CN102946311A - Key dispersed method for enhancing safety of symmetric key system - Google Patents
Key dispersed method for enhancing safety of symmetric key system Download PDFInfo
- Publication number
- CN102946311A CN102946311A CN2012104919656A CN201210491965A CN102946311A CN 102946311 A CN102946311 A CN 102946311A CN 2012104919656 A CN2012104919656 A CN 2012104919656A CN 201210491965 A CN201210491965 A CN 201210491965A CN 102946311 A CN102946311 A CN 102946311A
- Authority
- CN
- China
- Prior art keywords
- key
- management system
- dispersion
- dispersing
- key management
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention discloses a key dispersed method for enhancing safety of a symmetric key system, and relates to the technical field of information safety and passwords. The key dispersed method includes the steps: (1) respectively filling secondary dispersing factors into a primary key management system; and (2) computing the secondary dispersing factors in a dispersed manner through specified keys according to the national standard algorithm by the primary key management system to obtain key data of a secondary key management system. The key dispersed method has the advantage that different dispersing factors can be computed in the dispersed manner through the specified keys by the key dispersed method to obtain a plurality of different key data. By the method, the single derivative transformation mode of directly using random numbers as keys is avoided, diversified key derivative transformation modes are provided, and safety in the key derivative transformation process is enhanced.
Description
Technical field
The present invention relates to information security cryptographic technique field, relate in particular to a kind of key process for dispersing that strengthens the fail safe of symmetric key system.
Background technology
Cryptographic technique is the basic technology of information security, and key then is the basis of cryptographic technique Secure Application and the core element of informatization security.Along with the high speed of the information-based industry of China is all-round developing, also enter the comprehensive construction period based on the key management system of symmetric key system, the derivatization process of key is faced with more and more stricter specification requirement in the symmetric key system.
The key that uses in the current traditional symmetric key system mainly is to utilize encryption device to produce some key datas, and with some key datas as the key data that uses in the system.The key data production process is single in the said process, and to the key data conversion process of deriving itself, the key data production process is too not simple, is unfavorable for transmission and the use of key data in the multi-stage key management system, has certain potential safety hazard.
The comparatively complicated common employing of key dispersion technology realizes that voluntarily key disperses derivative algorithm, utilizes a plurality of dispersion factors to finish the key scatter operation in the symmetric key system.Key dispersion technology relative complex and loaded down with trivial details, the dispersion derivative algorithm fail safe that self realizes can not be protected; The dispersion factor One's name is legion that participates in the dispersion process is unfavorable for the operability that key disperses.In addition, by above-mentioned key dispersion technology, may cause identical key and dispersion factor to derive different keys, perhaps different keys derives identical key with dispersion factor, therefore has larger potential safety hazard.
Summary of the invention
The purpose of this invention is to provide a kind of key process for dispersing that strengthens the fail safe of symmetric key system, solve the security risk that exists in the above-mentioned cipher key derivative conversion process, improve the fail safe of cipher key derivative conversion process, meet the related request of the cipher key derivative conversion of current symmetric key system.
For achieving the above object, the present invention takes following technical scheme: a kind of key process for dispersing that strengthens the fail safe of symmetric key system may further comprise the steps: step (1), in the one-level key management system, inject respectively the secondary dispersion factor; Step (2), the one-level key management system utilizes the national standard algorithm, with the key of appointment the secondary dispersion factor is disperseed computing, obtains the key data of secondary key management system.
Preferred steps: after described step (2), add following steps:
Step (a) is injected three grades and is disperseed the factor in the secondary key management system;
Step (b), the secondary key management system is utilized the national standard algorithm, disperses the factors to disperse computing with the key of appointment to three grades, obtains the key data of three grades of key management systems.
Preferred steps: after the step (b), add again level Four and above key management system and inject level Four and above dispersion factor, carry out corresponding steps.
Preferred steps: inject the method for dispersion factors at different levels for adopting code list or IC-card.
Preferred steps: code folk prescription formula is directly inputted dispersion factors at different levels, and the IC-card mode need to be inputted the IC-card PIN code and read dispersion factors at different levels, finishes the injection of dispersion factors at different levels.
Preferred steps: after obtaining the key data of key management systems at different levels, adopt the key data of the key management systems at different levels after the threshold mechanism mode is disperseed key to back up.
Preferred steps: key management systems at different levels are divided into 5 parts with key data, and in safe storage to the 5 different IC-card, protected by the IC-card PIN code; Wherein any 3 IC-cards can carry out the key recovery operation.
In sum, owing to adopted technique scheme, concrete beneficial effect of the present invention is:
1, the key process for dispersing adopts national standard algorithm (SM1 block cipher) to carry out key dispersion computing, and key dispersion calculating process is safe, reliability is strong;
2, the key process for dispersing is introduced dispersion factor, and dispersion factor is participated in the key dispersion process, has avoided single key data directly as the potential safety hazard of key, has higher practicality;
3, the key process for dispersing utilizes different dispersion factors by specifying key, can successively disperse computing to key, obtains the key data after some the dispersions, disperses that production process interlocks layer by layer, process is tight, has higher fail safe;
4, identical key data, different dispersion factors can divide some the different key datas that shed, and satisfies different application systems to the different demands of key data, has widely adaptability;
5, the key process for dispersing is supported the Multilayered encryption management system, satisfies successively protection, the special-purpose principle of special key, has obvious intrinsic advantage;
6, dispersion factor is important participant in the key dispersion process, the user can be according to actual conditions according to regular self-defining dispersion factor, and adopt the form of code list or IC-card to inject dispersion factor, avoid pure manual mode to inject the potential safety hazard that dispersion factor brings, strengthened the fail safe of dispersion factor injection process;
7, adopt the key data after 5 minutes 3 modes of closing of threshold mechanism (M of N) are disperseed key to back up, guaranteed the fail safe of cipher key backup process, promoted the general safety of key process for dispersing.
Generally speaking, adopt the technology of the present invention, can disperse computing to different dispersion factors by specifying key, obtain some different key datas.The method has avoided random number directly as the single mapping mode of deriving of key, the cipher key derivative mapping mode of diversification is provided, strengthen the fail safe of cipher key derivative conversion process, reduced the difficulty of system, exploitation and use, promoted ease for use and the maintainability of system.
Description of drawings
Examples of the present invention will be described by way of reference to the accompanying drawings, wherein:
Fig. 1 is key dispersion process schematic diagram.
Embodiment
Disclosed all features in this specification, or the step in disclosed all methods or the process except mutually exclusive feature and/or step, all can make up by any way.
Disclosed arbitrary feature in this specification (comprising any accessory claim, summary and accompanying drawing) is unless special narration all can be replaced by other equivalences or the alternative features with similar purpose.That is, unless special narration, each feature is an example in a series of equivalences or the similar characteristics.
Step (1), in the management of one-level key management system dispersion factor, the user adopts the secondary dispersion factor that the mode of yard list or IC-card is injected respectively, many parts are different;
Step (2), code folk prescription formula is directly inputted the secondary dispersion factor, and the IC-card mode need to be inputted the IC-card PIN code and read the secondary dispersion factor, finishes the secondary dispersion factor and injects;
Step (3), one-level key management system are utilized national standard algorithm (SM1 block cipher), with the key of appointment the secondary dispersion factor are disperseed computing, obtain secondary key management system key data;
Step (4), the secondary key management system key data that adopts threshold mechanism (M of N) to close in 5 minutes 3 after mode is disperseed key backs up.System is divided into 5 parts with key data, and in safe storage to the 5 different IC-card, protected by the IC-card PIN code; Wherein any 3 IC-cards can carry out the key recovery operation;
Step (5), in ultimate key management system dispersion factor management, the user adopts the professional dispersion factor that the mode of yard list or IC-card is injected respectively, many parts are different;
Step (6), ultimate key management system are utilized national standard algorithm (SM1 block cipher), with the key of appointment professional dispersion factor are disperseed computing, obtain the business cipher key data;
Step (7), the business cipher key data that adopt threshold mechanism (M of N) to close in 5 minutes 3 after mode is disperseed key back up.System is divided into 5 parts with key data, and in safe storage to the 5 different IC-card, protected by the IC-card PIN code; Wherein any 3 IC-cards can carry out the key recovery operation.
In addition, can be according to practical situations, the level of expanded keys management system and progression.
The key dispersion process needs the user to input different levels or other dispersion factor of level, and system utilizes the key of appointment that dispersion factor is disperseed computing, obtains not level or other key data of level.
Fig. 1 is key dispersion process schematic diagram.
Each critical process is described in detail as follows:
1. in the management of one-level key management system dispersion factor, the user adopts the secondary dispersion factor that the mode of yard list or IC-card is injected respectively, many parts different;
2. code folk prescription formula is directly inputted the secondary dispersion factor, and the IC-card mode need to be inputted the IC-card PIN code and read the secondary dispersion factor, finishes the secondary dispersion factor and injects;
3. the one-level key management system utilizes national standard algorithm (SM1 block cipher), with the key of appointment the secondary dispersion factor is disperseed computing, obtains secondary key management system key data;
4. the secondary key management system key data that adopts threshold mechanism (M of N) to close in 5 minutes 3 after mode is disperseed key backs up.System is divided into 5 parts with key data, and in safe storage to the 5 different IC-card, protected by the IC-card PIN code; Wherein any 3 IC-cards can carry out the key recovery operation;
5. in secondary key management system dispersion factor management, the user adopts that the mode of yard list or IC-card is injected respectively, three grades of many parts of differences are disperseed the factor;
6. code folk prescription formula is directly inputted three grades of dispersion factors, and the IC-card mode need to be inputted the IC-card PIN code and read three grades and disperse the factors, finishes three grades and disperses the factors to inject;
7. the secondary key management system is utilized national standard algorithm (SM1 block cipher), disperses the factors to disperse computing with the key of appointment to three grades, obtains three grades of key management system key datas;
8. three grades of key management system key datas that adopt threshold mechanism (M of N) to close in 5 minutes 3 after mode is disperseed key back up.System is divided into 5 parts with key data, and in safe storage to the 5 different IC-card, protected by the IC-card PIN code; Wherein any 3 IC-cards can carry out the key recovery operation;
9. in three grades of key management system dispersion factor management, the user adopts the professional dispersion factor that the mode of yard list or IC-card is injected respectively, many parts different;
10. three grades of key management systems utilize national standard algorithm (SM1 block cipher), with the key of appointment professional dispersion factor are disperseed computing, obtain business cipher key data (key data that concrete operation system need to be used);
11. the business cipher key data that adopt threshold mechanism (M of N) to close in 5 minutes 3 after mode is disperseed key back up.System is divided into 5 parts with key data, and in safe storage to the 5 different IC-card, protected by the IC-card PIN code; Wherein any 3 IC-cards can carry out the key recovery operation;
12. can according to practical situations, finish the key scatter operation of multi-stage key management system.
In addition, the SM1 block cipher is a kind of commercial cipher grouping standard symmetry algorithm by the establishment of national Password Management office.This algorithm is the SM1 block cipher that national Password Management department examines, block length and key length all are 128 bits, algorithm security encryption strength and relevant software and hardware realize that performance is suitable with AES, and this algorithm is underground, and only the form with IP kernel is present in the chip.Adopt this algorithm to develop the safety products such as family chip, intellective IC card, intelligent code key, encrypted card, encryption equipment, be widely used in each application of E-Government, ecommerce and national economy.
Dispersion factor is the core element of key management system, and the generation of key all depends on dispersion factor and primary key disperses computing.Dispersion factor is exactly one group of regular data corresponding with numbering (character of 16 0~F, 16 system numbers of composition 8 or 16 bytes), for example: 2E14AD956BC78DF6 or C1925BE14AD4AD9E6D95F14A26D95E4A.Dispersion factor adopts different dispersion factor establishment rules to produce, but the particular content self-defining of dispersion factors at different levels, and carry out typing and management by the special messenger.
Dispersion factor can safety be stored in yard list or the IC-card, solved the safe storage problem of dispersion factor.Adopt code single (cipher envelope) when mode is injected dispersion factor, need the dispersion factor in special messenger's input code list; When adopting the IC-card mode to inject dispersion factor, need input IC-card PIN code, and from IC-card, read dispersion factor, finish the implant operation of dispersion factor.
The present invention is not limited to aforesaid embodiment.The present invention expands to any new feature or any new combination that discloses in this manual, and the arbitrary new method that discloses or step or any new combination of process.
Claims (7)
1. a key process for dispersing that strengthens the fail safe of symmetric key system is characterized in that, may further comprise the steps:
Step (1) is injected respectively the secondary dispersion factor in the one-level key management system;
Step (2), the one-level key management system utilizes the national standard algorithm, with the key of appointment the secondary dispersion factor is disperseed computing, obtains the key data of secondary key management system.
2. a kind of key process for dispersing that strengthens the fail safe of symmetric key system according to claim 1 is characterized in that: after described step (2), add following steps:
Step (a) is injected three grades and is disperseed the factor in the secondary key management system;
Step (b), the secondary key management system is utilized the national standard algorithm, disperses the factors to disperse computing with the key of appointment to three grades, obtains the key data of three grades of key management systems.
3. a kind of key process for dispersing that strengthens the fail safe of symmetric key system according to claim 2 is characterized in that: after the step (b), add level Four and above key management system again and inject level Four and above dispersion factor, carry out corresponding steps.
4. it is characterized in that according to claim 1 and 2 or 3 described a kind of key process for dispersing that strengthen the fail safe of symmetric key system: inject the method for dispersion factors at different levels for adopting code list or IC-card.
5. a kind of key process for dispersing that strengthens the fail safe of symmetric key system according to claim 4, it is characterized in that: code folk prescription formula is input dispersion factors at different levels directly, the IC-card mode need to be inputted the IC-card PIN code and read dispersion factors at different levels, finishes the injection of dispersion factors at different levels.
6. according to claim 1 and 2 or 3 described a kind of key process for dispersing that strengthen the fail safe of symmetric key system, it is characterized in that: after obtaining the key data of key management systems at different levels, adopt the key data of the key management systems at different levels after the threshold mechanism mode is disperseed key to back up.
7. a kind of key process for dispersing that strengthens the fail safe of symmetric key system according to claim 6, it is characterized in that: key management systems at different levels are divided into 5 parts with key data, and in safe storage to the 5 different IC-card, protected by the IC-card PIN code; Wherein any 3 IC-cards can carry out the key recovery operation.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210491965.6A CN102946311B (en) | 2012-11-28 | 2012-11-28 | A kind of key process for dispersing that strengthens the security of symmetric key system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210491965.6A CN102946311B (en) | 2012-11-28 | 2012-11-28 | A kind of key process for dispersing that strengthens the security of symmetric key system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102946311A true CN102946311A (en) | 2013-02-27 |
| CN102946311B CN102946311B (en) | 2016-05-11 |
Family
ID=47729220
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210491965.6A Active CN102946311B (en) | 2012-11-28 | 2012-11-28 | A kind of key process for dispersing that strengthens the security of symmetric key system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102946311B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105162583A (en) * | 2015-07-15 | 2015-12-16 | 北京江南天安科技有限公司 | Scatter method and system for single asymmetrical secret key pair, single-stage asymmetrical secret key pair and multistage asymmetrical secret key pair |
| CN110324820A (en) * | 2019-07-03 | 2019-10-11 | 易联众智能(厦门)科技有限公司 | A kind of Internet of Things safety right appraisal method, system and readable medium |
| CN112054901A (en) * | 2020-09-01 | 2020-12-08 | 郑州信大捷安信息技术股份有限公司 | Key management method and system supporting multiple key systems |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1192834A (en) * | 1995-06-05 | 1998-09-09 | 塞特科有限公司 | Multi-step digital signature method and system |
| CN1615036A (en) * | 2004-11-29 | 2005-05-11 | 上海电信技术研究院 | Electronic paymenting service system and realizing method based on fixed telephone net short message |
| CN101132276A (en) * | 2007-09-27 | 2008-02-27 | 中兴通讯股份有限公司 | Method and system for symmetrical encryption of terminal data by SAM card |
| CN102355354A (en) * | 2011-08-17 | 2012-02-15 | 山东省数字证书认证管理有限公司 | Method for implementing digital signature by using radio frequency CPU card of non-signature algorithm module |
