CN111290734B - True random number acquisition method, system and cipher machine - Google Patents
True random number acquisition method, system and cipher machine Download PDFInfo
- Publication number
- CN111290734B CN111290734B CN202010145986.7A CN202010145986A CN111290734B CN 111290734 B CN111290734 B CN 111290734B CN 202010145986 A CN202010145986 A CN 202010145986A CN 111290734 B CN111290734 B CN 111290734B
- Authority
- CN
- China
- Prior art keywords
- data
- random number
- true random
- entropy pool
- magnetic field
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F7/00—Methods or arrangements for processing data by operating upon the order or content of the data handled
- G06F7/58—Random or pseudo-random number generators
- G06F7/588—Random number generators, i.e. based on natural stochastic processes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/72—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Mathematical Physics (AREA)
- Computational Mathematics (AREA)
- Mathematical Analysis (AREA)
- Mathematical Optimization (AREA)
- Pure & Applied Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Arrangements For Transmission Of Measured Signals (AREA)
Abstract
The application discloses a true random number acquisition method, a system and a cipher machine, which are used for acquiring an entropy pool with a first preset length, determining an integer according to magnetic field data, light sensor data and gyroscope data, and acquiring a position number according to the length of a true random data sequence in the entropy pool and the integer; and obtaining a random number with a second preset length in the entropy pool by taking the position number as a starting point, adding the random number with the character strings of the magnetic field data, the light sensor data and the gyroscope data, and performing SM3 abstract operation once to obtain a true random number. The entropy value in the entropy pool is obtained through a background server cipher machine, the quality of the entropy value is guaranteed, and the random number required by the client is randomly obtained from the entropy pool, because the magnetic field data, the light sensor data and the gyroscope data of the terminal are changed along with the environment. And carrying out SM3 digest operation on the random number, the magnetic field data, the light sensor data and the gyroscope data to determine a true random number. The unpredictability and irregularity of the true random numbers ensure the safety of the information system.
Description
Technical Field
The application relates to the technical field of information security, in particular to a true random number acquisition method, a true random number acquisition system and a cipher machine.
Background
The information security is a multi-layer, multi-factor and comprehensive dynamic process, the information security requirement comprehensively thinks and uniformly plans the information system and the organization system, the information security needs to pay attention to the change of the internal and external environments of the monitoring system, and the security defect on a certain link of the information security is likely to threaten the whole system organization. Therefore, the information security is used as a multi-layer, multi-factor and comprehensive dynamic process, and is a continuous development process which needs a system to ensure the information security.
Information security, which we commonly refer to in the traditional art, is generally logical security, including information integrity, confidentiality, availability, and the like. In the field of information security, random numbers are widely used. The role of high-quality random numbers in information security systems is important, and if the randomness of the random numbers is not safe enough, the whole system is most likely to be broken by an attacker.
Random sequences in information security systems are required to have a sufficient length and period, and as high an entropy value as possible, i.e. to have a high degree of randomness and unpredictability. However, the random function in the programming language can only generate pseudo-random numbers, which are generated by simulation according to a certain algorithm, and the result is deterministic and visible. This predictable result can be considered to have a probability of 100% of its occurrence. The pseudo-random number is not random and has its own random law, so that there is a certain security risk for the use of the pseudo-random number for information security.
Disclosure of Invention
In order to solve the technical problems, the application provides the following technical scheme:
in a first aspect, an embodiment of the present application provides a true random number acquisition method, where the method includes: acquiring an entropy pool with a first preset length, wherein the entropy pool contains a true random data sequence generated by a terminal; respectively acquiring terminal magnetic field data, light sensor data and gyroscope data, and determining an integer according to the magnetic field data, the light sensor data and the gyroscope data; obtaining a position number according to the length of the true random data sequence in the entropy pool and the integer; acquiring a random number with a second preset length in the entropy pool by taking the position number as a starting point, wherein the second preset length is smaller than the first preset length; and adding the random number with the character strings of the magnetic field data, the light sensor data and the gyroscope data to perform SM3 abstract operation once to obtain a true random number.
By adopting the implementation mode, the entropy value in the entropy pool is obtained through the background server cipher machine, the quality of the entropy value is guaranteed, and the random number required by the client is randomly obtained from the entropy pool, because the magnetic field data, the light sensor data and the gyroscope data of the terminal are changed along with the environment. This makes it possible to obtain a random number at the time of taking, and a true random number is obtained. And carrying out SM3 digest operation on the random number, the magnetic field data, the light sensor data and the gyroscope data, wherein an operation result is used as a true random number. The obtained true random number is unpredictable and irregular, and the safety of the information system is ensured.
With reference to the first aspect, in a first possible implementation manner of the first aspect, the obtaining an entropy pool of a first preset length includes: initializing an entropy pool, circularly taking random numbers through a server cipher machine of background service, and obtaining an entropy pool with a first preset length; the entropy pool is stored in a folder.
With reference to the first aspect, in a second possible implementation manner of the first aspect, the acquiring terminal magnetic field data, optical line sensor data, and gyroscope data, determining an integer according to the magnetic field data, the optical line sensor data, and the gyroscope data includes: amplifying the terminal magnetic field data, the light sensor data and the gyroscope data by 10000 times respectively; and adding the amplified terminal magnetic field data, the amplified light sensor data and the amplified gyroscope data to obtain the integer.
With reference to the second possible implementation manner of the first aspect, in a third possible implementation manner of the first aspect, the obtaining a position number according to the length of the true random data sequence in the entropy pool and the integer includes: and performing remainder operation on the integer and the length of the true random data sequence in the entropy pool to obtain the position number.
With reference to the first aspect, in a fourth possible implementation manner of the first aspect, the length of the true random number obtained after performing SM3 digest operation by adding the random number to the character strings of the magnetic field data, the light sensor data, and the gyroscope data is equal to the second preset length.
Second, an embodiment of the present application provides a true random number acquisition system, including: the first acquisition module is used for acquiring an entropy pool with a first preset length, wherein the entropy pool contains a true random data sequence generated by a terminal; the second acquisition module is used for respectively acquiring terminal magnetic field data, light sensor data and gyroscope data and determining an integer according to the magnetic field data, the light sensor data and the gyroscope data; the third acquisition module is used for acquiring a position number according to the length of the true random data sequence in the entropy pool and the integer; a fourth obtaining module, configured to obtain a random number with a second preset length in the entropy pool with the position number as a starting point, where the second preset length is smaller than the first preset length; and the determining module is used for adding the random number with the character strings of the magnetic field data, the light sensor data and the gyroscope data to perform SM3 abstract operation once to obtain a true random number.
With reference to the second aspect, in a first possible implementation manner of the second aspect, the first obtaining module includes: the first acquisition unit is used for initializing the entropy pool, circularly taking random numbers through a server cipher machine of the background service, and acquiring the entropy pool with a first preset length; and the storage unit is used for storing the entropy pool into a folder.
With reference to the second aspect, in a second possible implementation manner of the second aspect, the second obtaining module includes: the data processing unit is used for amplifying the terminal magnetic field data, the light sensor data and the gyroscope data by 10000 times respectively; and the second acquisition unit is used for carrying out addition operation on the amplified terminal magnetic field data, the light sensor data and the gyroscope data to obtain the integer.
In a third aspect, an embodiment of the present application provides a terminal, including: a processor; a memory for storing instructions executable by the processor; the processor executes the true random number acquisition method in the first aspect or the first aspect to acquire the true random number of the terminal.
Drawings
Fig. 1 is a schematic flow chart of a true random number acquisition method according to an embodiment of the present application;
FIG. 2 is a schematic diagram of a true random number acquisition system according to an embodiment of the present application;
fig. 3 is a schematic diagram of a cryptographic engine according to an embodiment of the present application.
Detailed Description
The present application is described below with reference to the drawings and the detailed description.
Fig. 1 is a flow chart of a true random number acquisition method provided by an embodiment of the present application, referring to fig. 1, the true random number acquisition method of the present embodiment includes:
s101, obtaining an entropy pool with a first preset length, wherein the entropy pool contains a true random data sequence generated by a cipher machine.
Random numbers have important applications in many fields, such as Monte Carlo simulation, cryptography, and network security. The quality of the random number is directly related to the reliability and the safety of the network security system, and the credibility of Monte Carlo simulation results. Since the advent of computers, research seeking to generate high quality random number sequences with computers has long been a subject of concern. The Linux kernel implements a high-strength random number generator starting from version 1.3.30, the design and implementation of which is analyzed in detail herein based on the source code of the Linux 2.6.10 kernel.
The Linux kernel uses entropy to describe the randomness of data. Entropy (entropy) is a physical quantity that describes the degree of disorder of a system, and the greater the entropy of a system, the worse the ordering of the system, i.e., the greater the uncertainty. In informatics, entropy is used to characterize a symbol or uncertainty of a system, with greater entropy indicating a system with less useful information and greater uncertainty.
Computers themselves are predictable systems, and therefore, it is not possible to generate truly random numbers with computer algorithms. However, the environment of the machine is full of various noises, such as the time when the hardware device is interrupted, the time interval when the user clicks the mouse, and the like are completely random and cannot be predicted in advance. It is these random noises in the system that are exploited by the Linux kernel implemented random number generator to generate high quality random number sequences.
The kernel maintains an entropy pool for collecting environmental noise from device drivers and other sources. Theoretically, the data in the entropy pool is completely random, and generation of a truly random number sequence can be achieved. To track the randomness of the data in the entropy pool, the kernel will estimate the randomness of the data as it is added to the pool, a process known as entropy estimation. The entropy estimate describes the number of random digits contained in the pool, with larger values indicating better randomness of the data in the pool.
In the embodiment of the application, an entropy pool is initialized, a random number is circularly fetched through a server password machine of a background service, the entropy pool with a first preset length is obtained, and the entropy pool is stored in a folder. The first preset length is set to 32M in this embodiment.
S102, respectively acquiring terminal magnetic field data, light sensor data and gyroscope data, and determining an integer according to the magnetic field data, the light sensor data and the gyroscope data.
Specifically, the terminal magnetic field data, the optical sensor data, and the gyroscope data are amplified 10000 times, respectively. And adding the amplified terminal magnetic field data, the amplified light sensor data and the amplified gyroscope data to obtain the integer.
In an exemplary embodiment, the magnetic field data is 0.1234, the light sensor data is 0.4532, the gyroscope data axis is 0.7749, the remainders are 1234, 4352 and 7749 after being respectively amplified 10000 times, and the three data are added to obtain an integer 13335.
S103, obtaining a position number according to the length of the true random data sequence in the entropy pool and the integer.
And performing remainder operation on the integer and the length of the true random data sequence in the entropy pool to obtain the position number. Taking S102 as an example, if the obtained integer bit 13335, the bits 13335 and 131072 are subjected to the remainder operation, so as to obtain the position number 13335.
S104, acquiring a random number with a second preset length in the entropy pool by taking the position number as a starting point, wherein the second preset length is smaller than the first preset length.
Also taking S103 as an example, after determining the position number 13335, 256 bytes are acquired as a random number from the entropy pool starting from the position 13335.
S105, adding the random number with the character strings of the magnetic field data, the light sensor data and the gyroscope data to perform SM3 abstract operation once to obtain a true random number.
And adding the random number to the character strings of the magnetic field data, the light sensor data and the gyroscope data to obtain a true random number with the length equal to the second preset length after SM3 abstract operation, wherein the length of the true random number is 32-bit true random number obtained in the embodiment.
SM3 is a cryptographic hash function standard, a cryptographic hash function (English: cryptographic hash function), and is also translated into a cryptographic hash function, a cryptographic hash function and a cryptographic hash function, which are one type of hash function. It is considered a one-way function, that is to say, it is extremely difficult to output the result by the hash function, pushing back what the input data is. Such one-way functions are known as "modern cryptography's pack horses". The input data of such a hash function is often referred to as a message (message), and its output is often referred to as a message digest or digest.
In one exemplary embodiment, the data length is 128:
76,3A,FC,53,7F,78,76,C2,D0,B5,9F,DB,68,D7,62,E9;
0C,EF,D2,22,BB,35,8D,0D,69,31,86,7C,E2,65,38,64;
9B,E3,57,9A,40,04,48,3E,A5,D8,4D,00,50,63,F7,6F;
B1,CE,7E,5F,2F,93,3B,5E,D7,57,A7,18,18,2F,38,3C;
4D,58,29,1A,6A,5D,8D,07,C0,81,F6,68,06,03,15,39;
09,33,62,D8,54,88,3A,88,74,F7,B9,19,92,5D,AB,C7;
4C,17,3E,21,62,F0,7E,67,80,E3,11,FF,0A,EF,05,9A;
E6,20,30,3D,EC,B6,28,9E,97,F7,2C,01,87,23,C4,71;
(763AFC537F7876C2D0B59FDB68D762E90CEFD222BB358D0D6931867CE26538649BE3579A4004483EA5D84D005063F76FB1CE7E5F2F933B5ED757A718182F383C4D58291A6A5D8D07C081F66806031539093362D854883A8874F7B919925DABC74C173E2162F07E6780E311FF0AEF059AE620303DECB6289E97F72C018723C471)
SM3 digest operation 256 bits:
d3,2b,9d,79,3b,49,66,e1,8c,35,18,92,e6,52,77,75,6e,f0,cc,9d,28,db,95,4c,95,9f,bb,85,e3,94,84,42。
SM3 digest operation 192 bits:
86,92,37,05,13,92,F3,AD,19,AA,A3,17,05,C6,F3,37A4,EE,8D,DE,73,CD,CC,F0。
SM3 digest operation 160 bits:
86,92,37,05,9F,A7,EB,3F,19,AA,A3,17,05,C6,F3,37,73,CD,CC,F0。
according to the embodiment, in the true random number acquisition method provided by the embodiment, the entropy value in the entropy pool is obtained through the background server cipher machine, the quality of the entropy value is guaranteed, and the random number required by the client is randomly acquired from the entropy pool, because the magnetic field data, the light sensor data and the gyroscope data of the terminal are changed along with the environment. This makes it possible to obtain a random number at the time of taking, and a true random number is obtained. And carrying out SM3 digest operation on the random number, the magnetic field data, the light sensor data and the gyroscope data, wherein an operation result is used as a true random number. The obtained true random number is unpredictable and irregular, and the safety of the information system is ensured.
Corresponding to the method for obtaining a true random number provided in the above embodiment, the present application further provides an embodiment of a true random number obtaining system, referring to fig. 1, the true random number obtaining system 20 includes: a first acquisition module 201, a second acquisition module 202, a third acquisition module 203, a fourth acquisition module 204, and a determination module 205.
A first obtaining module 201, configured to obtain an entropy pool with a first preset length, where the entropy pool includes a true random data sequence generated by a cryptographic engine. The second acquisition module 202 is configured to acquire terminal magnetic field data, optical line sensor data, and gyroscope data, and determine an integer according to the magnetic field data, the optical line sensor data, and the gyroscope data. And a third obtaining module 203, configured to obtain a position number according to the length of the true random data sequence in the entropy pool and the integer. A fourth obtaining module 204, configured to obtain a random number with a second preset length in the entropy pool with the location number as a starting point, where the second preset length is smaller than the first preset length. The determining module 205 is configured to add the random number to the character strings of the magnetic field data, the light sensor data, and the gyroscope data, and perform an SM3 digest operation to obtain a true random number.
Further, the first obtaining module 201 includes: a first acquisition unit and a storage unit. The first acquisition unit is used for initializing the entropy pool, circularly taking random numbers through a server cipher machine of the background service, and acquiring the entropy pool with a first preset length. And the storage unit is used for storing the entropy pool into a folder.
The second obtaining module 202 includes: a data processing unit and a second acquisition unit. The data processing unit is used for amplifying the terminal magnetic field data, the light sensor data and the gyroscope data by 10000 times respectively; and the second acquisition unit is used for carrying out addition operation on the amplified terminal magnetic field data, the light sensor data and the gyroscope data to obtain the integer.
Specifically, the third obtaining module 203 performs a remainder operation on the integer and the length of the true random data sequence in the entropy pool to obtain the position number.
The determining module 205 adds the random number to the character strings of the magnetic field data, the light sensor data and the gyroscope data to obtain a true random number with a length equal to the first preset length after SM3 digest operation.
The embodiment of the present application also provides a cryptographic engine, referring to fig. 3, the cryptographic engine 30 includes: a processor 301, a memory 302 and a communication interface 303.
In fig. 3, a processor 301, a memory 302, and a communication interface 303 may be connected to each other through a bus; the buses may be divided into address buses, data buses, control buses, etc. For ease of illustration, only one thick line is shown in fig. 3, but not only one bus or one type of bus.
The processor 301 generally controls the overall functions of the crypto-engine 30, such as starting the crypto-engine 30, and obtaining entropy pool, terminal magnetic field data, light sensor data and gyroscope data of a first predetermined length after the crypto-engine is started, and determining an integer according to the magnetic field data, the light sensor data and the gyroscope data; obtaining a position number according to the length of the true random data sequence in the entropy pool and the integer; and taking the position number as a starting point to acquire a random number with a second preset length in the entropy pool, adding the random number with the character strings of the magnetic field data, the light sensor data and the gyroscope data, and performing SM3 abstract operation once to acquire a true random number.
The processor 301 may be a general purpose processor such as a central processing unit (English: central processing unit, abbreviation: CPU), a network processor (English: network processor, abbreviation: NP) or a combination of CPU and NP. The processor may also be a Microprocessor (MCU). The processor may also include a hardware chip. The hardware chip may be an Application Specific Integrated Circuit (ASIC), a Programmable Logic Device (PLD), or a combination thereof. The PLD may be a Complex Programmable Logic Device (CPLD), a Field Programmable Gate Array (FPGA), or the like.
Memory 302 is configured to store computer-executable instructions to support the manipulation of data by crypto-engine 30. The memory 301 may be implemented by any type or combination of volatile or nonvolatile memory devices such as Static Random Access Memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic memory, flash memory, magnetic or optical disk.
After the cryptographic engine 30 is started, the processor 301 and the memory 302 are powered up, and the processor 301 reads and executes computer-executable instructions stored in the memory 302 to perform all or part of the steps of the embodiment of the true random number acquisition method described above.
The communication interface 303 is used for the cryptographic engine 30 to transmit data, for example, to enable communication with a client and a server, etc. The communication interface 303 includes a wired communication interface and may also include a wireless communication interface. The wired communication interface comprises a USB interface, a Micro USB interface and an Ethernet interface. The wireless communication interface may be a WLAN interface, a cellular network communication interface, a combination thereof, or the like.
In one illustrative embodiment, the cryptographic engine 30 provided by embodiments of the present application also includes a power supply assembly that provides power to the various components of the cryptographic engine 30. The power components may include a power management system, one or more power sources, and other components associated with generating, managing, and distributing power for crypto-engine 30.
A communication component configured to facilitate wired or wireless communication between the crypto engine 30 and other devices. The crypto-engine 30 may access a wireless network based on a communication standard, such as WiFi,2G or 3G, or a combination thereof. The communication component receives a broadcast signal or broadcast-related information from an external broadcast management system via a broadcast channel. The communication component further includes a Near Field Communication (NFC) module to facilitate short range communications. For example, the NFC module may be implemented based on Radio Frequency Identification (RFID) technology, infrared data association (IrDA) technology, ultra Wideband (UWB) technology, bluetooth (BT) technology, and other technologies.
In one illustrative embodiment, crypto-engine 30 may be implemented by one or more Application Specific Integrated Circuits (ASICs), digital Signal Processors (DSPs), digital Signal Processing Devices (DSPDs), programmable Logic Devices (PLDs), field Programmable Gate Arrays (FPGAs), or other electronic components.
It should be noted that in this document, relational terms such as "first" and "second" and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
Of course, the above description is not limited to the above examples, and the technical features of the present application that are not described may be implemented by or by using the prior art, which is not described herein again; the above examples and drawings are only for illustrating the technical aspects of the present application and are not intended to limit the present application, but the present application has been described in detail with reference to the preferred embodiments only, and it should be understood by those skilled in the art that the changes, modifications, additions or substitutions made by those skilled in the art without departing from the spirit of the present application and the scope of the claims of the present application.
Claims (6)
1. A true random number acquisition method, the method comprising:
obtaining an entropy pool with a first preset length, wherein the entropy pool contains a true random data sequence generated by a cipher machine;
acquiring terminal magnetic field data, light sensor data and gyroscope data respectively, and determining an integer according to the magnetic field data, the light sensor data and the gyroscope data, wherein the method comprises the following steps:
amplifying the terminal magnetic field data, the light sensor data and the gyroscope data by 10000 times respectively;
adding the amplified terminal magnetic field data, the amplified light sensor data and the amplified gyroscope data to obtain the integer;
obtaining a position number according to the length of the true random data sequence in the entropy pool and the integer, wherein the position number comprises: performing remainder operation on the integer and the length of the true random data sequence in the entropy pool to obtain the position number;
acquiring a random number with a second preset length in the entropy pool by taking the position number as a starting point, wherein the second preset length is smaller than the first preset length;
and adding the random number with the character strings of the magnetic field data, the light sensor data and the gyroscope data to perform SM3 abstract operation once to obtain a true random number.
2. The true random number acquisition method of claim 1, wherein the acquiring the entropy pool of the first preset length comprises:
initializing an entropy pool, circularly taking random numbers through a server cipher machine of background service, and obtaining an entropy pool with a first preset length;
the entropy pool is stored in a folder.
3. The true random number acquisition method according to claim 1, wherein the length of the true random number obtained by adding the random number to the character string of the magnetic field data, the light sensor data, and the gyro data and performing SM3 digest operation is equal to the second preset length.
4. A true random number acquisition system, the system comprising:
the first acquisition module is used for acquiring an entropy pool with a first preset length, wherein the entropy pool contains a true random data sequence generated by a cipher machine;
the second acquisition module is used for respectively acquiring terminal magnetic field data, light sensor data and gyroscope data and determining an integer according to the magnetic field data, the light sensor data and the gyroscope data;
the second acquisition module includes:
the data processing unit is used for amplifying the terminal magnetic field data, the light sensor data and the gyroscope data by 10000 times respectively;
the second acquisition unit is used for adding the amplified terminal magnetic field data, the light sensor data and the gyroscope data to obtain the integer;
the third obtaining module is configured to obtain a position number according to the length of the true random data sequence in the entropy pool and the integer, and includes: performing remainder operation on the integer and the length of the true random data sequence in the entropy pool to obtain the position number;
a fourth obtaining module, configured to obtain a random number with a second preset length in the entropy pool with the position number as a starting point, where the second preset length is smaller than the first preset length;
and the determining module is used for adding the random number with the character strings of the magnetic field data, the light sensor data and the gyroscope data to perform SM3 abstract operation once to obtain a true random number.
5. The true random number acquisition system of claim 4, wherein the first acquisition module comprises:
the first acquisition unit is used for initializing the entropy pool, circularly taking random numbers through a server cipher machine of the background service, and acquiring the entropy pool with a first preset length;
and the storage unit is used for storing the entropy pool into a folder.
6. A cryptographic engine, comprising:
a processor;
a memory for storing instructions executable by the processor;
the processor executes the true random number acquisition method according to any one of claims 1 to 3 to acquire the true random number of the terminal.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010145986.7A CN111290734B (en) | 2020-03-05 | 2020-03-05 | True random number acquisition method, system and cipher machine |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010145986.7A CN111290734B (en) | 2020-03-05 | 2020-03-05 | True random number acquisition method, system and cipher machine |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111290734A CN111290734A (en) | 2020-06-16 |
| CN111290734B true CN111290734B (en) | 2023-09-08 |
Family
ID=71017130
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010145986.7A Active CN111290734B (en) | 2020-03-05 | 2020-03-05 | True random number acquisition method, system and cipher machine |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111290734B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112416299B (en) * | 2020-10-10 | 2022-06-10 | 石家庄科林电气股份有限公司 | Method for acquiring random number by utilizing null shift data |
| CN115174125A (en) * | 2022-09-07 | 2022-10-11 | 北京笔新互联网科技有限公司 | Method and device for acquiring trusted true random number in trusted execution environment |
| CN116560617A (en) * | 2023-07-12 | 2023-08-08 | 杭州星锐网讯科技有限公司 | Random number generation method, device and system |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105447154A (en) * | 2015-11-30 | 2016-03-30 | 中国联合网络通信集团有限公司 | Entropy pool updating method and updating system |
| CN107943450A (en) * | 2017-11-17 | 2018-04-20 | 上海众人网络安全技术有限公司 | Random digit generation method, device, computer equipment and computer-readable medium |
| CN108306732A (en) * | 2018-04-20 | 2018-07-20 | 北京数字认证股份有限公司 | A kind of random digit generation method, relevant device and system |
| CN110321103A (en) * | 2019-06-27 | 2019-10-11 | 北京信息科技大学 | A kind of true random number generation method and equipment based on physical equipment |
| CN110399118A (en) * | 2019-07-15 | 2019-11-01 | 宇龙计算机通信科技(深圳)有限公司 | A kind of random digit generation method, device, storage medium and electronic equipment |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8401186B2 (en) * | 2010-11-29 | 2013-03-19 | Beijing Z&W Technology Consulting Co., Ltd. | Cloud storage data access method, apparatus and system based on OTP |
| US20150117636A1 (en) * | 2013-10-30 | 2015-04-30 | Apriva, Llc | System and method for performing a secure cryptographic operation on a mobile device |
-
2020
- 2020-03-05 CN CN202010145986.7A patent/CN111290734B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105447154A (en) * | 2015-11-30 | 2016-03-30 | 中国联合网络通信集团有限公司 | Entropy pool updating method and updating system |
| CN107943450A (en) * | 2017-11-17 | 2018-04-20 | 上海众人网络安全技术有限公司 | Random digit generation method, device, computer equipment and computer-readable medium |
| CN108306732A (en) * | 2018-04-20 | 2018-07-20 | 北京数字认证股份有限公司 | A kind of random digit generation method, relevant device and system |
| CN110321103A (en) * | 2019-06-27 | 2019-10-11 | 北京信息科技大学 | A kind of true random number generation method and equipment based on physical equipment |
| CN110399118A (en) * | 2019-07-15 | 2019-11-01 | 宇龙计算机通信科技(深圳)有限公司 | A kind of random digit generation method, device, storage medium and electronic equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111290734A (en) | 2020-06-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111290734B (en) | True random number acquisition method, system and cipher machine | |
| US10735428B2 (en) | Data access and ownership management | |
| US8565422B2 (en) | Method and system for enryption key versioning and key rotation in a multi-tenant environment | |
| US9672347B2 (en) | Integrity for security audit logs | |
| US8793509B1 (en) | Web authorization with reduced user interaction | |
| US20210273813A1 (en) | Software release verification | |
| WO2015099661A1 (en) | Techniques and architecture for anonymizing user data | |
| US10419377B2 (en) | Method and system for categorizing instant messages | |
| CN112434336A (en) | Block chain-based electronic medical record sharing method, device and system and storage medium | |
| US20130246465A1 (en) | System, method, and computer program product for conditionally allowing access to data on a device based on a location of the device | |
| TW201337619A (en) | Systems and methods for using cipher objects to protect data | |
| US9563773B2 (en) | Systems and methods for securing BIOS variables | |
| CN112001376B (en) | Fingerprint identification method, device, equipment and storage medium based on open source component | |
| WO2022100892A1 (en) | Distributed ledger system | |
| US9971735B2 (en) | Information retrieval using sparse matrix sketching | |
| US20230195690A1 (en) | Data archive release in context of data object | |
| US11409847B2 (en) | Source-based authentication for a license of a license data structure | |
| CN112434094B (en) | Database connection method and device based on encryption algorithm and computer equipment | |
| US8924733B2 (en) | Enabling access to removable hard disk drives | |
| US20180260536A1 (en) | License data structure including license aggregation | |
| Overill et al. | A complexity based model for quantifying forensic evidential probabilities | |
| US9232001B1 (en) | Client-server communication using a set identifier | |
| US20190362051A1 (en) | Managing access to a media file | |
| US10860707B2 (en) | Systems and methods for obfuscation of password key and dynamic key pool management | |
| JP2017033305A (en) | Information processing system and information processing method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |