CN104579644A - Key generation and restoration method - Google Patents

Key generation and restoration method Download PDF

Info

Publication number
CN104579644A
CN104579644A CN 201510013608 CN201510013608A CN104579644A CN 104579644 A CN104579644 A CN 104579644A CN 201510013608 CN201510013608 CN 201510013608 CN 201510013608 A CN201510013608 A CN 201510013608A CN 104579644 A CN104579644 A CN 104579644A
Authority
CN
Grant status
Application
Patent type
Prior art keywords
key
recovery
application
root
data
Prior art date
Application number
CN 201510013608
Other languages
Chinese (zh)
Inventor
李秀芳
于治楼
赵邦宇
Original Assignee
浪潮软件集团有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date

Links

Abstract

The invention provides a key generation and restoration method. The method comprises the steps that first, multiple initialization factors are input for generation and restoration; second, N sets of independent initialization factor data are input to generate M root keys, and the root keys are led and stored into safety hardware storage equipment; third, K sets of independent initialization factor data are input to restore the M root keys, and the restored root keys are led and stored into the safety hardware storage equipment. According to the key generation and restoration method, an initialization factor operation rule is safe, secret and not public. The key data in the safety hardware storage equipment can not be read out, key generation process data and key data are not leaked in any mode, and therefore the safety of the key generation process and the key application process is guaranteed.

Description

一种密钥生成与恢复方法 One kind of key generation and recovery methods

技术领域 FIELD

[0001] 本发明涉及密钥管理技术领域,具体涉及一种密钥生成与恢复方法。 [0001] The present invention relates to the field of key management technology, in particular to a method of key generation and recovery.

背景技术 Background technique

[0002] 随着对信息安全的要求不断提高,密钥是一种参数,它是在明文转换为密文或将密文转换为明文的算法中输入的数据,能够对个人资料、企业机密进行有效的监管;密钥生成时,密钥长度应该足够长。 [0002] As the demand for information security continues to improve, the key is a parameter, which is the data entered in plaintext into ciphertext or plaintext to ciphertext conversion algorithm, capable of personal data, confidential business conduct effective regulatory; when the key generation, key length should be long enough. 一般来说,密钥长度越大,对应的密钥空间就越大,攻击者使用穷举猜测密码的难度就越大。 Generally, the larger the key length, the key corresponding to the larger space, an attacker using exhaustive guessing passwords greater difficulty. 选择好密钥,避免弱密钥。 Choose a good key, avoid weak keys. 由自动处理设备生成的随机的比特串是好密钥,选择密钥时,应该避免选择一个弱密钥。 Generated by the automatic processing apparatus is good random bit string key, the key is selected, a selection should avoid weak key. 对公钥密码体制来说,密钥生成更加困难,因为密钥必须满足某些数学特征。 On public key cryptography, the key generation is more difficult, because the key must meet certain mathematical characteristics. 密钥生成可以通过在线或离线的交互协商方式实现,如密码协议等。 The key generation can interactively online or offline negotiation to achieve, such as cryptographic protocols.

[0003] 密钥生成与恢复的安全性有更高的要求,目前的密钥生成与恢复采用的计算规则保密性弱,密钥生成和恢复过程中会涉及到数据的导出,容易泄露秘密,从而导致安全性大大降低。 [0003] Security key generation and recovery have higher requirements, key generation and recovery of the current calculation rules confidentiality weak key generation and recovery process involves export data easily reveal the secret used, resulting in security greatly reduced.

[0004] 故,针对现有技术存在的问题,有必要开发设计一种方案,以使得密钥生成与恢复的计算规则在安全设备中实现,不公开,保密性强,密钥生成和恢复过程的所有数据,不导出,不泄露,提高密钥生成与恢复过程的安全性。 [0004] Therefore, for the presence of the prior art, it is necessary to develop a scheme designed so that the key generation and recovery calculation rules implemented in the security device, not disclosed, confidentiality, key generation and recovery process All data, no export, no leakage, improve security key generation and recovery process.

发明内容 SUMMARY

[0005] 为解决上述问题,本发明的目的在于提供一种密钥生成与恢复方法。 [0005] In order to solve the above problems, an object of the present invention is to provide a method of key generation and recovery.

