CN106452731A - Fragmented secret key storage system and storage method thereof - Google Patents
Fragmented secret key storage system and storage method thereof Download PDFInfo
- Publication number
- CN106452731A CN106452731A CN201610827260.5A CN201610827260A CN106452731A CN 106452731 A CN106452731 A CN 106452731A CN 201610827260 A CN201610827260 A CN 201610827260A CN 106452731 A CN106452731 A CN 106452731A
- Authority
- CN
- China
- Prior art keywords
- string
- binary bits
- key
- section
- new
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0637—Modes of operation, e.g. cipher block chaining [CBC], electronic codebook [ECB] or Galois/counter mode [GCM]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The invention relates to an authentication platform. The invention provides a fragmented secret key storage system. A character string of the secret key is uniformly segmented into N sections; binary bit string conversion is performed on the N sections of character strings, and thus N sections of binary bit strings are acquired; a binary bit string R is randomly generated, and XOR operation is performed on the binary bit string R and the N sections of binary bit strings, thus N new binary bit strings are acquired, the N new binary bit strings are combined after being converted into the character strings to form a new secret key, and the new secret key and the binary bit string R are jointly stored; the new secret key is uniformly segmented into M sections of character strings, wherein M is equal to N; binary bit string conversion is performed on the M sections of character strings, and thus the M sections of binary bit strings are acquired; XOR operation is performed on the M sections of binary bit strings and the binary bit string R, thus the M new binary bit strings are acquired, and the M new binary bit strings are combined after being converted into the character strings to form the correct secret key. The system provided by the invention is applicable to storage of the secret key in an encryption algorithm and a digital certificate of a unified authentication platform.
Description
Technical field
The present invention relates to authentication platform, deposit particularly to the key in the AES and digital certificate of unification authentication platform
Storage.
Background technology
Recent domestic Situation on Information Security is increasingly severe, and information security events take place frequently, and safe the sending out of domestic information
Exhibition is still at an early stage, and the assault for enterprise also emerges in an endless stream, such as the go-between between high in the clouds and terminal
Attack, can steal and change the interactive information of high in the clouds and terminal, cause huge harm to enterprise.For this risk, I
Set up a unification authentication platform beyond the clouds and terminal between, the identity of high in the clouds and terminal is authenticated, and to high in the clouds and
The sensitive information of terminal interaction carries out encryption and decryption using symmetric encipherment algorithm, wherein adopts base to the authentication mode in terminal and high in the clouds
Authentication mode in the digital certificate of CA (authentication center) system of PKI mechanism.
CA system in PKI is responsible for creating or prove the reliable authoritative institution of identity.The digital certificate of CA
Authentication principles are based on the Digital Signature Algorithm in cryptography, and the core of Digital Signature Algorithm is exactly to adopt rivest, shamir, adelman
Signed and sign test.In cryptography, the means of safeguard protection information are not aimed at the protection of AES, but pin
Key for AES is protected.AES beyond the clouds with the application process of terminal in, key to be protected, prevent
Key is gone out by heavy blasting or penetration testing and causes damage to cloud terminal.
The present invention provide a kind of fragmentation method for storing cipher key one side can safety solve the problems, such as key storage;Separately
On the one hand also system will not be caused with the impact of aspect of performance.
Content of the invention
The technical problem to be solved it is simply that provide a kind of fragmentation key storage system and its storage method with
Realize the impact solving the problems, such as key storage, also system will not being caused with aspect of performance simultaneously of safety.
The present invention solves described technical problem, employed technical scheme comprise that, fragmentation key storage system, close including encrypting
Key module and decruption key module;
Described encryption key module, for the character string even partition of key is N section, N 2;And N section character string is entered
Row binary bits string is changed, and obtains N section binary bits string;Randomly generate a binary bits string R, by itself and N section two
System Bit String carries out XOR, obtains N number of new binary bits string, N number of new binary bits string is converted to word
It is combined after symbol string, form new key, jointly preserve with binary bits string R;
Described decruption key module, for being M section character string, wherein, M=N by new key even partition;To M section word
Symbol string carries out binary bits string conversion, obtains M section binary bits string;By M section binary bits string and binary bits string R
Carry out XOR, obtain M new binary bits string, M new binary bits string is converted to after character string, carries out
Combination, obtains correct key.
