CN101951315A - Key processing method and device - Google Patents
Key processing method and device Download PDFInfo
- Publication number
- CN101951315A CN101951315A CN 201010280853 CN201010280853A CN101951315A CN 101951315 A CN101951315 A CN 101951315A CN 201010280853 CN201010280853 CN 201010280853 CN 201010280853 A CN201010280853 A CN 201010280853A CN 101951315 A CN101951315 A CN 101951315A
- Authority
- CN
- China
- Prior art keywords
- private key
- key
- random code
- ciphertext
- processing method
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000003672 processing method Methods 0.000 title claims abstract description 23
- 238000012545 processing Methods 0.000 claims description 22
- 230000015572 biosynthetic process Effects 0.000 claims description 2
- 238000000034 method Methods 0.000 abstract description 6
- 230000000694 effects Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000004891 communication Methods 0.000 description 1
- 230000002950 deficient Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention provides a key processing method and a device. The method comprises the following steps: after a key generating request is received, generating a key pair which comprises a public key for encrypting data and a private key for decrypting data; acquiring a random code; and encrypting the generated private key by adopting the random code to form a private key cryptograph. The device comprises a security processor and a write once memory. By adopting the random code to encrypt and decrypt the private key, the embodiment of the invention improves the security of storage of the private key, simultaneously avoids the problem that the private key is stored in a position with high security, reduces the complexity of storage and access, and is convenient for user operation.
Description
Technical field
The embodiment of the invention relates to communication technical field, relates in particular to a kind of cipher key processing method and device.
Background technology
Popularize along with information-based and digitized, the key safety problem more and more is subjected to people's attention.Common business exchange activity etc. all is based on the fail safe of private key bar none, that is to say that the fail safe of all online communation activities all depends on private key, and therefore protecting the safety of private key is the vital part of network security.
In the prior art, the right generation of key generates when the user applies certificate basically.It is right to generate pair of secret keys by client, and private key is stored in the client, and PKI then is sent to server end in company with other user profile and carries out signature authentication.
But private key adopts clear-text way to be stored in client in the prior art, causes the private key fail safe very low, if be stored in safe position, then stores and visit the process complexity of private key, is not easy to user's operation.
Summary of the invention
The embodiment of the invention provides a kind of cipher key processing method and device, in order to solve the defective of available technology adopting clear-text way storage private key, and with the fail safe of raising private key storage, and the complexity of storage of reduction private key and visit.
The embodiment of the invention provides a kind of cipher key processing method, comprising:
After receiving key generation request, it is right to generate key, and described key is to comprising the PKI and the private key that is used for data are decrypted processing that is used for data are carried out encryption;
Obtain random code;
Adopt described random code that the described private key that generates is carried out encryption, form the private key ciphertext.
The embodiment of the invention also provides a kind of cipher key processing method, comprising:
After receiving the private key ciphertext, obtain random code;
Adopt described random code that the described private key ciphertext that receives is decrypted processing, obtain private key.
The embodiment of the invention provides a kind of key handling device, comprise: safe processor and one-time write memory, after described safe processor is used to receive key generation request, the generation key is right, described key is to comprising the PKI and the private key that is used for data are decrypted processing that is used for data are carried out encryption, and the random code that adopts described one-time write memory to provide is carried out encryption to the described private key that generates, formation private key ciphertext.
The embodiment of the invention also provides a kind of key handling device, comprise: safe processor and one-time write memory, after described safe processor is used to receive the private key ciphertext, the random code that adopts described one-time write memory to provide is decrypted processing to the described private key ciphertext that receives, and obtains private key.
The cipher key processing method of the embodiment of the invention and device, handle by adopting random code that private key is carried out encryption and decryption, improved the fail safe of private key storage, avoided simultaneously private key is stored in safe position, reduce the complexity of storage and visit, be convenient to user's operation.
Description of drawings
In order to be illustrated more clearly in the embodiment of the invention or technical scheme of the prior art, to do one to the accompanying drawing of required use in embodiment or the description of the Prior Art below introduces simply, apparently, accompanying drawing in describing below is some embodiments of the present invention, for those of ordinary skills, under the prerequisite of not paying creative work, can also obtain other accompanying drawing according to these accompanying drawings.
Fig. 1 is the flow chart of cipher key processing method one embodiment of the present invention;
Fig. 2 is the flow chart of another embodiment of cipher key processing method of the present invention;
Fig. 3 is the structural representation of key handling device one embodiment of the present invention.
Embodiment
For the purpose, technical scheme and the advantage that make the embodiment of the invention clearer, below in conjunction with the accompanying drawing in the embodiment of the invention, technical scheme in the embodiment of the invention is clearly and completely described, obviously, described embodiment is the present invention's part embodiment, rather than whole embodiment.Based on the embodiment among the present invention, those of ordinary skills belong to the scope of protection of the invention not making the every other embodiment that is obtained under the creative work prerequisite.
Fig. 1 is the flow chart of cipher key processing method one embodiment of the present invention.As shown in Figure 1, the embodiment of the invention provides a kind of cipher key processing method, comprising:
Step 101, receive after key generates request, it is right to generate key, and this key is used for data are carried out the PKI of encryption and are used for data are decrypted the private key of processing to comprising;
Step 102, obtain random code;
Step 103, the above-mentioned random code of employing are carried out encryption to the private key that generates, and form the private key ciphertext.
In the present embodiment, above-mentioned steps can be carried out by safe processor in the set-top box.When safe processor receives password generation request, generate a pair of PKI and private key, PKI is used for data are carried out encryption, and private key is used for data are decrypted processing.Then, obtaining a random code carries out storing after the encryption to the private key that generates.Private key in the embodiment of the invention can be used for digital certificate is carried out signature verification to guarantee the legitimacy of digital certificate, also can be used for carrying out digital signature at applying digital certificate, to guarantee certificate granting center (Certificate Authority; Hereinafter to be referred as: the CA) legitimacy of this applying digital certificate of checking after receiving applying digital certificate.
The cipher key processing method of the embodiment of the invention, by adopting random code that private key is carried out encryption, improved the fail safe of private key storage, avoided simultaneously private key is stored in safe position, reduce the complexity of storage and visit, be convenient to user's operation.
On the basis of the foregoing description, step 102 can comprise:
S11, to one-time write memory (One Time Program Memory; Hereinafter to be referred as: OTP) send the random code request;
S12, receive the random code that this OTP returns.
The OTP that is arranged in set-top box has the characteristic of one-time write, and data can not be changed after by one-time write.Therefore, can in OTP, write a legal random code in advance.When safe processor generate key to after, read this random code from OTP private key carried out encryption.
In technique scheme, can adopt symmetric encipherment algorithm or RSA (Ron Rivest, Adi Shamirh and Len Adleman) rivest, shamir, adelman that the described private key that generates is carried out encryption.In addition, after the described private key that generates is carried out encryption, can also deposit the storage cryptographic algorithm sign of the type that is used to indicate the cryptographic algorithm that is adopted, so that follow-uply the private key ciphertext is decrypted processing when reading private key.
Fig. 2 is the flow chart of another embodiment of cipher key processing method of the present invention.As shown in Figure 2, the embodiment of the invention provides another kind of cipher key processing method, comprising:
Step 201, receive the private key ciphertext after, obtain random code;
Step 202, the above-mentioned random code of employing are decrypted processing to the private key ciphertext that receives, and obtain private key.
In the present embodiment, above-mentioned steps can be carried out by safe processor in the set-top box.When safe processor when the module of storage private key ciphertext receives the private key ciphertext, at first obtain the random code of using when encrypting this private key, and the private key ciphertext be decrypted processing, to obtain this private key with this random code.
The cipher key processing method of the embodiment of the invention, by adopting random code that private key is decrypted processing, improved the fail safe of private key storage, avoided simultaneously private key is stored in safe position, reduce the complexity of storage and visit, be convenient to user's operation.
On the basis of the foregoing description, step 201 can comprise:
S21, send the random code request to OTP;
S22, receive the random code that this OTP returns.
Because the random code that writes among the OTP in advance is unmodifiable, therefore adopts private key is carried out the fail safe that encryption and decryption can guarantee private key.
In technique scheme, can adopt symmetric encipherment algorithm or RSA rivest, shamir, adelman that the private key ciphertext that receives is decrypted processing.
Fig. 3 is the structural representation of key handling device one embodiment of the present invention.As shown in Figure 3, the embodiment of the invention provides a kind of key handling device, comprise safe processor 31 and OTP32, after safe processor 31 is used to receive key generation request, the generation key is right, this key is used for data are carried out the PKI of encryption and are used for data are decrypted the private key of processing to comprising, and the random code that adopts OTP32 to provide carries out encryption to the described private key that generates, and forms the private key ciphertext.
In the present embodiment, the key handling device is to be integrated in the device of in the set-top box key in the set-top box being handled.When safe processor 31 receives password generation request, generate a pair of PKI and private key, PKI is used for data are carried out encryption, and private key is used for data are decrypted processing.Then, obtaining a random code from OTP32 carries out storing the private key ciphertext that forms after the encryption to the private key that generates.