[0006] 为实现上述目的,本发明的技术方案为: [0006] To achieve the above object, the technical solution of the present invention is:

一种密钥生成与恢复方法,包括如下步骤: One kind of key generation and recovery method, comprising the steps of:

步骤一、多初始化因子输入生成与恢复; Step one, the multi-input generating initialization and recovery factor;

步骤二、将N组相互独立的初始化因子数据输入,生成M个根密钥,并将根密钥导入保存到安全硬件存储设备中; Step two, the N sets of independent data input reprogramming factors, a root key to generate M, and the root key stored introduced into secure hardware storage device;

步骤三、将K组相互独立的初始化因子数据输入,恢复M个根密钥,并将恢复的根密钥导入保存到安全硬件存储设备中。 Step three, the group K factor independent of the initialization data input, a root key recovery M, and introduced into the secure hardware storage device stored in the root key recovery.

[0007] 进一步地,密钥生成过程包括如下步骤: [0007] Further, the key generation process comprising the steps of:

510:输入N组相互独立的初始化因子数据,N > I ; 510: N input set of mutually independent data reprogramming factors, N> I;

511:根据业务需要定义根密钥业务码; 511: business needs service code defined according to the root key;

512:计算根密钥,将N组初始化因子数据和根密钥业务码按照预定的计算规则在安全设备中进行初始化因子运算,获得M个根密钥,并保存导入到安全存储设备中; 512: calculate a root key, the N sets of initialization data, and a root key factors service code initializes factor calculation in the security device according to a predetermined calculation rule, the root key to obtain the M, and stored into the secure storage device;

513:计算应用密钥,输入应用分散因子,经过密钥分散获得应用密钥,并保存导入到应用安全存储设备中。 513: computing application key input application scatter factor, obtained through the application key key distribution, and application security stored into the storage device.

[0008] 进一步地,密钥恢复过程包括如下步骤: [0008] Further, the key recovery process comprising the steps of:

S20:输入K组相互独立的初始化因子数据,包括匹配的K组pin码,K彡N ; 521:验证K组pin码的正确性,任意一位pin码验证失败,就结束密钥恢复操作; S20: Enter the group K independent data reprogramming factors, including the matching pin code group K, K San N; 521: K groups pin code to verify the correctness of any one pin verification fails, key recovery operation ends;

522:恢复根密钥计算,调出安全设备中的初始化因子数据、根密钥业务码,重新按照预定的计算规则进行初始化因子运算,计算获得M个根密钥,并重新恢复导入到安全存储设备中; 522: restoration calculated root key, to call the initialization factor is a data security device, the root key of the service code, re-initialized according to a predetermined calculation factor calculation rule, a root key obtained by calculation of M, and restored into secure storage equipment;

523:应用密钥恢复,输入应用分散因子,经过密钥分散恢复应用密钥,并保存恢复导入到应用安全存储设备中。 523: restoration application key, the application input scatter factor, restoration application key through key distribution, and restore the saved application into a secure storage device.

[0009] 本发明密钥生成与恢复方法,初始化因子运算规则安全保密、不公开;安全硬件存储设备中的密钥数据不可读出,密钥生成过程数据和密钥数据不以任何方式泄露,从而确保密钥生成过程与应用过程的安全性。 [0009] The present invention is a key generation and recovery method, the initialization operation rules safety factor confidential, not disclosed; hardware security key data storage device can not be read, the key data and the key data generation process not disclose in any way, thereby ensuring the security of the key generation process and application process.

附图说明 BRIEF DESCRIPTION

[0010] 图1为本发明密钥生成与恢复方法的流程图示。 [0010] FIG 1 illustrates a flow of key generation and recovery method of the present invention.

[0011] 图2为本发明的密钥生成方法模型图。 [0011] FIG key generation model 2 of the present invention.

[0012] 图3为本发明的密钥恢复方法模型图。 [0012] FIG key recovery method of the present invention, the model of FIG.

具体实施方式 detailed description

[0013] 本发明实施例提供了一种密钥生成与恢复方法,通过输入多组相互独立的初始化因子数据,经过初始化因子运算将多组初始化因子与根密钥业务码以某种计算规则生成根密钥,并将根密钥导入保存到安全硬件存储设备中;将根密钥通过应用分散因子进行分散,得到所需的应用密钥,应用密钥导入保存到安全硬件设备中;根密钥的恢复与根密钥的生成流程一样,区别之处在于初始化因子数据组数可以少于或等于根密钥生成所需初始化因子组数。 [0013] Example provides a key generation and recovery process of the present invention, by inputting a plurality of sets of independent data reprogramming factors, reprogramming factor through the plurality of sets of initialization operation factors and root key code generating traffic rules in a certain calculation root key, the root key and stored into a secure hardware storage device; root key dispersed by application of scatter factor, to give the desired application key, the application key into the secure hardware storage device; root password keys and the root key generation process to restore the same, except that a number of factors initialization data set can be equal to or less than the number of reprogramming factors root key group generation required. 初始化因子运算规则安全保密、不公开;安全硬件存储设备中的密钥数据不可读出,密钥生成过程数据和密钥数据不以任何方式泄露,从而确保密钥生成过程与应用过程的安全性。 Initialized security and confidentiality factor arithmetic rule, not disclosed; hardware security key data storage device can not be read, the key data and the key data generation process does not in any way compromised, thereby ensuring the security of the key generation process and the application process .

[0014] 为使得本发明的发明目的、特征、优点能够更加的明显和易懂,下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,下面所描述的实施例仅仅是本发明一部分实施例,而非全部实施例。 [0014] The object of the present invention such that the invention, features, and advantages more comprehensible, the present invention in conjunction with the accompanying drawings in the following embodiments, the technical solutions in the embodiments of the present invention will be clearly and completely described, clearly , embodiments described below are merely part of embodiments of the present invention, but not all embodiments. 基于本发明中的实施例,本领域的技术人员所获得的所有其他实施例,都属于本发明保护的范围。 All other embodiments based on the embodiments of the present invention, those skilled in the art obtained, are within the scope of protection of the present invention.

[0015] 本发明的说明书和权利要求书及上述附图中的术语“第一”、“第二”等是用于区别类似的对象,而不必用于描述特定的顺序或先后次序。 [0015] in the specification and claims of the invention and said claims figures the terms "first," "second," and the like are used for distinguishing between similar objects, and not necessarily for describing a particular sequential or priorities. 应该理解这样使用的术语在适当情况下可以互换,这仅仅是描述本发明的实施例中对相同属性的对象在描述时所采用的区分方式。 It should be understood that such terms may be used interchangeable under appropriate circumstances, this is merely to distinguish embodiment described embodiments of the present invention, the object of the same attributes used in the description. 此外,术语“包括”和“具有”以及他们的任何变形,意图在于覆盖不排他的包含,以便包含一系列单元的过程、方法、系统、产品或设备不必限于那些单元,而是可包括没有清楚地列出的或对于这些过程、方法、产品或设备固有的其它单元。 Furthermore, the terms "including" and "having," as well as any of their deformation, intended to cover non-exclusive inclusion, so as to contain a series of unit process, method, system, or apparatus not necessarily limited to those elements, but may include no clear or to such process, method, article, or apparatus other inherent to the units listed.

[0016] 以下分别进行详细说明。 [0016] hereinafter be described in detail.

[0017] 参照图1-图3所示,本发明一种密钥生成与恢复方法,包括如下步骤: [0017] Referring to a key generation and recovery method of the present invention is shown in Figures 1 to 3, comprising the steps of:

步骤一、多初始化因子输入生成与恢复; Step one, the multi-input generating initialization and recovery factor;

步骤二、将N组相互独立的初始化因子数据输入,生成M个根密钥,并将根密钥导入保存到安全硬件存储设备中; 步骤三、将K组相互独立的初始化因子数据输入,恢复M个根密钥,并将恢复的根密钥导入保存到安全硬件存储设备中。 Step two, the N sets of independent data input reprogramming factors, a root key to generate M, and stored in the storage device to the secure hardware introducing root key; Step three, the group K independent data input to initialize factor, Recovery M a root key, the root key recovery and is introduced to the stored secure hardware storage device.

[0018] 本发明一种密钥生成与恢复方法通过输入多组相互独立的初始化因子数据,经过初始化因子运算将多组初始化因子与根密钥业务码以某种计算规则生成根密钥,并将根密钥导入保存到安全硬件存储设备中;将根密钥通过应用分散因子进行分散,得到所需的应用密钥,应用密钥导入保存到安全硬件设备中;根密钥的恢复与根密钥的生成流程一样,区别之处在于初始化因子数据组数可以少于或等于根密钥生成所需初始化因子组数。 [0018] A key generation and recovery method of the present invention, after calculating the plurality of sets of initialization factor reprogramming factors and root key code generating traffic in some root key calculation rules by inputting mutually independent plurality of sets of initialization data factor, and the root key stored into a secure hardware storage device; root key dispersed by application of scatter factor, to give the desired application key, the application key into the secure hardware storage device; root root key recovery the same key generation process, except that a number of factors initialization data set may be less than or equal to the root key to generate the desired number initialization factor group. 初始化因子运算规则安全保密、不公开;安全硬件存储设备中的密钥数据不可读出,密钥生成过程数据和密钥数据不以任何方式泄露,从而确保密钥生成过程与应用过程的安全性。 Initialized security and confidentiality factor arithmetic rule, not disclosed; hardware security key data storage device can not be read, the key data and the key data generation process does not in any way compromised, thereby ensuring the security of the key generation process and the application process .

[0019] 具体地,本发明密钥生成与恢复方法,包括有密钥生成过程和密钥恢复过程;其中,密钥生成过程包括如下步骤: [0019] Specifically, the key generation and recovery process of the present invention, the process comprises a key generation and key recovery process; wherein the key generation process comprising the steps of:

510:输入N组相互独立的初始化因子数据,包括匹配的N组pin码,N > I ; 510: N input set of mutually independent data reprogramming factors, including N sets of matching pin code, N> I;

511:根据业务需要定义根密钥业务码; 511: business needs service code defined according to the root key;

512:计算根密钥,将N组初始化因子数据和根密钥业务码按照预定的计算规则在安全设备中进行初始化因子运算,获得M个根密钥,并保存导入到安全存储设备中; 512: calculate a root key, the N sets of initialization data, and a root key factors service code initializes factor calculation in the security device according to a predetermined calculation rule, the root key to obtain the M, and stored into the secure storage device;

513:计算应用密钥,输入应用分散因子,经过密钥分散获得应用密钥,并保存导入到应用安全存储设备中。 513: computing application key input application scatter factor, obtained through the application key key distribution, and application security stored into the storage device.

[0020] 密钥恢复过程包括如下步骤: [0020] Key recovery process comprising the steps of:

520:输入K组相互独立的初始化因子数据,包括匹配的K组pin码,K彡N ; 520: Input Group K independent data reprogramming factors, including the matching pin code group K, K San N;

521:验证K组pin码的正确性,任意一位pin码验证失败,就结束密钥恢复操作; 521: Group K pin code to verify the correctness of any one pin verification fails, the end of the key recovery operations;

522:恢复根密钥计算,调出安全设备中的初始化因子数据、根密钥业务码,重新按照预定的计算规则进行初始化因子运算,计算获得M个根密钥,并重新恢复导入到安全存储设备中; 522: restoration calculated root key, to call the initialization factor is a data security device, the root key of the service code, re-initialized according to a predetermined calculation factor calculation rule, a root key obtained by calculation of M, and restored into secure storage equipment;

523:应用密钥恢复,输入应用分散因子,经过密钥分散恢复应用密钥,并保存恢复导入到应用安全存储设备中。 523: restoration application key, the application input scatter factor, restoration application key through key distribution, and restore the saved application into a secure storage device.

[0021] 以下以一应用实例对本发明进行说明,参照图1所示,图1所示为密钥生成方法模型图,按照图1所示密钥生成流程(以N=4,M=20为例),包括如下步骤: [0021] The present invention will be explained in an application example, as shown in FIG. 1 1 is a reference model diagram in FIG key generation method, the key generation flow according to FIG. 1 (at N = 4, M = 20 is Example), comprising the steps of:

第一步:输入4组相互独立的初始化因子数据yinzi和pin码,如领导1:yinzl=1122,pinl=123456,领导2:yinz2=3344,pin2=234567,领导3:yinz3=7788,pin3=345678,领导4:yinz4=AB⑶,pin4=567890,并保存到安全存储设备中; Step 1: Enter 4 groups independently yinzi initialization data and a pin code factors, such as leaders 1: yinzl = 1122, pinl = 123456, leading 2: yinz2 = 3344, pin2 = 234567, leading 3: yinz3 = 7788, pin3 = 345,678, leading 4: yinz4 = AB⑶, pin4 = 567890, and save it to a secure storage device;

第二步:定义根密钥业务码,根据密钥用途定义根密钥业务码:如加密、解密、传输、MAC计算、存入金额、消费、内部验证、外部验证、身份鉴别等,并导入保存到安全存储设备中; Step two: Defining the root key of the service code, in accordance with the definition of the key uses the root key service code: such as encryption, decryption, transmission, the MAC calculation, deposit amount, consumption, internal validation, external authentication, authentication and the like, and introduced into save to secure storage device;

第三步:计算根密钥,将初始化因子数据、根密钥业务码按照某种计算规则进行初始化因子运算,获得20个根密钥,并导入到安全存储设备中; Third step: calculation of a root key, the data reprogramming factors, service code initializes root key factor calculation according to a certain calculation rules, to obtain a root key 20, and introduced into a secured storage device;

第四步:计算应用密钥,输入应用分散因子(如:1122334455667788),经过密钥分散获得应用密钥,并导入到应用安全存储设备中。 The fourth step: calculation application key input application scatter factor (eg: 1122334455667788), an application key obtained through key distribution, secure storage and introduced into the application device.

[0022] 图2所示为密钥恢复方法模型图,按照图2所示密钥恢复流程(以K=3,Μ=20为例),包括如下步骤: 第一步:输入3组相互独立的初始化因子数据yinzi和pin码,如领导1:yinzl=1122,pinl=123456,领导3:yinz3=7788, pin3=345678,领导4:yinz4=ABCD,pin4=567890 ; [0022] Figure 2 is a model diagram key recovery method, according to the key recovery process shown in FIG. 2 (at K = 3, Μ = 20 for example), comprising the steps of: Step 1: Enter 3 groups independently yinzi initialization data and a pin code factors, such as the leader 1: yinzl = 1122, pinl = 123456, leading 3: yinz3 = 7788, pin3 = 345678, leading 4: yinz4 = ABCD, pin4 = 567890;

第二步:验证领导1、领导3、领导4的pin码正确性,任意一位pin码验证失败,就结束密钥恢复操作; Step two: Verify the leadership of 1, 3 leadership, leadership pin code correctness 4, any one pin verification fails, the end of the key recovery operations;

第三步:恢复根密钥计算,调出安全设备中的初始化因子数据、根密钥业务码,重新按照某种计算规则进行初始化因子运算,计算获得20个根密钥,并重新恢复导入到安全存储设备中; Third step: calculation restore the root key, to call the initialization factor is a data security device, the root key of the service code, re-initialized according to a certain calculation factor calculation rules, 20 is calculated to obtain a root key, and re-introduced into the recovery secure storage device;

第四步:应用密钥恢复,输入应用分散因子(如:1122334455667788),经过密钥分散恢复应用密钥,并恢复导入到应用安全存储设备中。 Fourth Step: The key recovery, scatter factor input application (such as: 1122334455667788), after restoration application key key distribution, and application security restored into the storage device.

[0023] 通过以上的实施方式的描述,所属领域的技术人员可以清楚地了解到本发明可借助软件加必需的通用硬件的方式来实现,当然也可以通过专用硬件包括专用集成电路、专用CPU、专用存储器、专用元器件等来实现。 [0023] By the above described embodiments, those skilled in the art may clearly understand that the present invention may be implemented by software plus necessary universal hardware implemented, of course, by dedicated hardware may include application specific integrated circuit, the CPU-specific, dedicated memory, special components like. 一般情况下,凡由计算机程序完成的功能都可以很容易地用相应的硬件来实现,而且,用来实现同一功能的具体硬件结构也可以是多种多样的,例如模拟电路、数字电路或专用电路等。 In general, all performed by a computer program functions can easily be implemented by corresponding hardware, and, to achieve the same function specific hardware configuration may be varied, for example, analog circuitry, digital circuitry or a dedicated circuit. 但是,对本发明而言更多情况下软件程序实现是更佳的实施方式。 However, for purposes of the present invention a software program is a preferred embodiment more often. 基于这样的理解,本发明的技术方案本质上或者说对现有技术做出贡献的部分可以以软件产品的形式体现出来,该计算机软件产品存储在可读取的存储介质中,如计算机的软盘,U盘、移动硬盘、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、磁碟或者光盘等,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行本发明各个实施例所述的方法。 Based on such understanding, the technical solutions of the present invention in essence or the part contributing to the prior art may be embodied in a software product out, in the storage medium may be readable, such as a floppy disk of the computer software product is stored , U disk, mobile hard disk, a read-only memory (ROM, Read-Only memory), a random access memory (RAM, random access memory), a magnetic disk or optical disk, and include several instructions that enable a computer device (may be a personal computer, a server, or network device) to execute the methods according to embodiments of the present invention.

[0024] 综上所述,以上实施例仅用以说明本发明的技术方案,而非对其限制;尽管参照上述实施例对本发明进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对上述各实施例所记载的技术方案进行修改,或者对其中部分技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本发明各实施例技术方案的精神和范围。 [0024] In summary, the above embodiments are intended to illustrate the present invention, rather than limiting; While the present invention has been described in detail, those of ordinary skill in the art should be understood with reference to the embodiments described above: it can still be made to the embodiments of the above described modifications, or to some technical features equivalents; as such modifications or replacements do not cause the essence of corresponding technical solutions to depart from the technical solutions of the embodiments of the present invention, and range.

Claims (3)

  1. 1.一种密钥生成与恢复方法,其特征在于,包括如下步骤: 步骤一、多初始化因子输入生成与恢复; 步骤二、将N组相互独立的初始化因子数据输入,生成M个根密钥,并将根密钥导入保存到安全硬件存储设备中; 步骤三、将K组相互独立的初始化因子数据输入,恢复M个根密钥,并将恢复的根密钥导入保存到安全硬件存储设备中。 A key generation and recovery method comprising the following steps: Step one, the multi-input generating initialization and recovery factor; step two, the N sets of independent data input reprogramming factors, a root key to generate M , and stores the root key into the secure hardware storage device; step three, the group K factor independent of the initialization data input, M restore root key and the root key recovery introduced saved to secure hardware storage device in.
  2. 2.如权利要求1所述密钥生成与恢复方法,其特征在于:密钥生成过程包括如下步骤: 510:输入N组相互独立的初始化因子数据,N > I ; 511:根据业务需要定义根密钥业务码; 512:计算根密钥,将N组初始化因子数据和根密钥业务码按照预定的计算规则在安全设备中进行初始化因子运算,获得M个根密钥,并保存导入到安全存储设备中; 513:计算应用密钥,输入应用分散因子,经过密钥分散获得应用密钥,并保存导入到应用安全存储设备中。 1 2. The key generation and recovery method as claimed in claim, wherein: the key generating process includes the following steps: 510: N input set of mutually independent data reprogramming factors, N> I; 511: according to the service needs to define the root service code key; 512: calculate a root key, the N sets of reprogramming factors and root key service code data initialized factor calculation in the security device according to a predetermined calculation rule, the root key to obtain the M, and stored into the security a storage device; 513: computing application key input application scatter factor, obtained through the application key key distribution, and application security stored into the storage device.
  3. 3.如权利要求2所述密钥生成与恢复方法,其特征在于:密钥恢复过程包括如下步骤: 520:输入K组相互独立的初始化因子数据,包括匹配的K组pin码,K彡N ; 521:验证K组pin码的正确性,任意一位pin码验证失败,就结束密钥恢复操作; 522:恢复根密钥计算,调出安全设备中的初始化因子数据、根密钥业务码,重新按照预定的计算规则进行初始化因子运算,计算获得M个根密钥,并重新恢复导入到安全存储设备中; 523:应用密钥恢复,输入应用分散因子,经过密钥分散恢复应用密钥,并保存恢复导入到应用安全存储设备中。 3. The second key generation and recovery method as claimed in claim, wherein: the key recovery procedure includes the following steps: 520: In K mutually independent sets of data reprogramming factors, including the matching pin code group K, K San N ; 521: K groups pin code to verify the correctness of any one pin verification fails, the key recovery operation ends; 522: recovery calculated root key, to call the initialization factor is a data security device, the root key service code , re-initialized according to a predetermined calculation rule factor calculation, the root key obtained by calculation of M, is introduced into the recovery and re-secure storage device; 523: application key recovery, scatter factor input application, the application key through key distribution recovery and save the recovered imported into the application security storage device.
CN 201510013608 2015-01-12 2015-01-12 Key generation and restoration method CN104579644A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN 201510013608 CN104579644A (en) 2015-01-12 2015-01-12 Key generation and restoration method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN 201510013608 CN104579644A (en) 2015-01-12 2015-01-12 Key generation and restoration method

Publications (1)

Publication Number Publication Date
CN104579644A true true CN104579644A (en) 2015-04-29

Family

ID=53094931

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 201510013608 CN104579644A (en) 2015-01-12 2015-01-12 Key generation and restoration method

Country Status (1)

Country Link
CN (1) CN104579644A (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1795471A (en) * 2003-05-23 2006-06-28 纳格拉卡德股份有限公司 Security key generation method
CN103580872A (en) * 2013-11-11 2014-02-12 北京华大智宝电子系统有限公司 System and method for generating and managing secret key

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1795471A (en) * 2003-05-23 2006-06-28 纳格拉卡德股份有限公司 Security key generation method
CN103580872A (en) * 2013-11-11 2014-02-12 北京华大智宝电子系统有限公司 System and method for generating and managing secret key

Similar Documents

Publication Publication Date Title
US20140122873A1 (en) Cryptographic enforcement based on mutual attestation for cloud services
US20090031408A1 (en) Integrity protected smart card transaction
Dubey et al. Cloud-user security based on RSA and MD5 algorithm for resource attestation and sharing in java environment
US20030233550A1 (en) Method of confirming a secure key exchange
Sun et al. Improvements of Juang's Password-Authenticated Key Agreement Scheme Using Smart Cards.
Roth et al. Simple and effective defense against evil twin access points
JP2011198317A (en) Authentication processing method and device
US20110307706A1 (en) Method and system for securing communication
US20140095867A1 (en) Device, method, and system for secure trust anchor provisioning and protection using tamper-resistant hardware
US20150172272A1 (en) Distributed storage of password data
JPH05224604A (en) Device for managing public key cipher system
CN101132281A (en) Network security authentication system for preventing key from stealing
US20100115260A1 (en) Universal secure token for obfuscation and tamper resistance
US20050050340A1 (en) Hardware cryptographic engine and encryption method
Herzog Applying protocol analysis to security device interfaces
Li et al. An extended multi-server-based user authentication and key agreement scheme with user anonymity
US8139763B2 (en) Randomized RSA-based cryptographic exponentiation resistant to side channel and fault attacks
CN204360381U (en) Mobile devices
KR101393806B1 (en) Multistage physical unclonable function system
Cheng et al. Identity based encryption and biometric authentication scheme for secure data access in cloud computing
Maes et al. Analysis and design of active IC metering schemes
CN103259651A (en) Encryption and decryption method and system of terminal data
US20130031373A1 (en) Product authentication based upon a hyperelliptic curve equation and a curve pairing function
US8978152B1 (en) Decentralized token table generation
US20140351911A1 (en) Secure authorization systems and methods

Legal Events

Date Code Title Description
C06 Publication
C10 Entry into substantive examination
WD01