High in the clouds KEY systems and application method
The present invention relates to safe field of encryption, specifically a kind of high in the clouds KEY systems and application method.
With information-based and internet high speed development, individual also gets over the security requirement of self information and online transaction
Come higher；Can be current effectively and rapidly to file encryption and online transaction on the original use habit of user is not changed
The emphasis of internet information security fields.
At present as user will realize file encryption and online transaction, need to could be carried out after client circumscribed USB KEY corresponding
Operation, and reach the result that user wants.In USBKEY operating process is used, cumbersome operation brings inconvenience, and nothing
Method solves the problems, such as that USBKEY loses and leaves behind, and excessive USBKEY also results in waste.If USBKEY lose or
It leaves behind, will be unable to carry out the operations such as file encryption and online transaction, some emergency managements also will be unable to be handled, simultaneously
The loss of USBKEY also can cause security risk to the property of user.
Need the cumbersome flow of circumscribed USB KEY and solution USBKEY portable to solve user in operation
Problem, the purpose of the present invention is to provide a kind of high in the clouds KEY systems and application methods.
To solve the above problems, the present invention uses following technical scheme：A kind of high in the clouds KEY systems, which is characterized in that including
Client, the server being connect with client network and several KEY being connect with the server, each KEY is interior to be wrapped
It includes for the digital signature of digital signature and signature key pair, for the encrypted certificate of file encryption and encryption key pair,
Personal document for the verification information verified to KEY identity and for storing personal attribute's file.
Further, several KEY are connect by USBHUB with server.
Further, the client further includes fingerprint input device.
A kind of application method of high in the clouds KEY systems, includes the following steps：
Multiple registered KEY are connect by the first step with server；
Second step, client user input server log information and carry out normal data interaction with server；
Third walks, and if you need to call KEY, need to send solicited message to server, transfer KEY data；If server is by testing
Solicited message is demonstrate,proved, then transfers corresponding KEY and is matched with client, data for customer end in KEY can be returned at this time and used；If no
By verification, then any KEY cannot be transferred, and prompt solicited message mistake.
Further, the verification of solicited message is included to verify comprising verification information in the solicited message of third step
The verification information of information and server reserves carries out contrast verification.
Further, the verification information includes finger print information and/or PIN code.
Further, in the third step, it if not over verification information, prompts to ask user's input validation letter again
Breath still cannot shield the client, set if user is inputted after n times verification information by verification, server
Client is not allowed to be transferred KEY data again in time.
The beneficial effects of the present invention are：It can effectively solve the problem that user needs in operation by using high in the clouds KEY
The cumbersome flow of circumscribed USB KEY can solve the problems, such as that KEY is carried；In file encryption and online transaction with using
The method of USBKEY is consistent, can be conveniently accomplished payment and user's property safety in this way；And it can effectively solve
The problems such as USBKEY loses and leaves behind.
Description of the drawings
Fig. 1 is the systematic schematic diagram of the present invention；
Fig. 2 is the KEY of the present invention and server catenation principle figure；
Fig. 3 is flow chart of the method for the present invention.
Below in conjunction with the accompanying drawings and the present invention is described in detail in specific embodiment.
High in the clouds KEY systems as shown in Figure 1, it includes client, the server being connect with client network, with the clothes
Be engaged in several KEY that device connects.Preferably, as shown in Fig. 2, several KEY are connect by USBHUB with server, in Fig. 2
The conversion chip of GL850/GL850A chips, that is, USBHUB, safety chip are KEY, and each KEY carries USB interface, they
It is connect respectively with each USB interface of USBHUB.Certainly, the connection mode of KEY and server is not limited to shown in Fig. 2,
All safety chips can be grouped, every group of all safety chips can be integrated into a chip, then pass through a USB
Interface is connect with USBHUB.Include in each KEY for the digital signature of digital signature and signature key pair, be used for
The encrypted certificate of file encryption and an encryption key pair, for the verification information verified to KEY identity and for storing
The personal document of humanized file.Digital certificate is authoritative electronic document, by the just third-party institution of authority, i.e. CA centers
The certificate signed and issued, digital signature and encrypted certificate belong to digital certificate scope, and digital signature mainly apply with
Digital signature, encrypted certificate are mainly used in file encryption.Signature key can be divided into signature private key and sign test to being generated by terminal
Name public key, signature private key are used for digital signature, test public signature key for verifying digital signature.Encryption key pair：By key management
Center (KMC) or server generate, and can be divided into encrypted public key and decrypted private key, make encryption and decryption functions respectively；Verification information is main
To KEY authentications, such as：It verifies whether to meet the information such as KPI specifications.Personal property file is mainly stored in personal document.
Further, the client further includes fingerprint input device, in this way, when client obtains high in the clouds KEY information,
, by verification, safety is improved by verifying user fingerprints.
A kind of application method of high in the clouds KEY systems, as shown in figure 3, its substantially flow is：Client inputs log-on message,
Login service device carries out data interaction with server, if desired calls KEY, then validation information, verification information is correct, then
Client accesses KEY.Specifically include following steps：
According to the application of user, KEY is registered for the first step, one KEY of a user, by multiple registered KEY with
Second step, client normally access the process of server end：User inputs the log-on message of server, log-on message
Server is entered correctly into, client and server end is normally carried out data interaction at this time, and client can transfer server end number
According to；If log-on message is incorrect, error code is returned, prompts log-on message mistake.
Third walks, if user needs to call KEY, need to send solicited message to server, transfer KEY data, request letter
Comprising verification information in breath, the verification of solicited message is included comparing the verification information of verification information and server reserves
Verification.Further, the verification information includes finger print information and/or PIN code, and user needs typing fingerprint and input PIN
Code can call KEY data.
If server is transferred corresponding KEY and is matched with client, can be returned in KEY at this time by checking solicited message
Data for customer end uses；If not over verification, any KEY cannot be transferred, and prompts solicited message mistake, asks user again
Secondary validation information, if user's input (can voluntarily set number) three times, verification information cannot be serviced by verification
Device shields the client, client is not allowed to be transferred KEY data again in setting time, but the client is also
Normal data interaction can be carried out with server.
The above combination attached drawing is described above in detail the preferred embodiment of the present invention and embodiment, but the present invention is not
The above-described embodiment and examples are confined to, for those skilled in the art, are not departing from structure of the present invention
Under the premise of think of, several improvement and modification can also be made, these improvements and modifications also should be regarded as protection scope of the present invention.