The key handling device of the embodiment of the invention, by adopting random code that private key is carried out encryption, improved the fail safe of private key storage, avoided simultaneously private key is stored in safe position, reduce the complexity of storage and visit, be convenient to user's operation.
In addition, on the basis of the foregoing description, key handling device provided by the invention can also comprise: digital copyright management (Digital Right Management; Hereinafter to be referred as: DRM) client 33, and this drm agent 33 is used for sending key to safe processor 31 and generates request, and receives private key ciphertext and PKI that safe processor 31 generates.Drm agent 33 communicates as interface and the outside DRM server that licenses down.
The embodiment of the invention also provides a kind of key handling device, the structural representation of this device as shown in Figure 3, comprise: safe processor 31 and OTP32, after safe processor 31 is used to receive the private key ciphertext, the random code that adopts OTP32 to provide is decrypted processing to the private key ciphertext that receives, and obtains private key.
In the present embodiment, the key handling device is to be integrated in the device of in the set-top box key in the set-top box being handled.When safe processor 31 when the module of storage private key ciphertext receives the private key ciphertext, at first obtain the random code of using when encrypting this private key, and the private key ciphertext be decrypted processing, to obtain this private key with this random code from OTP32.
The key handling device of the embodiment of the invention, by adopting random code that private key is decrypted processing, improved the fail safe of private key storage, avoided simultaneously private key is stored in safe position, reduce the complexity of storage and visit, be convenient to user's operation.
In addition, on the basis of the foregoing description, key handling device provided by the invention can also comprise: drm agent 33, this drm agent 33 are used for sending the private key ciphertext to safe processor 31, and receive the private key that safe processor 31 obtains.Drm agent 33 communicates as interface and the outside DRM server that licenses down.
One of ordinary skill in the art will appreciate that: all or part of step that realizes said method embodiment can be finished by the relevant hardware of program command, aforesaid program can be stored in the computer read/write memory medium, this program is carried out the step that comprises said method embodiment when carrying out; And aforesaid storage medium comprises: various media that can be program code stored such as ROM, RAM, magnetic disc or CD.
It should be noted that at last: above embodiment only in order to technical scheme of the present invention to be described, is not intended to limit; Although with reference to previous embodiment the present invention is had been described in detail, those of ordinary skill in the art is to be understood that: it still can be made amendment to the technical scheme that aforementioned each embodiment put down in writing, and perhaps part technical characterictic wherein is equal to replacement; And these modifications or replacement do not make the essence of appropriate technical solution break away from the spirit and scope of various embodiments of the present invention technical scheme.
Claims (11)
1. a cipher key processing method is characterized in that, comprising:
After receiving key generation request, it is right to generate key, and described key is to comprising the PKI and the private key that is used for data are decrypted processing that is used for data are carried out encryption;
Obtain random code;
Adopt described random code that the described private key that generates is carried out encryption, form the private key ciphertext.
2. cipher key processing method according to claim 1 is characterized in that, the described random code of obtaining comprises:
Send the random code request to the one-time write memory;
Receive the random code that described one-time write memory returns.
3. cipher key processing method according to claim 1 is characterized in that, described described private key to generation carries out encryption, comprising:
Adopt symmetric encipherment algorithm or RSA rivest, shamir, adelman that the described private key that generates is carried out encryption.
4. cipher key processing method according to claim 3 is characterized in that, after the described private key that generates is carried out encryption, also comprises:
Storage encryption algorithm sign, described cryptographic algorithm sign is used to indicate the type of the cryptographic algorithm that is adopted.
5. a cipher key processing method is characterized in that, comprising:
After receiving the private key ciphertext, obtain random code;
Adopt described random code that the described private key ciphertext that receives is decrypted processing, obtain private key.
6. cipher key processing method according to claim 5 is characterized in that, the described random code of obtaining comprises:
Send the random code request to the one-time write memory;
Receive the random code that described one-time write memory returns.
7. cipher key processing method according to claim 5 is characterized in that, described the described private key ciphertext that receives is decrypted processing, comprising:
Adopt symmetric encipherment algorithm or RSA rivest, shamir, adelman that the described private key ciphertext that receives is decrypted processing.
8. a key handling device is characterized in that, comprising: safe processor and one-time write memory,
After described safe processor is used to receive key generation request, the generation key is right, described key is to comprising the PKI and the private key that is used for data are decrypted processing that is used for data are carried out encryption, and the random code that adopts described one-time write memory to provide is carried out encryption to the described private key that generates, formation private key ciphertext.
