CN108462686B - Method and device for acquiring dynamic key, terminal equipment and storage medium - Google Patents
Method and device for acquiring dynamic key, terminal equipment and storage medium Download PDFInfo
- Publication number
- CN108462686B CN108462686B CN201810014135.1A CN201810014135A CN108462686B CN 108462686 B CN108462686 B CN 108462686B CN 201810014135 A CN201810014135 A CN 201810014135A CN 108462686 B CN108462686 B CN 108462686B
- Authority
- CN
- China
- Prior art keywords
- dynamic key
- time
- configuration file
- variable factor
- acquiring
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/062—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a method and a device for acquiring a dynamic key, terminal equipment and a storage medium. The method for acquiring the dynamic key comprises the following steps executed by the server: acquiring a configuration file sent by a client, wherein the configuration file comprises an encrypted ciphertext and update time acquired based on an encryption machine; calling the encryption machine to decrypt the encrypted ciphertext to obtain decrypted random seeds and reference time; acquiring a variable factor based on the update time and the reference time; and processing the random seeds and the variable factors by adopting a dynamic key generation algorithm to obtain a dynamic key, and sending the dynamic key to the client. The method for acquiring the dynamic key effectively solves the problems of time consumption or low safety of the traditional encryption mechanism.
Description
Technical Field
The present invention relates to the field of data encryption, and in particular, to a method and an apparatus for acquiring a dynamic key, a terminal device, and a storage medium.
Background
At present, the traditional encryption mechanism generally adopts an encryptor to encrypt or adopts a software program to encrypt. When the encryption machine is used for encryption, although the key acquired by the encryption machine is not easy to leak, the key acquisition time is too long due to large calculation amount. When the software program is used for encryption, although the efficiency of software encryption is high, the obtained secret key is fixed, so that once the secret key is revealed, great potential safety hazards exist, losses of different degrees are caused, and the safety of data is greatly reduced.
Disclosure of Invention
The embodiment of the invention provides a method and a device for acquiring a dynamic key, terminal equipment and a storage medium, which are used for solving the problems of time consumption or low safety of a traditional encryption mechanism.
In a first aspect, an embodiment of the present invention provides a method for acquiring a dynamic key, including the following steps performed by a server:
acquiring a configuration file sent by a client, wherein the configuration file comprises an encrypted ciphertext and update time acquired based on an encryption machine;
calling the encryption machine to decrypt the encrypted ciphertext to obtain decrypted random seeds and reference time;
acquiring a variable factor based on the update time and the reference time;
and processing the random seeds and the variable factors by adopting a dynamic key generation algorithm to obtain a dynamic key, and sending the dynamic key to the client.
In a second aspect, an embodiment of the present invention provides an apparatus for acquiring a dynamic key, including a server, where the server includes:
the configuration file acquisition module is used for acquiring a configuration file sent by a client, wherein the configuration file comprises an encrypted ciphertext acquired based on an encryption machine and update time;
the encryption machine decryption module is used for calling the encryption machine to decrypt the encrypted ciphertext to obtain decrypted random seeds and reference time;
a variable factor obtaining module for obtaining a variable factor based on the update time and the reference time;
and the dynamic key acquisition module is used for processing the random seed and the variable factor by adopting a dynamic key generation algorithm to acquire a dynamic key and sending the dynamic key to the client.
In a third aspect, an embodiment of the present invention provides a method for acquiring a dynamic key, including the following steps performed by a client:
acquiring random seeds and reference time by adopting a seed generation tool;
calling an encryption machine to encrypt the random seed and the reference time to obtain an encrypted ciphertext;
acquiring a configuration file based on the encrypted ciphertext and the updating time, and sending the configuration file to a server;
and receiving the dynamic key generated based on the configuration file and sent by the server.
In a fourth aspect, an embodiment of the present invention provides an apparatus for obtaining a dynamic key, including a client, where the client includes:
the random seed and reference time acquisition module is used for acquiring random seeds and reference time by adopting a seed generation tool;
the encrypted ciphertext acquisition module is used for calling an encryption machine to encrypt the random seed and the reference time to acquire an encrypted ciphertext;
the configuration file acquisition module is used for acquiring a configuration file based on the encrypted ciphertext and the updating time and sending the configuration file to a server;
and the dynamic key receiving module is used for receiving the dynamic key which is sent by the server and generated based on the configuration file.
In a fifth aspect, an embodiment of the present invention provides a terminal device, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor implements the steps of the method for acquiring a dynamic key when executing the computer program.
In a sixth aspect, an embodiment of the present invention provides a computer-readable storage medium, where a computer program is stored, and when the computer program is executed by a processor, the steps of the method for acquiring a dynamic key are implemented.
In the method, the device, the terminal device and the storage medium for acquiring the dynamic key provided by the embodiment of the invention, the random seed and the reference time are acquired by adopting a seed generation tool at the client, so that the client can call an encryption machine to encrypt the random seed and the reference time to acquire an encrypted ciphertext, and the security of the dynamic key is improved. And then, the client acquires the configuration file based on the encrypted ciphertext and the updating time, and sends the configuration file to the server, so that the server automatically operates according to the configuration of the configuration file, the operation is simple, and the efficiency of acquiring the dynamic key is improved. And then, the server acquires the configuration file sent by the client, so that the server calls the encryption machine to decrypt the encrypted ciphertext in the configuration file, and acquires the decrypted random seed and the reference time, so that the server acquires the variable factor based on the updating time and the reference time, so that the server adopts a dynamic key generation algorithm to process the random seed and the variable factor, acquires the dynamic key, and improves the key acquisition efficiency and the key security.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments of the present invention will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to these drawings without inventive labor.
Fig. 1 is a flowchart of a method for acquiring a dynamic key provided in embodiment 1 of the present invention.
Fig. 2 is a specific diagram of step S16 in fig. 1.
Fig. 3 is a specific diagram of step S17 in fig. 1.
Fig. 4 is a schematic diagram of an apparatus for acquiring a dynamic key provided in embodiment 2 of the present invention.
Fig. 5 is a schematic diagram of a terminal device provided in embodiment 4 of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Example 1
The method for acquiring the dynamic key comprises the steps of generating the configuration file on the client and generating the dynamic key on the server, and effectively solves the problems of time consumption or low safety of the traditional encryption mechanism at present.
Specifically, the client executes the following steps to realize the generation process of the configuration file:
acquiring random seeds and reference time by adopting a seed generation tool;
calling an encryption machine to encrypt the random seed and the reference time to obtain an encrypted ciphertext;
acquiring a configuration file based on the encrypted ciphertext and the updating time, and sending the configuration file to a server;
and receiving the dynamic key generated based on the configuration file and sent by the server.
The server performs the following steps to implement the dynamic key generation process:
acquiring a configuration file sent by a client, wherein the configuration file comprises an encrypted ciphertext and update time acquired based on an encryption machine;
calling the encryption machine to decrypt the encrypted ciphertext to obtain decrypted random seeds and reference time;
acquiring a variable factor based on the update time and the reference time;
and processing the random seeds and the variable factors by adopting a dynamic key generation algorithm to obtain a dynamic key, and sending the dynamic key to the client.
Fig. 1 shows a flowchart of a method for acquiring a dynamic key in the present embodiment. As shown in fig. 1, the method for acquiring a dynamic key includes the following steps:
s11: the client side adopts a seed generation tool to obtain random seeds and reference time.
The seed generation tool is an executable program document which is written by a developer in advance. The random seed is a string of character strings randomly generated by a seed generation tool at a client. The random seed is generated randomly, so that the random seed is not easy to leak, and the safety is improved. The base time is the system time generated using the seed generation tool. The client is a terminal installed with a seed generation tool, and includes but is not limited to a computer, a tablet, a smart phone, and the like. The reference time generated by the seed generation tool is adopted at the client, and particularly, the acquired system time is converted into a millisecond value to be used as the reference time, so that calculation is facilitated. In this embodiment, the long.
S12: and the client calls an encryption machine to encrypt the random seed and the reference time to obtain an encrypted ciphertext.
The encryption machine is a domestic independently developed host encryption device which is identified and approved by the national commercial code administration, the key of the encryption machine is not easy to leak, and the encryption machine is mostly used for financial institutions and cases for ensuring financial services. The encrypted ciphertext is a string of characters obtained by encrypting with an encryptor. Specifically, the client calls an encryptor to encrypt the random seed and the reference time respectively to form a character string (hereinafter referred to as a first character string) obtained by encrypting the random seed and a character string (hereinafter referred to as a second character string) obtained by encrypting the reference time, so as to obtain an encrypted ciphertext based on the first character string and the second character device. In this embodiment, the client calls the encryption machine connected to the client to generate a key pair (a public key and a private key) by using a public key encryption algorithm, encrypts the random seed and the reference time by using the public key in the key pair, and stores the key pair in a password management system in the encryption machine. The public key encryption algorithm is that different keys (namely a public key and a private key) are used for encryption and decryption, the private key cannot be known by others, and the public key can be published. The two must be paired and used, the data encrypted by the public key must be decrypted by using the corresponding private key, the technical security is high, and the purpose that the secret key is not easy to leak is achieved.
In this embodiment, the public key encryption algorithm used by the encryption device includes, but is not limited to, an RSA encryption algorithm. The RSA encryption algorithm is the most influential and common public key encryption algorithm at present, can resist most of password attacks known so far, is high in safety, and generally adopts a public key encryption and private key decryption mode.
S13: and the client acquires the configuration file based on the encrypted ciphertext and the updating time, and sends the configuration file to the server.
Where the update time indicates the number of time steps, i.e. how long a new key is generated. The updating time is configured in advance and stored in a configuration file, and finally, the time for updating and changing the key is ensured. The configuration file is a file that the client obtains based on the update time and the encrypted ciphertext. The configuration file can be compiled and acquired by developers based on Java language by adopting a notepad tool. It is understood that the profile includes a string (i.e., a first string) obtained by encrypting the random seed, a string (i.e., a second string) obtained by encrypting the reference time, and the update time. Specifically, the client acquires the configuration file based on the encrypted ciphertext and the update time, and sends the configuration file to the server, so that the server can generate the key according to the configuration file. The update time in this embodiment is X days, and the specific value of the parameter X is determined by the developer according to the project situation. In the embodiment, the encrypted ciphertext sent by the encryption machine and the updating time preset by the client are written into the configuration file, and the configuration file is sent to the server, so that the server automatically operates according to the configuration of the configuration file, the operation is simple, and the efficiency of obtaining the dynamic key is improved.
S14: the server acquires a configuration file sent by the client, wherein the configuration file comprises an encrypted ciphertext and update time acquired based on the encryption machine.
Specifically, the server acquires a configuration file sent by the client, wherein the configuration file comprises an encrypted ciphertext acquired based on the encryptor, the encrypted ciphertext comprises a character string (namely a first character string) acquired by encrypting the seed and a character string (namely a second character string) acquired by encrypting the reference time, and the update time. In this embodiment, the server provides support for subsequently generating the dynamic key by acquiring the configuration file.
S15: and the server calls the encryption machine to decrypt the encrypted ciphertext to obtain the decrypted random seed and the reference time.
Specifically, the server calls an encryption machine connected with the server to decrypt an encrypted ciphertext in the configuration file, and obtains a decrypted random neutron and reference time. The encryption machine is connected with the client and used for generating encrypted ciphertext. It can be understood that the encryption algorithm adopted by the encryption machine is decrypted with the private key generated by the RSA algorithm and stored in the client calling encryption machine to obtain the decrypted random seed and the reference time, and the decrypted random seed and the reference time are stored in the memory of the server to provide support for the subsequent generation of the dynamic key. In this embodiment, because the client calls the key generated by the encryption machine to store in the password management system in the encryption machine, the server directly calls the private key in the key pair stored in the encryption machine to decrypt when calling the encryption machine, so as to avoid the problem that the encrypted ciphertext cannot be decrypted to obtain the random seed and the reference time.
S16: the server obtains a variable factor based on the update time and the reference time.
Wherein the variable factor is a calculation parameter in the dynamic encryption algorithm. Specifically, the server acquires the current time and the preset updating time, calls the reference time stored in the memory of the server, and calculates the current time, the updating time and the reference time by using a variable factor calculation formula to acquire a variable factor, so as to provide support for subsequently generating a dynamic key by using a dynamic key generation algorithm.
S17: and the server processes the random seeds and the variable factors by adopting a dynamic key generation algorithm to obtain a dynamic key and sends the dynamic key to the client.
The dynamic key generation algorithm is an algorithm for regenerating a key in response to occurrence of a certain event (e.g., a key is used or a certain time elapses), and has advantages of high efficiency, simplicity, and high security. The dynamic key is a key obtained by processing the random seed and the variable factor by using a dynamic key generation algorithm. Specifically, a dynamic key generation algorithm is used for processing the random seed and the variable factor to obtain a dynamic key, and the dynamic key is sent to the client, so that the client encrypts (decrypts) some specific information by using the generated dynamic key. In the embodiment, the random seeds and the variable factors are processed by adopting a dynamic key generation algorithm to obtain the dynamic key, so that the key obtaining efficiency and the key security are improved.
S18: the client receives the dynamic key generated based on the configuration file and sent by the server.
Specifically, the client receives a dynamic key generated based on the configuration file sent by the server, and encrypts (decrypts) some specific information using the dynamic key, for example, when the user logs in the system dynamically, the user logs in using the dynamic key. Wherein, the dynamic key is the key obtained by executing the steps S14-S17.
In this embodiment, a seed generation tool is first used at the client to obtain the random seed and the reference time, so that the client calls an encryption machine to encrypt the random seed and the reference time to obtain an encrypted ciphertext, thereby increasing the security of the dynamic key. And then, the client acquires the configuration file based on the encrypted ciphertext and the updating time, and sends the configuration file to the server, so that the server automatically operates according to the configuration of the configuration file, the operation is simple, and the efficiency of acquiring the dynamic key is improved. And then, the server acquires the configuration file sent by the client, so that the server calls the encryption machine to decrypt the encrypted ciphertext in the configuration file, and acquires the decrypted random seed and the reference time, so that the server acquires the variable factor based on the updating time and the reference time, so that the server adopts a dynamic key generation algorithm to process the random seed and the variable factor, acquires the dynamic key, and improves the key acquisition efficiency and the key security. And the dynamic key is sent to the client, the TOTP algorithm is adopted to process the message digest, the dynamic key is obtained, and the efficiency of obtaining the dynamic key is improved.
In an embodiment, as shown in fig. 2, in step S16, that is, the server obtains the variable factor based on the updated time and the reference time, the method specifically includes the following steps:
s161: the server determines an interval time based on the current time and the reference time.
Wherein the interval time is a parameter for calculating the variable factor obtained by subtracting the reference time from the current time. The current time is a millisecond value obtained by the server by using a current time obtaining method, and the current time obtaining method includes but is not limited to system. Currenttimemillis () generates a value of milliseconds of the current time, which is in fact the number of milliseconds since 1, 0 of 1970. As can be appreciated, the server determines the interval time based on the current time and the reference time (milliseconds). The interval time is calculated as t-m-n, where t denotes an interval time, m denotes a current time (millisecond), and n denotes a reference time (millisecond).
S162: the server calculates the interval time and the update time by adopting a variable factor calculation formula to obtain a variable factor, wherein the variable factor calculation formula is a variable factor which is [ T/T ]. T, T is the interval time, T is the update time, and [ ] is rounding operation.
Specifically, the interval time and the update time are calculated using a variable factor calculation formula to obtain a variable factor. When the variable factor is calculated based on the variable factor calculation formula, a quotient of the interval time and the update time is calculated, then rounding operation is performed on the quotient to obtain a rounding value, and then the product of the rounding value and the update time is used as the variable factor.
In the embodiment, the current time is converted into the millisecond value of the millisecond value and the reference time for calculation so as to determine the interval time, the calculation process is simple and convenient, the obtaining efficiency of the dynamic key is improved, then the interval time and the updating time are calculated by adopting a variable factor calculation formula, the variable factor is obtained, and support is provided for subsequently adopting a dynamic key generation algorithm to generate the dynamic key.
In another specific embodiment, after the client obtains the dynamic key sent by the server, the server determines whether the interval time is greater than the update time, so as to achieve the purpose of automatically updating the dynamic key. Specifically, after step S16, the method for generating a dynamic key further includes the following steps:
s163: and if the interval time is greater than the updating time, generating key failure information and sending the key failure information to the client.
The dynamic key failure information is used for reminding the client that the dynamic key corresponding to the current time is failed and a new dynamic key needs to be generated. Specifically, the server further obtains the interval time and compares the interval time with the preset updating time, if the interval time is greater than the updating time, the key invalidation information is generated and sent to the client, so that the client executes the steps S11-S13 to obtain the updated configuration file, and the updated configuration file is sent to the server, so that the server generates a new dynamic key based on the updated configuration file and sends the new dynamic key to the client, thereby achieving the purpose of automatically replacing the dynamic key and improving the security. And the updated configuration file comprises an updated encrypted ciphertext and preset updating time.
S164: and if the interval time is not greater than the updating time, the execution server adopts a variable factor calculation formula to calculate the interval time and the updating time, and a step of acquiring the variable factor.
Specifically, if the interval time is not greater than the update time, which indicates that the new key does not need to be updated, the server continues to perform the step of calculating the interval time and the update time by using the variable factor calculation formula to obtain the variable factor, that is, performs step S162.
In this embodiment, the server determines whether the interval time is greater than the update time by regularly acquiring the interval time, and if the interval time is greater than the update time, generates key invalidation information and sends the key invalidation information to the client, so that the client executes steps S11-S13 to acquire an updated configuration file, and sends the updated configuration file to the server, so that the server generates a new dynamic key based on the updated configuration file and sends the new dynamic key to the client, thereby achieving the purpose of automatically replacing the dynamic key and improving the security. And if the interval time is not greater than the updating time, the execution server adopts a variable factor calculation formula to calculate the interval time and the updating time, and a step of acquiring the variable factor.
In a specific embodiment, as shown in fig. 3, in step S17, that is, the server processes the random seed and the variable factor by using a dynamic key generation algorithm to obtain the dynamic key, the method specifically includes the following steps:
s171: the server adopts a one-way hash function to process the random seed and the variable factor to obtain the message digest.
The Message Digest (also called Digital Digest) is referred to as a Message Digest. Which is a fixed length value that uniquely corresponds to a message or text, is generated by a one-way hash function acting on the message. The calculation formula of the one-way hash function is X ═ (H (K XOR opad, H (K XOR ipad, T)), where T is a variable factor, K is a random seed, XOR is an exclusive or operation, ipad is an inner loop parameter, and opad is an outer loop parameter.
In this embodiment, the seed and the variable factor are processed by using an HMAC-SHA-1 algorithm in a one-way hash function. Among them, HMAC-SHA-1 is a keyed hash algorithm constructed from SHA1 hash function, and is used as HMAC (hash-based message authentication code). The HMAC process mixes the key with the message data, performs hash calculation on the mixing result using a hash function, mixes the resulting hash value with the key, and then applies the hash function again. The output hash value is 160 bits in length. SHA-1 (secure Hash Algorithm, also known as SHS, secure Hash Standard) is a cryptographic Hash Algorithm issued by the U.S. government. It will generate a 160-bit hash value from a string of arbitrary length. Specifically, the steps of obtaining the message digest are as follows:
s1711: the random seed K is followed by 0 to create a first string of sub-length B. Since K (random seed) is randomly generated and the length is not fixed, 0 needs to be added behind the random seed K to create a first character string with a sub-length of B, so as to ensure the smooth proceeding of the subsequent calculation process. Where B is the processing data block size, and in this embodiment, the size of B is 64 bytes. For example, if the word length of K is 20 bytes and B (processed data block size) is 64 bytes, then 44 zero bytes 0x00 are added after K.
S1712: and performing exclusive or operation on the character string with the length of B generated in the step S1711 and the ipad to acquire a second character string. Wherein ipad is 0 x3636363636., and the length of ipad is the same as that of B (64 bytes). The XOR operation is also called half-addition operation, and the XOR operation rule is as follows: 0 XOR 0 is 0, 1 XOR 0 is 1, 0 XOR 1 is 1, and 1 XOR 1 is 0 (i.e., the same is 0, but different is 1).
S1713: and filling the variable factor T into the second character string to obtain a third character string. In particular, the variable factor T may be filled directly after the second string to obtain the third string.
S1714: and using H for the third character string to obtain a fourth character string. Where H is a hash function, which is a function of mapping a binary string of arbitrary length to a shorter binary string of fixed length.
S1715: and performing exclusive or operation on the first character string with the length of B bytes generated in the step S1711 and the opad to obtain a fifth character string. Wherein opad is 0x5c5c5c.
S1716: and filling the fourth character string into the fifth character string.
S1717: and (3) applying H to the fourth character string, namely performing hash operation on the fourth character string to obtain a message digest (20 byte (160 bit) array).
In this embodiment, because the random seed is generated randomly and the length is not fixed, and the HMAC-SHA-1 algorithm can accept a string of any size and generate a hash sequence (i.e., a message digest) with a length of 160 bits, the HMAC-SHA-1 algorithm is used to process the seed and the variable factor to obtain the message digest, which is convenient for calculation and provides convenience for subsequent generation of the dynamic key.
S172: and processing the message digest by using a TOTP algorithm to obtain a dynamic key.
The formula of the TOTP algorithm is TOTP (K, T) ═ truncate (X) mod 10^ d, where T is a variable factor, K is a random seed, mod is a modulo operation, d is the length of the dynamic key, and X is the message digest. Specifically, since the length of the fifth string obtained by performing hash operation on the variable factor T is too long, a 32-bit (4-byte) unsigned integer is obtained by performing Truncate (dynamic truncation function) processing, so as to improve the obtaining efficiency of the dynamic key; then, the unsigned integer and the d power of 10 are subjected to modulus operation to obtain a digital password with d bits, namely a dynamic key. In this embodiment, the value of d may be 6 or 8, which is not too long, so as to facilitate the user input when the dynamic key is used for encryption (decryption).
For example, the resulting message digest (20 bytes) is as follows:
1f |86|98|69|0e |02| ca |16|61|85|50| ef |7f |19| da |8e |94|5b |55|5a (i.e., hmac _ result [0]. hmac _ result [19], hmac _ result is a message digest). The dynamic truncation process is as follows: the last byte of the message digest is bitwise and-ed with 0xf to obtain the offset value (the initial value of the dynamic truncation function). Wherein, the operation rule of bitwise and operation is as follows: 0&0 ═ 0; 0&1 ═ 0; 1&0 ═ 0; 1&1 ═ 1; namely: two bits are simultaneously "1", the result is "1", otherwise 0. Where the 16-bit value of the last byte (the 19 th byte, i.e., hmac _ result [19]) bit is 0x5a (one byte is an 8-bit binary), the low 4-bit value is 0xa (offset value), the offset value is byte 10(0xa), the 4-byte value from 10 bytes is 0x50ef7f19, and TOTP (K, T) ═ 0x50ef7f19mod 10^6 (or 10^ 8).
In this embodiment, because the algorithm itself has a boundary problem, a rollback attempt mechanism is further added, and when decryption fails at the current time point, decryption is attempted by using a key at the previous time point. Specifically, the rollback attempt mechanism is to perform decryption by using the generated key, and if decryption at the current time fails (for example, if the current time is 13 minutes and 10 seconds at 5 hours, and the update time is 30 seconds, then the dynamic key is updated at 13 minutes and 40 seconds at 5 hours, but the third-party authentication server may fail to receive the updated key due to network delay), the decryption is performed by using the key at the previous time, so as to improve the fault tolerance of the algorithm.
In this embodiment, the server processes the seeds and the variable factors by using a one-way hash function to obtain a fixed-length message digest, which is convenient for calculation, and then processes the message digest by using a TOTP algorithm to obtain a dynamic key, thereby improving the efficiency of obtaining the dynamic key.
In this embodiment, a seed generation tool is first used at the client to obtain the random seed and the reference time, so that the client calls an encryption machine to encrypt the random seed and the reference time to obtain an encrypted ciphertext, thereby increasing the security of the dynamic key. And then, the client acquires the configuration file based on the encrypted ciphertext and the updating time, and sends the configuration file to the server, so that the server automatically operates according to the configuration of the configuration file, the operation is simple, and the efficiency of acquiring the dynamic key is improved. And then, the server acquires the configuration file sent by the client so that the server calls the encryption machine to decrypt the encrypted ciphertext in the configuration file, and acquires the decrypted random seed and the reference time. Then the server determines interval time based on the current time and the reference time so as to calculate the interval time and the updating time by adopting a variable factor calculation formula and obtain a variable factor, so that the server processes the random seed and the variable factor by adopting a one-way hash function and obtains a message digest so as to reduce the calculation amount; and the TOTP algorithm is adopted to process the message digest to acquire the dynamic key, so that the efficiency of acquiring the dynamic key is improved. And the TOTP algorithm is adopted to process the message digest to acquire the dynamic key, so that the efficiency of acquiring the dynamic key is improved. In addition, because the algorithm has a boundary problem, a return attempt mechanism is added, and when decryption fails at the current time point, decryption is attempted by adopting a key at the previous time point, so that the fault tolerance is improved. Finally, the server also obtains the updated dynamic key by judging whether the interval time is larger than the updating time or not based on the updated configuration file sent by the client and executing the steps from S14 to S18, so as to achieve the purpose of automatically replacing the dynamic key.
It should be understood that, the sequence numbers of the steps in the foregoing embodiments do not imply an execution sequence, and the execution sequence of each process should be determined by its function and inherent logic, and should not constitute any limitation to the implementation process of the embodiments of the present invention.
Example 2
Fig. 4 is a schematic block diagram of a dynamic key acquisition apparatus corresponding to the dynamic key acquisition method in embodiment 1. As shown in fig. 4, the dynamic key obtaining apparatus includes a server 10 and a client 20. The server comprises a configuration file acquisition module 11, an encryption machine decryption module 12, a variable factor acquisition module 13 and a dynamic key acquisition module 14. The implementation functions of the client 20 including the random seed and reference time obtaining module 21, the encrypted ciphertext obtaining module 22, the configuration file obtaining module 23, and the dynamic key receiving module 24 correspond to the steps corresponding to the dynamic key obtaining method in the embodiment one to one, and for avoiding repeated description, detailed description is not needed in this embodiment.
The server 10 includes a profile acquisition module 11, an encryptor decryption module 12, a variable factor acquisition module 13, and a dynamic key acquisition module 14.
And the configuration file acquisition module 11 is configured to acquire a configuration file sent by the client, where the configuration file includes an encryption ciphertext and update time acquired based on the encryption apparatus.
And the encryptor decryption module 12 is used for calling the encryptor to decrypt the encrypted ciphertext to obtain the decrypted random seed and the reference time.
And a variable factor obtaining module 13, configured to obtain a variable factor based on the update time and the reference time.
And the dynamic key obtaining module 14 is configured to process the random seed and the variable factor by using a dynamic key generation algorithm, obtain a dynamic key, and send the dynamic key to the client.
Preferably, the variable factor acquiring module 13 includes an interval time determining unit 131, a first variable factor acquiring unit 132.
An interval time determining unit 131 for determining an interval time based on the current time and the reference time.
The first variable factor obtaining unit 132 is configured to calculate the interval time and the update time by using a variable factor calculation formula, so as to obtain a variable factor, where the variable factor calculation formula is a variable factor ═ T/T ═ T, where T is the interval time, T is the update time, and [ ] is a rounding operation.
Preferably, the dynamic key obtaining apparatus further includes a key revocation information obtaining unit 133 and a second variable factor obtaining unit 134.
And a key revocation information obtaining unit 133, configured to generate key revocation information if the interval time is greater than the update time, and send the key revocation information to the client.
And a second variable factor obtaining unit 134, configured to perform a step in which the server calculates the interval time and the update time by using a variable factor calculation formula to obtain the variable factor if the interval time is not greater than the update time.
Preferably, the dynamic key obtaining module 14 includes a message digest obtaining unit 141 and a dynamic key obtaining unit 142.
The message digest obtaining unit 141 processes the random seed and the variable factor by using a one-way hash function to obtain a message digest.
The dynamic key obtaining unit 142 processes the message digest by using a TOTP algorithm to obtain a dynamic key.
The client 20 includes a random seed and reference time obtaining module 21, an encrypted ciphertext obtaining module 22, a configuration file obtaining module 23, and a dynamic key receiving module 24.
And a random seed and reference time obtaining module 21, configured to obtain a random seed and reference time by using a seed generation tool.
And the encrypted ciphertext obtaining module 22 is configured to invoke the encryptor to encrypt the random seed and the reference time, so as to obtain an encrypted ciphertext.
And the configuration file obtaining module 23 is configured to obtain the configuration file based on the encrypted ciphertext and the update time, and send the configuration file to the server.
And the dynamic key receiving module 24 is configured to receive a dynamic key generated based on the configuration file and sent by the server.
Example 3
This embodiment provides a computer-readable storage medium, where a computer program is stored on the computer-readable storage medium, and when the computer program is executed by a processor, the method for obtaining a dynamic key in embodiment 1 is implemented, and details are not described here for avoiding repetition. Alternatively, the computer program, when executed by the processor, implements the functions of each module/unit in the apparatus for acquiring a dynamic key in embodiment 2, and is not described herein again to avoid repetition.
Example 4
Fig. 5 is a schematic diagram of a terminal device according to an embodiment of the present invention. As shown in fig. 5, the terminal device 50 of this embodiment includes: a processor 51, a memory 52 and a computer program 53 stored in the memory 52 and executable on the processor 51. The processor 51 implements the steps of the method for acquiring a dynamic key in embodiment 1 described above, such as steps S11 to S18 shown in fig. 1, when executing the computer program 53. Alternatively, the processor 51 implements the functions of the modules/units of the dynamic key acquisition apparatus in embodiment 2 when executing the computer program 53, such as the profile acquisition module 11, the encryptor decryption module 12, the variable factor acquisition module 13, and the dynamic key acquisition module 14 shown in fig. 4; or the random seed and reference time obtaining module 21, the encrypted ciphertext obtaining module 22, the configuration file obtaining module 23 and the dynamic key receiving module 24.
Illustratively, the computer program 53 may be divided into one or more modules/units, which are stored in the memory 52 and executed by the processor 51 to carry out the invention. One or more of the modules/units may be a series of computer program instruction segments capable of performing specific functions, which are used to describe the execution of the computer program 53 in the terminal device 50. For example, the computer program 53 may be divided into a profile acquisition module 11, an encryptor decryption module 12, a variable factor acquisition module 13, and a dynamic key acquisition module 14; or the random seed and reference time obtaining module 21, the encrypted ciphertext obtaining module 22, the configuration file obtaining module 23, and the dynamic key receiving module 24, where specific functions of each module correspond to steps of the method for obtaining a dynamic key in embodiment 1 one to one, and are not repeated here to avoid repetition.
The terminal device 50 may be a desktop computer, a notebook, a palm computer, a cloud server, or other computing devices. The terminal device may include, but is not limited to, a processor 51, a memory 52. Those skilled in the art will appreciate that fig. 5 is merely an example of a terminal device 50 and does not constitute a limitation of terminal device 50 and may include more or fewer components than shown, or some components may be combined, or different components, e.g., the terminal device may also include input-output devices, network access devices, buses, etc.
The Processor 51 may be a Central Processing Unit (CPU), other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic device, discrete hardware component, or the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The storage 52 may be an internal storage unit of the terminal device 50, such as a hard disk or a memory of the terminal device 50. The memory 52 may also be an external storage device of the terminal device 50, such as a plug-in hard disk provided on the terminal device 50, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), and the like. Further, the memory 52 may also include both an internal storage unit of the terminal device 50 and an external storage device. The memory 52 is used for storing computer programs and other programs and data required by the terminal device. The memory 52 may also be used to temporarily store data that has been output or is to be output.
It will be apparent to those skilled in the art that, for convenience and brevity of description, only the above-mentioned division of the functional units and modules is illustrated, and in practical applications, the above-mentioned function distribution may be performed by different functional units and modules according to needs, that is, the internal structure of the apparatus is divided into different functional units or modules to perform all or part of the above-mentioned functions.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated modules/units, if implemented in the form of software functional units and sold or used as separate products, may be stored in a computer readable storage medium. Based on such understanding, all or part of the flow of the method according to the embodiments of the present invention may also be implemented by a computer program, which may be stored in a computer-readable storage medium, and when the computer program is executed by a processor, the steps of the method embodiments may be implemented. Wherein the computer program comprises computer program code, which may be in the form of source code, object code, an executable file or some intermediate form, etc. The computer-readable medium may include: any entity or device capable of carrying the computer program code, recording medium, usb disk, removable hard disk, magnetic disk, optical disk, computer Memory, Read-Only Memory (ROM), Random Access Memory (RAM), electrical carrier wave signals, telecommunications signals, software distribution medium, and the like. It should be noted that the computer readable medium may contain other components which may be suitably increased or decreased as required by legislation and patent practice in jurisdictions, for example, in some jurisdictions, computer readable media which may not include electrical carrier signals and telecommunications signals in accordance with legislation and patent practice.
The above-mentioned embodiments are only used for illustrating the technical solutions of the present invention, and not for limiting the same. Although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; such modifications and substitutions do not substantially depart from the spirit and scope of the embodiments of the present invention, and are intended to be included within the scope of the present invention.
Claims (9)
1. A method for obtaining a dynamic key is characterized by comprising the following steps executed by a server:
acquiring a configuration file sent by a client, wherein the configuration file comprises an encrypted ciphertext and update time acquired based on an encryption machine;
calling the encryption machine to decrypt the encrypted ciphertext to obtain decrypted random seeds and reference time; the random seeds and the reference time are generated by the client side by adopting a seed generation tool;
determining an interval time based on a current time and the reference time;
calculating the interval time and the updating time by adopting a variable factor calculation formula to obtain a variable factor, wherein the variable factor calculation formula is variable factor T/T, T is the interval time, T is the updating time, and [ ] is rounding operation;
and processing the random seeds and the variable factors by adopting a dynamic key generation algorithm to obtain a dynamic key, and sending the dynamic key to the client.
2. The method for acquiring a dynamic key according to claim 1, wherein after the step of determining an interval time based on the current time and the reference time, the method for acquiring a dynamic key further comprises:
if the interval time is longer than the updating time, generating key failure information and sending the key failure information to the client;
and if the interval time is not greater than the updating time, executing the step of calculating the interval time and the updating time by adopting a variable factor calculation formula to obtain a variable factor.
3. The method for obtaining a dynamic key according to claim 1, wherein the processing the random seed and the variable factor by using a dynamic key generation algorithm to obtain the dynamic key comprises:
processing the random seeds and the variable factors by adopting a one-way hash function to obtain a message digest;
and processing the message digest by adopting a TOTP algorithm to acquire the dynamic key.
4. The method of claim 3, wherein the one-way hash function has a formula of X ═ H (K XOR opad, H (K XOR ipad, T)), where T is the variable factor, K is the random seed, XOR is an XOR sign, ipad is an inner round parameter, and opad is an outer round parameter;
the formula of the TOTP algorithm is TOTP (K, T) ═ truncate (X) mod 10^ d, where T is the variable factor, K is the random seed, mod is the modulo operation, d is the length of the custom dynamic key, and X is the message digest.
5. A method for obtaining a dynamic key is characterized by comprising the following steps executed by a client:
acquiring random seeds and reference time by adopting a seed generation tool;
calling an encryption machine to encrypt the random seed and the reference time to obtain an encrypted ciphertext;
acquiring a configuration file based on the encrypted ciphertext and the updating time, and sending the configuration file to a server;
receiving the dynamic key generated based on the configuration file and sent by the server; wherein, the server acquires the dynamic key by adopting the acquisition method of the dynamic key according to any one of claims 1 to 4.
6. An apparatus for obtaining a dynamic key, comprising:
the configuration file acquisition module is used for acquiring a configuration file sent by a client, wherein the configuration file comprises an encrypted ciphertext acquired based on an encryption machine and update time;
the encryption machine decryption module is used for calling the encryption machine to decrypt the encrypted ciphertext to obtain decrypted random seeds and reference time; the random seeds and the reference time are generated by the client side by adopting a seed generation tool;
a variable factor obtaining module for obtaining a variable factor based on the update time and the reference time;
the dynamic key acquisition module is used for processing the random seeds and the variable factors by adopting a dynamic key generation algorithm to acquire a dynamic key and sending the dynamic key to the client;
wherein the variable factor acquiring module comprises:
an interval time determination unit for determining an interval time based on a current time and the reference time;
the first variable factor obtaining unit is configured to calculate the interval time and the update time by using a variable factor calculation formula to obtain a variable factor, where the variable factor calculation formula is a variable factor [ T/T ] × T, where T is the interval time, T is the update time, and [ ] is a rounding operation.
7. An apparatus for obtaining a dynamic key, comprising:
the random seed and reference time acquisition module is used for acquiring random seeds and reference time by adopting a seed generation tool;
the encrypted ciphertext acquisition module is used for calling an encryption machine to encrypt the random seed and the reference time to acquire an encrypted ciphertext;
the configuration file acquisition module is used for acquiring a configuration file based on the encrypted ciphertext and the updating time and sending the configuration file to a server;
the dynamic key receiving module is used for receiving the dynamic key which is sent by the server and generated based on the configuration file; wherein, the server acquires the dynamic key by adopting the acquisition method of the dynamic key according to any one of claims 1 to 4.
8. A terminal device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, wherein the processor implements the steps of the method for obtaining a dynamic key according to any one of claims 1 to 4 when executing the computer program, or implements the steps of the method for obtaining a dynamic key according to claim 5 when executing the computer program.
9. A computer-readable storage medium, in which a computer program is stored, which, when being executed by a processor, carries out the steps of the method for obtaining a dynamic key according to any one of claims 1 to 4, or which, when being executed by a processor, carries out the steps of the method for obtaining a dynamic key according to claim 5.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810014135.1A CN108462686B (en) | 2018-01-08 | 2018-01-08 | Method and device for acquiring dynamic key, terminal equipment and storage medium |
| PCT/CN2018/077474 WO2019134241A1 (en) | 2018-01-08 | 2018-02-28 | Method for acquiring dynamic key, device, terminal apparatus, and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810014135.1A CN108462686B (en) | 2018-01-08 | 2018-01-08 | Method and device for acquiring dynamic key, terminal equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108462686A CN108462686A (en) | 2018-08-28 |
| CN108462686B true CN108462686B (en) | 2020-09-04 |
Family
ID=63220529
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810014135.1A Active CN108462686B (en) | 2018-01-08 | 2018-01-08 | Method and device for acquiring dynamic key, terminal equipment and storage medium |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN108462686B (en) |
| WO (1) | WO2019134241A1 (en) |
Families Citing this family (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110298941A (en) * | 2019-05-21 | 2019-10-01 | 杭州海兴电力科技股份有限公司 | A kind of disposable temporary password generation method of intelligent door lock |
| CN111064571B (en) * | 2020-01-09 | 2022-04-22 | 青岛海信移动通信技术股份有限公司 | Communication terminal, server and method for dynamically updating pre-shared key |
| CN114095920A (en) * | 2020-07-29 | 2022-02-25 | 阿里巴巴集团控股有限公司 | Communication method, system, apparatus, device and storage medium |
| CN111988143B (en) * | 2020-08-28 | 2024-03-01 | 百度时代网络技术(北京)有限公司 | Key updating method, device, equipment and storage medium |
| CN112287369A (en) * | 2020-11-02 | 2021-01-29 | 珠海格力电器股份有限公司 | Decryption method, decryption device, computer equipment and storage medium |
| CN113761551A (en) * | 2020-11-18 | 2021-12-07 | 北京沃东天骏信息技术有限公司 | Key generation method, encryption method, decryption method and device |
| CN112564889B (en) * | 2020-12-04 | 2021-11-09 | 深圳市安室智能有限公司 | Data encryption transmission method and related product |
| CN113326518B (en) * | 2021-06-09 | 2024-02-02 | 深圳前海微众银行股份有限公司 | Data processing method and device |
| CN113507363B (en) * | 2021-07-08 | 2023-08-01 | 中国建设银行股份有限公司 | Data processing method, device, electronic equipment and storage medium |
| CN115767503B (en) * | 2022-11-14 | 2024-06-07 | 杭州可当科技有限公司 | ESIM chip applied to Internet of things |
| CN117040944B (en) * | 2023-10-10 | 2024-04-26 | 深圳市旗云智能科技有限公司 | Remote signal transmission device of wireless Internet of things |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101119565A (en) * | 2007-09-03 | 2008-02-06 | 华为技术有限公司 | Mobile communications terminal data protection method, system and equipment |
| CN101783800A (en) * | 2010-01-27 | 2010-07-21 | 华为终端有限公司 | Embedded system safety communication method, device and system |
Family Cites Families (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101699820B (en) * | 2009-10-30 | 2013-02-13 | 飞天诚信科技股份有限公司 | Method and device for authenticating dynamic passwords |
| JP5512045B2 (en) * | 2011-07-25 | 2014-06-04 | 三菱電機株式会社 | ENCRYPTION DEVICE, ENCRYPTION METHOD, AND ENCRYPTION PROGRAM |
| CN103905195A (en) * | 2012-12-28 | 2014-07-02 | 中国电信股份有限公司 | User card authentication method and system based on dynamic password |
| CN103067160B (en) * | 2013-01-14 | 2018-05-15 | 江苏智联天地科技有限公司 | A kind of method and system for the dynamic key production for encrypting SD card |
| CN103051460B (en) * | 2013-01-29 | 2015-08-19 | 赵忠华 | Based on dynamic token system and the encryption method thereof of inertial technology |
| CN104301109B (en) * | 2014-09-24 | 2017-06-06 | 飞天诚信科技股份有限公司 | A kind of method of work of voice Dynamic Token |
| CN104506497B (en) * | 2014-12-10 | 2018-02-27 | 青岛海信电器股份有限公司 | A kind of information issuing method and system |
| CN107154935B (en) * | 2017-04-26 | 2020-09-11 | 腾讯科技(深圳)有限公司 | Service request method and device |
-
2018
- 2018-01-08 CN CN201810014135.1A patent/CN108462686B/en active Active
- 2018-02-28 WO PCT/CN2018/077474 patent/WO2019134241A1/en active Application Filing
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101119565A (en) * | 2007-09-03 | 2008-02-06 | 华为技术有限公司 | Mobile communications terminal data protection method, system and equipment |
| CN101783800A (en) * | 2010-01-27 | 2010-07-21 | 华为终端有限公司 | Embedded system safety communication method, device and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108462686A (en) | 2018-08-28 |
| WO2019134241A1 (en) | 2019-07-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108462686B (en) | Method and device for acquiring dynamic key, terminal equipment and storage medium | |
| CN112035860B (en) | File encryption method, terminal, device, equipment and medium | |
| US5764766A (en) | System and method for generation of one-time encryption keys for data communications and a computer program product for implementing the same | |
| CN112637836A (en) | Data processing method and device, electronic equipment and storage medium | |
| US11750403B2 (en) | Robust state synchronization for stateful hash-based signatures | |
| WO2021114850A1 (en) | Method and apparatus for encrypting and decrypting and reading and writing messages, computer device, and storage medium | |
| CN110932868B (en) | Data signature method, system and device | |
| US20220078024A1 (en) | State synchronization for post-quantum signing facilities | |
| CN112054896B (en) | White box encryption method, white box encryption device, terminal and storage medium | |
| CN115150821A (en) | Offline package transmission and storage method and device | |
| US11748521B2 (en) | Privacy-enhanced computation via sequestered encryption | |
| US8832450B2 (en) | Methods and apparatus for data hashing based on non-linear operations | |
| CN112182518A (en) | Software deployment method and device | |
| CN109784072B (en) | Security file management method and system | |
| CN114785527B (en) | Data transmission method, device, equipment and storage medium | |
| CN109995534B (en) | Method and device for carrying out security authentication on application program | |
| CN111949996A (en) | Generation method, encryption method, system, device and medium of security private key | |
| CN113784342B (en) | Encryption communication method and system based on Internet of things terminal | |
| CN115361198A (en) | Decryption method, encryption method, device, computer equipment and storage medium | |
| CN110401533B (en) | Private key encryption method and device | |
| CN112612499A (en) | Application program upgrading method and device, electronic equipment and storage medium | |
| CN113347270A (en) | Method and device for preventing horizontal unauthorized network transmission file | |
| CN114430549A (en) | White box encryption and decryption method and device suitable for wireless communication | |
| WO2020173662A1 (en) | Method secured against side-channel attacks with a new masking scheme protecting linear operations of a cryptographic algorithm | |
| Park et al. | A study on the processing and reinforcement of message digest through two-dimensional array masking |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |