CN113556226B - Mobile terminal secret key safe storage method - Google Patents

Abstract

The invention discloses a mobile terminal secret key safe storage method which is specifically realized through a cloud server, a secret key acquisition unit and a mobile terminal in a storage system, wherein the cloud server is used for storing a fixed secret key acquired by the secret key acquisition unit, and specifically completes the storage of the fixed secret key in a storage preprocessing mode and obtains a storage comparison table; the fixed keys are scattered, so that other people are prevented from invading the cloud server to steal information, and even if the information is invading, the corresponding fixed keys cannot be acquired according to the corresponding rules; the mobile terminal is used for obtaining an orientation value after marking the request signal, carrying out equipment recognition processing on the orientation value to obtain an authentication ID, and fusing the authentication ID and the initiation time to form request information; and finally, the mobile terminal is used for transmitting the request information to the cloud server for authentication and extracting the fixed key according to the authentication result.

Description

Mobile terminal secret key safe storage method

Technical Field

The invention belongs to the field of technology, and particularly relates to a mobile terminal key safe storage method.

Background

In recent years, with the development of the mobile internet, a large amount of important data such as personal information and privacy data are collected on a mobile terminal, and once the data are revealed in the network transmission process, serious consequences are brought to users, so that the information security problem is increasingly outstanding. Therefore, encryption processing is necessary to be performed on the data transmitted by the network to ensure the security of the data transmission, so that key storage is a key for ensuring the security of the data. In general, the fixed key written in the source code is easy to obtain through decompilation and other means; the random secret key generated by a specific algorithm can also be obtained by means of decompilation, man-in-the-middle attack and the like to generate the algorithm and even the random secret key, so that the security is difficult to guarantee.

Therefore, it is necessary to provide a solution to the problem of low security of key storage in the internet environment in the conventional encryption technology, and for this purpose, the present application provides a solution for security storage of keys at a mobile terminal. According to the method, the mobile terminal user key is stored in the remote server, so that the unsafe problem of local data storage is solved. When the mobile terminal needs to use the secret key, the mobile terminal sends an asymmetrically encrypted (preventing man-in-the-middle attack) data request to the server, obtains a secret key matched with the mobile terminal from the server, and then carries out secret key negotiation with a communication party, in the negotiation process, in order to prevent man-in-the-middle attack, the transmitted data is also asymmetrically encrypted, the negotiated session secret key is only effective in the data transmission process, the life cycle of the session secret key in a memory is reduced, and white box attack is prevented, thereby ensuring the data transmission safety.

To achieve this, a solution is first provided.

Disclosure of Invention

The invention aims to provide a mobile terminal secret key safe storage method.

The aim of the invention can be achieved by the following technical scheme:

a mobile terminal key safe storage method is realized through a storage system; the specific storage system comprises a cloud server, a key acquisition unit and a mobile terminal;

the cloud server is used for storing the fixed key acquired by the key acquisition unit, particularly finishing the storage of the fixed key in a storage preprocessing mode, and acquiring a storage comparison table;

the mobile terminal is used for obtaining an orientation value after marking the request signal, then carrying out equipment recognition processing on the orientation value to obtain an authentication ID, and fusing the authentication ID and the initiation time to form request information;

and the mobile terminal is used for transmitting the request information to the cloud server for authentication and extracting the fixed key according to the authentication result.

Further, the cloud server comprises a storage module and a self-organizing unit;

the storage module comprises X1 storage units, X1 is a preset value, and X1 is fifteen in detail;

the key acquisition unit is used for acquiring a fixed key of a corresponding mobile terminal, transmitting the fixed key to the self-compiling unit in the cloud server, receiving the fixed key transmitted by the key acquisition unit by the self-compiling unit, and carrying out storage pretreatment on the fixed key to obtain a stored and dispersed comparison table; and the storage of the fixed key is completed.

Further, the value of X1 must be equal to or greater than ten.

Further, the specific steps of the storage pretreatment are as follows:

step one: obtaining a corresponding fixed key;

step two: meanwhile, intercepting a time stamp for acquiring the fixed key, wherein the time stamp is acquired in a month and day time division mode to obtain a time digital group Ci, wherein i=1..8; wherein Ci is represented as the ith number which is sequentially arranged after the dimension is removed by the timestamp;

step three: then obtaining the length of the fixed key, wherein the length value is represented by Cd;

step four: the time digital group is subjected to normalization processing, specifically, a normalization value G is calculated by means of a formula, and the calculation formula of the normalization value G is as follows:

wherein QG { x } is a value in bits of the data in brackets;

step five: dividing the length Cd of the fixed key by G to obtain a numerical value marked as a segmentation value and a remainder; g segments are obtained according to the segment values and the remainder;

the fixed key is divided into G segments, the segments are labeled Pj, j=1..g;

step six: then, obtaining X1 storage units in the storage module, and sequentially marking the storage units as Di, i=1..X1; di represents a memory cell labeled i;

step seven: dislocation storage is carried out on the segment Pj;

step eight: obtaining a dispersion comparison table; and the storage of the fixed key is completed.

Further, the specific way of dislocation storage in the seventh step is as follows:

g is obtained, and when G is an odd number, the G is stored in a staggered one-storing mode, specifically:

the first segment P1 is acquired, let i=g, i.e. the storage unit DG is acquired; storing the first segment P1 from the G-th storage unit; sequentially storing the rest segments P2-PG into subsequent storage units of DG, namely carrying out assignment on i=G in a gradually increasing mode, and if the segments are not stored yet after the first bit is carried out, adopting the last bit; after the storage position of each segment corresponds to the sequence from front to back, a storage comparison table is formed;

when G is not an odd number, the storage is performed in a dislocation two-storage mode, specifically:

the first segment P1 is acquired, let i=g, i.e. the storage unit DG is acquired; storing the first segment P1 from the G-th storage unit; sequentially storing the rest segments P2-PG into a storage unit in front of the DG, namely performing assignment on the i=G in a gradually decreasing mode, and if the segments are not stored yet after the first bit is performed, continuing from the last bit; after the storage position of each segment and the sequence of the segments from front to back are corresponded, a dispersion comparison table is formed.

Further, the specific way of obtaining G segments according to the segment value and the remainder in the fifth step is as follows:

when the remainder is zero, the fixed key is automatically divided into G segments by taking the length of the segment value as one segment, and the length of each segment is the corresponding segment value;

if the remainder is not zero, dividing the length of the last segment into the length of the last segment value plus the remainder;

resulting in G segments.

Further, the mobile terminal comprises an interaction unit, a request analysis unit, a data request unit and a random marking unit;

when a user needs to extract a fixed key, a request signal is initiated through a data request unit and transmitted to a random marking unit, the random marking unit automatically performs marking processing after receiving the request signal transmitted by the data request unit, and the marking processing step only exists in a device appointed by an administrator; obtaining an orientation value;

the random marking unit is used for returning the orientation value to the data request unit, the data request unit transmits the orientation value to the request analysis unit after receiving the orientation value transmitted by the random marking unit, the request analysis unit receives the orientation value transmitted by the data request unit and carries out equipment approval processing, and the equipment approval processing step only designates that equipment exists in an administrator; the device acknowledges that the specific steps of the treatment are as follows:

s01: acquiring a fixed ID of mobile terminal equipment;

s02: then obtaining a corresponding orientation value;

s03: selecting from the first character, acquiring a corresponding character of a first orientation value, and marking the character as a hit character;

s04: then, the hit character is arranged at the first bit of the fixed ID to form a new authentication ID;

s05: fusing the authentication ID and the initiation time to form request information;

transmitting the request information to a self-organizing unit in the cloud server through an interaction unit, wherein the self-organizing unit automatically acquires an ID address of the request information after receiving the request information transmitted by the interaction unit; the self-organizing unit is used for carrying out identity authentication, and the identity authentication mode is as follows:

SS1: after the corresponding request information is acquired;

SS2: automatically calling an analysis rule in the self-organizing unit, wherein the analysis rule is a marking process and a device recognition process of the mobile terminal and is used for splicing the ID address into a contact ID according to the initiating time;

SS3: when the contact ID is consistent with the authentication ID, the identity authentication is automatically passed, otherwise, no processing is performed, and an identity authentication failure signal is returned;

SS4: after passing the authentication, automatically extracting the fixed key according to the stored and dispersed comparison table;

SS5: obtaining a fixed key;

the self-compiling unit is used for returning the fixed key to the mobile terminal.

Further, the specific steps of the marking process are as follows:

s1: acquiring a time stamp initiated by a request signal, and marking the time stamp as initiation time;

s2: adding the time of the time stamp and the numerical value of the position of the minute, and taking the numerical value on the bit;

s3: the obtained value is marked as an orientation value.

The invention has the beneficial effects that:

the method is specifically realized by a cloud server, a key acquisition unit and a mobile terminal in a storage system, wherein the cloud server is used for storing the fixed key acquired by the key acquisition unit, and specifically completes the storage of the fixed key in a storage preprocessing mode, and a storage comparison table is obtained; the fixed keys are scattered, so that other people are prevented from invading the cloud server to steal information, and even if the information is invading, the corresponding fixed keys cannot be acquired according to the corresponding rules;

the mobile terminal is used for obtaining an orientation value after marking the request signal, carrying out equipment recognition processing on the orientation value to obtain an authentication ID, and fusing the authentication ID and the initiation time to form request information; and finally, the mobile terminal is used for transmitting the request information to the cloud server for authentication and extracting the fixed key according to the authentication result. Through the corresponding steps placed on the appointed equipment and the two-phase verification with the cloud server, the confirmation of the equipment correctness is completed, the related information is prevented from being stolen on other equipment, the fixed key can be extracted only by the appointed equipment, and the condition that the ID address is changed and the personal account is stolen is avoided.

Drawings

The present invention is further described below with reference to the accompanying drawings for the convenience of understanding by those skilled in the art.

Fig. 1 is a system block diagram of the present invention.

Detailed Description

As shown in fig. 1, a mobile terminal key secure storage method is implemented through a storage system; the specific storage system comprises a cloud server, a key acquisition unit and a mobile terminal;

the cloud server comprises a storage module and a self-organizing unit; the mobile terminal comprises an interaction unit, a request analysis unit, a data request unit and a random marking unit;

the storage module comprises X1 storage units, X1 is a preset numerical value, the specific value of X1 can be fifteen, and the value of X1 must be more than or equal to ten;

the key acquisition unit is used for acquiring the fixed key of the corresponding mobile terminal and transmitting the fixed key to the self-compiling unit in the cloud server, and the self-compiling unit receives the fixed key transmitted by the key acquisition unit and performs storage preprocessing on the fixed key, wherein the specific steps of the storage preprocessing are as follows:

step one: obtaining a corresponding fixed key;

step two: meanwhile, intercepting a time stamp for acquiring the fixed key, wherein the time stamp is acquired in a month and day time division mode to obtain a time digital group Ci, wherein i=1..8; wherein Ci is represented as the ith number which is sequentially arranged after the dimension is removed by the timestamp;

step three: then obtaining the length of the fixed key, wherein the length value is represented by Cd;

step four: the time digital group is subjected to normalization processing, specifically, a normalization value G is calculated by means of a formula, and the calculation formula of the normalization value G is as follows:

wherein QG { x } is a value in bits of the data in brackets;

step five: dividing the length Cd of the fixed key by G to obtain a numerical value marked as a segmentation value and a remainder; when the remainder is zero, the fixed key is automatically divided into G segments by taking the length of the segment value as one segment, and the length of each segment is the corresponding segment value;

if the remainder is not zero, dividing the length of the last segment into the length of the last segment value plus the remainder;

obtaining G segments;

the fixed key is divided into G segments, the segments are labeled Pj, j=1..g;

step six: then, obtaining X1 storage units in the storage module, and sequentially marking the storage units as Di, i=1..X1; di represents a memory cell labeled i;

step seven: the segment Pj is subjected to dislocation storage, and the specific dislocation storage mode is as follows:

g is obtained, and when G is an odd number, the G is stored in a staggered one-storing mode, specifically:

the first segment P1 is acquired, let i=g, i.e. the storage unit DG is acquired; storing the first segment P1 from the G-th storage unit; sequentially storing the rest segments P2-PG into subsequent storage units of DG, namely carrying out assignment on i=G in a gradually increasing mode, and if the segments are not stored yet after the first bit is carried out, adopting the last bit; after the storage position of each segment corresponds to the sequence from front to back, a storage comparison table is formed;

when G is not an odd number, the storage is performed in a dislocation two-storage mode, specifically:

the first segment P1 is acquired, let i=g, i.e. the storage unit DG is acquired; storing the first segment P1 from the G-th storage unit; sequentially storing the rest segments P2-PG into a storage unit in front of the DG, namely performing assignment on the i=G in a gradually decreasing mode, and if the segments are not stored yet after the first bit is performed, continuing from the last bit; after the storage position of each segment corresponds to the sequence from front to back, a storage comparison table is formed;

step eight: obtaining a dispersion comparison table; and the storage of the fixed key is completed;

when a user needs to extract a fixed key, a request signal is initiated through a data request unit and transmitted to a random marking unit, the random marking unit automatically performs marking processing after receiving the request signal transmitted by the data request unit, and the marking processing step only exists in a device appointed by an administrator; the marking process comprises the following specific steps:

s1: acquiring a time stamp initiated by a request signal, and marking the time stamp as initiation time;

s2: adding the time of the time stamp and the numerical value of the position of the minute, and taking the numerical value on the bit;

s3: marking the obtained value as an orientation value;

the random marking unit is used for returning the orientation value to the data request unit, the data request unit transmits the orientation value to the request analysis unit after receiving the orientation value transmitted by the random marking unit, the request analysis unit receives the orientation value transmitted by the data request unit and carries out equipment approval processing, and the equipment approval processing step only designates that equipment exists in an administrator; the device acknowledges that the specific steps of the treatment are as follows:

s01: acquiring a fixed ID of mobile terminal equipment;

s02: then obtaining a corresponding orientation value;

s03: selecting from the first character, acquiring a corresponding character of a first orientation value, and marking the character as a hit character;

s04: then, the hit character is arranged at the first bit of the fixed ID to form a new authentication ID;

s05: fusing the authentication ID and the initiation time to form request information;

transmitting the request information to a self-organizing unit in the cloud server through an interaction unit, wherein the self-organizing unit automatically acquires an ID address of the request information after receiving the request information transmitted by the interaction unit; the self-organizing unit is used for carrying out identity authentication, and the identity authentication mode is as follows:

SS1: after the corresponding request information is acquired;

SS2: automatically calling an analysis rule in the self-organizing unit, wherein the analysis rule is a marking process and a device recognition process of the mobile terminal and is used for splicing the ID address into a contact ID according to the initiating time;

SS3: when the contact ID is consistent with the authentication ID, the identity authentication is automatically passed, otherwise, no processing is performed, and an identity authentication failure signal is returned;

SS4: after passing the authentication, automatically extracting the fixed key according to the stored and dispersed comparison table;

SS5: obtaining a fixed key;

the self-compiling unit is used for returning the fixed key to the mobile terminal.

The method is specifically realized through a cloud server, a key acquisition unit and a mobile terminal in a storage system, wherein the cloud server is used for storing the fixed key acquired by the key acquisition unit, and specifically completes the storage of the fixed key in a storage preprocessing mode, and a storage comparison table is obtained; the fixed keys are scattered, so that other people are prevented from invading the cloud server to steal information, and even if the information is invading, the corresponding fixed keys cannot be acquired according to the corresponding rules;

the mobile terminal is used for obtaining an orientation value after marking the request signal, carrying out equipment recognition processing on the orientation value to obtain an authentication ID, and fusing the authentication ID and the initiation time to form request information; and finally, the mobile terminal is used for transmitting the request information to the cloud server for authentication and extracting the fixed key according to the authentication result. Through the corresponding steps placed on the appointed equipment and the two-phase verification with the cloud server, the confirmation of the equipment correctness is completed, the related information is prevented from being stolen on other equipment, the fixed key can be extracted only by the appointed equipment, and the condition that the ID address is changed and the personal account is stolen is avoided.

The foregoing is merely illustrative of the structures of this invention and various modifications, additions and substitutions for those skilled in the art can be made to the described embodiments without departing from the scope of the invention or from the scope of the invention as defined in the accompanying claims.

Claims (4)

1. The mobile terminal secret key safe storage method is characterized in that the method is realized through a storage system; the specific storage system comprises a cloud server, a key acquisition unit and a mobile terminal;

the cloud server is used for storing the fixed key acquired by the key acquisition unit, particularly finishing the storage of the fixed key in a storage preprocessing mode, and acquiring a storage comparison table;

the mobile terminal is used for obtaining an orientation value after marking the request signal, then carrying out equipment recognition processing on the orientation value to obtain an authentication ID, and fusing the authentication ID and the initiation time to form request information;

the mobile terminal is used for transmitting the request information to the cloud server for authentication and extracting the fixed key according to the authentication result;

the cloud server comprises a storage module and a self-organizing unit;

the storage module comprises X1 storage units, wherein X1 is a preset value;

the key acquisition unit is used for acquiring a fixed key of a corresponding mobile terminal, transmitting the fixed key to the self-compiling unit in the cloud server, receiving the fixed key transmitted by the key acquisition unit by the self-compiling unit, and carrying out storage pretreatment on the fixed key to obtain a stored and dispersed comparison table; and the storage of the fixed key is completed;

the specific steps of the storage pretreatment are as follows:

step one: obtaining a corresponding fixed key;

step two: meanwhile, intercepting a time stamp for acquiring the fixed key, wherein the time stamp is acquired in a month and day time division mode to obtain a time digital group Ci, wherein i=1..8; wherein Ci is represented as the ith number which is sequentially arranged after the dimension is removed by the timestamp;

step three: then obtaining the length of the fixed key, wherein the length value is represented by Cd;

step four: the time digital group is subjected to normalization processing, specifically, a normalization value G is calculated by means of a formula, and the calculation formula of the normalization value G is as follows:

wherein QG { x } is a value in bits of the data in brackets;

step five: dividing the length Cd of the fixed key by G to obtain a numerical value marked as a segmentation value and a remainder; g segments are obtained according to the segment values and the remainder;

the fixed key is divided into G segments, the segments are labeled Pj, j=1..g;

step six: then, obtaining X1 storage units in the storage module, and sequentially marking the storage units as Di, i=1..X1; di represents a memory cell labeled i;

step seven: dislocation storage is carried out on the segment Pj; the specific mode of dislocation storage is as follows:

g is obtained, and when G is an odd number, the G is stored in a staggered one-storing mode, specifically:

the first segment P1 is acquired, let i=g, i.e. the storage unit DG is acquired; storing the first segment P1 from the G-th storage unit; sequentially storing the rest segments P2-PG into subsequent storage units of DG, namely carrying out assignment on i=G in a gradually increasing mode, and if the segments are not stored yet after the first bit is carried out, adopting the last bit; after the storage position of each segment corresponds to the sequence from front to back, a storage comparison table is formed;

when G is not an odd number, the storage is performed in a dislocation two-storage mode, specifically:

the first segment P1 is acquired, let i=g, i.e. the storage unit DG is acquired; storing the first segment P1 from the G-th storage unit; sequentially storing the rest segments P2-PG into a storage unit in front of the DG, namely performing assignment on the i=G in a gradually decreasing mode, and if the segments are not stored yet after the first bit is performed, continuing from the last bit; after the storage position of each segment corresponds to the sequence from front to back, a storage comparison table is formed;

step eight: obtaining a dispersion comparison table; and the storage of the fixed key is completed;

the specific way of obtaining G segments according to the segment value and remainder is as follows:

when the remainder is zero, the fixed key is automatically divided into G segments by taking the length of the segment value as one segment, and the length of each segment is the corresponding segment value;

if the remainder is not zero, dividing the length of the last segment into the length of the last segment value plus the remainder;

resulting in G segments.

2. The method for securely storing a mobile terminal key according to claim 1, wherein the value of X1 must be equal to or greater than ten.

3. The mobile terminal key secure storage method according to claim 1, wherein the mobile terminal comprises an interaction unit, a request analysis unit, a data request unit and a random marking unit;

when a user needs to extract a fixed key, a request signal is initiated through a data request unit and transmitted to a random marking unit, the random marking unit automatically performs marking processing after receiving the request signal transmitted by the data request unit, and the marking processing step only exists in a device appointed by an administrator; obtaining an orientation value;

the random marking unit is used for returning the orientation value to the data request unit, the data request unit transmits the orientation value to the request analysis unit after receiving the orientation value transmitted by the random marking unit, the request analysis unit receives the orientation value transmitted by the data request unit and carries out equipment approval processing, and the equipment approval processing step only designates that equipment exists in an administrator; the device acknowledges that the specific steps of the treatment are as follows:

s01: acquiring a fixed ID of mobile terminal equipment;

s02: then obtaining a corresponding orientation value;

s03: selecting from the first character, acquiring a corresponding character of a first orientation value, and marking the character as a hit character;

s04: then, the hit character is arranged at the first bit of the fixed ID to form a new authentication ID;

s05: fusing the authentication ID and the initiation time to form request information;

transmitting the request information to a self-organizing unit in the cloud server through an interaction unit, wherein the self-organizing unit automatically acquires an ID address of the request information after receiving the request information transmitted by the interaction unit; the self-organizing unit is used for carrying out identity authentication, and the identity authentication mode is as follows:

SS1: after the corresponding request information is acquired;

SS2: automatically calling an analysis rule in the self-organizing unit, wherein the analysis rule is a marking process and a device recognition process of the mobile terminal and is used for splicing the ID address into a contact ID according to the initiating time;

SS3: when the contact ID is consistent with the authentication ID, the identity authentication is automatically passed, otherwise, no processing is performed, and an identity authentication failure signal is returned;

SS4: after passing the authentication, automatically extracting the fixed key according to the stored and dispersed comparison table;

SS5: obtaining a fixed key;

the self-compiling unit is used for returning the fixed key to the mobile terminal.

4. The method for securely storing a mobile terminal key according to claim 1, wherein the marking process comprises the specific steps of:

s1: acquiring a time stamp initiated by a request signal, and marking the time stamp as initiation time;

s2: adding the time of the time stamp and the numerical value of the position of the minute, and taking the numerical value on the bit;

s3: the obtained value is marked as an orientation value.