CN111290734A - True random number acquisition method and system and cipher machine - Google Patents
True random number acquisition method and system and cipher machine Download PDFInfo
- Publication number
- CN111290734A CN111290734A CN202010145986.7A CN202010145986A CN111290734A CN 111290734 A CN111290734 A CN 111290734A CN 202010145986 A CN202010145986 A CN 202010145986A CN 111290734 A CN111290734 A CN 111290734A
- Authority
- CN
- China
- Prior art keywords
- data
- random number
- magnetic field
- true random
- entropy pool
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F7/00—Methods or arrangements for processing data by operating upon the order or content of the data handled
- G06F7/58—Random or pseudo-random number generators
- G06F7/588—Random number generators, i.e. based on natural stochastic processes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/72—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Mathematical Physics (AREA)
- Computational Mathematics (AREA)
- Mathematical Analysis (AREA)
- Mathematical Optimization (AREA)
- Pure & Applied Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Arrangements For Transmission Of Measured Signals (AREA)
Abstract
The application discloses a true random number obtaining method, a system and a cipher machine, wherein an entropy pool with a first preset length is obtained, an integer is determined according to magnetic field data, light sensor data and gyroscope data, and a position number is obtained according to the length of a true random data sequence in the entropy pool and the integer; and acquiring a random number with a second preset length in the entropy pool by taking the position number as a starting point, and adding the random number with the character strings of the magnetic field data, the light sensor data and the gyroscope data to perform SM3 abstract operation once to obtain a true random number. The entropy value in the entropy pool is obtained through a background server cipher machine, the quality of the entropy value is guaranteed, and random numbers required by a client are randomly obtained from the entropy pool, because the magnetic field data, the light sensor data and the gyroscope data of the terminal change along with the environment. And performing SM3 abstract operation on the random number, the magnetic field data, the light sensor data and the gyroscope data to determine the true random number. The unpredictable and irregular nature of the true random numbers ensures the safety of the information system.
Description
Technical Field
The application relates to the technical field of information security, in particular to a true random number acquisition method, a true random number acquisition system and a cipher machine.
Background
Information security is a multi-level, multi-factor and comprehensive dynamic process, the information security requires comprehensive thinking and unified planning on an information system and an organization system, the information security needs to pay attention to the change of internal and external environments of a monitoring system, and the information security is likely to threaten the organization of the whole system due to the security defect in a certain link. Therefore, the information security is taken as a multi-level, multi-factor and comprehensive dynamic process, which is a continuous development process requiring a system to guarantee the information security.
The information security generally referred to as logical security in the conventional technology includes information integrity, confidentiality, availability and the like. In the field of information security, random numbers are widely used. The role of high-quality random numbers in the information security system is very important, and if the randomness of the random numbers is not safe enough, the whole system is very likely to be broken by attackers.
Random sequences in information security systems are required to have a sufficient length and period, and an entropy value as high as possible, i.e. to have a high degree of randomness and unpredictability. However, random functions in programming languages can only generate pseudo-random numbers, which are generated by simulation according to a certain algorithm, and the result is determined and visible. The probability of this predictable outcome being considered to be 100%. Therefore, the pseudo-random number is not random, and has a random law of its own, so that the use of the pseudo-random number for information security has a certain security risk.
Disclosure of Invention
In order to solve the technical problems, the following technical scheme is provided:
in a first aspect, an embodiment of the present application provides a method for acquiring a true random number, where the method includes: acquiring an entropy pool with a first preset length, wherein the entropy pool contains a true random data sequence generated by a terminal; respectively acquiring terminal magnetic field data, light sensor data and gyroscope data, and determining an integer according to the magnetic field data, the light sensor data and the gyroscope data; obtaining a position number according to the length of the true random data sequence in the entropy pool and the integer; obtaining a random number with a second preset length in the entropy pool by taking the position number as a starting point, wherein the second preset length is smaller than the first preset length; and adding the random number with the character strings of the magnetic field data, the light ray sensor data and the gyroscope data for one-time SM3 abstract operation to obtain a true random number.
By adopting the implementation mode, the entropy value in the entropy pool is obtained through the background server cipher machine, the quality of the entropy value is guaranteed, and the random number required by the client is randomly obtained from the entropy pool because the magnetic field data, the light sensor data and the gyroscope data of the terminal change along with the environment. Therefore, random is obtained at the time of taking, and the random number is obtained randomly, so that the true random number is obtained. And performing SM3 abstract operation on the random number, the magnetic field data, the light sensor data and the gyroscope data, and taking the operation result as a true random number. The obtained true random numbers are unpredictable and irregular, and the safety of an information system is ensured.
With reference to the first aspect, in a first possible implementation manner of the first aspect, the obtaining an entropy pool of a first preset length includes: initializing an entropy pool, and circularly taking a random number through a server cipher machine of background service to obtain an entropy pool with a first preset length; and storing the entropy pool into a folder.
With reference to the first aspect, in a second possible implementation manner of the first aspect, the respectively obtaining magnetic field data, light sensor data, and gyroscope data of the terminal, and determining an integer according to the magnetic field data, the light sensor data, and the gyroscope data includes: respectively amplifying the terminal magnetic field data, the light sensor data and the gyroscope data by 10000 times; and adding the amplified terminal magnetic field data, the amplified light sensor data and the amplified gyroscope data to obtain the integer.
With reference to the second possible implementation manner of the first aspect, in a third possible implementation manner of the first aspect, the obtaining a position number according to the length of the truly random data sequence in the entropy pool and the integer includes: and carrying out remainder operation on the integer and the length of the true random data sequence in the entropy pool to obtain the position number.
With reference to the first aspect, in a fourth possible implementation manner of the first aspect, the true random number length obtained by adding the random number to the character string of the magnetic field data, the light sensor data, and the gyroscope data and performing SM3 digest operation is equal to the second preset length.
Second conveniently, this application embodiment provides a true random number acquisition system, the system includes: the device comprises a first acquisition module, a second acquisition module and a third acquisition module, wherein the first acquisition module is used for acquiring an entropy pool with a first preset length, and the entropy pool contains a true random data sequence generated by a terminal; the second acquisition module is used for respectively acquiring terminal magnetic field data, light sensor data and gyroscope data and determining an integer according to the magnetic field data, the light sensor data and the gyroscope data; a third obtaining module, configured to obtain a position number according to the length of the truly random data sequence in the entropy pool and the integer; a fourth obtaining module, configured to obtain a random number with a second preset length in the entropy pool with the position number as a starting point, where the second preset length is smaller than the first preset length; and the determining module is used for adding the random number with the character strings of the magnetic field data, the light ray sensor data and the gyroscope data to perform SM3 abstract operation once to obtain a true random number.
With reference to the second aspect, in a first possible implementation manner of the second aspect, the first obtaining module includes: the first acquisition unit is used for initializing the entropy pool, circularly acquiring a random number through a server cipher machine of the background service and acquiring the entropy pool with a first preset length; and the storage unit stores the entropy pool into a folder.
With reference to the second aspect, in a second possible implementation manner of the second aspect, the second obtaining module includes: the data processing unit is used for respectively amplifying the terminal magnetic field data, the light sensor data and the gyroscope data by 10000 times; and the second acquisition unit is used for performing addition operation on the amplified terminal magnetic field data, the amplified light sensor data and the amplified gyroscope data to obtain the integer.
In a third aspect, an embodiment of the present application provides a terminal, including: a processor; a memory for storing processor executable instructions; the processor executes the first aspect or the true random number obtaining method of the first aspect to obtain the true random number of the terminal.
Drawings
Fig. 1 is a schematic flowchart of a true random number obtaining method according to an embodiment of the present disclosure;
FIG. 2 is a schematic diagram of a true random number acquisition system according to an embodiment of the present disclosure;
fig. 3 is a schematic diagram of a cryptographic machine according to an embodiment of the present application.
Detailed Description
The present invention will be described with reference to the accompanying drawings and embodiments.
Fig. 1 is a schematic flow chart of a true random number acquisition method provided in an embodiment of the present application, and referring to fig. 1, the true random number acquisition method of the present embodiment includes:
s101, an entropy pool with a first preset length is obtained, and the entropy pool contains a true random data sequence generated by a cipher machine.
Random numbers have important applications in many areas, such as Monte Carlo simulations, cryptography, and network security. The quality of the random number is directly related to the reliability and safety of the network security system and the credibility of Monte Carlo simulation results. Since the birth of computers, research seeking to generate high-quality random number sequences by computers has been a long-standing issue of interest. The Linux kernel, starting from version 1.3.30, implements a strong random number generator, whose design and implementation are analyzed in detail herein in terms of the source code of the Linux 2.6.10 kernel.
The Linux kernel uses entropy to describe the randomness of data. Entropy (entropy) is a physical quantity that describes the degree of disorder of a system, and the greater the entropy of a system, the worse the order of the system, i.e., the greater the uncertainty. In informatics, entropy is used to characterize the uncertainty of a symbol or system, with greater entropy indicating less useful information contained in the system and greater uncertainty.
The computer itself is a predictable system, and therefore, it is not possible to generate true random numbers with computer algorithms. However, the environment of the machine is full of various noises, such as the time when the hardware device is interrupted, the time interval when the user clicks the mouse, etc., are completely random and cannot be predicted in advance. It is these random noises in the system that the Linux kernel implements to generate a high quality random number sequence.
The kernel maintains a pool of entropy to collect ambient noise from device drivers and other sources. In theory, the data in the entropy pool is completely random, and the generation of true random number sequences can be realized. To track the randomness of the data in the entropy pool, the kernel estimates the randomness of the data as it is added to the pool, a process referred to as entropy estimation. The entropy estimates describe the number of random digits contained in the pool, with larger values indicating better randomness of the data in the pool.
In the embodiment of the application, an entropy pool is initialized, a server cipher machine circularly passing through background service acquires a random number, an entropy pool with a first preset length is acquired, and the entropy pool is stored in a folder. The first preset length is set to 32M in this embodiment.
S102, respectively acquiring terminal magnetic field data, light sensor data and gyroscope data, and determining an integer according to the magnetic field data, the light sensor data and the gyroscope data.
Specifically, the terminal magnetic field data, the light sensor data and the gyroscope data are respectively amplified by 10000 times. And adding the amplified terminal magnetic field data, the amplified light sensor data and the amplified gyroscope data to obtain the integer.
In an exemplary embodiment, in this embodiment, the magnetic field data is 0.1234, the optical sensor data is 0.4532, the gyroscope data is 0.7749, the data is enlarged by 10000 times and then the data is changed to 1234, 4352 and 7749, and the three data are added to obtain an integer 13335.
S103, obtaining a position number according to the length of the true random data sequence in the entropy pool and the integer.
And carrying out remainder operation on the integer and the length of the true random data sequence in the entropy pool to obtain the position number. Taking S102 as an example, the obtained integer bit 13335 is subjected to a remainder operation on 13335 and 131072 to obtain a position number 13335.
And S104, obtaining a random number with a second preset length in the entropy pool by taking the position number as a starting point, wherein the second preset length is smaller than the first preset length.
Similarly, taking S103 as an example, after the position number 13335 is determined, 256 bytes are obtained as a random number from the slave entropy pool with the position 13335 as a starting point.
And S105, adding the random number with the character strings of the magnetic field data, the light ray sensor data and the gyroscope data, and performing SM3 abstract operation once to obtain a true random number.
And adding the random number with the character strings of the magnetic field data, the light sensor data and the gyroscope data to obtain the true random number length after SM3 abstract operation is equal to the second preset length, namely the 32-bit true random number of the true random number obtained in the embodiment.
SM3 is a standard Cryptographic hash function, which is also known as Cryptographic hash function, or Cryptographic hash function, and is one of the hash functions. It is considered to be a one-way function, that is, it is extremely difficult to extrapolate what the input data is, as a result of the hash function output. Such one-way functions are known as "piggyback horses for modern cryptography". The input data of such a hash function is often referred to as a message (message), and its output result is often referred to as a message digest or a digest.
In one illustrative embodiment, the data length is 128:
76,3A,FC,53,7F,78,76,C2,D0,B5,9F,DB,68,D7,62,E9;
0C,EF,D2,22,BB,35,8D,0D,69,31,86,7C,E2,65,38,64;
9B,E3,57,9A,40,04,48,3E,A5,D8,4D,00,50,63,F7,6F;
B1,CE,7E,5F,2F,93,3B,5E,D7,57,A7,18,18,2F,38,3C;
4D,58,29,1A,6A,5D,8D,07,C0,81,F6,68,06,03,15,39;
09,33,62,D8,54,88,3A,88,74,F7,B9,19,92,5D,AB,C7;
4C,17,3E,21,62,F0,7E,67,80,E3,11,FF,0A,EF,05,9A;
E6,20,30,3D,EC,B6,28,9E,97,F7,2C,01,87,23,C4,71;
(763AFC537F7876C2D0B59FDB68D762E90CEFD222BB358D0D6931867CE26538649BE3579A4004483EA5D84D005063F76FB1CE7E5F2F933B5ED757A718182F383C4D58291A6A5D8D07C081F66806031539093362D854883A8874F7B919925DABC74C173E2162F07E6780E311FF0AEF059AE620303DECB6289E97F72C018723C471)
SM3 digest operation 256 bits:
d3,2b,9d,79,3b,49,66,e1,8c,35,18,92,e6,52,77,75,6e,f0,cc,9d,28,db,95,4c,95,9f,bb,85,e3,94,84,42。
SM3 digest 192 bits:
86,92,37,05,13,92,F3,AD,19,AA,A3,17,05,C6,F3,37A4,EE,8D,DE,73,CD,CC,F0。
SM3 digest operation 160 bits:
86,92,37,05,9F,A7,EB,3F,19,AA,A3,17,05,C6,F3,37,73,CD,CC,F0。
it can be known from the foregoing embodiment that, in the method for acquiring a true random number provided by this embodiment, the entropy value in the entropy pool is acquired by the background server cryptographic engine, so that the quality of the entropy value is ensured, and the random number required by the client is randomly acquired from the entropy pool because the magnetic field data, the light sensor data, and the gyroscope data of the terminal change with the environment. Therefore, random is obtained at the time of taking, and the random number is obtained randomly, so that the true random number is obtained. And performing SM3 abstract operation on the random number, the magnetic field data, the light sensor data and the gyroscope data, and taking the operation result as a true random number. The obtained true random numbers are unpredictable and irregular, and the safety of an information system is ensured.
Corresponding to the method for acquiring a true random number provided in the foregoing embodiment, the present application also provides an embodiment of a true random number acquisition system, and referring to fig. 1, the true random number acquisition system 20 includes: a first obtaining module 201, a second obtaining module 202, a third obtaining module 203, a fourth obtaining module 204 and a determining module 205.
The first obtaining module 201 is configured to obtain an entropy pool of a first preset length, where the entropy pool includes a true random data sequence generated by a cryptographic machine. The second obtaining module 202 is configured to obtain terminal magnetic field data, light sensor data, and gyroscope data, and determine an integer according to the magnetic field data, the light sensor data, and the gyroscope data. A third obtaining module 203, configured to obtain a position number according to the length of the truly random data sequence in the entropy pool and the integer. A fourth obtaining module 204, configured to obtain a random number of a second preset length in the entropy pool with the position number as a starting point, where the second preset length is smaller than the first preset length. The determining module 205 is configured to add the random number to the character string of the magnetic field data, the light sensor data, and the gyroscope data to perform an SM3 digest operation once to obtain a true random number.
Further, the first obtaining module 201 includes: the device comprises a first acquisition unit and a storage unit. The first obtaining unit is used for initializing the entropy pool, circularly obtaining the random number through a server cipher machine of the background service, and obtaining the entropy pool with a first preset length. And the storage unit stores the entropy pool into a folder.
The second obtaining module 202 includes: a data processing unit and a second acquisition unit. The data processing unit is used for respectively amplifying the terminal magnetic field data, the light sensor data and the gyroscope data by 10000 times; and the second acquisition unit is used for performing addition operation on the amplified terminal magnetic field data, the amplified light sensor data and the amplified gyroscope data to obtain the integer.
Specifically, the third obtaining module 203 performs a remainder operation on the integer and the length of the true random data sequence in the entropy pool to obtain the position number.
The length of the true random number obtained by adding the random number to the character string of the magnetic field data, the light sensor data, and the gyroscope data and performing SM3 digest operation by the determining module 205 is equal to the first preset length.
The embodiment of the present application further provides a cryptographic engine, and referring to fig. 3, the cryptographic engine 30 includes: a processor 301, a memory 302, and a communication interface 303.
In fig. 3, the processor 301, the memory 302, and the communication interface 303 may be connected to each other by a bus; the bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown in FIG. 3, but this does not mean only one bus or one type of bus.
The processor 301 generally controls the overall functions of the cryptographic engine 30, such as starting the cryptographic engine 30, and acquiring an entropy pool, terminal magnetic field data, light sensor data, and gyroscope data of a first preset length after the cryptographic engine is started, and determining an integer according to the magnetic field data, the light sensor data, and the gyroscope data; obtaining a position number according to the length of the true random data sequence in the entropy pool and the integer; and acquiring a random number with a second preset length in the entropy pool by taking the position number as a starting point, and adding the random number with the character strings of the magnetic field data, the light ray sensor data and the gyroscope data to perform SM3 abstract operation once to obtain a true random number.
The processor 301 may be a general-purpose processor such as a Central Processing Unit (CPU), a Network Processor (NP), or a combination of a CPU and an NP. The processor may also be a Microprocessor (MCU). The processor may also include a hardware chip. The hardware chips may be Application Specific Integrated Circuits (ASICs), Programmable Logic Devices (PLDs), or a combination thereof. The PLD may be a Complex Programmable Logic Device (CPLD), a Field Programmable Gate Array (FPGA), or the like.
Memory 302 is configured to store computer executable instructions to support the operation of crypto-engine 30 data. The memory 301 may be implemented by any type or combination of volatile or non-volatile memory devices, such as Static Random Access Memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic memory, flash memory, magnetic or optical disks.
After the cryptographic engine 30 is started, the processor 301 and the memory 302 are powered on, and the processor 301 reads and executes the computer executable instructions stored in the memory 302 to complete all or part of the steps in the above embodiment of the true random number obtaining method.
The communication interface 303 is used for the crypto engine 30 to transmit data, for example, to realize communication with a client and a server. The communication interface 303 includes a wired communication interface, and may also include a wireless communication interface. The wired communication interface comprises a USB interface, a Micro USB interface and an Ethernet interface. The wireless communication interface may be a WLAN interface, a cellular network communication interface, a combination thereof, or the like.
In an exemplary embodiment, the cryptographic engine 30 provided by embodiments of the present application further includes a power supply assembly that provides power to the various components of the cryptographic engine 30. The power components may include a power management system, one or more power supplies, and other components associated with generating, managing, and distributing power for crypto machine 30.
A communication component configured to facilitate communication between crypto machine 30 and other devices in a wired or wireless manner. The cryptographic engine 30 may access a wireless network based on a communication standard, such as WiFi, 2G or 3G, or a combination thereof. The communication component receives a broadcast signal or broadcast related information from an external broadcast management system via a broadcast channel. The communication component also includes a Near Field Communication (NFC) module to facilitate short-range communications. For example, the NFC module may be implemented based on Radio Frequency Identification (RFID) technology, infrared data association (IrDA) technology, Ultra Wideband (UWB) technology, Bluetooth (BT) technology, and other technologies.
In an exemplary embodiment, crypto-engine 30 may be implemented by one or more Application Specific Integrated Circuits (ASICs), Digital Signal Processors (DSPs), Digital Signal Processing Devices (DSPDs), Programmable Logic Devices (PLDs), Field Programmable Gate Arrays (FPGAs), or other electronic components.
It is noted that, in this document, relational terms such as "first" and "second," and the like, may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
Of course, the above description is not limited to the above examples, and technical features that are not described in this application may be implemented by or using the prior art, and are not described herein again; the above embodiments and drawings are only for illustrating the technical solutions of the present application and not for limiting the present application, and the present application is only described in detail with reference to the preferred embodiments instead, it should be understood by those skilled in the art that changes, modifications, additions or substitutions within the spirit and scope of the present application may be made by those skilled in the art without departing from the spirit of the present application, and the scope of the claims of the present application should also be covered.
Claims (9)
1. A method for acquiring true random numbers, the method comprising:
acquiring an entropy pool with a first preset length, wherein the entropy pool contains a true random data sequence generated by a cipher machine;
respectively acquiring terminal magnetic field data, light sensor data and gyroscope data, and determining an integer according to the magnetic field data, the light sensor data and the gyroscope data;
obtaining a position number according to the length of the true random data sequence in the entropy pool and the integer;
obtaining a random number with a second preset length in the entropy pool by taking the position number as a starting point, wherein the second preset length is smaller than the first preset length;
and adding the random number with the character strings of the magnetic field data, the light ray sensor data and the gyroscope data for one-time SM3 abstract operation to obtain a true random number.
2. The true random number acquisition method of claim 1, wherein the acquiring an entropy pool of a first preset length comprises:
initializing an entropy pool, and circularly taking a random number through a server cipher machine of background service to obtain an entropy pool with a first preset length;
and storing the entropy pool into a folder.
3. The true random number acquisition method of claim 1, wherein said separately acquiring terminal magnetic field data, light sensor data, and gyroscope data, determining an integer based on said magnetic field data, light sensor data, and gyroscope data, comprises:
respectively amplifying the terminal magnetic field data, the light sensor data and the gyroscope data by 10000 times;
and adding the amplified terminal magnetic field data, the amplified light sensor data and the amplified gyroscope data to obtain the integer.
4. The method of claim 3, wherein said obtaining a position number based on the length of the true random data sequence and the integer within the entropy pool comprises: and carrying out remainder operation on the integer and the length of the true random data sequence in the entropy pool to obtain the position number.
5. The method of claim 1, wherein the length of the true random number obtained by summing the string of the magnetic field data, the light sensor data, and the gyroscope data with the random number and performing an SM3 digest is equal to the second predetermined length.
6. A true random number acquisition system, the system comprising:
the device comprises a first acquisition module, a second acquisition module and a third acquisition module, wherein the first acquisition module is used for acquiring an entropy pool with a first preset length, and the entropy pool contains a true random data sequence generated by a cipher machine;
the second acquisition module is used for respectively acquiring terminal magnetic field data, light sensor data and gyroscope data and determining an integer according to the magnetic field data, the light sensor data and the gyroscope data;
a third obtaining module, configured to obtain a position number according to the length of the truly random data sequence in the entropy pool and the integer;
a fourth obtaining module, configured to obtain a random number with a second preset length in the entropy pool with the position number as a starting point, where the second preset length is smaller than the first preset length;
and the determining module is used for adding the random number with the character strings of the magnetic field data, the light ray sensor data and the gyroscope data to perform SM3 abstract operation once to obtain a true random number.
7. The true random number acquisition system of claim 6 wherein the first acquisition module comprises:
the first acquisition unit is used for initializing the entropy pool, circularly acquiring a random number through a server cipher machine of the background service and acquiring the entropy pool with a first preset length;
and the storage unit stores the entropy pool into a folder.
8. The true random number acquisition system of claim 6 wherein the second acquisition module comprises:
the data processing unit is used for respectively amplifying the terminal magnetic field data, the light sensor data and the gyroscope data by 10000 times;
and the second acquisition unit is used for performing addition operation on the amplified terminal magnetic field data, the amplified light sensor data and the amplified gyroscope data to obtain the integer.
9. A cryptographic engine, comprising:
a processor;
a memory for storing processor executable instructions;
the processor executes the true random number acquisition method of any one of claims 1-5 to acquire a true random number of a terminal.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010145986.7A CN111290734B (en) | 2020-03-05 | 2020-03-05 | True random number acquisition method, system and cipher machine |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010145986.7A CN111290734B (en) | 2020-03-05 | 2020-03-05 | True random number acquisition method, system and cipher machine |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111290734A true CN111290734A (en) | 2020-06-16 |
| CN111290734B CN111290734B (en) | 2023-09-08 |
Family
ID=71017130
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010145986.7A Active CN111290734B (en) | 2020-03-05 | 2020-03-05 | True random number acquisition method, system and cipher machine |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111290734B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112416299A (en) * | 2020-10-10 | 2021-02-26 | 石家庄科林电气股份有限公司 | Method for acquiring random number by utilizing null shift data |
| CN115174125A (en) * | 2022-09-07 | 2022-10-11 | 北京笔新互联网科技有限公司 | Method and device for acquiring trusted true random number in trusted execution environment |
| CN116560617A (en) * | 2023-07-12 | 2023-08-08 | 杭州星锐网讯科技有限公司 | Random number generation method, device and system |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20120134495A1 (en) * | 2010-11-29 | 2012-05-31 | Beijing Z & W Technology Consulting Co., Ltd. | Cloud Storage Data Access Method, Apparatus and System Based on OTP |
| US20150117636A1 (en) * | 2013-10-30 | 2015-04-30 | Apriva, Llc | System and method for performing a secure cryptographic operation on a mobile device |
| CN105447154A (en) * | 2015-11-30 | 2016-03-30 | 中国联合网络通信集团有限公司 | Entropy pool updating method and updating system |
| CN107943450A (en) * | 2017-11-17 | 2018-04-20 | 上海众人网络安全技术有限公司 | Random digit generation method, device, computer equipment and computer-readable medium |
| CN108306732A (en) * | 2018-04-20 | 2018-07-20 | 北京数字认证股份有限公司 | A kind of random digit generation method, relevant device and system |
| CN110321103A (en) * | 2019-06-27 | 2019-10-11 | 北京信息科技大学 | A kind of true random number generation method and equipment based on physical equipment |
| CN110399118A (en) * | 2019-07-15 | 2019-11-01 | 宇龙计算机通信科技(深圳)有限公司 | A kind of random digit generation method, device, storage medium and electronic equipment |
-
2020
- 2020-03-05 CN CN202010145986.7A patent/CN111290734B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20120134495A1 (en) * | 2010-11-29 | 2012-05-31 | Beijing Z & W Technology Consulting Co., Ltd. | Cloud Storage Data Access Method, Apparatus and System Based on OTP |
| US20150117636A1 (en) * | 2013-10-30 | 2015-04-30 | Apriva, Llc | System and method for performing a secure cryptographic operation on a mobile device |
| CN105447154A (en) * | 2015-11-30 | 2016-03-30 | 中国联合网络通信集团有限公司 | Entropy pool updating method and updating system |
| CN107943450A (en) * | 2017-11-17 | 2018-04-20 | 上海众人网络安全技术有限公司 | Random digit generation method, device, computer equipment and computer-readable medium |
| CN108306732A (en) * | 2018-04-20 | 2018-07-20 | 北京数字认证股份有限公司 | A kind of random digit generation method, relevant device and system |
| CN110321103A (en) * | 2019-06-27 | 2019-10-11 | 北京信息科技大学 | A kind of true random number generation method and equipment based on physical equipment |
| CN110399118A (en) * | 2019-07-15 | 2019-11-01 | 宇龙计算机通信科技(深圳)有限公司 | A kind of random digit generation method, device, storage medium and electronic equipment |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112416299A (en) * | 2020-10-10 | 2021-02-26 | 石家庄科林电气股份有限公司 | Method for acquiring random number by utilizing null shift data |
| CN115174125A (en) * | 2022-09-07 | 2022-10-11 | 北京笔新互联网科技有限公司 | Method and device for acquiring trusted true random number in trusted execution environment |
| CN116560617A (en) * | 2023-07-12 | 2023-08-08 | 杭州星锐网讯科技有限公司 | Random number generation method, device and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111290734B (en) | 2023-09-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111290734B (en) | True random number acquisition method, system and cipher machine | |
| US10581818B2 (en) | Differential client-side encryption of information originating from a client | |
| US20190036928A1 (en) | Data access and ownership management | |
| CN109891424B (en) | Establishing links between identifiers without revealing specific identifying information | |
| US8918632B1 (en) | Methods for analyzing application privacy and devices thereof | |
| US20180365633A1 (en) | Tracking objects using a trusted ledger | |
| US10061927B2 (en) | Storage medium having stored therein boot program, information processing apparatus, information processing system, information processing method, semiconductor apparatus, and storage medium having stored therein program | |
| US10263785B1 (en) | Cryptography method and system for securing data via electronic transmission | |
| US9563773B2 (en) | Systems and methods for securing BIOS variables | |
| US20190244198A1 (en) | Cryptography method and system for securing data via electronic transmission | |
| US20140156988A1 (en) | Medical emergency-response data management mechanism on wide-area distributed medical information network | |
| JP6934973B2 (en) | Methods and systems for transmitting data between sensor devices and electronic devices | |
| CN108694333B (en) | User information processing method and device | |
| US9979731B1 (en) | Single use identifier values for network accessible devices | |
| CN112434094A (en) | Database connection method and device based on encryption algorithm and computer equipment | |
| US10860707B2 (en) | Systems and methods for obfuscation of password key and dynamic key pool management | |
| US9053325B2 (en) | Decryption key management system | |
| US9232001B1 (en) | Client-server communication using a set identifier | |
| US9854436B2 (en) | Location and proximity beacon technology to enhance privacy and security | |
| JP6099489B2 (en) | Information processing apparatus, information processing method, and program | |
| CN102087683A (en) | Password management and verification method suitable for trusted platform module (TPM) | |
| US20230112806A1 (en) | Secure serverless computing framework | |
| CA3034028C (en) | Cryptography method and system for securing data via electronic transmission | |
| KR20230060194A (en) | Method and apparatus for managing lwe instance | |
| KR101728945B1 (en) | System and method for determining existence of relationship between users |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |