CN117375850A - Password integrated application method, system and medium - Google Patents

Password integrated application method, system and medium Download PDF

Info

Publication number
CN117375850A
CN117375850A CN202311501493.2A CN202311501493A CN117375850A CN 117375850 A CN117375850 A CN 117375850A CN 202311501493 A CN202311501493 A CN 202311501493A CN 117375850 A CN117375850 A CN 117375850A
Authority
CN
China
Prior art keywords
algorithm
user
signature
type
parameters
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202311501493.2A
Other languages
Chinese (zh)
Inventor
马国朋
肖雪
商广勇
马振
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Inspur Shandong Quality Chain Technology Co Ltd
Original Assignee
Inspur Shandong Quality Chain Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Inspur Shandong Quality Chain Technology Co Ltd filed Critical Inspur Shandong Quality Chain Technology Co Ltd
Priority to CN202311501493.2A priority Critical patent/CN117375850A/en
Publication of CN117375850A publication Critical patent/CN117375850A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3268Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a password integrated application method, a password integrated application system and a password integrated application medium, belongs to the technical field of cryptography, and is used for solving the technical problems that the application threshold of the conventional password application mode is high, and the requirements of different security requirements and the requirements of a password algorithm under application scenes cannot be met. The method comprises the following steps: generating a user certificate based on the enterprise authentication information of the user; after verifying that the user certificate is valid, pre-generating and/or receiving encryption algorithm parameters and signature algorithm parameters according to the type of the password algorithm and the type of the signature algorithm selected by the user; encrypting and decrypting information input by a user according to the type of the cryptographic algorithm and the parameters of the cryptographic algorithm; and carrying out signature operation and signature verification on the user according to the signature algorithm type and the signature algorithm parameters. More choices are provided for users, the password protection capability is enhanced, the reliability and the security of the system are improved, and the development of standardization and interoperability is promoted.

Description

Password integrated application method, system and medium
Technical Field
The present invention relates to the field of cryptography, and in particular, to a method, a system, and a medium for cryptographic integration application.
Background
The application of cryptography technology in various aspects of society is also becoming more and more important today in the world of internet of things. With the widespread and rapid development of information transmission, security has become a key issue for enterprise and personal data protection. Commercial cryptographic algorithms are one of the important tools for protecting data security, and have different characteristics and application scenes. First, the variety of commercial cryptographic algorithms is large, and each algorithm has its own advantages and application scenarios.
But the underlying technology of the cryptography technology is complex, the knowledge content is high, the learning curves of developers and users are steep, and the development and use threshold is high. Second, if only a single cryptographic algorithm is relied upon, once the algorithm is vulnerable or hacked, the security of the system is severely compromised. And the requirements of different enterprises, organizations or individuals on the cryptographic algorithms may vary from case to case. Some scenarios may place higher demands on the encryption strength of the algorithm and some scenarios may place more emphasis on the performance and efficiency of the algorithm. The current cryptography application mode cannot meet different security requirements and the requirements of the cryptographic algorithm under application scenes, and provides a flexible, safe and reliable data protection mechanism.
Disclosure of Invention
The embodiment of the invention provides a password integrated application method, a password integrated application system and a password integrated application medium, which are used for solving the following technical problems: the current cryptography application mode has higher application threshold and can not meet the requirements of different security and the requirements of the cryptographic algorithm under application scenes.
The embodiment of the invention adopts the following technical scheme:
in one aspect, an embodiment of the present invention provides a cryptographic integration application method, where the method includes:
generating a user certificate based on the enterprise authentication information of the user;
after verifying that the user certificate is valid, pre-generating and/or receiving encryption algorithm parameters and signature algorithm parameters according to the type of the password algorithm and the type of the signature algorithm selected by the user;
encrypting and decrypting information input by a user according to the type of the cryptographic algorithm and the parameters of the cryptographic algorithm;
and carrying out signature operation and signature verification on the user according to the signature algorithm type and the signature algorithm parameters.
In a possible implementation manner, the user certificate is generated based on the enterprise authentication information of the user, and specifically includes:
after a user logs in a password integration application platform, receiving enterprise authentication information of the user;
auditing enterprise authentication information of the user;
after the verification is passed, authenticating the user as an enterprise user;
generating a user certificate of the enterprise user based on the certificate application request of the enterprise user; wherein the user credentials are credentials of a user using a cryptographically integrated application platform.
In a possible implementation manner, the encryption algorithm parameters and the signature algorithm parameters are pre-generated and/or received according to the type of the cryptographic algorithm and the type of the signature algorithm selected by the user, and specifically include:
acquiring a type of a cryptographic algorithm selected by a user;
if the type of the cryptographic algorithm belongs to a first algorithm type range, pre-generating encryption algorithm parameters and signature algorithm parameters of the type of the cryptographic algorithm; wherein the first algorithm type range includes at least: SM9 national encryption algorithm and threshold encryption algorithm;
if the type of the cryptographic algorithm belongs to the second algorithm type range, receiving the cryptographic algorithm parameters and the signature algorithm parameters input by a user; wherein the second algorithm type range includes at least: SM2 national encryption algorithm, SM3 national encryption algorithm, SM4 national encryption algorithm, SM9 national encryption algorithm, zuc encryption algorithm, aes encryption algorithm, md5 encryption algorithm.
In a possible implementation manner, the encryption algorithm parameters and the signature algorithm parameters of the cryptographic algorithm type are pre-generated, and specifically include:
if the type of the cryptographic algorithm is SM9 cryptographic algorithm, creating a corresponding algorithm identifier;
generating a group of signature main public and private keys and encryption main public and private keys for the algorithm identification, and recording and generating records;
if the type of the cryptographic algorithm is a threshold encryption algorithm, a pair of keys are created, and a private key encryption segmentation share and a decryption segmentation share are defined;
and encrypting the split share and decrypting the split share according to the private key, and giving the generated split private key and the complete public key to the user.
In a possible implementation manner, according to the type of the cryptographic algorithm and the parameters of the cryptographic algorithm, the encryption and decryption operation is performed on the information input by the user, and specifically includes:
determining the type of the required encryption algorithm parameters according to the type of the encryption algorithm selected by the user; the SM2 national encryption algorithm, the SM3 national encryption algorithm and the SM5 national encryption algorithm do not need additional parameters; the SM4 national encryption algorithm and the aes encryption algorithm need to define key parameters; the SM9 national encryption algorithm needs enterprise society unifying credit code parameters, encryption main public key parameters and encryption identification parameters; the ZUC encryption algorithm requires a key parameter and a vector parameter of 16 bits in length;
displaying the type of the required encryption algorithm parameters in a user interface to prompt a user to input the corresponding encryption algorithm parameters;
invoking an encryption algorithm corresponding to the encryption algorithm type, substituting the encryption algorithm parameter, carrying out encryption operation on a plaintext input by a user, and returning the ciphertext to the user;
and decrypting the ciphertext through a corresponding decryption algorithm.
In a possible implementation manner, according to the signature algorithm type and the signature algorithm parameter, performing signature operation and signature verification on a user specifically includes:
determining the type of the required signature algorithm parameters according to the type of the signature algorithm selected by the user;
displaying the type of the required signature algorithm parameters in a user interface to prompt a user to input corresponding signature algorithm parameters;
invoking a signature algorithm corresponding to the signature algorithm type, substituting the signature algorithm parameter, performing signature operation on signature content input by a user, and returning a signature result to the user;
and verifying the signature result through a corresponding signature verification algorithm.
In a possible implementation manner, the signature result is verified through a corresponding signature verification algorithm, which specifically includes:
determining the parameter type of the required signature verification algorithm according to the signature verification algorithm type selected by the user;
displaying the type of the parameter of the required signing algorithm to a user interface so as to prompt a user to input the corresponding signing algorithm parameter;
invoking a signature verification algorithm corresponding to the signature verification algorithm type, substituting the signature verification algorithm parameter, performing signature verification operation on the signature original text and the signature result input by the user, and returning the verification result to the user.
In a possible embodiment, after signature verification of the user according to the signature algorithm type and the signature algorithm parameters, the method further comprises:
and storing and recording the encryption and decryption algorithm type, the signature verification algorithm type, the input encryption and decryption algorithm parameters and the signature verification algorithm parameters which are called by each user.
In another aspect, an embodiment of the present invention further provides a cryptographic integration application system, where the system includes:
the certificate generation module is used for generating a user certificate based on enterprise authentication information of the user;
the encryption and decryption module is used for pre-generating and/or receiving encryption algorithm parameters and signature algorithm parameters according to the type of the cryptographic algorithm and the type of the signature algorithm selected by the user after verifying that the user certificate is valid; encrypting and decrypting information input by a user according to the type of the cryptographic algorithm and the parameters of the cryptographic algorithm;
and the signature verification module is used for carrying out signature operation and signature verification on the user according to the signature algorithm type and the signature algorithm parameters.
Finally, an embodiment of the present invention also provides a storage medium, where the storage medium is a non-volatile computer readable storage medium, where at least one program is stored, where each program includes instructions that, when executed by a terminal, cause the terminal to perform a cryptographic integration application method.
Compared with the prior art, the password integrated application method, the password integrated application system and the password integrated application medium provided by the embodiment of the invention have the following beneficial effects:
1. the invention integrates a plurality of cryptographic algorithms and can provide a more comprehensive and multi-level data encryption and protection mechanism. Different algorithms can select proper algorithms for data encryption, decryption and transmission according to different security requirements and scenes, so that the security and confidentiality of data are improved.
2. Among the various commercially available cryptographic algorithms integrated by the present invention are algorithms with high intensity encryption, such as AES and SM4. The algorithm can resist the current common password cracking technology and attack means, provides stronger protection for key information of users, and avoids sensitive data leakage and malicious invasion.
3. By building a plurality of commercial password integration platforms, the system can still keep safe and reliable under the condition that a certain password algorithm has loopholes or is broken. Even if one algorithm has a problem, other algorithms can still continue to play roles, so that the safety of the system and data is protected, and the risk of the system being attacked is reduced.
4. The flexibility of the commercial cryptographic integration platform allows a user to select an appropriate cryptographic algorithm according to different needs. Some scenarios may be more focused on algorithm performance and efficiency, while some scenarios may have higher security requirements. Through integrating a plurality of commercial cryptographic algorithms, a user can pertinently select the algorithm suitable for own needs, and the adaptability and the flexibility of the system are improved.
5. The establishment of a commercial cryptographic integration platform can promote the standardization and interoperability of cryptographic algorithms. By integrating a plurality of commercial cryptographic algorithms, compatibility and cooperative work between different systems and applications are promoted, obstacles in the data transmission and exchange process are reduced, and interoperability and overall efficiency of the systems are improved.
In general, the construction and application of the commercial password integrated platform effectively improves the security of data and can cope with challenges of different requirements and scenes. The method provides more choices for users, enhances the password protection capability, improves the reliability and the security of the system, and promotes the development of standardization and interoperability. Data protection and information security in a digital environment are promoted.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings that are required to be used in the embodiments or the description of the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments described in the present invention, and other drawings may be obtained according to the drawings without inventive effort to those skilled in the art. In the drawings:
FIG. 1 is a flowchart of a cryptographic integration application method according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of a cryptographic integrated application device according to an embodiment of the present invention.
Detailed Description
In order to make the technical solution of the present invention better understood by those skilled in the art, the technical solution of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is apparent that the described embodiments are only some embodiments of the present invention, not all embodiments. All other embodiments, which can be made by one of ordinary skill in the art based on the embodiments herein without making any inventive effort, shall fall within the scope of the present invention.
The embodiment of the invention provides a password integration application method, which specifically comprises the following steps S101-S104 as shown in FIG. 1:
s101, generating a user certificate based on enterprise authentication information of the user.
Specifically, after a user logs in the password integration application platform, enterprise authentication information of the user is received. And auditing the enterprise authentication information of the user. And after the verification is passed, authenticating the user as the enterprise user. Then generating a user certificate of the enterprise user based on the certificate application request of the enterprise user; the user certificate is a certificate of the password integrated application platform used by the user.
As a possible implementation mode, the commercial password integration platform administrator account can create different users, the users can authenticate enterprise users after logging in and then apply for own certificates, the certificates are issued after the certificates are checked and passed, the user certificates are certificates of the users using the commercial password integration platform, and meanwhile, the administrator can revoke the certificates.
S102, after verifying that the user certificate is valid, pre-generating and/or receiving encryption algorithm parameters and signature algorithm parameters according to the type of the password algorithm and the type of the signature algorithm selected by the user.
Specifically, a user-selected type of cryptographic algorithm is obtained. If the type of the cryptographic algorithm belongs to the first algorithm type range, pre-generating the cryptographic algorithm parameters and the signature algorithm parameters of the type of the cryptographic algorithm; wherein the first algorithm type range includes at least: SM9 national encryption algorithm and threshold encryption algorithm. If the type of the cryptographic algorithm belongs to the second algorithm type range, receiving the cryptographic algorithm parameters and the signature algorithm parameters input by the user; wherein the second algorithm type range includes at least: SM2 national encryption algorithm, SM3 national encryption algorithm, SM4 national encryption algorithm, SM9 national encryption algorithm, zuc encryption algorithm, aes encryption algorithm, md5 encryption algorithm.
As a possible implementation, if the cryptographic algorithm type is SM9 cryptographic algorithm, a corresponding algorithm identifier is created. And generating a group of signature main public and private keys and encryption main public and private keys for the algorithm identification, and recording and generating records. If the type of the cryptographic algorithm is a threshold encryption algorithm, a pair of keys is created, and a private key encryption split share and a decryption split share are defined. And encrypting the split share and decrypting the split share according to the private key, and giving the generated split private key and the complete public key to the user.
As a feasible implementation mode, for a specific algorithm type, mainly an SM9 national encryption algorithm and a threshold encryption algorithm, parameters required by encryption, decryption and signature verification are pre-generated. The SM9 needs to firstly create an identification type, then generate a group of signature main public and private keys and encryption main public and private keys for the identification, and record the generated record; the threshold needs to create a secret key according to the actual situation, give the private key the required split share and decrypt the required split share, and then give the generated complete public key and the split private key to the user.
S103, encrypting and decrypting the information input by the user according to the type of the cryptographic algorithm and the parameters of the cryptographic algorithm.
Specifically, according to the encryption algorithm type selected by the user, determining the required encryption algorithm parameter type; the SM2 national encryption algorithm, the SM3 national encryption algorithm and the SM5 national encryption algorithm do not need additional parameters; the SM4 national encryption algorithm and the aes encryption algorithm need to define key parameters; the SM9 national encryption algorithm needs enterprise society unifying credit code parameters, encryption main public key parameters and encryption identification parameters; the ZUC encryption algorithm requires a key parameter and a vector parameter of 16 bits in length.
Further, the type of the required encryption algorithm parameter is displayed in the user interface to prompt the user to input the corresponding encryption algorithm parameter. And calling an encryption algorithm corresponding to the encryption algorithm type, substituting the encryption algorithm parameter, carrying out encryption operation on a plaintext input by a user, and returning the ciphertext to the user. And when the user needs to decrypt, decrypting the ciphertext through a corresponding decryption algorithm. If the user selects the threshold encryption algorithm for encryption, the corresponding threshold decryption algorithm is also used for decryption.
As a possible implementation manner, after the user logs in, whether the user certificate is valid is verified, after the user logs in, the user selects encryption algorithm types (sm 2, sm3, sm4, sm9, a threshold, ZUC, aes, md5 and the like), different encryption parameters (sm 2, sm3, md5 do not need additional parameters) are input according to the selected algorithm types, sm4 and aes are custom keys, sm9 is enterprise society unified credit codes, encryption main public keys and encryption identifications, ZUC is a custom 16-bit-length key and vector, and the threshold is an encryption public key) and encryption plaintext. And the system calls an encryption algorithm selected by the user to carry out encryption operation, and returns the ciphertext to the front-end user. When the user needs to decrypt, the types of decryption algorithms (m 2, sm4, sm9, a threshold, ZUC, aes and the like are selected in the system, and the decryption is not needed because sm3 and md5 are irreversible in encryption, different decryption parameters are input according to the selected types of algorithms (sm 2 does not need additional parameters; sm4 and aes are keys customized during encryption; sm9 is enterprise society unified credit codes, encryption master public keys, decryption identification keys and identifications; ZUC is a self-defined 16-bit-length key and vector; and the threshold is a private key with the same number as decryption share) and ciphertext, and the system calls the decryption algorithm selected by the user to decrypt and returns the decrypted plaintext to the front-end user.
S104, carrying out signature operation and signature verification on the user according to the type of the signature algorithm and the parameters of the signature algorithm.
Specifically, the type of the required signature algorithm parameters is determined according to the type of the signature algorithm selected by the user. Displaying the type of the required signature algorithm parameters in a user interface to prompt a user to input the corresponding signature algorithm parameters; and calling a signature algorithm corresponding to the signature algorithm type, substituting the signature algorithm parameter, performing signature operation on the signature content input by the user, and returning a signature result to the user. And then determining the parameter type of the required signature verification algorithm according to the signature verification algorithm type selected by the user. And displaying the type of the required signing algorithm parameter in a user interface to prompt a user to input the corresponding signing algorithm parameter. Invoking a signature verification algorithm corresponding to the signature verification algorithm type, substituting the signature verification algorithm parameter, performing signature verification operation on the signature original text and the signature result input by the user, and returning the verification result to the user.
As a possible implementation, the user selects a signature algorithm type (sm 9, threshold, ZUC, etc.), and inputs different encryption parameters (sm 9 is enterprise society unified credit code, signature master public key, signature identifier, ZUC is a self-defined 16-bit-length key and vector, and threshold is a number of private keys equal to the signature share) and signature content according to the selected algorithm type. And the system calls a signature algorithm selected by the user to carry out signature operation, and returns a signature result to the front-end user. When a user needs to verify a signature, selecting a signature verification algorithm type (sm 9, a threshold, ZUC and the like) in a system, inputting different signature verification parameters according to the selected algorithm type (sm 9 is a unified credit code of an enterprise society, a signature main public key, a signature identification key and an identification, ZUC is a self-defined key and vector with 16-bit length, the threshold is the signature verification public key), a signature original text and a signature result, performing signature verification operation by the system through the selected signature verification algorithm, and returning the signature verification result to a front-end user.
Further, the encryption and decryption algorithm type, the signature verification algorithm type, the input encryption and decryption algorithm parameters and the signature verification algorithm parameters which are called by each user are stored and recorded.
In addition, the embodiment of the present invention further provides a cryptographic integrated application system, as shown in fig. 2, where the cryptographic integrated application system 200 specifically includes:
a certificate generation module 210, configured to generate a user certificate based on the enterprise authentication information of the user;
the encryption and decryption module 220 is configured to pre-generate and/or receive encryption algorithm parameters and signature algorithm parameters according to the type of the cryptographic algorithm and the type of the signature algorithm selected by the user after verifying that the user certificate is valid; encrypting and decrypting information input by a user according to the type of the cryptographic algorithm and the parameters of the cryptographic algorithm;
the signature verification module 230 is configured to perform signature operation and signature verification on the user according to the signature algorithm type and the signature algorithm parameters.
Finally, an embodiment of the present invention also provides a storage medium that is a non-volatile computer-readable storage medium storing at least one program, each of the programs including instructions that, when executed by a terminal, cause the terminal to perform:
generating a user certificate based on the enterprise authentication information of the user;
after verifying that the user certificate is valid, pre-generating and/or receiving encryption algorithm parameters and signature algorithm parameters according to the type of the password algorithm and the type of the signature algorithm selected by the user;
encrypting and decrypting information input by a user according to the type of the cryptographic algorithm and the parameters of the cryptographic algorithm;
and carrying out signature operation and signature verification on the user according to the signature algorithm type and the signature algorithm parameters. .
The system, apparatus, module or unit set forth in the above embodiments may be implemented in particular by a computer chip or entity, or by a product having a certain function. One typical implementation is a computer. In particular, the computer may be, for example, a personal computer, a laptop computer, a cellular telephone, a camera phone, a smart phone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device, or a combination of any of these devices.
For convenience of description, the above devices are described as being functionally divided into various units, respectively. Of course, the functions of each element may be implemented in one or more software and/or hardware elements when implemented in the present specification.
It will be appreciated by those skilled in the art that the present description may be provided as a method, system, or computer program product. Accordingly, the present specification embodiments may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present description embodiments may take the form of a computer program product on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.
The present description is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the specification. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In one typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include volatile memory in a computer-readable medium, random Access Memory (RAM) and/or nonvolatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of computer-readable media.
Computer readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of storage media for a computer include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium, which can be used to store information that can be accessed by a computing device. Computer-readable media, as defined herein, does not include transitory computer-readable media (transmission media), such as modulated data signals and carrier waves.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article or apparatus that comprises the element.
The description may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. The specification may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.
In this specification, each embodiment is described in a progressive manner, and identical and similar parts of each embodiment are all referred to each other, and each embodiment mainly describes differences from other embodiments. In particular, for apparatus, devices, non-volatile computer storage medium embodiments, the description is relatively simple, as it is substantially similar to method embodiments, with reference to the section of the method embodiments being relevant.
The foregoing describes specific embodiments of the present disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims can be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing are also possible or may be advantageous.
The foregoing is merely one or more embodiments of the present description and is not intended to limit the present description. Various modifications and alterations to one or more embodiments of this description will be apparent to those skilled in the art. Any modification, equivalent replacement, improvement, or the like, which is within the spirit and principles of one or more embodiments of the present description, is intended to be included within the scope of the claims of the present description.

Claims (10)

1. A cryptographic integration application method, the method comprising:
generating a user certificate based on the enterprise authentication information of the user;
after verifying that the user certificate is valid, pre-generating and/or receiving encryption algorithm parameters and signature algorithm parameters according to the type of the password algorithm and the type of the signature algorithm selected by the user;
encrypting and decrypting information input by a user according to the type of the cryptographic algorithm and the parameters of the cryptographic algorithm;
and carrying out signature operation and signature verification on the user according to the signature algorithm type and the signature algorithm parameters.
2. The method for cryptographically integrating applications of claim 1, wherein generating the user credentials based on the user's enterprise authentication information comprises:
after a user logs in a password integration application platform, receiving enterprise authentication information of the user;
auditing enterprise authentication information of the user;
after the verification is passed, authenticating the user as an enterprise user;
generating a user certificate of the enterprise user based on the certificate application request of the enterprise user; wherein the user credentials are credentials of a user using a cryptographically integrated application platform.
3. The cryptographic integration application method according to claim 1, wherein the pre-generating and/or receiving encryption algorithm parameters and signature algorithm parameters according to the type of the cryptographic algorithm and the type of the signature algorithm selected by the user specifically comprises:
acquiring a type of a cryptographic algorithm selected by a user;
if the type of the cryptographic algorithm belongs to a first algorithm type range, pre-generating encryption algorithm parameters and signature algorithm parameters of the type of the cryptographic algorithm; wherein the first algorithm type range includes at least: SM9 national encryption algorithm and threshold encryption algorithm;
if the type of the cryptographic algorithm belongs to the second algorithm type range, receiving the cryptographic algorithm parameters and the signature algorithm parameters input by a user; wherein the second algorithm type range includes at least: SM2 national encryption algorithm, SM3 national encryption algorithm, SM4 national encryption algorithm, SM9 national encryption algorithm, zuc encryption algorithm, aes encryption algorithm, md5 encryption algorithm.
4. A cryptographic integration application method according to claim 3, wherein the cryptographic algorithm parameters and signature algorithm parameters of the cryptographic algorithm type are pre-generated, specifically comprising:
if the type of the cryptographic algorithm is SM9 cryptographic algorithm, creating a corresponding algorithm identifier;
generating a group of signature main public and private keys and encryption main public and private keys for the algorithm identification, and recording and generating records;
if the type of the cryptographic algorithm is a threshold encryption algorithm, a pair of keys are created, and a private key encryption segmentation share and a decryption segmentation share are defined;
and encrypting the split share and decrypting the split share according to the private key, and giving the generated split private key and the complete public key to the user.
5. The method for cryptographically integrating application of claim 1, wherein encrypting and decrypting information input by a user according to the type of the cryptographic algorithm and the parameters of the cryptographic algorithm specifically comprises:
determining the type of the required encryption algorithm parameters according to the type of the encryption algorithm selected by the user; the SM2 national encryption algorithm, the SM3 national encryption algorithm and the SM5 national encryption algorithm do not need additional parameters; the SM4 national encryption algorithm and the aes encryption algorithm need to define key parameters; the SM9 national encryption algorithm needs enterprise society unifying credit code parameters, encryption main public key parameters and encryption identification parameters; the ZUC encryption algorithm requires a key parameter and a vector parameter of 16 bits in length;
displaying the type of the required encryption algorithm parameters in a user interface to prompt a user to input the corresponding encryption algorithm parameters;
invoking an encryption algorithm corresponding to the encryption algorithm type, substituting the encryption algorithm parameter, carrying out encryption operation on a plaintext input by a user, and returning the ciphertext to the user;
and decrypting the ciphertext through a corresponding decryption algorithm.
6. The method for cryptographically integrating applications of claim 1, wherein performing signature operations and signature verification on a user according to the type of signature algorithm and the signature algorithm parameters comprises:
determining the type of the required signature algorithm parameters according to the type of the signature algorithm selected by the user;
displaying the type of the required signature algorithm parameters in a user interface to prompt a user to input corresponding signature algorithm parameters;
invoking a signature algorithm corresponding to the signature algorithm type, substituting the signature algorithm parameter, performing signature operation on signature content input by a user, and returning a signature result to the user;
and verifying the signature result through a corresponding signature verification algorithm.
7. The method for cryptographically integrating applications of claim 6, wherein verifying the signature result by a corresponding signature verification algorithm comprises:
determining the parameter type of the required signature verification algorithm according to the signature verification algorithm type selected by the user;
displaying the type of the parameter of the required signing algorithm to a user interface so as to prompt a user to input the corresponding signing algorithm parameter;
invoking a signature verification algorithm corresponding to the signature verification algorithm type, substituting the signature verification algorithm parameter, performing signature verification operation on the signature original text and the signature result input by the user, and returning the verification result to the user.
8. The cryptographic integration application method according to claim 1, wherein after signature verification of a user according to the signature algorithm type and the signature algorithm parameters, the method further comprises:
and storing and recording the encryption and decryption algorithm type, the signature verification algorithm type, the input encryption and decryption algorithm parameters and the signature verification algorithm parameters which are called by each user.
9. A cryptographically integrated application system, the system comprising:
the certificate generation module is used for generating a user certificate based on enterprise authentication information of the user;
the encryption and decryption module is used for pre-generating and/or receiving encryption algorithm parameters and signature algorithm parameters according to the type of the cryptographic algorithm and the type of the signature algorithm selected by the user after verifying that the user certificate is valid; encrypting and decrypting information input by a user according to the type of the cryptographic algorithm and the parameters of the cryptographic algorithm;
and the signature verification module is used for carrying out signature operation and signature verification on the user according to the signature algorithm type and the signature algorithm parameters.
10. A storage medium, characterized in that the storage medium is a non-volatile computer-readable storage medium storing at least one program, each of the programs comprising instructions, which when executed by a terminal, cause the terminal to perform a cryptographic integration application method according to any one of claims 1-8.
CN202311501493.2A 2023-11-10 2023-11-10 Password integrated application method, system and medium Pending CN117375850A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311501493.2A CN117375850A (en) 2023-11-10 2023-11-10 Password integrated application method, system and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311501493.2A CN117375850A (en) 2023-11-10 2023-11-10 Password integrated application method, system and medium

Publications (1)

Publication Number Publication Date
CN117375850A true CN117375850A (en) 2024-01-09

Family

ID=89392869

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311501493.2A Pending CN117375850A (en) 2023-11-10 2023-11-10 Password integrated application method, system and medium

Country Status (1)

Country Link
CN (1) CN117375850A (en)

Similar Documents

Publication Publication Date Title
US10891384B2 (en) Blockchain transaction device and method
CN107743133B (en) Mobile terminal and access control method and system based on trusted security environment
CN110580262B (en) Private data query method and device based on intelligent contract
CN107959567B (en) Data storage method, data acquisition method, device and system
US8509449B2 (en) Key protector for a storage volume using multiple keys
CN109728914B (en) Digital signature verification method, system, device and computer readable storage medium
CN111181720A (en) Service processing method and device based on trusted execution environment
CN111523110B (en) Authority query configuration method and device based on chain codes
CN109450620B (en) Method for sharing security application in mobile terminal and mobile terminal
CN108111622B (en) Method, device and system for downloading white box library file
CN108134673B (en) Method and device for generating white box library file
CN112152802B (en) Data encryption method, electronic device and computer storage medium
CN108416224B (en) A kind of data encryption/decryption method and device
CN107911221B (en) Key management method for secure storage of solid-state disk data
CN114547648A (en) Data hiding trace query method and system
CN113918982B (en) Data processing method and system based on identification information
CN111079157A (en) Secret fragmentation trusteeship platform based on block chain, equipment and medium
CN110545325B (en) Data encryption sharing method based on intelligent contract
CN110492989B (en) Private key processing method, access method, and medium and device corresponding to method
CN111600882A (en) Block chain-based account password management method and device and electronic equipment
CN110851851A (en) Authority management method, device and equipment in block chain type account book
CN114553557B (en) Key calling method, device, computer equipment and storage medium
CN115801232A (en) Private key protection method, device, equipment and storage medium
CN117375850A (en) Password integrated application method, system and medium
CN114866409B (en) Password acceleration method and device based on password acceleration hardware

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination