CN105024810A - one-way hash function-based secret key temporary distributing method and system - Google Patents
one-way hash function-based secret key temporary distributing method and system Download PDFInfo
- Publication number
- CN105024810A CN105024810A CN201510452317.3A CN201510452317A CN105024810A CN 105024810 A CN105024810 A CN 105024810A CN 201510452317 A CN201510452317 A CN 201510452317A CN 105024810 A CN105024810 A CN 105024810A
- Authority
- CN
- China
- Prior art keywords
- key
- terminal
- control
- sub
- hash function
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Storage Device Security (AREA)
Abstract
The invention relates to a one-way hash function-based secret key temporary distributing method and a one-way hash function-based secret key temporary distributing system. The system comprises a server, a secondary key terminal and a functional terminal. In secret key temporary distribution, the server uses an original secret key to add a control code and perform hash calculation to generate a sub secret key. The sub secret key is stored in a nonvolatile memory of the secondary key terminal. The control code of the sub secret key comprises the information such as movement, time, permission, identity, and so on. The information will directly determine the function of the sub secret key in an authenticating process of the functional terminal. By creatively adding control information in the secret key purely used for judging the permission in the invention, the distribution and the management of the secret key could be more refined and convenient.
Description
Technical field
The present invention relates to the method and system that a kind of key distributes temporarily, be applicable to all kinds ofly need limited for the authority scene transferred or authorize, but temporary Authorization does not expose primary key, be especially mainly used in the security protection of distributed function terminal, belong to information security field.
Background technology
In the social scene that this technology is mainly suitable for; the value information protected or service need be obtained and be arranged in the especially distributed function terminal of terminal (electronic lock of not networking as all kinds of or temporarily do not have the Vending Machine of network signal); and the mobile phone can opening this authority, electron key etc. that dock with it, we are referred to as secondary key terminal.
At present, known center type cipher safety system (cloud security), require user ask corresponding authority time each time all with high in the clouds communication, and in real world applications, time many times as good in hand-held mobile terminal signal, may not possess the condition of real-time interconnection, this is that the application of some security classes brings many restrictions.
The distribution of key can solve the above problems, but existing encryption key distribution system particularly temporary key distribute system common demands use time and Cloud Server communication, if and directly key is distributed to user in advance, then face the great risk that key exposure system is cracked.And, some disposal passwords only can be accomplished the elementary functions such as one-time pad or regain authority to network by the action of server transmission dependent instruction again at present, the key authorized does not possess the authority accurately controlled and regains ability, does not possess off-line operation ability yet.
Summary of the invention
In order to overcome the deficiency of the interim distribution system fail safe of existing key, mesh dependence, control accuracy, the invention provides the interim distribution method of a kind of key based on one-way hash function and system, access control information in primary key, and hide primary key information with hash function, operation result and control routine are transferred simultaneously to secondary key terminal, simultaneously by with the coordinating of the authentication module in function terminal, realize a kind of authority automatic drawing back ability of off-line type.
For solving the problems of the technologies described above, the technical solution used in the present invention is as follows.
The interim distribution method of a kind of key based on one-way hash function of the present invention and system, comprise server end, secondary key terminal, function terminal.Wherein function terminal has the primary key key1 of oneself, and server end has whole primary key information and comprises the key1 of this function terminal, and server end and function terminal all have the feature list of control code.In licensing process, key1 and one-stage control code control combines by server, key2 is obtained through hash function, and give secondary key terminal by the channel of safety by key2 and control assignment of code, key2 and control code is kept in inner nonvolatile memory by secondary key terminal; In use procedure, secondary key terminal sends key2 and control to function terminal authentication by safe lane, function terminal judges the Authorization Attributes of this key2 by control code, action attributes, time attribute, and call original key1 and the control code combination that therein deposits and calculate its one-way hash function value, if this value is identical with the key2 received, then authentication success, performs the command information that control comprises.
Further, the beginning and ending time that control control routine comprises based on absolute time controls, and access times control, and enabling time controls the latest, or other system debugging bottom most control command.
Further, the identity ID of this key in control code, can be comprised, for identifying this key and carrying the uniqueness of secondary key terminal of this key value, to realize the abolishment of certain key by server end, add, temporarily forbid.
Further, above-mentioned safe lane, be independent by the one in AES, MD5, SHA, RSA of current main flow or combination in any structure, its form is the one in static password authentication method, Time dynamic authentication method, event dynamic confirming method, impulse response type dynamic confirming method.
Further, secondary key terminal is mobile phone, panel computer, intelligent wearable device or proprietary electron key.
Further, one-way hash function is the one in MD4, MD5, SHA-1, SHA-2, SHA-256, SHA-512.
Further, this control control routine is the machine code of a string binary system composition.
Further, run in the chip of function terminal and have absolute time value, by with the coordinating of this value, the control action of time correlation can be realized.
The invention has the beneficial effects as follows, distributed by key temporarily, limited authority authorized all kinds of secondary key terminal and do not expose primary key value, realizing the non real-time Off-line control to key simultaneously.By method of the present invention and system thereof, secondary key terminal such as mobile phone need not real-time interconnection, it can obtain an interim authority and be used as key, solve as in underground parking, the impact of the special scenes network failures such as elevator, and meanwhile key is not directly provided to key terminal by it, these secondary keys are not permanent, by this can set up one as by sky or hour in units of dynamic key upgrade system, mandate while ensure safety.In addition, at control plane, method of the present invention and system thereof, the realization of the control objectives set can be realized in the scene state of non real-time or off-line, such as control information is that certain sky hour arrives certain hour, then user is when using this key, and function terminal just obtains this control information simultaneously, carries out control action; The withdrawal of key also without ACTIVE CONTROL, with the key information of stamp deadline, will will not be approved by function terminal at the appointed time, thus cease to be in force automatically.This invention mainly can solve the embedded device of some non real-time networkings or the authentication of internet of things equipment and control problem.
Accompanying drawing explanation
Below in conjunction with drawings and Examples, the present invention is further described.
Fig. 1 is method schematic diagram of the present invention.
Fig. 2 is the system configuration schematic diagram of this system.
Embodiment
In order to make object of the present invention, technical scheme and advantage clearly understand, below in conjunction with drawings and Examples, the present invention is further elaborated.Should be appreciated that specific embodiment described herein only in order to explain the present invention, be not intended to limit the present invention.In addition, if below in described each execution mode of the present invention involved technical characteristic do not form conflict each other and just can mutually combine.
As Fig. 1, the interim distribution method of a kind of key based on one-way hash function of the present invention and system, comprise server end, secondary key terminal, function terminal.Wherein function terminal has the primary key key1 of oneself, and server end has whole primary key information and comprises the key1 of this function terminal, and server end and function terminal all have the feature list of control code.In licensing process, key1 and one-stage control code control combines by server, key2 is obtained through hash function, and give secondary key terminal by the channel of safety by key2 and control assignment of code, key2 and control code is kept in inner nonvolatile memory by secondary key terminal; In use procedure, secondary key terminal sends key2 and control to function terminal authentication by safe lane, function terminal judges the Authorization Attributes of this key2 by control code, action attributes, time attribute, and call original key1 and the control code combination that therein deposits and calculate its one-way hash function value, if this value is identical with the key2 received, then authentication success, performs the command information that control comprises.
Further, the beginning and ending time that control control routine comprises based on absolute time controls, and access times control, and enabling time controls the latest, or other system debugging bottom most control command.By the cooperation of control command and function terminal, the method described in this invention and system thereof can realize more complicated control combination.
Further, the identity ID of this key in control code, can be comprised, for identifying this key and carrying the uniqueness of secondary key terminal of this key value, to realize the abolishment of certain key by server end, add, temporarily forbid.
Further, above-mentioned safe lane, be independent by the one in AES, MD5, SHA, RSA of current main flow or combination in any structure, its form is the one in static password authentication method, Time dynamic authentication method, event dynamic confirming method, impulse response type dynamic confirming method.
Further, secondary key terminal is mobile phone, panel computer, intelligent wearable device or proprietary electron key; One-way hash function is the one in MD4, MD5, SHA-1, SHA-2, SHA-256, SHA-512; This control control routine is the machine code of a string binary system composition; Run in the chip of function terminal and have absolute time value, by with the coordinating of this value, the control action of time correlation can be realized.
As Fig. 2, in the interim distribution method of a kind of key based on one-way hash function of the present invention and system, be distributed in society everywhere provide service or the function terminal of information to be safe core, its chip internal preserves primary key key1, and the meanwhile manager that limits as highest weight of server, in its database, preserve same key1.What be in server end and function terminal room is secondary key terminal, they are smart mobile phone, Special electronic key, intelligent wearable device, panel computer etc., can obtain primary key in advance comprise the child release key2 of control information control and preserve from server.The various kinds of equipment of preserving key2 just becomes authorized secondary key, can unlock as key and control the function device of its correspondence, as electronic lock, cabinet lock, public washing machine, public bicycles etc.
Those skilled in the art will readily understand; the foregoing is only preferred embodiment of the present invention; not in order to limit the present invention, all any amendments done within the spirit and principles in the present invention, equivalent replacement and improvement etc., all should be included within protection scope of the present invention.
Claims (7)
1. based on the interim distribution method of key of one-way hash function, it is characterized in that: generated by the hash value calculated after combining by primary key and specific control routine for the sub-key that distributes; Sub-key and control routine with the use of, control routine has indicated action attributes, time attribute, the Authorization Attributes of this sub-key; In authentication process, comprise the programmed logic corresponding to control routine and the action attributes of sub-key, time attribute, Authorization Attributes are made a response.
2. the interim distribution method of a kind of key based on one-way hash function according to claim 1, it is characterized in that, also include the identity ID of sub-key in this control information, server and function terminal can be added a certain sub-key by ID unique identification, forbid, deletion action.
3. the interim distribution method of a kind of key based on one-way hash function according to claim 1, is characterized in that, the time attribute information comprised in sub-key, and coordinate the independent clock in authentication terminal, expired sub-key will lose efficacy.
4. based on the interim distribution system of key of one-way hash function, it is characterized in that: comprise server end, secondary key terminal, function terminal.Wherein function terminal has the primary key key1 of oneself, and server end has whole primary key information and comprises the key1 of this function terminal, and server end and function terminal all have the feature list of control code; In licensing process, key1 and one-stage control code control combines by server, key2 is obtained through hash function, and give secondary key terminal by the channel of safety by key2 and control assignment of code, key2 and control code is kept in inner nonvolatile memory by secondary key terminal; In use procedure, secondary key terminal sends key2 and control to function terminal authentication by safe lane, function terminal judges the Authorization Attributes of this key2 by control code, action attributes, time attribute, and call original key1 and the control code combination that therein deposits and calculate its one-way hash function value, if this value is identical with the key2 received, then authentication success, performs the command information that control comprises.
5. the interim distribution system of a kind of key based on one-way hash function according to claim 4, it is characterized in that, described safe lane, be independent by the one in AES, MD5, SHA, RSA of current main flow or combination in any structure, its form is the one in static password authentication method, Time dynamic authentication method, event dynamic confirming method, impulse response type dynamic confirming method.
6. the interim distribution system of a kind of key based on one-way hash function according to claim 4, is characterized in that, described secondary key terminal is mobile phone, panel computer, intelligent wearable device or proprietary electron key.
7. the interim distribution system of a kind of key based on one-way hash function according to claim 4, is characterized in that, running in the chip of function terminal has absolute time value, sub-key by with the coordinating of this value, the control action of time correlation can be realized.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510452317.3A CN105024810A (en) | 2015-07-29 | 2015-07-29 | one-way hash function-based secret key temporary distributing method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510452317.3A CN105024810A (en) | 2015-07-29 | 2015-07-29 | one-way hash function-based secret key temporary distributing method and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105024810A true CN105024810A (en) | 2015-11-04 |
Family
ID=54414547
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510452317.3A Pending CN105024810A (en) | 2015-07-29 | 2015-07-29 | one-way hash function-based secret key temporary distributing method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105024810A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108243197A (en) * | 2018-01-31 | 2018-07-03 | 北京深思数盾科技股份有限公司 | A kind of data distribution, retransmission method and device |
| CN109584456A (en) * | 2018-11-21 | 2019-04-05 | 北京四达时代软件技术股份有限公司 | A kind of solar power supply unit, system and monthly payment plan control method |
-
2015
- 2015-07-29 CN CN201510452317.3A patent/CN105024810A/en active Pending
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108243197A (en) * | 2018-01-31 | 2018-07-03 | 北京深思数盾科技股份有限公司 | A kind of data distribution, retransmission method and device |
| CN108243197B (en) * | 2018-01-31 | 2019-03-08 | 北京深思数盾科技股份有限公司 | A kind of data distribution, retransmission method and device |
| CN109584456A (en) * | 2018-11-21 | 2019-04-05 | 北京四达时代软件技术股份有限公司 | A kind of solar power supply unit, system and monthly payment plan control method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111191286B (en) | HyperLegger Fabric block chain private data storage and access system and method thereof | |
| CN109272606B (en) | Intelligent lock supervision equipment and method based on block chain and storage medium | |
| CN109257334B (en) | Block chain-based data uplink system, method and storage medium | |
| US8639940B2 (en) | Methods and systems for assigning roles on a token | |
| RU2399087C2 (en) | Safe data storage with integrity protection | |
| CN1973569B (en) | Method for securing an authentication and key agreement protocol | |
| CN103679062A (en) | Intelligent electric meter main control chip and security encryption method | |
| US20200177375A1 (en) | Method and devices for verifying authorization of an electronic device | |
| CN107404472A (en) | The migration of Client-initiated encryption key | |
| CN111209558B (en) | Internet of things equipment identity authentication method and system based on block chain | |
| JPS63205687A (en) | Method and apparatus for protecting secret element in network of cryptograph by handing open key | |
| CN103152425B (en) | Based on the safety management system of the mobile device of cloud | |
| CN105656859A (en) | Secure online upgrade method and system for tax control equipment software | |
| CN104219055A (en) | NFC (near field communication)-based point-to-point trusted authentication method | |
| CN105847000A (en) | Token generation method and communication system based on same | |
| CN104506527A (en) | Multidimensional information pointer platform and data access method thereof | |
| CN112818332A (en) | Password management service platform for intelligent manufacturing | |
| CN110460674A (en) | A kind of information-pushing method, apparatus and system | |
| CN104486364A (en) | Access control method based on electronic certificate | |
| CN103795539B (en) | ID number generation method, allocation method, control method, device and system | |
| CN105024810A (en) | one-way hash function-based secret key temporary distributing method and system | |
| CN111435389A (en) | Power distribution terminal operation and maintenance tool safety protection system | |
| CN113328979B (en) | Method and device for recording access behaviors | |
| CN104378356A (en) | Demand response (DR) event safety management method and system based on role | |
| CN102983969A (en) | Security login system and security login method for operating system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20151104 |
|
| WD01 | Invention patent application deemed withdrawn after publication |