9. key handling device according to claim 8 is characterized in that, also comprises:
The digital copyright management client is used for sending described key to described safe processor and generates request, and receives described private key ciphertext and PKI that described safe processor generates.
10. a key handling device is characterized in that, comprising: safe processor and one-time write memory,
After described safe processor was used to receive the private key ciphertext, the random code that adopts described one-time write memory to provide was decrypted processing to the described private key ciphertext that receives, and obtains private key.
11. key handling device according to claim 10 is characterized in that, also comprises:
The digital copyright management client is used for sending described private key ciphertext to described safe processor, and receives the described private key that described safe processor obtains.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201010280853 CN101951315A (en) | 2010-09-10 | 2010-09-10 | Key processing method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201010280853 CN101951315A (en) | 2010-09-10 | 2010-09-10 | Key processing method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101951315A true CN101951315A (en) | 2011-01-19 |
Family
ID=43454680
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 201010280853 Pending CN101951315A (en) | 2010-09-10 | 2010-09-10 | Key processing method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101951315A (en) |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102857522A (en) * | 2012-10-12 | 2013-01-02 | 广州市品高软件开发有限公司 | Identity authentication method and system for cloud computing desktop terminal |
| CN103037366A (en) * | 2011-09-30 | 2013-04-10 | 卓望数码技术(深圳)有限公司 | Mobile terminal user authentication method and mobile terminal based on asymmetric cryptographic technique |
| WO2016128856A1 (en) * | 2015-02-13 | 2016-08-18 | International Business Machines Corporation | Automatic key management using enterprise user identity management |
| CN106411893A (en) * | 2016-09-30 | 2017-02-15 | 成都知道创宇信息技术有限公司 | Hypertext transfer protocol secure (HTTPS) service deployment method |
| CN107004083A (en) * | 2014-12-12 | 2017-08-01 | 耐瑞唯信有限公司 | Device keyses are protected |
| CN108540486A (en) * | 2018-04-23 | 2018-09-14 | 湖南东方华龙信息科技有限公司 | The generation of cloud key and application method |
| WO2018166356A1 (en) * | 2017-03-15 | 2018-09-20 | 阿里巴巴集团控股有限公司 | Method, device, and system for encrypting secret key |
| US10348727B2 (en) | 2015-02-13 | 2019-07-09 | International Business Machines Corporation | Automatic key management using enterprise user identity management |
| CN111953484A (en) * | 2020-08-03 | 2020-11-17 | 上海移远通信技术股份有限公司 | Communication method, device and client |
| TWI735208B (en) * | 2020-04-20 | 2021-08-01 | 宜鼎國際股份有限公司 | Data protection system and method |
| US11616654B2 (en) | 2018-04-24 | 2023-03-28 | Spectrum Brands, Inc. | Secure provisioning of internet of things devices, including electronic locks |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1852432A (en) * | 2005-12-27 | 2006-10-25 | 华为技术有限公司 | Method for enciphering and deciphering living-broadcasting flow-medium data |
| CN101447870A (en) * | 2008-12-25 | 2009-06-03 | 中国电子科技集团公司第五十四研究所 | Safe storage method of private key based on technology of distributed password |
| CN101483518A (en) * | 2009-02-20 | 2009-07-15 | 北京天威诚信电子商务服务有限公司 | Customer digital certificate private key management method and system |
| CN101610148A (en) * | 2009-07-08 | 2009-12-23 | 李伟 | A kind of reciprocity internet digital literary property protection method |
-
2010
- 2010-09-10 CN CN 201010280853 patent/CN101951315A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1852432A (en) * | 2005-12-27 | 2006-10-25 | 华为技术有限公司 | Method for enciphering and deciphering living-broadcasting flow-medium data |
| CN101447870A (en) * | 2008-12-25 | 2009-06-03 | 中国电子科技集团公司第五十四研究所 | Safe storage method of private key based on technology of distributed password |
| CN101483518A (en) * | 2009-02-20 | 2009-07-15 | 北京天威诚信电子商务服务有限公司 | Customer digital certificate private key management method and system |
| CN101610148A (en) * | 2009-07-08 | 2009-12-23 | 李伟 | A kind of reciprocity internet digital literary property protection method |
Cited By (19)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103037366A (en) * | 2011-09-30 | 2013-04-10 | 卓望数码技术(深圳)有限公司 | Mobile terminal user authentication method and mobile terminal based on asymmetric cryptographic technique |
| CN103037366B (en) * | 2011-09-30 | 2016-10-26 | 卓望数码技术(深圳)有限公司 | Mobile phone users authentication method based on asymmetric cryptographic technique and mobile terminal |
| CN102857522A (en) * | 2012-10-12 | 2013-01-02 | 广州市品高软件开发有限公司 | Identity authentication method and system for cloud computing desktop terminal |
| CN107004083A (en) * | 2014-12-12 | 2017-08-01 | 耐瑞唯信有限公司 | Device keyses are protected |
| US11018847B2 (en) | 2014-12-12 | 2021-05-25 | Nagravision S.A. | Device keys protection |
| US10348727B2 (en) | 2015-02-13 | 2019-07-09 | International Business Machines Corporation | Automatic key management using enterprise user identity management |
| WO2016128856A1 (en) * | 2015-02-13 | 2016-08-18 | International Business Machines Corporation | Automatic key management using enterprise user identity management |
| GB2550786A (en) * | 2015-02-13 | 2017-11-29 | Ibm | Automatic key management using enterprise user identity management |
| US10454676B2 (en) | 2015-02-13 | 2019-10-22 | International Business Machines Corporation | Automatic key management using enterprise user identity management |
| CN106411893A (en) * | 2016-09-30 | 2017-02-15 | 成都知道创宇信息技术有限公司 | Hypertext transfer protocol secure (HTTPS) service deployment method |
| CN106411893B (en) * | 2016-09-30 | 2019-08-13 | 成都知道创宇信息技术有限公司 | A kind of dispositions method of HTTPS service |
| CN108632021A (en) * | 2017-03-15 | 2018-10-09 | 阿里巴巴集团控股有限公司 | A kind of key encryption method, device and system |
| WO2018166356A1 (en) * | 2017-03-15 | 2018-09-20 | 阿里巴巴集团控股有限公司 | Method, device, and system for encrypting secret key |
| US11271726B2 (en) | 2017-03-15 | 2022-03-08 | Alibaba Group Holding Limited | Key encryption methods, apparatuses, and systems |
| CN108540486A (en) * | 2018-04-23 | 2018-09-14 | 湖南东方华龙信息科技有限公司 | The generation of cloud key and application method |
| US11616654B2 (en) | 2018-04-24 | 2023-03-28 | Spectrum Brands, Inc. | Secure provisioning of internet of things devices, including electronic locks |
| TWI808160B (en) * | 2018-04-24 | 2023-07-11 | 美商品譜公司 | Secure provisioning of internet of things devices, including electronic locks |
| TWI735208B (en) * | 2020-04-20 | 2021-08-01 | 宜鼎國際股份有限公司 | Data protection system and method |
| CN111953484A (en) * | 2020-08-03 | 2020-11-17 | 上海移远通信技术股份有限公司 | Communication method, device and client |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP7104248B2 (en) | An encrypted asset encryption key part that allows the assembly of an asset encryption key using a subset of the encrypted asset encryption key parts | |
| CN101951315A (en) | Key processing method and device | |
| RU2584500C2 (en) | Cryptographic authentication and identification method with real-time encryption | |
| CN103684766B (en) | A kind of private key protection method of terminal use and system | |
| CN109379387B (en) | Safety certification and data communication system between Internet of things equipment | |
| CN110868291B (en) | Data encryption transmission method, device, system and storage medium | |
| CN103067160A (en) | Method and system of generation of dynamic encrypt key of encryption secure digital memory card (SD) | |
| CN107908574A (en) | The method for security protection of solid-state disk data storage | |
| WO2010057423A1 (en) | Encryption and decryption method and system for ic card and the reader device | |
| CN112507296B (en) | User login verification method and system based on blockchain | |
| CN110233729B (en) | Encrypted solid-state disk key management method based on PUF | |
| CN103560892A (en) | Secret key generation method and secret key generation device | |
| CN104333545A (en) | Method for encrypting cloud storage file data | |
| TWI476629B (en) | Data security and security systems and methods | |
| CN107911221B (en) | Key management method for secure storage of solid-state disk data | |
| WO2012053886A1 (en) | A method and system for file encryption and decryption in a server | |
| US20200160333A1 (en) | System and method for the protection of consumer financial data utilizing dynamic content shredding | |
| CN103634789A (en) | Mobile terminal and method | |
| CN103177225A (en) | Method and system of data management | |
| CN1266617C (en) | Computer data protective method | |
| CN107342862B (en) | Method and system for realizing key generation and protection by cloud plus-end triple-authority separation | |
| CN107332663A (en) | Archive management method based on encryption technology | |
| CN113836516B (en) | Printer selenium drum anti-counterfeiting and printing frequency protection system and method | |
| TWI430643B (en) | Secure key recovery system and method | |
| EP2299379A1 (en) | Digital rights management system with diversified content protection process |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20110119 |