CN104660410B - A kind of token parameter filling apparatus, filling data processing equipment - Google Patents
A kind of token parameter filling apparatus, filling data processing equipment Download PDFInfo
- Publication number
- CN104660410B CN104660410B CN201410218623.6A CN201410218623A CN104660410B CN 104660410 B CN104660410 B CN 104660410B CN 201410218623 A CN201410218623 A CN 201410218623A CN 104660410 B CN104660410 B CN 104660410B
- Authority
- CN
- China
- Prior art keywords
- filling
- data
- token
- module
- parameter
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of token parameter filling apparatus, filling data processing equipment, key management system sends token serial number and seed key into filling apparatus, filling apparatus sets operation preset parameter and carried out to token filling, preset parameter data need the difference of configuration parameter to be extended according to user, password sets and is decrypted, measurement obtains token product frequency deviation three times to crystal measurement equipment in real time, mean deviation is calculated, time-obtaining module passage time server or GPS obtain current UTC time, the method have the benefit that:Solve the data safety sex chromosome mosaicism of pouring process, ensure that filling data are complete, reliable, improve filling efficiency, the frequency deviation parameter of dynamic token is filled into product in real time.
Description
Technical field
The present invention relates to a kind of token parameter filling apparatus, filling data processing equipment, belongs to secrecy or secure communication dress
Put and the technical field of method.
Background technology
One of the identity identifying technology of dynamic token as safety, as the development of mobile Internet is at present by each row
Industry is received.Because it is easy to use and unrelated with platform, it has also become the main flow of offline identity identifying technology, be widely used in
The fields such as enterprise, network game, finance.Dynamic token, which generates the key parameter used during dynamic password, to be included:Seed key and time
Parameter, token frequency deviation, operation preset parameter, these parameters are filling by special production in the production process of dynamic token
Equipment frock is written in token, first has to ensure the safety of filling information and reliable in process of production, while need to realize
Pouring process is efficiently and accurately.In the GM/T0021-2012 dynamic password cipher application technical specifications of national Password Management office
In clear and definite definition has been carried out to key management system in dynamic token Verification System, but not yet in token key management system
Seed key how the filling of safety is defined into token product.
The content of the invention
It is an object of the invention to provide a kind of token parameter filling apparatus, filling data processing equipment, solves filling mistake
The Information Security of journey, ensure that filling data are complete, reliable, improve filling efficiency, the frequency deviation parameter of dynamic token is filled in real time
It is fitted into product.
The present invention adopts the following technical scheme that realization:
A kind of token parameter filling apparatus, it is characterised in that the filling apparatus includes:
First receiving module, for obtaining token serial number and encryption seed key from key management system, encrypt into
Enter filling apparatus, wherein seed key corresponds with sequence number;
Frequency deviation measurement module, token product frequency deviation three times is obtained for measuring in real time, mean deviation is calculated;
Run preset parameter such as seed key length, out-of-service time, the Password frequency of failure, automatic unlocking number, calculation
Method selection etc., makes a living antenatal according to the preset success of user's request, can carry out parameter according to the difference of user's request
Extension;
Time-obtaining module, for obtaining current UTC time;
Deciphering module, for seed key to be decrypted according to AES;
Data assembling module, it is assembled for carrying out filling data;
Data head, data tail are used to carry out data syn-chronization, and check code is used for using cumulative and algorithm or CRC check algorithm
Confirmation issues the integrality of filling data;
First sending module, for sending assembled good filling data to the second receiving module;
Second receiving module, for receiving assembled good filling data;
Data check module, whole data structure is verified for the algorithm according to check code;Guarantee receives filling
The accuracy of data is filled, data check module verifies to whole data structure according to the algorithm of check code, ensures to receive
The accuracy of filling data;
Second sending module, for sending the filling data verified to filling data processing equipment;
3rd receiving module, for waiting and receiving the data of filling data processing equipment;Data head, data tail be used for into
Row data syn-chronization, result code are the filling data success of 00 expression token, and check code uses cumulative and algorithm or CRC check algorithm,
For confirming the integrality of response data;
Correction verification module is verified, for calculating identifying code, when local computing identifying code is consistent with response data identifying code, table
Bright data are filling correct.
Further, the AES includes SM2, SM1, SM4;
Frequency shift (FS) precision is 0.01PPM;
Time-obtaining module obtains current UTC time by GPS or time server.
Further, the first sending module sends assembled good filling data by USB HID interfaces and receives mould to second
Block;HID device is the equipment directly interacted with people, such as keyboard, mouse and joystick etc., the second receiving module are connect by USB
Mouth receives assembled good filling data.
Further, the checking correction verification module uses SM3 algorithms, the data organization method appointed according to token, meter
Identifying code is calculated, when local computing identifying code is consistent with response data identifying code, shows that data are filling correct.
A kind of filling data processing equipment of token, it is characterised in that the filling data processing equipment of token includes:
Filling data module is received, for the clock line signal provided according to filling apparatus, according to the filling of filling apparatus
Frequency, binary-coded filling data are obtained from data wire, data head, data tail are used to carry out data syn-chronization;
Filling data check module, for being calculated after filling data are received using cumulative and algorithm or CRC check algorithm
Check code, confirm to issue the integrality of filling data;
Filling data memory module, for by the filling write-in seed key of token, UTC time, token product frequency deviation, fortune
Row preset parameter is stored in the corresponding key zone of token, audit area and data field, and dynamic password calculating and operation are carried out for token
Use;
Identifying code computing module, for using SM3 digest algorithms to calculate identifying code after filling data are received, join for token
Number filling apparatus confirms to issue the correctness of filling data, using SM3 algorithms, verified according to the Method of Data Organization of agreement
Code calculate, such as possible Method of Data Organization be SM3 (seed key | UTC | token product frequency deviation | operation preset parameter), " | "
For the data symbol that is linked in sequence).
Response data loopback module, after completing identifying code calculating, result code is entered as 00 by response data loopback module, is used
Response data structure in loopback according to such as Fig. 5, the clock line signal provided according to filling apparatus, according to the filling of filling apparatus
Frequency, from data wire back response data structure to filling apparatus.
Further, filling data check module, for using cumulative and algorithm or CRC check after filling data are received
Algorithm calculates check code, confirms to issue the integrality of filling data.
Further, identifying code computing module, it is filling for token parameter for calculating identifying code using SM3 digest algorithms
Equipment confirms to issue the correctness of filling data.
The method have the benefit that:Solve the data safety sex chromosome mosaicism of pouring process, ensure that filling data are complete
It is whole, reliable, filling efficiency is improved, the frequency deviation parameter of dynamic token is filled into product in real time.
Brief description of the drawings
Fig. 1 is that whole parameters enter the filling schematic diagram of token.
Fig. 2 is the functional block diagram in token parameter filling apparatus.
Fig. 3 is the flow chart of token parameter packaging process.
Fig. 4 is filling data structure diagram.
Fig. 5 is in response to data structure diagram.
Fig. 6 is the flow chart that processing data is filling in token.
Embodiment
By the following description to embodiment, it will more contribute to public understanding of the invention, but can't should be by Shen
Given specific embodiment of asking someone is considered as the limitation to technical solution of the present invention, any definition to part or technical characteristic
Be changed and/or make form to overall structure and immaterial conversion is regarded as what technical scheme was limited
Protection domain.
Embodiment 1:
A kind of token parameter filling apparatus, filling apparatus include:
Dynamic token generates dynamic password using seed key according to the value of current time, challenge code or event counter.
Seed key is used for operation that the time of input, challenge code or event counter are encrypted or made a summary, (logical by transform operation
It is often modular arithmetic) 6-8 bit digitals are exported afterwards to display screen, as dynamic password.
First receiving module, for obtaining token serial number and encryption seed key from key management system, encrypt into
Enter filling apparatus, wherein seed key corresponds with sequence number;Shared between dynamic token and certificate server software systems
Fixed factor include key KEY and variable IV, variable IV is used to enter line translation to key KEY or input variable.Gu
Determine factor (KEY, IV) and be referred to as dynamic token and the seed key of certificate server software systems.The seed key of dynamic token
Usually initial key, or can be exported by initial key.
Frequency deviation measurement module, token product frequency deviation three times is obtained for measuring in real time, mean deviation is calculated;
Run preset parameter such as seed key length, out-of-service time, the Password frequency of failure, automatic unlocking number, calculation
Method selection etc., makes a living antenatal according to the preset success of user's request, can carry out parameter according to the difference of user's request
Extension;
Time-obtaining module, for obtaining current UTC time;UTC time refers to Coordinated Universal Time(UTC) (English:
Coordinated Universal Time), also known as world's unified time, universal time, international coordination time.
Deciphering module, for seed key to be decrypted according to AES;
Data assembling module, it is assembled for carrying out filling data;
Data head, data tail are used to carry out data syn-chronization, and check code is used for using cumulative and algorithm or CRC check algorithm
Confirmation issues the integrality of filling data;SM3 algorithms are the commercial algorithms of national Password Management office establishment, in cipher application
Digital signature and checking, message authentication code generation with checking and random number generation.CRC(Cyclic Redundancy
Check) CRC is conventional data verification method.It is cumulative and be conventional data check code generating method.
First sending module, for sending assembled good filling data to the second receiving module;
Second receiving module, for receiving assembled good filling data;
Data check module, whole data structure is verified for the algorithm according to check code;Specification:Guarantee connects
The accuracy of filling data is received, data check module verifies according to the algorithm of check code to whole data structure, ensures
Receive the accuracy of filling data;
Second sending module, for sending the filling data verified to filling data processing equipment;
3rd receiving module, for waiting and receiving the data of token, the response data structure of reception is as shown in figure 5, number
It is used to carry out data syn-chronization according to head, data tail, result code is the filling data success of 00 expression token, and check code is used cumulative and calculated
Method or CRC check algorithm, for confirming the integrality of response data;
Correction verification module is verified, for calculating identifying code, when local computing identifying code is consistent with response data identifying code, table
Bright data are filling correct, calculate identifying code and use SM3 algorithms.
In the present embodiment:AES includes SM2, SM1, SM4, and frequency shift (FS) precision is 0.01PPM, and the time obtains mould
Block obtains current UTC time by GPS or time server.
First sending module sends assembled good filling data to the second receiving module by USB HID interfaces;HID is set
Standby is the equipment directly interacted with people, such as keyboard, mouse and joystick etc., the second receiving module receive spelling by USB interface
The filling data installed.
Checking correction verification module uses SM3 algorithms, the data organization method appointed according to token, calculates identifying code, when this
When ground calculating identifying code is consistent with response data identifying code, show that data are filling correct.
Embodiment 2:A kind of filling data processing equipment of token, the filling data processing equipment of token include:
Filling data module is received, for the clock line signal provided according to filling apparatus, according to the filling of filling apparatus
Frequency, binary-coded filling data are obtained from data wire, data head, data tail are used to carry out data syn-chronization;
Filling data check module, for confirming to issue the integralities of filling data after filling data are received;
Filling data memory module, for by the filling write-in seed key of token, UTC time, token product frequency deviation, fortune
Row preset parameter is stored in the corresponding key zone of token, audit area and data field, and dynamic password calculating and operation are carried out for token
Use;
Identifying code computing module, after filling success, result code is entered as 00, using SM3 algorithms, according to the data of agreement
Organizational form carries out identifying code calculating, and such as possible Method of Data Organization is SM3, seed key | UTC | token product frequency deviation | and fortune
Row preset parameter, " | " are the data symbol that is linked in sequence.
Response data loopback module, the response data structure for loopback according to such as Fig. 5, according to filling apparatus provide when
Clock line signal, according to the filling frequency of filling apparatus, from data wire back response data structure to filling apparatus.
In the present embodiment:Filling data check module, for using cumulative and algorithm or CRC after filling data are received
Checking algorithm calculates check code, confirms to issue the integrality of filling data.
Identifying code computing module, for calculating identifying code using SM3 digest algorithms, under confirming for token parameter filling apparatus
The correctness for sending out data filling.
Certainly, the present invention can also have other various embodiments, in the case of without departing substantially from spirit of the invention and its essence,
Those skilled in the art can be made according to the present invention it is various it is corresponding change and deformation, but these it is corresponding change and
Deformation should all belong to the protection domain of appended claims of the invention.
Claims (5)
1. a kind of token parameter filling apparatus, it is characterised in that the filling apparatus includes:
First receiving module, for obtaining token serial number and encryption seed key from key management system, encryption, which enters, to be filled
Install standby, wherein seed key and sequence number correspond;
Frequency deviation measurement module, token product frequency deviation three times is obtained for measuring in real time, mean deviation is calculated;
Time-obtaining module, for obtaining current UTC time;
Deciphering module, for seed key to be decrypted according to AES;
Data assembling module, it is assembled for carrying out filling data;
First sending module, for sending assembled good filling data to the second receiving module;
Second receiving module, for receiving assembled good filling data;
Data check module, whole data structure is verified for the algorithm according to check code;
Second sending module, for sending the filling data verified to filling data processing equipment;
3rd receiving module, for waiting and receiving the data of filling data processing equipment;
Correction verification module is verified, for calculating identifying code, when local computing identifying code is consistent with response data identifying code, shows to count
According to filling correct.
2. token parameter filling apparatus according to claim 1, it is characterised in that
The AES includes SM2, SM1, SM4;
Frequency shift (FS) precision is 0.01PPM;
Time-obtaining module obtains current UTC time by GPS or time server.
3. token parameter filling apparatus according to claim 1, it is characterised in that the HID that the first sending module passes through USB
Interface sends assembled good filling data to the second receiving module;Second receiving module receives assembled good filling by USB interface
Fill data.
4. token parameter filling apparatus according to claim 1, it is characterised in that the checking correction verification module uses SM3
Algorithm, the data organization method appointed according to token, calculate identifying code.
5. a kind of filling data processing equipment of token, it is characterised in that the filling data processing equipment of token includes:
Filling data module is received, for the clock line signal provided according to filling apparatus, according to the filling frequency of filling apparatus,
Binary-coded filling data are obtained from data wire, data head, data tail are used to carry out data syn-chronization;
Filling data check module, for calculating verification using cumulative and algorithm or CRC check algorithm after filling data are received
Code, confirm to issue the integrality of filling data;
Filling data memory module, for the seed key of filling write-in token, UTC time, token product frequency deviation, operation is pre-
Put parameter and be stored in the corresponding key zone of token, audit area and data field, carry out dynamic password calculating for token and operation uses;
Identifying code computing module, for using SM3 digest algorithms to calculate identifying code after filling data are received, filled for token parameter
The standby correctness for confirming to issue filling data of installing;
Response data loopback module, for back response data structure, the clock line signal provided according to filling apparatus, according to filling
Standby filling frequency is installed, from data wire back response data structure to filling apparatus.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410218623.6A CN104660410B (en) | 2014-05-23 | 2014-05-23 | A kind of token parameter filling apparatus, filling data processing equipment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410218623.6A CN104660410B (en) | 2014-05-23 | 2014-05-23 | A kind of token parameter filling apparatus, filling data processing equipment |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104660410A CN104660410A (en) | 2015-05-27 |
CN104660410B true CN104660410B (en) | 2018-03-30 |
Family
ID=53251146
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201410218623.6A Active CN104660410B (en) | 2014-05-23 | 2014-05-23 | A kind of token parameter filling apparatus, filling data processing equipment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104660410B (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109450647B (en) * | 2018-12-18 | 2022-04-29 | 飞天诚信科技股份有限公司 | Method and system for safely producing and detecting dynamic token |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101826957A (en) * | 2010-01-19 | 2010-09-08 | 北京信安世纪科技有限公司 | Dynamic token seed key injection method |
CN102307095A (en) * | 2011-04-27 | 2012-01-04 | 上海动联信息技术有限公司 | Injection and deformation method for seed key of dynamic token |
CN102315944A (en) * | 2011-09-29 | 2012-01-11 | 上海动联信息技术有限公司 | Seed key multi-time injection dynamic token, dynamic password authentication system and method |
CN103457739A (en) * | 2013-09-06 | 2013-12-18 | 北京握奇智能科技有限公司 | Method and device for acquiring dynamic token parameters |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TWI340354B (en) * | 2006-12-14 | 2011-04-11 | Inst Information Industry | System, method, and computer readable medium for micropayment with varying denomination |
-
2014
- 2014-05-23 CN CN201410218623.6A patent/CN104660410B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101826957A (en) * | 2010-01-19 | 2010-09-08 | 北京信安世纪科技有限公司 | Dynamic token seed key injection method |
CN102307095A (en) * | 2011-04-27 | 2012-01-04 | 上海动联信息技术有限公司 | Injection and deformation method for seed key of dynamic token |
CN102315944A (en) * | 2011-09-29 | 2012-01-11 | 上海动联信息技术有限公司 | Seed key multi-time injection dynamic token, dynamic password authentication system and method |
CN103457739A (en) * | 2013-09-06 | 2013-12-18 | 北京握奇智能科技有限公司 | Method and device for acquiring dynamic token parameters |
Also Published As
Publication number | Publication date |
---|---|
CN104660410A (en) | 2015-05-27 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107171805B (en) | Internet of things terminal digital certificate issuing system and method | |
TW201812630A (en) | Block chain identity system | |
EP2999156A1 (en) | Device authenticity determination system and device authenticity determination method | |
CN107678763A (en) | Electric energy meter upgrade method and system based on digital signature technology | |
CN104574176A (en) | USBKEY-based secure online tax declaration method | |
CN109272617B (en) | Unlocking verification method, server, door lock, electronic device and storage medium | |
CN108683674A (en) | Verification method, device, terminal and the computer readable storage medium of door lock communication | |
EP3544226B1 (en) | Unified secure device provisioning | |
CN103701598A (en) | SM2 signature algorithm-based double-check signature method and digital signature equipment | |
CN113709115B (en) | Authentication method and device | |
CN112672344B (en) | Data communication method and device between terminals | |
WO2018120938A1 (en) | Offline key transmission method, terminal and storage medium | |
CN103905188A (en) | Method for generating dynamic password through intelligent secret key device, and intelligent secret key device | |
CN107181795B (en) | Convenient filling method and system for wireless security terminal firmware | |
CN114139176A (en) | Industrial internet core data protection method and system based on state secret | |
CN104660410B (en) | A kind of token parameter filling apparatus, filling data processing equipment | |
CN106992865B (en) | Data signature method and system, data sign test method and device | |
CN102752308A (en) | Network-based digital certificate comprehensive service providing system and implementation method thereof | |
CN115955362B (en) | Block chain-based data storage and communication method, device, equipment and medium | |
CN114785583B (en) | Encryption sending and checking method, device, equipment and medium of interface request | |
CN113779522B (en) | Authorization processing method, device, equipment and storage medium | |
CN116405199A (en) | Encryption method, device, equipment and medium based on NTRU algorithm and SM2 algorithm | |
CN115865460A (en) | Data transmission method and device, electronic equipment and storage medium | |
CN112422534B (en) | Credit evaluation method and equipment for electronic certificate | |
CN114117388A (en) | Device registration method, device registration apparatus, electronic device, and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |