CN100566237C - The remote de-locking method of information safety devices - Google Patents

The remote de-locking method of information safety devices Download PDF

Info

Publication number
CN100566237C
CN100566237C CNB2006100987678A CN200610098767A CN100566237C CN 100566237 C CN100566237 C CN 100566237C CN B2006100987678 A CNB2006100987678 A CN B2006100987678A CN 200610098767 A CN200610098767 A CN 200610098767A CN 100566237 C CN100566237 C CN 100566237C
Authority
CN
China
Prior art keywords
information
safety devices
information safety
remote
release
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CNB2006100987678A
Other languages
Chinese (zh)
Other versions
CN1901443A (en
Inventor
陆舟
于华章
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Feitian Technologies Co Ltd
Original Assignee
Beijing Feitian Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Feitian Technologies Co Ltd filed Critical Beijing Feitian Technologies Co Ltd
Priority to CNB2006100987678A priority Critical patent/CN100566237C/en
Publication of CN1901443A publication Critical patent/CN1901443A/en
Application granted granted Critical
Publication of CN100566237C publication Critical patent/CN100566237C/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

The invention discloses a kind of remote de-locking method of information safety devices, comprise the steps: that the information safety devices holder obtains related hardware information from information safety devices; The authentication information that will comprise hardware information sends to the hardware recovery information generation device, and described hardware recovery information generation device generates hardware recovery information according to authentication information; The information safety devices holder realizes release with hardware recovery information.The present invention need not that information safety devices is returned to the manufacturer and carries out release, just can directly finish releasing process in publisher or user's hand, and release is simple, safety, convenience.

Description

The remote de-locking method of information safety devices
Technical field
The present invention relates to a kind of remote de-locking method, particularly a kind of remote de-locking method of information safety devices firmware.
Background technology
Generally; comprise that these sales modes with the information safety devices product of software encryption and protection and authentication such as mobile phone, smart card are publisher-users; domestic consumer is forgetting that (password of information safety devices is used for preventing that other people from usurping to the PIN code that sets up on their own.After the user enables PIN code, be equivalent to add a password to information safety devices, the user can revise PIN code voluntarily) or PIN code locked after, need by publisher's release or recovery initial p IN sign indicating number, (Personal Unlock Key is to be used for that the information safety devices that pins because of mistake input PIN code is carried out release to use to this process need publisher by PUK.The PUK code that each PIN code is corresponding different, when PIN code repeatedly after the input error, information safety devices is locked, need the release of input PUK code, also have the people that PUK code is called the SOPIN sign indicating number in the prior art) the sign indicating number checking, if but the publisher has forgotten PUK code, the work that just can't finish release or recover PIN code, thereby can't carry out release, at this moment just need the publisher to get in touch, realize recovery PUK code with the manufacturer.
Traditional mode is that hardware is scrapped or the publisher returns hardware device to the manufacturer, this process not only needs to expend great amount of manpower and material resources, and hardware device is easy to damage in remote transmittance process or lose, and normally uses information safety devices to bring unnecessary trouble for the user.
Summary of the invention
In order to solve the problem of above-mentioned existence, the invention provides a kind of remote de-locking method of information safety devices, this method need not that this equipment is returned to the manufacturer and carries out release, just can directly finish releasing process in publisher or user's hand.
The present invention realizes by following scheme: a kind of remote de-locking method of information safety devices comprises the steps:
(1) the information safety devices holder obtains related hardware information from information safety devices;
(2) authentication information that will comprise hardware information sends to the hardware recovery information generation device, and described hardware recovery information generation device is used for authentication information is generated hardware recovery information;
(3) the hardware recovery information generation device generates hardware recovery information according to authentication information;
(4) the information safety devices holder realizes release with hardware recovery information.
Described information safety devices comprises mobile phone, smart card, USB Key, intelligent cipher key equipment.
Described information safety devices holder is the user of information safety devices publisher or information safety devices.
In the described step 2, described authentication information comprises hardware information, information safety devices holder's characteristic information.
Described hardware information comprises the unique identification of information safety devices, guarantees the authentication information that each information safety devices is corresponding unique.
Described information safety devices holder's characteristic information is that hardware recovery information generation device operator is used for information that this information safety devices holder identity is verified.
In the described step 2, the hardware recovery information generation device is according to legal information safety devices holder's authentication information, the assigned characteristics sign indicating number, and this condition code cooperates authentication information to generate hardware recovery information.
Condition code in the described condition code release information different from the past, it is present in the hardware recovery information with the form of ciphertext, is sightless to the information safety devices holder, can only be recognized by hardware device and get.
In the described step 3, described hardware recovery information is to encrypt by some essential informations and by cryptographic algorithm to generate, realize deciphering at user side, these essential informations comprise: information safety devices unique identification, information safety devices holder's characteristic information or condition code.
Described encrypting and decrypting process adopts symmetry or asymmetric arithmetic.
Hardware recovery information sends to the information safety devices holder with the form of ciphertext in the described step 3.
The information safety devices holder is decrypted in information safety devices the hardware recovery information that the form with ciphertext sends;
Information safety devices is decrypted hardware recovery information, finishes the release task after obtaining new PUK code, perhaps returns new PUK code after information safety devices is finished release.
The generation of described PUK code has three kinds of modes:
1) described PUK code is visible to the information safety devices holder, and it is present among the hardware recovery information with form expressly;
2) described PUK code is present in the release information with the form of ciphertext, and legal information safety devices holder just obtains this PUK code after the deciphering of finishing hardware recovery information;
3) described PUK code is the initial value of an acquiescence, and legal information safety devices holder obtains from disclosed channel.
Need judge condition code during release.
In the described step 4, in the described releasing process to information safety devices, the manufacturer be preset at relevant information in the information safety devices will be the condition code in this release information and the condition code that was used for recovering the release information of PUK code last time compare, have only when the condition code in the condition code of this sub-distribution release information different from the past, the release information that generates is just effective, promptly can recover effective PUK code, finish release the information safety devices PIN code with it.
Description of drawings
Fig. 1 is a flow chart of the present invention.
Embodiment
Below in conjunction with the drawings and specific embodiments workflow of the present invention is described in more detail.
Embodiment 1:
In the present embodiment, described information safety devices holder is the information safety devices publisher, and the hardware recovery information generation device is in hardware manufacturer hand.
As shown in Figure 1, after step 101 beginning, step 102 information safety devices publisher generates authentication information obtain related hardware information from information safety devices after, and described authentication information comprises hardware information, publisher's characteristic information, and these information are visible for the publisher.Hardware information can adopt the sequence number of information safety devices, has guaranteed the corresponding unique authentication information of each information safety devices.Described publisher's characteristic information is that the information safety devices manufacturer is used for information that this publisher's identity is verified.
Step 103, the information safety devices publisher sends to the information safety devices manufacturer with authentication information.
Step 104, publisher's identity is believed in the authentication information checking that the manufacturer provides according to the publisher.
Step 105 judges whether publisher's identity is legal, if the publisher is by authentication execution in step 107 then, otherwise execution in step 106.
Step 106, the publisher is not by authentication, and the system prompt mistake is returned step 104, requires to carry out again authentication.
Step 107, the information safety devices manufacturer is according to legal publisher's authentication information, and the condition code of distribution, this condition code cooperate authentication information to generate hardware recovery information in the hardware recovery massaging device.Mainly comprise the new release information that the manufacturer provides the publisher in the described hardware recovery information, this information is the ciphertext that forms after encrypting, be used to recover PUK code, have only legal publisher to be decrypted this ciphertext, the generation of described hardware recovery information does not need the information safety devices in user's hand just can finish.In the present embodiment, described condition code can be a serial number or a date value, and it is present in the hardware recovery information with the form of ciphertext, is sightless to the publisher, can only be recognized by information safety devices and get.Described hardware recovery information is that (so-called cryptographic algorithm is exactly the computational methods that information become ciphertext by some essential informations and by specific cryptographic algorithm generation.Difference according to Key Tpe is divided into two classes-symmetric encipherment algorithm and rivest, shamir, adelman with modern cryptographic technique.It is same as key that the symmetrical keys encryption system is that encryption and decryption are all adopted; Asymmetric-key encryption adopts different keys with deciphering)., these essential informations comprise: hardware sequence number (A), publisher's characteristic information (B) or condition code (C), can adopt following algorithm:
As K=A+B+C,
Or K=A^B^C, waiting wherein, K is a hardware recovery information.
Hardware recovery information can the series of computation by similar above algorithm generate, and in above simple algorithm, can derive K by A, B, C, but can not derive A, B and C from K.
Step 108, the information safety devices manufacturer sends hardware recovery information to the publisher.When sending, needn't guarantee information be intercepted and captured, because hardware recovery information is to be generated according to the hardware information of the current information safety devices of publisher by the manufacturer, all other men obtain can't carry out release to the information safety devices of oneself after the hardware recovery information.
Step 109 information safety devices publisher is decrypted ciphertext in conjunction with upper layer software (applications) and hardware according to the hardware recovery information that the information safety devices manufacturer provides, and recovers PUK code.Described decrypting process can adopt and ciphering process symmetry or asymmetric arithmetic.
Described PUK code is visible to the publisher, it can be present in the form of plaintext among the release information, also can be present in the release information with the form of ciphertext, legal publisher is after the deciphering of finishing hardware recovery information, just can obtain this PUK code, described PUK code can also be the initial value of an acquiescence, and legal publisher can obtain from disclosed channel.After the publisher finished deciphering to hardware recovery information and obtains new PUK code, the release information that is used to generate this PUK code was modified, and is used to recover the required release information of PUK code once more and changes, thereby guaranteed one-time pad.Described one-time pad is promptly: after the publisher whenever finished the recovery of a PUK code, used release information just lost efficacy, and need use new release information when needing to recover PUK code once more.
Step 110 after the publisher obtains this PUK code, just can be finished release to the information safety devices PIN code with it.
The not same sex of release information depends primarily on the manufacturer when the publisher is carried out authentication, and according to the each condition code difference of distributing of the authentication information that the publisher provided, therefore, the hardware recovery information that generates in the hardware recovery information generation device is also different.The publisher is in the process that hardware recovery information is decrypted, the manufacturer be preset at relevant information in the information safety devices will be the condition code in this release information and the condition code that was used for recovering the release information of PUK code last time compare, have only in the condition code of this sub-distribution and release information in the past condition code all not simultaneously, the release information that generates is just effective, promptly can recover effective PUK code, finish release the information safety devices PIN code with it.
In the present invention, because the hardware unique information is inequality in the information safety devices product that each user buys, the release data between each user can not be used mutually, thereby have guaranteed that a people one is close.
Step 111 is finished the remote de-locking of information safety devices.
In the present embodiment be one and decipher earlier the process of afterwards recovering PUK code, these two processes are finished in information safety devices inside, with encrypting the same deciphering also is relevant with the hardware information of these type information safety means, like this, the ciphertext that generates according to the information safety devices of a certain model can only be decrypted by the information safety devices of same model.
Embodiment 2:
In the present embodiment, described information safety devices holder is for using the user of this information safety devices, and described remote de-locking process is realized by hardware device in the hand and upper layer software (applications) by user oneself.This moment, the user no longer needed to carry out release to the publisher place, direct and information safety devices manufacturer gets in touch, the manufacturer provides authentication information to information safety devices, but by the just release information that provides of acquired information safety means manufacturer after the authentication, realizes the release to information safety devices.
More than the remote de-locking method of information safety devices provided by the present invention is described in detail, used specific case herein principle of the present invention and execution mode are set forth, the explanation of above embodiment just is used for helping to understand method of the present invention and core concept thereof; Simultaneously, for one of ordinary skill in the art, according to thought of the present invention, the part that all can change in specific embodiments and applications, in sum, this description should not be construed as limitation of the present invention.

Claims (16)

1. the remote de-locking method of an information safety devices comprises the steps:
(1) the information safety devices holder obtains related hardware information from information safety devices;
(2) authentication information that will comprise described hardware information sends to the hardware recovery information generation device, and described hardware recovery information generation device is used for described authentication information is generated hardware recovery information;
(3) described hardware recovery information generation device generates described hardware recovery information according to described authentication information, and returns to legal information safety devices holder;
(4) described information safety devices holder realizes release with described hardware recovery information.
2. the remote de-locking method of information safety devices according to claim 1, it is characterized in that: described information safety devices comprises mobile phone, smart card, USB Key, intelligent cipher key equipment.
3. the remote de-locking method of information safety devices according to claim 1 and 2 is characterized in that: described information safety devices holder is the user of information safety devices publisher or information safety devices.
4. the remote de-locking method of information safety devices according to claim 1, it is characterized in that: in the described step 2, described authentication information comprises described hardware information, information safety devices holder's characteristic information.
5. the remote de-locking method of information safety devices according to claim 4, it is characterized in that: described hardware information comprises the unique identification of information safety devices, guarantees the authentication information that each information safety devices is corresponding unique.
6. the remote de-locking method of information safety devices according to claim 4 is characterized in that: described information safety devices holder's characteristic information is that hardware recovery information generation device operator is used for information that described information safety devices holder identity is verified.
7. the remote de-locking method of information safety devices according to claim 1, it is characterized in that: in the described step 2, described hardware recovery information generation device is according to legal information safety devices holder's authentication information, assigned characteristics sign indicating number, this condition code cooperate authentication information to generate hardware recovery information.
8. the remote de-locking method of information safety devices according to claim 7, it is characterized in that: the condition code in the described condition code release information different from the past, it is present in the described hardware recovery information with the form of ciphertext, to described information safety devices holder is sightless, can only be recognized by described information safety devices and get.
9. the remote de-locking method of information safety devices according to claim 1, it is characterized in that: in the described step 3, described hardware recovery information is to encrypt by some essential informations and by cryptographic algorithm to generate, realize deciphering at user side, these essential informations comprise: information safety devices unique identification, information safety devices holder's characteristic information or condition code.
10. the remote de-locking method of information safety devices according to claim 9 is characterized in that: described encrypting and decrypting process employing symmetry or asymmetric arithmetic.
11. the remote de-locking method of information safety devices according to claim 1 is characterized in that: hardware recovery information sends to described information safety devices holder with the form of ciphertext in the described step 3.
The remote de-locking method of 12 information safety devices according to claim 11 is characterized in that: described information safety devices holder is decrypted in described information safety devices the hardware recovery information that the form with ciphertext sends.
13. the remote de-locking method of information safety devices according to claim 12, it is characterized in that: described information safety devices is decrypted described hardware recovery information, finish the release task after obtaining new PUK code, perhaps after information safety devices is finished release, return new PUK code.
14. the remote de-locking method of information safety devices according to claim 13 is characterized in that: the generation of described PUK code has three kinds of modes:
1) described PUK code is visible to the information safety devices holder, and it is present among the hardware recovery information with form expressly;
2) described PUK code is present in the release information with the form of ciphertext, and legal information safety devices holder just obtains this PUK code after the deciphering of finishing described hardware recovery information;
3) described PUK code is the initial value of an acquiescence, and legal information safety devices holder obtains from disclosed channel.
15. the remote de-locking method of information safety devices according to claim 1 is characterized in that: in the described step 4, need judge condition code during release.
16. the remote de-locking method of information safety devices according to claim 1, it is characterized in that: in the described step 4, in the described releasing process to information safety devices, the manufacturer be preset at relevant information in the information safety devices will be the condition code in this release information and the condition code that was used for recovering the release information of PUK code last time compare, have only when the condition code in the condition code of this sub-distribution release information different from the past, the release information that generates is just effective, promptly can recover effective PUK code, finish release the information safety devices PIN code with it.
CNB2006100987678A 2006-07-12 2006-07-12 The remote de-locking method of information safety devices Active CN100566237C (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CNB2006100987678A CN100566237C (en) 2006-07-12 2006-07-12 The remote de-locking method of information safety devices

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CNB2006100987678A CN100566237C (en) 2006-07-12 2006-07-12 The remote de-locking method of information safety devices

Publications (2)

Publication Number Publication Date
CN1901443A CN1901443A (en) 2007-01-24
CN100566237C true CN100566237C (en) 2009-12-02

Family

ID=37657200

Family Applications (1)

Application Number Title Priority Date Filing Date
CNB2006100987678A Active CN100566237C (en) 2006-07-12 2006-07-12 The remote de-locking method of information safety devices

Country Status (1)

Country Link
CN (1) CN100566237C (en)

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101166085B (en) * 2007-09-24 2012-03-07 飞天诚信科技股份有限公司 Remote unlocking method and system
CN102075327B (en) * 2010-12-21 2013-04-24 北京握奇数据系统有限公司 Method, device and system for unlocking electronic key
CN102571327B (en) * 2010-12-31 2015-04-01 上海格尔软件股份有限公司 Method for managing USBKey unlocking secret key intensively and safely
CN102122332B (en) * 2011-02-16 2014-06-18 天地融科技股份有限公司 Method and system for managing password of electronic signing tool
CN102281143B (en) * 2011-08-30 2015-04-01 公安部第三研究所 Remote unlocking system of intelligent card
CN103728894B (en) * 2014-01-22 2016-06-29 广东欧珀移动通信有限公司 The long-range control method of a kind of terminal unit and system
CN104881595B (en) * 2015-04-27 2017-08-04 广东省电子商务认证有限公司 The self-help remote unlocking method managed based on PIN code
CN106452845B (en) * 2016-09-20 2019-03-29 飞天诚信科技股份有限公司 A kind of implementation method unlocked online and device
CN108667819A (en) * 2018-04-20 2018-10-16 北京华大智宝电子系统有限公司 A kind of method, apparatus and system for realizing remote de-locking
CN114598461B (en) * 2022-02-24 2023-10-31 广东天波信息技术股份有限公司 Online unlocking method of terminal equipment, terminal equipment and readable storage medium

Also Published As

Publication number Publication date
CN1901443A (en) 2007-01-24

Similar Documents

Publication Publication Date Title
CN100566237C (en) The remote de-locking method of information safety devices
CN102170357B (en) Combined secret key dynamic security management system
CN101640590B (en) Method for obtaining a secret key for identifying cryptographic algorithm and cryptographic center thereof
CN1960363B (en) Method and equipment for implementing remote updating information security devices through network
CA2713787C (en) Protocol for protecting content protection data
CN104200143A (en) Method and system for inputting password into intelligent mobile terminal rapidly through wearable device
CN103067160A (en) Method and system of generation of dynamic encrypt key of encryption secure digital memory card (SD)
WO2014083335A4 (en) A method and system of providing authentication of user access to a computer resource via a mobile device using multiple separate security factors
CN102752109A (en) Secret key management method and device for encrypting data base column
US10027639B2 (en) IC chip performing access control based on encrypted ID
CN103560892A (en) Secret key generation method and secret key generation device
WO2010057423A1 (en) Encryption and decryption method and system for ic card and the reader device
CN108199847A (en) Security processing method, computer equipment and storage medium
CN101938353B (en) Method for remotely resetting personal identification number (PIN) of key device
CN104410602A (en) Method for realizing random password keyboard based on secure element
CN106452771A (en) Method and device for calling cipher card by JCE (Java Cryptography Extension) to implement internal RSA secret key operation
KR100968494B1 (en) Tag security processing method using One Time Password
CN105139205A (en) Payment verification method, terminal and server
CN200993803Y (en) Internet banking system safety terminal
CN100520671C (en) Finger print encryption and decryption method of electron decument
CN102143483A (en) Method and terminal for acquiring unlock code
CN113595725B (en) Communication system and communication method based on quantum key card arrangement
CN105634729A (en) Mobile phone encryption and decryption method based on bluetooth equipment
CN102799540A (en) Method, system and terminal for encrypting/decrypting storage card by secret key of subscriber identity module
CN102647277B (en) Password protection method based on position information

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
C56 Change in the name or address of the patentee

Owner name: FEITIAN TECHNOLOGIES CO., LTD.

Free format text: FORMER NAME: BEIJING FEITIAN CHENGXIN TECHNOLOGY CO., LTD.

CP03 Change of name, title or address

Address after: 100085 Beijing city Haidian District Xueqing Road No. 9 Ebizal building B block 17 layer

Patentee after: Feitian Technologies Co.,Ltd.

Address before: 100083, Haidian District, Xueyuan Road, Beijing No. 40 research, 7A building, 5 floor

Patentee before: FEITIAN TECHNOLOGIES Co.,Ltd.

CP03 Change of name, title or address
CP03 Change of name, title or address

Address after: 17th floor, building B, Huizhi building, No.9, Xueqing Road, Haidian District, Beijing 100085

Patentee after: Feitian Technologies Co.,Ltd.

Country or region after: China

Address before: 100085 17th floor, block B, Huizhi building, No.9 Xueqing Road, Haidian District, Beijing

Patentee before: Feitian Technologies Co.,Ltd.

Country or region before: China