CN104954139B - Cipher machine - Google Patents
Cipher machine Download PDFInfo
- Publication number
- CN104954139B CN104954139B CN201510348747.0A CN201510348747A CN104954139B CN 104954139 B CN104954139 B CN 104954139B CN 201510348747 A CN201510348747 A CN 201510348747A CN 104954139 B CN104954139 B CN 104954139B
- Authority
- CN
- China
- Prior art keywords
- whereabouts
- cipher machine
- cipher
- password
- service information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Storage Device Security (AREA)
Abstract
The present invention relates to a kind of cipher machines, the signature memory module that the cipher machine includes password mainboard, is connect with the password mainboard, the signature memory module storage whereabouts verifying private key signs to the whereabouts that user service information is digitally signed, the user service information includes the purposes of cipher machine, the password mainboard receives user instructions, and the whereabouts is signed and is sent to the sender of the user instruction.The user service information after signature verification is obtained by the way that whereabouts signature is carried out signature verification, the user service information after the signature verification is compared with original customer service letter, it may be verified that whether the whereabouts of cipher machine is genuine and believable.
Description
Technical field
The present invention relates to electronic communication fields, more particularly to a kind of cipher machine.
Background technique
With the development of information technology, cipher machine using more and more extensive.Can exist under a usual key code system more
Platform cipher machine, every cipher machine are likely located at different geographical locations, and therefore, the control of cipher machine is a weight of system safety
Guarantee.
Currently, the control to cipher machine mainly uses management means, pass through the information such as the purposes of simply registering cipher machine, note
The whereabouts for recording cipher machine, the whereabouts of cipher machine is vulnerable to distorting and forge when due to using pattern register, Current Password machine
Whereabouts whether genuine and believable can not verify.
Summary of the invention
Based on this, the purpose of the present invention is to provide a kind of cipher machine, which can verify that whether its whereabouts really may be used
Letter.
In order to achieve the above objectives, the embodiment of the present invention uses following technical scheme:
A kind of cipher machine, including password mainboard, the signature memory module being connect with the password mainboard, the signature
Memory module storage whereabouts verifying private key signs to the whereabouts that user service information is digitally signed, the customer service
Information includes the purposes of cipher machine, and the password mainboard receives user instructions, and the whereabouts is signed and is referred to the user
The sender of order sends.
According to scheme present invention as described above, the signature memory module storage whereabouts verifying private key is to customer service
The whereabouts signature that information is digitally signed, the user service information includes the purposes of cipher machine, and password mainboard connects
User instruction is received, the whereabouts that signature memory module is stored is read according to the user instruction and is signed, and the whereabouts is signed
It is sent to the sender of the user instruction, the sender of the user instruction can sign to the whereabouts after receiving whereabouts signature
The user service information after signature verification is verified, verifying are carried out using with the matched whereabouts verification public key of whereabouts verifying private key
User service information afterwards includes the purposes of cipher machine, and the user service information after user service information and verifying is carried out pair
Than if the inconsistent whereabouts signature for illustrating the cipher machine has been tampered, the whereabouts of cipher machine is insincere;Illustrate password if consistent
The whereabouts of machine is credible.Therefore the solution of the present invention is able to verify that whether the whereabouts of cipher machine is genuine and believable.
Detailed description of the invention
Fig. 1 is the structural schematic diagram of the cipher machine in one embodiment;
Fig. 2 is the structural schematic diagram of the cipher machine in another embodiment.
Specific embodiment
In order to make the objectives, technical solutions, and advantages of the present invention clearer, with reference to the accompanying drawings and embodiments, right
The present invention is further elaborated.It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, and
It is not used in the restriction present invention.
Fig. 1 shows the structural schematic diagram of cipher machine of the invention, as shown in Figure 1, the cipher machine in the present embodiment includes:
Password mainboard 110, the signature memory module 120 connecting with the password mainboard 110, the signature memory module 120 are deposited
Storage whereabouts verifying private key signs to the whereabouts that user service information is digitally signed, and the user service information includes close
The purposes of ink recorder, the password mainboard receive user instructions, and the whereabouts is signed the sender to the user instruction
It sends.
In the particular embodiment, whereabouts verifying private key and whereabouts verification public key are different two groups of characters, by with
Family generates and keeping, the user service information can be indicated by English character.Password mainboard 110 has cryptographic service net
Three mouth, management service network interface, management service serial ports external interactive interfaces, password mainboard 110 be able to carry out information encryption and
Decryption, externally provides cryptographic service by cryptographic service network interface.
