CN114285554A - Key generation method and device based on equipment identification and computer readable medium - Google Patents
Key generation method and device based on equipment identification and computer readable medium Download PDFInfo
- Publication number
- CN114285554A CN114285554A CN202111531753.1A CN202111531753A CN114285554A CN 114285554 A CN114285554 A CN 114285554A CN 202111531753 A CN202111531753 A CN 202111531753A CN 114285554 A CN114285554 A CN 114285554A
- Authority
- CN
- China
- Prior art keywords
- key
- data
- equipment
- internet
- dispersion factor
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
An embodiment of the present specification provides a device identifier-based key generation method and apparatus, and a computer-readable medium, where the method includes: acquiring a device identifier of the Internet of things device, and acquiring a root key and a dispersion factor; generating data to be encrypted according to the equipment identification and the dispersion factor; inputting the data to be encrypted and the root key into a preset decentralized algorithm to obtain a key; and writing the secret key into the Internet of things equipment. The method is executed by the computer equipment at the production side of the equipment of the Internet of things, is not generated and issued by a key management platform and does not depend on the key management platform; when the key management platform is inaccessible, the key user is not affected. Since the copy does not need to be distributed, various problems such as key loss, errors, repeated import and the like do not occur due to distribution and copying. The data to be encrypted is generated by the device identifier and the dispersion factor, but not by a single device identifier, and the dispersion factor can increase the complexity of the key.
Description
Technical Field
One or more embodiments of the present disclosure relate to the technical field of key generation, and in particular, to a method and an apparatus for generating a key based on device identification, and a computer-readable medium.
Background
With the wide application of the internet of things technology, more low-power-consumption terminal products are applied to the daily business process of an enterprise. For the data security of the equipment, the equipment with low power consumption has limited calculation capability, so the data security is realized by dynamic negotiation of a standard symmetric encryption algorithm.
In the prior art, a key management platform generates keys uniformly and distributes the keys, and the following problems exist in the actual service process: the generation of the key has single point dependence, if the key management platform is inaccessible, the related users are affected; the key is easy to cause various problems such as loss, error, repeated import and the like in the process of distributing and copying. During use, the device key cannot be recovered if it is lost.
Disclosure of Invention
One or more embodiments of the present specification describe a device identification-based key generation method and apparatus, and a computer-readable medium.
According to a first aspect, a key generation method based on device identification is provided, and the method is executed by a computer device on a device production side of the internet of things, and the method comprises the following steps:
s1, acquiring an equipment identifier of the Internet of things equipment, and acquiring a root key and a dispersion factor;
s2, generating data to be encrypted according to the equipment identification and the dispersion factor;
s3, inputting the data to be encrypted and the root key into a preset decentralized algorithm to obtain a key;
and S4, writing the key into the Internet of things equipment.
According to a second aspect, there is provided a device identifier-based key generation apparatus, which is located in a computer device on a device production side of the internet of things, the apparatus including:
the data acquisition module is used for executing S1, acquiring the equipment identifier of the Internet of things equipment, and acquiring a root key and a dispersion factor;
a first generating module, configured to execute S2, and generate data to be encrypted according to the device identifier and the dispersion factor;
the key generation module is used for executing S3 and inputting the data to be encrypted and the root key into a preset decentralized algorithm to obtain a key;
and the key writing module is used for executing S4 and writing the key into the Internet of things equipment.
According to a third aspect, there is provided a device identification-based key generation apparatus, including: at least one memory and at least one processor;
the at least one memory to store a machine readable program;
the at least one processor is configured to invoke the machine-readable program to perform the method provided by the first aspect.
According to a fourth aspect, there is provided a computer readable medium having stored thereon computer instructions which, when executed by a processor, cause the processor to perform the method provided by the first aspect.
According to the key generation method and device based on the equipment identifier and the computer readable medium provided by the embodiment of the invention, the scheme is executed by the computer equipment on the production side of the equipment of the Internet of things and is not generated and issued by the key management platform, so that the key generation method and device do not depend on the key management platform; when the key management platform is inaccessible, the key user is not affected. Since the copy does not need to be distributed, various problems such as key loss, errors, repeated import and the like do not occur due to distribution and copying. Which internet of things device needs the key, and which computer device on the production side of the internet of things device generates the key. And after the key is lost, the key can be generated again by using the scheme. Moreover, the data to be encrypted is generated by the device identifier and the dispersion factor, rather than a single device identifier, and the dispersion factor can increase the complexity of the key and the security of the data.
Drawings
In order to more clearly illustrate the embodiments of the present specification or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present specification, and other drawings can be obtained by those skilled in the art without creative efforts.
FIG. 1 is a flow chart illustrating a method for key generation based on device identification in one embodiment of the present disclosure;
fig. 2 is a flowchart illustrating a key generation method based on device identification in an embodiment of the present specification.
Detailed Description
The scheme provided by the specification is described below with reference to the accompanying drawings.
In a first aspect, the present invention provides a key generation method based on device identification, where the method is performed by a computer device on a device production side of the internet of things, and referring to fig. 1, the method includes:
s1, acquiring an equipment identifier of the Internet of things equipment, and acquiring a root key and a dispersion factor;
it can be understood that the device identifier is an identifier of the internet of things device, and the device identifier is generated according to a certain rule and has uniqueness in the system.
It can be understood that the internet of things device is a low-power-consumption device, and when the internet of things device is produced, the computer device on the production side of the internet of things device executes the scheme, so that the internet of things device obtains the secret key. Different internet of things devices are used for executing the scheme by computer devices on respective production sides. Therefore, the scheme is not generated and issued by the key management platform, namely the scheme does not depend on the key management platform; when the key management platform is inaccessible, the key user, namely the Internet of things equipment, is not affected. Since the copy does not need to be distributed, various problems such as key loss, errors, repeated import and the like do not occur due to distribution and copying. Which internet of things device needs the key, and which computer device on the production side of the internet of things device generates the key. And after the key is lost, the key can be generated again by using the scheme.
In a specific implementation, the obtaining the root key may include: the root key is selected from a pool of root keys. That is, the required root key may be obtained from the root key pool.
S2, generating data to be encrypted according to the equipment identification and the dispersion factor;
it can be understood that, the device identifier and the dispersion factor are used to generate the data to be encrypted, rather than generating the data to be encrypted only according to the device identifier, the dispersion factor is used to increase the complexity of the data to be encrypted, thereby increasing the complexity of the key and improving the security of the data.
In a specific implementation, S2 may specifically include: and performing exclusive or processing on corresponding bits in the binary data of the equipment identifier and the binary data of the dispersion factor to obtain the binary data of the data to be encrypted.
For example, the device identifier is represented by 256-bit binary data, the dispersion factor is also represented by 256-bit binary data, and each bit in the device identifier binary data and the corresponding bit in the dispersion factor binary data are subjected to xor processing to obtain 256-bit binary data, that is, the data to be encrypted. For example, the 1 st bit in the binary data of the device identifier and the 1 st bit in the binary data of the dispersion factor are subjected to exclusive or processing to obtain the 1 st bit in the data to be encrypted, and the same is true for the rest of bits.
The xor processing means that if two values are different, the xor result is 1, and if the two values are the same, the xor result is 0.
S3, inputting the data to be encrypted and the root key into a preset decentralized algorithm to obtain a key;
among them, there are various preset decentralized algorithms, for example, MD5 (i.e., message digest algorithm), AES (i.e., advanced encryption standard), DES (i.e., data encryption standard), 3DES (i.e., triple data encryption algorithm), and the like.
And S4, writing the key into the Internet of things equipment.
That is, after the key is written into the internet of things device, the internet of things device can hold the key.
In specific implementation, in order to increase the security level, the internet of things device uses a plurality of keys in a polling or dynamic negotiation manner, and a plurality of dispersion factors are required at this time, that is, the number of the dispersion factors is consistent with the number of the keys. At this time, referring to fig. 2, the process of acquiring the dispersion factor may include: and generating dispersion factors of a preset number, wherein the preset number is the number of the required keys. E.g. 16 keys are needed, 16 dispersion factors are generated, e.g. 16 dispersion factors are generated using an initialization algorithm.
Correspondingly, a mode of generating a next key after generating a key can be used, and all keys are written into corresponding internet of things equipment until all keys are generated. Therefore, in the specific implementation, a dispersion factor may be sequentially selected from a preset number of dispersion factors, so that the dispersion factor participates in steps S2 and S3 to obtain a corresponding key; then, the next dispersion factor is selected from the preset number of dispersion factors in sequence, so that the selected dispersion factor participates in steps S2 and S3, and a key is obtained. By analogy, a preset number of keys can be obtained.
That is, after step S3 and before S4, the method further comprises: judging whether the number of the generated keys reaches the preset number or not; if yes, go to S4; otherwise, one dispersion factor is taken from the preset number of dispersion factors, and the process returns to S2.
It is understood that if the number of keys already generated reaches the predetermined number through judgment, all the key generation is completed, and the process proceeds to S4. If it is judged that the number of keys that have been generated has not reached the preset number, the generation is continued, and at this time, the next dispersion factor is selected from the preset number of dispersion factors and returned to S2, and the next key is generated through S2 and S3 until the number of generated keys reaches the preset number.
The preset decentralized algorithm can be shared, the key management platform can share the preset decentralized algorithm with computer equipment of a production test, and the computer equipment of a production side generates a key according to the preset decentralized algorithm. And the root key and the dispersion factor are key secret data and cannot be shared and transmitted in the scheme, so that the computer equipment on the production side acquires from the root key pool and generates according to the generation algorithm of the dispersion factor, but does not acquire from the key management platform. For example, dynamic libraries storing relevant data are integrated in the computer device on the production side, i.e. into the production system.
Because the key is not uniformly generated by the key management platform any more, a related person as the internet of things equipment can generate the key of the internet of things equipment according to authorization, the internet of things equipment and the key are ensured to be in one-to-one correspondence, and the key generated by the same internet of things equipment for many times is the same, namely the key regenerated after the key is lost is the same as the key lost before. Therefore, the generation of the key does not depend on a key management platform, copy and distribution do not exist, and who uses the key to generate the key. After the key is lost, the key can be repeatedly generated according to the relevant rule. Thereby solving many problems generated in the key generation and distribution process.
It can be understood that the scheme is mainly directed to a key generation scenario for realizing a symmetric encryption algorithm, and is mainly applied to generation and use of encryption algorithm keys of low-power-consumption products at present. According to the scheme, multiple times of generation can be realized according to the equipment identification and the dispersion factor, distribution is not needed, and therefore the problems that secret key generation in the using process depends on risks, and the secret key generation is lost, intercepted, repeated and the like in the distribution process are solved. The generated key data can be regenerated according to the algorithm even if the data is lost due to factors such as environment and the like, and the use of the normal environment equipment cannot be influenced.
It can be understood that the scheme is selected to use a standard encryption algorithm and is implemented across platforms (such as Windows, Linux and Mac), multiple languages (such as Java, C/C + +, Python and the like), and the solution is not limited by technical conditions. Because the algorithm and the factor participating in data dispersion are fixed, when the terminal reaches a certain order of magnitude, a real-time key generation mode can be considered, the data storage and retrieval time is reduced, and the overall performance of the system is improved.
In a second aspect, an embodiment of the present invention provides a device for generating a secret key based on an equipment identifier, where the device is located in a computer device on a production side of an internet of things device, that is, a plurality of following functional modules may be deployed in the computer device on the production side of the internet of things. The apparatus may include:
the data acquisition module is used for executing S1, acquiring the equipment identifier of the Internet of things equipment, and acquiring a root key and a dispersion factor;
a first generating module, configured to execute S2, and generate data to be encrypted according to the device identifier and the dispersion factor;
the key generation module is used for executing S3 and inputting the data to be encrypted and the root key into a preset decentralized algorithm to obtain a key;
and the key writing module is used for executing S4 and writing the key into the Internet of things equipment.
In some embodiments, the first generating module may be specifically configured to: and performing exclusive or processing on corresponding bits in the binary data of the equipment identifier and the binary data of the dispersion factor to obtain the binary data of the data to be encrypted.
In some embodiments, the obtaining the dispersion factor in the data obtaining module may include: generating dispersion factors of a preset number, wherein the preset number is the number of the required keys;
correspondingly, the apparatus may further include:
a first judging module for judging whether the number of generated keys reaches the preset number after the key generating module performs the step S3 and before the key writing module performs the step S4; if yes, the key writing module executes S4; otherwise, taking a dispersion factor from the preset number of dispersion factors, and returning to the first generation module to execute S2.
In some embodiments, the obtaining the root key in the data obtaining module includes: the root key is selected from a pool of root keys.
In a third aspect, an embodiment of the present invention provides an apparatus for generating a key based on a device identifier, where the apparatus includes: at least one memory and at least one processor;
the at least one memory to store a machine readable program;
the at least one processor is configured to invoke the machine-readable program to perform the method provided in the first aspect.
In a fourth aspect, the present invention provides a computer-readable medium, on which computer instructions are stored, and when executed by a processor, the computer instructions cause the processor to execute the method provided in the first aspect. Specifically, a system or an apparatus equipped with a storage medium on which software program codes that realize the functions of any of the above-described embodiments are stored may be provided, and a computer (or a CPU or MPU) of the system or the apparatus is caused to read out and execute the program codes stored in the storage medium.
In this case, the program code itself read from the storage medium can realize the functions of any of the above-described embodiments, and thus the program code and the storage medium storing the program code constitute a part of the present invention.
Examples of the storage medium for supplying the program code include a floppy disk, a hard disk, a magneto-optical disk, an optical disk (e.g., CD-ROM, CD-R, CD-RW, DVD-ROM, DVD-RAM, DVD-RW, DVD + RW), a magnetic tape, a nonvolatile memory card, and a ROM. Alternatively, the program code may be downloaded from a server computer via a communications network.
Further, it should be clear that the functions of any one of the above-described embodiments may be implemented not only by executing the program code read out by the computer, but also by causing an operating system or the like operating on the computer to perform a part or all of the actual operations based on instructions of the program code.
Further, it is to be understood that the program code read out from the storage medium is written to a memory provided in an expansion board inserted into the computer or to a memory provided in an expansion module connected to the computer, and then causes a CPU or the like mounted on the expansion board or the expansion module to perform part or all of the actual operations based on instructions of the program code, thereby realizing the functions of any of the above-described embodiments.
It is to be understood that, in the second, third, and fourth aspects, for the explanation, example, beneficial effects, and the like of the apparatus and the computer-readable medium provided in the embodiment of the present invention, reference may be made to corresponding parts in the foregoing method, and details are not described here.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, as for the apparatus embodiment, since it is substantially similar to the method embodiment, the description is relatively simple, and for the relevant points, reference may be made to the partial description of the method embodiment.
Those skilled in the art will recognize that, in one or more of the examples described above, the functions described in this disclosure may be implemented in hardware, software, hardware, or any combination thereof. When implemented in software, the functions may be stored on or transmitted over as one or more instructions or code on a computer-readable medium.
The above-mentioned embodiments, objects, technical solutions and advantages of the present invention are further described in detail, it should be understood that the above-mentioned embodiments are only exemplary embodiments of the present invention, and are not intended to limit the scope of the present invention, and any modifications, equivalent substitutions, improvements and the like made on the basis of the technical solutions of the present invention should be included in the scope of the present invention.
Claims (10)
1. A secret key generation method based on equipment identification is characterized in that the method is executed by computer equipment on the production side of equipment of the Internet of things, and the method comprises the following steps:
s1, acquiring an equipment identifier of the Internet of things equipment, and acquiring a root key and a dispersion factor;
s2, generating data to be encrypted according to the equipment identification and the dispersion factor;
s3, inputting the data to be encrypted and the root key into a preset decentralized algorithm to obtain a key;
and S4, writing the key into the Internet of things equipment.
2. The method of claim 1, wherein the generating data to be encrypted according to the device identifier and the dispersion factor comprises:
and performing exclusive or processing on corresponding bits in the binary data of the equipment identifier and the binary data of the dispersion factor to obtain the binary data of the data to be encrypted.
3. The method of claim 1 or 2, wherein obtaining a dispersion factor comprises: generating dispersion factors of a preset number, wherein the preset number is the number of the required keys;
correspondingly, after the step S3 and before the step S4, the method further comprises: judging whether the number of the generated keys reaches the preset number or not;
if yes, go to S4;
otherwise, one dispersion factor is taken from the preset number of dispersion factors, and the process returns to S2.
4. The method of claim 1, wherein obtaining the root key comprises: the root key is selected from a pool of root keys.
5. An apparatus for generating a key based on device identification, the apparatus being located in a computer device on a device production side of the internet of things, the apparatus comprising:
the data acquisition module is used for executing S1, acquiring the equipment identifier of the Internet of things equipment, and acquiring a root key and a dispersion factor;
a first generating module, configured to execute S2, and generate data to be encrypted according to the device identifier and the dispersion factor;
the key generation module is used for executing S3 and inputting the data to be encrypted and the root key into a preset decentralized algorithm to obtain a key;
and the key writing module is used for executing S4 and writing the key into the Internet of things equipment.
6. The apparatus of claim 5, wherein the first generating module is specifically configured to: and performing exclusive or processing on corresponding bits in the binary data of the equipment identifier and the binary data of the dispersion factor to obtain the binary data of the data to be encrypted.
7. The apparatus according to claim 5 or 6, wherein the data obtaining module obtains the dispersion factor, and comprises: generating dispersion factors of a preset number, wherein the preset number is the number of the required keys; correspondingly, the device further comprises:
a first judging module for judging whether the number of generated keys reaches the preset number after the key generating module performs the step S3 and before the key writing module performs the step S4; if yes, the key writing module executes S4; otherwise, taking a dispersion factor from the preset number of dispersion factors, and returning to the first generation module to execute S2.
8. The apparatus of claim 5, wherein the obtaining the root key in the data obtaining module comprises: the root key is selected from a pool of root keys.
9. An apparatus for generating a key based on device identification, comprising: at least one memory and at least one processor;
the at least one memory to store a machine readable program;
the at least one processor, configured to invoke the machine readable program to perform the method of any of claims 1 to 4.
10. A computer readable medium having stored thereon computer instructions which, when executed by a processor, cause the processor to perform the method of any of claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111531753.1A CN114285554A (en) | 2021-12-15 | 2021-12-15 | Key generation method and device based on equipment identification and computer readable medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111531753.1A CN114285554A (en) | 2021-12-15 | 2021-12-15 | Key generation method and device based on equipment identification and computer readable medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114285554A true CN114285554A (en) | 2022-04-05 |
Family
ID=80872289
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111531753.1A Pending CN114285554A (en) | 2021-12-15 | 2021-12-15 | Key generation method and device based on equipment identification and computer readable medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114285554A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114615658A (en) * | 2022-05-11 | 2022-06-10 | 深圳市德航智能技术有限公司 | Handheld tablet computer of 5G communication encryption system |
-
2021
- 2021-12-15 CN CN202111531753.1A patent/CN114285554A/en active Pending
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114615658A (en) * | 2022-05-11 | 2022-06-10 | 深圳市德航智能技术有限公司 | Handheld tablet computer of 5G communication encryption system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP7430238B2 (en) | A computer-implemented system and method for performing computational tasks across a group that operates in a manner that does not require administrative approval or in a dealer-free manner. | |
| CN107404461B (en) | Data secure transmission method, client and server method, device and system | |
| CN109150499B (en) | Method and device for dynamically encrypting data, computer equipment and storage medium | |
| CN107483192B (en) | Data transmission method and device based on quantum communication | |
| CN110224811B (en) | Internet of things encryption processing method, device and system | |
| CN104836784A (en) | Information processing method, client, and server | |
| CN112615834B (en) | Security authentication method and system | |
| KR20150045790A (en) | Method and Apparatus for authenticating and managing an application using trusted platform module | |
| CN105516135A (en) | Method and device used for account login | |
| CN112118245B (en) | Key management method, system and equipment | |
| US11128455B2 (en) | Data encryption method and system using device authentication key | |
| CN113890730A (en) | Data transmission method and system | |
| CN114285554A (en) | Key generation method and device based on equipment identification and computer readable medium | |
| CN111865869B (en) | Registration and authentication method and device based on random mapping, medium and electronic equipment | |
| WO2018043573A1 (en) | Key exchange method and key exchange system | |
| CN113486372A (en) | Data backup method, data backup device and server | |
| CN116455572B (en) | Data encryption method, device and equipment | |
| CN103703718A (en) | System and method for obfuscating initiation values of cryptography protocol | |
| US9386017B2 (en) | Authentication device, system and method | |
| JP6808609B2 (en) | Server devices, communication devices, key sharing systems, key sharing methods, and programs | |
| CN117795507A (en) | Authentication system, authentication module, and authentication program | |
| CN115086428A (en) | Network request sending method and device and electronic equipment | |
| CN111339523A (en) | Authorization method and device of embedded device | |
| CN105117659A (en) | Anti-copying monitoring method used for data storage device | |
| CN109347639B (en) | Method and device for generating serial number |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20221129 Address after: 101100 5-101, 4th floor, building 38, courtyard 1, jinghaiwu Road, Tongzhou District, Beijing Applicant after: ENN (CHINA) GAS INVESTMENT Co.,Ltd. Applicant after: Langfang Xinao Intelligent Technology Co.,Ltd. Applicant after: Langfang Xinao Energy Co.,Ltd. Applicant after: ENN FANNENG NETWORK TECHNOLOGY CO.,LTD. Address before: 065000 floors 3-6, building 1, jinyuli community, Yingchun Road, Guangyang District, Langfang City, Hebei Province Applicant before: Langfang Xinao Energy Co.,Ltd. Applicant before: ENN (CHINA) GAS INVESTMENT Co.,Ltd. Applicant before: Langfang Xinao Intelligent Technology Co.,Ltd. |