CN102946311B - A kind of key process for dispersing that strengthens the security of symmetric key system - Google Patents
A kind of key process for dispersing that strengthens the security of symmetric key system Download PDFInfo
- Publication number
- CN102946311B CN102946311B CN201210491965.6A CN201210491965A CN102946311B CN 102946311 B CN102946311 B CN 102946311B CN 201210491965 A CN201210491965 A CN 201210491965A CN 102946311 B CN102946311 B CN 102946311B
- Authority
- CN
- China
- Prior art keywords
- key
- dispersion
- management system
- security
- dispersing
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The invention discloses a kind of key process for dispersing that strengthens the security of symmetric key system, relate to information security cryptographic technique field, comprise the following steps: step (1), in one-level key management system, inject respectively secondary dispersion factor; Step (2), one-level key management system utilizes national standard algorithm, with specify key secondary dispersion factor is disperseed to computing, obtain the key data of secondary key management system. Beneficial effect of the present invention is: adopt the present invention, can, by specifying key to disperse computing to different dispersion factors, obtain some different key datas. The method has avoided random number directly as the single derivative mapping mode of key, and the cipher key derivative mapping mode of diversification is provided, and has strengthened the security of cipher key derivative conversion process.
Description
Technical field
The present invention relates to information security cryptographic technique field, relate in particular to a kind of key process for dispersing that strengthens the security of symmetric key system.
Background technology
Cryptographic technique is the basic technology of information security, and key is the basis of cryptographic technique Secure Application and the core element of informatization security. Along with the high speed development in an all-round way of the information-based industry of China, the key management system based on symmetric key system also enters the comprehensive construction period, and in symmetric key system, the derivatization process of key is faced with more and more stricter technical requirement.
The key using in current traditional symmetric key system is mainly to utilize encryption device to produce some key datas, and the key data that some key datas are used in system. In said process, key data production process is single, key data itself is not derived to conversion process, and key data production process is too simple, is unfavorable for transmission and the use of key data in multi-stage key management system, has certain potential safety hazard.
In symmetric key system, the comparatively complicated common employing of key dispersion technology realizes key dispersion derivative algorithm voluntarily, utilizes multiple dispersion factors to complete key scatter operation. Key dispersion technology relative complex and loaded down with trivial details, the dispersion derivative algorithm security self realizing can not be protected; The dispersion factor One's name is legion participating in dispersion process, is unfavorable for the operability that key disperses. In addition, by above-mentioned key dispersion technology, may cause identical key and dispersion factor to derive different keys, or different keys and dispersion factor derive identical key, therefore have larger potential safety hazard.
Summary of the invention
The object of this invention is to provide a kind of key process for dispersing that strengthens the security of symmetric key system, solve the security risk existing in above-mentioned cipher key derivative conversion process, improve the security of cipher key derivative conversion process, meet the related request of the cipher key derivative conversion of current symmetric key system.
For achieving the above object, the present invention takes following technical scheme: a kind of key process for dispersing that strengthens the security of symmetric key system, comprises the following steps: step (1), in one-level key management system, inject respectively secondary dispersion factor; Step (2), one-level key management system utilizes national standard algorithm, with specify key secondary dispersion factor is disperseed to computing, obtain the key data of secondary key management system.
Preferred steps: after described step (2), add following steps:
Step (a) is injected three grades of dispersion factors in secondary key management system;
Step (b), secondary key management system is utilized national standard algorithm, with specify key three grades of dispersion factors are disperseed to computing, obtain the key data of three grades of key management systems.
Preferred steps: after step (b), then add level Four and above key management system and inject level Four and above dispersion factor, carrying out corresponding steps.
Preferred steps: inject the method for dispersion factors at different levels for adopting code list or IC-card.
Preferred steps: code folk prescription formula is directly inputted dispersion factors at different levels, and IC-card mode need to be inputted IC-card PIN code and read dispersion factors at different levels, completes the injection of dispersion factors at different levels.
Preferred steps: obtaining after the key data of key management systems at different levels, adopting the key data of the key management systems at different levels after threshold mechanism mode is disperseed key to back up.
Preferred steps: key data is divided into 5 parts by key management systems at different levels, and in safety storing to a 5 different IC-card, protected by IC-card PIN code; Wherein any 3 IC-cards can carry out key recovery operation.
