CN106911469A - Key read method and device - Google Patents
Key read method and device Download PDFInfo
- Publication number
- CN106911469A CN106911469A CN201510982363.4A CN201510982363A CN106911469A CN 106911469 A CN106911469 A CN 106911469A CN 201510982363 A CN201510982363 A CN 201510982363A CN 106911469 A CN106911469 A CN 106911469A
- Authority
- CN
- China
- Prior art keywords
- key
- fragment data
- key fragment
- data
- public
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/085—Secret sharing or secret splitting, e.g. threshold schemes
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of key read method and device, it is related to network technique field, no longer be directly arranged in key in the code of application server by the present invention, but be stored in each public servicer by the form of burst, when key is needed to use, key fragment data read requests are sent to each public servicer for having key fragment data, obtain the key fragment data that each public servicer is returned, the key fragment data that will be obtained synthesizes key according to default composition rule, to realize that key reads, so as to the safety of key has been effectively ensured, and then the data interaction safety between application server and application program can be ensured.
Description
Technical field
The present invention relates to network technique field, more particularly to a kind of key read method and device.
Background technology
With the development of network technology, either daily life, or work entertainment,
Can't do without the figure of application program.
To carry out the security of data interaction between guarantee application program and application server, generally
Need by application server and application program both sides by the number in data key interaction
Encryption and decryption is carried out according to bag, but because the key of application server is typically to be directly present in inside it
Code in, enabling touch code server is likely to be exposed the key per capita, difficult
To ensure the safety of key, and then the data between application server and application program cannot be ensured
Interaction safety.
The content of the invention
In view of the above problems, it is proposed that the present invention overcomes above mentioned problem or extremely to provide one kind
A kind of key read method and device for partially solving the above problems.
According to one aspect of the present invention, there is provided a kind of key read method, including:
Sending the reading of key fragment data to each public servicer for having key fragment data please
Ask;
Obtain the key fragment data that each public servicer is returned;
The key fragment data that will be obtained synthesizes key according to default composition rule, to realize key
Read.
Alternatively, it is described to send key burst to each public servicer for having key fragment data
Before data read request, methods described also includes:
Key to be stored is divided at least two key fragment datas according to default segmentation rule,
And store to different public servers the key fragment data of segmentation respectively.
It is alternatively, described that by key to be stored, according to default segmentation rule, to be divided at least two close
Key fragment data, and the key fragment data of segmentation is stored to different public services respectively
Device, further includes:
It is at least two key fragment datas that key to be stored is blocked, and will block acquisition at least
Two key fragment datas are stored to different public servers respectively;
Correspondingly, it is described that the key fragment data for obtaining is synthesized close according to default composition rule
Key, further includes:
The key fragment data of acquisition is synthesized into key according to the mode blocked.
It is alternatively, described that by key to be stored, according to default segmentation rule, to be divided at least two close
Key fragment data, and the key fragment data of segmentation is stored to different public services respectively
Device, further includes:
It is at least two key fragment datas by key decomposition to be stored, is obtained decomposing at least
Two key fragment datas are stored to different public servers respectively;
Correspondingly, it is described that the key fragment data for obtaining is synthesized close according to default composition rule
Key, further includes:
The key fragment data of acquisition is synthesized into key according to the mode decomposed.
Alternatively, it is described to store to different public services the key fragment data of segmentation respectively
Device, further includes:
Key fragment data to splitting is encrypted respectively, and the key after encryption is divided
Sheet data is stored to different public servers respectively;
Correspondingly, it is described to obtain the key fragment data that each public servicer is returned, further wrap
Include:
Receive and decrypt the key fragment data that each public servicer is returned.
Alternatively, it is described that the key fragment data for obtaining is synthesized close according to default composition rule
Key, after realizing that key reads, methods described also includes:
The key is encrypted;
In response to the data interaction instruction of terminal triggering, place is decrypted to the key after encryption
Reason, data interaction is realized with according to the key with the terminal.
Alternatively, it is described that the key fragment data for obtaining is synthesized close according to default composition rule
Key, after realizing that key reads, methods described also includes:
The time point of record synthesis key, the time difference between current time and the time point
During more than preset duration, the key is deleted, and perform described to there being key fragment data
The step of each public servicer sends key fragment data read requests.
Alternatively, it is described to send key burst to each public servicer for having key fragment data
Data read request, further includes:
Acquisition has the server address of each public servicer of key fragment data, according to described
Server address sends key fragment data to each public servicer for having key fragment data
Read requests.
According to another aspect of the present invention, there is provided a kind of key reading device, including:
Request transmitting unit, is suitable to send close to each public servicer for having key fragment data
Key fragment data read requests;
Data capture unit, is suitable to obtain the key fragment data that each public servicer is returned;
Key synthesis unit, is suitable to close the key fragment data for obtaining according to default composition rule
Into key, to realize that key reads.
Alternatively, described device also includes:
Segmentation memory cell, is suitable to according to default segmentation rule be divided into key to be stored at least
Two key fragment datas, and the key fragment data of segmentation is stored to different public respectively
Server.
Alternatively, the segmentation memory cell, be further adapted for blocking key to be stored be to
Few two key fragment datas, at least two key fragment datas that will block acquisition are stored respectively
To different public servers;
Correspondingly, the key synthesis unit, is further adapted for the key fragment data that will be obtained
Mode according to blocking synthesizes key.
Alternatively, the segmentation memory cell, be further adapted for by key decomposition to be stored be to
Few two key fragment datas, will decompose at least two key fragment datas for obtaining and store respectively
To different public servers;
Correspondingly, the key synthesis unit, is further adapted for the key fragment data that will be obtained
Mode according to decomposing synthesizes key.
Alternatively, the segmentation memory cell, is further adapted for the key fragment data to splitting
It is encrypted respectively, and the key fragment data after encryption is stored to different public affairs respectively
Common server;
Correspondingly, the data capture unit, is further adapted for receiving and decrypting each utility
The key fragment data that device is returned.
Alternatively, described device also includes:
Cryptographic processing unit, is suitable to be encrypted the key;
Decryption interactive unit, is adapted for the data interaction instruction of terminal triggering, after encryption
Key be decrypted treatment, realize data interaction with the terminal with according to the key.
Alternatively, described device also includes:
Key delete unit, be suitable to record synthesis key time point, current time with it is described
When time difference between time point exceedes preset duration, the key is deleted, and call described asking
Seek transmitting element.
Alternatively, the request transmitting unit, is further adapted for acquisition and has key fragment data
Each public servicer server address, according to the server address to there being key burst
Each public servicer of data sends key fragment data read requests.
No longer be directly arranged in key in the code of application server by the present invention, but by burst
Form be stored in each public servicer, when key is needed to use, to there being key burst number
According to each public servicer send key fragment data read requests, obtain each public servicer and return
The key fragment data for returning, the key fragment data that will be obtained synthesizes close according to default composition rule
Key, to realize that key reads, answers so as to the safety of key being effectively ensured, and then can having ensured
With the data interaction safety between server and application program.
Brief description of the drawings
By reading the detailed description of hereafter preferred embodiment, various other advantage and benefit
Will be clear understanding for those of ordinary skill in the art.Accompanying drawing is only used for showing to be preferable to carry out
The purpose of mode, and it is not considered as limitation of the present invention.And in whole accompanying drawing, use
Identical reference symbol represents identical part.In the accompanying drawings:
Fig. 1 is the schematic flow sheet of the key read method of one embodiment of the present invention;
Fig. 2 is the schematic flow sheet of the key read method of one embodiment of the present invention;
Fig. 3 is the schematic flow sheet of the key read method of one embodiment of the present invention;
Fig. 4 is the schematic flow sheet of the key read method of one embodiment of the present invention;
Fig. 5 is the schematic flow sheet of the key read method of one embodiment of the present invention;
Fig. 6 is the schematic flow sheet of the key read method of one embodiment of the present invention;
Fig. 7 is the structured flowchart of the key reading device of one embodiment of the present invention.
Specific embodiment
With reference to the accompanying drawings and examples, specific embodiment of the invention is made further in detail
Description.Following examples are used to illustrate the present invention, but are not limited to the scope of the present invention.
Fig. 1 is the schematic flow sheet of the key read method of one embodiment of the present invention;Reference
Fig. 1, methods described includes:
S101:Key fragment data is sent to each public servicer for having key fragment data to read
Take request;
It should be noted that the executive agent of the method for present embodiment is application server, institute
The server that application server can be regarded as being carried out with application program data interaction is stated, it can be
The background server of application program, it is of course also possible to be other servers, present embodiment pair
This is not any limitation as.
It will be appreciated that in order to ensure key safety, so, it is necessary to ensure key fragment data
Do not stored on same public server, that is to say, that the number of the public server
Amount is usually multiple (i.e. at least two).
In implementing, read for the ease of sending key fragment data to each public server
Request, can first obtain the mark of each public server for having key fragment data, according to described
Identify to be read to each public server transmission key fragment data for having key fragment data and ask
Ask.
It will be appreciated that the mark of the public server is to be used to distinguish public server
Mark, for example:Server address, certainly, or public server IP address or MAC
Address etc., present embodiment is not any limitation as to this.
S102:Obtain the key fragment data that each public servicer is returned;
In implementing, the key fragment data that public server is returned is in public service
The key fragment data preserved on device, to avoid during each public server " return " key" fragment data
The data delay being likely to occur, influences the normal operation of the application server, present embodiment
In, the public server may be present in in the application server identical LAN,
That is, the data interaction between the application server and public server is by LAN
Internal data interactive mode is realized, so as to ensure to occur without data delay.
S103:The key fragment data that will be obtained synthesizes key according to default composition rule, with reality
Existing key reads.
No longer be directly arranged in key in the code of application server by present embodiment, but passes through
The form of burst is stored in each public servicer, when key is needed to use, is divided to there being key
Each public servicer of sheet data sends key fragment data read requests, obtains each utility
The key fragment data that device is returned, the key fragment data for obtaining is closed according to default composition rule
Into key, to realize that key reads, so as to the safety of key has been effectively ensured, and then can protect
Data interaction safety between barrier application server and application program.
Fig. 2 is the schematic flow sheet of the key read method of one embodiment of the present invention;Reference
Fig. 2, methods described includes:
S200:Key to be stored is divided at least two key bursts according to default segmentation rule
Data, and the key fragment data of segmentation is stored to different public servers respectively;
It should be noted that to cause there is key fragment data in public server, so,
Application server can be advised key to be stored according to default segmentation when key to be stored is received
At least two key fragment datas are then divided into, and the key fragment data of segmentation is stored respectively
To different public servers.
It should be understood that the application server is stored to not by the key fragment data of segmentation
After same public server, in addition it is also necessary to obtain and preserve the mark of each public server.
In implementing, the default segmentation rule is the reverse mistake of default composition rule
Journey, that is to say, that included flow and the default synthesis rule in the default segmentation rule
Included flow in then conversely, so, the application server is by key to be stored according to pre-
If after segmentation rule is split, you can it is determined that composition rule is preset accordingly, and to described pre-
If composition rule is preserved.
It will be appreciated that because application server may have multiple, that is to say, that, it is necessary to same
The application server of one key may have multiple, but in fact, not each application server
It is required to the process for carrying out Secret splitting and the storage of key fragment data, it is only necessary to should by first
The process of Secret splitting and the storage of key fragment data, other application server are carried out with server
The mark and default composition rule of reproducible each public server, so that directly to each public service
Device sends key fragment data read requests.
If it will be appreciated that key fragment data is uploaded into each public clothes by way of plaintext
Business device, is also relatively easy to cause Key Exposure, so, in present embodiment, can be to segmentation
Key fragment data is encrypted respectively, and the key fragment data after encryption is deposited respectively
Store up to different public servers, correspondingly, in the key fragment data that will be obtained according to default
, it is necessary to be decrypted to key fragment data before composition rule synthesis key.
Certainly, it is further when the key fragment data to splitting is encrypted respectively
Security is improved, multi-enciphering can be respectively carried out to key fragment data, also can be to different close
Key fragment data uses different AESs, certainly, can also use other modes, this implementation
Mode is not any limitation as to this.
S201:Key fragment data is sent to each public servicer for having key fragment data to read
Take request;
S202:Obtain the key fragment data that each public servicer is returned;
S203:The key fragment data that will be obtained synthesizes key according to default composition rule, with reality
Existing key reads.
S101~S103 is identical for the step of step S201~S203 is with the implementation method shown in Fig. 1,
This is repeated no more.
Fig. 3 is the schematic flow sheet of the key read method of one embodiment of the present invention;Reference
Fig. 3, methods described includes:
S300:It is at least two key fragment datas that key to be stored is blocked, and will block acquisition
At least two key fragment datas store respectively to different public servers;
It will be appreciated that the efficiency in order to improve Split Key, in present embodiment, by cutting
Disconnected mode carries out Secret splitting, that is to say, that it is at least two sections words to block key to be stored
Symbol string, and the character string that will be obtained is used as key fragment data.
For example:Key to be stored is AAAABBBBCCCCDDDD, and it is 3 sections of characters to block
String, 3 sections of character strings are respectively " AAA ", " ABBBBC " and " CCCDDDD ", now,
Can be using character string as key fragment data, that is to say, that 3 key fragment datas are respectively
" AAA ", " ABBBBC " and " CCCDDDD ", certainly, blocks for the ease of record
Mode, 3 sequence numbers of key fragment data are can record, for example, by key fragment data
The sequence number of " AAA " is designated as 1, and the sequence number of key fragment data " ABBBBC " is designated as into 2,
The sequence number of key fragment data " CCCDDDD " is designated as 3.
Therefore, after key fragment data is uploaded into each public server, can record key point
Corresponding relation between the mark of the sequence number of sheet data and each public server, and it is right by what is recorded
Should be related to as the mode blocked.
S301:Key fragment data is sent to each public servicer for having key fragment data to read
Take request;
S302:Obtain the key fragment data that each public servicer is returned;
S201~S203 is identical for the step of step S301~S302 is with the implementation method shown in Fig. 2,
This is repeated no more.
S303:The key fragment data of acquisition is synthesized into key according to the mode blocked, to realize
Key reads.
It will be appreciated that because the mode blocked is the sequence number and each public affairs of key fragment data
Corresponding relation between the mark of common server, so, in the mark by each public server
After obtaining key fragment data, can be according to the sequence number of the key fragment data to the key point
Sheet data is combined, so as to synthesize key, realizes that key reads.
Fig. 4 is the schematic flow sheet of the key read method of one embodiment of the present invention;Reference
Fig. 4, methods described includes:
S400:It is at least two key fragment datas by key decomposition to be stored, is obtained decomposing
At least two key fragment datas store respectively to different public servers;
It will be appreciated that the synthesis difficulty in order to reduce key, in present embodiment, by dividing
The mode of solution carries out Secret splitting, that is to say, that by key decomposition to be stored be at least two sections words
Symbol string, and the character string that will be obtained is used as key fragment data.
For example:Key to be stored is AAAABBBBCCCCDDDD, is decomposed into 4 sections of characters
String, 4 sections of character strings be respectively " AAAAAAAAAAAAAAAA ",
" 0000111111111111 ", " 0000000011111111 " and " 0000000000001111 ",
Now, can be using character string as key fragment data, that is to say, that 4 key fragment datas
Respectively " AAAAAAAAAAAAAAAA ", " 0000111111111111 ",
" 0000000011111111 " and " 0000000000001111 ", because the mode decomposed is not deposited
In ordinal relation, so, the sequence number without recording key fragment data, without record key
Corresponding relation between the mark of the sequence number of fragment data and each public server.
S401:Key fragment data is sent to each public servicer for having key fragment data to read
Take request;
S402:Obtain the key fragment data that each public servicer is returned;
S201~S203 is identical for the step of step S401~S402 is with the implementation method shown in Fig. 2,
This is repeated no more.
S403:The key fragment data of acquisition is synthesized into key according to the mode decomposed, to realize
Key reads.
It will be appreciated that due to using decompose by the way of, in present embodiment, can be relatively simple
Ground synthesis key, it is only necessary to using the summed result of key fragment data as key, realize
It is easy.
Fig. 5 is the schematic flow sheet of the key read method of one embodiment of the present invention;Reference
Fig. 5, methods described includes:
S501:Key fragment data is sent to each public servicer for having key fragment data to read
Take request;
S502:Obtain the key fragment data that each public servicer is returned;
S503:The key fragment data that will be obtained synthesizes key according to default composition rule, with reality
Existing key reads;
S101~S103 is identical for the step of step S501~S503 is with the implementation method shown in Fig. 1,
This is repeated no more.
S504:The key is encrypted;
It will be appreciated that after application server carries out key reading, now, key is present in should
With in the internal memory of server, if key is present in the application clothes by way of plaintext for a long time
It is engaged in the internal memory of device, is easily caused Key Exposure, in present embodiment, after key reading,
The key can be encrypted.
S505:In response to the data interaction instruction of terminal triggering, the key after encryption is solved
Close treatment, data interaction is realized with according to the key with the terminal.
In implementing, when the application triggers data interaction in terminal is instructed, application
Server needs to use the key to carry out data interaction with the application program in the terminal, now,
Treatment can be decrypted to the key after encryption, so as to be realized with the terminal according to the key
Data interaction.
Certainly, in order to be further ensured that the security of key, the number with the terminal can terminated
After according to interaction, the key is encrypted again, that is to say, that key is except making
Used time, encrypted state can be constantly in.
Fig. 6 is the schematic flow sheet of the key read method of one embodiment of the present invention;Reference
Fig. 6, methods described includes:
S601:Key fragment data is sent to each public servicer for having key fragment data to read
Take request;
S602:Obtain the key fragment data that each public servicer is returned;
S603:The key fragment data that will be obtained synthesizes key according to default composition rule, with reality
Existing key reads;
S101~S103 is identical for the step of step S601~S603 is with the implementation method shown in Fig. 1,
This is repeated no more.
S604:The time point of record synthesis key, between current time and the time point
When time difference exceedes preset duration, the key, and return to step S601 are deleted.
It will be appreciated that in order to prevent because key storage is in the time on the application server
The long potential safety hazard for causing, in present embodiment, at the time point of record synthesis key, is working as
When time difference between preceding time and the time point exceedes preset duration, the key is deleted,
That is, just send key fragment data to each public servicer again every Preset Time reading
Request is taken, carries out synthesizing the process of key again.
In implementing, the preset duration can be configured as needed, for example:It is set to
12~24 hours, certainly, other durations can be also set to, present embodiment is not any limitation as to this.
For embodiment of the method, in order to be briefly described, therefore it is all expressed as a series of action
Combination, but those skilled in the art should know, and the embodiment of the present invention is not received described
The limitation of sequence of movement, because according to the embodiment of the present invention, some steps can be suitable using other
Sequence is carried out simultaneously.Secondly, those skilled in the art should also know, be retouched in specification
The embodiment stated belongs to preferred embodiment, and the involved action not necessarily present invention is implemented
Necessary to example.
Fig. 7 is the structured flowchart of the key reading device of one embodiment of the present invention;Reference picture
7, described device includes:
Request transmitting unit 701, is suitable to be sent out to each public servicer for having key fragment data
Send key fragment data read requests;
Data capture unit 702, is suitable to obtain the key fragment data that each public servicer is returned;
Key synthesis unit 703, the key fragment data for being suitable to obtain is advised according to default synthesis
Then synthesize key, to realize that key reads.
In a kind of alternative embodiment of the invention, described device also includes:
Segmentation memory cell, is suitable to according to default segmentation rule be divided into key to be stored at least
Two key fragment datas, and the key fragment data of segmentation is stored to different public respectively
Server.
In a kind of alternative embodiment of the invention, the segmentation memory cell is further adapted for
It is at least two key fragment datas that key to be stored is blocked, and will block at least two of acquisition
Key fragment data is stored to different public servers respectively;
Correspondingly, the key synthesis unit, is further adapted for the key fragment data that will be obtained
Mode according to blocking is combined, to synthesize key.
In a kind of alternative embodiment of the invention, the segmentation memory cell is further adapted for
It is at least two key fragment datas by key decomposition to be stored, at least two for obtaining will be decomposed
Key fragment data is stored to different public servers respectively;
Correspondingly, the key synthesis unit, is further adapted for the key fragment data that will be obtained
Mode according to decomposing is combined, to synthesize key.
In a kind of alternative embodiment of the invention, the segmentation memory cell is further adapted for
Key fragment data to splitting is encrypted respectively, and by the key burst number after encryption
According to storing respectively to different public servers;
Correspondingly, the data capture unit, is further adapted for receiving and decrypting each utility
The key fragment data that device is returned.
In a kind of alternative embodiment of the invention, described device also includes:
Cryptographic processing unit, is suitable to be encrypted the key;
Decryption interactive unit, is adapted for the data interaction instruction of terminal triggering, after encryption
Key be decrypted treatment, realize data interaction with the terminal with according to the key.
In a kind of alternative embodiment of the invention, described device also includes:
Key delete unit, be suitable to record synthesis key time point, current time with it is described
When time difference between time point exceedes preset duration, the key is deleted, and call described asking
Seek transmitting element.
In a kind of alternative embodiment of the invention, the request transmitting unit is further adapted for
Acquisition has the server address of each public servicer of key fragment data, according to the service
Device address sends key fragment data and reads to each public servicer for having key fragment data
Request.
For device embodiment, because it is substantially similar to embodiment of the method, so description
It is fairly simple, the relevent part can refer to the partial explaination of embodiments of method.
It should be noted that in all parts of device of the invention, to be realized according to it
Function and logical partitioning has been carried out to part therein, but, the present invention is not only restricted to this, can
To be repartitioned to all parts or be combined as needed, for example, can be by some portions
Part is combined as single part, or some parts can be further broken into more sub-portions
Part.
All parts embodiment of the invention can realize with hardware, or with one or many
The software module run on individual processor is realized, or is realized with combinations thereof.This area
It will be appreciated by the skilled person that microprocessor or digital signal processor can be used in practice
(DSP) one of some or all parts in device according to embodiments of the present invention are realized
A little or repertoire.The present invention is also implemented as performing method as described herein
Some or all equipment or program of device are (for example, computer program and computer journey
Sequence product).It is such to realize that program of the invention be stored on a computer-readable medium,
Or can have the form of one or more signal.Such signal can be from internet net
Downloaded on standing and obtained, or provided on carrier signal, or provided in any other form.
It should be noted that above-described embodiment the present invention will be described enters rather than to the present invention
Row limitation, and those skilled in the art are without departing from the scope of the appended claims
Alternative embodiment can be designed.In the claims, any ginseng that will should not be located between bracket
Examine symbol construction into limitations on claims.Word "comprising" does not exclude the presence of the power of not being listed in
Element or step in profit requirement.Word "a" or "an" before element is not arranged
Except in the presence of multiple such elements.The present invention can be by means of including the hard of some different elements
Part and realized by means of properly programmed computer.If being weighed in the unit for listing equipment for drying
During profit is required, several in these devices can be come specific body by same hardware branch
It is existing.The use of word first, second, and third does not indicate that any order.Can be by these
Word is construed to title.
Embodiment of above is only suitable to illustrate of the invention, and not limitation of the present invention, it is relevant
The those of ordinary skill of technical field, without departing from the spirit and scope of the present invention,
Can also make a variety of changes and modification, therefore all equivalent technical schemes fall within the present invention
Category, scope of patent protection of the invention should be defined by the claims.
The invention discloses A1, a kind of key read method, including:
Sending the reading of key fragment data to each public servicer for having key fragment data please
Ask;
Obtain the key fragment data that each public servicer is returned;
The key fragment data that will be obtained synthesizes key according to default composition rule, to realize key
Read.
A2, the method as described in A1, it is described to each utility for having key fragment data
Before device sends key fragment data read requests, methods described also includes:
Key to be stored is divided at least two key fragment datas according to default segmentation rule,
And store to different public servers the key fragment data of segmentation respectively.
A3, the method as described in A2, it is described to divide key to be stored according to default segmentation rule
At least two key fragment datas are segmented into, and the key fragment data of segmentation is stored to not respectively
Same public server, further includes:
It is at least two key fragment datas that key to be stored is blocked, and will block acquisition at least
Two key fragment datas are stored to different public servers respectively;
Correspondingly, it is described that the key fragment data for obtaining is synthesized close according to default composition rule
Key, further includes:
The key fragment data of acquisition is synthesized into key according to the mode blocked.
A4, the method as described in A2, it is described to divide key to be stored according to default segmentation rule
At least two key fragment datas are segmented into, and the key fragment data of segmentation is stored to not respectively
Same public server, further includes:
It is at least two key fragment datas by key decomposition to be stored, is obtained decomposing at least
Two key fragment datas are stored to different public servers respectively;
Correspondingly, it is described that the key fragment data for obtaining is synthesized close according to default composition rule
Key, further includes:
The key fragment data of acquisition is synthesized into key according to the mode decomposed.
A5, the method as any one of A2~A4, the key burst number that will split
According to storing respectively to different public servers, further include:
Key fragment data to splitting is encrypted respectively, and the key after encryption is divided
Sheet data is stored to different public servers respectively;
Correspondingly, it is described to obtain the key fragment data that each public servicer is returned, further wrap
Include:
Receive and decrypt the key fragment data that each public servicer is returned.
A6, the method as any one of A1~A5, the key burst number that will be obtained
Synthesize key according to according to default composition rule, after realizing that key reads, methods described is also wrapped
Include:
The key is encrypted;
In response to the data interaction instruction of terminal triggering, place is decrypted to the key after encryption
Reason, data interaction is realized with according to the key with the terminal.
A7, the method as any one of A1~A6, the key burst number that will be obtained
Synthesize key according to according to default composition rule, after realizing that key reads, methods described is also wrapped
Include:
The time point of record synthesis key, the time difference between current time and the time point
During more than preset duration, the key is deleted, and perform described to there being key fragment data
The step of each public servicer sends key fragment data read requests.
A8, the method as any one of A1~A7, it is described to there being key fragment data
Each public servicer send key fragment data read requests, further include:
Acquisition has the server address of each public servicer of key fragment data, according to described
Server address sends key fragment data to each public servicer for having key fragment data
Read requests.
The invention also discloses B9, a kind of key reading device, including:
Request transmitting unit, is suitable to send close to each public servicer for having key fragment data
Key fragment data read requests;
Data capture unit, is suitable to obtain the key fragment data that each public servicer is returned;
Key synthesis unit, is suitable to close the key fragment data for obtaining according to default composition rule
Into key, to realize that key reads.
B10, the device as described in B9, described device also include:
Segmentation memory cell, is suitable to according to default segmentation rule be divided into key to be stored at least
Two key fragment datas, and the key fragment data of segmentation is stored to different public respectively
Server.
B11, the device as described in B10, the segmentation memory cell are further adapted for treating
It is at least two key fragment datas that storage key is blocked, and will block at least two keys of acquisition
Fragment data is stored to different public servers respectively;
Correspondingly, the key synthesis unit, is further adapted for the key fragment data that will be obtained
Mode according to blocking synthesizes key.
B12, the device as described in B10, the segmentation memory cell are further adapted for treating
Storage key decomposition is at least two key fragment datas, will decompose at least two keys for obtaining
Fragment data is stored to different public servers respectively;
Correspondingly, the key synthesis unit, is further adapted for the key fragment data that will be obtained
Mode according to decomposing synthesizes key.
B13, the device as any one of B10~B12, the segmentation memory cell, enter
One step be suitable to split key fragment data be encrypted respectively, and by encryption after it is close
Key fragment data is stored to different public servers respectively;
Correspondingly, the data capture unit, is further adapted for receiving and decrypting each utility
The key fragment data that device is returned.
B14, the device as any one of B9~B13, described device also include:
Cryptographic processing unit, is suitable to be encrypted the key;
Decryption interactive unit, is adapted for the data interaction instruction of terminal triggering, after encryption
Key be decrypted treatment, realize data interaction with the terminal with according to the key.
B15, the device as any one of B9~B14, described device also include:
Key delete unit, be suitable to record synthesis key time point, current time with it is described
When time difference between time point exceedes preset duration, the key is deleted, and call described asking
Seek transmitting element.
B16, the device as any one of B9~B15, the request transmitting unit are entered
One step is suitable to obtain the server address of each public servicer for having key fragment data, according to
The server address sends key burst to each public servicer for having key fragment data
Data read request.
Claims (10)
1. a kind of key read method, including:
Sending the reading of key fragment data to each public servicer for having key fragment data please
Ask;
Obtain the key fragment data that each public servicer is returned;
The key fragment data that will be obtained synthesizes key according to default composition rule, to realize key
Read.
2. the method for claim 1, it is described to there being each public of key fragment data
Before server sends key fragment data read requests, methods described also includes:
Key to be stored is divided at least two key fragment datas according to default segmentation rule,
And store to different public servers the key fragment data of segmentation respectively.
3. method as claimed in claim 2, it is described by key to be stored according to default segmentation
Rule is divided at least two key fragment datas, and the key fragment data of segmentation is deposited respectively
Storage is further included to different public servers:
It is at least two key fragment datas that key to be stored is blocked, and will block acquisition at least
Two key fragment datas are stored to different public servers respectively;
Correspondingly, it is described that the key fragment data for obtaining is synthesized close according to default composition rule
Key, further includes:
The key fragment data of acquisition is synthesized into key according to the mode blocked.
4. method as claimed in claim 2, it is described by key to be stored according to default segmentation
Rule is divided at least two key fragment datas, and the key fragment data of segmentation is deposited respectively
Storage is further included to different public servers:
It is at least two key fragment datas by key decomposition to be stored, is obtained decomposing at least
Two key fragment datas are stored to different public servers respectively;
Correspondingly, it is described that the key fragment data for obtaining is synthesized close according to default composition rule
Key, further includes:
The key fragment data of acquisition is synthesized into key according to the mode decomposed.
5. the method as any one of claim 2~4, described by the key split point
Sheet data is stored to different public servers respectively, is further included:
Key fragment data to splitting is encrypted respectively, and the key after encryption is divided
Sheet data is stored to different public servers respectively;
Correspondingly, it is described to obtain the key fragment data that each public servicer is returned, further wrap
Include:
Receive and decrypt the key fragment data that each public servicer is returned.
6. the method as any one of Claims 1 to 5, described by the key for obtaining point
Sheet data synthesizes key according to default composition rule, after realizing that key reads, methods described
Also include:
The key is encrypted;
In response to the data interaction instruction of terminal triggering, place is decrypted to the key after encryption
Reason, data interaction is realized with according to the key with the terminal.
7. the method as any one of claim 1~6, described by the key for obtaining point
Sheet data synthesizes key according to default composition rule, after realizing that key reads, methods described
Also include:
The time point of record synthesis key, the time difference between current time and the time point
During more than preset duration, the key is deleted, and perform described to there being key fragment data
The step of each public servicer sends key fragment data read requests.
8. the method as any one of claim 1~7, it is described to there being key burst
Each public servicer of data sends key fragment data read requests, further includes:
Acquisition has the server address of each public servicer of key fragment data, according to described
Server address sends key fragment data to each public servicer for having key fragment data
Read requests.
9. a kind of key reading device, including:
Request transmitting unit, is suitable to send close to each public servicer for having key fragment data
Key fragment data read requests;
Data capture unit, is suitable to obtain the key fragment data that each public servicer is returned;
Key synthesis unit, is suitable to close the key fragment data for obtaining according to default composition rule
Into key, to realize that key reads.
10. device as claimed in claim 9, described device also includes:
Segmentation memory cell, is suitable to according to default segmentation rule be divided into key to be stored at least
Two key fragment datas, and the key fragment data of segmentation is stored to different public respectively
Server.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510982363.4A CN106911469A (en) | 2015-12-23 | 2015-12-23 | Key read method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510982363.4A CN106911469A (en) | 2015-12-23 | 2015-12-23 | Key read method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN106911469A true CN106911469A (en) | 2017-06-30 |
Family
ID=59206131
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510982363.4A Pending CN106911469A (en) | 2015-12-23 | 2015-12-23 | Key read method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106911469A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107516049A (en) * | 2017-07-31 | 2017-12-26 | 广东美的制冷设备有限公司 | Method for reading data, device, safety chip and computer equipment |
| CN107979461A (en) * | 2017-10-27 | 2018-05-01 | 财付通支付科技有限公司 | Secret key method for retrieving, device, terminal, key escrow server and computer-readable recording medium |
| CN109347630A (en) * | 2018-10-16 | 2019-02-15 | 航天信息股份有限公司 | A kind of tax controlling equipment cryptographic key distribution method and system |
| CN111355680A (en) * | 2018-12-04 | 2020-06-30 | 李舒云 | Key distribution method, key receiving method, electronic terminal and storage medium |
| CN111711515A (en) * | 2020-05-18 | 2020-09-25 | 冠群信息技术(南京)有限公司 | Three-party AES key synthesis method, encryption method and decryption method |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101621375A (en) * | 2009-07-28 | 2010-01-06 | 成都市华为赛门铁克科技有限公司 | Method, device and system for managing key |
| CN103023635A (en) * | 2012-12-03 | 2013-04-03 | 广东欧珀移动通信有限公司 | Method and device for message backup |
| US8561211B1 (en) * | 2001-07-31 | 2013-10-15 | Marvell International Ltd. | System and method for enhanced piracy protection in a wireless personal communication device |
| CN103414682A (en) * | 2013-04-07 | 2013-11-27 | 深圳大学 | Method for cloud storage of data and system |
| JP2014060614A (en) * | 2012-09-18 | 2014-04-03 | Hitachi Solutions Ltd | Encrypted data management system |
-
2015
- 2015-12-23 CN CN201510982363.4A patent/CN106911469A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8561211B1 (en) * | 2001-07-31 | 2013-10-15 | Marvell International Ltd. | System and method for enhanced piracy protection in a wireless personal communication device |
| CN101621375A (en) * | 2009-07-28 | 2010-01-06 | 成都市华为赛门铁克科技有限公司 | Method, device and system for managing key |
| JP2014060614A (en) * | 2012-09-18 | 2014-04-03 | Hitachi Solutions Ltd | Encrypted data management system |
| CN103023635A (en) * | 2012-12-03 | 2013-04-03 | 广东欧珀移动通信有限公司 | Method and device for message backup |
| CN103414682A (en) * | 2013-04-07 | 2013-11-27 | 深圳大学 | Method for cloud storage of data and system |
Non-Patent Citations (2)
| Title |
|---|
| JIN LI等: ""Secure Deduplication with Efficient and Reliable Convergent Key Management"", 《IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS》 * |
| 张青凤等: "《信息存储安全理论与应用[M]》", 30 September 2012 * |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107516049A (en) * | 2017-07-31 | 2017-12-26 | 广东美的制冷设备有限公司 | Method for reading data, device, safety chip and computer equipment |
| CN107979461A (en) * | 2017-10-27 | 2018-05-01 | 财付通支付科技有限公司 | Secret key method for retrieving, device, terminal, key escrow server and computer-readable recording medium |
| CN111600710A (en) * | 2017-10-27 | 2020-08-28 | 财付通支付科技有限公司 | Key storage method, device, terminal, server and readable medium |
| CN111600710B (en) * | 2017-10-27 | 2023-01-13 | 财付通支付科技有限公司 | Key storage method, device, terminal, server and readable medium |
| CN109347630A (en) * | 2018-10-16 | 2019-02-15 | 航天信息股份有限公司 | A kind of tax controlling equipment cryptographic key distribution method and system |
| CN111355680A (en) * | 2018-12-04 | 2020-06-30 | 李舒云 | Key distribution method, key receiving method, electronic terminal and storage medium |
| CN111711515A (en) * | 2020-05-18 | 2020-09-25 | 冠群信息技术(南京)有限公司 | Three-party AES key synthesis method, encryption method and decryption method |
| CN111711515B (en) * | 2020-05-18 | 2022-04-26 | 冠群信息技术(南京)有限公司 | Three-party AES key synthesis method, encryption method and decryption method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11050561B2 (en) | Multi-party security computing method and apparatus, and electronic device | |
| US20210051001A1 (en) | Multiparty secure computing method, device, and electronic device | |
| US11038679B2 (en) | Secure multi-party computation method and apparatus, and electronic device | |
| Chu et al. | Security and privacy analyses of internet of things children’s toys | |
| CN106911469A (en) | Key read method and device | |
| CN103716330B (en) | A kind of digital content encryption and decryption method and equipment | |
| US10069809B2 (en) | System and method for secure transmission of web pages using encryption of their content | |
| CN1691574B (en) | Rendering protected digital content within a network of computing devices or the like | |
| CN104769606B (en) | The system and method that the computer environment of safety is provided | |
| CN110214325A (en) | Data mask | |
| CN103294961A (en) | Method and device for file encrypting/decrypting | |
| CN112487483A (en) | Encrypted database flow auditing method and device | |
| CN103853943B (en) | program protection method and device | |
| KR20050100596A (en) | Content reproduction device, license issuing server, and content reproduction system | |
| CN107516045A (en) | Document protection method and device | |
| JPWO2002027501A1 (en) | Electronic information organization restoration method | |
| CN110099062A (en) | A kind of encryption method of network data, decryption method and relevant apparatus | |
| CN106022158A (en) | A takeout management system for file datas | |
| CN117478303A (en) | Block chain hidden communication method, system and computer equipment | |
| CN103379133A (en) | Safe and reliable cloud storage system | |
| CN108846296A (en) | Data encryption method and device, computer equipment and readable storage medium | |
| CN106912044A (en) | A kind of WiFi information processing methods and device | |
| CN114374521A (en) | Private data protection method, electronic equipment and storage medium | |
| CN107729766B (en) | Data storage method, data reading method and system thereof | |
| CN114817970B (en) | Data analysis method and system based on data source protection and related equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170630 |