CN115085925B - Security chip processing method and device for key information combination encryption - Google Patents

Security chip processing method and device for key information combination encryption Download PDF

Info

Publication number
CN115085925B
CN115085925B CN202210996564.XA CN202210996564A CN115085925B CN 115085925 B CN115085925 B CN 115085925B CN 202210996564 A CN202210996564 A CN 202210996564A CN 115085925 B CN115085925 B CN 115085925B
Authority
CN
China
Prior art keywords
key
encryption
data
terminal
encryption key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210996564.XA
Other languages
Chinese (zh)
Other versions
CN115085925A (en
Inventor
董文强
王帅
王亮
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangzhou Wise Security Technology Co Ltd
Original Assignee
Guangzhou Wise Security Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangzhou Wise Security Technology Co Ltd filed Critical Guangzhou Wise Security Technology Co Ltd
Priority to CN202210996564.XA priority Critical patent/CN115085925B/en
Publication of CN115085925A publication Critical patent/CN115085925A/en
Application granted granted Critical
Publication of CN115085925B publication Critical patent/CN115085925B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0877Generation of secret information including derivation or calculation of cryptographic keys or passwords using additional device, e.g. trusted platform module [TPM], smartcard, USB or hardware security module [HSM]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • H04L9/0897Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage involving additional devices, e.g. trusted platform module [TPM], smartcard or USB

Abstract

The embodiment of the invention discloses a method and a device for processing a security chip by combining and encrypting key information, wherein the method comprises the following steps: when the first terminal sends data, the auxiliary encryption equipment is randomly determined through the server; receiving a second encryption key sent by the auxiliary encryption equipment, and combining the first encryption key and the second encryption key stored by the auxiliary encryption equipment to obtain a data encryption key; the first terminal encrypts the sending data through the data encryption key to obtain encrypted data and sends the encrypted data to a second terminal, and the second terminal stores a first decryption key matched with the first encryption key; and the second terminal establishes communication connection with the auxiliary encryption equipment, receives a second decryption key sent by the auxiliary encryption equipment, combines the second decryption key with the stored first decryption key to obtain a data decryption key, and decrypts the received encrypted data. According to the scheme, the information security is improved.

Description

Method and device for processing security chip through combination encryption of key information
Technical Field
The embodiment of the application relates to the technical field of security chips, in particular to a security chip processing method and device for encryption of key information combination.
Background
Along with the development of the 5G network, various technologies such as an intelligent terminal, an internet of things, intelligent driving, AR/VR (augmented reality/virtual reality), AI artificial intelligence and the like are widely applied, wherein the most basic layer is a chip, a safety chip is mostly integrated for ensuring data safety, and data is encrypted and decrypted through the safety chip so as to ensure data safety.
In the related art, as patent document WO2020010642A1, a secure encryption chip and an electronic device including the same are disclosed, the device chip includes: the encryption unit is electrically connected with the memory, and the memory is electrically connected with the bus interface; the encryption unit is arranged in the chip, and the key generated by the encryption unit is stored in the memory, so that the purpose of enhancing data security is achieved, and the problem that user data is unsafe due to unreasonable design of electronic elements in the related art is solved. However, the above simple data encryption method lacks a more effective and reliable information security protection method for some industries with high requirements on special scenes and security.
Disclosure of Invention
The embodiment of the invention provides a security chip processing method and device for key information combination encryption, which solve the problem that the security chip in the related technology has insufficient information protection safety and reliability, and if a local key is tampered, the local key has a great risk of information insecurity, so that the information security is improved.
In a first aspect, an embodiment of the present invention provides a method for processing a security chip by combining and encrypting key information, where the method includes:
when a first terminal sends data, the server randomly determines auxiliary encryption equipment, and the first terminal stores a first encryption key;
the first terminal establishes communication connection with the auxiliary encryption equipment, receives a second encryption key sent by the auxiliary encryption equipment, and combines the first encryption key and the second encryption key stored by the first terminal to obtain a data encryption key;
the first terminal encrypts the sending data through the data encryption key to obtain encrypted data and sends the encrypted data to a second terminal, and the second terminal stores a first decryption key matched with the first encryption key;
and the second terminal establishes communication connection with the auxiliary encryption equipment, receives a second decryption key sent by the auxiliary encryption equipment, combines the second decryption key with the stored first decryption key to obtain a data decryption key, and decrypts the received encrypted data.
Optionally, when the first terminal sends data, the randomly determining, by the server, the auxiliary encryption device includes:
and when the first terminal transmits data, under the condition that a key updating condition is met, the server randomly determines the auxiliary encryption equipment, wherein the key updating condition comprises the change of the security level of the transmitted data and the time length for which the key meets the change.
Optionally, the combining the first encryption key and the second encryption key stored in the device to obtain a data encryption key includes:
performing multi-level key combination of the first encryption key and the second encryption key in a mode of setting secondary encryption to obtain a data encryption key; alternatively, the first and second electrodes may be,
and superposing the first encryption key and the second encryption key to obtain a data encryption key.
Optionally, the combining with the stored first decryption key to obtain a data decryption key includes:
if the generation mode of the data encryption key is to perform multi-stage key combination of the first encryption key and the second encryption key in a set secondary encryption mode, correspondingly, performing multi-stage key combination of the first decryption key and the second decryption key in a set secondary decryption mode to obtain a data decryption key.
Optionally, the combining with the stored first decryption key to obtain a data decryption key includes:
and if the generation mode of the data encryption key is obtained by superposing the first encryption key and the second encryption key, correspondingly superposing the first decryption key and the second decryption key to obtain the data decryption key.
Optionally, the encrypting of the sending data by the first terminal through the data encryption key to obtain the encrypted data and send the encrypted data to the second terminal further includes:
and sending the mode of generating the data encryption key to the second terminal so as to be used for the second terminal to generate the data decryption key based on the mode of generating the data encryption key.
Optionally, the randomly determining, by the server, the auxiliary encryption device includes:
the server acquires the current position information of the first terminal;
and determining optional equipment within a preset range based on the position information, and determining auxiliary encryption equipment according to attack information recorded by the optional equipment.
In a second aspect, an embodiment of the present invention further provides a secure chip processing apparatus for encrypting key information in combination, where the secure chip processing apparatus includes:
the device determining module is configured to randomly determine auxiliary encryption devices through a server when data are sent, and a first encryption key is stored in the first terminal;
the first key combination module is configured to be in communication connection with the auxiliary encryption equipment, receive a second encryption key sent by the auxiliary encryption equipment, and combine the first encryption key and the second encryption key stored in the first key combination module to obtain a data encryption key;
the data sending module is configured to encrypt sending data through the data encryption key to obtain encrypted data and send the encrypted data to a second terminal, and the second terminal stores a first decryption key matched with the first encryption key;
and the first key combination module is configured to be in communication connection with the auxiliary encryption device, receive the second decryption key sent by the auxiliary encryption device, combine the second decryption key with the stored first decryption key to obtain a data decryption key, and decrypt the received encrypted data.
In a third aspect, an embodiment of the present invention further provides a device for processing a security chip through encryption of key information combinations, where the device includes:
one or more processors;
a storage secure chip device for storing one or more programs,
when the one or more programs are executed by the one or more processors, the one or more processors implement the secure chip processing method for encryption of key information combinations according to the embodiment of the present invention.
In a fourth aspect, the present invention further provides a storage medium containing computer-executable instructions, which when executed by a computer processor, are configured to perform the method for processing a security chip for encryption by combining key information according to the present invention.
In a fifth aspect, the present application further provides a computer program product, where the computer program product includes a computer program, where the computer program is stored in a computer-readable storage medium, and at least one processor of the device reads and executes the computer program from the computer-readable storage medium, so that the device executes the secure chip processing method for encrypting the key information combination according to the present application.
In the embodiment of the invention, when a first terminal sends data, auxiliary encryption equipment is randomly determined through a server, and a first encryption key is stored in the first terminal; the first terminal establishes communication connection with the auxiliary encryption equipment, receives a second encryption key sent by the auxiliary encryption equipment, and combines the first encryption key and the second encryption key stored by the first terminal to obtain a data encryption key; the first terminal encrypts the sending data through the data encryption key to obtain encrypted data and sends the encrypted data to a second terminal, and the second terminal stores a first decryption key matched with the first encryption key; and the second terminal establishes communication connection with the auxiliary encryption equipment, receives a second decryption key sent by the auxiliary encryption equipment, combines the second decryption key with the stored first decryption key to obtain a data decryption key, and decrypts the received encrypted data. According to the scheme, the problem that the information is not protected safely and reliably enough for the safety chip in the related technology is solved, if the local secret key is tampered, the great risk of unsafe information can occur, and the information safety is improved.
Drawings
Fig. 1 is a flowchart of a processing method of a security chip for cryptographic key information combination encryption according to an embodiment of the present invention;
fig. 2 is a flowchart of a method for generating a key by combining keys according to an embodiment of the present invention
Fig. 3 is a flowchart of another method for generating a key by key combination according to an embodiment of the present invention;
fig. 4 is a block diagram of a secure chip processing apparatus for encrypting key information in combination according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of a secure chip processing device for encryption by combining key information according to an embodiment of the present invention.
Detailed Description
The embodiments of the present invention will be described in further detail with reference to the drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of and not restrictive on the broad invention. It should be further noted that, for convenience of description, only some structures related to the embodiments of the present invention are shown in the drawings, not all of them.
Fig. 1 is a flowchart of a processing method of a security chip for key information combination encryption according to an embodiment of the present invention, and an embodiment of the present invention specifically includes the following steps:
step S101, when a first terminal sends data, the server randomly determines an auxiliary encryption device, and the first terminal stores a first encryption key.
The first terminal is terminal equipment which is integrated with a security chip and can encrypt and decrypt data. Such as a car networking terminal or a monitoring terminal. Which randomly determines the auxiliary encryption device through the server when data transmission is performed. The first terminal stores a first encryption key.
Optionally, the selecting process of the auxiliary encryption device may be: the server acquires the current position information of the first terminal; and determining optional equipment within a preset range based on the position information, and determining auxiliary encryption equipment according to the attack information recorded by the optional equipment. The preset range may be 1 km or 5 km, for example. And if the device is in the preset range, determining a unique auxiliary encryption device based on the recorded attack information, and optionally selecting the device with the least attacked times recorded in the attack information as the auxiliary encryption device.
In one embodiment, the randomly determining, by the server, the auxiliary encryption device when the first terminal performs data transmission includes: and when the first terminal transmits data and meets the key updating condition, the server randomly determines the auxiliary encryption equipment, wherein the key updating condition comprises the security level change of the transmitted data and the time length for which the key meets the change. Specifically, the first terminal sets a plurality of different security levels for the transmitted data, and when it is detected that the security level changes from low to medium or high, or when the security level changes for a long time, for example, 1 hour, it is determined that the update condition is satisfied, and this step is started.
Wherein the second encryption key and the second decryption key corresponding to different auxiliary encryption devices are different.
And S102, the first terminal establishes communication connection with the auxiliary encryption equipment, receives a second encryption key sent by the auxiliary encryption equipment, and combines the first encryption key and the second encryption key stored by the first terminal with the second encryption key to obtain a data encryption key.
In one embodiment, after the auxiliary encryption device is determined, the first terminal establishes a communication connection with the auxiliary encryption device and receives a second encryption key sent by the auxiliary encryption device. And combining the first encryption key and the second encryption key stored by the encryption key to obtain a data encryption key.
And S103, encrypting the sending data by the first terminal through the data encryption key to obtain encrypted data and sending the encrypted data to a second terminal, wherein the second terminal stores a first decryption key matched with the first encryption key.
In one embodiment, the encrypted data is obtained by encrypting the transmission data using the combined data encryption key and transmitted to the second terminal. And the second terminal stores a first decryption key matched with the first encryption key. The second terminal may be another car networking terminal or a mobile terminal, etc.
And step S104, the second terminal establishes communication connection with the auxiliary encryption device, receives a second decryption key sent by the auxiliary encryption device, combines the second decryption key with the stored first decryption key to obtain a data decryption key, and decrypts the received encrypted data.
In one embodiment, the second terminal synchronously communicates with the auxiliary encryption device, receives the second decryption key sent by the auxiliary encryption device, combines the second decryption key with the stored first decryption key to obtain a data decryption key, and decrypts the received encrypted data by using the data decryption key. Since the determination of the auxiliary encryption device is randomly determined according to different situations, the second encryption key and the second decryption key stored correspondingly thereto are also different.
As can be seen from the above, when a first terminal transmits data, an auxiliary encryption device is randomly determined by a server, and a first encryption key is stored in the first terminal; the first terminal establishes communication connection with the auxiliary encryption equipment, receives a second encryption key sent by the auxiliary encryption equipment, and combines the first encryption key and the second encryption key stored by the first terminal to obtain a data encryption key; the first terminal encrypts the sending data through the data encryption key to obtain encrypted data and sends the encrypted data to a second terminal, and the second terminal stores a first decryption key matched with the first encryption key; and the second terminal establishes communication connection with the auxiliary encryption equipment, receives a second decryption key sent by the auxiliary encryption equipment, combines the second decryption key with the stored first decryption key to obtain a data decryption key, and decrypts the received encrypted data. According to the scheme, the problem that the information is not protected safely and reliably enough for the safety chip in the related technology is solved, if the local secret key is tampered, the great risk of unsafe information can occur, and the information safety is improved.
On the basis of the above technical solution, when the first terminal encrypts the transmission data by using the data encryption key to obtain encrypted data and transmits the encrypted data to the second terminal, the method further includes: and sending the mode of generating the data encryption key to the second terminal so as to be used for generating the data decryption key by the second terminal based on the mode of generating the data encryption key. That is, the first encryption key and the second encryption key may be combined to obtain the data encryption key in a plurality of ways, and a specific combination strategy is sent to the second terminal in advance.
Fig. 2 is a flowchart of a method for generating a key by combining keys according to an embodiment of the present invention, as shown in fig. 2, specifically including:
step S201, when a first terminal sends data, the server randomly determines auxiliary encryption equipment, and the first terminal stores a first encryption key.
Step S202, the first terminal establishes communication connection with the auxiliary encryption equipment, receives a second encryption key sent by the auxiliary encryption equipment, and performs multi-level key combination of the first encryption key and the second encryption key in a secondary encryption mode to obtain a data encryption key; or, the first encryption key and the second encryption key are superposed to obtain a data encryption key.
In one embodiment, there may be multiple combination strategies. Optionally, the multi-level key combination of the first encryption key and the second encryption key is performed in a manner of setting a second encryption to obtain a data encryption key. The secondary encryption mode is that for a data to be sent, firstly, a first encryption key is used for encryption to obtain encrypted intermediate information, and then, a second encryption key is used for encryption to obtain encrypted data which can be sent. Optionally, the first encryption key and the second encryption key may be superimposed to obtain a data encryption key, and the splicing of the first encryption key and the second encryption key is directly performed in this manner, for example, the first encryption key is a 64K-sized character string, the second encryption key is a 32K-sized character string, and the two are spliced to obtain a 96K-sized data encryption key of the character string. The specific splicing mode and the key use sequence in the foregoing strategy are not limited.
Step S203, the first terminal encrypts the sending data through the data encryption key to obtain encrypted data and sends the encrypted data to a second terminal, and the second terminal stores a first decryption key matched with the first encryption key.
Step S204, the second terminal establishes a communication connection with the auxiliary encryption device, receives a second decryption key sent by the auxiliary encryption device, and if the generation manner of the data encryption key is obtained by performing multi-level key combination of the first encryption key and the second encryption key in a manner of setting secondary encryption, correspondingly, performs multi-level key combination of the first decryption key and the second decryption key in a manner of setting secondary decryption to obtain a data decryption key, and decrypts the received encrypted data.
In one embodiment, the combination of the data decryption keys corresponds to the manner of generating the data encryption key. A policy is generated for consistency. If the decryption mode is the secondary encryption mode, the corresponding decryption mode is the secondary decryption mode.
As can be seen from the above, when a first terminal transmits data, an auxiliary encryption device is randomly determined by a server, and a first encryption key is stored in the first terminal; the first terminal establishes communication connection with the auxiliary encryption equipment, receives a second encryption key sent by the auxiliary encryption equipment, and combines the first encryption key and the second encryption key stored by the first terminal to obtain a data encryption key; the first terminal encrypts the sending data through the data encryption key to obtain encrypted data and sends the encrypted data to a second terminal, and the second terminal stores a first decryption key matched with the first encryption key; and the second terminal establishes communication connection with the auxiliary encryption equipment, receives a second decryption key sent by the auxiliary encryption equipment, combines the second decryption key with the stored first decryption key to obtain a data decryption key, and decrypts the received encrypted data. According to the scheme, the problem that the information is not protected safely and reliably enough for the safety chip in the related technology is solved, if the local secret key is tampered, the great risk of unsafe information can occur, and the information safety is improved.
Fig. 3 is a flowchart of another method for generating a key by key combination according to an embodiment of the present invention, as shown in fig. 3, specifically including:
step S301, when a first terminal sends data, the server randomly determines an auxiliary encryption device, and the first terminal stores a first encryption key.
Step S302, the first terminal establishes communication connection with the auxiliary encryption equipment, receives a second encryption key sent by the auxiliary encryption equipment, and performs multi-level key combination of the first encryption key and the second encryption key in a secondary encryption mode to obtain a data encryption key; or, the first encryption key and the second encryption key are superposed to obtain a data encryption key.
Step S303, the first terminal encrypts the sending data through the data encryption key to obtain encrypted data and sends the encrypted data to a second terminal, and the second terminal stores a first decryption key matched with the first encryption key.
Step S304, the second terminal establishes a communication connection with the auxiliary encryption device, receives a second decryption key sent by the auxiliary encryption device, and if the data encryption key is generated in a manner that the first encryption key and the second encryption key are superimposed, correspondingly, the first decryption key and the second decryption key are superimposed to obtain a data decryption key, and decrypts the received encrypted data.
In one embodiment, the combination of the data decryption keys corresponds to the aforementioned manner of generating the data encryption key. A policy is generated for consistency. If the decryption key is in the superposition mode, the decryption key is correspondingly superposed in the decryption process.
As can be seen from the above, when a first terminal transmits data, an auxiliary encryption device is randomly determined by a server, and a first encryption key is stored in the first terminal; the first terminal establishes communication connection with the auxiliary encryption equipment, receives a second encryption key sent by the auxiliary encryption equipment, and combines the first encryption key and the second encryption key stored by the first terminal to obtain a data encryption key; the first terminal encrypts the sending data through the data encryption key to obtain encrypted data and sends the encrypted data to a second terminal, and the second terminal stores a first decryption key matched with the first encryption key; and the second terminal establishes communication connection with the auxiliary encryption equipment, receives a second decryption key sent by the auxiliary encryption equipment, combines the second decryption key with the stored first decryption key to obtain a data decryption key, and decrypts the received encrypted data. According to the scheme, the problem that the information is not protected safely and reliably enough for the safety chip in the related technology is solved, if the local secret key is tampered, the great risk of unsafe information can occur, and the information safety is improved.
Fig. 4 is a block diagram of a security chip processing apparatus for performing key information combination encryption according to an embodiment of the present invention, where the security chip apparatus is configured to perform the security chip processing method for performing key information combination encryption according to the above-mentioned data receiving end embodiment, and has functional modules and beneficial effects corresponding to the execution method. As shown in fig. 4, the security chip device specifically includes: a device determination module 101, a first key combination module 102, a data transmission module 103, and a second key combination module 104, wherein,
the device determining module is configured to randomly determine auxiliary encryption devices through a server when data are sent, and a first encryption key is stored in the first terminal;
the first key combination module is configured to be in communication connection with the auxiliary encryption equipment, receive a second encryption key sent by the auxiliary encryption equipment, and combine the first encryption key and the second encryption key stored in the first key combination module to obtain a data encryption key;
the data sending module is configured to encrypt sending data through the data encryption key to obtain encrypted data and send the encrypted data to a second terminal, and the second terminal stores a first decryption key matched with the first encryption key;
and the first key combination module is configured to be in communication connection with the auxiliary encryption device, receive the second decryption key sent by the auxiliary encryption device, combine the second decryption key with the stored first decryption key to obtain a data decryption key, and decrypt the received encrypted data.
According to the scheme, when the first terminal sends data, the auxiliary encryption equipment is randomly determined through the server, and the first terminal stores the first encryption key; the first terminal establishes communication connection with the auxiliary encryption equipment, receives a second encryption key sent by the auxiliary encryption equipment, and combines the first encryption key and the second encryption key stored by the first terminal with the second encryption key to obtain a data encryption key; the first terminal encrypts the sending data through the data encryption key to obtain encrypted data and sends the encrypted data to a second terminal, and the second terminal stores a first decryption key matched with the first encryption key; and the second terminal establishes communication connection with the auxiliary encryption equipment, receives a second decryption key sent by the auxiliary encryption equipment, combines the second decryption key with the stored first decryption key to obtain a data decryption key, and decrypts the received encrypted data. According to the scheme, the problem that the information is not protected safely and reliably enough for the safety chip in the related technology is solved, if the local secret key is tampered, the great risk of unsafe information can occur, and the information safety is improved. Correspondingly, the functions executed by the modules are respectively as follows:
in a possible embodiment, the randomly determining, by the server, the auxiliary encryption device when the first terminal performs data transmission includes:
and when the first terminal transmits data, under the condition that a key updating condition is met, the server randomly determines the auxiliary encryption equipment, wherein the key updating condition comprises the change of the security level of the transmitted data and the time length for which the key meets the change.
In a possible embodiment, the combining the first encryption key and the second encryption key stored in the storage device to obtain a data encryption key includes:
performing multi-level key combination of the first encryption key and the second encryption key in a mode of setting secondary encryption to obtain a data encryption key; alternatively, the first and second electrodes may be,
and superposing the first encryption key and the second encryption key to obtain a data encryption key.
In a possible embodiment, said combining with said stored first decryption key to obtain a data decryption key comprises:
if the generation mode of the data encryption key is to perform multi-stage key combination of the first encryption key and the second encryption key in a set secondary encryption mode, correspondingly, performing multi-stage key combination of the first decryption key and the second decryption key in a set secondary decryption mode to obtain a data decryption key.
In a possible embodiment, said combining with said stored first decryption key to obtain a data decryption key comprises:
and if the generation mode of the data encryption key is obtained by superposing the first encryption key and the second encryption key, correspondingly superposing the first decryption key and the second decryption key to obtain the data decryption key.
In a possible embodiment, when the first terminal encrypts transmission data by using the data encryption key to obtain encrypted data and transmits the encrypted data to the second terminal, the method further includes:
and sending the mode of generating the data encryption key to the second terminal so as to be used for generating the data decryption key by the second terminal based on the mode of generating the data encryption key.
In one possible embodiment, the randomly determining, by the server, the secondary encryption device includes:
the server acquires the current position information of the first terminal;
and determining optional equipment within a preset range based on the position information, and determining auxiliary encryption equipment according to attack information recorded by the optional equipment.
Fig. 5 is a schematic structural diagram of a secure chip processing apparatus for encrypting key information combination according to an embodiment of the present invention, as shown in fig. 5, the apparatus includes a processor 201, a memory 202, an input secure chip device 203, and an output secure chip device 204; the number of the processors 201 in the device may be one or more, and one processor 201 is taken as an example in fig. 5; the processor 201, the memory 202, the input secure chip means 203 and the output secure chip means 204 in the device may be connected by a bus or other means, and the connection by the bus is exemplified in fig. 5. The memory 202 is a computer-readable storage medium, and can be used for storing software programs, computer-executable programs, and modules, such as program instructions/modules corresponding to the processing method of the security chip for encrypting the key information combination in the embodiment of the present invention. The processor 201 executes various functional applications and data processing of the device by running software programs, instructions and modules stored in the memory 202, that is, the secure chip processing method for encrypting the key information combination is realized. The input security chip means 203 may be used to receive input numeric or character information and generate key signal inputs relating to user settings and function control of the device. The output secure chip apparatus 204 may include a display device such as a display screen.
An embodiment of the present invention further provides a storage medium containing computer-executable instructions, which when executed by a computer processor, are configured to perform a method for processing a security chip for cryptographic key information combination encryption, where the method includes:
when a first terminal sends data, auxiliary encryption equipment is randomly determined through a server, and a first encryption key is stored in the first terminal;
the first terminal establishes communication connection with the auxiliary encryption equipment, receives a second encryption key sent by the auxiliary encryption equipment, and combines the first encryption key and the second encryption key stored by the first terminal to obtain a data encryption key;
the first terminal encrypts the sending data through the data encryption key to obtain encrypted data and sends the encrypted data to a second terminal, and the second terminal stores a first decryption key matched with the first encryption key;
and the second terminal establishes communication connection with the auxiliary encryption equipment, receives a second decryption key sent by the auxiliary encryption equipment, combines the second decryption key with the stored first decryption key to obtain a data decryption key, and decrypts the received encrypted data.
From the above description of the embodiments, it is obvious for those skilled in the art that the embodiments of the present invention can be implemented by software and necessary general hardware, and certainly can be implemented by hardware, but the former is a better implementation in many cases. Based on such understanding, the technical solutions of the embodiments of the present invention or portions thereof contributing to the prior art may be embodied in the form of a software product, which may be stored in a computer-readable storage medium, such as a floppy disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a FLASH Memory (FLASH), a hard disk or an optical disk of a computer, and includes several instructions for enabling a computer device (which may be a personal computer, a service, or a network device) to execute the methods described in the embodiments of the present invention.
It should be noted that, in the embodiment of the secure chip processing apparatus for encrypting the key information combination, the included units and modules are only divided according to the functional logic, but are not limited to the above division as long as the corresponding functions can be realized; in addition, specific names of the functional units are only for convenience of distinguishing from each other, and are not used for limiting the protection scope of the embodiment of the invention.
In some possible embodiments, various aspects of the methods provided by the present application may also be implemented in a form of a program product including program code for causing a computer device to perform the steps in the methods according to various exemplary embodiments of the present application described above in this specification when the program product runs on the computer device, for example, the computer device may perform the secure chip processing method of key information combination encryption described in the embodiments of the present application. The program product may be implemented using any combination of one or more readable media.
It should be noted that the foregoing is only a preferred embodiment of the present invention and the technical principles applied. Those skilled in the art will appreciate that the embodiments of the present invention are not limited to the specific embodiments described herein, and that various obvious changes, adaptations, and substitutions are possible, without departing from the scope of the embodiments of the present invention. Therefore, although the embodiments of the present invention have been described in more detail through the above embodiments, the embodiments of the present invention are not limited to the above embodiments, and many other equivalent embodiments may be included without departing from the concept of the embodiments of the present invention, and the scope of the embodiments of the present invention is determined by the scope of the appended claims.

Claims (9)

1. The processing method of the security chip for the key information combination encryption is characterized by comprising the following steps:
when a first terminal sends data, auxiliary encryption equipment is randomly determined through a server, and a first encryption key is stored in the first terminal;
the first terminal establishes communication connection with the auxiliary encryption equipment, receives a second encryption key sent by the auxiliary encryption equipment, and combines the first encryption key and the second encryption key stored by the first terminal with the second encryption key to obtain a data encryption key, wherein the data encryption key is obtained by combining multi-level keys of the first encryption key and the second encryption key in a secondary encryption mode; or, overlapping the first encryption key and the second encryption key to obtain a data encryption key;
the first terminal encrypts the sending data through the data encryption key to obtain encrypted data and sends the encrypted data to a second terminal, and the second terminal stores a first decryption key matched with the first encryption key;
and the second terminal establishes communication connection with the auxiliary encryption equipment, receives a second decryption key sent by the auxiliary encryption equipment, combines the second decryption key with the stored first decryption key to obtain a data decryption key, and decrypts the received encrypted data.
2. The method for processing the security chip through the combination encryption of the key information according to claim 1, wherein the randomly determining the auxiliary encryption device by the server when the first terminal performs the data transmission comprises:
and when the first terminal transmits data, under the condition that a key updating condition is met, the server randomly determines the auxiliary encryption equipment, wherein the key updating condition comprises the change of the security level of the transmitted data and the time length for which the key meets the change.
3. The method for processing the security chip by combining the key information with encryption according to claim 2, wherein the combining with the stored first decryption key to obtain the data decryption key comprises:
and if the generation mode of the data encryption key is to combine the multi-level keys of the first encryption key and the second encryption key in a set secondary encryption mode, correspondingly, combine the multi-level keys of the first decryption key and the second decryption key in a set secondary decryption mode to obtain the data decryption key.
4. The method for processing the security chip through the combination encryption of the key information according to claim 2, wherein the combination with the stored first decryption key to obtain the data decryption key comprises:
and if the generation mode of the data encryption key is obtained by superposing the first encryption key and the second encryption key, correspondingly superposing the first decryption key and the second decryption key to obtain the data decryption key.
5. The method for processing the security chip through the combination encryption of the key information according to claim 1, wherein when the first terminal encrypts the transmission data through the data encryption key to obtain the encrypted data and transmits the encrypted data to the second terminal, the method further comprises:
and sending the mode of generating the data encryption key to the second terminal so as to be used for the second terminal to generate the data decryption key based on the mode of generating the data encryption key.
6. The method for processing the security chip through the combination encryption of the key information according to any one of claims 1 to 5, wherein the randomly determining the auxiliary encryption device by the server comprises:
the server acquires the current position information of the first terminal;
and determining optional equipment within a preset range based on the position information, and determining auxiliary encryption equipment according to attack information recorded by the optional equipment.
7. The secure chip processing device for encrypting the key information combination is characterized by comprising:
the device determining module is configured to randomly determine auxiliary encryption devices through a server when a first terminal transmits data, wherein a first encryption key is stored in the first terminal;
the first key combination module is configured to enable a first terminal to be in communication connection with the auxiliary encryption device, receive a second encryption key sent by the auxiliary encryption device, and combine the first encryption key and the second encryption key stored in the first key combination module with the second encryption key to obtain a data encryption key, and is specifically configured to set a secondary encryption mode to combine multiple levels of keys of the first encryption key and the second encryption key to obtain the data encryption key; or, overlapping the first encryption key and the second encryption key to obtain a data encryption key;
the data transmission module is configured to encrypt transmission data through the data encryption key by the first terminal to obtain encrypted data and transmit the encrypted data to the second terminal, and the second terminal stores a first decryption key matched with the first encryption key;
and the second key combination module is configured to be in communication connection with the auxiliary encryption device, receive a second decryption key sent by the auxiliary encryption device, combine the second decryption key with the stored first decryption key to obtain a data decryption key, and decrypt the received encrypted data.
8. A secure chip processing apparatus for key information combination encryption, the apparatus comprising: one or more processors; storing a secure chip apparatus for storing one or more programs which, when executed by the one or more processors, cause the one or more processors to implement the secure chip processing method of cryptographic key information combination encryption as claimed in any one of claims 1 to 6.
9. A storage medium containing computer-executable instructions for performing the secure chip processing method of key information combination encryption of any one of claims 1-6 when executed by a computer processor.
CN202210996564.XA 2022-08-19 2022-08-19 Security chip processing method and device for key information combination encryption Active CN115085925B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210996564.XA CN115085925B (en) 2022-08-19 2022-08-19 Security chip processing method and device for key information combination encryption

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210996564.XA CN115085925B (en) 2022-08-19 2022-08-19 Security chip processing method and device for key information combination encryption

Publications (2)

Publication Number Publication Date
CN115085925A CN115085925A (en) 2022-09-20
CN115085925B true CN115085925B (en) 2022-12-20

Family

ID=83244778

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210996564.XA Active CN115085925B (en) 2022-08-19 2022-08-19 Security chip processing method and device for key information combination encryption

Country Status (1)

Country Link
CN (1) CN115085925B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117725605B (en) * 2024-02-07 2024-04-23 四川建设网有限责任公司 Method and system for remotely and automatically compiling electronic archive file information confidentiality

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2021061724A1 (en) * 2019-09-23 2021-04-01 Visa International Service Association System, method, and computer program product for secure key management
US11088835B1 (en) * 2017-08-23 2021-08-10 Hologram, Inc. Cryptographic module to generate cryptographic keys from cryptographic key parts
CN114531239A (en) * 2022-04-20 2022-05-24 广州万协通信息技术有限公司 Data transmission method and system for multiple encryption keys

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9607177B2 (en) * 2013-09-30 2017-03-28 Qualcomm Incorporated Method for securing content in dynamically allocated memory using different domain-specific keys
CN104052601B (en) * 2013-12-30 2017-08-11 国家电网公司 A kind of Key-insulated label decryption method
JP6273951B2 (en) * 2014-03-24 2018-02-07 富士通株式会社 ENCRYPTION DEVICE, ENCRYPTION METHOD, INFORMATION PROCESSING DEVICE, AND ENCRYPTION SYSTEM
CN105812354B (en) * 2016-03-07 2019-01-18 江苏大学 Location privacy protection method based on attack resistance in car networking under a kind of LBS background
GB2560587A (en) * 2017-03-17 2018-09-19 Univ Oxford Innovation Ltd Secure data exchange
US10538220B1 (en) * 2018-09-06 2020-01-21 GM Global Technology Operations LLC User activated/deactivated short-range wireless communications (SRWC) auxiliary key fob
CN114785618B (en) * 2022-06-16 2022-08-30 广州万协通信息技术有限公司 Data communication method and system based on adjacent node secondary authentication
CN114793184B (en) * 2022-06-22 2022-11-08 广州万协通信息技术有限公司 Security chip communication method and device based on third-party key management node
CN114915504B (en) * 2022-07-18 2022-12-20 广州万协通信息技术有限公司 Security chip initial authentication method and system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11088835B1 (en) * 2017-08-23 2021-08-10 Hologram, Inc. Cryptographic module to generate cryptographic keys from cryptographic key parts
WO2021061724A1 (en) * 2019-09-23 2021-04-01 Visa International Service Association System, method, and computer program product for secure key management
CN114531239A (en) * 2022-04-20 2022-05-24 广州万协通信息技术有限公司 Data transmission method and system for multiple encryption keys

Also Published As

Publication number Publication date
CN115085925A (en) 2022-09-20

Similar Documents

Publication Publication Date Title
CN110336774B (en) Mixed encryption and decryption method, equipment and system
CN108566381A (en) A kind of security upgrading method, device, server, equipment and medium
CN106790223B (en) Data transmission method, equipment and system
CN115065472B (en) Security chip encryption and decryption method and device based on multi-key encryption and decryption
CN110335043B (en) Transaction privacy protection method, device and system based on blockchain system
CN108199847B (en) Digital security processing method, computer device, and storage medium
CN113806772A (en) Information encryption transmission method and device based on block chain
CN110912920A (en) Data processing method, apparatus and medium
CN113114654B (en) Terminal equipment access security authentication method, device and system
CN115208697A (en) Adaptive data encryption method and device based on attack behavior
CN114915504B (en) Security chip initial authentication method and system
CN115085925B (en) Security chip processing method and device for key information combination encryption
CN114520727B (en) Security chip data protection method and system
CN114531239B (en) Data transmission method and system for multiple encryption keys
CN111654503A (en) Remote control method, device, equipment and storage medium
CN110198320B (en) Encrypted information transmission method and system
CN113992427B (en) Data encryption sending method and device based on adjacent nodes
CN114302367A (en) Certificate application method and device, electronic equipment and storage medium
CN115102701B (en) Multi-chip data encryption and decryption processing method and device
US9135449B2 (en) Apparatus and method for managing USIM data using mobile trusted module
CN114363094B (en) Data sharing method, device, equipment and storage medium
CN115118523B (en) Security chip encryption processing method and device for adjusting encryption strategy by terminal equipment
CN114584347A (en) Verification short message receiving and sending method, server, terminal and storage medium
CN111083164A (en) Safety protection method of industrial control system and related equipment
CN115208569B (en) Encryption and decryption method and device for dynamic key distribution

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant