CN106452731A - Fragmented secret key storage system and storage method thereof - Google Patents

Fragmented secret key storage system and storage method thereof Download PDF

Info

Publication number
CN106452731A
CN106452731A CN201610827260.5A CN201610827260A CN106452731A CN 106452731 A CN106452731 A CN 106452731A CN 201610827260 A CN201610827260 A CN 201610827260A CN 106452731 A CN106452731 A CN 106452731A
Authority
CN
China
Prior art keywords
string
binary bits
key
section
new
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201610827260.5A
Other languages
Chinese (zh)
Inventor
张小青
肖建
常清雪
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sichuan Changhong Electric Co Ltd
Original Assignee
Sichuan Changhong Electric Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sichuan Changhong Electric Co Ltd filed Critical Sichuan Changhong Electric Co Ltd
Priority to CN201610827260.5A priority Critical patent/CN106452731A/en
Publication of CN106452731A publication Critical patent/CN106452731A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0637Modes of operation, e.g. cipher block chaining [CBC], electronic codebook [ECB] or Galois/counter mode [GCM]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The invention relates to an authentication platform. The invention provides a fragmented secret key storage system. A character string of the secret key is uniformly segmented into N sections; binary bit string conversion is performed on the N sections of character strings, and thus N sections of binary bit strings are acquired; a binary bit string R is randomly generated, and XOR operation is performed on the binary bit string R and the N sections of binary bit strings, thus N new binary bit strings are acquired, the N new binary bit strings are combined after being converted into the character strings to form a new secret key, and the new secret key and the binary bit string R are jointly stored; the new secret key is uniformly segmented into M sections of character strings, wherein M is equal to N; binary bit string conversion is performed on the M sections of character strings, and thus the M sections of binary bit strings are acquired; XOR operation is performed on the M sections of binary bit strings and the binary bit string R, thus the M new binary bit strings are acquired, and the M new binary bit strings are combined after being converted into the character strings to form the correct secret key. The system provided by the invention is applicable to storage of the secret key in an encryption algorithm and a digital certificate of a unified authentication platform.

Description

Fragmentation key storage system and its storage method
Technical field
The present invention relates to authentication platform, deposit particularly to the key in the AES and digital certificate of unification authentication platform Storage.
Background technology
Recent domestic Situation on Information Security is increasingly severe, and information security events take place frequently, and safe the sending out of domestic information Exhibition is still at an early stage, and the assault for enterprise also emerges in an endless stream, such as the go-between between high in the clouds and terminal Attack, can steal and change the interactive information of high in the clouds and terminal, cause huge harm to enterprise.For this risk, I Set up a unification authentication platform beyond the clouds and terminal between, the identity of high in the clouds and terminal is authenticated, and to high in the clouds and The sensitive information of terminal interaction carries out encryption and decryption using symmetric encipherment algorithm, wherein adopts base to the authentication mode in terminal and high in the clouds Authentication mode in the digital certificate of CA (authentication center) system of PKI mechanism.
CA system in PKI is responsible for creating or prove the reliable authoritative institution of identity.The digital certificate of CA Authentication principles are based on the Digital Signature Algorithm in cryptography, and the core of Digital Signature Algorithm is exactly to adopt rivest, shamir, adelman Signed and sign test.In cryptography, the means of safeguard protection information are not aimed at the protection of AES, but pin Key for AES is protected.AES beyond the clouds with the application process of terminal in, key to be protected, prevent Key is gone out by heavy blasting or penetration testing and causes damage to cloud terminal.
The present invention provide a kind of fragmentation method for storing cipher key one side can safety solve the problems, such as key storage;Separately On the one hand also system will not be caused with the impact of aspect of performance.
Content of the invention
The technical problem to be solved it is simply that provide a kind of fragmentation key storage system and its storage method with Realize the impact solving the problems, such as key storage, also system will not being caused with aspect of performance simultaneously of safety.
The present invention solves described technical problem, employed technical scheme comprise that, fragmentation key storage system, close including encrypting Key module and decruption key module;
Described encryption key module, for the character string even partition of key is N section, N 2;And N section character string is entered Row binary bits string is changed, and obtains N section binary bits string;Randomly generate a binary bits string R, by itself and N section two System Bit String carries out XOR, obtains N number of new binary bits string, N number of new binary bits string is converted to word It is combined after symbol string, form new key, jointly preserve with binary bits string R;
Described decruption key module, for being M section character string, wherein, M=N by new key even partition;To M section word Symbol string carries out binary bits string conversion, obtains M section binary bits string;By M section binary bits string and binary bits string R Carry out XOR, obtain M new binary bits string, M new binary bits string is converted to after character string, carries out Combination, obtains correct key.
Specifically, randomly generate a binary bits string R, itself and N section binary bits string are carried out XOR, obtains The calculation obtaining N number of new binary bits string is as follows:
Wherein, PNFor N section binary bits string, SNFor the new binary bits string of n-th, N=1 ... N.
Further, described decruption key module, new key is carried out all with reference to the combination of encryption key module Even be divided into M section character string, M=N, the M section character string obtaining be S1, S2... ... SN
M section binary bits string is carried out XOR with binary bits string R, obtains M new binary bits string Calculation as follows:
Described decruption key module, by P1To PNAfter being converted to character string, with reference to encryption key module even partition side Formula combination forms correct key.
Specifically, bit-string length and the N section binary bits string length one of a binary bits string R are randomly generated Cause.
For the storage method of above-mentioned fragmentation key storage system, including:System carries out to key to be stored adding Store after close, during use, the key of taking-up storage is decrypted and obtains correct key;
Storage after system is encrypted to key to be stored includes:The character string of key to be stored is uniformly divided by system It is segmented into N section, N 2;And N section character string is carried out binary bits string conversion, obtain N section binary bits string;System is produced at random A raw binary bits string R, itself and N section binary bits string are carried out XOR, obtain N number of new binary bits String, N number of new binary bits string is converted to and is combined after character string, forms new key, with binary bits string R altogether With preservation;
The key that system takes out storage is decrypted and obtains correct key and include:New key even partition is by system M section character string, wherein, M=N;M section character string is carried out with binary bits string conversion, obtains M section binary bits string;By M section Binary bits string and binary bits string R carry out XOR, obtain M new binary bits string, and M new two is entered After Bit String processed is converted to character string, it is combined, obtain correct key.
Specifically, system randomly generates a binary bits string R, and itself and N section binary bits string are carried out XOR fortune Calculate, the calculation obtaining N number of new binary bits string is as follows:
Wherein, PNFor N section binary bits string, SNFor the new binary bits string of n-th, N=1 ... N.
Specifically, new key is carried out even partition with reference to the combination in ciphering process by system is M section character string, M=N, the M section character string obtaining is S1, S2... ... SN
M section binary bits string is carried out XOR with binary bits string R, obtains M new binary bits string Calculation as follows:
System is by P1To PNAfter being converted to character string, with reference to the even partition mode in ciphering process by the character after changing String is combined into correct key.
Specifically, bit-string length and the N section binary bits string length one of a binary bits string R are randomly generated Cause.
The invention has the beneficial effects as follows:The invention provides a kind of fragmentation method for storing cipher key based on ecb mode, solution The certainly safe storage problem of key in AES application, and the design in algorithm mainly adopts XOR, calculates complicated Spend for o (1), therefore performance impact will not be produced to certification.
Specific embodiment with reference to embodiments, is described in further detail to the above of the present invention again. But this scope being interpreted as the above-mentioned theme of the present invention should not be only limitted to Examples below.Thinking without departing from the above-mentioned technology of the present invention In the case of thinking, the various replacements made according to ordinary skill knowledge and customary means or change, all should include at this In bright scope.
Specific embodiment
Describe technical scheme with reference to embodiment in detail:
The present invention be directed to prior art in AES beyond the clouds with the application process of terminal in, key easily by strength quick-fried Problem that is broken or permeating, provides a kind of fragmentation key storage system, including encryption key module and decruption key module;Described Encryption key module, for the character string even partition of key is N section, N 2;And N section character string is carried out binary bits String conversion, obtains N section binary bits string;Randomly generate a binary bits string R, it is entered with N section binary bits string Row XOR, obtains N number of new binary bits string, N number of new binary bits string is converted to and carries out group after character string Close, form new key, jointly preserve with binary bits string R;Described decruption key module, for uniformly dividing new key It is segmented into M section character string, wherein, M=N;M section character string is carried out with binary bits string conversion, obtains M section binary bits string; M section binary bits string is carried out XOR with binary bits string R, obtains M new binary bits string, new by M Binary bits string be converted to character string after, be combined, obtain correct key.For above-mentioned fragmentation key storage system The storage method of system, including:The character string even partition of key is N section by system, N 2;And N section character string is carried out two enter Bit String conversion processed, obtains N section binary bits string;System randomly generates a binary bits string R, and it is entered with N section two Bit String processed carries out XOR, obtains N number of new binary bits string, N number of new binary bits string is converted to character It is combined after string, form new key, jointly preserve with binary bits string R;During use, new key is uniformly divided by system It is segmented into M section character string, wherein, M=N;M section character string is carried out with binary bits string conversion, obtains M section binary bits string; M section binary bits string is carried out XOR with binary bits string R, obtains M new binary bits string, new by M Binary bits string be converted to character string after, be combined, obtain correct key.The invention provides a kind of be based on ECB The fragmentation method for storing cipher key of pattern, solves the safe storage problem of key in AES application, and setting in algorithm Meter mainly adopts XOR, and computation complexity is o (1), therefore will not produce performance impact to certification.
Embodiment
The fragmentation key storage system of this example, main two module encryption key modules of inclusion and deciphering cipher key module. Wherein, module correlation function is described below:
First, encryption key module
This module major function is that the key to AES carries out simple encryption, and the key essence of algorithm is a bit The character string of length.
First, user submits the key needing safety storage to it is assumed that the length of key is to unification authentication platform This key key is now carried out being evenly divided into N section, N 2 by 1024bit.This example is to carry out even partition by this key key As a example 8 sections, the character string after 8 sections of segmentations is respectively:P1, p2, p3, p4, p5, p6, p7 and p8, each of which section is all The character string of 128bit length.
Then, this 8 sections of character strings are converted to binary bits string, respectively q1, q2, q3, q4, q5, q6, q7 and q8, Finally adopt randomizer to produce the binary bits string r of a 128bit length, carry out XOR with clear text key.Two The length of system Bit String r is consistent with the length of 8 sections of binary bits strings.
Calculating process is as follows:
Then this 8 binary bits strings of s1, s2, s3, s4, s5, s6, s7 and s8 can be converted to character by platform respectively String, and be combined obtaining new " key " key`, returns to user, is stored in locally with plaintext version, wherein at random than Special r will carry out secret preservation.
2nd, decruption key module
This module major function is that the key key` after simple encryption is decrypted, and with reference to above-mentioned cipher mode, solves The flow process of close new " key " key` is as follows:
First, user submits newly " key " key` first to;Newly the bit length of " key " key` is 1024bit length, reference Encryption key module is combined obtaining the combination of new " key " key`, and carrying out even partition to new " key " key` is 8 Section, every segment length is 128bit;This 8 sections of character strings are respectively converted into binary bits length, you can obtain s1, s2, s3, s4, s5、s6、s7、s8;
Secondly, above-mentioned 8 sections of binary bits strings are carried out XOR respectively:
Finally, q1, q2, q3, q4, q5, q6, q7, q8 are converted to character string, with reference to the partitioning scheme of encryption key module Combine, you can obtain correct key key.
It should be noted that in ciphering process with the segmentation of the character string in decrypting process with combine it should mutually corresponding, In order to avoid obtaining the key of mistake.

Claims (8)

1. fragmentation key storage system is it is characterised in that include encryption key module and decruption key module;
Described encryption key module, for the character string even partition of key is N section, N 2;And N section character string is carried out two System Bit String is changed, and obtains N section binary bits string;Randomly generate a binary bits string R, by itself and N section binary system Bit String carries out XOR, obtains N number of new binary bits string, N number of new binary bits string is converted to character string After be combined, form new key, jointly preserve with binary bits string R;
Described decruption key module, for being M section character string, wherein, M=N by new key even partition;To M section character string Carry out binary bits string conversion, obtain M section binary bits string;M section binary bits string is carried out with binary bits string R XOR, obtains M new binary bits string, M new binary bits string is converted to after character string, carries out group Close, obtain correct key.
2. fragmentation key storage system according to claim 1 is it is characterised in that randomly generate binary bits String R, itself and N section binary bits string are carried out XOR, and the calculation obtaining N number of new binary bits string is as follows:
Wherein, PNFor N section binary bits string, SNFor the new binary bits string of n-th, N=1 ... N.
3. fragmentation key storage system according to claim 2, it is characterised in that described decruption key module, is incited somebody to action new Key with reference to encryption key module combination carry out even partition be M section character string, M=N, the M section character string obtaining For S1, S2... ... SN
M section binary bits string is carried out XOR with binary bits string R, obtains the meter of M new binary bits string Calculation mode is as follows:
Described decruption key module, by P1To PNAfter being converted to character string, with reference to encryption key module even partition mode group Close and form correct key.
4. fragmentation key storage system according to claim 1 is it is characterised in that randomly generate binary bits The bit-string length of string R is consistent with N section binary bits string length.
5. it is used for the storage method of the fragmentation key storage system described in claim 1-4 any one it is characterised in that wrapping Include:System stores after key to be stored is encrypted, during use take out storage key be decrypted obtain correctly close Key;
Storage after system is encrypted to key to be stored includes:The character string even partition of key to be stored is by system N section, N 2;And N section character string is carried out binary bits string conversion, obtain N section binary bits string;System randomly generates one Individual binary bits string R, itself and N section binary bits string are carried out XOR, obtain N number of new binary bits string, by N Individual new binary bits string is combined after being converted to character string, forms new key, jointly protects with binary bits string R Deposit;
The key that system takes out storage is decrypted and obtains correct key and include:New key even partition is M section by system Character string, wherein, M=N;M section character string is carried out with binary bits string conversion, obtains M section binary bits string;By M section two System Bit String and binary bits string R carry out XOR, obtain M new binary bits string, by M new binary system After Bit String is converted to character string, it is combined, obtain correct key.
6. storage method according to claim 5, will it is characterised in that system randomly generates a binary bits string R It carries out XOR with N section binary bits string, and the calculation obtaining N number of new binary bits string is as follows:
Wherein, PNFor N section binary bits string, SNFor the new binary bits string of n-th, N=1 ... N.
7. storage method according to claim 5 it is characterised in that system by new key with reference to the group in ciphering process It is M section character string that conjunction mode carries out even partition, M=N, and the M section character string obtaining is S1, S2... ... SN
M section binary bits string is carried out XOR with binary bits string R, obtains the meter of M new binary bits string Calculation mode is as follows:
System is by P1To PNAfter being converted to character string, with reference to the even partition mode in ciphering process by the character string group after changing Synthesize correct key.
8. storage method according to claim 5 is it is characterised in that randomly generate the bit of a binary bits string R String length is consistent with N section binary bits string length.
CN201610827260.5A 2016-09-18 2016-09-18 Fragmented secret key storage system and storage method thereof Pending CN106452731A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610827260.5A CN106452731A (en) 2016-09-18 2016-09-18 Fragmented secret key storage system and storage method thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610827260.5A CN106452731A (en) 2016-09-18 2016-09-18 Fragmented secret key storage system and storage method thereof

Publications (1)

Publication Number Publication Date
CN106452731A true CN106452731A (en) 2017-02-22

Family

ID=58168074

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610827260.5A Pending CN106452731A (en) 2016-09-18 2016-09-18 Fragmented secret key storage system and storage method thereof

Country Status (1)

Country Link
CN (1) CN106452731A (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107070896A (en) * 2017-03-20 2017-08-18 智牛股权投资基金(平潭)合伙企业(有限合伙) A kind of safe and efficient block chain customization login method and security hardening system
CN111064560A (en) * 2018-10-17 2020-04-24 千寻位置网络有限公司 Data encryption transmission method and device, terminal and data encryption transmission system
WO2020162856A1 (en) * 2019-02-05 2020-08-13 Istanbul Teknik Universitesi Application of key exchange based physical layer security methods
CN113204775A (en) * 2021-04-29 2021-08-03 北京连山科技股份有限公司 Data security protection method and system
CN115189873A (en) * 2022-07-11 2022-10-14 北京中航世科电子技术有限公司 Encryption method, device and system of plaintext secret key and storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102223228A (en) * 2011-05-11 2011-10-19 北京航空航天大学 Method for designing AES (Advanced Encryption Standard) encryption chip based on FPGA (Field Programmable Gate Array) and embedded encryption system
CN102448059A (en) * 2011-11-23 2012-05-09 南京航空航天大学 Encryption and decryption circuit structure applied to ZigBee protocol and control method thereof
US8331559B2 (en) * 2004-10-12 2012-12-11 Chiou-Haun Lee Diffused data encryption/decryption processing method

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8331559B2 (en) * 2004-10-12 2012-12-11 Chiou-Haun Lee Diffused data encryption/decryption processing method
CN102223228A (en) * 2011-05-11 2011-10-19 北京航空航天大学 Method for designing AES (Advanced Encryption Standard) encryption chip based on FPGA (Field Programmable Gate Array) and embedded encryption system
CN102448059A (en) * 2011-11-23 2012-05-09 南京航空航天大学 Encryption and decryption circuit structure applied to ZigBee protocol and control method thereof

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107070896A (en) * 2017-03-20 2017-08-18 智牛股权投资基金(平潭)合伙企业(有限合伙) A kind of safe and efficient block chain customization login method and security hardening system
CN111064560A (en) * 2018-10-17 2020-04-24 千寻位置网络有限公司 Data encryption transmission method and device, terminal and data encryption transmission system
WO2020162856A1 (en) * 2019-02-05 2020-08-13 Istanbul Teknik Universitesi Application of key exchange based physical layer security methods
CN113204775A (en) * 2021-04-29 2021-08-03 北京连山科技股份有限公司 Data security protection method and system
CN113204775B (en) * 2021-04-29 2021-12-14 北京连山科技股份有限公司 Data security protection method and system
CN115189873A (en) * 2022-07-11 2022-10-14 北京中航世科电子技术有限公司 Encryption method, device and system of plaintext secret key and storage medium

Similar Documents

Publication Publication Date Title
CN106452731A (en) Fragmented secret key storage system and storage method thereof
CN103905202B (en) A kind of RFID lightweight mutual authentication methods based on PUF
CN104202145B (en) For the method for the selection plaintext or cipher text side channel energy analytical attack of SM4 cryptographic algorithms round function output
US8799679B2 (en) Message authentication code pre-computation with applications to secure memory
US9553722B2 (en) Generating a key based on a combination of keys
CN109726567B (en) Moving target encryption method based on homomorphic encryption
KR20080093635A (en) Method for encrypting message for keeping integrity of message and apparatus, and method for decrypting message for keeping integrity of message and apparatus
CN107005415A (en) For encrypting/decrypting the block encryption method of message and realize the encryption device of this method
CN101242265A (en) Stream password and pseudorandom number generation method in secure system
US20190103957A1 (en) Encryption device, encryption method, decryption device and decryption method
CN108964872A (en) A kind of encryption method and device based on AES
CN107135408A (en) A kind of method for authenticating and device of video flowing address
CN102710414A (en) Randomized document block encryption method
US20140044262A1 (en) Low Latency Encryption and Authentication in Optical Transport Networks
CN104396182A (en) Method of encrypting data
CN102594549B (en) Multistage data encryption and decryption methods
CN102811124B (en) Based on the system Authentication method of two card trigram technology
CN104486756B (en) A kind of encryption and decryption method and system of close writing paper short message
CN103117850A (en) Cryptosystem based on random sequence database
US20150263858A1 (en) Method and device for digital data blocks encryption and decryption
CN109495255A (en) Digital cryptographic key protection method and its system based on android system
Kumar et al. Image encryption using simplified data encryption standard (S-DES)
Almoysheer et al. Enhancing Cloud Data Security using Multilevel Encryption Techniques.
CN102546151A (en) Data encryption and decryption method
CN102546152B (en) Method for achieving multi-stage encryption and decryption of data

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20170222

RJ01 Rejection of invention patent application after publication