| CN103684759A (en) * | 2012-09-11 | 2014-03-26 | 中国银联股份有限公司 | Terminal data encrypting method and device |
-
2012
- 2012-11-28 CN CN201210491965.6A patent/CN102946311B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1192834A (en) * | 1995-06-05 | 1998-09-09 | 塞特科有限公司 | Multi-step digital signature method and system |
| CN1615036A (en) * | 2004-11-29 | 2005-05-11 | 上海电信技术研究院 | Electronic paymenting service system and realizing method based on fixed telephone net short message |
| CN101132276A (en) * | 2007-09-27 | 2008-02-27 | 中兴通讯股份有限公司 | Method and system for symmetrical encryption of terminal data by SAM card |
| CN102355354A (en) * | 2011-08-17 | 2012-02-15 | 山东省数字证书认证管理有限公司 | Method for implementing digital signature by using radio frequency CPU card of non-signature algorithm module |
| CN103684759A (en) * | 2012-09-11 | 2014-03-26 | 中国银联股份有限公司 | Terminal data encrypting method and device |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105162583A (en) * | 2015-07-15 | 2015-12-16 | 北京江南天安科技有限公司 | Scatter method and system for single asymmetrical secret key pair, single-stage asymmetrical secret key pair and multistage asymmetrical secret key pair |
| CN105162583B (en) * | 2015-07-15 | 2018-10-26 | 北京江南天安科技有限公司 | A kind of single, single-stage and multistage key pair dispersing method and its system |
| CN110324820A (en) * | 2019-07-03 | 2019-10-11 | 易联众智能(厦门)科技有限公司 | A kind of Internet of Things safety right appraisal method, system and readable medium |
| CN112054901A (en) * | 2020-09-01 | 2020-12-08 | 郑州信大捷安信息技术股份有限公司 | Key management method and system supporting multiple key systems |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102946311B (en) | 2016-05-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109474423A (en) | Data encryption/decryption method, server and storage medium | |
| CN105100083B (en) | A kind of secret protection and support user's revocation based on encryption attribute method and system | |
| CN106610995B (en) | Method, device and system for creating ciphertext index | |
| CN106776904A (en) | The fuzzy query encryption method of dynamic authentication is supported in a kind of insincere cloud computing environment | |
| CN103294958B (en) | Kernel-level virtual polymerization and parallel encryption method for class-oriented Linux system | |
| CN102857339B (en) | Secret distribution sharing and recovery recombining method based on sequences | |
| CN107070660A (en) | A kind of design Storage method of block chain encrypted radio-frequency chip | |
| CN103955654A (en) | USB (Universal Serial Bus) flash disk secure storage method based on virtual file system | |
| CN102316120A (en) | Dynamic password lock based on network privacy protection | |
| CN103326991A (en) | Method for password encrypted storage and password authentication | |
| CN102904877A (en) | Binary serialization role permission management method based on cloud storage | |
| CN102932140A (en) | Key backup method for enhancing safety of cipher machine | |
| CN102946311B (en) | A kind of key process for dispersing that strengthens the security of symmetric key system | |
| CN102222188A (en) | Information system user password generation method | |
| CN204759430U (en) | Random cipher input device | |
| CN103593592B (en) | User data encryption and decryption method | |
| CN203982391U (en) | A kind of PCI-E encrypted card with network interface | |
| CN106156655B (en) | A kind of compressing file and authentication method towards cloud storage | |
| CN103927463A (en) | Application software copyright protection system for gateway server | |
| CN105069331A (en) | Computer binary code format based permission control method | |
| CN201044107Y (en) | Computer security debarkation and file protection system | |
| Yang et al. | Research and Design of Multi Dimension Protection System for Data Security in Cloud Computing Environment | |
| Hu et al. | The research and application of embedded database encryption method | |
| CN113535664B (en) | Database data synchronization method based on data page preloading | |
| CN104125060B (en) | It is a kind of without fixed algorithm key encryption technical method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address |
Address after: No. 333, Yunhua Road, Chengdu hi tech Zone, China (Sichuan) pilot Free Trade Zone, Chengdu, Sichuan 610041 Patentee after: China Electronics Technology Network Security Technology Co.,Ltd. Address before: 610041, No. 8, pioneering Road, hi tech Zone, Sichuan, Chengdu Patentee before: CHENGDU WESTONE INFORMATION INDUSTRY Inc. |
|
| CP03 | Change of name, title or address |