Specifically, randomly generate a binary bits string R, itself and N section binary bits string are carried out XOR, obtains
The calculation obtaining N number of new binary bits string is as follows:
Wherein, PNFor N section binary bits string, SNFor the new binary bits string of n-th, N=1 ... N.
Further, described decruption key module, new key is carried out all with reference to the combination of encryption key module
Even be divided into M section character string, M=N, the M section character string obtaining be S1, S2... ... SN;
M section binary bits string is carried out XOR with binary bits string R, obtains M new binary bits string
Calculation as follows:
Described decruption key module, by P1To PNAfter being converted to character string, with reference to encryption key module even partition side
Formula combination forms correct key.
Specifically, bit-string length and the N section binary bits string length one of a binary bits string R are randomly generated
Cause.
For the storage method of above-mentioned fragmentation key storage system, including:System carries out to key to be stored adding
Store after close, during use, the key of taking-up storage is decrypted and obtains correct key;
Storage after system is encrypted to key to be stored includes:The character string of key to be stored is uniformly divided by system
It is segmented into N section, N 2;And N section character string is carried out binary bits string conversion, obtain N section binary bits string;System is produced at random
A raw binary bits string R, itself and N section binary bits string are carried out XOR, obtain N number of new binary bits
String, N number of new binary bits string is converted to and is combined after character string, forms new key, with binary bits string R altogether
With preservation;
The key that system takes out storage is decrypted and obtains correct key and include:New key even partition is by system
M section character string, wherein, M=N;M section character string is carried out with binary bits string conversion, obtains M section binary bits string;By M section
Binary bits string and binary bits string R carry out XOR, obtain M new binary bits string, and M new two is entered
After Bit String processed is converted to character string, it is combined, obtain correct key.
Specifically, system randomly generates a binary bits string R, and itself and N section binary bits string are carried out XOR fortune
Calculate, the calculation obtaining N number of new binary bits string is as follows:
Wherein, PNFor N section binary bits string, SNFor the new binary bits string of n-th, N=1 ... N.
Specifically, new key is carried out even partition with reference to the combination in ciphering process by system is M section character string,
M=N, the M section character string obtaining is S1, S2... ... SN;
M section binary bits string is carried out XOR with binary bits string R, obtains M new binary bits string
Calculation as follows:
System is by P1To PNAfter being converted to character string, with reference to the even partition mode in ciphering process by the character after changing
String is combined into correct key.
Specifically, bit-string length and the N section binary bits string length one of a binary bits string R are randomly generated
Cause.
The invention has the beneficial effects as follows:The invention provides a kind of fragmentation method for storing cipher key based on ecb mode, solution
The certainly safe storage problem of key in AES application, and the design in algorithm mainly adopts XOR, calculates complicated
Spend for o (1), therefore performance impact will not be produced to certification.
Specific embodiment with reference to embodiments, is described in further detail to the above of the present invention again.
But this scope being interpreted as the above-mentioned theme of the present invention should not be only limitted to Examples below.Thinking without departing from the above-mentioned technology of the present invention
In the case of thinking, the various replacements made according to ordinary skill knowledge and customary means or change, all should include at this
In bright scope.
Specific embodiment
Describe technical scheme with reference to embodiment in detail:
The present invention be directed to prior art in AES beyond the clouds with the application process of terminal in, key easily by strength quick-fried
Problem that is broken or permeating, provides a kind of fragmentation key storage system, including encryption key module and decruption key module;Described
Encryption key module, for the character string even partition of key is N section, N 2;And N section character string is carried out binary bits
String conversion, obtains N section binary bits string;Randomly generate a binary bits string R, it is entered with N section binary bits string
Row XOR, obtains N number of new binary bits string, N number of new binary bits string is converted to and carries out group after character string
Close, form new key, jointly preserve with binary bits string R;Described decruption key module, for uniformly dividing new key
It is segmented into M section character string, wherein, M=N;M section character string is carried out with binary bits string conversion, obtains M section binary bits string;
M section binary bits string is carried out XOR with binary bits string R, obtains M new binary bits string, new by M
Binary bits string be converted to character string after, be combined, obtain correct key.For above-mentioned fragmentation key storage system
The storage method of system, including:The character string even partition of key is N section by system, N 2;And N section character string is carried out two enter
Bit String conversion processed, obtains N section binary bits string;System randomly generates a binary bits string R, and it is entered with N section two
Bit String processed carries out XOR, obtains N number of new binary bits string, N number of new binary bits string is converted to character
It is combined after string, form new key, jointly preserve with binary bits string R;During use, new key is uniformly divided by system
It is segmented into M section character string, wherein, M=N;M section character string is carried out with binary bits string conversion, obtains M section binary bits string;
M section binary bits string is carried out XOR with binary bits string R, obtains M new binary bits string, new by M
Binary bits string be converted to character string after, be combined, obtain correct key.The invention provides a kind of be based on ECB
The fragmentation method for storing cipher key of pattern, solves the safe storage problem of key in AES application, and setting in algorithm
Meter mainly adopts XOR, and computation complexity is o (1), therefore will not produce performance impact to certification.
Embodiment
The fragmentation key storage system of this example, main two module encryption key modules of inclusion and deciphering cipher key module.
Wherein, module correlation function is described below:
First, encryption key module
This module major function is that the key to AES carries out simple encryption, and the key essence of algorithm is a bit
The character string of length.
First, user submits the key needing safety storage to it is assumed that the length of key is to unification authentication platform
This key key is now carried out being evenly divided into N section, N 2 by 1024bit.This example is to carry out even partition by this key key
As a example 8 sections, the character string after 8 sections of segmentations is respectively:P1, p2, p3, p4, p5, p6, p7 and p8, each of which section is all
The character string of 128bit length.
Then, this 8 sections of character strings are converted to binary bits string, respectively q1, q2, q3, q4, q5, q6, q7 and q8,
Finally adopt randomizer to produce the binary bits string r of a 128bit length, carry out XOR with clear text key.Two
The length of system Bit String r is consistent with the length of 8 sections of binary bits strings.
Calculating process is as follows:
Then this 8 binary bits strings of s1, s2, s3, s4, s5, s6, s7 and s8 can be converted to character by platform respectively
String, and be combined obtaining new " key " key`, returns to user, is stored in locally with plaintext version, wherein at random than
Special r will carry out secret preservation.
2nd, decruption key module
This module major function is that the key key` after simple encryption is decrypted, and with reference to above-mentioned cipher mode, solves
The flow process of close new " key " key` is as follows:
First, user submits newly " key " key` first to;Newly the bit length of " key " key` is 1024bit length, reference
Encryption key module is combined obtaining the combination of new " key " key`, and carrying out even partition to new " key " key` is 8
Section, every segment length is 128bit;This 8 sections of character strings are respectively converted into binary bits length, you can obtain s1, s2, s3, s4,
s5、s6、s7、s8;
Secondly, above-mentioned 8 sections of binary bits strings are carried out XOR respectively:
Finally, q1, q2, q3, q4, q5, q6, q7, q8 are converted to character string, with reference to the partitioning scheme of encryption key module
Combine, you can obtain correct key key.
It should be noted that in ciphering process with the segmentation of the character string in decrypting process with combine it should mutually corresponding,
In order to avoid obtaining the key of mistake.
Claims (8)
1. fragmentation key storage system is it is characterised in that include encryption key module and decruption key module;
Described encryption key module, for the character string even partition of key is N section, N 2;And N section character string is carried out two
System Bit String is changed, and obtains N section binary bits string;Randomly generate a binary bits string R, by itself and N section binary system
Bit String carries out XOR, obtains N number of new binary bits string, N number of new binary bits string is converted to character string
After be combined, form new key, jointly preserve with binary bits string R;
Described decruption key module, for being M section character string, wherein, M=N by new key even partition;To M section character string
Carry out binary bits string conversion, obtain M section binary bits string;M section binary bits string is carried out with binary bits string R
XOR, obtains M new binary bits string, M new binary bits string is converted to after character string, carries out group
Close, obtain correct key.
2. fragmentation key storage system according to claim 1 is it is characterised in that randomly generate binary bits
String R, itself and N section binary bits string are carried out XOR, and the calculation obtaining N number of new binary bits string is as follows:
Wherein, PNFor N section binary bits string, SNFor the new binary bits string of n-th, N=1 ... N.
3. fragmentation key storage system according to claim 2, it is characterised in that described decruption key module, is incited somebody to action new
Key with reference to encryption key module combination carry out even partition be M section character string, M=N, the M section character string obtaining
For S1, S2... ... SN;
M section binary bits string is carried out XOR with binary bits string R, obtains the meter of M new binary bits string
Calculation mode is as follows:
Described decruption key module, by P1To PNAfter being converted to character string, with reference to encryption key module even partition mode group
Close and form correct key.
4. fragmentation key storage system according to claim 1 is it is characterised in that randomly generate binary bits
The bit-string length of string R is consistent with N section binary bits string length.
5. it is used for the storage method of the fragmentation key storage system described in claim 1-4 any one it is characterised in that wrapping
Include:System stores after key to be stored is encrypted, during use take out storage key be decrypted obtain correctly close
Key;
Storage after system is encrypted to key to be stored includes:The character string even partition of key to be stored is by system
N section, N 2;And N section character string is carried out binary bits string conversion, obtain N section binary bits string;System randomly generates one
Individual binary bits string R, itself and N section binary bits string are carried out XOR, obtain N number of new binary bits string, by N
Individual new binary bits string is combined after being converted to character string, forms new key, jointly protects with binary bits string R
Deposit;
The key that system takes out storage is decrypted and obtains correct key and include:New key even partition is M section by system
Character string, wherein, M=N;M section character string is carried out with binary bits string conversion, obtains M section binary bits string;By M section two
System Bit String and binary bits string R carry out XOR, obtain M new binary bits string, by M new binary system
After Bit String is converted to character string, it is combined, obtain correct key.
6. storage method according to claim 5, will it is characterised in that system randomly generates a binary bits string R
It carries out XOR with N section binary bits string, and the calculation obtaining N number of new binary bits string is as follows:
Wherein, PNFor N section binary bits string, SNFor the new binary bits string of n-th, N=1 ... N.
7. storage method according to claim 5 it is characterised in that system by new key with reference to the group in ciphering process
It is M section character string that conjunction mode carries out even partition, M=N, and the M section character string obtaining is S1, S2... ... SN;
M section binary bits string is carried out XOR with binary bits string R, obtains the meter of M new binary bits string
Calculation mode is as follows:
System is by P1To PNAfter being converted to character string, with reference to the even partition mode in ciphering process by the character string group after changing
Synthesize correct key.
8. storage method according to claim 5 is it is characterised in that randomly generate the bit of a binary bits string R
String length is consistent with N section binary bits string length.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610827260.5A CN106452731A (en) | 2016-09-18 | 2016-09-18 | Fragmented secret key storage system and storage method thereof |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610827260.5A CN106452731A (en) | 2016-09-18 | 2016-09-18 | Fragmented secret key storage system and storage method thereof |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106452731A true CN106452731A (en) | 2017-02-22 |
Family
ID=58168074
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610827260.5A Pending CN106452731A (en) | 2016-09-18 | 2016-09-18 | Fragmented secret key storage system and storage method thereof |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106452731A (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107070896A (en) * | 2017-03-20 | 2017-08-18 | 智牛股权投资基金(平潭)合伙企业(有限合伙) | A kind of safe and efficient block chain customization login method and security hardening system |
CN111064560A (en) * | 2018-10-17 | 2020-04-24 | 千寻位置网络有限公司 | Data encryption transmission method and device, terminal and data encryption transmission system |
WO2020162856A1 (en) * | 2019-02-05 | 2020-08-13 | Istanbul Teknik Universitesi | Application of key exchange based physical layer security methods |
CN113204775A (en) * | 2021-04-29 | 2021-08-03 | 北京连山科技股份有限公司 | Data security protection method and system |
CN115189873A (en) * | 2022-07-11 | 2022-10-14 | 北京中航世科电子技术有限公司 | Encryption method, device and system of plaintext secret key and storage medium |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102223228A (en) * | 2011-05-11 | 2011-10-19 | 北京航空航天大学 | Method for designing AES (Advanced Encryption Standard) encryption chip based on FPGA (Field Programmable Gate Array) and embedded encryption system |
CN102448059A (en) * | 2011-11-23 | 2012-05-09 | 南京航空航天大学 | Encryption and decryption circuit structure applied to ZigBee protocol and control method thereof |
US8331559B2 (en) * | 2004-10-12 | 2012-12-11 | Chiou-Haun Lee | Diffused data encryption/decryption processing method |
-
2016
- 2016-09-18 CN CN201610827260.5A patent/CN106452731A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8331559B2 (en) * | 2004-10-12 | 2012-12-11 | Chiou-Haun Lee | Diffused data encryption/decryption processing method |
CN102223228A (en) * | 2011-05-11 | 2011-10-19 | 北京航空航天大学 | Method for designing AES (Advanced Encryption Standard) encryption chip based on FPGA (Field Programmable Gate Array) and embedded encryption system |
CN102448059A (en) * | 2011-11-23 | 2012-05-09 | 南京航空航天大学 | Encryption and decryption circuit structure applied to ZigBee protocol and control method thereof |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107070896A (en) * | 2017-03-20 | 2017-08-18 | 智牛股权投资基金(平潭)合伙企业(有限合伙) | A kind of safe and efficient block chain customization login method and security hardening system |
CN111064560A (en) * | 2018-10-17 | 2020-04-24 | 千寻位置网络有限公司 | Data encryption transmission method and device, terminal and data encryption transmission system |
WO2020162856A1 (en) * | 2019-02-05 | 2020-08-13 | Istanbul Teknik Universitesi | Application of key exchange based physical layer security methods |
CN113204775A (en) * | 2021-04-29 | 2021-08-03 | 北京连山科技股份有限公司 | Data security protection method and system |
CN113204775B (en) * | 2021-04-29 | 2021-12-14 | 北京连山科技股份有限公司 | Data security protection method and system |
CN115189873A (en) * | 2022-07-11 | 2022-10-14 | 北京中航世科电子技术有限公司 | Encryption method, device and system of plaintext secret key and storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106452731A (en) | Fragmented secret key storage system and storage method thereof | |
CN103905202B (en) | A kind of RFID lightweight mutual authentication methods based on PUF | |
CN104202145B (en) | For the method for the selection plaintext or cipher text side channel energy analytical attack of SM4 cryptographic algorithms round function output | |
US8799679B2 (en) | Message authentication code pre-computation with applications to secure memory | |
US9553722B2 (en) | Generating a key based on a combination of keys | |
CN109726567B (en) | Moving target encryption method based on homomorphic encryption | |
KR20080093635A (en) | Method for encrypting message for keeping integrity of message and apparatus, and method for decrypting message for keeping integrity of message and apparatus | |
CN107005415A (en) | For encrypting/decrypting the block encryption method of message and realize the encryption device of this method | |
CN101242265A (en) | Stream password and pseudorandom number generation method in secure system | |
US20190103957A1 (en) | Encryption device, encryption method, decryption device and decryption method | |
CN108964872A (en) | A kind of encryption method and device based on AES | |
CN107135408A (en) | A kind of method for authenticating and device of video flowing address | |
CN102710414A (en) | Randomized document block encryption method | |
US20140044262A1 (en) | Low Latency Encryption and Authentication in Optical Transport Networks | |
CN104396182A (en) | Method of encrypting data | |
CN102594549B (en) | Multistage data encryption and decryption methods | |
CN102811124B (en) | Based on the system Authentication method of two card trigram technology | |
CN104486756B (en) | A kind of encryption and decryption method and system of close writing paper short message | |
CN103117850A (en) | Cryptosystem based on random sequence database | |
US20150263858A1 (en) | Method and device for digital data blocks encryption and decryption | |
CN109495255A (en) | Digital cryptographic key protection method and its system based on android system | |
Kumar et al. | Image encryption using simplified data encryption standard (S-DES) | |
Almoysheer et al. | Enhancing Cloud Data Security using Multilevel Encryption Techniques. | |
CN102546151A (en) | Data encryption and decryption method | |
CN102546152B (en) | Method for achieving multi-stage encryption and decryption of data |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170222 |
|
RJ01 | Rejection of invention patent application after publication |