In sum, owing to having adopted technique scheme, concrete beneficial effect of the present invention is:
1, key process for dispersing adopts national standard algorithm (SM1 block cipher) to carry out key dispersion computing, and key dispersion calculating process is safe, reliability is strong;
2, key process for dispersing is introduced dispersion factor, and dispersion factor is participated in key dispersion process, has avoided single key data directly as the potential safety hazard of key, has higher practicality;
3, key process for dispersing, by specifying key, utilizes different dispersion factors, can successively disperse computing to key, obtains the key data after some dispersions, and dispersion production process interlocks layer by layer, process is tight, has higher security;
4, identical key data, different dispersion factors, can divide some the different key datas that shed, and meets the different demands of different application systems to key data, has adaptability widely;
5, key process for dispersing is supported Multilayered encryption management system, meets successively protection, the special special principle of key, has obvious intrinsic advantage;
6, dispersion factor is important participant in key dispersion process, user can be according to actual conditions according to regular self-defining dispersion factor, and adopt the form of code list or IC-card to inject dispersion factor, avoid pure manual mode to inject the potential safety hazard that dispersion factor brings, strengthened the security of dispersion factor injection process;
7, adopt the key data after 5 point of 3 mode of closing of threshold mechanism (MofN) disperseed key to back up, guaranteed the security of cipher key backup process, promoted the general safety of key process for dispersing.
Generally speaking, adopt the technology of the present invention, can, by specifying key to disperse computing to different dispersion factors, obtain some different key datas. The method has avoided random number directly as the single derivative mapping mode of key, the cipher key derivative mapping mode of diversification is provided, strengthen the security of cipher key derivative conversion process, reduced the difficulty of system, exploitation and use, promoted ease for use and the maintainability of system.
Brief description of the drawings
Examples of the present invention will be described by way of reference to the accompanying drawings, wherein:
Fig. 1 is key dispersion process schematic diagram.
Detailed description of the invention
Disclosed all features in this description, or step in disclosed all methods or process, except mutually exclusive feature and/or step, all can combine by any way.
Disclosed arbitrary feature in this description (comprising any accessory claim, summary and accompanying drawing), unless narration especially all can be replaced by other equivalences or the alternative features with similar object. ,, unless narration especially, each feature is an example in a series of equivalences or similar characteristics.
Step (1), in the management of one-level key management system dispersion factor, user adopts the secondary dispersion factor that the mode of yard list or IC-card is injected respectively, many parts are different;
Step (2), code folk prescription formula is directly inputted secondary dispersion factor, and IC-card mode need to be inputted IC-card PIN code and read secondary dispersion factor, completes secondary dispersion factor and injects;
Step (3), one-level key management system utilizes national standard algorithm (SM1 block cipher), with specify key secondary dispersion factor is disperseed to computing, obtain secondary key management system key data;
Step (4), the secondary key management system key data that adopts threshold mechanism (MofN) to close for 5 point 3 after mode is disperseed key backs up. Key data is divided into 5 parts by system, and in safety storing to a 5 different IC-card, protected by IC-card PIN code; Wherein any 3 IC-cards can carry out key recovery operation;
Step (5), in ultimate key management system dispersion factor management, user adopts the business dispersion factor that the mode of yard list or IC-card is injected respectively, many parts are different;
Step (6), ultimate key management system is utilized national standard algorithm (SM1 block cipher), with specify key business dispersion factor is disperseed to computing, obtain business cipher key data;
Step (7), the business cipher key data that adopt threshold mechanism (MofN) to close for 5 point 3 after mode is disperseed key back up. Key data is divided into 5 parts by system, and in safety storing to a 5 different IC-card, protected by IC-card PIN code; Wherein any 3 IC-cards can carry out key recovery operation.
In addition, can be according to practical situations, the level of expanded keys management system and progression.
Key dispersion process needs user to input the dispersion factor of different levels or rank, and the key that system utilization is specified disperses computing to dispersion factor, obtains the key data of level not or rank.
Fig. 1 is key dispersion process schematic diagram.
Each critical process is described in detail as follows:
1. in the management of one-level key management system dispersion factor, user adopts the secondary dispersion factor that the mode of yard list or IC-card is injected respectively, many parts different;
2. a yard folk prescription formula is directly inputted secondary dispersion factor, and IC-card mode need to be inputted IC-card PIN code and read secondary dispersion factor, completes secondary dispersion factor and injects;
3. one-level key management system utilizes national standard algorithm (SM1 block cipher), with specify key secondary dispersion factor is disperseed to computing, obtain secondary key management system key data;
4. the secondary key management system key data that adopts threshold mechanism (MofN) to close for 5 point 3 after mode is disperseed key backs up. Key data is divided into 5 parts by system, and in safety storing to a 5 different IC-card, protected by IC-card PIN code; Wherein any 3 IC-cards can carry out key recovery operation;
5. in secondary key management system dispersion factor management, user adopts that the mode of yard list or IC-card is injected respectively, three grades of dispersion factors of many parts of differences;
6. yard folk prescription formula is directly inputted three grades of dispersion factors, and IC-card mode need to be inputted IC-card PIN code and read three grades of dispersion factors, completes three grades of dispersion factors and injects;
7. secondary key management system is utilized national standard algorithm (SM1 block cipher), with specify key three grades of dispersion factors are disperseed to computing, obtain three grades of key management system key datas;
8. three grades of key management system key datas that adopt threshold mechanism (MofN) to close for 5 point 3 after mode is disperseed key back up. Key data is divided into 5 parts by system, and in safety storing to a 5 different IC-card, protected by IC-card PIN code; Wherein any 3 IC-cards can carry out key recovery operation;
9. in three grades of key management system dispersion factor management, user adopts the business dispersion factor that the mode of yard list or IC-card is injected respectively, many parts different;
10. three grades of key management systems utilize national standard algorithm (SM1 block cipher), business dispersion factor are disperseed to computing with the key of specifying, and obtain business cipher key data (concrete operation system need to use key data);
The 11. business cipher key data that adopt threshold mechanism (MofN) to close for 5 point 3 after mode is disperseed key back up. Key data is divided into 5 parts by system, and in safety storing to a 5 different IC-card, protected by IC-card PIN code; Wherein any 3 IC-cards can carry out key recovery operation;
12. can be according to practical situations, completes the key scatter operation of multi-stage key management system.
In addition, SM1 block cipher is a kind of commercial cipher grouping standard symmetry algorithm by the establishment of national Password Management office. This algorithm is the SM1 block cipher of national Password Management department examination & approval, block length and key length are all 128 bits, algorithm security encryption strength and relevant software and hardware realizes performance and AES is suitable, this algorithm is underground, is only present in chip with the form of IP kernel. Adopt this algorithm to develop the safety products such as family chip, intellective IC card, intelligent code key, encrypted card, encryption equipment, be widely used in each application of E-Government, ecommerce and national economy.
Dispersion factor is the core element of key management system, and the generation of key all depends on dispersion factor and primary key disperses computing. Dispersion factor is exactly one group of regular data corresponding with numbering (character of 16 0~F, 16 system numbers of composition 8 or 16 bytes), for example: 2E14AD956BC78DF6 or C1925BE14AD4AD9E6D95F14A26D95E4A. Dispersion factor adopts different dispersion factor establishment rules to produce, and the particular content of dispersion factors at different levels can self-defining, and carries out typing and management by special messenger.
Dispersion factor can safety be stored in yard list or IC-card, solved the safety storing problem of dispersion factor. While adopting single (cipher envelope) mode of code to inject dispersion factor, need the dispersion factor in special messenger's input code list; While adopting IC-card mode to inject dispersion factor, need to input IC-card PIN code, and from IC-card, read dispersion factor, complete the implant operation of dispersion factor.
The present invention is not limited to aforesaid detailed description of the invention. The present invention expands to any new feature or any new combination disclosing in this manual, and the arbitrary new method disclosing or step or any new combination of process.
Claims (5)
1. one kind strengthens the key process for dispersing of symmetric key system security, it is characterized in that, comprise the following steps: the key data that injects secondary dispersion factor in one-level in key management system and obtain secondary key management system, in secondary key management system, inject the key data that three grades of dispersion factors obtain three grades of key management systems, the like, until obtain the key data of level key management system eventually; In whole level key management system, inject business dispersion factor and obtain business cipher key data; Obtaining after the key data and business cipher key data of key management systems at different levels, adopting threshold mechanism mode to back up key data.
2. a kind of key process for dispersing that strengthens the security of symmetric key system according to claim 1, is characterized in that: the method for injecting dispersion factors at different levels and business dispersion factor is to adopt the mode of code list or IC-card to inject respectively many parts of different dispersion factors.
3. a kind of key process for dispersing that strengthens the security of symmetric key system according to claim 2, is characterized in that: code folk prescription formula needs directly input dispersion factor; IC-card mode need to be inputted IC-card PIN code and read dispersion factor, completes the injection of dispersion factors at different levels.
4. a kind of key process for dispersing that strengthens the security of symmetric key system according to claim 1, it is characterized in that: the mode that adopts threshold mechanism mode to back up key data is: key data is divided into 5 parts, and in safety storing to a 5 different IC-card, protected by IC-card PIN code; Wherein any 3 IC-cards can carry out key recovery operation.
5. a kind of key process for dispersing that strengthens the security of symmetric key system according to claim 1, it is characterized in that: key management systems at different levels utilize national standard algorithm, with specify key dispersion factors at different levels are disperseed to computing, obtain the key data of next stage key management system.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210491965.6A CN102946311B (en) | 2012-11-28 | 2012-11-28 | A kind of key process for dispersing that strengthens the security of symmetric key system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210491965.6A CN102946311B (en) | 2012-11-28 | 2012-11-28 | A kind of key process for dispersing that strengthens the security of symmetric key system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102946311A CN102946311A (en) | 2013-02-27 |
| CN102946311B true CN102946311B (en) | 2016-05-11 |
Family
ID=47729220
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210491965.6A Active CN102946311B (en) | 2012-11-28 | 2012-11-28 | A kind of key process for dispersing that strengthens the security of symmetric key system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102946311B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105162583B (en) * | 2015-07-15 | 2018-10-26 | 北京江南天安科技有限公司 | A kind of single, single-stage and multistage key pair dispersing method and its system |
| CN110324820A (en) * | 2019-07-03 | 2019-10-11 | 易联众智能(厦门)科技有限公司 | A kind of Internet of Things safety right appraisal method, system and readable medium |
| CN112054901B (en) * | 2020-09-01 | 2022-02-25 | 郑州信大捷安信息技术股份有限公司 | Key management method and system supporting multiple key systems |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1615036A (en) * | 2004-11-29 | 2005-05-11 | 上海电信技术研究院 | Electronic paymenting service system and realizing method based on fixed telephone net short message |
| CN101132276A (en) * | 2007-09-27 | 2008-02-27 | 中兴通讯股份有限公司 | Method and system for symmetrical encryption of terminal data by SAM card |
| CN102355354A (en) * | 2011-08-17 | 2012-02-15 | 山东省数字证书认证管理有限公司 | Method for implementing digital signature by using radio frequency CPU card of non-signature algorithm module |
| CN103684759A (en) * | 2012-09-11 | 2014-03-26 | 中国银联股份有限公司 | Terminal data encrypting method and device |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| NZ306846A (en) * | 1995-06-05 | 2000-01-28 | Certco Llc | Digital signing method using partial signatures |
-
2012
- 2012-11-28 CN CN201210491965.6A patent/CN102946311B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1615036A (en) * | 2004-11-29 | 2005-05-11 | 上海电信技术研究院 | Electronic paymenting service system and realizing method based on fixed telephone net short message |
| CN101132276A (en) * | 2007-09-27 | 2008-02-27 | 中兴通讯股份有限公司 | Method and system for symmetrical encryption of terminal data by SAM card |
| CN102355354A (en) * | 2011-08-17 | 2012-02-15 | 山东省数字证书认证管理有限公司 | Method for implementing digital signature by using radio frequency CPU card of non-signature algorithm module |
| CN103684759A (en) * | 2012-09-11 | 2014-03-26 | 中国银联股份有限公司 | Terminal data encrypting method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102946311A (en) | 2013-02-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109474423A (en) | Data encryption/decryption method, server and storage medium | |
| CN103595539B (en) | Retain the encryption method of the numeric type personally identifiable information of form | |
| CN109409030A (en) | A kind of digital publishing rights generation method and device | |
| CN102857339B (en) | Secret distribution sharing and recovery recombining method based on sequences | |
| CN106610995B (en) | Method, device and system for creating ciphertext index | |
| US20170308580A1 (en) | Data Aggregation/Analysis System and Method Therefor | |
| CN107070660A (en) | A kind of design Storage method of block chain encrypted radio-frequency chip | |
| CN106254074A (en) | A kind of such poems of the Song Dynasty carrier Text information hiding technology based on Hybrid Encryption | |
| CN103955654A (en) | USB (Universal Serial Bus) flash disk secure storage method based on virtual file system | |
| CN102946311B (en) | A kind of key process for dispersing that strengthens the security of symmetric key system | |
| CN102904877A (en) | Binary serialization role permission management method based on cloud storage | |
| CN102222188A (en) | Information system user password generation method | |
| CN102236767B (en) | In conjunction with the file encrypting method of cryptographic hash | |
| CN104376236A (en) | Scheme self-adaptive digital watermark embedding and extracting method based on camouflage technology | |
| CN203982391U (en) | A kind of PCI-E encrypted card with network interface | |
| CN106156655B (en) | A kind of compressing file and authentication method towards cloud storage | |
| CN103927463A (en) | Application software copyright protection system for gateway server | |
| CN101833822B (en) | Security protection method for electric power prepaid system | |
| CN103701588A (en) | Secret sharing hardware realization method and device | |
| CN105069331A (en) | Computer binary code format based permission control method | |
| CN105187192B (en) | The method for improving data transmission security in a computer network | |
| Hu et al. | The research and application of embedded database encryption method | |
| Gao | Comment on “Efficient quantum dialogue without information leakage”. | |
| CN104125060B (en) | It is a kind of without fixed algorithm key encryption technical method | |
| CN113535664B (en) | Database data synchronization method based on data page preloading |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address |
Address after: No. 333, Yunhua Road, Chengdu hi tech Zone, China (Sichuan) pilot Free Trade Zone, Chengdu, Sichuan 610041 Patentee after: China Electronics Technology Network Security Technology Co.,Ltd. Address before: 610041, No. 8, pioneering Road, hi tech Zone, Sichuan, Chengdu Patentee before: CHENGDU WESTONE INFORMATION INDUSTRY Inc. |
|
| CP03 | Change of name, title or address |