storage medium | |
| US11972002B2 (en) | Method of logging in to operating system, electronic device and readable storage medium | |
| CN116804914A (en) | Data processing method and device, electronic equipment and storage medium | |
| CN116933275A (en) | Data leakage prevention method, device, equipment and storage medium | |
| CN116594894A (en) | Interface testing method and device, electronic equipment and storage medium | |
| CN115600215A (en) | System startup method, system information processing method, device, equipment and medium thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |