CN108111524A - Terminal data protection method and system based on private key dynamic generation mechanism - Google Patents
Terminal data protection method and system based on private key dynamic generation mechanism Download PDFInfo
- Publication number
- CN108111524A CN108111524A CN201711465668.3A CN201711465668A CN108111524A CN 108111524 A CN108111524 A CN 108111524A CN 201711465668 A CN201711465668 A CN 201711465668A CN 108111524 A CN108111524 A CN 108111524A
- Authority
- CN
- China
- Prior art keywords
- key
- dynamic generation
- private key
- terminal data
- public key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0863—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0866—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of terminal data protection method and system based on private key dynamic generation mechanism, method includes:Using compound key factor dynamic generation private key and corresponding public key;Terminal data is encrypted or decrypted according to the private key of dynamic generation and corresponding public key;Wherein, the compound key factor includes the information that user knows and the information that user possesses, and the private key of the dynamic generation is destroyed after the completion of terminal data encryption and after the completion of decryption, and the public key of the dynamic generation is stored in local terminal.Present invention employs dynamic private key generting machanisms to carry out dynamic generation private key, and after the completion of terminal data encryption and decrypts the private key for completing to destroy dynamic generation, without the storage of private key file, avoids the various attacks for private key file;It employs the compound key factor and carrys out encryption key, it is therefore prevented that is safer for the attack of single cryptographic key factor.It the composite can be widely applied to information security field.
Description
Technical field
The present invention relates to information security field, especially a kind of protecting terminal data side based on private key dynamic generation mechanism
Method and system.
Background technology
In mobile terminal there are various data encryption demands, such as the encryption of transaction data, protection of private data etc..For
Data safety on protection mobile terminal such as mobile phone, it is common practice to first need number to be protected using working key encryption
According to reusing user key cryptographic work key.Opposite operation is performed during ciphertext data, first using user key decryption work
Key reuses working key decryption ciphertext data.
In view of mobile terminal operation efficiency, generally first the encryption datas such as symmetric encipherment algorithm such as AES, SM4 are used in itself.
Two kinds of encryption mechanisms may be employed in encryption for working key, and a kind of using symmetric encipherment algorithm, another kind is using asymmetric
Encryption Algorithm.
When user key is protected using symmetric key mechanisms, encryption and decryption use same key.User key uses
When asymmetric key mechanisms are protected, public key can be used for data encryption, and private key can be used for data deciphering and data signature.
When mobile terminal is related to data encryption, the protection of private key is crucial.In the pure software of no hardware security module
Under environment, private key for user is usually stored in a manner of file on the storage medium of mobile terminal such as mobile phone.In order to ensure private key
Safety, generally using following manner protect private key:
A) it is stored in the form of key file on terminal storage medium, application program is private with fixed encryption keys
Key file.When needing using private key, private key is obtained using identical decryption key decryption.
B) encryption key is generated after being calculated according to PIN input by user (personal identification number), and is added using the encryption key
Close private key file.When needing using private key, user first inputs PIN and obtains decruption key, reuses decryption key decryption private key text
Part obtains private key.
There are potential risks for above two mode:The fixed-encryption key that is defined using application program protects private key,
In the presence of the risk that private key is obtained using modes such as program bugs;By the way of PIN encryption key there is also PIN set it is simple,
Key file is by malice copy equivalent risk.Above two mode, private key file are all stored in mobile terminal, are attacked to hacker or malice
The person of hitting provides object of attack.
The content of the invention
In order to solve the above technical problems, it is an object of the invention to:It provides a kind of safe based on private key dynamic generation machine
The terminal data protection method and system of system.
The first technical solution for being taken of the present invention is:
Based on the terminal data protection method of private key dynamic generation mechanism, comprise the following steps:
Using compound key factor dynamic generation private key and corresponding public key;
Terminal data is encrypted or decrypted according to the private key of dynamic generation and corresponding public key;
Wherein, the compound key factor includes the information that user knows and the information that user possesses, the dynamic life
Into private key terminal data encryption after the completion of and decryption after the completion of it is destroyed, the public key of the dynamic generation is stored in local
Terminal.
Further, the compound key factor includes the personal identity number of user and the hardware fingerprint of terminal.
Further, described the step for using compound key factor dynamic generation private key and corresponding public key, specifically include:
The compound key factor is obtained according to the hardware fingerprint of the personal identity number of user and terminal;
According to compound key factor dynamic generation private key;
Corresponding public key is generated using asymmetric arithmetic according to the private key of dynamic generation.
Further, the step for terminal data is encrypted in the private key and corresponding public key according to dynamic generation,
It specifically includes:
Terminal data is encrypted according to the public key of dynamic generation;
The public key of dynamic generation is stored to local terminal, and destroys the private key of dynamic generation.
Further, the step for terminal data is encrypted in the public key according to dynamic generation, specially:
If terminal data is working key, directly working key is encrypted using the public key of dynamic generation;
If terminal data is inoperative key data, random key is first generated, then encrypts non-work using random key
Make key data, and using the public key encryption random key of dynamic generation.
Further, the step for terminal data is decrypted in the private key and corresponding public key according to dynamic generation,
It specifically includes:
Read the public key of local terminal storage;
Whether identical with the public key of dynamic generation the public key read is compared, if so, next step is performed, conversely, then reporting
Mistake simultaneously terminates decrypting process;
Terminal data is decrypted using the private key of dynamic generation;
Destroy the private key of dynamic generation.
Further, described the step for terminal data is decrypted using the private key of dynamic generation, specially:
If terminal data is working key, directly working key is decrypted using the private key of dynamic generation;
If terminal data is inoperative key data, the private key decrypted random key of dynamic generation is first used, is then adopted
Inoperative key data is decrypted with random key.
The second technical solution for being taken of the present invention is:
Based on the protecting terminal data system of private key dynamic generation mechanism, including:
Dynamic key production module, for using compound key factor dynamic generation private key and corresponding public key;
Enciphering/deciphering module, terminal data is encrypted for the private key according to dynamic generation and corresponding public key or
Decryption;
Wherein, the compound key factor includes the information that user knows and the information that user possesses, the dynamic life
Into private key terminal data encryption after the completion of and decryption after the completion of it is destroyed, the public key of the dynamic generation is stored in local
Terminal.
Further, the enciphering/deciphering module carries out terminal data in the private key according to dynamic generation and corresponding public key
It is specific to perform following operation during encryption:
Terminal data is encrypted according to the public key of dynamic generation;
The public key of dynamic generation is stored to local terminal, and destroys the private key of dynamic generation.
The 3rd technical solution taken of the present invention is:
Based on the protecting terminal data system of private key dynamic generation mechanism, including:
Memory, for storing program;
Processor, for load described program with perform as described in the first technical solution based on private key dynamic generation mechanism
Terminal data protection method.
The beneficial effects of the invention are as follows:The present invention is based on private key dynamic generation mechanism terminal data protection method and be
System employs dynamic private key generting machanism and carrys out dynamic generation private key, and after the completion of terminal data encryption and after the completion of decryption
The private key of dynamic generation is destroyed, without the storage of private key file, avoids the various attacks for private key file;It employs
The compound key factor substitutes this single cryptographic key factor of PIN to carry out encryption key, so as to the information and use known by user
The information that family possesses effectively prevents the attack for single cryptographic key factor, safer.
Description of the drawings
Fig. 1 is the overall flow figure of the terminal data protection method the present invention is based on private key dynamic generation mechanism;
Fig. 2 is a kind of terminal key system schematic diagram of concrete application embodiment of the present invention;
Fig. 3 is a kind of terminal data ciphering process flow chart of concrete application embodiment of the present invention;
Fig. 4 is a kind of terminal data decrypting process flow chart of concrete application embodiment of the present invention;
Fig. 5 is a kind of terminal data encryption format schematic diagram of concrete application embodiment of the present invention.
Specific embodiment
With reference to Fig. 1, based on the terminal data protection method of private key dynamic generation mechanism, comprise the following steps:
Using compound key factor dynamic generation private key and corresponding public key;
Terminal data is encrypted or decrypted according to the private key of dynamic generation and corresponding public key;
Wherein, the compound key factor includes the information that user knows and the information that user possesses, the dynamic life
Into private key terminal data encryption after the completion of and decryption after the completion of it is destroyed, the public key of the dynamic generation is stored in local
Terminal.
Preferred embodiment is further used as, personal identity number and terminal of the compound key factor including user
Hardware fingerprint.
Preferred embodiment is further used as, it is described to use compound key factor dynamic generation private key and corresponding public key
The step for, it specifically includes:
The compound key factor is obtained according to the hardware fingerprint of the personal identity number of user and terminal;
According to compound key factor dynamic generation private key;
Corresponding public key is generated using asymmetric arithmetic according to the private key of dynamic generation.
Preferred embodiment is further used as, the private key and corresponding public key according to dynamic generation is to terminal data
The step for being encrypted specifically includes:
Terminal data is encrypted according to the public key of dynamic generation;
It is stored dynamic as the public key of preferred embodiment generation to local terminal, and destroys the private of dynamic generation
Key.
Preferred embodiment is further used as, this is encrypted to terminal data in the public key according to dynamic generation
Step, specially:
If terminal data is working key, directly working key is encrypted using the public key of dynamic generation;
If terminal data is inoperative key data, random key is first generated, then encrypts non-work using random key
Make key data, and using the public key encryption random key of dynamic generation.
The present invention supports a variety of data encryption modes, not only can be with encipherment protection working key class data, but also can protect big
The inoperatives key data such as file type data, achieve the balance of safety and efficiency.
Preferred embodiment is further used as, the private key and corresponding public key according to dynamic generation is to terminal data
The step for being decrypted specifically includes:
Read the public key of local terminal storage;
Whether identical with the public key of dynamic generation the public key read is compared, if so, next step is performed, conversely, then reporting
Mistake simultaneously terminates decrypting process;
Terminal data is decrypted using the private key of dynamic generation;
Destroy the private key of dynamic generation.
Preferred embodiment is further used as, it is described that this is decrypted to terminal data using the private key of dynamic generation
Step, specially:
If terminal data is working key, directly working key is decrypted using the private key of dynamic generation;
If terminal data is inoperative key data, the private key decrypted random key of dynamic generation is first used, is then adopted
Inoperative key data is decrypted with random key.
The present invention supports a variety of data deciphering modes, not only can be with decryption work key class data, but also can decrypt big text
The inoperatives key datas such as part type data achieve the balance of safety and efficiency.
It is corresponding with the method for Fig. 1, the present invention is based on the protecting terminal data system of private key dynamic generation mechanism, including:
Dynamic key production module, for using compound key factor dynamic generation private key and corresponding public key;
Enciphering/deciphering module, terminal data is encrypted for the private key according to dynamic generation and corresponding public key or
Decryption;
Wherein, the compound key factor includes the information that user knows and the information that user possesses, the dynamic life
Into private key terminal data encryption after the completion of and decryption after the completion of it is destroyed, the public key of the dynamic generation is stored in local
Terminal.
Preferred embodiment is further used as, the enciphering/deciphering module is in the private key according to dynamic generation and accordingly
It is specific to perform following operation when terminal data is encrypted in public key:
Terminal data is encrypted according to the public key of dynamic generation;
The public key of dynamic generation is stored to local terminal, and destroys the private key of dynamic generation.
It is corresponding with the method for Fig. 1, the present invention is based on the protecting terminal data system of private key dynamic generation mechanism, including:
Memory, for storing program;
Processor, for loading described program to perform the number of terminals of the present invention based on private key dynamic generation mechanism
According to guard method.
It is preserved for prior art private key in the form of key file or single PIN encryptions is come the problem of protection,
The present invention proposes a kind of protecting terminal data scheme based on private key dynamic generation mechanism.
What the private key of the present invention was all dynamically generated in terminal data ciphering process or terminal data decrypting process.
When terminal data is encrypted, then dynamic generation private key and corresponding public key need data to be protected using public key encryption;Number of terminals
After the completion of encryption, public key locally preserves, and private key is destroyed.When terminal data is decrypted, dynamic generation private key and corresponding public key, so
Afterwards by the public key of dynamic generation be locally stored it is public and private be compared, and the two compare it is identical after using private key complete data
Decryption;After the completion of data deciphering, private key is destroyed.What private key of the present invention was dynamically generated, since terminal does not have depositing for private key file
Storage, avoids the various attacks for private key file;Employ compound key factor generation private key, it is therefore prevented that for single
The attack of cryptographic key factor, it is fool proof, the terminal data safeguard protection under pure software environment can be applied.The present invention is logical
Private key dynamic generation mechanism is crossed, the data safety storage of mobile terminal local is can be applied not only to, applies also for based on PKI
Private key signature application in.By taking mobile terminal as an example, present invention could apply to the various sensitive datas under mobile terminal environment
Protection, such as transaction data, private data etc..
The solution of the present invention is made of following key function:
(1) private key dynamic generation
Present invention employs the mechanism of private key dynamic generation, terminal needs are when using private key, according to relevant key because
Son generation private key.It is destroyed after private key use without being stored in terminal or other positions.
Since the private key of the present invention only exists when in use, there is no the key files stored with document form, it is therefore prevented that
Directly acquire happening for key file decryption private key.
After private key dynamic generation, algorithm can be used to generate corresponding public key.By taking SM2 algorithms as an example, the present invention can basis
SM2 algorithm mechanism first determines elliptic curve systems parameter p, a, b, G, n, h, then can generate corresponding public key according to private key d
P。
(2) private key generation cryptographic key factor
To generate private key, all there are potential risks as cryptographic key factor by individual PIN or hardware fingerprint ID etc..The present invention adopts
It is formed with password PIN (Something a person knows) and hardware fingerprint ID (Something a person has)
The compound key factor, the risk that single cryptographic key factor is easily leaked or is forged can be taken precautions against.
During practical application, the present invention can also utilize the PIN complexity testing mechanisms added, to ensure that PIN inputs length
And complexity.
During practical application, single hardware information such as IMEI may be employed in hardware fingerprint ID of the present invention, can also use multiple
Hardware information obtains hardware fingerprint ID by corresponding algorithmic function.
(3) data encryption mechanism
The present invention first obtains private key d and public key according to the compound key factor in data encryption using dynamic generation mechanism
P, P local secure storage, d are destroyed.
When the present invention uses public key P encryption datas, data can be with right and wrong working key data data or working key key.
Protection for working key key directly encrypts key using P.Encryption for data, it is contemplated that the encryption efficiency of terminal is adopted
With random key SK is first generated, then data, P encryptions SK are encrypted with SK.
(4) data deciphering mechanism
The present invention first obtains private key d and public key according to the compound key factor in data deciphering using dynamic generation mechanism
Then P obtains the P being locally stored, and is compared with the P of generation;Then d ciphertext datas are used after the two comparison is identical,
D is destroyed after the completion of decryption.
(5) data encryption form
The present invention is using public key encryption data, private key ciphertext data.In view of the encryption efficiency problem of mobile terminal, this hair
It is bright to employ two kinds of data encryption forms.For a small amount of data such as account, the direct encryption datas of public key P can be used,
Use the direct ciphertext datas of private key d.For big data and batch data such as video, picture, work can be first generated at random
Then key SK encryption data data encrypts SK using public key P;Encrypted file includes SK ciphertexts and data data ciphertexts.
The present invention is further explained and illustrated with reference to Figure of description and specific embodiment.For of the invention real
The step number in example is applied, is set only for the purposes of illustrating explanation, is not done any restriction to the order between step, implement
The execution sequence of each step in example can carry out accommodation according to the understanding of those skilled in the art.
With reference to Fig. 2, Fig. 3, Fig. 4 and Fig. 5, of the invention concrete application embodiment mainly includes:
(1) key management system
This concrete application embodiment employs Multilayered encryption generation and administrative mechanism, as shown in Fig. 2, mainly including following three
Layer:
1) upper strata is cryptographic key factor layer, and cryptographic key factor of the invention takes at least two class factors:One kind is that user knows
Information, such as user password PIN;The another kind of information possessed for user, such as hardware fingerprint information.
2) middle level is public private key pair management level, using the two class cryptographic key factors on upper strata, using elliptic curve cryptography, according to
Secondary calculate obtains private key and public key.
3) lower floor is data analysis layer, and key to be treated, data etc. are added using the public key of acquisition, private key
Close, decryption computing.
(2) data encryption process
As shown in figure 3, process flow of this concrete application embodiment when terminal data is encrypted comprises the following steps:
S1:User inputs user password PIN by cryptosecurity Keysheet module.
The cryptosecurity Keysheet module inspection inputs the complexity of PIN, the length including password, the number included, letter
And additional character etc..The work(such as the cryptosecurity Keysheet module also provides anti-screenshotss simultaneously, anti-injection, anti-reversing, anti-memory are divulged a secret
Can, it ensure that user inputs the Environmental security of PIN.
S2:Terminal security module generates parameter x according to the PIN of input by default algorithmic function;
S3:The hardware parameter of terminal security module reading terminals itself, and according to one or more hardware parameters for example
The composition hardware fingerprint such as IMEI ID.
S4:Terminal security module generates parameter y according to the hardware fingerprint ID of reading by default algorithmic function.
S5:It is raw by the default generating algorithm for thering is random number to participate in dynamic using parameter x and parameter y as composite factor
Into private key d.
S6:According to elliptic curve mechanism, determine elliptic curve systems parameter p, a, b, G, n, h, and given birth to according to private key d
Into corresponding public key P.
S7:After the completion of public key P generations, private key d is destroyed.
S8:For the public key P of generation local terminal is taken to carry out secure storage, using being defined by application program during storage
Fixed key is encrypted.
S9:Use public key P encryption datas.
The data encryption form of this concrete application embodiment at least supports two kinds:Protection for working key key, directly
Key is encrypted using P;Encryption for inoperative key data data, such as the encryption of the files such as picture, video, it is contemplated that eventually
The encryption efficiency at end takes first generation random key SK, reuses SK encryptions data, P and encrypts the mode of SK.
(3) data decrypting process
As shown in figure 4, process flow of this concrete application embodiment when terminal data is decrypted comprises the following steps:
S1:User inputs user password PIN by cryptosecurity Keysheet module.
The cryptosecurity Keysheet module inspection inputs the complexity of PIN, the length including password, the number included, letter
And additional character etc..The work(such as the cryptosecurity Keysheet module also provides anti-screenshotss simultaneously, anti-injection, anti-reversing, anti-memory are divulged a secret
Can, it ensure that user inputs the Environmental security of PIN.
S2:Terminal security module generates parameter x according to the PIN of input by default algorithmic function;
S3:The hardware parameter of terminal security module reading terminals itself, and according to one or more hardware parameters for example
The composition hardware fingerprint such as IMEI ID.
S4:Terminal security module generates parameter y according to the hardware fingerprint ID of reading by default algorithmic function.
S5:It is raw by the default generating algorithm for thering is random number to participate in dynamic using parameter x and parameter y as composite factor
Into private key d.
S6:According to elliptic curve mechanism, determine elliptic curve systems parameter p, a, b, G, n, h, and given birth to according to private key d
Into corresponding public key P.
S7:The local terminal public key P that encryption stores safely is read, and uses the default fixed key solution Migong of application program
Key P;
S8:The public key P of storage is compared with whether identical using the public key P of compound key factor dynamic generation, if identical
Continue subsequent step, if difference reports an error.
S9:Use private key d ciphertext datas.
For directly by the working key key of public key P encipherment protections, directly obtaining key using d decryption.For non-public key P
The data data directly protected, such as the decryption of the files such as picture, video are first decrypted using private key d and are obtained random key SK, then
Data is decrypted using SK.
S10:Private key d is decrypted after use, destroys private key d.
(4) terminal data encryption format
This concrete application embodiment can directly be added for the key class data such as password of terminal using public key P
Close, private key d is directly decrypted.For files classes data such as picture, video, its encryption efficiency and security are considered, it can
Using two layers of cipher mode encryption data, data encryption idiographic flow is as shown in figure 5, specifically comprise the following steps:
1st step uses cryptographic key factor generation private key d, public key P;
2nd step randomly generates working key SK;
3rd step uses public key P encipherment protections SK;
4th step uses data of SK encryption datas itself;
5th step, the ciphertext of working key SK add on data ciphertext head, form new encryption file and stored.
And in data deciphering, opposite operating process is performed, is specifically comprised the following steps:
1st step uses cryptographic key factor generation private key d, public key P;
2nd step randomly generates working key SK;
3rd step obtains plaintext SK using private key d decryption work keys ciphertext;
4th step obtains clear data data using SK ciphertext datas ciphertext.
In conclusion what the private key of the present invention was dynamically generated, since terminal does not have the storage of private key file, avoid pin
Various attacks to private key file;Employ compound key factor generation private key, it is therefore prevented that for single cryptographic key factor
Attack, it is fool proof, the terminal data safeguard protection under pure software environment can be applied.The present invention passes through private key dynamic
Generting machanism can be applied not only to the data safety storage of mobile terminal local, apply also for the private key signature based on PKI
In.By taking mobile terminal as an example, present invention could apply to the various protecting sensitive datas under mobile terminal environment, such as hand over
Easy data, private data etc..The present invention also supports a variety of data encryption modes, not only can be with encipherment protection key class data, but also can
To protect big file type data, the balance of safety and efficiency is achieved.
The above are implementing to be illustrated to the preferable of the present invention, but the present invention is not limited to the embodiment, ripe
A variety of equivalent variations or replacement can also be made on the premise of without prejudice to spirit of the invention by knowing those skilled in the art, this
Equivalent deformation or replacement are all contained in the application claim limited range a bit.
Claims (10)
1. the terminal data protection method based on private key dynamic generation mechanism, it is characterised in that:Comprise the following steps:
Using compound key factor dynamic generation private key and corresponding public key;
Terminal data is encrypted or decrypted according to the private key of dynamic generation and corresponding public key;
Wherein, the compound key factor includes the information that user knows and the information that user possesses, the dynamic generation
Private key is destroyed after the completion of terminal data encryption and after the completion of decryption, and the public key of the dynamic generation is stored in local end
End.
2. the terminal data protection method according to claim 1 based on private key dynamic generation mechanism, it is characterised in that:Institute
Stating the compound key factor includes the personal identity number of user and the hardware fingerprint of terminal.
3. the terminal data protection method according to claim 2 based on private key dynamic generation mechanism, it is characterised in that:Institute
The step for stating using compound key factor dynamic generation private key and corresponding public key, specifically includes:
The compound key factor is obtained according to the hardware fingerprint of the personal identity number of user and terminal;
According to compound key factor dynamic generation private key;
Corresponding public key is generated using asymmetric arithmetic according to the private key of dynamic generation.
4. the terminal data protection method according to claim 1 based on private key dynamic generation mechanism, it is characterised in that:Institute
The step for terminal data is encrypted according to the private key and corresponding public key of dynamic generation is stated, is specifically included:
Terminal data is encrypted according to the public key of dynamic generation;
The public key of dynamic generation is stored to local terminal, and destroys the private key of dynamic generation.
5. the terminal data protection method according to claim 4 based on private key dynamic generation mechanism, it is characterised in that:Institute
The step for terminal data is encrypted according to the public key of dynamic generation is stated, is specially:
If terminal data is working key, directly working key is encrypted using the public key of dynamic generation;
If terminal data is inoperative key data, random key is first generated, it is then close using random key encryption inoperative
Key data, and using the public key encryption random key of dynamic generation.
6. the terminal data protection method according to claim 1 based on private key dynamic generation mechanism, it is characterised in that:Institute
The step for terminal data is decrypted according to the private key and corresponding public key of dynamic generation is stated, is specifically included:
Read the public key of local terminal storage;
Whether identical with the public key of dynamic generation the public key read is compared, if so, next step is performed, conversely, then reporting an error simultaneously
Terminate decrypting process;
Terminal data is decrypted using the private key of dynamic generation;
Destroy the private key of dynamic generation.
7. the terminal data protection method according to claim 6 based on private key dynamic generation mechanism, it is characterised in that:Institute
The step for terminal data is decrypted using the private key of dynamic generation is stated, is specially:
If terminal data is working key, directly working key is decrypted using the private key of dynamic generation;
If terminal data be inoperative key data, first use dynamic generation private key decrypted random key, then use with
Machine secret key decryption inoperative key data.
8. the protecting terminal data system based on private key dynamic generation mechanism, it is characterised in that:Including:
Dynamic key production module, for using compound key factor dynamic generation private key and corresponding public key;
Enciphering/deciphering module is encrypted or decrypts to terminal data for the private key according to dynamic generation and corresponding public key;
Wherein, the compound key factor includes the information that user knows and the information that user possesses, the dynamic generation
Private key is destroyed after the completion of terminal data encryption and after the completion of decryption, and the public key of the dynamic generation is stored in local end
End.
9. the protecting terminal data system according to claim 8 based on private key dynamic generation mechanism, it is characterised in that:Institute
Enciphering/deciphering module is stated when terminal data is encrypted in the private key according to dynamic generation and corresponding public key, it is specific perform with
Lower operation:
Terminal data is encrypted according to the public key of dynamic generation;
The public key of dynamic generation is stored to local terminal, and destroys the private key of dynamic generation.
10. the protecting terminal data system based on private key dynamic generation mechanism, it is characterised in that:Including:
Memory, for storing program;
Processor is based on private key dynamic generation machine for loading described program to perform claim 1-7 any one of them such as
The terminal data protection method of system.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711465668.3A CN108111524A (en) | 2017-12-28 | 2017-12-28 | Terminal data protection method and system based on private key dynamic generation mechanism |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711465668.3A CN108111524A (en) | 2017-12-28 | 2017-12-28 | Terminal data protection method and system based on private key dynamic generation mechanism |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN108111524A true CN108111524A (en) | 2018-06-01 |
Family
ID=62214315
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201711465668.3A Pending CN108111524A (en) | 2017-12-28 | 2017-12-28 | Terminal data protection method and system based on private key dynamic generation mechanism |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108111524A (en) |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108830364A (en) * | 2018-05-10 | 2018-11-16 | 广州市贺氏办公设备有限公司 | A kind of Dynamic Two-dimensional code generating method and system |
| CN109067545A (en) * | 2018-08-10 | 2018-12-21 | 航天信息股份有限公司 | Key management method, device and storage medium |
| CN109120589A (en) * | 2018-06-30 | 2019-01-01 | 北京东方英卡数字信息技术有限公司 | A kind of end message guard method and device based on Crypted password |
| CN109995532A (en) * | 2019-04-11 | 2019-07-09 | 晏福平 | A kind of online management method and system of terminal master key |
| CN110995410A (en) * | 2019-11-12 | 2020-04-10 | 杭州云萃流图网络科技有限公司 | Method, device, equipment and medium for generating public key and private key |
| CN111756699A (en) * | 2020-05-28 | 2020-10-09 | 苏州浪潮智能科技有限公司 | LLDP protocol optimization method and system based on asymmetric encryption |
| CN111865579A (en) * | 2020-07-10 | 2020-10-30 | 郑州信大捷安信息技术股份有限公司 | SM2 algorithm transformation-based data encryption and decryption method and device |
| CN111988268A (en) * | 2019-05-24 | 2020-11-24 | 魏文科 | Method for establishing and verifying input value by using asymmetric encryption algorithm and application thereof |
| CN113947414A (en) * | 2021-10-18 | 2022-01-18 | 浙江大学 | Commodity traceability anti-counterfeiting system based on NFC and block chain |
| CN115987564A (en) * | 2022-12-01 | 2023-04-18 | 上海倍通医药科技咨询有限公司 | Encryption method in data interaction process |
| CN116055048A (en) * | 2023-03-31 | 2023-05-02 | 成都四方伟业软件股份有限公司 | Method and device for storing and restoring scattered keys |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101286842A (en) * | 2008-05-26 | 2008-10-15 | 西安西电捷通无线网络通信有限公司 | Method for distributing key using public key cryptographic technique and on-line updating of the public key |
| CN101340282A (en) * | 2008-05-28 | 2009-01-07 | 北京易恒信认证科技有限公司 | Generation method of composite public key |
| CN101359991A (en) * | 2008-09-12 | 2009-02-04 | 湖北电力信息通信中心 | Public key cipher system private key escrowing system based on identification |
| US8074265B2 (en) * | 2006-08-31 | 2011-12-06 | Red Hat, Inc. | Methods and systems for verifying a location factor associated with a token |
| CN103684766A (en) * | 2012-08-30 | 2014-03-26 | 卓望数码技术(深圳)有限公司 | Private key protection method and system for terminal user |
| CN103888938A (en) * | 2012-12-19 | 2014-06-25 | 深圳市华营数字商业有限公司 | PKI private key protection method of dynamically generated key based on parameters |
| CN106452764A (en) * | 2016-12-02 | 2017-02-22 | 武汉理工大学 | Method for automatically updating identification private key and password system |
| CN107302438A (en) * | 2017-08-07 | 2017-10-27 | 收付宝科技有限公司 | A kind of private key protection method based on key updating, system and device |
-
2017
- 2017-12-28 CN CN201711465668.3A patent/CN108111524A/en active Pending
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8074265B2 (en) * | 2006-08-31 | 2011-12-06 | Red Hat, Inc. | Methods and systems for verifying a location factor associated with a token |
| CN101286842A (en) * | 2008-05-26 | 2008-10-15 | 西安西电捷通无线网络通信有限公司 | Method for distributing key using public key cryptographic technique and on-line updating of the public key |
| CN101340282A (en) * | 2008-05-28 | 2009-01-07 | 北京易恒信认证科技有限公司 | Generation method of composite public key |
| CN101359991A (en) * | 2008-09-12 | 2009-02-04 | 湖北电力信息通信中心 | Public key cipher system private key escrowing system based on identification |
| CN103684766A (en) * | 2012-08-30 | 2014-03-26 | 卓望数码技术(深圳)有限公司 | Private key protection method and system for terminal user |
| CN103888938A (en) * | 2012-12-19 | 2014-06-25 | 深圳市华营数字商业有限公司 | PKI private key protection method of dynamically generated key based on parameters |
| CN106452764A (en) * | 2016-12-02 | 2017-02-22 | 武汉理工大学 | Method for automatically updating identification private key and password system |
| CN107302438A (en) * | 2017-08-07 | 2017-10-27 | 收付宝科技有限公司 | A kind of private key protection method based on key updating, system and device |
Non-Patent Citations (2)
| Title |
|---|
| 庄明来: "《电子商务会计研究》", 31 August 2004 * |
| 翁贤明: "《电子商务信息安全》", 31 March 2003, 浙江大学出版社 * |
Cited By (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108830364A (en) * | 2018-05-10 | 2018-11-16 | 广州市贺氏办公设备有限公司 | A kind of Dynamic Two-dimensional code generating method and system |
| CN108830364B (en) * | 2018-05-10 | 2021-02-26 | 广州市贺氏办公设备有限公司 | Dynamic two-dimensional code generation method and system |
| CN109120589A (en) * | 2018-06-30 | 2019-01-01 | 北京东方英卡数字信息技术有限公司 | A kind of end message guard method and device based on Crypted password |
| CN109120589B (en) * | 2018-06-30 | 2021-03-23 | 北京东方英卡数字信息技术有限公司 | Terminal information protection method and device based on encryption password |
| CN109067545A (en) * | 2018-08-10 | 2018-12-21 | 航天信息股份有限公司 | Key management method, device and storage medium |
| CN109995532A (en) * | 2019-04-11 | 2019-07-09 | 晏福平 | A kind of online management method and system of terminal master key |
| CN111988268A (en) * | 2019-05-24 | 2020-11-24 | 魏文科 | Method for establishing and verifying input value by using asymmetric encryption algorithm and application thereof |
| CN110995410A (en) * | 2019-11-12 | 2020-04-10 | 杭州云萃流图网络科技有限公司 | Method, device, equipment and medium for generating public key and private key |
| CN111756699A (en) * | 2020-05-28 | 2020-10-09 | 苏州浪潮智能科技有限公司 | LLDP protocol optimization method and system based on asymmetric encryption |
| CN111756699B (en) * | 2020-05-28 | 2022-05-06 | 苏州浪潮智能科技有限公司 | LLDP protocol optimization method and system based on asymmetric encryption |
| CN111865579A (en) * | 2020-07-10 | 2020-10-30 | 郑州信大捷安信息技术股份有限公司 | SM2 algorithm transformation-based data encryption and decryption method and device |
| CN113947414A (en) * | 2021-10-18 | 2022-01-18 | 浙江大学 | Commodity traceability anti-counterfeiting system based on NFC and block chain |
| CN115987564A (en) * | 2022-12-01 | 2023-04-18 | 上海倍通医药科技咨询有限公司 | Encryption method in data interaction process |
| CN115987564B (en) * | 2022-12-01 | 2023-09-22 | 上海倍通医药科技咨询有限公司 | Encryption method in data interaction process |
| CN116055048A (en) * | 2023-03-31 | 2023-05-02 | 成都四方伟业软件股份有限公司 | Method and device for storing and restoring scattered keys |
| CN116055048B (en) * | 2023-03-31 | 2023-05-30 | 成都四方伟业软件股份有限公司 | Method and device for storing and restoring scattered keys |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108111524A (en) | Terminal data protection method and system based on private key dynamic generation mechanism | |
| US10187200B1 (en) | System and method for generating a multi-stage key for use in cryptographic operations | |
| US11308241B2 (en) | Security data generation based upon software unreadable registers | |
| CN110059458B (en) | User password encryption authentication method, device and system | |
| KR102397579B1 (en) | Method and apparatus for white-box cryptography for protecting against side channel analysis | |
| US20150365424A1 (en) | Cryptographic method for securely exchanging messages and device and system for implementing this method | |
| CN105406969A (en) | Apparatus And Method For Data Encryption | |
| CN106533663B (en) | Data ciphering method, encryption method, apparatus and data decryption method, decryption method, apparatus | |
| CN111314050B (en) | Encryption and decryption method and device | |
| EP3739489B1 (en) | Devices and methods of managing data | |
| JP2024511236A (en) | Computer file security encryption method, decryption method and readable storage medium | |
| Kaleem et al. | New Efficient Cryptographic Techniques For Cloud Computing Security | |
| CN107566125A (en) | The safety certifying method that a kind of more algorithms combine | |
| CN1607511B (en) | Data protection method and system | |
| CN102622561A (en) | Enciphering and deciphering method for invoking data in software | |
| Suresha et al. | Enhancing data protection in cloud computing using key derivation based on cryptographic technique | |
| CN113408013A (en) | Encryption and decryption chip framework with multiple algorithm rules mixed | |
| Kumaresan et al. | An efficient image block encryption for key generation using non-uniform cellular automata | |
| CN100544248C (en) | The key data receiving/transmission method | |
| WO2011059306A2 (en) | A secure key distribution protocol based on hash functions utilizing quantum authentication channel (kdp-6dp) | |
| CN111314051B (en) | Encryption and decryption method and device | |
| Rahmani | Cryptographic algorithms and protocols | |
| Handoko et al. | A File Encoding Using A Combination of Advanced Encryption Standard, Cipher Block Chaining and Stream Cipher In Telkom Region 4 Semarang | |
| CN111314079B (en) | Encryption and decryption method and device | |
| CN110287708A (en) | One Time Programmable encryption device and its encryption method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180601 |