CN1949196A - Method, device and system for storage data in portable device safely - Google Patents

Method, device and system for storage data in portable device safely Download PDF

Info

Publication number
CN1949196A
CN1949196A CN 200610136116 CN200610136116A CN1949196A CN 1949196 A CN1949196 A CN 1949196A CN 200610136116 CN200610136116 CN 200610136116 CN 200610136116 A CN200610136116 A CN 200610136116A CN 1949196 A CN1949196 A CN 1949196A
Authority
CN
China
Prior art keywords
fragment
portable set
data
decrypted
sign
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN 200610136116
Other languages
Chinese (zh)
Inventor
马库·P·斯沃米南
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
MERIDEA FINANCIAL SOFTWARE Oy
Original Assignee
MERIDEA FINANCIAL SOFTWARE Oy
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by MERIDEA FINANCIAL SOFTWARE Oy filed Critical MERIDEA FINANCIAL SOFTWARE Oy
Publication of CN1949196A publication Critical patent/CN1949196A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

Fragments of encryption data (C) are stored in a memory (102) of a portable device (101) in a cryptogram form. A decryption key storing device (115) which is required for decrypting the fragments of the encryption data (C) is provided in a service provider system (111). The fragments of encryption digital data (KSIGN) is also stored in the memory (102) of the portable device (101), and all decryption forms of the fragments of the encryption data in the portable device (101) and the fragments of the decrypted digital data are erasured. Fragments of digital data which is one to one corresponded to cryptograms with the fragments of the decrypted digital data are stored (114) in the service provider system. When an user provides a password, the encryption digital data (KSIGN) is decrypted and is used for processing a request message in a cryptogram form so as to transfer the decryption key to the portable device from the service provider system (111).

Description

Data are stored in method, apparatus and system in the portable set safely
Technical field
The numerical data that the present invention relates generally to the protection storage is in case the technical field of unauthorized access and use.More specifically, the present invention relates to the safe storage device of the numerical data in the unprotected storage of portable electric appts.
Background technology
In order to use portable electric appts at using such as the secret of mobile banking etc., the numerical data that the user must be able to be classified as secret or secret store the storer of equipment into.The data of storage can comprise for example digital certificate or encryption key, and it is in essence as the Digital ID parts.Can should ask to provide a side of particular digital certificate or occupy and can use a side of certain encryption keys to have access right to data and service, otherwise this data or serve will be unavailable to it.The confidential data of being stored for example can comprise in the key of arranging according to the digital certificate of standard x .509 or PKI (Public Key Infrastructure).
Many portable sets, particularly mobile phone comprise so-called SIM (Subscriber Identity Module), and its important part is the tamperproof storer.The numerical data of SIM stored is safe in itself, this be because, SIM only provides the user and just allows its content of visit under the situation of correct PIN (personal identification number) or passphrases, and permanent self-locking after the trial of the incorrect passphrases of predefine (less) number.
SIM and the corresponding shortcoming of tamperproof memory storage in essence are: except that the proprietary embedded OS of portable set, it generally is inaccessible for other software, perhaps, it is inaccessibles for all application programs of the digital data storage unit of needs safety at least.For example, in the period of writing this instructions, many portable communication devices provide JAVA environment for the operation third party software, and still, the midlet that carries out in the JAVA environment is rejected the safe storage ability (capability) of visit SIM.The standard of a kind of JSR-177 of being called as is considered to and will this problem be provided to the remedying of small part, and still, supports the equipment of described standard only will be appeared on the market in future by expection.
Be used at the immediate solution of the secret numerical data of common unprotected storage storage be: it is stored with encrypted form, and, when each user wants to use this encrypted digital data, ask PIN or passphrases to the user.When the user provides its passphrases, followed decryption oprerations, it makes confidential data can be used for current needs.Afterwards, wipe expressly, promptly the decrypted form of confidential data so that when need it next time, must be deciphered it once more after new PIN inquiry.
The shortcoming of described immediate solution is to need fully strong encryption, will need bigger key space thereupon.Require human user to remember that very long passphrases does not sound feasible feasible.At present typical PIN is a 4-digit number, and it means that existence is no more than 10000 different PIN, and the reasonable length limit of any passphrases easily can be very not high.If to the encrypted of portable set but not protected memory content correctly decipher and only need four suitable PIN; so, to crack protection till obtaining to present the result who includes semantic information be relatively easy by the storer of whole encryption being downloaded into enough powerful computing machine and being attempted all possible PIN.
The degree of the security that can realize by particular key depend on cryptographic algorithm quality, can be used for decoding the calculated capacity number of trial and the time limit that enciphered data loses its relevance.In the period of writing this instructions, if use the high-quality cryptographic algorithm of AES (Advanced Encryption Standard) for example and for example FIPS140-2 is (wherein, FIPS means Federal Information Processing Standards) good key generate standard, so, usually, 128 keys are regarded as and can not be cracked substantially.Increase key length and then improve security, this is because the new bit position of each in the key makes the required time of Brute Force trial and success double.
Also have another kind of solution, wherein, the user does not provide the character string as passphrases, but permission equipment reads the biological label symbol, as fingerprint.These solutions need complicated hardware, and, therefore expensive more naturally, and, compare with solution based on passphrases, more be difficult to realize in practice.
Summary of the invention
An object of the present invention is: allow secret numerical data is stored in the unprotected storage of electronic equipment safely, remember and provide long passphrases and need not the user.
The confidential information of encrypting with strong cipher algorithms by storage realizes purpose of the present invention, and its long decruption key is stored on the protected server, and only allows the visit trial to the limited number of times of described protected server.Need the signature key trial that conducts interviews, described signature key also only is stored with encrypted form.Dishonest user only can attempt testing the success of its decrypted signature key by conducting interviews, and protected server will be blocked further trial after a small amount of unsuccessful conjecture.
The method according to this invention is characterised in that, the feature of describing in the characteristic at the independent claims of method.
Portable set according to the present invention is characterised in that, the feature of describing in the characteristic at the independent claims of portable set.
Server layout according to the present invention is characterised in that the feature of describing in the characteristic of the independent claims of arranging at server.
Computer program according to the present invention is characterised in that, the feature of describing in the characteristic at the corresponding independent claims of computer program.
A basic concept of the present invention behind is that if the assailant can verify after attempting whether it is successful, also can continue to attempt till it is successful at every turn, so, encrypted digital data is only easily destroyed by brute force attack.This means that " expressly " data of correct deciphering must have some value.If clear data comprises the word of some understandable language, the measuring and be of success then: more whether produced any coupling between decrypted result and some common words.If clear data itself is a decruption key, then be applied to certain further decryption oprerations understandable result must be provided subsequently, or the like.
The important building block (building block) of the present invention is practice, and according to it, the assailant can verify that the unique channel of the success that its possible violence is attempted is to use the result who has deciphered to visit service, and pretending to be is the validated user of this service.The provider of described service will only allow the unsuccessful trial of very limited number of times, afterwards, stop all further trials that this user (legal or jactitator) is carried out.A small amount of admissible failure means: serving before the provider reacts, brute force attack person only realizes having browsed the insignificant sub-fraction of possible key space.This means thereupon: key space does not even need very big, that is to say, the passphrases that the user must remember and provide can be very not long.
According to a further aspect in the invention, described service is not just in time to be any service, but the memory storage of maybe certain other fragment of the confidential data that obtains suitably being deciphered the long key of required reality that the user self is held him.The confidentiality of this other fragment of strong cipher algorithms and long cryptographic key protection data.The user does not still need to remember or provide described long key, and this is because the user can be at every turn from obtaining it by the safe storage device of serving provider's maintenance.In fact, the user does not even need to know the existence of long key, and this is because equipment and the software that is comprised will be handled long key in fully automatic mode.
When the user wanted fragment to the strong encryption numerical data to be decrypted, he provided simple relatively passphrases.Portable set utilizes this passphrases or its to derive to decipher so-called request key or signature key, and it is right half of the key of symmetric cryptosystem or the key that constitutes asymmetric cryptosystem.Under the situation of balanced system, another copy of described key only exists in the mode that serviced provider system is held.Under the situation of asymmetric system, right second half of described key only exists in the mode that serviced provider system is held.Portable set forms request, come its at least a portion signature with signature key, and signature request sends to and serves the provider.
Service provider system utilizes right half of key of the copy of its oneself key or its oneself to verify request from legal side.After this, serve the provider system and be extracted in the strong encryption keys of having stored of indicating in the request, and be sent to user's portable set.This transmission takes place by the transmission passage of due care.Portable set utilizes strong encryption keys or its to derive from the actual fragment to the strong encryption numerical data to be decrypted, and its needs have been started whole process.Then, the result of deciphering or its derivation need can be used to any intention of confidential data, for example authorized transactions.
The example embodiment of the present invention that present patent application provides should not be considered to show the restriction to the application of claims.Verb " comprises " be used as open restriction in present patent application, does not get rid of the existence of also not describing feature.Unless explicit state, the feature of describing in the appended claims are free of one another capable of being combined.
Description of drawings
Be considered the novel features of feature of the present invention, in claims, illustrate especially.Yet when connection with figures was read, the present invention itself and explanation thereof and method of operating and its extra purpose and advantage will be understood from the description of following specific embodiment together best.
Fig. 1 shows subscriber equipment and serves the layout of provider's server arrangement,
Fig. 2 shows the process of incident of fetching the decrypted form of confidential data from the storer of portable set,
Fig. 3 shows the exemplary method that shared secret and personalized client program is delivered to subscriber equipment, and
Fig. 4 shows the replacement key maker to the layout of Fig. 3.
Embodiment
Fig. 1 schematically shows the particular device and the function of system according to an embodiment of the invention.Equipment 101 is preferably the user's who is equipped with intrinsic communication capacity portable terminal, as the portable multifunctional terminal of cellular communications system, maybe can carry out the portable computer of radio communication.It also can be and has the personal workstation that cable network connects.Equipment 101 comprises storer 102, and it does not need to have any inherent safety feature.For example, storer 102 can be RMS (record management system) storer of portable terminal.
Except other data, being stored in the storer 102 is two sections encrypted digital datas.First section in these segment datas is referred to herein as signature key K SIGNIt is stored in the storer 102 with encrypted form, but it does not need by strong encryption.Here, strong encryption is considered as is cracked by brute force attack; In the period of writing this instructions, the example of a strong encryption is the AES with 128 keys that selects according to FIPS 140-2.Following condition is applied to signature key K SIGN" weak " encrypt:
1) only need short relatively passphrases to be used for deciphering.The weak point of passphrases is a relative concept, but it should be understood that to mean that most of human users will be thought is short to the passphrases length that is enough to conveniently remember and be input to electronic equipment.
2) with incorrect passphrases to the ciphering signature key K SIGNTrial deciphering, provide certain phenomenon that is shown as correct decrypted signature key.In other words, a result by observation deciphering trial can not conclude whether this trial is successful.If signature key K SIGNDecrypted form be one section pseudo-random data, then this condition is the easiest is satisfied.
3) need be used for correctly deciphering K SIGNPassphrases be to be easy to the passphrases that the input block of the common use of the equipment by similar example apparatus 101 provides.Because the common trait of present most of portable terminals is numeric keypad (keypad), so, if this passphrases is a numeric string, then this condition is the easiest is satisfied.
It should be noted that the user needn't be used for the decrypted signature key K with algorithm with the passphrases that provides SIGNCryptographic element identical.Be to keep the term unanimity, keep term " passphrases " meaning the input fragment that human user provides to equipment 101, and use title " weak solution decryption key " and symbol U PASSBe used for the decrypted signature key K with the indication algorithm SIGNCryptographic element.U PASSIt is the derivation of passphrases.For example, U PASSIt can be the AES key that the logic XOR (XOR) between the Bit String of numeral (or its SHA-256 hash (hash)) and the common required length of use all devices of the present invention by carrying out passphrases obtains.In itself, the present invention does not get rid of and directly utilizes passphrases or its hash as the weak solution decryption key.
Second section that is stored in encrypted digital data in the storer 102 is designated herein as certificate C.According to standard x .509, certificate C can comprise private key, and it is not shown in Fig. 1, but we to specify it be transaction key K CAOptionally, the data that are shown as certificate C among Fig. 1 can be exactly transaction key K CANo matter what second section character of encrypted digital data is, all it is stored with the strong encryption form, the intensity of encryption is shown with graphics mode by two-wire in the drawings.The strong encryption method of an example is the AES with key length of FIPS 140-2 key and at least 128 (being preferably 256).Second section the part that comprises the storer of encrypted digital data can be called as key storage (keystore) 103, often uses its initialism KS.A kind of possibility is all the time the full content of key storage 103 to be remained strong encryption, no matter has wherein stored what data (if any).
In order to decipher second section of this encrypted digital data, need strong encryption keys K KSAgain, it needs not to be the strong encryption keys K that algorithm will use as the actual cryptographic element that is used to decipher KSItself; Described actual cryptographic element is referred to herein as " strong solution decryption key " K SD, for example, it can be strong encryption keys K KSAnd the result of the xor operation between the passphrases that the user provides (or hash of passphrases).An important safety rule is, with strong encryption keys K KSOr from the strong solution decryption key K of its derivation SDThe time in the equipment 101 of being stored in is from no longer than the needed time of ongoing decryption oprerations.It is long more that this important cryptographic element is held time of storage, and unauthorized side obtains its possibility of visit just big more with one or another kind of approach.
Fig. 1 has also shown two functional blocks of equipment 101, and it is called as intelligence signature device 104 and trading signature device 105.These functional blocks generally are request and the instruction software processes that is used to handle and transmit to transaction.The intention of these processing and operate in the back and will discuss in more detail.In addition, equipment 101 comprises at least one transceiver 106.
Server in the service provider system 111 is arranged and is comprised: network interface 112, and it is suitable for arranging and the communicating by letter of subscriber equipment; Request processor (handler) 113; And memory unit, it is shown as authentication secret memory storage 114 and strong encryption keys memory storage 115 in Fig. 1.The former is intended that the key that the signature key that exists has one-to-one relationship in storage and the subscriber equipment.Under the situation of symmetric cryptosystem, this means the correct copy of user's signature key; Under the situation of asymmetrical cryptosystem, second half that the key of half that this means that it exists in subscriber equipment is right.
When arriving the request signed from subscriber equipment, request processor 113 utilize the right correspondence of the counterpart keys that reads from authentication secret memory storage 114 or key second half, verify this signature.After good authentication, request processor 113 extracts the suitable strong encryption keys of being asked from strong encryption keys memory storage 115, and sends it to the subscriber equipment in the request.Network interface 112 comprises and is used to set up and keep the necessary parts that safety connects, wherein needs this to connect safely to come and the user equipment exchange confidential information.
Service provider system 111 also is shown and comprises transaction processor 116.We can suppose that final being intended that of user carry out transaction, and this transaction will be handled by transaction processor 116, but only when the user can correctly decipher and use second section of encrypted digital data of storage in the storer 102 at subscriber equipment 101 just successfully.Needn't in the same system of request processor 113 and memory storage 114 and 115, have transaction processor 116; In fact, the user wish the transaction carried out can with the communicating by letter of diverse service provider and diverse service provider system separately in take place.
Fig. 2 shows the exemplary sequence of contingent incident in the system of Fig. 1.As the example division of work, we suppose that subscriber equipment comprises: application program, the process of its organizing events; Intelligence signature device program, its execution relates to the particular task of request message; And trading signature device program, its execution relates to the particular task of transaction.This is divided in essence just example, and, can in subscriber equipment, arrange the function corresponding piece with multiple alternative.
In step 201, the user provides order to subscriber equipment, carries out the needed application program of transaction to start.If desired, other user's special code that step 201 can require the user to provide PIN number or application program needs in order to begin to carry out.In step 202, notification of user equipment user: before can carrying out transaction, need passphrases.May have other step between step 201 and 202, wherein, the user has defined its transaction of wanting to carry out which type.
In step 203, the user provides its passphrases.Subscriber equipment is forwarded to intelligence signature device with this passphrases, and in step 204, intelligence signature device utilizes this passphrases and derives the weak solution decryption key.As previously mentioned, in the simplest situation, step 204 only means that the numeral that adopts passphrases is used as the weak solution decryption key, and more complicated alternative case includes, but is not limited to: calculate hash from the numeral of passphrases, and carry out the xor operation between this hash and some the default bit string.
In step 205, intelligence signature device utilizes the weak solution decryption key to come the decrypted signature key K SIGN, wherein, intelligence signature device with encrypted form from the memory fetch of subscriber equipment signature key K SIGNIn step 206, intelligence signature device is formed request message, and its intention is to serving the indication of provider system: the user needs specific strong encryption keys.The actual composition of request message can be just effective in previous (for example, between step 201 and 202).Really need signature key K SIGNBe step 207, wherein, subscriber equipment is signed to request message.From standard P KI document, many known common processes of message being carried out digital signature.For the intent of the present invention, suppose to utilize signature key K in step 207 SIGNAt least a portion of handling the solicited message of forming in step 206 is just enough, makes corresponding contrary processing only to having same key (under the symmetric cryptography situation) or signature key K SIGNBe that one of right second half of its key of the first half is possible just now.
In step 208, intelligence signature device turns back to application program with the complete message of signature request, and in step 209, this application program forwards this information to the provider system that serves.In step 210, the request processor of serving in the provider system identifies related user account, and, in step 211, seek corresponding authentication secret (same key above-mentioned or " second half ") and certifying signature.If signature can not be verified, then operate in this and stop, this be because, the failure of checking indication: the user because wrong or because he be not validated user and do not know correct passphrases and provided wrong passphrases in step 203.
We are proved to be successful in step 211 hypothesis.In step 212, at subscriber equipment with serve and set up secure communication between the provider system and connect, SSL (Secure Socket Layer (SSL)) connects as is known.This can just realize previous, for example, makes that may pass through the safety connection in the transmission of step 209 takes place.In step 213, request processor extracts the strong encryption keys K that is asked KS, and in step 214, request processor is sent to subscriber equipment with it by the safety connection.
Receiving strong encryption keys K KSAfterwards, in step 215, the application program in the subscriber equipment is forwarded to the trading signature device with it, and in step 216, this trading signature device utilizes strong encryption keys K KSDerive strong solution decryption key K SDOnce more as previously mentioned, under the simplest situation, step 216 only means employing strong encryption keys K KSCome as strong solution decryption key K SDSimultaneously, more complicated alternative case includes, but is not limited to: may point out the passphrases that the user provides him once more (or read from temporary storing device the passphrases that provides in step 203 previously), calculate hash (or read from temporary storing device the hash that calculates in step 204 previously) from the numeral of passphrases, and, the strong encryption keys K that carries out this hash and received KSBetween XOR (XOR) operation.
In step 217, the trading signature device uses strong solution decryption key K SDCome the content of decruption key storage, it comprises certificate C and transaction key K CAIn step 218, form transaction message, it is intended that to serving the provider system and provides the order that is used for carrying out transaction.This may just finish previous, in addition as far back as between step 201 and 202 or its spended time ask and receive strong encryption keys during just finish.In step 219, subscriber equipment certificate of utility C and/or transaction key K CAHandle transaction message, make it become by cryptoguard.As representational example, subscriber equipment is by transaction key K CATransaction message is carried out digital signature.
In step 220, the trading signature device with complete, turned back to application program by the transaction message of cryptoguard, and, in step 221, this application program with forwards to serving the provider system.Step 222 comprises the integrality and the certifying signature of checkout transaction message, and, if these successes normally then allow transaction to carry out.It should be noted that once more the transmission of step 221 can forward (and, so real trade can occur in) to and be different from the somewhere of serving the provider system fully, wherein the user serves provider's system request and obtains strong encryption keys from this at step 209-214.
Digital signature generally means by some one-way hash algorithm that is fit to, HMAC (hashed message authentication code) calculates digital signature as is known.By utilizing subscriber equipment and serving the synchronous counter of provider system on the two, can give step 209, the more security of 214 and 221 increases.Counter Value is preferably 128 or bigger big round values, and preferably carry out with the pseudorandom order, make by learn a Counter Value, be penetrated into for a certain reason that a dishonest side who communicates to connect will still can have any problem on the next Counter Value of trial conjecture.Can have the different sequence counter that is used for variety classes transaction and be used for up-link and the different counter of downlink direction or be used for the specific user and the specific service provider between the single counter of all flows (traffic) or any mixing between this two extreme limit.After being used for signature or signature verification, increase the value of sequence counter at every turn.Then, the value that is input to hashing algorithm be message data (or its predetermined portions), at least a portion of the derivation of the Counter Value that obtains from sequence counter or Counter Value and the key that is used to sign.
In order to consider slight nonsynchronous possible cause in the counter, preferably: if authentication can not attempt rebuilding correct signature with single, then it is to test near a small amount of other Counter Value in the scope of the predetermined window of the allowed Counter Value of trial value for the first time.If one in these values provides coupling, then the verifier tells its suitable order counter to store this value for currency.If admissible Counter Value does not all provide coupling, then the communication party should be warned and point out, to find out nonsynchronous reason.
The a certain in front stage, installation phase (setup phase) has taken place, this causes such state, wherein, subscriber equipment and serve the provider system and stored suitable key, and subscriber equipment has in the needed cryptographic algorithm of the process stage of back and other functional block.With reference to figure 3, the following describes the favorable method of realizing this installation phase.Parts shown in Fig. 3 and functional block are exemplary, and, concerning carrying out installation phase in an advantageous manner, have specific importance.Fig. 3 can be thought of as the device type feature both is shown, specified method steps is shown again.
Be intended that and set up at least one shared secret, and, to subscriber equipment 311 be equipped with its shared secrets copy, with and the client program of the necessity that will need during further operation.In Fig. 3, we have selected a kind of method, wherein, serve the provider system and generate shared secret, and wherein this shared secret applies the added limitations of nature, and promptly it must be delivered to subscriber equipment 311 as far as possible safely.Particularly, we suppose shared secret and above-mentioned signature key K SIGNWith certificate C be comparable.
The maker 302 of service provider system 301 generates shared secret (that is, key and certificate).These as be stored in the secret storage device 303 of serving the provider, wherein, we suppose that this secret storage device is by tight protection, to prevent any undelegated visit.With the user of shared secret copy is not to send to subscriber equipment 311 with one section, but the most advantageously is divided into two halves, make do not have half be as complete key or certificate.Wherein half " is baked into (baked into) " client program that will be committed to user terminal.We are called and make client program individualized; In Fig. 3, the client program device 304 that individualizes exemplarily has been described, it receives suitable half of shared secrets from maker 302, and utilizes it to make the general client program that reads from client program memory storage 305 individualized.Be not used for client program personalized all the other half can be called as active coding.
Service provider system 301 comprises first transfer member 306 and second transfer member 307, and it is sent to subscriber equipment 311 with active coding and individualized client program respectively.The realization of described conveyer is not critical to the invention, and only depends on the first passage 321 that will be used to transmit and the selection of second channel 322.Because second channel 322 must transmit individualized client program, so it must be a kind of passage that can be applicable to shift easily whole digital document.Second channel 322 generally comprises the wireless data connection, the short distance data are downloaded and connected (cable, bluetooth, infrared ray etc.), pocket memory parts or these combination in any.Need authenticate mutual both sides safely because carry out installation phase, so, need it physically under the prerequisite of serving provider or its authorised representative, to take place not to be irrational (but neither be compulsory, if otherwise reach required level of security).
First passage 321 must only transmit short relatively active coding, generally is in the character string that provides more freedom aspect the selector channel type.Can show active coding to the user on a piece of paper or on the screen, maybe it can transmitted on the Internet or other any telecommunications network etc.For keeping the security of installation phase, preferably: first and second passages 321 are sufficiently different each other with 322 so that a dishonest side can not permeate them simultaneously the two.
Subscriber equipment 311 receives active coding by first receiving-member 312, and receives individualized client program by second receiving-member 313.Again, the realization of the reality of receiving-member is not critical to the invention, and only depends on the selection of passage.Second receiving-member 313 can be for example long-range or short distance data communication transceiver, and first receiving-member 312 can be for example short message receive device or even simple as keypad, the user will import him on the paper or the active coding of seeing on the webpage by it.Subscriber equipment stores the client program that receives in the client program memory storage 314 into.
Two options are arranged basically: only the second half of shared secret is stored with individualized client program with its received form; Perhaps (as having supposed among we Fig. 3) alternatively or additionally, subscriber equipment extracts the second half from individualized client program, and in combiner 315 itself and the first half (being active coding) is made up, to obtain original shared secret.In above-mentioned first option, combiner 315 is unessential part (triviality), and, at the just active coding of encryption equipment 316 end.Under any circumstance, the secret passphrases that encryption equipment utilizes the user to provide by passphrases input block 317 is encrypted the shared secret of its reception.We should be noted that the piece 317 among Fig. 3 may be physically the same with for example piece 312, especially when it is keypad.
The shared secret that subscriber equipment will have been encrypted is stored in the memory storage 318, and from all forms expressly of the described shared secret of its memory erase.Last-mentioned action and memory storage 318 need not be this fact of the fragment of storer safe, that protected; closely relate to a principle, that is: cannot dishonestly can be used for testing any effective means that the success of encrypting is decoded in its violence.
At least exist two shared secrets (to be rendered as signature key K in its superincumbent description SIGNWith certificate C) the fact can influence the program of the incident among Fig. 3 in every way.Above we have advised: two shared secrets all can both be committed to subscriber equipment during the single operation is by the incident described.Also may in two different processes, submit described shared secret, make and submit signature key K in the mode of two halves SIGN, it is individualized that wherein half is used to make intelligence signature device program, and, submit certificate C dividually in the two halves mode, wherein half is used to make trading signature device program individualized.Also possible is: only the process of Fig. 3 is applied to submit in described two shared secrets, and with certain alternate manner another is delivered to subscriber equipment.
Fig. 4 shows a kind of replacement key maker 302 ', and it is used under the situation of using asymmetric cryptography and serves in the provider system.It is right that key generator 302 ' is suitable for generating at least one key of asymmetric cryptosystem.A right key of this key remains in the key storage of serving the provider system, and another right key of this key further is divided into two parts, and wherein a part is directly sent to the user, and another part is used to make client program individualized.Two right keys of key are not disclosed.Should be noted that needs more storer and the processing power of asymmetric cryptography layout than symmetry, this makes that the symmetric cryptography method of Fig. 3 is quite favourable in many applied environments.
Above-mentioned example embodiment only should not be interpreted as being provided with the restriction to the specific embodiment of appointment.For example, user's portable set needs not be cellular phone, although cellular phone is the most general portable communication device that carries all the time of people up to the present when writing this explanation, this is because the user will not need to obtain any extra hardware and make it become the good selection of subscriber equipment.Term should be interpreted as the step that on the other hand provides passphrases of the present invention that causes unnecessary restriction, it needn't mean with suitable order by some key.It may quote the form of other input information, comprises allowing subscriber equipment read user's biological label symbol.

Claims (11)

1, a kind of method that is used for data are stored into safely portable set (101) comprises:
The fragment of confidential data (C) is arrived in the storer (102) of portable set (101) with encrypted form storage (318), and
To be decrypted required decruption key memory storage (303) to the fragment of confidential data (C) in the provider system that serves (111) that is different from portable set (101), this decruption key is to asking effectively;
It is characterized in that this method comprises:
With encrypted digital data (K SIGN) fragments store (318) in the storer (102) of portable set (101), and wipe the fragment and the described encrypted digital data (K of described confidential data (C) from portable set (101) SIGN) the two all decrypted forms of fragment, and
Will with described encrypted digital data (K SIGN) fragment have the fragments store (303) of the numerical data of password one-to-one relationship to serving in the provider system (111);
Wherein, to described encrypted digital data (K SIGN) the encryption of fragment be decrypted and require the user to provide passphrases to portable set (101), and, wherein, make and serve provider system (111) in response to having described encrypted digital data (K SIGN) fragment decrypted form, by the request of handling with pin mode, make such request responding to be comprised described decruption key is delivered to portable set (101).
2, the method for claim 1 is characterized in that, described encrypted digital data (K SIGN) fragment be the cryptographic digital signature key, and, with encrypted digital data (K SIGN) the fragment of fragment with described numerical data of password one-to-one relationship be corresponding to described encrypted digital data (K SIGN) the digital signature authentication key, serve provider system (111) request that the decrypted form by described digital signature keys is digitally signed responded thereby make.
3, the method for claim 1, it is characterized in that, the fragment of confidential data is stored into encrypted form in the storer of portable set (101) and one in the fragments store of the encrypted digital data step in the storer of portable set (101) is comprised:
In serving provider system (111), generate (302) and storage (303) shared secret,
The first of the shared secret that generates is submitted (306,312,321) to described portable set (101),
Be included in by the second portion that will be different from shared secret described first, that generated and make described client program individualize (304) in the client program, and with personalized client program by submitting (307 with the different passage (322) of submitting of passage of submitting of the first that is used to submit the shared secret that is generated, 313,322) to described portable set (101), and
The first and the second portion of combination (315) shared secret in portable set (101), to result's encryption (316) of described combination, and the result that will encrypt storage (318) is in the storer of portable set (101).
4, a kind of method that is used for portable set (101), be used for fetching the decrypted form of fragment of confidential data (C) that is stored in the storer (102) of portable set (101) with encrypted form, this method comprises from portable set (101) external request (209) and receives (214) fragment of confidential data is decrypted required decruption key, it is characterized in that this method comprises:
Receive (203) passphrases from the user of portable set (101),
Utilize described passphrases to come the encrypted digital data (K that stores in the storer (102) of portable set (101) SIGN) fragment be decrypted (204,205),
Generate (206) request message, and utilize the fragment of the numerical data of having deciphered to handle (207) described request message with pin mode,
The request message that to handle with pin mode transmits (209) to serving provider system (111),
Receive (214) decruption key from described service provider system (111), and
The decruption key that utilizes (216,217) to be received comes the fragment of confidential data (C) is decrypted.
5, method as claimed in claim 4 is characterized in that, described encrypted digital data (K SIGN) fragment be the digital signature keys of having encrypted, and, handle (207) described request message with pin mode and comprise: utilize the decrypted form of described digital signature keys to come described request message is carried out digital signature.
6, method as claimed in claim 4, it is characterized in that, the fragment of described confidential data (C) is a digital certificate, and, this method comprises: after to the digital certificate deciphering, utilize the digital certificate of having deciphered to come authentication (218,219 during order remote system execution transaction (222), 220,221) user of portable set (101).
7, a kind of system that is used for data are stored in safely portable set (101), this system comprises:
Portable set (101), it has transceiver (106) and is used for storer (102) with the fragment of encrypted form memory machine ciphertext data (C),
Server is arranged (111), and it has and is used for the network interface (112) of communicating by letter with portable set (101) and is used for storing the key storage device (115) that the fragment of confidential data (C) is decrypted required decruption key,
It is characterized in that:
Portable set (101) is suitable for storage encryption numerical data (K SIGN) fragment and wipe the fragment and the described encrypted digital data (K of described confidential data (C) from portable set (101) SIGN) the two all decrypted forms of fragment,
Server arranges that (111) are suitable for storage and described encrypted digital data (K SIGN) fragment have the fragment of the numerical data of password one-to-one relationship,
Portable set (101) is suitable for the requirement user and provides passphrases, utilizes the passphrases that provides to come described encrypted digital data (K SIGN) the encryption of fragment be decrypted and utilize the decrypted form of described numerical data to generate and handle request message with pin mode,
Server arranges that (111) are suitable for checking and respond the request message of having verified from the request message of portable set (101) reception and by described decruption key being delivered to portable set (101), and
Portable set (101) is suitable for utilizing by server arranges that the decruption key that submit (111) comes the fragment of confidential data (C) is decrypted.
8, a kind of portable set (101) that is used for storing safely data, it comprises transceiver (106) and is used for storer (102) with the fragment of encrypted form memory machine ciphertext data (C), it is characterized in that:
Portable set (101) is suitable for storage encryption numerical data (K SIGN) fragment and wipe the fragment and the described encrypted digital data (K of described confidential data (C) from portable set (101) SIGN) the two all decrypted forms of fragment,
Portable set (101) is suitable for requirement (202) user and provides passphrases, utilizes the passphrases that provides to come described encrypted digital data (K SIGN) the encryption of fragment be decrypted, utilize the decrypted form of described numerical data to generate and handle request message (209), and will be delivered to the provider system (111) that serves with the request message that pin mode is handled with pin mode, and
Portable set (101) be suitable for from described service provider system receive (214) decruption key, as to transmitting the response of the request message of handling with pin mode, and utilize by serving the decruption key that the provider system submits to come the fragment of confidential data (C) is decrypted.
9, portable set as claimed in claim 8 (101) is characterized in that, for the fragment of the fragment that receives and store described confidential data and described numerical data wherein at least one, this portable set comprises:
First receiving-member (312) and second receiving-member (313),
Combiner (315), it is suitable for combination by the first of the shared secret of described first receiving-member (312) reception and the second portion that passes through the shared secret of described second receiving-member (313) reception, and
Encryption equipment (316), it is suitable for the result that the output of described combiner is encrypted, also will be encrypted is stored in the storer (102).
10, portable set as claimed in claim 8 (101) is characterized in that, is suitable for the fragment and the described encrypted digital data (K of the described confidential data (C) of storage encryption form SIGN) the storer (102) of fragment be unprotected storer.
11, a kind of computer program that is used for portable set (101), be used for safely data storage in portable set (101), this computer program comprises Computer Program Component, when being written into computing machine, Computer Program Component makes the fragment of computing machine with encrypted form memory machine ciphertext data (C), it is characterized in that this computer program comprises:
Computer Program Component, when being written into computing machine, it makes Computer Storage encrypted digital data (K SIGN) fragment, and wipe the fragment and the described encrypted digital data (K of described confidential data (C) from computing machine SIGN) the two all decrypted forms of fragment,
Computer Program Component, when being written into computing machine, it makes computing machine requirement (202) user provide passphrases, utilizes the passphrases that provides to come described encrypted digital data (K SIGN) the encryption of fragment be decrypted (204,205) and utilize the decrypted form of described numerical data to generate (206) and with pin mode handle (207) request message, and the request message transmission (209) that will handle with pin mode to serving provider system (111), and
Computer Program Component, when being written into computing machine, its make computing machine from described service provider system (111) receive (214) decruption key as to the response that transmits the request message of handling with pin mode (209), and utilize by serving decruption key that provider system (111) submits fragment and be decrypted confidential data (C).
CN 200610136116 2005-10-11 2006-10-11 Method, device and system for storage data in portable device safely Pending CN1949196A (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
FI20051022 2005-10-11
FI20051022A FI20051022A (en) 2005-10-11 2005-10-11 Method, appliance, server arrangement, systems and software products for computers to store data securely in a portable device

Publications (1)

Publication Number Publication Date
CN1949196A true CN1949196A (en) 2007-04-18

Family

ID=35185163

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 200610136116 Pending CN1949196A (en) 2005-10-11 2006-10-11 Method, device and system for storage data in portable device safely

Country Status (3)

Country Link
CN (1) CN1949196A (en)
FI (1) FI20051022A (en)
TW (1) TW200803392A (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102648610A (en) * 2009-10-23 2012-08-22 威斯科数据安全国际有限公司 Strong authentication token usable with a plurality of independent application providers
CN104283687A (en) * 2013-07-10 2015-01-14 Ca公司 Pre-generation of session keys for electronic transactions and devices that pre-generate session keys for electronic transactions
CN107533616A (en) * 2015-03-02 2018-01-02 销售力网络公司 System and method for making data safety
CN109643282A (en) * 2016-04-14 2019-04-16 Gfa全球公司 For generating, storing, manage and using one or more digital secret system and method associated with portable electronic device
CN111884801A (en) * 2013-02-12 2020-11-03 亚马逊技术股份有限公司 Federated key management

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102648610A (en) * 2009-10-23 2012-08-22 威斯科数据安全国际有限公司 Strong authentication token usable with a plurality of independent application providers
US9021601B2 (en) 2009-10-23 2015-04-28 Vasco Data Security, Inc. Strong authentication token usable with a plurality of independent application providers
CN102648610B (en) * 2009-10-23 2015-09-30 威斯科数据安全国际有限公司 The strong authentication token used together with supplier can be independently applied with multiple
CN111884801A (en) * 2013-02-12 2020-11-03 亚马逊技术股份有限公司 Federated key management
CN104283687A (en) * 2013-07-10 2015-01-14 Ca公司 Pre-generation of session keys for electronic transactions and devices that pre-generate session keys for electronic transactions
CN107533616A (en) * 2015-03-02 2018-01-02 销售力网络公司 System and method for making data safety
CN107533616B (en) * 2015-03-02 2021-03-12 销售力网络公司 System and method for securing data
CN109643282A (en) * 2016-04-14 2019-04-16 Gfa全球公司 For generating, storing, manage and using one or more digital secret system and method associated with portable electronic device
CN109643282B (en) * 2016-04-14 2023-08-25 Gfa全球公司 Systems and methods for generating, storing, managing, and using one or more digital secrets associated with a portable electronic device
US11829506B2 (en) 2016-04-14 2023-11-28 Tis Inc. System and method for generation, storage, administration and use of one or more digital secrets in association with a portable electronic device

Also Published As

Publication number Publication date
TW200803392A (en) 2008-01-01
FI20051022A0 (en) 2005-10-11
FI20051022A (en) 2007-04-12

Similar Documents

Publication Publication Date Title
CN111079128B (en) Data processing method and device, electronic equipment and storage medium
CN1224213C (en) Method for issuing an electronic identity
CN1148035C (en) Apparatus for securing user's information in mobile communication system connected to internet and method thereof
CN103812854B (en) Identity authentication system, device and method and identity authentication requesting device
CN101136748B (en) Identification authentication method and system
CN1234662A (en) Enciphered ignition treatment method and apparatus thereof
US8989385B2 (en) Data encryption method, data verification method and electronic apparatus
US8396218B2 (en) Cryptographic module distribution system, apparatus, and program
CN1659821A (en) Method for secure data exchange between two devices
CN104901935A (en) Bilateral authentication and data interaction security protection method based on CPK (Combined Public Key Cryptosystem)
US7660987B2 (en) Method of establishing a secure e-mail transmission link
CN102082790A (en) Method and device for encryption/decryption of digital signature
CN105553654A (en) Key information query processing method and device and key information management system
CN112653556B (en) TOKEN-based micro-service security authentication method, device and storage medium
CN104243439A (en) File transfer processing method and system and terminals
US20020021804A1 (en) System and method for data encryption
CN103905388A (en) Authentication method, authentication device, smart card, and server
CN1949196A (en) Method, device and system for storage data in portable device safely
CN113158250A (en) Privacy protection network car booking method and system for eliminating once matched driver
CN1285195C (en) Method for creating a virtual private network through a public network
CN110324357A (en) Data transmission method for uplink and device, data receiver method and device
CN106972928B (en) Bastion machine private key management method, device and system
CN1801699A (en) Method for accessing cipher device
CN111145400B (en) Safe and simple low-power-consumption Bluetooth lock and control method thereof
JP4698261B2 (en) Cryptographic communication system and method, and program

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C02 Deemed withdrawal of patent application after publication (patent law 2001)
WD01 Invention patent application deemed withdrawn after publication