In the present embodiment, password mainboard 110 is received user instructions, and reads signature memory module according to the user instruction
The 120 whereabouts signatures stored, and the whereabouts is signed, certificate server is sent to by management service network interface, the authentication service
Device carries out the user service information after signature verification is verified, certification to the whereabouts signature received using whereabouts verification public key
Server memory contains user service information, and certificate server carries out the user service information after user service information and verifying
Comparison illustrates that the whereabouts verification public key use when signature verification and whereabouts verifying private key are if result is consistent
Match, and whereabouts signature, without passing through any modification, the purposes information of cipher machine is genuine and believable at this time;If result
Inconsistent, then whereabouts verification public key used by illustrating and whereabouts verifying private key mismatch or whereabouts signature are
It is tampered, the purposes information of cipher machine is incredible at this time, therefore the solution of the present invention is able to verify that the whereabouts of cipher machine is
It is no genuine and believable.
In another embodiment, the user service information further includes the use unit for having cipher machine, using whereabouts
Verifying private key is digitally signed to the purposes for including cipher machine and using the user service information of unit to obtain the whereabouts
Signature.At this point, the user service information after user service information and verifying is carried out consistency comparison by certificate server, it may be verified that
Whether whether the whereabouts of the cipher machine is genuine and believable and usurped by other unit.
In another embodiment, the user service information further includes the sequence number for having cipher machine, the whereabouts label
Name is digitally signed to obtain by whereabouts verifying private key to user service information, and the user service information includes cipher machine
Purposes and cipher machine sequence number or include the purposes of cipher machine, cipher machine the sequence number using unit and cipher machine.
Since the sequence number of cipher machine has just been set when leaving the factory, change is invalid, and the sequence of obtained whereabouts signature and cipher machine
It number is mutually matched, therefore can prevent the whereabouts of cipher machine from signing and be tampered and forge.
Fig. 2 shows the structural schematic diagram of the cipher machine in another embodiment, it is different from embodiment shown in FIG. 1 it
It is in further including the factory secret storage module being connect with the password mainboard, cryptographic algorithm module, be able to verify that password
Whether the source of machine is true and reliable.
As shown in Fig. 2, the cipher machine in the present embodiment includes: password mainboard 210, connect with password mainboard 210
Signature memory module 220, factory secret storage module 230, cryptographic algorithm module 240;The storage of signature memory module 220 is gone
It signs to verifying private key to the whereabouts that user service information is digitally signed, the user service information includes cipher machine
Purposes, the factory secret storage module 230 stores cipher machine producer and dispatches from the factory private key;
The password mainboard 210 receives user instructions, and the whereabouts is signed the sender to the user instruction
It sends;
The password mainboard 210 receives the encrypted cipher text using cipher machine producer factory public key encryption, controls described close
Code algoritic module 240 is decrypted the encrypted cipher text to obtain decrypted plaintext using cipher machine producer factory private key, and
The decrypted plaintext is sent to the sender of the encrypted cipher text.
In the particular embodiment, factory secret storage module 230 can be realized using readable not writeable memory, be prevented
Only its cipher machine producer stored factory private key is modified, such as using ROM (Read Only Memory, read-only memory) etc.
Memory is realized, factory private key can also be stored in factory secret storage module 230 using underground instruction by cipher machine producer
In.Cipher machine producer factory private key is written to factory secret storage module 230 when cipher machine dispatches from the factory in cipher machine producer, described to add
Ciphertext with factory private key matched cipher machine producer of cipher machine producer factory public key by encrypt to a certain data
It arrives, which can be the character string with certain length being randomly generated.The cipher machine producer factory private key is fixed value,
In cipher machine factory by cipher machine factory settings, cannot change.Password mainboard 210 has cryptographic service network interface, management clothes
Business three network interface, management service serial ports external interactive interfaces, cipher machine producer pass through management service serial ports when cipher machine dispatches from the factory
Cipher machine producer factory private key is written in factory secret storage module 230 into cipher machine;Gone out receiving using cipher machine producer
The encrypted cipher text of factory's public key encryption and by the decrypted plaintext to the sender of the encrypted cipher text send when, using management service
Network interface carries out.Password mainboard 210 is able to carry out information encryption and decryption, externally provides password clothes by cryptographic service network interface
Business.
According to the scheme of the present embodiment as described above, the signature memory module 220 store whereabouts verifying private key to
The whereabouts signature that family business information is digitally signed, the user service information includes the purposes of cipher machine, cipher machine
Mainboard 210 receives user instructions, and reads the whereabouts that signature memory module 220 is stored according to the user instruction and signs, and will
The whereabouts is signed to be sent to the sender of the user instruction, and the sender of the user instruction can after receiving whereabouts signature
The user after signature verification is verified is carried out using with whereabouts verifying private key matched whereabouts verification public key to whereabouts signature
Business information, the user service information after verifying include the purposes of cipher machine, by the user after user service information and verifying
Business information compares, if the inconsistent whereabouts signature for illustrating the cipher machine has been tampered, the whereabouts of cipher machine is insincere;If
It is consistent then illustrate that the whereabouts of cipher machine is credible.The encryption that password mainboard 210 receives cipher machine producer factory public key encryption is close
Wen Hou reads the cipher machine producer factory private key of storage from factory secret storage module 230, then controls cryptographic algorithm module
240 are decrypted the encrypted cipher text using cipher machine producer factory private key, obtain decrypted plaintext.At this point, by encrypted cipher text
Corresponding data before encrypting are compared with decrypted plaintext, since the factory private key of cipher machine is matched with its source, work as decryption
When inconsistent with data before encrypting in plain text, illustrate to be tampered from the cipher machine producer factory private key in cipher machine, cipher machine
Source it is insincere;Illustrate that the source of cipher machine is credible if consistent.Therefore the scheme of the present embodiment can not only verify password
Whether the whereabouts of machine is genuine and believable, and whether the source that can verify cipher machine is genuine and believable.
The embodiments described above only express several embodiments of the present invention, and the description thereof is more specific and detailed, but simultaneously
Limitations on the scope of the patent of the present invention therefore cannot be interpreted as.It should be pointed out that for those of ordinary skill in the art
For, without departing from the inventive concept of the premise, various modifications and improvements can be made, these belong to guarantor of the invention
Protect range.Therefore, the scope of protection of the patent of the invention shall be subject to the appended claims.
Claims (5)
1. a kind of cipher machine, which is characterized in that store mould including password mainboard, the signature connecting with the password mainboard
Block, the signature memory module storage whereabouts verifying private key sign to the whereabouts that user service information is digitally signed,
The user service information includes the purposes of cipher machine, and the password mainboard receives user instructions, according to the user instruction
The whereabouts signature that signature memory module is stored is read, and the whereabouts is signed and is sent to the sender of the user instruction,
The sender of the user instruction can sign to the whereabouts after receiving whereabouts signature using private key is matched goes with whereabouts verifying
The user service information after signature verification is verified is carried out to verification public key, the user service information after verifying includes password
The purposes of machine carries out the purposes information in the user service information after the purposes information and verifying in user service information pair
Than if inconsistent explanation cipher machine is not used according to regulation purposes, the whereabouts of cipher machine is insincere;Illustrate password if consistent
The whereabouts of machine is credible;
It further include the factory secret storage module being connect with the password mainboard, cryptographic algorithm module, the factory private key is deposited
Store up module storage cipher machine producer factory private key;
The password mainboard receives the encrypted cipher text using cipher machine producer factory public key encryption, controls the cryptographic algorithm mould
Block is decrypted the encrypted cipher text using cipher machine producer factory private key to obtain decrypted plaintext, and the decryption is bright
Text is sent to the sender of the encrypted cipher text, and the sender of the encrypted cipher text is by the corresponding data before encrypting of encrypted cipher text
It is compared with the decrypted plaintext, when the decrypted plaintext and the inconsistent data before encrypting, determines the password
Cipher machine producer factory private key in machine has been tampered, and the source of the cipher machine is insincere;If consistent, determine described close
The source of ink recorder is credible.
2. cipher machine according to claim 1, which is characterized in that the user service information further includes the use of cipher machine
Unit.
3. cipher machine according to claim 1 or 2, which is characterized in that the user service information further includes cipher machine
Sequence number.
4. cipher machine according to claim 1, which is characterized in that the factory secret storage module is read-only memory.
5. cipher machine according to claim 1, which is characterized in that the cipher machine includes cryptographic service network interface, management clothes
Business network interface, management service serial ports.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510348747.0A CN104954139B (en) | 2015-06-19 | 2015-06-19 | Cipher machine |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510348747.0A CN104954139B (en) | 2015-06-19 | 2015-06-19 | Cipher machine |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104954139A CN104954139A (en) | 2015-09-30 |
| CN104954139B true CN104954139B (en) | 2019-02-15 |
Family
ID=54168516
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510348747.0A Active CN104954139B (en) | 2015-06-19 | 2015-06-19 | Cipher machine |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104954139B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101873587A (en) * | 2010-05-27 | 2010-10-27 | 大唐微电子技术有限公司 | Wireless communication device and method for realizing service security thereof |
| CN101938520A (en) * | 2010-09-07 | 2011-01-05 | 中兴通讯股份有限公司 | Mobile terminal signature-based remote payment system and method |
| CN103414564A (en) * | 2013-08-07 | 2013-11-27 | 成都卫士通信息产业股份有限公司 | Secrete key card, secrete key device and method for protecting private key |
| CN104702407A (en) * | 2013-12-09 | 2015-06-10 | 汉王科技股份有限公司 | Digital signature apparatus, and system and digital signature method |
-
2015
- 2015-06-19 CN CN201510348747.0A patent/CN104954139B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101873587A (en) * | 2010-05-27 | 2010-10-27 | 大唐微电子技术有限公司 | Wireless communication device and method for realizing service security thereof |
| CN101938520A (en) * | 2010-09-07 | 2011-01-05 | 中兴通讯股份有限公司 | Mobile terminal signature-based remote payment system and method |
| CN103414564A (en) * | 2013-08-07 | 2013-11-27 | 成都卫士通信息产业股份有限公司 | Secrete key card, secrete key device and method for protecting private key |
| CN104702407A (en) * | 2013-12-09 | 2015-06-10 | 汉王科技股份有限公司 | Digital signature apparatus, and system and digital signature method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104954139A (en) | 2015-09-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106789018B (en) | Secret key remote acquisition methods and device | |
| CN108229188B (en) | Method for signing file and verifying file by using identification key | |
| CN103067401B (en) | Method and system for key protection | |
| CN107742212B (en) | Asset verification method, device and system based on block chain | |
| US10559049B2 (en) | Digital passport country entry stamp | |
| US20100005318A1 (en) | Process for securing data in a storage unit | |
| JP2016515235A5 (en) | ||
| CN110401615A (en) | A kind of identity identifying method, device, equipment, system and readable storage medium storing program for executing | |
| CN103281299B (en) | A kind of ciphering and deciphering device and information processing method and system | |
| CN102916971A (en) | Electronic data curing system and method | |
| CN104424446A (en) | Safety verification and transmission method and system | |
| CN109474419A (en) | A kind of living body portrait photo encryption and decryption method and encrypting and deciphering system | |
| CN109347858A (en) | Cipher code protection method, auth method, device, equipment and storage medium | |
| CN112332975A (en) | Internet of things equipment secure communication method and system | |
| CN106790045A (en) | One kind is based on cloud environment distributed virtual machine broker architecture and data integrity support method | |
| CN109981287A (en) | A kind of code signature method and its storage medium | |
| CN111435390A (en) | Safety protection method for operation and maintenance tool of power distribution terminal | |
| CN102571355A (en) | Method and device for importing secret key without landing | |
| CN108270568A (en) | A kind of mobile digital certificate device and its update method | |
| CN105119719A (en) | Key management method of secure storage system | |
| CN107947939A (en) | Support the PDF endorsement methods and system of SM3 cryptographic Hash algorithm and SM2 Digital Signature Algorithms | |
| CN109586918A (en) | The signature method and sealing system of anti-quantum calculation based on pool of symmetric keys | |
| CN109889489A (en) | It is a kind of for carrying out the method and system of online or offline secure transmission to invoice data | |
| CN111435389A (en) | Power distribution terminal operation and maintenance tool safety protection system | |
| CN103916237B (en) | Method and system for managing user encrypted-key retrieval |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20210602 Address after: 510700 3rd, 4th and 5th floors of building J1 and 3rd floor of building J3, No.11 Kexiang Road, Science City, Luogang District, Guangzhou City, Guangdong Province Patentee after: China Southern Power Grid Research Institute Co.,Ltd. Address before: 510080 water Donggang 8, Dongfeng East Road, Yuexiu District, Guangzhou, Guangdong. Patentee before: China Southern Power Grid Research Institute Co.,Ltd. Patentee before: CSG POWER GRID TECHNOLOGY RESEARCH CENTER |
|
| TR01 | Transfer of patent right |