CN109948375A - A kind of verification method and encryption equipment of encryption lock - Google Patents
A kind of verification method and encryption equipment of encryption lock Download PDFInfo
- Publication number
- CN109948375A CN109948375A CN201910217347.4A CN201910217347A CN109948375A CN 109948375 A CN109948375 A CN 109948375A CN 201910217347 A CN201910217347 A CN 201910217347A CN 109948375 A CN109948375 A CN 109948375A
- Authority
- CN
- China
- Prior art keywords
- cloud
- verification
- encryption
- data packet
- encryption lock
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of verification method of encryption lock and encryption equipments, this method comprises: driving encryption lock carries out packaging operation to the core data in lock, generate verification data packet, wherein the check number includes parameter to be verified according to packet;The encryption lock is driven to be digitally signed using the encryption lock private key of its storage to the verification data packet;The verification data packet is sent to cloud, so that the verification data packet is verified using the verify data prestored in the cloud.Whether this method can accurately examine the core data being connected in the encryption lock on encryption equipment using cloud, kept fit state with verifying encryption lock, to guarantee that the encryption lock that user uses is in health status.
Description
Technical field
The present invention relates to the information security field of electronic equipment, in particular to the verification method of a kind of encryption lock and encryption
Machine.
Background technique
The safety chip of encryption lock is being more than service life or compared with extreme environment (such as humidity or temperature excessively high), by
In the electrical characteristic of hardware, it may result in the data stored in encryption lock and be damaged, particularly, if it is belonging to core number
According to business cipher key or kind subcode be damaged, then when encryption lock (such as administrator lock) is used to execution task, user will be given
Bring certain puzzlement even economic loss.For example, copying the industry in the new encryption equipment come when executing key recovery operation
Mistake may occur for business key, bring damage to user.
Summary of the invention
The verification method and encryption equipment for being designed to provide a kind of encryption lock of the embodiment of the present invention, this method can be to adding
Whether the core data in close lock is tested, kept fit state with verifying encryption lock, to guarantee encryption lock that user uses
In health status.
In order to solve the above-mentioned technical problem, embodiments herein adopts the technical scheme that a kind of testing for encryption lock
Card method, comprising:
It drives encryption lock to carry out packaging operation to the core data in lock, verification data packet is generated, wherein the check number
It include parameter to be verified according to packet;
The encryption lock is driven to be digitally signed using the encryption lock private key of its storage to the verification data packet;
The verification data packet after signature is sent to cloud, so that the cloud is using the verify data prestored to institute
Verification data packet is stated to be verified.
Preferably, the verify data includes encryption lock public key certificate corresponding with the encryption lock private key, it is described
The verification data packet after signature is sent to cloud, so that the cloud is using the verify data prestored to the check number
Carrying out verifying according to packet includes:
The verification data packet with digital signature is sent to the cloud, so that the cloud utilizes the institute prestored
It states encryption lock public key certificate and signature verification is carried out to the digital signature.
Preferably, the method also includes:
When the signature verification is obstructed out-of-date, the signature verification failure information of the cloud feedback is received, wherein the label
Signature verification described in name authentication failed information representation does not pass through and has abandoned the verification data packet.
Preferably, the method also includes:
When the signature verification passes through, the signature verification of the cloud feedback is received by information, wherein the signature
The starting of cloud described in information representation is verified to verify the parameter to be verified.
Preferably, the parameter to be verified includes calculating the cryptographic Hash generated based on the core data;The verifying
Data include the corresponding original cryptographic Hash of the core data;
Described is sent to cloud for the verification data packet, so that the cloud is using the verify data prestored to described
It includes: that the corresponding cryptographic Hash of the core data is sent to the cloud that verification data packet, which carries out verifying, so that the cloud
Hash verifying is carried out to the cryptographic Hash currently got according to the original cryptographic Hash prestored.
Preferably, the verification data packet further includes encryption lock identification number, the method also includes:
The encryption lock identification number is sent to the cloud, so that the cloud use and the encryption lock identification number phase
The associated verify data verifies the encryption lock.
The embodiment of the invention also provides a kind of encryption equipment, the encryption equipment is connect with encryption lock and cloud respectively, described
Encryption equipment includes:
Processing module is configured to driving encryption lock and carries out packaging operation to the core data in lock, generates verification data
Packet, wherein the check number includes parameter to be verified according to packet;
Encrypting module is configured to drive encryption lock private key of the encryption lock using its storage to the verification data packet
It is digitally signed;
Communication module is configured to the verification data packet after signature being sent to cloud, so that the cloud utilizes
The verify data prestored verifies the verification data packet.
Preferably, the verify data includes encryption lock public key certificate corresponding with the encryption lock private key, it is described logical
Letter module is further configured to:
The verification data packet with digital signature is sent to the cloud, so that the cloud utilizes the institute prestored
It states encryption lock public key certificate and signature verification is carried out to the digital signature.
Preferably, the communication module is further configured to:
When the signature verification is obstructed out-of-date, the signature verification failure information of the cloud feedback is received, wherein the label
Signature verification described in name authentication failed information representation does not pass through and has abandoned the verification data packet;
When the signature verification passes through, the signature verification of the cloud feedback is received by information, wherein the signature
The starting of cloud described in information representation is verified to verify the parameter to be verified.
The embodiment of the invention also provides a kind of encryption equipment, including memory and processor, it is stored on the memory
Executable code, the processor executes the executable code, to realize the step of the verification method of encryption lock as described above
Suddenly.
The beneficial effect of the embodiment of the present invention is: this method can be using cloud to the encryption lock being connected on encryption equipment
In core data accurately examined, whether kept fit state with verifying encryption lock, to guarantee encryption that user uses
Lock is in health status.
Detailed description of the invention
Fig. 1 is the flow chart of the verification method of the encryption lock of the embodiment of the present invention;
Fig. 2 is the connection relationship diagram of the encryption equipment of the embodiment of the present invention;
Fig. 3 is the structural schematic block diagram of the encryption equipment of the embodiment of the present invention.
Specific embodiment
The various schemes and feature of the application are described herein with reference to attached drawing.
It should be understood that various modifications can be made to the embodiment applied herein.Therefore, description above should not regard
To limit, and only as the example of embodiment.Those skilled in the art will expect in the scope and spirit of the present application
Other modifications.
The attached drawing being included in the description and forms part of the description shows embodiments herein, and with it is upper
What face provided is used to explain the application together to substantially description and the detailed description given below to embodiment of the application
Principle.
By the description of the preferred form with reference to the accompanying drawings to the embodiment for being given as non-limiting example, the application's
These and other characteristic will become apparent.
It is also understood that although the application is described referring to some specific examples, those skilled in the art
Member realizes many other equivalents of the application in which can determine, they have feature as claimed in claim and therefore all
In the protection scope defined by whereby.
When read in conjunction with the accompanying drawings, in view of following detailed description, above and other aspect, the feature and advantage of the application will become
It is more readily apparent.
The specific embodiment of the application is described hereinafter with reference to attached drawing;It will be appreciated, however, that applied embodiment is only
Various ways implementation can be used in the example of the application.Known and/or duplicate function and structure and be not described in detail to avoid
Unnecessary or extra details makes the application smudgy.Therefore, applied specific structural and functionality is thin herein
Section is not intended to restrictions, but as just the basis of claim and representative basis be used to instructing those skilled in the art with
Substantially any appropriate detailed construction diversely uses the application.
This specification can be used phrase " in one embodiment ", " in another embodiment ", " in another embodiment
In " or " in other embodiments ", it can be referred to one or more of the identical or different embodiment according to the application.
Fig. 1 is the flow chart of the verification method of the encryption lock of the embodiment of the present invention, and the embodiment of the invention provides one kind to add
The verification method of close lock, encryption lock can be used cooperatively with equipment such as associated encryption equipments, as user can connect encryption lock
It connects on encryption equipment to use encryption equipment to execute cryptographic tasks, needs to carry out encryption lock verifying in the present embodiment and guarantee encryption lock
The data of middle storage are effective valid data.As shown in Figure 1 and Fig. 2 is combined, which is executed by encryption equipment, including following
Step:
S1, driving encryption lock carry out packaging operation to the core data in lock, verification data packet are generated, wherein verifying data
Packet includes parameter to be verified.
Encryption lock can be connected on the encryption equipments such as encryption equipment by user, be such as plugged on the interface of encryption equipment, so that plus
Close lock can carry out data interaction with encryption equipment.Core data is the key data in the data of encryption lock storage, such as be can wrap
Include following at least one: administrator locks the data such as private key, administrator's lock public key certificate, business cipher key and kind subcode, the core number
According to that cannot be damaged, packaging operation is carried out to the core data in the present embodiment, verification data packet is generated, by the check number
It may determine that whether above-mentioned core data is destroyed according to the verification of packet, specifically, include parameter to be verified in verification data packet,
It therefore can be by the verifying to the parameter to be verified, to judge whether core data is destroyed, for example, if parameter to be verified
Numerical value meet preset rules and then think that the core data is not destroyed.
S2, driving encryption lock are digitally signed verification data packet using the encryption lock private key of its storage.
Specifically, the encryption lock private key in this implementation and corresponding encryption lock public key certificate (will then be illustrated)
In public key be that a kind of public key by key pair that asymmetric key schedule obtains, in encryption lock public key certificate can
To be part disclosed in the cipher key pair, encryption lock private key is then private part.Encryption lock public key can be used for the meeting of encryption
Talk about key, the cryptographies processing of verifying digital signature etc., and corresponding encryption lock private key the data of encryption can be decrypted with
And generate digital signature etc..In the present embodiment, encryption lock is digitally signed verification data packet with encryption lock private key.And it is digital
Signature is other people one section of word string can not forging that the sender of only information could generate, this section of word string is also to information simultaneously
Sender send information authenticity a valid certificates.After being digitally signed with encryption lock private key to verification data packet,
The verifying of authenticity can be carried out to the digital signature by being only able to use encryption lock public key corresponding with the encryption lock private key.
Verification data packet after signature is sent to cloud by S3, so that cloud is using the verify data prestored to check number
It is verified according to packet.
Specifically, encryption equipment can be connect by network with cloud (such as manufacturer cloud management server), will be signed
Verification data packet afterwards is sent to cloud by network.Verify data is also prestored on cloud, which, which can be, is adding
The close lock production phase is just prestored corresponding verify data beyond the clouds by manufacturer, naturally it is also possible to by encryption lock user
The verify data that will acquire as needed is stored to cloud in advance.Since protection class of the cloud to data is higher, what is prestored is tested
Card data are hardly damaged, and then can guarantee the accuracy verified to verification data packet, additionally due to the hardware in cloud is matched
It sets higher, therefore can be improved to the efficiency verified of verification data packet.And specific verification process can be, and be tested based on this
Data are demonstrate,proved, whether the verification data packet to judge that encryption equipment is sent meets preset rules, such as judges whether data are complete, data are
No legal, whether data are correctly equal to operate, thus accurately judge whether the corresponding core data of verification data packet damages,
And then accurately judge whether encryption lock damages, such as the hardware in encryption lock is damaged and causes the core data of its offer
It is damaged.Whether this allows cloud that user's encryption lock is prompted to keep fit state according to verification result, to guarantee to use
The encryption lock that family uses is in health status.
In one embodiment of the invention, verify data includes encryption lock public key certificate corresponding with encryption lock private key,
Described is sent to cloud for the verification data packet after signature so that cloud using the verify data that prestores to verification data packet into
Row verifying is the following steps are included: be sent to cloud for the verification data packet with digital signature, so that cloud is added using what is prestored
Close lock public key certificate carries out signature verification to digital signature.
Specifically, the verify data packet that cloud prestores includes encryption lock public key certificate.And the digital signature can be used to
(i.e. integrality, the identity of sender of guarantee information transmission are recognized for the identity source for proving verification data packet and data validity
Card), cloud can be by the verifying to digital signature come to this after receiving the verification data packet after digital signature
The identity source and data validity for verifying data packet are verified.And specific verification process, since what cloud prestored adds
Close lock public key certificate and the encryption lock private key being digitally signed to verification data packet are interrelated, are a key pair, thus
Encryption lock public key can be used to verify digital signature (signature carried out based on encryption lock private key).
Furthermore, it is understood that the method can also include: when signature verification is obstructed out-of-date, the signature for receiving cloud feedback is tested
Failure information is demonstrate,proved, wherein the signature verification of signature verification failure information characterization does not pass through and abandoned verification data packet.Signature verification
Do not pass through and then illustrate the verification data packet and do not meet preset requirement, such as the verification data packet that encryption equipment is sent is likely to occur
The imperfection of transmission process, or query to the identity of encryption equipment.Cloud without again to the verification data packet into
The further verifying of row, so cloud can to encryption equipment feedback signature authentication failed information, and by the verification data packet discarding,
Prepare to receive new verification data packet.
Furthermore, it is understood that the method can also include: to receive the signature verification of cloud feedback when signature verification passes through
By information, wherein signature verification verifies the parameter to be verified by the starting of information representation cloud.Signature verification is logical
It crosses, illustrates that the verification data packet meets preset requirement, such as the verification data packet that encryption equipment is sent has had in transmission process
Whole property, and the identity of encryption equipment is confirmed by cloud etc..And then cloud starts further testing to the verification data packet
Card, that is, treat certificate parameter and further verified.And cloud can send to encryption equipment after signature verification passes through and sign
It is verified information, so that encryption equipment receives the signature verification by information, corresponding prompt is formed and informs user.
In one embodiment of the invention, parameter to be verified may include calculating the Hash generated based on core data
Value;Verify data includes the corresponding original cryptographic Hash of core data;Described is sent to cloud for verification data packet, so that cloud
Carrying out verifying to verification data packet using the verify data prestored may comprise steps of: by the corresponding cryptographic Hash of core data
It is sent to cloud, so that cloud carries out Hash verifying to the cryptographic Hash currently got according to the original cryptographic Hash prestored.Specifically
For, hash function is also known as hash function (or hashing algorithm, hash function), be it is a kind of create from any kind of data it is small
The method of digital " fingerprint ", hash function can be message or data compression at abstract, so that data volume becomes smaller, by the lattice of data
Formula is fixed up.In the present embodiment, parameter to be verified includes calculating the cryptographic Hash generated based on core data, to the cryptographic Hash
Verifying characterizes the verifying to the core data.It include encryption lock corresponding with cloud in the verify data prestored in cloud
The corresponding original cryptographic Hash of core data, i.e., the original cryptographic Hash generated is calculated based on the core data that has been identified, and add
The corresponding cryptographic Hash of current core data of encryption lock has also been sent to cloud by close machine, cloud can by original cryptographic Hash with
The cryptographic Hash being currently received is compared, and then judges whether the cryptographic Hash being currently received is correct or whether meets default
Condition.For example, if original cryptographic Hash is identical as the cryptographic Hash being currently received, think that the cryptographic Hash being currently received is correct,
And then the Hash verification result can be returned to encryption equipment by cloud in an encrypted form.User can verify according to the Hash and tie
Fruit judges whether the encryption lock currently connected meets the requirements, and whether encryption lock is still healthy, and then decides whether to replace
The encryption lock.
In one embodiment of the invention, verification data packet further includes encryption lock identification number, and the method can also wrap
It includes: encryption lock identification number is sent to cloud, so that use verify data associated with encryption lock identification number in cloud is to encryption
Lock is verified.Large number of verify data is stored in cloud, each verify data is associated with corresponding privacy lock, this
In embodiment, the encryption lock identification number for the encryption lock being connected thereto can be sent to cloud by encryption equipment, and then make cloud root
According to the encryption lock identification number, determine to be specially which encryption lock, and then call verify data associated with the encryption lock, to this
Encryption lock is verified, and confusion when will not cause since encryption lock is numerous using verify data further improves verifying
Efficiency.
The embodiment of the invention also provides a kind of encryption equipment, encryption equipment is connect with encryption lock and cloud respectively, and encryption equipment can
To be used cooperatively with associated encryption lock, as encryption lock can be connected on encryption equipment to use encryption equipment to execute and add by user
Close task.As shown in Figure 3 and Fig. 2 is combined, encryption equipment includes:
Processing module is configured to driving encryption lock and carries out packaging operation to the core data in lock, generates verification data
Packet, wherein verification data packet includes parameter to be verified.Encryption lock can be connected on encryption equipment by user, such as be plugged on encryption equipment
Interface on so that encryption lock and encryption equipment can carry out data interaction.Core data is the master in the data of encryption lock storage
Want data, such as may include following at least one: administrator locks private key, administrator's lock public key certificate, business cipher key and kind subcode
Etc. data, the core data cannot be damaged, in the present embodiment processing module to the core data carry out packaging operation, generate school
Data packet is tested, whether above-mentioned core data, which is destroyed, may determine that the verification of the verification data packet by cloud, specifically,
Verifying includes parameter to be verified in data packet, therefore can be by the verifying to the parameter to be verified, to judge that core data is
It is no to be destroyed, for example, if the numerical value of parameter to be verified, which meets preset rules, then thinks that the core data is not destroyed.
Encrypting module is configured to driving encryption lock using the encryption lock private key of its storage and carries out number to verification data packet
Signature.Specifically, in the encryption lock private key in this implementation and corresponding encryption lock public key certificate (will then be illustrated)
Public key be that a kind of public key by key pair that asymmetric key schedule obtains, in encryption lock public key certificate can be with
It is part disclosed in the cipher key pair, encryption lock private key is then private part.Encryption lock public key can be used for encrypting session
Key, the cryptographies processing of verifying digital signature etc., and corresponding encryption lock private key can be decrypted the data of encryption and
Generate digital signature etc..In the present embodiment, encrypting module drives encryption lock to carry out number to verification data packet with encryption lock private key
Signature.And the sender that digital signature is only information could generate other people one section of word string can not forging, this section of word string are same
When be also the valid certificates that information authenticity is sent to the sender of information.Verification data packet is carried out with encryption lock private key
After digital signature, the digital signature can be carried out really by being only able to use encryption lock public key corresponding with the encryption lock private key
The verifying of property.
Communication module is configured to the verification data packet after signature being sent to cloud, so that cloud is tested using what is prestored
Card data verify verification data packet.Specifically, communication module can (such as manufacturer cloud manages by network and cloud
Server) connection, the verification data packet after signature is sent to cloud by network.Verify data is also prestored on cloud,
The verify data can be in the encryption lock production phase, just by manufacturer by corresponding verify data prestore beyond the clouds, when
The verify data that can also be so will acquire as needed by encryption lock user is stored to cloud in advance.Protection etc. due to cloud to data
Grade is higher, therefore the verify data prestored is hardly damaged, and then can guarantee the accuracy verified to verification data packet, this
Outside since the hardware configuration in cloud is higher, the efficiency verified to verification data packet can be improved.And it specifically verifies
Process can be, and be based on the verify data, and whether the verification data packet to judge that encryption equipment is sent meets preset rules, such as judge
Whether data are complete, and whether data are legal, and whether data are correctly equal to operate, to accurately judge that the verification data packet is corresponding
Core data whether damage, and then accurately judge whether encryption lock damages, for example, the hardware in encryption lock be damaged and
The core data for causing it to provide is damaged.This allows cloud to prompt whether user's encryption lock is protected according to verification result
Health status is held, to guarantee that the encryption lock that user uses is in health status.
In one embodiment of the invention, verify data includes encryption lock public key certificate corresponding with encryption lock private key,
Communication module can be further configured to: the verification data packet with digital signature are sent to cloud, so that cloud is using in advance
The encryption lock public key certificate deposited carries out signature verification to digital signature.
Specifically, the verify data packet that cloud prestores includes encryption lock public key certificate.And the digital signature can be used to
(i.e. integrality, the identity of sender of guarantee information transmission are recognized for the identity source for proving verification data packet and data validity
Card), cloud, can be by signing number after the verification data packet after digital signature for receiving communication module transmission
Name verifying come to the verification data packet identity source and data validity verify.And specific verification process, by
In the encryption lock public key certificate that cloud prestores with it is interrelated to the encryption lock private key that is digitally signed of verification data packet, be one
A key pair, thus encryption lock public key can be used to verify digital signature (signature carried out based on encryption lock private key).
Communication module can be further configured to: when the signature verification is obstructed out-of-date, the signature for receiving cloud feedback is tested
Failure information is demonstrate,proved, wherein the signature verification of signature verification failure information characterization does not pass through and abandoned verification data packet;When signature is tested
When card passes through, the signature verification of cloud feedback is received by information, wherein signature verification is treated by the starting of information representation cloud
Certificate parameter is verified.
Signature verification does not pass through, and illustrates the verification data packet and does not meet preset requirement, such as the school that encryption equipment is sent
The imperfection that data packet is likely to occur transmission process is tested, or is queried to the identity of encryption equipment.Cloud is without again
The verification data packet is further verified, and then cloud can be to encryption equipment feedback signature authentication failed information, and incites somebody to action
The verification data packet discarding prepares to receive new verification data packet.And communication module can then receive the signature verification of cloud feedback
Failure information, to inform user.Signature verification is by then illustrating that the verification data packet meets preset requirement, such as encryption equipment hair
The verification data packet sent has integrality in transmission process, and the identity of encryption equipment is confirmed by cloud etc..In turn
Cloud starts the further verifying to the verification data packet, that is, treats certificate parameter and further verified.And cloud exists
Signature verification can send signature verification by information, so that communication module receives the signature verification and passes through letter to encryption equipment after passing through
Breath forms corresponding prompt and informs user.
In one embodiment of the invention, parameter to be verified may include calculating the Hash generated based on core data
Value;Verify data includes the corresponding original cryptographic Hash of core data;Communication module is further configured to: core data is corresponding
Cryptographic Hash is sent to cloud, tests so that cloud carries out Hash to the cryptographic Hash currently got according to the original cryptographic Hash prestored
Card.
In the present embodiment, parameter to be verified includes calculating the cryptographic Hash generated based on core data, is tested the cryptographic Hash
Card characterizes the verifying to the core data.It include encryption lock corresponding with cloud in the verify data prestored in cloud
The corresponding original cryptographic Hash of core data calculates the original cryptographic Hash generated based on the core data being identified, and communicate
The corresponding cryptographic Hash of current core data of encryption lock has also been sent to cloud by module, cloud can by original cryptographic Hash with
The cryptographic Hash being currently received is compared, and then judges whether the cryptographic Hash being currently received is correct or whether meets default
Condition.For example, if original cryptographic Hash is identical as the cryptographic Hash being currently received, think that the cryptographic Hash being currently received is correct,
And then the Hash verification result can be returned to encryption equipment by cloud in an encrypted form.User can verify according to the Hash and tie
Fruit judges whether the encryption lock currently connected meets the requirements, and whether encryption lock is still healthy, and then decides whether to replace
The encryption lock.
In one embodiment of the invention, verification data packet further includes encryption lock identification number, and communication module can be into one
Step, which is configured that, is sent to cloud for encryption lock identification number, so that cloud use verify data associated with encryption lock identification number
Encryption lock is verified.It is stored with large number of verify data in cloud, each verify data and corresponding secret locking phase
It is associated with, in the present embodiment, the encryption lock identification number for the encryption lock being connected thereto can be sent to cloud by communication module, in turn
Make cloud according to the encryption lock identification number, determines to be specially which encryption lock, and then call verifying associated with the encryption lock
Data verify the encryption lock, and confusion when will not cause since encryption lock is numerous using verify data further mentions
High verification efficiency.
The embodiment of the invention also provides a kind of encryption equipment, which includes memory and processor, is deposited on memory
Executable code is contained, processor executes executable code, to realize the verifying of encryption lock described in any embodiment as above
Each step of method.
Above embodiments are only exemplary embodiment of the present invention, are not used in the limitation present invention, protection scope of the present invention
It is defined by the claims.Those skilled in the art can within the spirit and scope of the present invention make respectively the present invention
Kind modification or equivalent replacement, this modification or equivalent replacement also should be regarded as being within the scope of the present invention.
Claims (10)
1. a kind of verification method of encryption lock characterized by comprising
It drives encryption lock to carry out packaging operation to the core data in lock, verification data packet is generated, wherein the check number is according to packet
Including parameter to be verified;
The encryption lock is driven to be digitally signed using the encryption lock private key of its storage to the verification data packet;
The verification data packet after signature is sent to cloud, so that the cloud is using the verify data prestored to the school
Data packet is tested to be verified.
2. the method according to claim 1, wherein the verify data includes corresponding with the encryption lock private key
Encryption lock public key certificate, the verification data packet by after signature is sent to cloud, so that the cloud is using pre-
The verify data deposited carries out verifying to the verification data packet
The verification data packet with digital signature is sent to the cloud so that the cloud using prestore described plus
Close lock public key certificate carries out signature verification to the digital signature.
3. according to the method described in claim 2, it is characterized in that, the method also includes:
When the signature verification is obstructed out-of-date, the signature verification failure information of the cloud feedback is received, wherein the signature is tested
Card failure information characterizes the signature verification and does not pass through and abandoned the verification data packet.
4. according to the method described in claim 2, it is characterized in that, the method also includes:
When the signature verification passes through, the signature verification of the cloud feedback is received by information, wherein the signature verification
The parameter to be verified is verified by the starting of cloud described in information representation.
5. the method according to claim 1, wherein the parameter to be verified includes based on the core data
Calculate the cryptographic Hash generated;The verify data includes the corresponding original cryptographic Hash of the core data;
Described is sent to cloud for the verification data packet, so that the cloud is using the verify data prestored to the verification
Data packet carry out verifying include: the corresponding cryptographic Hash of the core data is sent to the cloud so that the cloud according to
The original cryptographic Hash prestored carries out Hash verifying to the cryptographic Hash currently got.
6. the method according to claim 1, wherein the verification data packet further includes encryption lock identification number, institute
State method further include:
The encryption lock identification number is sent to the cloud, so that the cloud use is associated with the encryption lock identification number
The verify data encryption lock is verified.
7. a kind of encryption equipment, which is characterized in that the encryption equipment is connect with encryption lock and cloud respectively, and the encryption equipment includes:
Processing module is configured to driving encryption lock and carries out packaging operation to the core data in lock, generates verification data packet,
Described in verification data packet include parameter to be verified;
Encrypting module is configured to that the encryption lock is driven to carry out the verification data packet using the encryption lock private key of its storage
Digital signature;
Communication module is configured to the verification data packet after signature being sent to cloud, prestore so that the cloud utilizes
Verify data the verification data packet is verified.
8. encryption equipment according to claim 7, which is characterized in that the verify data includes and the encryption lock private key pair
The encryption lock public key certificate answered, the communication module are further configured to:
The verification data packet with digital signature is sent to the cloud so that the cloud using prestore described plus
Close lock public key certificate carries out signature verification to the digital signature.
9. encryption equipment according to claim 8, which is characterized in that the communication module is further configured to:
When the signature verification is obstructed out-of-date, the signature verification failure information of the cloud feedback is received, wherein the signature is tested
Card failure information characterizes the signature verification and does not pass through and abandoned the verification data packet;
When the signature verification passes through, the signature verification of the cloud feedback is received by information, wherein the signature verification
The parameter to be verified is verified by the starting of cloud described in information representation.
10. a kind of encryption equipment, which is characterized in that including memory and processor, it is stored with executable code on the memory,
The processor executes the executable code, to realize the verifying of the encryption lock as described in any one of claim 1 to 6
The step of method.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910217347.4A CN109948375A (en) | 2019-03-21 | 2019-03-21 | A kind of verification method and encryption equipment of encryption lock |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910217347.4A CN109948375A (en) | 2019-03-21 | 2019-03-21 | A kind of verification method and encryption equipment of encryption lock |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109948375A true CN109948375A (en) | 2019-06-28 |
Family
ID=67010510
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910217347.4A Pending CN109948375A (en) | 2019-03-21 | 2019-03-21 | A kind of verification method and encryption equipment of encryption lock |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109948375A (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20120198234A1 (en) * | 2011-01-31 | 2012-08-02 | Intuit Inc. | Method and apparatus for ensuring the integrity of a downloaded data set |
| CN103905207A (en) * | 2014-04-23 | 2014-07-02 | 福建联迪商用设备有限公司 | Method and system for unifying APK signature |
| CN106878016A (en) * | 2017-04-27 | 2017-06-20 | 上海木爷机器人技术有限公司 | Data is activation, method of reseptance and device |
| CN109347627A (en) * | 2018-09-19 | 2019-02-15 | 平安科技(深圳)有限公司 | Data encryption/decryption method, device, computer equipment and storage medium |
-
2019
- 2019-03-21 CN CN201910217347.4A patent/CN109948375A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20120198234A1 (en) * | 2011-01-31 | 2012-08-02 | Intuit Inc. | Method and apparatus for ensuring the integrity of a downloaded data set |
| CN103905207A (en) * | 2014-04-23 | 2014-07-02 | 福建联迪商用设备有限公司 | Method and system for unifying APK signature |
| CN106878016A (en) * | 2017-04-27 | 2017-06-20 | 上海木爷机器人技术有限公司 | Data is activation, method of reseptance and device |
| CN109347627A (en) * | 2018-09-19 | 2019-02-15 | 平安科技(深圳)有限公司 | Data encryption/decryption method, device, computer equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Chen et al. | Flexible and scalable digital signatures in TPM 2.0 | |
| US20200304316A1 (en) | Implicitly Certified Digital Signatures | |
| CN103081399B (en) | Authenticating device and system | |
| CN106416123B (en) | Certification based on password | |
| JP4113274B2 (en) | Authentication apparatus and method | |
| EP3073668B1 (en) | Apparatus and method for authenticating network devices | |
| US8285647B2 (en) | Maintaining privacy for transactions performable by a user device having a security module | |
| CA2838322C (en) | Secure implicit certificate chaining | |
| CN107094108B (en) | Device connected to a data bus and method for implementing an encryption function in said device | |
| US20150350164A1 (en) | Intelligent card secure communication method | |
| CN107683583A (en) | Vehicle-mounted information communication system and authentication method | |
| WO2008014328A2 (en) | Systems and methods for digitally-signed updates | |
| CN104782077B (en) | The method and apparatus and tamper resistant device that key certificate is retransmitted | |
| CN109981255A (en) | The update method and system of pool of keys | |
| JP2020530726A (en) | NFC tag authentication to remote servers with applications that protect supply chain asset management | |
| CN109474419A (en) | A kind of living body portrait photo encryption and decryption method and encrypting and deciphering system | |
| CN110213228B (en) | Method, device, storage medium and computer equipment for authenticating communication | |
| CN105610872B (en) | Internet-of-things terminal encryption method and internet-of-things terminal encryption device | |
| CN113761578A (en) | Document true checking method based on block chain | |
| CN107026729B (en) | Method and device for transmitting software | |
| CN103248490B (en) | A kind of back up the method and system of information in electronic signature token | |
| CN110492989A (en) | The processing method of private key, the medium of access method and corresponding method, device | |
| CN115842663A (en) | IP address protection application management method and system | |
| CN109948375A (en) | A kind of verification method and encryption equipment of encryption lock | |
| CN115549910A (en) | Data transmission method, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190628 |
|
| RJ01 | Rejection of invention patent application after publication |