CN113556226A - Mobile terminal secret key safe storage method - Google Patents

Abstract

The invention discloses a mobile terminal key safe storage method which is specifically realized by a cloud server, a key acquisition unit and a mobile terminal in a storage system, and the specific mode is that the cloud server is used for storing a fixed key acquired by the key acquisition unit, the fixed key is specifically stored in a storage preprocessing mode, and a storage and dispersion comparison table is obtained; the fixed keys are scattered, so that the condition that other personnel invade the cloud server to steal information is avoided, and corresponding rules cannot be mastered to obtain the corresponding fixed keys even after invasion; then, the mobile terminal is used for obtaining an orientation value after marking the request signal, then equipment admission processing is carried out on the orientation value to obtain an authentication ID, and the authentication ID and the initiation time are fused to form request information; and finally, the mobile terminal is used for transmitting the request information to the cloud server for authentication and extracting the fixed key according to the authentication result.

Description

Mobile terminal secret key safe storage method

Technical Field

The invention belongs to the field and relates to the technology, in particular to a mobile terminal secret key safe storage method.

Background

In recent years, with the development of mobile internet, a large amount of important data such as personal information and privacy data are collected on a mobile terminal, and once the data is leaked in the network transmission process, serious consequences are brought to users, so that the problem of information security is increasingly prominent. Therefore, it is necessary to encrypt the data transmitted by the network to ensure the security of data transmission, and therefore, key storage is a key to ensure data security. In general, a fixed key written in source code is easily obtained by means of decompilation and the like; the random key generated by the specific algorithm can also be obtained by means of decompilation, man-in-the-middle attack and the like, so that the safety is difficult to guarantee.

Therefore, the problem that the security of key storage in the traditional encryption technology is low in the internet environment needs to be solved, and the scheme for securely storing the key at the mobile terminal is provided for the purpose. The method stores the mobile terminal user key in the remote server, and solves the unsafe problem that the data is stored in the local. When the mobile terminal needs to use the secret key, a data request of asymmetric encryption (preventing man-in-the-middle attack) is sent to the server, a machine-one secret key matched with the mobile terminal is taken from the server, then the secret key negotiation is carried out with a communication party, in the negotiation process, in order to prevent man-in-the-middle attack, the transmitted data is also asymmetric encryption data, the session secret key after negotiation is only effective in the data transmission process, the life cycle of the session secret key in the memory is reduced, white box attack is prevented, and therefore data transmission safety is guaranteed.

To achieve this, a solution is first provided.

Disclosure of Invention

The invention aims to provide a method for safely storing a mobile terminal secret key.

The purpose of the invention can be realized by the following technical scheme:

a mobile terminal key safety storage method is realized by a storage system; the specific storage system comprises a cloud server, a key acquisition unit and a mobile terminal;

the cloud server is used for storing the fixed key acquired by the key acquisition unit, particularly completing the storage of the fixed key in a storage preprocessing mode, and obtaining a storage and dispersion comparison table;

the mobile terminal is used for obtaining the orientation value after marking the request signal, then carrying out equipment admission processing on the orientation value to obtain an authentication ID, and fusing the authentication ID and the initiation time to form request information;

and the mobile terminal is used for transmitting the request information to the cloud server for authentication and extracting the fixed key according to the authentication result.

Further, the cloud server comprises a storage module and a self-organizing unit;

the memory module comprises X1 memory cells, X1 is a preset numerical value, and specifically X1 is fifteen;

the key acquisition unit is used for acquiring a fixed key corresponding to the mobile terminal and transmitting the fixed key to a self-organizing unit in the cloud server, and the self-organizing unit receives the fixed key transmitted by the key acquisition unit and performs storage pretreatment on the fixed key to obtain a storage and dispersion comparison table; and completes the storage of the fixed key.

Further, the value of X1 must be equal to or greater than ten.

Further, the specific steps of the storage preprocessing are as follows:

the method comprises the following steps: acquiring a corresponding fixed key;

step two: meanwhile, a timestamp for acquiring the fixed key is intercepted, and the timestamp is acquired in a month-day time division mode to obtain a time-digital group Ci, i is 1.. 8; wherein Ci represents the ith number which is arranged together in sequence after the dimension of the timestamp is removed;

step three: then acquiring the length of the fixed key, wherein the length value is represented by Cd;

step four: the time digital group is subjected to normalization processing, specifically, a normalization value G is calculated by means of a formula, and the calculation formula of the normalization value G is as follows:

in the formula, QG { } represents taking a numerical value in one bit for data in parentheses;

step five: dividing the length Cd of the fixed key by G to obtain a numerical value marked as a segmented value and a remainder; obtaining G segments according to the segment values and the remainders;

dividing the fixed key into G segments, and correspondingly marking the segments as Pj, j 1.. G;

step six: then acquiring X1 storage units in the storage module, sequentially marking the storage units, and sequentially marking the storage units as Di, i being 1.. X1; di is represented as the memory cell labeled i;

step seven: carrying out dislocation storage on the segments Pj;

step eight: obtaining a storage and dispersion comparison table; and completes the storage of the fixed key.

Further, the specific way of the misplaced storage in the step seven is as follows:

and obtaining G, and storing by adopting a staggered one-in-one mode when the G is an odd number, specifically:

acquiring a first segment P1, and making i equal to G, namely acquiring a storage unit DG; storing the first segment P1 therein starting from the G-th storage unit; then, the remaining segments P2-PG are sequentially stored into the subsequent storage units of DG, that is, the assignment of i ═ G here is performed in a gradually increasing manner, and if the assignment is performed after the first bit and is not stored, the last bit is performed; after the storage position of each segment corresponds to the sequence of the segments from front to back, a storage and dispersion comparison table is formed;

when G is not an odd number, the storage is carried out by adopting a staggered two-storage mode, which specifically comprises the following steps:

acquiring a first segment P1, and making i equal to G, namely acquiring a storage unit DG; storing the first segment P1 therein starting from the G-th storage unit; then, the remaining segments P2-PG are sequentially stored into the storage unit where DG is located before, that is, the assignment of i ═ G here is performed in a gradually decreasing manner, and if the assignment is performed to the first bit and is not stored, the last bit is continued; and (4) corresponding the storage position of each segment with the sequence of the segments from front to back to form a storage and dispersion comparison table.

Further, the specific way of obtaining G segments according to the segment value and the remainder in step five is as follows:

when the remainder is zero, automatically taking the length of the segment value of the fixed key as a segment, dividing the fixed key into G segments, and taking the length of each segment as a corresponding segment value;

if the remainder is not zero, dividing the length of the last segment into the length of the last segment value and the remainder;

g segments were obtained.

Furthermore, the mobile terminal comprises an interaction unit, a request analysis unit, a data request unit and a random marking unit;

when a user needs to extract a fixed key, a request signal is initiated through a data request unit and transmitted to a random marking unit, marking processing is automatically carried out after the random marking unit receives the request signal transmitted by the data request unit, and the marking processing step only exists in equipment designated by an administrator; obtaining an orientation value;

the random marking unit is used for returning the orientation value to the data request unit, the data request unit receives the orientation value transmitted by the random marking unit and then transmits the orientation value to the request analysis unit, the request analysis unit receives the orientation value transmitted by the data request unit and performs equipment admission processing, and the equipment admission processing step only specifies that equipment exists in an administrator; the equipment admits the specific steps of the treatment as follows:

s01: acquiring a fixed ID of mobile terminal equipment;

s02: then acquiring a corresponding orientation value;

s03: selecting from the first orientation value, acquiring the corresponding character of the first orientation value, and marking the character as a hit character;

s04: then, the hit character is arranged at the first position of the fixed ID to form a new authentication ID;

s05: fusing the authentication ID and the initiation time to form request information;

the request information is transmitted to a self-editing unit in the cloud server through an interaction unit, and the self-editing unit can automatically acquire an ID address of the request information after receiving the request information transmitted by the interaction unit; the self-editing unit is used for identity authentication, and the identity authentication mode is as follows:

SS 1: after acquiring corresponding request information;

SS 2: automatically calling an analysis rule in the self-organizing unit, wherein the analysis rule is a marking processing and equipment admission processing process of the mobile terminal and is used for combining the ID addresses into contact IDs according to the initiating time;

SS 3: when the contact ID is consistent with the authentication ID, the identity authentication is automatically passed, otherwise, no processing is performed, and an identity authentication failure signal is returned;

SS 4: after the identity authentication is passed, the fixed key is automatically extracted according to the storage and dispersion comparison table;

SS 5: obtaining a fixed key;

the self-editing unit is used for returning the fixed key to the mobile terminal.

Further, the marking process comprises the following specific steps:

s1: acquiring a timestamp initiated by a request signal, and marking the timestamp as initiation time;

s2: adding the numerical values of the time and the time division positions of the time stamp, and taking the numerical value on the unit position;

s3: the retrieved value is marked as the orientation value.

The invention has the beneficial effects that:

the method is specifically realized by a cloud server, a key acquisition unit and a mobile terminal in a storage system, and is specifically realized in a way that the cloud server is used for storing the fixed key acquired by the key acquisition unit, and the fixed key is stored in a storage preprocessing way to obtain a storage and dispersion comparison table; the fixed keys are scattered, so that the condition that other personnel invade the cloud server to steal information is avoided, and corresponding rules cannot be mastered to obtain the corresponding fixed keys even after invasion;

then, the mobile terminal is used for obtaining an orientation value after marking the request signal, then equipment admission processing is carried out on the orientation value to obtain an authentication ID, and the authentication ID and the initiation time are fused to form request information; and finally, the mobile terminal is used for transmitting the request information to the cloud server for authentication and extracting the fixed key according to the authentication result. The corresponding steps are placed on the appointed equipment, and the cloud server carries out two-phase verification, so that the equipment correctness is confirmed, the related information is prevented from being embezzled on other equipment, the fixed key can be extracted only by the appointed equipment, and the situations that the ID address is changed and the personal account is embezzled are avoided.

Drawings

In order to facilitate understanding for those skilled in the art, the present invention will be further described with reference to the accompanying drawings.

FIG. 1 is a block diagram of the system of the present invention.

Detailed Description

As shown in fig. 1, a method for securely storing a mobile-side key is implemented by a storage system; the specific storage system comprises a cloud server, a key acquisition unit and a mobile terminal;

the cloud server comprises a storage module and a self-editing unit; the mobile terminal comprises an interaction unit, a request analysis unit, a data request unit and a random marking unit;

the memory module comprises X1 memory cells, X1 is a preset numerical value, specifically, X1 can be fifteen, and the value of X1 is more than or equal to ten;

the key acquisition unit is used for acquiring a fixed key corresponding to the mobile terminal and transmitting the fixed key to a self-organizing unit in the cloud server, the self-organizing unit receives the fixed key transmitted by the key acquisition unit and performs storage preprocessing on the fixed key, and the specific steps of the storage preprocessing are as follows:

the method comprises the following steps: acquiring a corresponding fixed key;

step two: meanwhile, a timestamp for acquiring the fixed key is intercepted, and the timestamp is acquired in a month-day time division mode to obtain a time-digital group Ci, i is 1.. 8; wherein Ci represents the ith number which is arranged together in sequence after the dimension of the timestamp is removed;

step three: then acquiring the length of the fixed key, wherein the length value is represented by Cd;

step four: the time digital group is subjected to normalization processing, specifically, a normalization value G is calculated by means of a formula, and the calculation formula of the normalization value G is as follows:

in the formula, QG { } represents taking a numerical value in one bit for data in parentheses;

step five: dividing the length Cd of the fixed key by G to obtain a numerical value marked as a segmented value and a remainder; when the remainder is zero, automatically taking the length of the segment value of the fixed key as a segment, dividing the fixed key into G segments, and taking the length of each segment as a corresponding segment value;

if the remainder is not zero, dividing the length of the last segment into the length of the last segment value and the remainder;

g segments are obtained;

dividing the fixed key into G segments, and correspondingly marking the segments as Pj, j 1.. G;

step six: then acquiring X1 storage units in the storage module, sequentially marking the storage units, and sequentially marking the storage units as Di, i being 1.. X1; di is represented as the memory cell labeled i;

step seven: and carrying out staggered storage on the segments Pj, wherein the specific staggered storage mode is as follows:

and obtaining G, and storing by adopting a staggered one-in-one mode when the G is an odd number, specifically:

acquiring a first segment P1, and making i equal to G, namely acquiring a storage unit DG; storing the first segment P1 therein starting from the G-th storage unit; then, the remaining segments P2-PG are sequentially stored into the subsequent storage units of DG, that is, the assignment of i ═ G here is performed in a gradually increasing manner, and if the assignment is performed after the first bit and is not stored, the last bit is performed; after the storage position of each segment corresponds to the sequence of the segments from front to back, a storage and dispersion comparison table is formed;

when G is not an odd number, the storage is carried out by adopting a staggered two-storage mode, which specifically comprises the following steps:

acquiring a first segment P1, and making i equal to G, namely acquiring a storage unit DG; storing the first segment P1 therein starting from the G-th storage unit; then, the remaining segments P2-PG are sequentially stored into the storage unit where DG is located before, that is, the assignment of i ═ G here is performed in a gradually decreasing manner, and if the assignment is performed to the first bit and is not stored, the last bit is continued; after the storage position of each segment corresponds to the sequence of the segments from front to back, a storage and dispersion comparison table is formed;

step eight: obtaining a storage and dispersion comparison table; and finishing the storage of the fixed key;

when a user needs to extract a fixed key, a request signal is initiated through a data request unit and transmitted to a random marking unit, marking processing is automatically carried out after the random marking unit receives the request signal transmitted by the data request unit, and the marking processing step only exists in equipment designated by an administrator; the marking treatment comprises the following specific steps:

s1: acquiring a timestamp initiated by a request signal, and marking the timestamp as initiation time;

s2: adding the numerical values of the time and the time division positions of the time stamp, and taking the numerical value on the unit position;

s3: marking the retrieved value as an orientation value;

the random marking unit is used for returning the orientation value to the data request unit, the data request unit receives the orientation value transmitted by the random marking unit and then transmits the orientation value to the request analysis unit, the request analysis unit receives the orientation value transmitted by the data request unit and performs equipment admission processing, and the equipment admission processing step only specifies that equipment exists in an administrator; the equipment admits the specific steps of the treatment as follows:

s01: acquiring a fixed ID of mobile terminal equipment;

s02: then acquiring a corresponding orientation value;

s03: selecting from the first orientation value, acquiring the corresponding character of the first orientation value, and marking the character as a hit character;

s04: then, the hit character is arranged at the first position of the fixed ID to form a new authentication ID;

s05: fusing the authentication ID and the initiation time to form request information;

the request information is transmitted to a self-editing unit in the cloud server through an interaction unit, and the self-editing unit can automatically acquire an ID address of the request information after receiving the request information transmitted by the interaction unit; the self-editing unit is used for identity authentication, and the identity authentication mode is as follows:

SS 1: after acquiring corresponding request information;

SS 2: automatically calling an analysis rule in the self-organizing unit, wherein the analysis rule is a marking processing and equipment admission processing process of the mobile terminal and is used for combining the ID addresses into contact IDs according to the initiating time;

SS 3: when the contact ID is consistent with the authentication ID, the identity authentication is automatically passed, otherwise, no processing is performed, and an identity authentication failure signal is returned;

SS 4: after the identity authentication is passed, the fixed key is automatically extracted according to the storage and dispersion comparison table;

SS 5: obtaining a fixed key;

the self-editing unit is used for returning the fixed key to the mobile terminal.

A mobile terminal key safe storage method is specifically realized by a cloud server, a key acquisition unit and a mobile terminal in a storage system, and the specific mode is that the cloud server is used for storing a fixed key acquired by the key acquisition unit, the fixed key is specifically stored in a storage preprocessing mode, and a storage and dispersion comparison table is obtained; the fixed keys are scattered, so that the condition that other personnel invade the cloud server to steal information is avoided, and corresponding rules cannot be mastered to obtain the corresponding fixed keys even after invasion;

then, the mobile terminal is used for obtaining an orientation value after marking the request signal, then equipment admission processing is carried out on the orientation value to obtain an authentication ID, and the authentication ID and the initiation time are fused to form request information; and finally, the mobile terminal is used for transmitting the request information to the cloud server for authentication and extracting the fixed key according to the authentication result. The corresponding steps are placed on the appointed equipment, and the cloud server carries out two-phase verification, so that the equipment correctness is confirmed, the related information is prevented from being embezzled on other equipment, the fixed key can be extracted only by the appointed equipment, and the situations that the ID address is changed and the personal account is embezzled are avoided.

The foregoing is merely exemplary and illustrative of the present invention and various modifications, additions and substitutions may be made by those skilled in the art to the specific embodiments described without departing from the scope of the invention as defined in the following claims.

Claims (8)

1. A mobile terminal key safety storage method is characterized in that the method is realized by a storage system; the specific storage system comprises a cloud server, a key acquisition unit and a mobile terminal;

the cloud server is used for storing the fixed key acquired by the key acquisition unit, particularly completing the storage of the fixed key in a storage preprocessing mode, and obtaining a storage and dispersion comparison table;

the mobile terminal is used for obtaining the orientation value after marking the request signal, then carrying out equipment admission processing on the orientation value to obtain an authentication ID, and fusing the authentication ID and the initiation time to form request information;

and the mobile terminal is used for transmitting the request information to the cloud server for authentication and extracting the fixed key according to the authentication result.

2. The method according to claim 1, wherein the cloud server comprises a storage module and a self-organizing unit;

the memory module comprises X1 memory cells, X1 is a preset numerical value, and specifically X1 is fifteen;

the key acquisition unit is used for acquiring a fixed key corresponding to the mobile terminal and transmitting the fixed key to a self-organizing unit in the cloud server, and the self-organizing unit receives the fixed key transmitted by the key acquisition unit and performs storage pretreatment on the fixed key to obtain a storage and dispersion comparison table; and completes the storage of the fixed key.

3. The method according to claim 2, wherein the value of X1 is greater than or equal to ten.

4. The method according to claim 2, wherein the pre-processing of the storage comprises the following steps:

the method comprises the following steps: acquiring a corresponding fixed key;

step two: meanwhile, a timestamp for acquiring the fixed key is intercepted, and the timestamp is acquired in a month-day time division mode to obtain a time-digital group Ci, i is 1.. 8; wherein Ci represents the ith number which is arranged together in sequence after the dimension of the timestamp is removed;

step three: then acquiring the length of the fixed key, wherein the length value is represented by Cd;

step four: the time digital group is subjected to normalization processing, specifically, a normalization value G is calculated by means of a formula, and the calculation formula of the normalization value G is as follows:

in the formula, QG { } represents taking a numerical value in one bit for data in parentheses;

step five: dividing the length Cd of the fixed key by G to obtain a numerical value marked as a segmented value and a remainder; obtaining G segments according to the segment values and the remainders;

dividing the fixed key into G segments, and correspondingly marking the segments as Pj, j 1.. G;

step six: then acquiring X1 storage units in the storage module, sequentially marking the storage units, and sequentially marking the storage units as Di, i being 1.. X1; di is represented as the memory cell labeled i;

step seven: carrying out dislocation storage on the segments Pj;

step eight: obtaining a storage and dispersion comparison table; and completes the storage of the fixed key.

5. The method according to claim 4, wherein the specific way of storing the misplaced bits in step seven is as follows:

and obtaining G, and storing by adopting a staggered one-in-one mode when the G is an odd number, specifically:

acquiring a first segment P1, and making i equal to G, namely acquiring a storage unit DG; storing the first segment P1 therein starting from the G-th storage unit; then, the remaining segments P2-PG are sequentially stored into the subsequent storage units of DG, that is, the assignment of i ═ G here is performed in a gradually increasing manner, and if the assignment is performed after the first bit and is not stored, the last bit is performed; after the storage position of each segment corresponds to the sequence of the segments from front to back, a storage and dispersion comparison table is formed;

when G is not an odd number, the storage is carried out by adopting a staggered two-storage mode, which specifically comprises the following steps:

acquiring a first segment P1, and making i equal to G, namely acquiring a storage unit DG; storing the first segment P1 therein starting from the G-th storage unit; then, the remaining segments P2-PG are sequentially stored into the storage unit where DG is located before, that is, the assignment of i ═ G here is performed in a gradually decreasing manner, and if the assignment is performed to the first bit and is not stored, the last bit is continued; and (4) corresponding the storage position of each segment with the sequence of the segments from front to back to form a storage and dispersion comparison table.

6. The method as claimed in claim 4, wherein the specific way of obtaining G segments according to the segment value and the remainder in step five is as follows:

when the remainder is zero, automatically taking the length of the segment value of the fixed key as a segment, dividing the fixed key into G segments, and taking the length of each segment as a corresponding segment value;

if the remainder is not zero, dividing the length of the last segment into the length of the last segment value and the remainder;

g segments were obtained.

7. The method according to claim 1, wherein the mobile terminal comprises an interaction unit, a request parsing unit, a data request unit and a random marking unit;

when a user needs to extract a fixed key, a request signal is initiated through a data request unit and transmitted to a random marking unit, marking processing is automatically carried out after the random marking unit receives the request signal transmitted by the data request unit, and the marking processing step only exists in equipment designated by an administrator; obtaining an orientation value;

the random marking unit is used for returning the orientation value to the data request unit, the data request unit receives the orientation value transmitted by the random marking unit and then transmits the orientation value to the request analysis unit, the request analysis unit receives the orientation value transmitted by the data request unit and performs equipment admission processing, and the equipment admission processing step only specifies that equipment exists in an administrator; the equipment admits the specific steps of the treatment as follows:

s01: acquiring a fixed ID of mobile terminal equipment;

s02: then acquiring a corresponding orientation value;

s03: selecting from the first orientation value, acquiring the corresponding character of the first orientation value, and marking the character as a hit character;

s04: then, the hit character is arranged at the first position of the fixed ID to form a new authentication ID;

s05: fusing the authentication ID and the initiation time to form request information;

the request information is transmitted to a self-editing unit in the cloud server through an interaction unit, and the self-editing unit can automatically acquire an ID address of the request information after receiving the request information transmitted by the interaction unit; the self-editing unit is used for identity authentication, and the identity authentication mode is as follows:

SS 1: after acquiring corresponding request information;

SS 2: automatically calling an analysis rule in the self-organizing unit, wherein the analysis rule is a marking processing and equipment admission processing process of the mobile terminal and is used for combining the ID addresses into contact IDs according to the initiating time;

SS 3: when the contact ID is consistent with the authentication ID, the identity authentication is automatically passed, otherwise, no processing is performed, and an identity authentication failure signal is returned;

SS 4: after the identity authentication is passed, the fixed key is automatically extracted according to the storage and dispersion comparison table;

SS 5: obtaining a fixed key;

the self-editing unit is used for returning the fixed key to the mobile terminal.

8. The method according to claim 1, wherein the specific steps of the mark processing are as follows:

s1: acquiring a timestamp initiated by a request signal, and marking the timestamp as initiation time;

s2: adding the numerical values of the time and the time division positions of the time stamp, and taking the numerical value on the unit position;

s3: the retrieved value is marked as the orientation value.

Images