CN108880791A - Cryptographic key protection method, terminal and computer readable storage medium - Google Patents
Cryptographic key protection method, terminal and computer readable storage medium Download PDFInfo
- Publication number
- CN108880791A CN108880791A CN201810537651.2A CN201810537651A CN108880791A CN 108880791 A CN108880791 A CN 108880791A CN 201810537651 A CN201810537651 A CN 201810537651A CN 108880791 A CN108880791 A CN 108880791A
- Authority
- CN
- China
- Prior art keywords
- key
- safety chip
- private key
- stored
- unsymmetrical
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0822—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0625—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation with splitting of the data block into left and right halves, e.g. Feistel based algorithms, DES, FEAL, IDEA or KASUMI
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0631—Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3231—Biological data, e.g. fingerprint, voice or retina
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Health & Medical Sciences (AREA)
- Life Sciences & Earth Sciences (AREA)
- Biodiversity & Conservation Biology (AREA)
- Biomedical Technology (AREA)
- General Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of cryptographic key protection methods, are applied to terminal, and the terminal includes equipped with safety chip, this method:When receiving unsymmetrical key generation instruction, unsymmetrical key is generated in safety chip according to preset unsymmetrical key generating algorithm, the unsymmetrical key includes private key;The master key being pre-stored in the safety chip is obtained, the private key is encrypted by the master key and preset Encryption Algorithm, obtains private key ciphertext;The private key ciphertext is stored in the safety chip.The invention also discloses a kind of terminals and a kind of computer readable storage medium.The present invention can be improved the safety that private key is locally stored.
Description
Technical field
The present invention relates to field of information security technology more particularly to cryptographic key protection methods, terminal and computer-readable storage
Medium.
Background technique
Digital cash is a kind of sabstitute money of electronic form, can be used for true exchange of goods and service.?
In digital cash network, the assets of user refer to that the legal digital cash of user, the transaction needs of legal digital cash are held
The private key signature of person, therefore safeguarding of assets is equivalent to the safeguard protection of participant's private key, i.e. the storage safety and visit of protection private key
It pays one's respects complete, guarantees that only holder can make signature transaction of private key.
In the prior art, according to private key for user whether trustship, private key memory module can be divided into pipe of boarding at the nursery, part trustship and
It is locally stored three kinds.In being locally stored in mode for private key, generally by the user key stored in clear of generation in the piece of terminal
Or chip external memory, and it is protected by corresponding security software, however security software there is also by malicious attack can
Can, once security software is broken, criminal can will get easily the private key of user, to bring assets to damage to user
It goes wrong danger.Thus, the safety that mode is locally stored in existing private key need to be improved.
Summary of the invention
It is a primary object of the present invention to propose a kind of cryptographic key protection method, terminal and computer readable storage medium, purport
In the safety that raising private key is locally stored.
To achieve the above object, the present invention provides a kind of cryptographic key protection method, and the cryptographic key protection method is applied to terminal,
The terminal is equipped with safety chip, and described method includes following steps:
When receiving unsymmetrical key generation instruction, according to preset unsymmetrical key generating algorithm in safety chip
Unsymmetrical key is generated, the unsymmetrical key includes private key;
The master key being pre-stored in the safety chip is obtained, the master key and preset Encryption Algorithm pair are passed through
The private key is encrypted, and private key ciphertext is obtained;
The private key ciphertext is stored in the safety chip.
Preferably, described when receiving unsymmetrical key generation instruction, according to preset unsymmetrical key generating algorithm
Before the step of generating unsymmetrical key in safety chip, further include:
When receiving master key generation instruction, master key of the random number as the safety chip is generated;
The master key is stored in the safety chip.
Preferably, the unsymmetrical key further includes public key, described that the private key ciphertext is stored in the safety chip
In step after, further include:
When receiving the service message by the public key encryption, it is close to read the master being pre-stored in the safety chip
Key;
In the safety chip, the private key ciphertext is decrypted by the master key, obtains private key in plain text;
By, by the service message of the public key encryption, it is bright to obtain corresponding service message described in the private key plaintext decryption
Text.
Preferably, described when receiving the service message by the public key encryption, reading is pre-stored in the safety
The step of master key in chip includes:
When receiving the service message by the public key encryption, master key read requests are issued to the safety chip,
So that the safety chip exports the prompt information for prompting user's input validation information;
The check information for receiving user's input, judges whether the check information is identical as preset check information;
If so, reading the master key pre-saved in the safety chip.
Preferably, the check information is biological characteristic or access password.
Preferably, after the step that the private key ciphertext is stored in the safety chip, further include:
When receiving service message signature command, obtain service message to be signed, and read be pre-stored in it is described
Master key in safety chip;
In the safety chip, the private key ciphertext is decrypted by the master key, obtains private key in plain text;
Abstract is calculated to the service message to be signed, and by the private key in plain text to the message digest being calculated
It signs, the service message after being signed.
Preferably, the preset unsymmetrical key generating algorithm is RSA cryptographic algorithms.
Preferably, the preset Encryption Algorithm is Advanced Encryption Standard AES encryption algorithm or DES Cipher
Encryption Algorithm.
In addition, to achieve the above object, the present invention also provides a kind of terminal, the terminal includes:Safety chip, storage
Device, processor and it is stored in the key protector that can be run on the memory and on the processor, the key is protected
The step of shield program realizes cryptographic key protection method as described above when being executed by the processor.
In addition, to achieve the above object, it is described computer-readable the present invention also provides a kind of computer readable storage medium
Key protector is stored on storage medium, the key protector realizes key as described above when being executed by processor
The step of guard method.
The present invention is when receiving unsymmetrical key generation instruction, according to preset unsymmetrical key generating algorithm in safety
Unsymmetrical key is generated in chip, the unsymmetrical key includes private key;Obtain the master being pre-stored in the safety chip
Key encrypts the private key by the master key and preset Encryption Algorithm, obtains private key ciphertext;By the private key
Ciphertext is stored in the safety chip.The present invention utilizes safety chip by the way that private key for user to be stored in safety chip
Master key private key is encrypted, the read-write protection to private key is enhanced, to improve the safety that private key is locally stored.
Detailed description of the invention
Fig. 1 is the terminal structure schematic diagram for the hardware running environment that the embodiment of the present invention is related to;
Fig. 2 is the flow diagram of cryptographic key protection method first embodiment of the present invention;
Fig. 3 is the flow diagram of cryptographic key protection method second embodiment of the present invention;
Fig. 4 is the refinement step schematic diagram of step S40 in Fig. 3;
Fig. 5 is the flow diagram of cryptographic key protection method 3rd embodiment of the present invention.
The embodiments will be further described with reference to the accompanying drawings for the realization, the function and the advantages of the object of the present invention.
Specific embodiment
It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, it is not intended to limit the present invention.
The primary solutions of the embodiment of the present invention are:When receiving unsymmetrical key generation instruction, according to preset
Unsymmetrical key generating algorithm generates unsymmetrical key in safety chip, and the unsymmetrical key includes private key;It obtains preparatory
The master key being stored in the safety chip adds the private key by the master key and preset Encryption Algorithm
It is close, obtain private key ciphertext;The private key ciphertext is stored in the safety chip.
In the prior art, according to private key for user whether trustship, private key memory module can be divided into pipe of boarding at the nursery, part trustship and
It is locally stored three kinds.In being locally stored in mode for private key, generally by the user key stored in clear of generation in the piece of terminal
Or chip external memory, and it is protected by corresponding security software, however security software there is also by malicious attack can
Can, once security software is broken, criminal can will get easily the private key of user, to bring assets to damage to user
It goes wrong danger.
The present invention carries out private key by the way that private key for user to be stored in safety chip, and using the master key of safety chip
Encryption, enhances the read-write protection to private key, to improve the safety that private key is locally stored.
As shown in Figure 1, Fig. 1 is the terminal structure schematic diagram for the hardware running environment that the embodiment of the present invention is related to.
The terminal of that embodiment of the invention can be directly integrated on terminal mainboard equipped with safety chip, the safety chip,
It can be equipped in other small memory devices (such as Ukey), connection is established by the USB interface and terminal of small memory device.
Wherein, terminal can be PC, and being also possible to smart phone, tablet computer, wearable device, portable computer etc. has display function
The packaged type terminal device of energy.
As shown in Figure 1, the terminal may include:Processor 1001, such as CPU, network interface 1004, user interface
1003, memory 1005, communication bus 1002.Wherein, communication bus 1002 is for realizing the connection communication between these components.
User interface 1003 may include display screen (Display), input unit such as keyboard (Keyboard), optional user interface
1003 can also include standard wireline interface and wireless interface.Network interface 1004 optionally may include that the wired of standard connects
Mouth, wireless interface (such as WI-FI interface).Memory 1005 can be high speed RAM memory, be also possible to stable memory
(non-volatile memory), such as magnetic disk storage.Memory 1005 optionally can also be independently of aforementioned processor
1001 storage device.
Preferably, terminal can also include camera, RF (Radio Frequency, radio frequency) circuit, sensor, audio
Circuit, WiFi module etc..Wherein, sensor such as optical sensor, motion sensor and other sensors.Specifically, light
Sensor may include ambient light sensor and proximity sensor, wherein ambient light sensor can according to the light and shade of ambient light come
The brightness of display screen is adjusted, proximity sensor can close display screen and/or backlight when mobile terminal is moved in one's ear.As
One kind of motion sensor, gravity accelerometer can detect the size of (generally three axis) acceleration in all directions, quiet
Size and the direction that can detect that gravity when only, the application that can be used to identify mobile terminal posture are (such as horizontal/vertical screen switching, related
Game, magnetometer pose calibrating), Vibration identification correlation function (such as pedometer, tap) etc.;Certainly, mobile terminal can also match
The other sensors such as gyroscope, barometer, hygrometer, thermometer, infrared sensor are set, details are not described herein.
It will be understood by those skilled in the art that the restriction of the not structure paired terminal of terminal structure shown in Fig. 1, can wrap
It includes than illustrating more or fewer components, perhaps combines certain components or different component layouts.
As shown in Figure 1, as may include that operating system, network are logical in a kind of memory 1005 of computer storage medium
Believe module, Subscriber Interface Module SIM and key protector.
In terminal shown in Fig. 1, network interface 1004 is mainly used for connecting background server, carries out with background server
Data communication;User interface 1003 is mainly used for connecting client (user terminal), carries out data communication with client;And processor
1001 can be used for calling the key protector stored in memory 1005, and execute following operation:
When receiving unsymmetrical key generation instruction, according to preset unsymmetrical key generating algorithm in safety chip
Unsymmetrical key is generated, the unsymmetrical key includes private key;
The master key being pre-stored in the safety chip is obtained, the master key and preset Encryption Algorithm pair are passed through
The private key is encrypted, and private key ciphertext is obtained;
The private key ciphertext is stored in the safety chip.
Further, processor 1001 can call the key protector stored in memory 1005, also execute following
Operation:
When receiving master key generation instruction, master key of the random number as the safety chip is generated;
The master key is stored in the safety chip.
Further, the unsymmetrical key further includes public key, and processor 1001 can call to be stored in memory 1005
Key protector, also execute following operation:
When receiving the service message by the public key encryption, it is close to read the master being pre-stored in the safety chip
Key;
In the safety chip, the private key ciphertext is decrypted by the master key, obtains private key in plain text;
By, by the service message of the public key encryption, it is bright to obtain corresponding service message described in the private key plaintext decryption
Text.
Further, processor 1001 can call the key protector stored in memory 1005, also execute following
Operation:
When receiving the service message by the public key encryption, master key read requests are issued to the safety chip,
So that the safety chip exports the prompt information for prompting user's input validation information;
The check information for receiving user's input, judges whether the check information is identical as preset check information;
If so, reading the master key pre-saved in the safety chip.
Further, the check information is biological characteristic or access password.
Further, processor 1001 can call the key protector stored in memory 1005, also execute following
Operation:
When receiving service message signature command, obtain service message to be signed, and read be pre-stored in it is described
Master key in safety chip;
In the safety chip, the private key ciphertext is decrypted by the master key, obtains private key in plain text;
Abstract is calculated to the service message to be signed, and by the private key in plain text to the message digest being calculated
It signs, the service message after being signed.
Further, the preset unsymmetrical key generating algorithm is RSA cryptographic algorithms.
Further, the preset Encryption Algorithm is Advanced Encryption Standard AES encryption algorithm or data encryption standards
Des encryption algorithm.
The specific embodiment of terminal of the present invention and each specific embodiment of following cryptographic key protection methods are essentially identical, herein not
It repeats.
Based on above-mentioned hardware configuration, each embodiment of cryptographic key protection method of the present invention is proposed.
It is the flow diagram of cryptographic key protection method first embodiment of the present invention referring to Fig. 2, Fig. 2.The present embodiment key is protected
Maintaining method is applied to terminal, the terminal equipped with safety chip, the method includes:
Step S10 is pacifying when receiving unsymmetrical key generation instruction according to preset unsymmetrical key generating algorithm
Unsymmetrical key is generated in full chip, the unsymmetrical key includes private key;
The present embodiment safety chip can by the digital assets such as bank trade participant provide, when use safety chip
When, user can read and write access by the safety chip processing modules implement of terminal built-in to safety chip.In the safe core
In the production process of piece, initialization process can be carried out, that is, generates a master key and is stored in safety chip and store list accordingly
In member;Certainly, the master key of safety chip can also receive generation when master key generates instruction in terminal, at this point, step S10
It before may include step:
When receiving master key generation instruction, master key of the random number as the safety chip is generated;By the master
Key is stored in the safety chip.
Wherein, master key generates instruction and can be triggered by user by the display interface of terminal, can also be in safety chip
Automatic trigger when being first used.In addition, being a random number due to the master key of safety chip and being generated in safety chip, protected
It deposits, therefore can guarantee the corresponding unique master key of a safety chip, and master key is not easy to be stolen.
To realize being locally stored for key, when user uses safety chip, oneself can be generated in safety chip
Unsymmetrical key, the unsymmetrical key include public key and private key.Specifically, user can be triggered non-by the display interface of terminal
Symmetric key generation instruction is generated when terminal, which receives unsymmetrical key, generates instruction according to preset unsymmetrical key
Algorithm generates unsymmetrical key in safety chip.Wherein, unsymmetrical key generating algorithm can carry out flexible setting in advance,
In one embodiment, the unsymmetrical key generating algorithm is that (one kind is made in e-business RSA cryptographic algorithms extensively at present
Rivest, shamir, adelman), the prior art can refer to using the concrete mode that RSA cryptographic algorithms generate unsymmetrical key, this
Place does not repeat.
Step S20 obtains the master key that is pre-stored in the safety chip, by the master key and it is preset plus
Close algorithm encrypts the private key, obtains private key ciphertext;
After safety chip generates unsymmetrical key, the master key being pre-stored in safety chip is further obtained, and
The private key of generation is encrypted by the master key and preset Encryption Algorithm, to obtain private key ciphertext.Wherein, preset to add
Close algorithm can be AES (Advanced Encryption Standard, Advanced Encryption Standard) Encryption Algorithm or data encryption
Standard DES (Data Encryption Standard, data encryption standards) Encryption Algorithm, naturally it is also possible to be calculated for other encryptions
Method, when specific implementation, can flexible settings.
The private key ciphertext is stored in the safety chip by step S30.
After encryption obtains private key ciphertext, i.e., the private key ciphertext is stored in the corresponding storage unit of safety chip, from
And realize being locally stored for private key.Signature and the decryption that the private key being locally stored carries out business transaction can be used in subsequent user
Deng operation, which includes but is not limited to that the same trade contracts, transfers accounts, remitting money, clearing and quick payment etc..
It should be noted that the present embodiment since user generates in local security chip and save private key, is worked as and is used
When family carries out the operation such as trading signature or decryption using private key, there is complete non-repudiation.
In the present embodiment, it when receiving unsymmetrical key generation instruction, is generated and is calculated according to preset unsymmetrical key
Method generates unsymmetrical key in safety chip, and the unsymmetrical key includes private key;Acquisition is pre-stored in the safe core
Master key in piece encrypts the private key by the master key and preset Encryption Algorithm, obtains private key ciphertext;It will
The private key ciphertext is stored in the safety chip.The present embodiment is by the way that private key for user to be stored in safety chip, and benefit
Private key is encrypted with the master key of safety chip, enhances the read-write protection to private key, is locally deposited to improve private key
The safety of storage.
It further, is the flow diagram of cryptographic key protection method second embodiment of the present invention referring to Fig. 3, Fig. 3.Based on upper
Embodiment shown in Fig. 2 is stated, the unsymmetrical key further includes public key, after step S30, can also include:
Step S40, when receiving the service message by the public key encryption, reading is pre-stored in the safety chip
In master key;
Step S50 is decrypted the private key ciphertext by the master key, obtains private in the safety chip
Key is in plain text;
Step S60, by, by the service message of the public key encryption, obtaining corresponding industry described in the private key plaintext decryption
Message be engaged in plain text.
In the present embodiment, when terminal carries out business transaction using safety chip, if terminal is received by client public key
The service message of encryption then reads the master key being pre-stored in safety chip first, and in safety chip, passes through the master
The private key ciphertext that key pair saves is decrypted, to obtain private key in plain text, in specific decipherment algorithm and above-mentioned first embodiment
Used Encryption Algorithm is corresponding, for example, if using AES encryption algorithm for encryption private key before, it is corresponding at this time to use AES encryption
Algorithm decrypted private key, it is corresponding at this time to use des encryption algorithm decrypted private key if using des encryption algorithm for encryption private key before;
After obtaining private key plaintext, by the private key plaintext decryption by the service message of public key encryption, corresponding business report can be obtained
Civilized text.Even if illegal user obtains the service message of encryption as a result, also due to it can not be decrypted without private key, thus
It ensure that the safety of service message transmission.
It further, is the refinement step schematic diagram of step S40 in Fig. 3 referring to Fig. 4, Fig. 4.Above-mentioned steps S40 can be into
One step includes:
Step S41 issues master key to the safety chip and reads when receiving the service message by the public key encryption
Request is taken, so that the safety chip exports the prompt information for prompting user's input validation information;
Step S42, receive user input check information, judge the check information whether with preset check information phase
Together;
If so, thening follow the steps S43, the master key pre-saved in the safety chip is read.
In the present embodiment, when terminal receives the service message by the public key encryption, to obtain the private being locally stored
Key issues master key read requests to safety chip first to decrypt the service message, so that safety chip output is for prompting
The prompt information of user's input validation information, terminal receive user input check information, and judge the check information whether with
Preset check information is identical, and if they are the same, then verification passes through, and it is close can to read the master pre-saved in safety chip at this time
Key.Wherein, check information can be biological characteristic (such as fingerprint, vocal print, iris) or access password (such as access password), and user
It can according to need and default check information is modified at any time.
By the above-mentioned means, ensure that only user can just get master key, and finally obtained by the master key
To private key, to enhance the safety that local private key uses.
It further, is the flow diagram of cryptographic key protection method 3rd embodiment of the present invention referring to Fig. 5, Fig. 5.Based on upper
The embodiment for stating Fig. 2 can also include after step S30:
Step S70 obtains service message to be signed, and read and protect in advance when receiving service message encrypted instruction
There are the master keys in the safety chip;
Step S80 is decrypted the private key ciphertext by the master key, obtains private in the safety chip
Key is in plain text;
Step S90 calculates abstract to the service message to be signed, and by the private key in plain text to being calculated
Message digest is signed, the service message after being signed.
In the present embodiment, it when terminal carries out business transaction using safety chip, is triggered if terminal is received by user
Service message signature command, then obtain service message to be signed first, and read and be pre-stored in the safety chip
Master key be decrypted then in safety chip by private key ciphertext of the master key to preservation, it is bright to obtain private key
Text, specific decipherment algorithm is corresponding with Encryption Algorithm employed in above-mentioned first embodiment, for example, if being added before using AES
Close algorithm for encryption private key, then it is corresponding at this time to use AES encryption algorithm decrypted private key, if private using des encryption algorithm for encryption before
Key, then it is corresponding at this time to use des encryption algorithm decrypted private key;After obtaining private key plaintext, first to service message to be signed
Abstract is calculated, for example operation can be carried out to service message to be signed by hash algorithm, to obtain message digest, then,
It is signed in plain text to the message digest being calculated by private key, thus the service message after being signed, and then should
Service message after signature is sent to other service nodes of digital cash network.Hereby it is achieved that being signed to service message
Name, the service message sent after signed can regard the behavior that user can not deny as.
In the above process, the specific steps for reading the master key being pre-stored in safety chip can refer to the present invention second
Specific steps described in embodiment, do not repeat herein.
The present invention also provides a kind of computer readable storage mediums.
Key protector is stored on computer readable storage medium of the present invention, the key protector is by processor
The step of cryptographic key protection method as described above is realized when execution.
Wherein, the key protector run on the processor, which is performed realized method, can refer to the present invention
The each embodiment of cryptographic key protection method, details are not described herein again.
It should be noted that, in this document, the terms "include", "comprise" or its any other variant are intended to non-row
His property includes, so that the process, method, article or the system that include a series of elements not only include those elements, and
And further include other elements that are not explicitly listed, or further include for this process, method, article or system institute it is intrinsic
Element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that including being somebody's turn to do
There is also other identical elements in the process, method of element, article or system.
The serial number of the above embodiments of the invention is only for description, does not represent the advantages or disadvantages of the embodiments.
Through the above description of the embodiments, those skilled in the art can be understood that above-described embodiment side
Method can be realized by means of software and necessary general hardware platform, naturally it is also possible to by hardware, but in many cases
The former is more preferably embodiment.Based on this understanding, technical solution of the present invention substantially in other words does the prior art
The part contributed out can be embodied in the form of software products, which is stored in one as described above
In storage medium (such as ROM/RAM, magnetic disk, CD), including some instructions are used so that terminal device (it can be mobile phone,
Computer, server, air conditioner or network equipment etc.) execute method described in each embodiment of the present invention.
The above is only a preferred embodiment of the present invention, is not intended to limit the scope of the invention, all to utilize this hair
Equivalent structure or equivalent flow shift made by bright specification and accompanying drawing content is applied directly or indirectly in other relevant skills
Art field, is included within the scope of the present invention.
Claims (10)
1. a kind of cryptographic key protection method, which is characterized in that the cryptographic key protection method is applied to terminal, and the terminal is equipped with peace
Full chip, described method includes following steps:
When receiving unsymmetrical key generation instruction, generated in safety chip according to preset unsymmetrical key generating algorithm
Unsymmetrical key, the unsymmetrical key include private key;
The master key being pre-stored in the safety chip is obtained, by the master key and preset Encryption Algorithm to described
Private key is encrypted, and private key ciphertext is obtained;
The private key ciphertext is stored in the safety chip.
2. cryptographic key protection method as described in claim 1, which is characterized in that the unsymmetrical key that ought receive generates instruction
When, before the step of generating unsymmetrical key in safety chip according to preset unsymmetrical key generating algorithm, further include:
When receiving master key generation instruction, master key of the random number as the safety chip is generated;
The master key is stored in the safety chip.
3. cryptographic key protection method as described in claim 1, which is characterized in that the unsymmetrical key further includes public key, described
After the step that the private key ciphertext is stored in the safety chip, further include:
When receiving the service message by the public key encryption, the master key being pre-stored in the safety chip is read;
In the safety chip, the private key ciphertext is decrypted by the master key, obtains private key in plain text;
By, by the service message of the public key encryption, obtaining corresponding service message in plain text described in the private key plaintext decryption.
4. cryptographic key protection method as claimed in claim 3, which is characterized in that described to receive by the industry of the public key encryption
Be engaged in message when, read be pre-stored in the safety chip master key the step of include:
When receiving the service message by the public key encryption, master key read requests are issued to the safety chip, so that
The safety chip exports the prompt information for prompting user's input validation information;
The check information for receiving user's input, judges whether the check information is identical as preset check information;
If so, reading the master key pre-saved in the safety chip.
5. cryptographic key protection method as claimed in claim 4, which is characterized in that the check information is biological characteristic or access mouth
It enables.
6. cryptographic key protection method as described in claim 1, which is characterized in that described that the private key ciphertext is stored in the peace
After step in full chip, further include:
When receiving service message signature command, service message to be signed is obtained, and read and be pre-stored in the safety
Master key in chip;
In the safety chip, the private key ciphertext is decrypted by the master key, obtains private key in plain text;
Abstract is calculated to the service message to be signed, and the message digest being calculated is carried out in plain text by the private key
Signature, the service message after being signed.
7. such as cryptographic key protection method described in any one of claims 1 to 6, which is characterized in that described preset asymmetric close
Key generating algorithm is RSA cryptographic algorithms.
8. cryptographic key protection method as claimed in claim 7, which is characterized in that the preset Encryption Algorithm is superencipherment mark
Quasi- AES encryption algorithm or DES Cipher Encryption Algorithm.
9. a kind of terminal, which is characterized in that the terminal includes:Safety chip, memory, processor and it is stored in the storage
It is real when the key protector is executed by the processor on device and the key protector that can run on the processor
Now such as the step of cryptographic key protection method described in any item of the claim 1 to 8.
10. a kind of computer readable storage medium, which is characterized in that be stored with key guarantor on the computer readable storage medium
Program is protected, such as cryptographic key protection described in any item of the claim 1 to 8 is realized when the key protector is executed by processor
The step of method.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810537651.2A CN108880791A (en) | 2018-05-30 | 2018-05-30 | Cryptographic key protection method, terminal and computer readable storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810537651.2A CN108880791A (en) | 2018-05-30 | 2018-05-30 | Cryptographic key protection method, terminal and computer readable storage medium |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108880791A true CN108880791A (en) | 2018-11-23 |
Family
ID=64335595
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810537651.2A Pending CN108880791A (en) | 2018-05-30 | 2018-05-30 | Cryptographic key protection method, terminal and computer readable storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108880791A (en) |
Cited By (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109768862A (en) * | 2019-03-12 | 2019-05-17 | 北京深思数盾科技股份有限公司 | A kind of key management method, key call method and cipher machine |
CN109981665A (en) * | 2019-04-01 | 2019-07-05 | 北京纬百科技有限公司 | Resource provider method and device, resource access method and device and system |
CN109995532A (en) * | 2019-04-11 | 2019-07-09 | 晏福平 | A kind of online management method and system of terminal master key |
CN110287736A (en) * | 2019-06-28 | 2019-09-27 | 李璐昆 | A kind of safety mobile terminal system based on safety chip |
CN111901312A (en) * | 2020-07-10 | 2020-11-06 | 山东云海国创云计算装备产业创新中心有限公司 | Method, system, equipment and readable storage medium for network access control |
CN112149176A (en) * | 2020-07-01 | 2020-12-29 | 南京中新赛克科技有限责任公司 | Key access system and method based on EEPROM |
CN112446782A (en) * | 2020-11-26 | 2021-03-05 | 中电金融设备系统(深圳)有限公司 | Method for downloading initial key, computer equipment and storage medium |
CN112989370A (en) * | 2021-02-09 | 2021-06-18 | 腾讯科技(深圳)有限公司 | Secret key filling method, system, device, equipment and storage medium |
CN113179240A (en) * | 2020-09-28 | 2021-07-27 | 深圳华智融科技股份有限公司 | Key protection method, device, equipment and storage medium |
CN114124364A (en) * | 2020-08-27 | 2022-03-01 | 国民技术股份有限公司 | Key security processing method, device, equipment and computer readable storage medium |
CN114244505A (en) * | 2021-12-09 | 2022-03-25 | 武汉天喻信息产业股份有限公司 | Safety communication method based on safety chip |
WO2022126980A1 (en) * | 2020-12-15 | 2022-06-23 | 平安科技(深圳)有限公司 | Data transmission method and apparatus, terminal, and storage medium |
CN115442803A (en) * | 2022-09-01 | 2022-12-06 | 中国联合网络通信集团有限公司 | Information using method, device, equipment and readable storage medium |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105447407A (en) * | 2015-11-11 | 2016-03-30 | 中国建设银行股份有限公司 | Off-line data encryption method and decryption method and corresponding apparatus and system |
CN106301774A (en) * | 2015-05-29 | 2017-01-04 | 联芯科技有限公司 | Safety chip, its encryption key generate method and encryption method |
CN107302436A (en) * | 2017-07-28 | 2017-10-27 | 北京迪曼森科技有限公司 | A kind of USB interface id password key |
CN107332671A (en) * | 2017-08-15 | 2017-11-07 | 鼎讯网络安全技术有限公司 | A kind of safety mobile terminal system and method for secure transactions based on safety chip |
CN107453862A (en) * | 2017-05-15 | 2017-12-08 | 杭州复杂美科技有限公司 | Private key generation storage and the scheme used |
-
2018
- 2018-05-30 CN CN201810537651.2A patent/CN108880791A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106301774A (en) * | 2015-05-29 | 2017-01-04 | 联芯科技有限公司 | Safety chip, its encryption key generate method and encryption method |
CN105447407A (en) * | 2015-11-11 | 2016-03-30 | 中国建设银行股份有限公司 | Off-line data encryption method and decryption method and corresponding apparatus and system |
CN107453862A (en) * | 2017-05-15 | 2017-12-08 | 杭州复杂美科技有限公司 | Private key generation storage and the scheme used |
CN107302436A (en) * | 2017-07-28 | 2017-10-27 | 北京迪曼森科技有限公司 | A kind of USB interface id password key |
CN107332671A (en) * | 2017-08-15 | 2017-11-07 | 鼎讯网络安全技术有限公司 | A kind of safety mobile terminal system and method for secure transactions based on safety chip |
Cited By (19)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109768862B (en) * | 2019-03-12 | 2019-11-22 | 北京深思数盾科技股份有限公司 | A kind of key management method, key call method and cipher machine |
CN109768862A (en) * | 2019-03-12 | 2019-05-17 | 北京深思数盾科技股份有限公司 | A kind of key management method, key call method and cipher machine |
CN109981665A (en) * | 2019-04-01 | 2019-07-05 | 北京纬百科技有限公司 | Resource provider method and device, resource access method and device and system |
CN109981665B (en) * | 2019-04-01 | 2020-05-26 | 北京纬百科技有限公司 | Resource providing method and device, and resource access method, device and system |
CN109995532A (en) * | 2019-04-11 | 2019-07-09 | 晏福平 | A kind of online management method and system of terminal master key |
CN110287736A (en) * | 2019-06-28 | 2019-09-27 | 李璐昆 | A kind of safety mobile terminal system based on safety chip |
CN112149176A (en) * | 2020-07-01 | 2020-12-29 | 南京中新赛克科技有限责任公司 | Key access system and method based on EEPROM |
CN111901312A (en) * | 2020-07-10 | 2020-11-06 | 山东云海国创云计算装备产业创新中心有限公司 | Method, system, equipment and readable storage medium for network access control |
CN114124364A (en) * | 2020-08-27 | 2022-03-01 | 国民技术股份有限公司 | Key security processing method, device, equipment and computer readable storage medium |
CN114124364B (en) * | 2020-08-27 | 2024-05-24 | 国民技术股份有限公司 | Key security processing method, device, equipment and computer readable storage medium |
CN113179240A (en) * | 2020-09-28 | 2021-07-27 | 深圳华智融科技股份有限公司 | Key protection method, device, equipment and storage medium |
CN112446782A (en) * | 2020-11-26 | 2021-03-05 | 中电金融设备系统(深圳)有限公司 | Method for downloading initial key, computer equipment and storage medium |
CN112446782B (en) * | 2020-11-26 | 2024-07-26 | 中电金融设备系统(深圳)有限公司 | Method for downloading initial key, computer equipment and storage medium |
WO2022126980A1 (en) * | 2020-12-15 | 2022-06-23 | 平安科技(深圳)有限公司 | Data transmission method and apparatus, terminal, and storage medium |
CN112989370B (en) * | 2021-02-09 | 2023-06-30 | 腾讯科技(深圳)有限公司 | Key filling method, system, device, equipment and storage medium |
CN112989370A (en) * | 2021-02-09 | 2021-06-18 | 腾讯科技(深圳)有限公司 | Secret key filling method, system, device, equipment and storage medium |
CN114244505A (en) * | 2021-12-09 | 2022-03-25 | 武汉天喻信息产业股份有限公司 | Safety communication method based on safety chip |
CN114244505B (en) * | 2021-12-09 | 2024-02-20 | 武汉天喻信息产业股份有限公司 | Safety communication method based on safety chip |
CN115442803A (en) * | 2022-09-01 | 2022-12-06 | 中国联合网络通信集团有限公司 | Information using method, device, equipment and readable storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108880791A (en) | Cryptographic key protection method, terminal and computer readable storage medium | |
US11238139B2 (en) | Methods for securely storing sensitive data on mobile device | |
US10491379B2 (en) | System, device, and method of secure entry and handling of passwords | |
US12067553B2 (en) | Methods for locating an antenna within an electronic device | |
EP3241335B1 (en) | Method and apparatus for securing a mobile application | |
JP6374119B2 (en) | Security protocol for integrated near field communication infrastructure | |
US8656455B1 (en) | Managing data loss prevention policies | |
WO2016115889A1 (en) | Method and system for controlling encryption of information and analyzing information as well as terminal | |
KR20030057565A (en) | Anti-spoofing password protection | |
JP2008269610A (en) | Protecting sensitive data intended for remote application | |
JP2011513839A (en) | System and method for conducting wireless money transactions | |
TW201248409A (en) | Security architecture for using host memory in the design of a secure element | |
US10395232B2 (en) | Methods for enabling mobile payments | |
EP2182457A1 (en) | Dynamic PIN verification for insecure environment | |
JP2011165102A (en) | Biometrics authentication system and portable terminal | |
CN110999254A (en) | Securely performing cryptographic operations | |
WO2016184087A1 (en) | Method and system for transmitting information inter-device, source terminal and storage medium | |
TWM569453U (en) | Digital data processing system | |
TWI672653B (en) | Digital data encryption method, digital data decryption method and digital data processing system | |
JP2024516833A (en) | Systems and methods for intertwined authentication of biosensors and biosensor outputs - Patents.com |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20181123 |
|
RJ01 | Rejection of invention patent application after publication |