CN115734215A - Key retrieving method, server and identification card - Google Patents
Key retrieving method, server and identification card Download PDFInfo
- Publication number
- CN115734215A CN115734215A CN202211064489.XA CN202211064489A CN115734215A CN 115734215 A CN115734215 A CN 115734215A CN 202211064489 A CN202211064489 A CN 202211064489A CN 115734215 A CN115734215 A CN 115734215A
- Authority
- CN
- China
- Prior art keywords
- key
- identification card
- encryption result
- random information
- operator
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The application discloses a key retrieving method, a server and an identification card, and relates to the technical field of communication. The method comprises the following steps: under the condition that the first identification card is lost, the terminal sends a key retrieval request to the operator service server; under the condition that a first encryption result returned by the operation business server is received, the first encryption result is decrypted based on the first key parameter, and random information is obtained; under the condition that a second encryption result sent by the first identification card is obtained from the preset address, the second encryption result is decrypted according to the random information, and a secret key is obtained; and providing the key, the first key parameter and the preset address for the operator security server so that the operator security server configures a second identification card based on the key, the first key parameter and the preset address, and the terminal logs in the preset client through the second identification card. The method can improve the safety of retrieving the user key and reduce the occurrence of the conditions of loss of user information and assets and the like.
Description
Technical Field
The present application relates to the field of communications technologies, and in particular, to a key retrieving method, a server, and an identification card.
Background
The metauniverse (Metaverse) is a virtual world which is linked and created by using scientific and technological means, is mapped and interacted with the real world, and is provided with a digital living space of a novel social system. The user information and assets in the metasequoium are both present in digital form, and the identification of the user identity depends on the user's private key, which if lost may result in the collapse of the user's personal universe.
In the related art, after the user loses the private key, the private key can be retrieved by the operator,
however, since the operator has relatively absolute control right on the private key, it is easy for lawless persons to maliciously obtain the private key of the user through the operator, thereby causing a relatively high risk to the assets of the user in the metasequoium, and failing to effectively guarantee the benefits of the user.
Disclosure of Invention
Therefore, the application provides a key retrieving method, a server and an identification card to solve the problem that a lawbreaker maliciously obtains a user private key through an operator to cause loss of user information and assets.
In order to achieve the above object, a first aspect of the present application provides a key retrieving method, applied to a terminal, the method including:
under the condition of losing the first identification card, sending a key retrieval request to an operator service server; the first identification card is internally provided with a key for logging in a preset client, a first key parameter and a preset address for retrieving the key, and the key retrieval request is used for triggering the operator service server to send a key retrieval instruction to the first identification card;
under the condition that a first encryption result returned by the operator service server is received, decrypting the first encryption result based on the first key parameter to obtain random information; the first encryption result is a result that the first identification card generates random information in response to the key retrieval instruction and encrypts the random information based on the built-in first key parameter;
under the condition that a second encryption result sent by the first identification card is obtained from the preset address, the second encryption result is decrypted according to the random information, and the secret key is obtained; the second encryption result is the result of encrypting the built-in secret key by the first identification card based on the random information;
and providing the key, the first key parameter and the preset address to an operator security server, so that the operator security server configures a second identification card based on the key, the first key parameter and the preset address, and the terminal logs in the preset client through the second identification card.
Further, after sending the key recovery request to the operator service server in the case of losing the first identification card, the method further includes:
receiving the identity authentication of the operator business server to obtain an identity authentication result;
wherein, the operator service server sends the key retrieval instruction to the first identification card when the identity authentication result is that the identity authentication is passed.
Further, the providing the key, the first key parameter, and the preset address to an operator security server includes:
inputting the key, the first key parameter and the preset address to the operator security server through a preset security keyboard;
wherein the processing procedure and the processing result of the operator security server are not shown to the operator service server.
In order to achieve the above object, a second aspect of the present application provides a key recovery method applied to an operator service server, the method including:
sending a key retrieval instruction to the first identification card in response to a key retrieval request sent by the terminal; the key retrieval request is a request sent under the condition that a first identification card is lost, and a key for logging in a preset client, a first key parameter and a preset address for retrieving the key are arranged in the first identification card;
receiving a first encryption result sent by the first identification card; the first encryption result is a result that the first identification card generates random information in response to the key retrieval instruction and encrypts the random information based on the built-in first key parameter;
forwarding the first encryption result to the terminal so that the terminal decrypts the first encryption result based on the first key parameter to obtain the random information, decrypts a second encryption result based on the random information to obtain the key, and configures a second identification card based on the key, the first key parameter and the preset address by an operator security server to enable the terminal to log in the preset client through the second identification card; wherein the second encryption result is a result of encrypting a built-in key by the first identification card based on the random information.
Further, the sending a key retrieval instruction to the first identification card includes:
and sending the key retrieval instruction to the first identification card through a preset signaling channel.
In order to achieve the above object, a third aspect of the present application provides a key retrieving method applied to a first identification card, where the first identification card has a built-in key for logging in a preset client, and a first key parameter and a preset address for retrieving the key, the method including:
generating random information in response to a key retrieval instruction sent by an operator service server;
encrypting the random information based on the built-in first key parameter to obtain a first encryption result;
encrypting the built-in secret key based on the random information to obtain a second encryption result;
forwarding the first encryption result to a terminal through the operator service server;
and sending the second encryption result to the preset address so that the terminal can decrypt the first encryption result based on the first key parameter to obtain the random information, decrypt the second encryption result based on the random information to obtain the key, and configure a second identification card by an operator security server based on the key, the first key parameter and the preset address so that the terminal can log in the preset client through the second identification card.
Further, before generating the random information in response to the key retrieval instruction sent by the operator service server, the method further includes:
determining the number of times of receiving the key retrieval instruction within a preset period under the condition of receiving the key retrieval instruction;
and determining whether to respond to the key retrieval instruction or not according to a preset threshold and the times.
In order to achieve the above object, a fourth aspect of the present application provides a terminal comprising:
the first sending module is used for sending a key retrieval request to the operator service server under the condition of losing the first identification card; the first identification card is internally provided with a key for logging in a preset client, a first key parameter and a preset address for retrieving the key, and the key retrieval request is used for triggering the operator service server to send a key retrieval instruction to the first identification card;
the first decryption module is used for decrypting a first encryption result based on the first key parameter under the condition that the first encryption result returned by the operator service server is received, so as to obtain random information; the first encryption result is a result that the first identification card generates random information in response to the key retrieval instruction and encrypts the random information based on the built-in first key parameter;
the second decryption module is used for decrypting a second encryption result sent by the first identification card according to the random information under the condition that the second encryption result is obtained from the preset address, so that the secret key is obtained; the second encryption result is the result of encrypting the built-in secret key by the first identification card based on the random information;
and the configuration module is used for providing the key, the first key parameter and the preset address to an operator security server so that the operator security server configures a second identification card based on the key, the first key parameter and the preset address, and the terminal logs in the preset client through the second identification card.
In order to achieve the above object, a fifth aspect of the present application provides an operator service server, including:
the second sending module is used for responding to a key retrieval request sent by the terminal and sending a key retrieval instruction to the first identification card; the key retrieval request is a request sent under the condition that a first identification card is lost, and a key for logging in a preset client, a first key parameter and a preset address for retrieving the key are arranged in the first identification card;
the receiving module is used for receiving a first encryption result sent by the first identification card; the first encryption result is a result that the first identification card generates random information in response to the key retrieval instruction and encrypts the random information based on the built-in first key parameter;
a third sending module, configured to forward the first encryption result to the terminal, so that the terminal decrypts the first encryption result based on the first key parameter to obtain the random information, decrypts a second encryption result based on the random information to obtain the key, and configures, by an operator security server, a second identity card based on the key, the first key parameter, and the preset address, so that the terminal logs in the preset client through the second identity card; wherein the second encryption result is a result of encrypting a built-in key by the first identification card based on the random information.
In order to achieve the above object, a sixth aspect of the present invention provides a first identification card, in which a key for logging in a preset client and a first key parameter and a preset address for retrieving the key are embedded, the first identification card comprising:
the generation module is used for responding to a key retrieval instruction sent by the operator business server and generating random information;
the first encryption module is used for encrypting the random information based on the built-in first key parameter to obtain a first encryption result;
the second encryption module is used for encrypting the built-in secret key based on the random information to obtain a second encryption result;
a fourth sending module, configured to forward the first encryption result to the terminal through the operator service server;
and the fifth sending module is used for sending the second encryption result to the preset address so that the terminal can decrypt the first encryption result based on the first key parameter to obtain the random information, decrypt the second encryption result based on the random information to obtain the key, and configure a second identification card based on the key, the first key parameter and the preset address by the operator security server so that the terminal can log in the preset client through the second identification card.
To achieve the above object, a seventh aspect of the present application provides an electronic device and a readable storage medium.
The application provides an electronic device, including: one or more processors; a memory, on which one or more programs are stored, which, when executed by the one or more processors, cause the one or more processors to implement any one of the key recovery methods in the embodiments of the present application.
The embodiment of the present application provides a readable storage medium, where a computer program is stored, and when the computer program is executed by a processor, the method for retrieving a key is implemented in any one of the embodiments of the present application.
The application has the following advantages:
according to the key retrieving method, the server and the identification card, under the condition that the first identification card is lost, the terminal sends a key retrieving request to the operator business server; the first identification card is internally provided with a key for logging in a preset client, a first key parameter and a preset address for retrieving the key, and the key retrieval request is used for triggering an operator service server to send a key retrieval instruction to the first identification card; under the condition that a first encryption result returned by the operation business server is received, decrypting the first encryption result based on the first key parameter to obtain random information; the first encryption result is a result that the first identification card generates random information in response to the key retrieval instruction and encrypts the random information based on a built-in first key parameter; under the condition that a second encryption result sent by the first identification card is obtained from the preset address, the second encryption result is decrypted according to the random information, and a secret key is obtained; the second encryption result is the result of encrypting the built-in secret key by the first identification card based on the random information; and providing the key, the first key parameter and the preset address for the operator security server so that the operator security server configures a second identification card based on the key, the first key parameter and the preset address, and the terminal logs in the preset client through the second identification card. The method divides a server at an operator side into an operator business server and an operator safety server, the operator business server executes basic services such as signaling interaction in the early stage of key retrieval, the operator safety server executes configuration operation of an identification card, so that keys and related information are not known by the operator business server, and the safety of the key retrieval process of a user is guaranteed through business division and server division, thereby effectively reducing the occurrence of the conditions that lawless persons maliciously obtain the private key of the user through the operator, so that the user information and assets are lost and the like.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this specification, illustrate embodiments of the application and together with the description serve to explain the principles of the application and not to limit the application.
Fig. 1 is a flowchart of a key recovery method according to an embodiment of the present application;
fig. 2 is a flowchart of a key recovery method according to an embodiment of the present application;
fig. 3 is a flowchart of a key recovery method according to an embodiment of the present application;
fig. 4 is a block diagram of a terminal according to an embodiment of the present application;
fig. 5 is a block diagram of an operator service server provided in an embodiment of the present application;
FIG. 6 is a block diagram of an identification card provided by an embodiment of the present application;
fig. 7 is a schematic diagram of an operating process of a key recovery method according to an embodiment of the present application;
fig. 8 is a signaling diagram of a key recovery method according to an embodiment of the present application;
fig. 9 is a block diagram of an electronic device provided in an embodiment of the present application.
Detailed Description
The following detailed description of embodiments of the present application will be made with reference to the accompanying drawings. It should be understood that the detailed description and specific examples, while indicating the present application, are given by way of illustration and explanation only, and are not intended to limit the present application.
As used herein, the term "and/or" includes any and all combinations of one or more of the associated listed items.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used in this application, the singular forms "a", "an" and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.
When the terms "comprises" and/or "comprising … …" are used in this application, the presence of the stated features, integers, steps, operations, elements and/or components are specified, but does not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components and/or groups thereof.
Unless otherwise defined, all terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art. It will be further understood that terms, such as those defined in commonly used dictionaries, should be interpreted as having a meaning that is consistent with their meaning in the context of the relevant art and the present application and will not be interpreted in an idealized or overly formal sense unless expressly so defined herein.
The metauniverse (Metaverse) is a virtual world which is linked and created by using a scientific and technological means and is mapped and interacted with the real world, and is provided with a digital living space of a novel social system. User information and assets in the metasphere exist in a digital form, identification of user identity depends on a private key (namely a secret key) of a user, and the user can log in a metasphere client through an identification card of the user to check related information or conduct transaction. Similarly, the user can log in the client based on the technology such as the block chain through the identification card.
If the key is lost once, it may cause the collapse of the user's personal universe/blockchain. In the related art, after a user loses a key, the user can retrieve the key through an operator, but the operator has absolute control right on the key, so that a lawbreaker can easily maliciously obtain a private key of the user through the operator, thereby causing a great risk to assets of the user in the metastic space, and effectively guaranteeing the benefit of the user.
In view of this, in the embodiment of the present application, when retrieving the user key, the server on the operator side is divided into the operator service server and the operator security server, the operator service server executes basic services such as signaling interaction in the previous key retrieval process, and the operator security server executes the configuration operation of the identification card, so that the key and related information are not known by the operator service server, and through service division and server division, the security of the user key retrieval process is ensured, thereby effectively reducing the occurrence of situations that a lawbreaker maliciously obtains the user private key through the operator, which causes loss of user information and assets, and the like.
In a first aspect, an embodiment of the present application provides a key recovery method.
Fig. 1 is a flowchart of a key recovery method provided in an embodiment of the present application, where the key recovery method is applicable to a terminal. As shown in fig. 1, the key recovery method includes the following steps:
and step S101, under the condition that the first identification card is lost, sending a key retrieving request to an operator service server.
The first identification card is internally provided with a key for logging in a preset client, a first key parameter and a preset address for retrieving the key, and the key retrieval request is used for triggering the operator service server to send a key retrieval instruction to the first identification card.
In some possible implementations, the first identification Card may be a Subscriber Identity module Card (SIM Card), and the user may embed a key and a first key parameter in the first identification Card in advance, so that the user may log in to a preset client based on the key. The preset client may be a metasma client, a blockchain client, or the like, the first key parameter is a parameter for retrieving the first key, and may be a password, an authentication code, or the like, and the first key parameter may be updated according to a requirement (for example, updated according to a preset period or updated when the identification card is reconfigured).
In some possible implementations, after the user loses the first identification card, the user sends a key recovery request to the operator service server to recover the key embedded in the first identification card. And the operator business server responds to the key recovery request and sends a key recovery instruction to the first identification card.
It should be noted that the key recovery request initiated by the user to the operator service server may be implemented in an online manner or an offline manner. For example, after losing the first identification card, the user uses the terminal to send a key recovery request to the carrier service server through a network (wired network, wireless network, etc.). As another example, after losing the first identification card, the user initiates a corresponding key recovery request to the operator's office.
It should be noted that, in some possible implementation manners, after receiving the key recovery request initiated by the user, the operator service server also performs identity authentication on the terminal to ensure that the key recovery request is initiated by a legal terminal or a legal user, thereby avoiding a third party from falsely using the user identity to steal the key as much as possible.
Illustratively, after receiving the key recovery request, the operator service server performs identity authentication on the terminal and obtains an identity authentication result. And, only in case that the identity authentication result is authenticated, the operator service server will perform the subsequent key retrieving operation (for example, send a key retrieving instruction to the first identification card).
The identity authentication can be realized in any one or more modes such as identity information reserved on the operator side by the user, safety answers corresponding to preset safety problems, dynamic verification code verification, biological information identification and the like, and the method is not limited to the mode for realizing the identity authentication.
And step S102, in the case of receiving the first encryption result returned by the operator service server, decrypting the first encryption result based on the first key parameter to obtain random information.
The first encryption result is a result that the first identification card generates random information in response to the key retrieval instruction and encrypts the random information based on a built-in first key parameter.
In some possible implementations, after step S101, after the first identification card receives the key retrieving instruction sent by the operator service server, the random information is generated, the random information is encrypted based on the built-in first key parameter, a first encryption result is obtained, and the first encryption result is forwarded to the terminal through the operator service server. And the operator service server forwards the first encryption result to the terminal when receiving the first encryption result sent by the first identification card. And after receiving the first encryption result, the terminal decrypts the first encryption result based on the first key parameter to obtain random information. The random information may be used to decrypt the second encrypted result.
In some possible implementation manners, the random information may be random numbers, random character strings, and other information with randomness, and the embodiment of the present application does not limit the random information. It should be understood that the random information is applied in the encryption and decryption process, so that the difficulty of encryption and decryption can be guaranteed to a certain extent, and the possibility of stealing user information is reduced.
For example, the first identification card generates a random number in response to the key recovery instruction, and encrypts the random number using the first key parameter based on a preset first encryption algorithm to obtain a first encryption result. And the terminal decrypts the first encryption result by using a preset first decryption algorithm under the condition of receiving the first encryption result which is sent by the first identification card and forwarded by the operator service server, so as to obtain the random information. Wherein the first decryption algorithm is a decryption algorithm corresponding to the first encryption algorithm.
And step S103, under the condition that the second encryption result sent by the first identification card is obtained from the preset address, decrypting the second encryption result according to the random information to obtain the secret key.
And the second encryption result is the result of encrypting the built-in key by the first identification card based on the random information. The random information is information generated by the first identification card in response to the key retrieval instruction.
In some possible implementations, after step S101, the first identification card encrypts the built-in key based on the random information in addition to generating the first encryption result, obtains a second encryption result, and sends the second encryption result to the preset address. After the terminal acquires the second encryption result from the preset address, the terminal decrypts the second encryption result using the random information acquired in step S102 to acquire a secret key.
In some possible implementations, the preset address may be a mailbox. In other words, the first identification card sends the second encryption result to the mailbox, and the terminal acquires the second encryption result from the mailbox.
It should be noted that the preset address may also be an address of other types, such as a network hard disk, and the embodiment of the present application does not limit the type of the preset address.
For example, the first identification card generates a random number in response to the key retrieving instruction, encrypts the built-in key by using the random number based on a preset second encryption algorithm to obtain a second encryption result, and sends the second encryption result to a mailbox corresponding to the preset address. And the terminal decrypts the second encryption result by using a preset second decryption algorithm based on the random information obtained by decryption under the condition of obtaining the second encryption result from the mailbox to obtain the secret key. Wherein the second decryption algorithm is a decryption algorithm corresponding to the second encryption algorithm.
And step S104, providing the key, the first key parameter and the preset address to an operator security server, so that the operator security server configures a second identification card based on the key, the first key parameter and the preset address, and the terminal logs in the preset client through the second identification card.
The safety level of the operator safety server is higher than that of the operator business server, and a physical isolation structure or a logic isolation structure is arranged between the operator safety server and the operator business server, so that the processing process and the processing result of the operator safety server are not displayed to the operator business server, and the safety of user information is further guaranteed.
In some possible implementations, the key, the first key parameter, and the preset address are input to the operator security server through a preset security keyboard.
In some possible implementations, the terminal sends the key, the first key parameter and the preset address to the operator security server over a dedicated communication link.
It should be noted that, for security, after retrieving the key, the user may change the first key parameter and/or the preset address, and configure the second identification card using the key and the changed first key parameter and/or the preset address. The terminal can log in the preset client through the configured second identification card.
In the embodiment of the application, under the condition that the first identification card is lost, the terminal sends a key retrieval request to the operator service server; under the condition that a first encryption result returned by the operation business server is received, the first encryption result is decrypted based on the first key parameter, and random information is obtained; under the condition that a second encryption result sent by the first identification card is obtained from the preset address, the second encryption result is decrypted according to the random information, and a secret key is obtained; and providing the key, the first key parameter and the preset address for the operator security server so that the operator security server configures a second identification card based on the key, the first key parameter and the preset address, and the terminal logs in the preset client through the second identification card. The method divides a server at an operator side into an operator business server and an operator safety server, the operator business server executes basic services such as signaling interaction at the early stage of key retrieval, the operator safety server executes configuration operation of an identification card, so that keys and related information are not known by the operator business server, and the safety of a user key retrieval process is ensured through business division and server division, thereby effectively reducing the occurrence of the conditions that lawbreakers maliciously obtain user private keys through operators, cause loss of user information and assets and the like.
Fig. 2 is a flowchart of a key recovery method provided in an embodiment of the present application, where the key recovery method is applicable to an operator service server. As shown in fig. 2, the key recovery method includes the following steps:
step S201, in response to the key retrieving request sent by the terminal, sending a key retrieving instruction to the first identification card.
The key retrieval request is a request sent under the condition that the first identification card is lost, and a key for logging in a preset client, a first key parameter for retrieving the key and a preset address are arranged in the first identification card.
In some possible implementations, after the user loses the first identification card, the user sends a key recovery request to the operator service server to recover the key embedded in the first identification card. And the operator business server responds to the key recovery request and sends a key recovery instruction to the first identification card.
In some possible implementations, the operator service server sends the key retrieval instruction to the first identification card through a preset signaling channel. It should be noted that the signaling channel is a channel dedicated by a communication operator to send various types of signaling, and is different from a data channel of a conventional service level, and the security level is relatively high. And no matter which terminal equipment the first identification card is positioned in, the first identification card can receive the key retrieving instruction as long as the terminal equipment is in the starting state.
Step S202, receiving a first encryption result sent by the first identification card.
The first encryption result is a result that the first identification card generates random information in response to the key retrieval instruction and encrypts the random information based on a built-in first key parameter.
In some possible implementation manners, the first identification card locally generates random information in response to a key retrieval instruction sent by the operator service server, encrypts the random information by using a preset first encryption algorithm and using a built-in first key parameter to obtain a first encryption result, and sends the first encryption result to the operator service server through a preset signaling channel.
Step S203, the first encryption result is forwarded to the terminal so that the terminal can decrypt the first encryption result based on the first key parameter to obtain random information, and decrypt the second encryption result based on the random information to obtain a key, and the operator security server configures a second identification card based on the key, the first key parameter and the preset address so that the terminal can log in the preset client through the second identification card.
In some possible implementations, the first identification card encrypts the built-in key based on the random information in addition to generating the first encryption result, obtains a second encryption result, and sends the second encryption result to the preset address. And after the terminal acquires the second encryption result from the preset address, the terminal decrypts the second encryption result by using the random information acquired by decrypting the first encryption result to acquire the secret key. Further, the terminal provides the key, the first key parameter and the preset address to the operator security server, and the operator security server configures a second identification card based on the key, the first key parameter and the preset address, so that the terminal logs in the preset client through the second identification card.
The safety level of the operator safety server is higher than that of the operator business server, and a physical isolation structure or a logic isolation structure is arranged between the operator safety server and the operator business server, so that the processing process and the processing result of the operator safety server are not displayed to the operator business server, and the safety of user information is further guaranteed.
It should be noted that, for security, after the terminal retrieves the key, the user may change the first key parameter and/or the preset address, so that the operator security server configures the second identity card using the key and the changed first key parameter and/or the changed preset address. The terminal can log in the preset client through the configured second identification card.
Fig. 3 is a flowchart of a key recovery method provided in an embodiment of the present application, where the key recovery method is applicable to a first identification card, and a key for logging in a preset client, and a first key parameter and a preset address for recovering the key are built in the first identification card. As shown in fig. 3, the key recovery method includes the following steps:
step S301, in response to a key retrieval instruction sent by the operator service server, generates random information.
In some possible implementations, the operator service server sends the key retrieval instruction to the first identification card through a preset signaling channel. The first identification card locally generates random information in response to the key retrieval instruction.
It should be noted that the signaling channel is a channel dedicated by a communication operator to send various types of signaling, and is different from a data channel of a conventional service level, and the security level is relatively high. And no matter which terminal equipment the first identification card is positioned in, the first identification card can receive the key retrieving instruction as long as the terminal equipment is in the starting state.
Step S302, the random information is encrypted based on the built-in first key parameter, and a first encryption result is obtained.
In some possible implementation manners, the random information may be random numbers, random character strings, and other information with randomness, and the embodiment of the present application does not limit the random information. It should be understood that the random information is applied in the encryption and decryption process, so that the difficulty of encryption and decryption can be guaranteed to a certain extent, and the possibility of stealing user information is reduced.
For example, the first identification card generates a random number in response to the key recovery instruction, and encrypts the random number using the first key parameter based on a preset first encryption algorithm to obtain a first encryption result.
Step S303, encrypt the built-in key based on the random information, and obtain a second encryption result.
For example, the first identification card generates a random number in response to the key retrieving instruction, and encrypts the built-in key using the random number based on a preset second encryption algorithm to obtain a second encryption result.
It should be noted that, the steps S302 and S303 may be executed simultaneously, or the steps S302 and S303 may be executed first, or the steps S303 and S302 may be executed first, and the execution sequence of the steps S302 and S303 is not limited in the embodiment of the present application.
Step S304, the first encryption result is forwarded to the terminal through the operator service server.
In some possible implementation manners, the first identification card sends the first encryption result to the operator server through a preset signaling channel, and the operator server forwards the first encryption result to the terminal.
Step S305, sending the second encryption result to a preset address, so that the terminal decrypts the first encryption result based on the first key parameter to obtain random information, decrypts the second encryption result based on the random information to obtain a key, and configures a second identification card based on the key, the first key parameter and the preset address by the operator security server to log the terminal in a preset client through the second identification card.
In some possible implementations, the preset address may be a mailbox. In other words, the first identification card sends the second encryption result to the mailbox, and the terminal acquires the second encryption result from the mailbox.
It should be noted that the preset address may also be an address of other types, such as a network hard disk, and the embodiment of the present application does not limit the type of the preset address.
In some possible implementation manners, the terminal decrypts the first encryption result by using a preset first decryption algorithm to obtain the random information, when receiving the first encryption result sent by the first identification card and forwarded by the operator service server. And the terminal decrypts the second encryption result by using a preset second decryption algorithm based on the random information obtained by decryption under the condition of obtaining the second encryption result from the preset address to obtain the secret key. Wherein the first decryption algorithm is a decryption algorithm corresponding to the first encryption algorithm, and the second decryption algorithm is a decryption algorithm corresponding to the second encryption algorithm. The terminal provides the key, the first key parameter and the preset address for the operator safety server, and the operator safety server configures a second identification card based on the key, the first key parameter and the preset address, so that the terminal logs in the preset client through the second identification card.
The safety level of the operator safety server is higher than that of the operator business server, and a physical isolation structure or a logic isolation structure is arranged between the operator safety server and the operator business server, so that the processing process and the processing result of the operator safety server are not displayed to the operator business server, and the safety of user information is further guaranteed.
It should be noted that, for security, after retrieving the key, the user may change the first key parameter and/or the preset address, and configure the second identification card using the key and the changed first key parameter and/or the preset address. The terminal can log in a preset client through the configured second identification card.
In some possible implementations, before step S301, the method further includes: under the condition that a key retrieval instruction is received, determining the number of times of the key retrieval instruction received in a preset period; and determining whether to respond to the key retrieval instruction according to a preset threshold and the times. The preset threshold value may be set according to experience, statistical data, actual requirements, and the like, which is not limited in the embodiment of the present application.
In some possible implementations, determining whether to respond to the key retrieval instruction according to a preset threshold and the number of times includes:
delaying the response key retrieval instruction or rejecting the response key retrieval instruction when the number of times is greater than or equal to a preset threshold; and responding to the key retrieval instruction when the times are less than a preset threshold value.
In summary, the number of times is less than the preset threshold, which indicates that the first identification card does not frequently receive the key retrieving instruction, and therefore, it can be preliminarily determined that the key retrieving instruction is a relatively safe and real instruction. Correspondingly, when the number of times exceeds the preset threshold, the first identification card receives the key recovery command more frequently, which is not in accordance with the conventional situation, and therefore, the first identification card can avoid the key leakage through a delayed response or response rejection mechanism.
In summary, by setting the preset threshold and determining the execution mode of the key retrieving instruction based on the preset threshold, it is possible to effectively deal with the situation that a hacker illegally obtains the key by trying a mass data, and the security of retrieving the key is improved.
In the embodiment of the application, the first identification card sends the first encryption result and the second encryption result through the signaling channel and the data channel respectively, the terminal obtains the key through decryption operation, and finally the operator security server with higher security configures the new second identification card, so that the security of key retrieval is effectively improved, and the information security of a user is ensured.
The steps of the above methods are divided for clarity, and the implementation may be combined into one step or split some steps, and the steps are divided into multiple steps, so long as the same logical relationship is included, which are within the scope of the present patent; it is within the scope of this patent to add insignificant modifications or introduce insignificant designs to the algorithms or processes, but not to change the core designs of the algorithms and processes.
In a second aspect, an embodiment of the present application provides a terminal and a server.
Fig. 4 is a block diagram of a terminal according to an embodiment of the present disclosure. As shown in fig. 4, the terminal includes:
a first sending module 401, configured to send a key recovery request to the operator service server in case of losing the first identification card.
The first identification card is internally provided with a key for logging in a preset client, a first key parameter and a preset address for retrieving the key, and the key retrieval request is used for triggering the operator service server to send a key retrieval instruction to the first identification card.
And a first decryption module 402, configured to, in a case that a first encryption result returned by the operator service server is received, decrypt the first encryption result based on the first key parameter, and obtain the random information.
The first encryption result is a result that the first identification card generates random information in response to the key retrieval instruction and encrypts the random information based on a built-in first key parameter.
The second decryption module 403 is configured to, when a second encryption result sent by the first identification card is obtained from the preset address, decrypt the second encryption result according to the random information to obtain a secret key.
And the second encryption result is the result of encrypting the built-in key by the first identification card based on the random information.
A configuration module 404, configured to provide the key, the first key parameter, and the preset address to the operator security server, so that the operator security server configures a second identification card based on the key, the first key parameter, and the preset address, and the terminal logs in the preset client through the second identification card.
Fig. 5 is a block diagram of an operator service server according to an embodiment of the present application. As shown in fig. 5, the operator service server includes:
a second sending module 501, configured to send a key retrieving instruction to the first identity card in response to a key retrieving request sent by the terminal.
The key retrieval request is a request sent under the condition that the first identification card is lost, and a key used for logging in a preset client side, a first key parameter used for retrieving the key and a preset address are arranged in the first identification card.
The receiving module 502 is configured to receive a first encryption result sent by a first identification card.
The first encryption result is a result that the first identification card generates random information in response to the key retrieval instruction and encrypts the random information based on a built-in first key parameter.
A third sending module 503, configured to forward the first encryption result to the terminal, so that the terminal decrypts the first encryption result based on the first key parameter to obtain random information, decrypts the second encryption result based on the random information to obtain a key, and configures, by the operator security server, the second identification card based on the key, the first key parameter, and the preset address, so that the terminal logs in the preset client through the second identification card; and the second encryption result is the result of encrypting the built-in key by the first identification card based on the random information.
Fig. 6 is a block diagram of an identification card according to an embodiment of the present application. As shown in fig. 6, the identification card includes:
the generating module 601 is configured to generate random information in response to a key retrieving instruction sent by the operator service server.
The first encryption module 602 is configured to encrypt the random information based on a built-in first key parameter to obtain a first encryption result.
A second encryption module 603, configured to encrypt the built-in key based on the random information, and obtain a second encryption result.
A fourth sending module 604, configured to forward the first encryption result to the terminal through the operator service server.
A fifth sending module 605, configured to send the second encryption result to the preset address, so that the terminal decrypts the first encryption result based on the first key parameter to obtain random information, decrypts the second encryption result based on the random information to obtain a key, and configures, by the operator security server, the second identification card based on the key, the first key parameter, and the preset address, so that the terminal logs in the preset client through the second identification card.
The functions or modules included in the apparatus provided in the embodiment of the present application may be used to execute the method described in the method embodiment of the first aspect, and specific implementation and technical effects thereof may refer to the description of the method embodiment above, and for brevity, are not described here again.
Each module in the present embodiment is a logical module, and in practical applications, one logical unit may be one physical unit, may be a part of one physical unit, or may be implemented by a combination of a plurality of physical units. In addition, in order to highlight the innovative part of the present application, a unit that is not so closely related to solving the technical problem proposed by the present application is not introduced in the present embodiment, but it does not indicate that no other unit exists in the present embodiment.
The key recovery method according to the embodiment of the present application is explained below with reference to fig. 7.
Fig. 7 is a schematic diagram of an operating process of a key recovery method according to an embodiment of the present application. As shown in fig. 7, the working process includes:
step S701, the user sets a key SK, a first key parameter PWD, and a preset address addr in the first SIM card.
The SK is equivalent to a user's private key of the metablock block chain, the PWD is a password set by the user, and the addr is a user mailbox address.
Step S702, when the user loses the first SIM card, the user sends a key retrieving request to the operator business hall, and the operator business server sends a key retrieving instruction to the first SIM card through the signaling channel.
The operator service server can perform identity authentication on the user, and only in the case of passing the identity authentication, the operator service server sends a key retrieval instruction to the first SIM card.
It should be noted that, no matter what terminal device the first SIM card is located in, as long as the terminal where the first SIM card is located is in the power-on state, the first SIM card can receive the key retrieval instruction sent by the operator service server.
Step S703, the first SIM card locally generates a random string Rand in response to the key retrieving instruction, calculates a first encryption result EPWD (Rand) according to a first encryption algorithm agreed in advance, and sends the first encryption result to the operator service server, where the EPWD () represents the first encryption algorithm with the PWD as a calculation parameter.
Step S704, the first SIM card calculates ERand (SK) according to a predetermined second encryption algorithm to obtain a second encryption result, and sends the second encryption result to the preset address addr, where ERand () represents the second encryption algorithm with Rand as a calculation parameter.
Step S705, the operator service server receives the first encryption result, and feeds back the first encryption result to the user or the terminal of the user.
Step S706, the user or the terminal decrypts the first encrypted result by using the PWD according to a first decryption algorithm agreed in advance to obtain the random character string Rand.
Step S707, the user or the terminal obtains the second encryption result from addr, and decrypts the second encryption result by using Rand according to the second encryption algorithm agreed in advance, so as to obtain SK.
Step S708, the user inputs PWD, SK, and addr to the operator security server through the password keyboard, and the operator security server configures the second SIM card using the above information and delivers the second SIM card to the user.
And step S709, the user puts the second SIM card into the terminal, and logs in the metas client again by using the information in the second SIM card.
Fig. 8 is a signaling diagram of a key recovery method according to an embodiment of the present application.
As shown in fig. 8, the signaling interaction procedure includes:
step S801, the terminal sends a key recovery request to the operator service server.
Step S802, the service server responds to the key retrieving request and performs identity authentication on the terminal.
Step S803, when the terminal passes the identity authentication, the operator service server sends a key retrieval instruction to the first identification card.
Step S804, the first identification card receives the key retrieving instruction, generates random information, encrypts the random information by using a built-in first key parameter, obtains a first encryption result, and sends the first encryption result to the operator service server.
Step S805, the operator service server forwards the first encryption result to the terminal.
In step S806, the first identification card encrypts the built-in key using the random information to obtain a second encryption result, and sends the second encryption result to the preset address.
In step S807, the terminal decrypts the first encryption result based on the first key parameter, and obtains the random information.
Step S808, the terminal obtains a second encryption result from the preset address.
And step S809, the terminal decrypts the second encryption result according to the random information to obtain a secret key.
Step S810, the terminal provides the key, the first key parameter and the preset address to the operator security server.
Step S811, the operator security server configures a second identification card based on the key, the first key parameter, and the preset address, so that the terminal logs in the preset client via the second identification card.
Fig. 9 is a block diagram of an electronic device provided in an embodiment of the present application.
Referring to fig. 9, an embodiment of the present application provides an electronic device, which includes:
one or more processors 901;
a memory 902 having one or more programs stored thereon that, when executed by the one or more processors, cause the one or more processors to implement the key recovery method of any of the above;
one or more I/O interfaces 903 coupled between the processor and the memory and configured to enable information interaction between the processor and the memory.
Among them, the processor 901 is a device with data processing capability, which includes but is not limited to a Central Processing Unit (CPU) or the like; memory 902 is a device having data storage capabilities including, but not limited to, random access memory (RAM, more specifically SDRAM, DDR, etc.), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), FLASH memory (FLASH); an I/O interface (read/write interface) 903 is coupled between the processor 901 and the memory 902 and can enable information interaction between the processor 901 and the memory 902, which includes but is not limited to a data Bus (Bus) and the like.
In some embodiments, the processor 901, memory 902, and I/O interface 903 are connected to each other and to other components of the computing device by a bus.
The present embodiment further provides a computer readable medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the key recovery method provided in the present embodiment, and in order to avoid repeated descriptions, specific steps of the key recovery method are not described herein again.
It will be understood by those of ordinary skill in the art that all or some of the steps of the above inventive method, systems, functional modules/units in the apparatus may be implemented as software, firmware, hardware, and suitable combinations thereof. In a hardware implementation, the division between functional modules/units mentioned in the above description does not necessarily correspond to the division of physical components; for example, one physical component may have multiple functions, or one function or step may be performed by several physical components in cooperation. Some or all of the physical components may be implemented as software executed by a processor, such as a central processing unit, digital signal processor, or microprocessor, or as hardware, or as an integrated circuit, such as an application specific integrated circuit. Such software may be distributed on computer readable media, which may include computer storage media (or non-transitory media) and communication media (or transitory media). The term computer storage media includes volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data, as is well known to those of ordinary skill in the art. Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital Versatile Disks (DVD) or other optical disk storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can be accessed by a computer. In addition, communication media typically embodies computer readable instructions, data structures, program modules or other data in a modulated data signal such as a carrier wave or other transport mechanism and includes any information delivery media as known to those skilled in the art.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising a … …" does not exclude the presence of another identical element in a process, method, article, or apparatus that comprises the element.
Those skilled in the art will appreciate that although some embodiments described herein include some features included in other embodiments, not others, combinations of features of different embodiments are meant to be within the scope of the embodiments and form different embodiments.
It is to be understood that the above embodiments are merely exemplary embodiments adopted to illustrate the principles of the present application, and the present application is not limited thereto. It will be apparent to those skilled in the art that various changes and modifications can be made therein without departing from the spirit and scope of the present application, and such changes and modifications are to be considered within the scope of the present application.
Claims (12)
1. A method for retrieving a key is applied to a terminal, and comprises the following steps:
under the condition that the first identification card is lost, sending a key retrieving request to an operator service server; the first identification card is internally provided with a key for logging in a preset client, a first key parameter and a preset address for retrieving the key, and the key retrieval request is used for triggering the operator service server to send a key retrieval instruction to the first identification card;
under the condition that a first encryption result returned by the operator service server is received, decrypting the first encryption result based on the first key parameter to obtain random information; the first encryption result is a result that the first identification card generates random information in response to the key retrieval instruction and encrypts the random information based on the built-in first key parameter;
under the condition that a second encryption result sent by the first identification card is obtained from the preset address, the second encryption result is decrypted according to the random information, and the secret key is obtained; the second encryption result is the result of encrypting the built-in secret key by the first identification card based on the random information;
and providing the key, the first key parameter and the preset address to an operator security server, so that the operator security server configures a second identification card based on the key, the first key parameter and the preset address, and the terminal logs in the preset client through the second identification card.
2. The key recovery method of claim 1, wherein after sending the key recovery request to the operator service server in case of losing the first identification card, the method further comprises:
receiving the identity authentication of the operator business server to obtain an identity authentication result;
wherein, when the identity authentication result is that the identity authentication is passed, the operator service server sends the key retrieval instruction to the first identification card.
3. The key recovery method of claim 1, wherein the providing the key, the first key parameter and the preset address to an operator security server comprises:
inputting the key, the first key parameter and the preset address to the operator security server through a preset security keyboard;
wherein the processing procedure and the processing result of the operator security server are not shown to the operator service server.
4. A key recovery method applied to an operator service server, the method comprising:
sending a key retrieval instruction to the first identification card in response to a key retrieval request sent by the terminal; the key retrieval request is a request sent under the condition that a first identification card is lost, and a key for logging in a preset client, a first key parameter and a preset address for retrieving the key are arranged in the first identification card;
receiving a first encryption result sent by the first identification card; the first encryption result is a result that the first identification card generates random information in response to the key retrieval instruction and encrypts the random information based on the built-in first key parameter;
forwarding the first encryption result to the terminal so that the terminal decrypts the first encryption result based on the first key parameter to obtain the random information, decrypts a second encryption result based on the random information to obtain the key, and configures a second identification card based on the key, the first key parameter and the preset address by an operator security server to enable the terminal to log in the preset client through the second identification card; wherein the second encryption result is a result of encrypting a built-in key by the first identification card based on the random information.
5. The key recovery method according to claim 4, wherein the sending the key recovery instruction to the first identification card comprises:
and sending the key retrieval instruction to the first identification card through a preset signaling channel.
6. A key retrieving method is applied to a first identification card, a key used for logging in a preset client side is arranged in the first identification card, and a first key parameter and a preset address used for retrieving the key are arranged in the first identification card, and the method comprises the following steps:
generating random information in response to a key retrieval instruction sent by an operator service server;
encrypting the random information based on the built-in first key parameter to obtain a first encryption result;
encrypting the built-in secret key based on the random information to obtain a second encryption result;
forwarding the first encryption result to a terminal through the operator service server;
and sending the second encryption result to the preset address so that the terminal can decrypt the first encryption result based on the first key parameter to obtain the random information, decrypt the second encryption result based on the random information to obtain the key, and configure a second identification card by an operator security server based on the key, the first key parameter and the preset address so that the terminal can log in the preset client through the second identification card.
7. The key recovery method according to claim 6, wherein before generating the random information in response to the key recovery instruction sent by the operator service server, the method further comprises:
determining the number of times of receiving the key retrieval instruction within a preset period under the condition of receiving the key retrieval instruction;
and determining whether to respond to the key retrieval instruction or not according to a preset threshold and the times.
8. A terminal, comprising:
the first sending module is used for sending a key retrieving request to the operator service server under the condition that the first identification card is lost; the first identification card is internally provided with a key for logging in a preset client, a first key parameter and a preset address for retrieving the key, and the key retrieval request is used for triggering the operator service server to send a key retrieval instruction to the first identification card;
the first decryption module is used for decrypting a first encryption result based on the first key parameter under the condition that the first encryption result returned by the operator service server is received, and obtaining random information; the first encryption result is a result that the first identification card generates random information in response to the key retrieval instruction and encrypts the random information based on the built-in first key parameter;
the second decryption module is used for decrypting a second encryption result sent by the first identification card according to the random information under the condition that the second encryption result is obtained from the preset address, so that the secret key is obtained; the second encryption result is the result of encrypting the built-in secret key by the first identification card based on the random information;
and the configuration module is used for providing the key, the first key parameter and the preset address to an operator security server so that the operator security server configures a second identification card based on the key, the first key parameter and the preset address, and the terminal logs in the preset client through the second identification card.
9. An operator services server, comprising:
the second sending module is used for responding to a key retrieval request sent by the terminal and sending a key retrieval instruction to the first identification card; the key retrieval request is a request sent under the condition that a first identification card is lost, and a key for logging in a preset client, a first key parameter and a preset address for retrieving the key are arranged in the first identification card;
the receiving module is used for receiving a first encryption result sent by the first identification card; the first encryption result is a result that the first identification card generates random information in response to the key retrieval instruction and encrypts the random information based on the built-in first key parameter;
a third sending module, configured to forward the first encryption result to the terminal, so that the terminal decrypts the first encryption result based on the first key parameter to obtain the random information, decrypts a second encryption result based on the random information to obtain the key, and configures, by an operator security server, a second identity card based on the key, the first key parameter, and the preset address, so that the terminal logs in the preset client through the second identity card; and the second encryption result is the result of encrypting the built-in key by the first identification card based on the random information.
10. A first identification card is characterized in that a key used for logging in a preset client side is arranged in the first identification card, and a first key parameter and a preset address used for retrieving the key are arranged in the first identification card, and the first identification card comprises:
the generation module is used for responding to a key retrieval instruction sent by the operator business server and generating random information;
the first encryption module is used for encrypting the random information based on the built-in first key parameter to obtain a first encryption result;
the second encryption module is used for encrypting the built-in secret key based on the random information to obtain a second encryption result;
a fourth sending module, configured to forward the first encryption result to the terminal through the operator service server;
and the fifth sending module is used for sending the second encryption result to the preset address so that the terminal can decrypt the first encryption result based on the first key parameter to obtain the random information, decrypt the second encryption result based on the random information to obtain the key, and configure a second identification card based on the key, the first key parameter and the preset address by the operator security server so that the terminal can log in the preset client through the second identification card.
11. An electronic device, comprising:
one or more processors;
memory having one or more programs stored thereon that, when executed by the one or more processors, cause the one or more processors to implement the key recovery method of any of claims 1-3, or claims 4-5, or claims 6-7.
12. A readable storage medium, characterized in that the readable storage medium stores a computer program which, when executed by a processor, implements the key recovery method according to any one of claims 1 to 3, or claims 4 to 5, or claims 6 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211064489.XA CN115734215A (en) | 2022-09-01 | 2022-09-01 | Key retrieving method, server and identification card |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211064489.XA CN115734215A (en) | 2022-09-01 | 2022-09-01 | Key retrieving method, server and identification card |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115734215A true CN115734215A (en) | 2023-03-03 |
Family
ID=85293006
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211064489.XA Pending CN115734215A (en) | 2022-09-01 | 2022-09-01 | Key retrieving method, server and identification card |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115734215A (en) |
-
2022
- 2022-09-01 CN CN202211064489.XA patent/CN115734215A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10122713B2 (en) | Method and device for the secure authentication and execution of programs | |
| CN110868291B (en) | Data encryption transmission method, device, system and storage medium | |
| CN110505055B (en) | External network access identity authentication method and system based on asymmetric key pool pair and key fob | |
| CN110690956B (en) | Bidirectional authentication method and system, server and terminal | |
| CN111971929A (en) | Secure distributed key management system | |
| WO2020123926A1 (en) | Decentralized computing systems and methods for performing actions using stored private data | |
| CN109347923B (en) | Anti-quantum computing cloud storage method and system based on asymmetric key pool | |
| EP3292654B1 (en) | A security approach for storing credentials for offline use and copy-protected vault content in devices | |
| CN114244508A (en) | Data encryption method, device, equipment and storage medium | |
| CN110519222B (en) | External network access identity authentication method and system based on disposable asymmetric key pair and key fob | |
| CN109088729B (en) | Key storage method and device | |
| CN109891823B (en) | Method, system, and non-transitory computer readable medium for credential encryption | |
| US11606196B1 (en) | Authentication system for a multiuser device | |
| CN112291189B (en) | Method, device, equipment and storage medium for sending and checking ciphertext | |
| WO2023014895A1 (en) | Information dispersal for secure data storage | |
| CN115734215A (en) | Key retrieving method, server and identification card | |
| KR102094606B1 (en) | Apparatus and method for authentication | |
| CN108985079B (en) | Data verification method and verification system | |
| CN110086627B (en) | Quantum communication service station key negotiation method and system based on asymmetric key pool pair and time stamp | |
| CN113839773A (en) | LUKS key offline extraction method, terminal equipment and storage medium | |
| CN112926065A (en) | Customizable encryption and decryption device, encryption and decryption method and storage equipment | |
| CN107302542B (en) | Biological feature-based communication method and device | |
| CN113411347B (en) | Transaction message processing method and processing device | |
| US11831759B1 (en) | Optimized authentication system for a multiuser device | |
| US12021975B2 (en) | Authentication system for a multiuser device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |