CN109245900B - A kind of grade super microcomputer safety interacting method and system - Google Patents
A kind of grade super microcomputer safety interacting method and system Download PDFInfo
- Publication number
- CN109245900B CN109245900B CN201811073639.7A CN201811073639A CN109245900B CN 109245900 B CN109245900 B CN 109245900B CN 201811073639 A CN201811073639 A CN 201811073639A CN 109245900 B CN109245900 B CN 109245900B
- Authority
- CN
- China
- Prior art keywords
- key
- certificate
- private key
- abstract
- signature
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 53
- 230000005540 biological transmission Effects 0.000 claims abstract description 28
- 230000002452 interceptive effect Effects 0.000 claims description 12
- 235000013399 edible fruits Nutrition 0.000 claims description 3
- 238000000605 extraction Methods 0.000 claims description 3
- 239000000284 extract Substances 0.000 claims description 2
- 230000006854 communication Effects 0.000 abstract description 18
- 238000004891 communication Methods 0.000 abstract description 14
- 238000004364 calculation method Methods 0.000 description 3
- 230000002708 enhancing effect Effects 0.000 description 3
- 238000010276 construction Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 239000004065 semiconductor Substances 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 238000003860 storage Methods 0.000 description 2
- 238000012795 verification Methods 0.000 description 2
- 230000001419 dependent effect Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000002360 preparation method Methods 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
- H04L9/3268—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0631—Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of grade super microcomputer safety interacting method and systems.The safety interacting method includes: the first private key and First Certificate for obtaining super microcomputer;The super microcomputer is grade super microcomputer;Judge whether signature mechanism is credible, if so, extracting the first public key of the super microcomputer according to the First Certificate, and generates the second private key and the second certificate;The second public key is extracted according to second certificate;The first shared code key is generated according to first public key and second private key;It is encrypted according to the described first shared secret key pair transmission information, determines encryption information;The second shared code key is generated according to first private key and second public key;It is decrypted, is determined in plain text according to encryption information described in the described first shared code key and the second shared secret key pair.It can be improved the safety of information communication using safety interacting method provided by the present invention and system.
Description
Technical field
The present invention relates to field of communication security, more particularly to a kind of grade super microcomputer safety interacting method and
System.
Background technique
In existing radio frequency identification and the means of communication, the side of being read all is read-only chip (such as RF identification chip
(Radio Frequency Identification, RFID)), do not have the ability that dynamic calculates;At present these chips in order to
The safety for enhancing radio frequency communication process, typically presets hardware encryption algorithm, and be stored in advance needed for encryption
Code key, in the chips, in order to enhance safety, some manufacturers can be deposited code key using the unclonable technology of physics for storage
Storage.But since card reader and code key needed for chip communication never change, code key is still suffered from by Brute Force
Risk, safety are extremely low.
Summary of the invention
The object of the present invention is to provide a kind of grade super microcomputer safety interacting method and systems, to solve to communicate
Required private key is constantly in static state, exists by the risk of Brute Force, the low problem of safety.
To achieve the above object, the present invention provides following schemes:
A kind of grade super microcomputer safety interacting method, comprising:
Obtain the first private key and First Certificate of super microcomputer;The private key and the certificate are described super for identifying
Microcomputer;The First Certificate is issued after being signed by signature mechanism;The super microcomputer is grade superminiature meter
Calculation machine;
Judge whether the signature mechanism is credible, obtains the first judging result;
If the signature mechanism that first judging result is expressed as the First Certificate is credible, mentioned according to the First Certificate
The first public key of the super microcomputer is taken, and generates the second private key and the second certificate;
The second public key is extracted according to second certificate;
The first shared code key is generated according to first public key and second private key;
It is encrypted according to the described first shared secret key pair transmission information, determines encryption information;
The second shared code key is generated according to first private key and second public key;
It is decrypted, is determined bright according to encryption information described in the described first shared code key and the second shared secret key pair
Text.
Optionally, described to be encrypted according to the described first shared secret key pair transmission information, determine encryption information, it is specific to wrap
It includes:
According to the described first shared code key, transmission information is encrypted using symmetric encipherment algorithm, determines encryption information.
Optionally, the encryption information according to the described first shared code key and the second shared secret key pair carries out
Decryption, after determining plaintext, further includes:
Judge whether second certificate is credible, obtains the second judging result;
If it is credible that second judging result is expressed as second certificate, according to first private key and described second
Private key verifies the plaintext;
If the second judging result table is that second certificate is insincere, abstract letter is determined according to the transmission information
Breath;
The plaintext is verified according to first private key, second private key and the summary info.
Optionally, described that the plaintext is verified according to first private key and second private key, it is specific to wrap
It includes:
It is signed according to first private key to the plaintext, generates the first signature digest pair;First signature digest pair
Including the first signature and the first abstract;
According to second private key to the transmission Information Signature, the second signature digest pair is generated;Second signature is plucked
It will be to including the second signature and the second abstract;
Judge whether first abstract and second abstract are identical, obtain third judging result;
If the third judging result is expressed as first abstract and second abstract is identical, by verifying, really
The fixed plaintext is correct.
Optionally, described that the plaintext is tested according to first private key, the second private key and the summary info
Card, specifically includes:
Judge whether first abstract, second abstract and the summary info are identical, obtains the 4th judgement knot
Fruit;
If the 4th judging result is expressed as first abstract, second abstract and the summary info phase
Together, by verifying, determine that the plaintext is correct.
A kind of grade super microcomputer secure interactive system, comprising:
First private key and First Certificate obtain module, for obtaining the first private key and the first card of super microcomputer
Book;The private key and the certificate are for identifying the super microcomputer;The First Certificate is issued after being signed by signature mechanism
Hair;The super microcomputer is grade super microcomputer;
First judgment module obtains the first judging result for judging whether the signature mechanism is credible;
Second private key and the second certificates constructing module, if being expressed as the First Certificate for first judging result
Signature mechanism it is credible, extract the first public key of the super microcomputer according to the First Certificate, and generate the second private key
And second certificate;
Second public key extraction module, for extracting the second public key according to second certificate;
First shared code key generation module, it is shared for generating first according to first public key and second private key
Code key;
Encryption information determining module determines encryption for being encrypted according to the described first shared secret key pair transmission information
Information;
Second shared code key generation module, it is shared for generating second according to first private key and second public key
Code key;
Plaintext determining module, for encrypting letter according to the described first shared code key and the second shared secret key pair
Breath is decrypted, and determines in plain text.
Optionally, the encryption information determining module specifically includes:
Encryption information determination unit is used for according to the described first shared code key, using symmetric encipherment algorithm to transmission information
It is encrypted, determines encryption information.
Optionally, further includes:
Second judgment module, for judging whether second certificate is credible, obtains the second judging result;
First authentication module, if it is credible to be expressed as second certificate for second judging result, according to described
One private key and second private key verify the plaintext;
Summary info determining module, if being that second certificate is insincere for the second judging result table, according to institute
It states transmission information and determines summary info;
Second authentication module is used for according to first private key, second private key and the summary info to described
It is verified in plain text.
Optionally, first authentication module specifically includes:
First signature digest generates the first label for signing according to first private key to the plaintext to generation unit
Name abstract pair;First signature digest is to including the first signature and the first abstract;
Second signature digest is to generation unit, for the transmission Information Signature, generating the according to second private key
Two signature digests pair;Second signature digest is to including the second signature and the second abstract;
Third judging unit, for judging whether first abstract and second abstract are identical, obtain third and sentence
Disconnected result;
First authentication unit, if being expressed as first abstract and second abstract for the third judging result
It is identical, by verifying, determine that the plaintext is correct.
Optionally, second authentication module specifically includes:
4th judging unit, for judge it is described first abstract, it is described second abstract and the summary info whether phase
Together, the 4th judging result is obtained;
Second authentication unit, if for the 4th judging result be expressed as it is described first abstract, it is described second abstract with
And the summary info is identical, by verifying, determines that the plaintext is correct.
The specific embodiment provided according to the present invention, the invention discloses following technical effects: the invention proposes one kind
Grade super microcomputer safety interacting method and system, using the estimated performance of super microcomputer, in each communication
Dynamic generation private key and certificate, private key and certificate dynamically change, so that dynamic generation shares code key, according to dynamic
Shared code key is communicated, and is avoided private key provided by existing interactive mode and is constantly in static state so that breaking in the presence of by violence
The risk of solution, to improve the safety of communication information transmission.
Detailed description of the invention
It in order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, below will be to institute in embodiment
Attached drawing to be used is needed to be briefly described, it should be apparent that, the accompanying drawings in the following description is only some implementations of the invention
Example, for those of ordinary skill in the art, without any creative labor, can also be according to these attached drawings
Obtain other attached drawings.
Fig. 1 is grade super microcomputer safety interacting method flow chart provided by the present invention;
Fig. 2 is grade super microcomputer secure interactive system construction drawing provided by the present invention;
Fig. 3 is grade super microcomputer secure interactive flow chart provided by the present invention.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on
Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other
Embodiment shall fall within the protection scope of the present invention.
The object of the present invention is to provide a kind of grade super microcomputer safety interacting method and systems, can be improved letter
The safety of message communication.
In order to make the foregoing objectives, features and advantages of the present invention clearer and more comprehensible, with reference to the accompanying drawing and specific real
Applying mode, the present invention is described in further detail.
Fig. 1 is grade super microcomputer safety interacting method flow chart provided by the present invention, as shown in Figure 1, one
Kind grade super microcomputer safety interacting method, the safety interacting method are applied to grade super microcomputer, nothing
The super microcomputer of line radio-frequency enabled is based on Ge Luofangde semiconductor limited liability company (Global Foundry) or platform product
The system on chip (SOC) of electric (TSMC) sophisticated semiconductor manufacturing process (7nm or 14nm);Comprising the logical energy of radio frequency communication, lead to
News frequency rate is set as between 2.4GHz~5.8GHz, and effective communication distance is designed as within 5cm;It deposits comprising physics is unclonable
Store up module.Super microcomputer security procedure realizes that the shared code key generating algorithm of asymmetric code key (can be used based on oval bent
The Diffie-Hellman algorithm of line) and signature algorithm (usable ellipse curve signature algorithm), and the decryption of symmetrical code key
Algorithm (the Encryption Algorithm AES that enhancing can be used);It reads data security procedure and realizes that the generation of asymmetric code key (can be used oval bent
Line code key generating algorithm), shared code key generates and signature algorithm is (with the signature algorithm phase in super microcomputer security procedure
Together), and the Encryption Algorithm of symmetrical code key (the Encryption Algorithm AES that enhancing can be used);Anti-tamper proving program realizes that number is plucked
Want algorithm, signature verification algorithm;The safety interacting method includes:
Step 101: obtaining the first private key and First Certificate of super microcomputer;The private key and the certificate are for marking
Know the super microcomputer;The First Certificate is issued after being signed by signature mechanism;The super microcomputer is grade
Super microcomputer.
In super microcomputer initialization, the first private key (Priv1) and the first card are generated for super microcomputer in advance
Book (Cert1), certificate are issued after being signed by trust authority, in order to prevent the first private key (Priv1) and First Certificate (Cert1) quilt
Improper mode is stolen and is modified, and needs the first private key (Priv1) and First Certificate (Cert1) being stored in physics unclonable
Memory module in, this step, which is realized, is initialized the private key and certificate of super microcomputer, for identifying more than miniature calculating
The unique identities of machine, and ensure that two files can not be forged and be distorted by Encryption Algorithm.
By including the unclonable memory module of physics in super microcomputer, by the first private key (Priv1) and first
Certificate (Cert1) is stored in the unclonable memory module of physics, is guaranteed that information can not be stolen, distort, is further ensured that
Super microcomputer is believable.
Communication for super microcomputer is triggered by external wireless radio-frequency card reader, when communication, by reading data safety journey
Sequence is initiated to read the request of First Certificate (Cert1) first to super microcomputer.
Step 102: judging whether the signature mechanism is credible, if so, executing step 103, execute step 109 if not.
First Certificate (Cert1) is sent to and reads data security procedure by super microcomputer, reads data security procedure first
Whether the mechanism for verifying the signature in First Certificate (Cert1) is credible, if credible, goes to next step, such as insincere, leads to
News terminate.This step reads data security procedure for confirming superminiature dependent on the First Certificate (Cert1) stored in step 1
Whether computer is credible.
Step 103: extracting the first public key of the super microcomputer according to the First Certificate, and generate the second private key
And second certificate.
Step 104: the second public key is extracted according to second certificate.
Step 105: the first shared code key is generated according to first public key and second private key.
Step 106: being encrypted according to the described first shared secret key pair transmission information, determine encryption information.
It reads data security procedure and generates the first private key of another pair (Priv2) and the second certificate (Cert2), and with superminiature meter
The public key (extracting from First Certificate (Cert1)) of calculation machine and the first private key (Priv2) generation one first generated are shared secret
Key (SharedKey1) then will want that the transmission information (M1) sent is added using the first shared code key (SharedKey1)
Close, the Encryption Algorithm used is symmetric encipherment algorithm (such as AES), reads data security procedure and needs to record (Priv2, Cert2).This
Step when being communicated every time, dynamic generation the first private key (Priv2) and the second certificate (Cert2), utmostly to protect
Demonstrate,prove the safety of subsequent step communication.
Guarantee to be safe in the communication process for reading data security procedure and super microcomputer, saboteur's program can not be
After intercepting messages, message is distorted, because the encryption code key of message is not transmitted, and implementing that key cracks can not be short
It is completed in time, therefore message can not be distorted.
Data security procedure is read by encrypted encryption information (M1-1), the second certificate (Cert2) issues superminiature simultaneously
PC Secure, this process are safe to guarantee to read the communication process of data security procedure and super microcomputer.
This step is used to guarantee that the information of transmission to be encryption.
Step 107: the second shared code key is generated according to first private key and second public key.
After super microcomputer security procedure gets encryption information (M1-1) and the second certificate (Cert2), first is used
Private key (Priv1) and client public key (obtaining from client certificate Cert2) generate the second shared code key (SharedKey2),
Here SharedKey1 and SharedKey2 is identical, and super microcomputer security procedure is calculated using identical symmetrical encryption and decryption at this time
Method is decrypted the ciphertext (M1-1) got and obtains in plain text (M2).With " read data security procedure for encrypted encryption
Information (M1-1), the second certificate (Cert2) issue super microcomputer security procedure simultaneously " the step for common guarantee information
Decryption code key without transmission, the Diffie-Hellman algorithm based on elliptic curve ensure that the key of communication two party is identical simultaneously
And without passing through transmission.
Step 108: being solved according to encryption information described in the described first shared code key and the second shared secret key pair
It is close, it determines in plain text.
Step 109: terminating communication.
Super microcomputer security procedure gets the information in certificate simultaneously from the second certificate of client (Cert2),
Then it is signed using the first private key (Priv1) to (M2) in plain text, generates the first signature digest to (S1, D1), and be sent to reading
Data safety program.The signature and abstract that this step generates verify (S1, D1) for reading data security procedure, to confirm ultra micro
The information that type computer is sent is not tampered with or forges.
It reads data security procedure to sign to transmission information (M1) with the first private key (Priv2) of oneself, generates the second label
Name abstract is to (S2, D2), while by (S1, D1), and (S2, D2), M1 is sent to anti-tamper proving program, wherein whether sending M1 is
Optionally, if do not sent M1, show that data security procedure is read be that default is believable, it is on the contrary then M1 should be sent
Anti-tamper proving program is in verifying, it is necessary first to get the public key of super microcomputer (from First Certificate
(Cert1) obtained in), whether and it is credible to verify the signature in Cert1, such as credible, it was demonstrated that super microcomputer be it is believable, this
When (S1, D1) can be verified, if the verification passes, information (M2) is true before explanation;Such as get M1, then it is right
M1 is made a summary to obtain D3, compares D1, D2, D3, is otherwise compared D1 and D2 if comparing result is identical and is illustrated superminiature meter
Calculation machine and the information for reading data security procedure signature are identical and believable, on the contrary then authentication faileds.Anti-tamper proving program is used
Be consistent and believable in the data for verifying all communication process, that is, can guarantee super microcomputer be it is believable, simultaneously
Read data security procedure be also it is believable, to guarantee the integrality and reliability of initial data.
If it is considered to reading data security procedure may do evil, that is, sends false message and signs to super microcomputer,
It then needs to read the message M1 that data security procedure is claimed and is sent to anti-tamper proving program, it is anti-tamper to test in this way by step 9
Program is demonstrate,proved after the certificate (Cert1) for getting super microcomputer, that is, can verify that reading the message that data security procedure is sent is
It is no consistent with message that is claiming.
Fig. 2 is grade super microcomputer secure interactive system construction drawing provided by the present invention, as shown in Fig. 2, one
Kind grade super microcomputer secure interactive system, comprising:
First private key and First Certificate obtain module 201, for obtaining the first private key and first of super microcomputer
Certificate;The private key and the certificate are for identifying the super microcomputer;After the First Certificate is signed by signature mechanism
It issues;The super microcomputer is grade super microcomputer;
First judgment module 202 obtains the first judging result for judging whether the signature mechanism is credible;
Second private key and the second certificates constructing module 203, if being expressed as described first for first judging result
The signature mechanism of certificate is credible, the first public key of the super microcomputer is extracted according to the First Certificate, and generate second
Private key and the second certificate;
Second public key extraction module 204, for extracting the second public key according to second certificate;
First shared code key generation module 205, for generating first according to first public key and second private key
Shared code key;
Encryption information determining module 206 determines and adds for being encrypted according to the described first shared secret key pair transmission information
Confidential information;
The encryption information determining module 206 specifically includes: encryption information determination unit, for shared according to described first
Code key encrypts transmission information using symmetric encipherment algorithm, determines encryption information.
Second shared code key generation module 207, for generating second according to first private key and second public key
Shared code key;
Plaintext determining module 208, for adding according to the described first shared code key and the second shared secret key pair
Confidential information is decrypted, and determines in plain text.
The secure interactive system further include: the second judgment module, for judging whether second certificate is credible, obtains
Second judging result;First authentication module, if it is credible to be expressed as second certificate for second judging result, according to institute
It states the first private key and second private key verifies the plaintext;Summary info determining module, if being used for described second
Judging result table is that second certificate is insincere, determines summary info according to the transmission information;Second authentication module, is used for
The plaintext is verified according to first private key, second private key and the summary info.
Wherein, first authentication module specifically includes: the first signature digest is to generation unit, for according to described first
Private key signs to the plaintext, generates the first signature digest pair;First signature digest is to including the first signature and first
Abstract;Second signature digest is to generation unit, for, to the transmission Information Signature, generating the second label according to second private key
Name abstract pair;Second signature digest is to including the second signature and the second abstract;Third judging unit, it is described for judging
Whether the first abstract and second abstract are identical, obtain third judging result;First authentication unit, if being used for the third
Judging result is expressed as first abstract and second abstract is identical, by verifying, determines that the plaintext is correct.
Second authentication module specifically includes: the 4th judging unit, for judging that first abstract, described second are plucked
It wants and whether the summary info is identical, obtain the 4th judging result;Second authentication unit, if for the 4th judgement knot
Fruit be expressed as it is described first abstract, it is described second abstract and the summary info it is identical, by verifying, determining the plaintext just
Really.
Fig. 3 is grade super microcomputer secure interactive flow chart provided by the present invention, as shown in figure 3, using this
Grade super microcomputer safety interacting method provided by inventing and system are able to verify that whether super microcomputer is credible,
Read whether data security procedure is credible, whether the message M1 that reading data security procedure is claimed is credible, to guarantee that process of exchange is peace
It is complete believable.
Each embodiment in this specification is described in a progressive manner, the highlights of each of the examples are with other
The difference of embodiment, the same or similar parts in each embodiment may refer to each other.For system disclosed in embodiment
For, since it is corresponded to the methods disclosed in the examples, so being described relatively simple, related place is said referring to method part
It is bright.
Used herein a specific example illustrates the principle and implementation of the invention, and above embodiments are said
It is bright to be merely used to help understand method and its core concept of the invention;At the same time, for those skilled in the art, foundation
Thought of the invention, there will be changes in the specific implementation manner and application range.In conclusion the content of the present specification is not
It is interpreted as limitation of the present invention.
Claims (8)
1. a kind of grade super microcomputer safety interacting method characterized by comprising
Obtain the first private key and First Certificate of super microcomputer;The private key and the certificate are for identifying the superminiature
Computer;The First Certificate is issued after being signed by signature mechanism;The super microcomputer is grade super microcomputer;
Judge whether the signature mechanism is credible, obtains the first judging result;
If the signature mechanism that first judging result is expressed as the First Certificate is credible, institute is extracted according to the First Certificate
The first public key of super microcomputer is stated, and generates the second private key and the second certificate;
The second public key is extracted according to second certificate;
The first shared code key is generated according to first public key and second private key;
It is encrypted according to the described first shared secret key pair transmission information, determines encryption information;
The second shared code key is generated according to first private key and second public key;
It is decrypted, is determined in plain text according to encryption information described in the described first shared code key and the second shared secret key pair;
Judge whether second certificate is credible, obtains the second judging result;
If it is credible that second judging result is expressed as second certificate, according to first private key and second private key
The plaintext is verified;
If the second judging result table is that second certificate is insincere, summary info is determined according to the transmission information;
The plaintext is verified according to first private key, second private key and the summary info.
2. safety interacting method according to claim 1, which is characterized in that described to be passed according to the described first shared secret key pair
Defeated information is encrypted, and determines encryption information, is specifically included:
According to the described first shared code key, transmission information is encrypted using symmetric encipherment algorithm, determines encryption information.
3. safety interacting method according to claim 1, which is characterized in that described according to first private key and described
Second private key verifies the plaintext, specifically includes:
It is signed according to first private key to the plaintext, generates the first signature digest pair;First signature digest is to including
First signature and the first abstract;
According to second private key to the transmission Information Signature, the second signature digest pair is generated;Second signature digest pair
Including the second signature and the second abstract;
Judge whether first abstract and second abstract are identical, obtain third judging result;
If the third judging result is expressed as first abstract and second abstract is identical, by verifying, institute is determined
It states clearly literary correct.
4. safety interacting method according to claim 3, which is characterized in that described according to first private key, the second private
Key and the summary info verify the plaintext, specifically include:
Judge whether first abstract, second abstract and the summary info are identical, obtain the 4th judging result;
If it is identical that the 4th judging result is expressed as first abstract, second abstract and the summary info, lead to
Verifying is crossed, determines that the plaintext is correct.
5. a kind of grade super microcomputer secure interactive system characterized by comprising
First private key and First Certificate obtain module, for obtaining the first private key and First Certificate of super microcomputer;Institute
Private key and the certificate are stated for identifying the super microcomputer;The First Certificate is issued after being signed by signature mechanism;Institute
Stating super microcomputer is grade super microcomputer;
First judgment module obtains the first judging result for judging whether the signature mechanism is credible;
Second private key and the second certificates constructing module, if being expressed as the label of the First Certificate for first judging result
Name mechanism is credible, extracts the first public key of the super microcomputer according to the First Certificate, and generate the second private key and
Second certificate;
Second public key extraction module, for extracting the second public key according to second certificate;
First shared code key generation module, it is secret for being shared according to first public key and second private key generation first
Key;
Encryption information determining module determines encryption information for being encrypted according to the described first shared secret key pair transmission information;
Second shared code key generation module, it is secret for being shared according to first private key and second public key generation second
Key;
Plaintext determining module, for the encryption information according to the described first shared code key and the second shared secret key pair into
Row decryption, determines in plain text;
Second judgment module, for judging whether second certificate is credible, obtains the second judging result;
First authentication module, it is private according to described first if it is credible to be expressed as second certificate for second judging result
Key and second private key verify the plaintext;
Summary info determining module, if being that second certificate is insincere for the second judging result table, according to the biography
Defeated information determines summary info;
Second authentication module is used for according to first private key, second private key and the summary info to the plaintext
It is verified.
6. secure interactive system according to claim 5, which is characterized in that the encryption information determining module is specifically wrapped
It includes:
Encryption information determination unit, for being carried out to transmission information using symmetric encipherment algorithm according to the described first shared code key
Encryption, determines encryption information.
7. secure interactive system according to claim 5, which is characterized in that first authentication module specifically includes:
First signature digest generates the first signature and plucks to generation unit for being signed according to first private key to the plaintext
It is right;First signature digest is to including the first signature and the first abstract;
Second signature digest is to generation unit, for, to the transmission Information Signature, generating the second label according to second private key
Name abstract pair;Second signature digest is to including the second signature and the second abstract;
Third judging unit, for judging whether first abstract and second abstract are identical, obtain third judgement knot
Fruit;
First authentication unit, if being expressed as first abstract and the second abstract phase for the third judging result
Together, by verifying, determine that the plaintext is correct.
8. secure interactive system according to claim 7, which is characterized in that second authentication module specifically includes:
4th judging unit, for judging whether first abstract, second abstract and the summary info are identical, obtain
To the 4th judging result;
Second authentication unit, if being expressed as first abstract, second abstract and institute for the 4th judging result
It is identical to state summary info, by verifying, determines that the plaintext is correct.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811073639.7A CN109245900B (en) | 2018-09-14 | 2018-09-14 | A kind of grade super microcomputer safety interacting method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811073639.7A CN109245900B (en) | 2018-09-14 | 2018-09-14 | A kind of grade super microcomputer safety interacting method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109245900A CN109245900A (en) | 2019-01-18 |
| CN109245900B true CN109245900B (en) | 2019-07-16 |
Family
ID=65058736
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811073639.7A Active CN109245900B (en) | 2018-09-14 | 2018-09-14 | A kind of grade super microcomputer safety interacting method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109245900B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2023230975A1 (en) * | 2022-06-02 | 2023-12-07 | Oppo广东移动通信有限公司 | Method and apparatus for establishing interoperation channel, and chip and storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102625939A (en) * | 2009-07-10 | 2012-08-01 | 塞尔蒂卡姆公司 | System and method for managing electronic assets |
| CN106797311A (en) * | 2014-08-29 | 2017-05-31 | 维萨国际服务协会 | For the method for security password generation |
| CN107210914A (en) * | 2015-01-27 | 2017-09-26 | 维萨国际服务协会 | The method supplied for security credence |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR102558361B1 (en) * | 2015-04-13 | 2023-07-21 | 삼성전자주식회사 | Techniques for managing profiles in communication systems |
-
2018
- 2018-09-14 CN CN201811073639.7A patent/CN109245900B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102625939A (en) * | 2009-07-10 | 2012-08-01 | 塞尔蒂卡姆公司 | System and method for managing electronic assets |
| CN106797311A (en) * | 2014-08-29 | 2017-05-31 | 维萨国际服务协会 | For the method for security password generation |
| CN107210914A (en) * | 2015-01-27 | 2017-09-26 | 维萨国际服务协会 | The method supplied for security credence |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109245900A (en) | 2019-01-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106789018B (en) | Secret key remote acquisition methods and device | |
| CN106656510B (en) | A kind of encryption key acquisition methods and system | |
| US20200106600A1 (en) | Progressive key encryption algorithm | |
| CN107896147B (en) | Method and system for negotiating temporary session key based on national cryptographic algorithm | |
| CN107248075B (en) | Method and device for realizing bidirectional authentication and transaction of intelligent key equipment | |
| CN109309565A (en) | A kind of method and device of safety certification | |
| CA2432269C (en) | Encryption communication apparatus | |
| US10044684B2 (en) | Server for authenticating smart chip and method thereof | |
| CN103248491B (en) | A kind of backup method of electronic signature token private key and system | |
| CN107104795B (en) | Method, framework and system for injecting RSA key pair and certificate | |
| CN114172740B (en) | Distribution network certificate verification-based distribution network security access method | |
| Avoine et al. | A survey of security and privacy issues in ePassport protocols | |
| CN114692218A (en) | Electronic signature method, equipment and system for individual user | |
| JP2009272671A (en) | Secret authentication system | |
| CN109245900B (en) | A kind of grade super microcomputer safety interacting method and system | |
| WO2014173233A1 (en) | Information processing method and deciphering apparatus | |
| JP4541740B2 (en) | Authentication key update system and authentication key update method | |
| CN113285950B (en) | Encryption card-based key transmission and storage method | |
| CN113592484B (en) | Account opening method, system and device | |
| CN106027474A (en) | Identity card reading terminal in identity card authentication system | |
| CN108242997B (en) | Method and apparatus for secure communication | |
| KR100649858B1 (en) | System and method for issuing and authenticating of payphone smart card | |
| Cheng et al. | Security enhancement of an IC-card-based remote login mechanism | |
| CN116248280B (en) | Anti-theft method for security module without key issue, security module and device | |
| CN117478404B (en) | Vulnerability detection-based data security treatment method, system and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20211223 Address after: 25 / F, Pangu grand view, No. 27, Middle North Fourth Ring Road, Chaoyang District, Beijing 100101 Patentee after: IBM (CHINA) INVESTMENT CO.,LTD. Address before: No. c-1103-041, 10th floor, building 1, 18 Zhongguancun East Road, Haidian District, Beijing Patentee before: BEIJING CHAINEDTRUST TECHNOLOGY Co.,Ltd. |
|
| TR01 | Transfer of patent right | ||
| CP02 | Change in the address of a patent holder |
Address after: Unit 02, 12th Floor, 501, Building 3, Yard 20, Jinhe East Road, Chaoyang District, Beijing, 100020 Patentee after: IBM (CHINA) INVESTMENT CO.,LTD. Address before: 25 / F, Pangu grand view, No. 27, Middle North Fourth Ring Road, Chaoyang District, Beijing 100101 Patentee before: IBM (CHINA) INVESTMENT CO.,LTD. |
|
| CP02 | Change in the address of a patent holder | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20231215 Address after: New York grams of Armand Patentee after: International Business Machines Corp. Address before: Unit 02, 12th Floor, 501, Building 3, Yard 20, Jinhe East Road, Chaoyang District, Beijing, 100020 Patentee before: IBM (CHINA) INVESTMENT CO.,LTD. |
|
| TR01 | Transfer of patent right |