TWI662825B - Authorized key backup and recovery method of hardware password module - Google Patents
Authorized key backup and recovery method of hardware password module Download PDFInfo
- Publication number
- TWI662825B TWI662825B TW105141005A TW105141005A TWI662825B TW I662825 B TWI662825 B TW I662825B TW 105141005 A TW105141005 A TW 105141005A TW 105141005 A TW105141005 A TW 105141005A TW I662825 B TWI662825 B TW I662825B
- Authority
- TW
- Taiwan
- Prior art keywords
- key
- backup
- security
- authorized
- module
- Prior art date
Links
Abstract
本發明有關於一種硬體密碼模組之授權式金鑰備援與回復方法,主要係應用在硬體密碼模組中,使金鑰備援的加密匯出程序以及金鑰回復的解密匯入程序,皆需要由硬體密碼模組的安全管理官授權,降低金鑰外洩或被解密風險,並相容於以往的金鑰備援與回復機制。 The invention relates to an authorized key backup and recovery method for a hardware cryptographic module, which is mainly applied to the hardware cryptographic module to enable the encryption export procedure of the key backup and the decryption import of the key recovery. The procedures need to be authorized by the security administrator of the hardware cryptographic module to reduce the risk of key leakage or decryption, and are compatible with previous key backup and recovery mechanisms.
Description
本發明係關於一種硬體密碼模組之授權式金鑰備援與回復方法,應用於硬體密碼模組的管理者,在金鑰備援與回復時,需要由硬體密碼模組的安全管理官授權,降低金鑰外洩或被解密風險,並相容於習知之金鑰備援與回復機制,兼具系統安全性與方便性。 The invention relates to an authorized key backup and recovery method for a hardware cryptographic module, which is applied to a manager of a hardware cryptographic module. When the key is restored and restored, the security of the hardware cryptographic module is required. The administrator is authorized to reduce the risk of key leakage or decryption, and is compatible with the known key backup and recovery mechanism, which has both system security and convenience.
本發明係關於一種硬體密碼模組之授權式金鑰備援與回復機制,硬體密碼模組係遵循美國FIPS 140-2的規範來規劃,對於管理者分為安全管理官(Security Officer,SO)和安全使用者(USER),安全管理官職責組態硬體密碼模組,使用者則依據安全管理官的組態職責操作硬體密碼模組,依硬體密碼模組組態策略,可以為安全管理官或安全使用者權限,來執行備援工作。 The present invention relates to an authorized key backup and recovery mechanism for a hardware cryptographic module. The hardware cryptographic module is planned in accordance with the US FIPS 140-2 standard, and is divided into security officers (Security Officer, SO) and security user (USER), the security administrator is responsible for configuring the hardware password module, and the user operates the hardware password module according to the security administrator ’s configuration responsibility, and according to the hardware password module configuration strategy, Can perform security tasks for security administrators or security users.
在硬體密碼模組內部有一支Master金鑰,係為最高機密控管金鑰,Master金鑰係儲存於模組內部的安全區域,安全區域之金鑰僅有安全管理官可以操作與執行有限指令;安全管理官依模組設計策略,為一組金鑰分持(Share)或通行碼,金鑰分持通常儲存於IC卡中,而應用系統使用的金鑰為Application金鑰(AP Key),而由於AP金鑰可由外部匯 入,在惡意使用者的操作下,將已知可操作的AP金鑰由外部匯入,作為其他AP金鑰的金鑰交換金鑰(KEK),來將金鑰匯出,進而將所有金鑰破解。 There is a Master key inside the hardware password module, which is the highest confidential control key. The Master key is stored in a secure area inside the module. Only the security administrator can operate and execute the keys in the secure area. Instruction; the security manager uses a module design strategy to share a group of keys or passcodes. Key sharing is usually stored in the IC card, and the key used by the application system is the Application Key (AP Key). ), Because the AP key can be imported from the outside, under the operation of a malicious user, a known operable AP key is imported from the outside as a key exchange key (KEK) for other AP keys. Export the keys and crack all the keys.
在金鑰備援與回復的先前技術中,中華民國專利案I430643號,提出了一種安全的金鑰回復系統與方法,係透過金鑰回復中心與管理資料庫建立備份及回復作業;而另一中華民國專利案件00427087號中提及結合金鑰回復與公鑰憑證的系統,私人金鑰可藉由憑證機構回復;在美國專利8630421中也同樣利用資料庫與上層管理系統,將多層次的金鑰由硬體密碼模組之中處理備份作業;而在上述先前技術中可以發現其整體架構安全性雖高,但系統龐大以且通訊協定繁複,造成實行不易而難以操作應用。 In the prior art of key backup and recovery, the Republic of China Patent Case No. I430643 proposes a secure key recovery system and method that establishes backup and recovery operations through a key recovery center and a management database; and another The Republic of China Patent Case No. 0427087 mentions a system that combines key recovery and public key certificates. Private keys can be recovered by a certificate authority. In US patent 8630421, a database and a higher-level management system are also used to combine multiple levels of gold. The key is processed in the hardware cryptographic module for backup operations. However, in the foregoing prior art, it can be found that although the overall architecture is high in security, the system is large and the communication protocols are complicated, which makes it difficult to implement and difficult to operate the application.
由此可見,上述習用方式仍有諸多缺失,實非一良善之設計,而亟待加以改良。 It can be seen that there are still many shortcomings in the above-mentioned customary methods. It is not a good design, and it needs to be improved.
本案發明人鑑於上述習用方式所衍生的各項缺點,乃亟思加以改良創新,並經苦心孤詣潛心研究後,終於成功研發完成本件一種硬體密碼模組之授權式金鑰備援與回復機制。。 In view of the various shortcomings derived from the above-mentioned conventional methods, the inventor of this case has been eager to improve and innovate. After painstaking research, he finally successfully developed an authorized key backup and recovery mechanism for this hardware cryptographic module. .
本發明提出一種硬體密碼模組之授權式金鑰備援與回復方法,其目的係在於提升硬體密碼模組的金鑰備援安全性,金鑰匯出到硬體密碼模組外部,主要目的是進行金鑰交換或金鑰備援,習知的金鑰備援技術係以金鑰加密輸出程序進行,透過硬體密碼模組安全區域內部的Master金鑰或一把AP金鑰來將金鑰加密備援輸出到外部保存,若加密的 AP金鑰係為由外部匯入的,以其作為加密金鑰將可能造成匯出金鑰遭到破解之風險,故本發明為降低金鑰被破解之風險,在金鑰備援時,加入安全管理官的授權機制,唯有在安全管理官管理的硬體密碼模組才能夠回復金鑰,以降低金鑰被破解風險。 The invention proposes an authorized key backup and recovery method for a hardware cryptographic module, the purpose of which is to improve the security of the key backup of the hardware cryptographic module, and the key is exported to the outside of the hardware cryptographic module. The main purpose is to perform key exchange or key backup. The conventional key backup technology is performed using a key encryption output procedure. The master key or an AP key is used in the security area of the hardware cryptographic module. Output the key encryption backup to external storage. If the encrypted AP key is imported from outside, using it as the encryption key may cause the risk of cracking the exported key. Therefore, the present invention The risk of the key being cracked. When the key is backed up, the authorization mechanism of the security manager is added. Only the hardware password module managed by the security manager can recover the key to reduce the risk of key cracking.
本發明金鑰備援與回復方法具有彈性,可以適用於習知之金鑰備援與回復流程,本發明建立於硬體密碼模組之安全管理官授權方法,以進行金鑰備援與回復機制與流程,其主要係在進行金鑰備援時,必須要有安全管理官的授權,安全管理官需登入並透過其分持的部分(Share)組合成安全管理官金鑰,而備援加密金鑰的金鑰交換金鑰(KEK)是由AP金鑰與安全管理官金鑰做XOR運算,組合成為加密的KEK金鑰,再以KEK金鑰加密需要備援的AP金鑰,最後,透過Master金鑰加密輸出成封裝的備援金鑰。 The key backup and recovery method of the present invention is flexible and can be applied to the conventional key backup and recovery process. The present invention is based on a security administrator authorization method of a hardware cryptographic module to implement the key backup and recovery mechanism. And the process, it is mainly that when performing key backup, the authorization of the security manager must be obtained. The security manager needs to log in and combine the shared parts (share) to form the security manager key, and the backup is encrypted. The key exchange key (KEK) of the key is an XOR operation performed by the AP key and the security manager key to form an encrypted KEK key. The KEK key is then used to encrypt the AP key to be backed up. Finally, Encrypted output through the Master key into an encapsulated backup key.
而在金鑰回復時,先由Master金鑰解密被封裝的備援金鑰,同樣需有安全管理官授權,將AP金鑰與安全管理官金鑰做XOR運算,以解開備援金鑰,並存入硬體密碼模組安全區域。 When the key is returned, the encapsulated backup key is decrypted by the Master key. The security manager is also required to authorize the AP key and the security manager key to perform an XOR operation to unlock the backup key. , And stored in the security area of the hardware password module.
本發明提供一種應用於硬體密碼模組之授權式金鑰備援與回復方法,用於硬體密碼模組之金鑰備援與回復程序當中加入安全管理官的M取N Shares之授權,能有效降低金鑰外洩的機會及避免被解密風險。 The present invention provides an authorized key backup and recovery method applied to a hardware cryptographic module. The key recovery and recovery procedure for a hardware cryptographic module includes the authorization of the security manager's M and N Shares. Can effectively reduce the chance of key leakage and avoid the risk of being decrypted.
本發明的技術具備有下列特點及優點: The technology of the present invention has the following characteristics and advantages:
1.本發明提供授權式的金鑰備援與回復方法,皆需通過安全管理官的授權方能順利進行,能降低金鑰外洩及被解密的風險,並且可依照安全等級選擇是否納入安 全管理官授權功能,兼具金鑰備援與回復機制的安全性與方便性,較市面上產品提供之模式更具優勢。 1. The present invention provides an authorized key backup and recovery method, which can be performed smoothly by the authorization of the security manager, which can reduce the risk of key leakage and decryption, and can be selected to be included in security according to the security level. The administrator's authorization function, combined with the security and convenience of the key backup and recovery mechanism, has advantages over the models provided by products on the market.
2.本發明提供授權式的金鑰備援與回復方法,其安全管理官採用在M個中取N個分持部分(Shares)的授權技術,能夠避免單一安全管理官之疏忽或遭到冒用等情事,更強化了安全等級。 2. The present invention provides an authorized key backup and recovery method. The security manager adopts the authorization technology of taking N out of M shares, which can avoid the negligence or fraud of a single security manager. With such circumstances, the security level has been further strengthened.
3.本發明提供授權式的金鑰備援與回復方法,無需額外建立如金鑰回復中心、備援資料庫或是憑證系統等繁複系統,透過硬體密碼模組本身即可安全簡潔地獨立進行備援與回復作業,可提高管理效率。 3. The present invention provides an authorized key backup and recovery method, without the need for additional complicated systems such as a key recovery center, a backup database, or a certificate system. The hardware password module itself can be safely and concisely independent. Performing backup and recovery operations can improve management efficiency.
100‧‧‧硬體密碼模組 100‧‧‧hardware password module
101‧‧‧IC卡讀卡模組 101‧‧‧IC card reader module
102‧‧‧數字鍵盤輸入模組 102‧‧‧ Numeric keyboard input module
103‧‧‧輸入驗證模組 103‧‧‧Input Verification Module
104‧‧‧安控模組 104‧‧‧Security Control Module
105‧‧‧金鑰資料匯入匯出模組 105‧‧‧Key data import and export module
106‧‧‧授權模組 106‧‧‧Authorized Module
107‧‧‧金鑰模組 107‧‧‧Key Module
120‧‧‧IC卡 120‧‧‧IC card
140‧‧‧PIN碼 140‧‧‧PIN
160‧‧‧輸出入介面 160‧‧‧I / O interface
S202~S212‧‧‧方法步驟 S202 ~ S212‧‧‧Method steps
302‧‧‧AP金鑰 302‧‧‧AP Key
304‧‧‧Master金鑰 304‧‧‧Master Key
306‧‧‧安全管理官金鑰MAC 306‧‧‧Security Officer Key MAC
308‧‧‧密碼種子 308‧‧‧ Password Seed
S310‧‧‧Key Gen & Write指令 S310‧‧‧Key Gen & Write Command
S312‧‧‧MAC & Write指令 S312‧‧‧MAC & Write Command
S314‧‧‧Key Gen指令 S314‧‧‧Key Gen instruction
316‧‧‧安全管理官金鑰 316‧‧‧Security Administrator Key
S318‧‧‧Divide Shares(2/3)指令 S318‧‧‧Divide Shares (2/3)
320‧‧‧安全管理官金鑰持分部分IC卡 320‧‧‧Security administrator key holding partial IC card
322‧‧‧硬體密碼模組 322‧‧‧Hardware Password Module
324‧‧‧安全區域 324‧‧‧safe area
400‧‧‧硬體密碼模組 400‧‧‧hardware password module
401‧‧‧安全區域 401‧‧‧safe area
402‧‧‧Master金鑰 402‧‧‧Master Key
404‧‧‧AP金鑰 404‧‧‧AP Key
406‧‧‧AP金鑰 406‧‧‧AP Key
408‧‧‧安全管理官金鑰MAC 408‧‧‧Security Officer Key MAC
S410‧‧‧XOR運算 S410‧‧‧XOR operation
412‧‧‧KEK金鑰 412‧‧‧KEK key
S414‧‧‧金鑰封裝運算 S414‧‧‧Key Encapsulation Operation
418‧‧‧Wrapped金鑰 418‧‧‧Wrapped Key
420‧‧‧安全管理官金鑰持分部分IC卡 420‧‧‧Security administrator key holding partial IC card
S422‧‧‧組合 S422‧‧‧Combination
424‧‧‧安全管理官金鑰 424‧‧‧Security Administrator Key
426‧‧‧零值 426‧‧‧zero
S430‧‧‧MAC比對運算 S430‧‧‧MAC comparison operation
502‧‧‧欄位 502‧‧‧field
504‧‧‧欄位 504‧‧‧field
506‧‧‧欄位 506‧‧‧field
508‧‧‧雜湊函數 508‧‧‧Hash function
510‧‧‧欄位 510‧‧‧field
512‧‧‧Master金鑰 512‧‧‧Master Key
514‧‧‧加密運算 514‧‧‧cryptographic operation
516‧‧‧Wrapped金鑰 516‧‧‧Wrapped Key
600‧‧‧硬體密碼模組 600‧‧‧Hardware Password Module
601‧‧‧安全區域 601‧‧‧safe area
602‧‧‧Master金鑰 602‧‧‧Master Key
604‧‧‧AP金鑰 604‧‧‧AP Key
608‧‧‧安全管理官金鑰MAC 608‧‧‧Security Officer Key MAC
S614‧‧‧金鑰解封裝運算 S614‧‧‧Key decapsulation operation
618‧‧‧Wrapped金鑰 618‧‧‧Wrapped Key
620‧‧‧安全管理官金鑰持分部分IC卡 620‧‧‧Security administrator key holding partial IC card
S622‧‧‧組合 S622‧‧‧Combination
624‧‧‧安全管理官金鑰 624‧‧‧Security Administrator Key
S630‧‧‧MAC比對運算 S630‧‧‧MAC comparison operation
702‧‧‧Wrapped金鑰 702‧‧‧Wrapped Key
704‧‧‧Master金鑰 704‧‧‧Master Key
706‧‧‧解密運算 706‧‧‧Decryption operation
708‧‧‧MAC資料 708‧‧‧MAC Information
710‧‧‧雜湊函數 710‧‧‧Hash function
712‧‧‧欄位 712‧‧‧field
714‧‧‧欄位 714‧‧‧field
716‧‧‧欄位 716‧‧‧field
718‧‧‧KEK金鑰 718‧‧‧KEK key
720‧‧‧解密運算 720‧‧‧Decryption operation
722‧‧‧AP金鑰 722‧‧‧AP Key
S802~S836‧‧‧方法步驟 S802 ~ S836‧‧‧Method steps
圖1為本發明的範例系統架構示意圖;圖2為本發明的安全管理官金鑰產製與處理步驟圖;圖3為本發明的硬體密碼模組初始金鑰的程序示意圖;圖4為本發明的安全管理官授權備援金鑰程序示意圖;圖5為本發明的金鑰封裝運算的示意圖;圖6為本發明安全管理官授權回復金鑰的程序示意圖;圖7為本發明的金鑰解封裝運算的示意圖;圖8為本發明的授權金鑰備援與回復方法整體流程圖。 FIG. 1 is a schematic diagram of an exemplary system architecture of the present invention; FIG. 2 is a diagram of the key production and processing steps of a security manager of the present invention; FIG. 3 is a schematic diagram of a procedure of an initial key of a hardware cryptographic module of the present invention; The schematic diagram of the procedure for authorizing the backup key authorized by the security manager of the present invention; FIG. 5 is a schematic diagram of the key encapsulation operation of the present invention; A schematic diagram of the key decapsulation operation; FIG. 8 is an overall flowchart of the authorized key backup and recovery method of the present invention.
以下將以實施例結合圖式對本發明進行進一步說明,本發明係針對硬體密碼模組之金鑰備援與回復程序提升安全度的方法,以透過授權的金鑰備援與回復程序,確保 金鑰在安全管理官的授權下,才能回復金鑰,本發明的範例系統架構示意圖,請參閱圖1所示,其中,本實施例的硬體密碼模組100包含有七個模組,分別為:IC卡讀卡模組101、數字鍵盤輸入模組102、輸入驗證模組103、安控模組104、金鑰資料匯出及匯入模組105、授權模組106、金鑰模組107。 In the following, the present invention will be further described with reference to the embodiments and the drawings. The present invention is a method for improving the security of the key backup and recovery procedure of the hardware cryptographic module to ensure the authorized key backup and recovery procedure to ensure The key can only be recovered under the authorization of the security administrator. For a schematic diagram of the exemplary system architecture of the present invention, please refer to FIG. 1. The hardware password module 100 of this embodiment includes seven modules, respectively. For: IC card reader module 101, numeric keypad input module 102, input verification module 103, security control module 104, key data export and import module 105, authorization module 106, key module 107.
而硬體密碼模組中的IC卡讀卡機模組101係提供IC卡120插入以輸入,數字鍵盤輸入模組102則提供鍵入PIN碼140,授權機制係由授權模組106來執行,而金鑰的匯出及匯入程序在金鑰資料匯出及匯入模組105執行;其中,輸入驗證模組103用以接收自IC卡120讀取的資訊以及PIN碼140被輸入的資訊,而授權模組106和輸入驗證模組103連結,授權模組106依據IC卡120的資訊與PIN碼140資訊來獲取安全管理官之權限;另外,金鑰模組107,係用以安全地存放AP金鑰、Master金鑰或安全管理官之金鑰MAC等金鑰之區域;而安控模組,則是與輸入驗證模組、金鑰模組以及授權模組連結,安控模組是依據安全管理官之授權策略通知授權模組進行授權,進而進行金鑰備援與回復。 The IC card reader module 101 in the hardware password module provides IC card 120 for input, and the numeric keypad input module 102 provides a PIN code 140. The authorization mechanism is performed by the authorization module 106, and The key export and import procedures are performed in the key data export and import module 105; wherein the input verification module 103 is used to receive information read from the IC card 120 and information entered by the PIN code 140, The authorization module 106 is connected to the input verification module 103. The authorization module 106 obtains the authority of the security manager based on the information of the IC card 120 and the PIN code 140. In addition, the key module 107 is used for secure storage. Areas of keys such as AP key, Master key, or security manager's key MAC; and the security control module is connected to the input verification module, key module, and authorization module. The security control module is According to the authorization policy of the security manager, the authorization module is notified to perform authorization, and then key backup and reply are performed.
再請參閱圖2所示,其係安全管理官之金鑰產製與處理步驟圖,依序為:步驟S202產生金鑰種子、步驟S204產製安全管理官金鑰、步驟S206計算安全管理官MAC、步驟S208寫入安全區、步驟S210將安全管理官金鑰分解為三部分分持、步驟S212寫入安全管理官IC卡。 Please refer to FIG. 2 again, which is a diagram of the key production and processing steps of the security manager, in order: step S202 generates a key seed, step S204 generates the security manager key, and step S206 calculates the security manager The MAC is written into the security zone in step S208, the security manager key is decomposed into three parts in step S210, and the security manager IC card is written in step S212.
再參閱圖3,其係硬體密碼模組初始金鑰的程序示意圖,其中,在本實施例的硬體密碼模組322中,將密碼種子308經由Key Gen & Write的指令S310步驟來產製金鑰並寫入安全區域324內,其中,包含有AP金鑰302、Master 金鑰304;另外,由密碼種子308經由步驟S314的Key Gen指令產製安全管理官金鑰316,經由步驟S312的MAC & Write指令,來計算出該安全管理官金鑰的安全管理官金鑰的MAC(Message Authentication Code,訊息認證碼)306,再將安全管理官金鑰MAC 306寫入安全區域324內;另外,在此實施例中,安全管理官金鑰316係經過步驟S318的指令Divide Shares(2/3)來進行分持,即為三取二的方式,透過M取N的金鑰分持將該安全管理官金鑰316分為三份安全管理官金鑰的持分部分(Share),並分別寫入三張安全管理官金鑰持分部分IC卡320中,以其中任意的兩份即可組合回該安全管理官金鑰316。 Referring again to FIG. 3, which is a schematic diagram of the procedure of the initial key of the hardware cryptographic module. In the hardware cryptographic module 322 of this embodiment, the cryptographic seed 308 is produced through the instruction S310 of Key Gen & Write The key is written into the security area 324, which contains the AP key 302 and the master key 304. In addition, the security seed key 316 is produced by the crypto seed 308 via the Key Gen instruction in step S314, MAC & Write instruction to calculate the MAC (Message Authentication Code) 306 of the security manager key of the security manager key, and then write the security manager key MAC 306 into the security area 324; In this embodiment, the security manager key 316 is divided through the instruction Divide Shares (2/3) of step S318, which is a method of three by two. The key is divided by M and N. The security management officer key 316 is divided into three security management officer key holding parts (Share) and written into the three security management officer key holding part IC cards 320, and any two of them can be combined back. The security officer key 316.
再請參閱圖4所示,係為安全管理官授權備援金鑰的程序示意圖,其中,本實施例的硬體密碼模組400的安全管理官在三張管理官金鑰持分部分的IC卡420中任意選取兩張,即可進行步驟S422組合,合成出安全管理官金鑰424,在執行本發明的授權金鑰備援方法時,安全管理官金鑰424將被用於和選擇金鑰406一齊進行步驟S410的XOR運算,以計算出KEK金鑰412,若是進行一般模式,則透過零值426和選擇金鑰406一齊進行步驟S410的XOR運算,其中,選擇金鑰406係為自AP金鑰404中選取出的一把;最後,再利用Master金鑰402將AP金鑰404進行步驟S414的金鑰封裝運算;而進行備援時,將透過步驟S430的MAC比對運算,來與安全管理官金鑰MAC 408進行比對,若MAC(訊息認證碼)比對失敗,則無法備援輸出,若比對成功時,即可輸出封裝的Wrapped金鑰418。 Please refer to FIG. 4 again, which is a schematic diagram of a procedure for authorizing a backup key by a security administrator. In this embodiment, the security administrator of the hardware cryptographic module 400 of the present embodiment holds three IC card keys. Select any two of 420, and then perform step S422 combination to synthesize the security manager key 424. When the authorized key backup method of the present invention is performed, the security manager key 424 will be used and selected keys The XOR operation of step S410 is performed together at 406 to calculate the KEK key 412. If the normal mode is performed, the XOR operation of step S410 is performed at the same time through the zero value 426 and the selection key 406. The selection key 406 is from the AP The one selected from the key 404; finally, the master key 402 is used to perform the key encapsulation operation on the AP key 404 in step S414; and for backup, the MAC comparison operation in step S430 is used to compare with The security manager key MAC 408 is compared. If the MAC (message authentication code) comparison fails, the backup cannot be output. If the comparison is successful, the encapsulated Wrapped key 418 can be output.
再請參閱圖5,其係為金鑰封裝(Encapsulation) 運算的示意圖,其中,本實施例的金鑰備援係依據授權模式將授權旗標記錄在Auth_Flag欄位502,並在後續的欄位504記錄KEK金鑰ID,再在後續的欄位506紀錄KEK金鑰加密過後的備援金鑰,三個欄位一同經過雜湊函數508,而後將MAC記錄到欄位510,以確保資料之完整性;最後,透過Master金鑰512對整份資料進行加密運算514,最終結果為輸出封裝之Wrapped金鑰516。 Please refer to FIG. 5 again, which is a schematic diagram of a key encapsulation operation. Among them, the key backup in this embodiment records the authorization flag in the Auth_Flag field 502 according to the authorization mode, and in the subsequent field 504 Record the KEK key ID, and then record the backup key encrypted by the KEK key in the subsequent field 506. The three fields pass the hash function 508 together, and then the MAC is recorded in the field 510 to ensure the integrity of the data ; Finally, the entire data is encrypted 514 through the Master key 512, and the final result is an encapsulated Wrapped key 516.
再請參閱圖6所示,其係為安全管理官授權回復金鑰的程序示意圖,其中,本實施例的硬體密碼模組600的安全管理官用三張管理官金鑰持分部分的IC卡620中任意選取兩張,以進行步驟S622組合,合成出管理官金鑰624,當回復金鑰時,先透過步驟S630的MAC比對運算,以將運算結果與安全管理官金鑰的訊息認證碼608的運算結果進行比對,若成功則將輸入的Wrapped金鑰618經步驟S614的金鑰解封裝來運算出AP金鑰604,並寫入安全區域640,但若步驟S630的比對失敗,當無法回復金鑰。 Please refer to FIG. 6 again, which is a schematic diagram of a procedure for authorizing a security administrator to reply to a key. The security administrator of the hardware cryptographic module 600 of this embodiment uses three administrator keys to hold a part of the IC card. Randomly select two from 620 to perform the combination of step S622 to synthesize the management officer key 624. When the key is recovered, the MAC comparison operation of step S630 is first performed to authenticate the operation result with the information of the security management officer key. The calculation result of code 608 is compared. If successful, the input Wrapped key 618 is de-encapsulated through the key of step S614 to calculate the AP key 604 and write it into the secure area 640. However, if the comparison of step S630 fails When the key cannot be recovered.
參閱圖7,其係為金鑰解封裝(De-encapsulation)運算的示意圖,本實施例中,匯入的Wrapped金鑰702經由Master金鑰704進行解密運算706後,先將所得出的MAC資料708進行雜湊函式驗證710,確認完整性無誤後,再透過欄位712的Auth_Flag與欄位714的KEK金鑰ID來計算出KEK金鑰718,經由解密運算720將欄位716的加密之備援金鑰回復還原,以得到AP金鑰720並匯入硬體密碼模組。 Referring to FIG. 7, which is a schematic diagram of a key de-encapsulation operation. In this embodiment, the imported Wrapped key 702 is decrypted by the Master key 704 and then the obtained MAC data is first 706 708 performs hash function verification 710, after confirming that the integrity is correct, then calculates the KEK key 718 by using the Auth_Flag in field 712 and the KEK key ID in field 714, and encrypting the preparation of field 716 through decryption operation 720 The key recovery is restored to obtain the AP key 720 and import it into the hardware password module.
請參閱圖8所示,其為本發明的授權金鑰備援與回復方法之整體流程圖,在本實施例中,步驟S802為將安全管理官IC卡的三張中任意選取兩張,接著是步驟S804插入 安全管理官IC卡,步驟S806輸入PIN碼登入,以及步驟S808驗證PIN碼,若登入失敗,進入步驟S816錯誤訊息回報,流程結束。 Please refer to FIG. 8, which is an overall flowchart of the authorization key backup and recovery method of the present invention. In this embodiment, step S802 is to randomly select two of the three security manager IC cards, and then In step S804, insert the security manager IC card, enter the PIN code in step S806, and verify the PIN code in step S808. If the login fails, go to step S816 to report the error message, and the process ends.
若步驟S808的登入成功,則進入步驟S810組合安全管理官金鑰,接著是步驟S812製作安全管理官金鑰MAC,以及步驟S814比對安全管理官金鑰MAC結果,失敗則進入步驟S816錯誤訊息回報,成功則依照其管理組態的設定繼續流程;例如為授權式流程,則進入步驟S818選取安全管理官金鑰,並經過步驟S820將選擇金鑰與安全管理官金鑰進行XOR運算;若為非授權式流程,則進入步驟S822選取零值,接著進行步驟S824將選擇金鑰與零值進行運算;接續步驟S820以及S824的步驟,係為步驟826製作KEK金鑰。 If the login in step S808 is successful, the process proceeds to step S810 to combine the security manager key, followed by step S812 to create the security manager key MAC, and step S814 to compare the security manager key MAC result, and if it fails, proceed to step S816 error message. If the report is successful, the process will continue according to the settings of its management configuration. For example, if it is an authorized process, the process proceeds to step S818 to select the security manager key, and after step S820, the selected key and the security manager key are XORed. It is an unauthorized process, and then proceeds to step S822 to select a zero value, and then performs step S824 to calculate the selection key and the zero value. The steps subsequent to steps S820 and S824 are to create a KEK key for step 826.
接著,若是在金鑰備援流程中,則是進行步驟S828金鑰封裝,即為使用Master金鑰及KEK金鑰來進行封裝運算,最後進入步驟S830輸出備援Wrapped的AP金鑰;而若是在金鑰回復流程,係為先進入步驟S832輸入Wrapped的AP金鑰,接續則為步驟S834進行金鑰解封裝運算,即為使用Master金鑰及KEK金鑰來進行解封裝運算,再來係步驟S836將AP金鑰寫入安全區域。 Next, if it is in the key backup process, step S828 key encapsulation is performed, that is, the encapsulation operation is performed by using the Master key and the KEK key, and finally enter step S830 to output the backup Wrapped AP key; if it is In the key recovery process, the first step is to enter step S832 to enter the Wrapped AP key. The next step is to perform the key decapsulation operation in step S834, that is, the decapsulation operation is performed using the master key and the KEK key. Step S836 writes the AP key into the secure area.
通過上述的實施例以及圖式說明,應可瞭解本發明於技術思想上實屬創新,也具備先前技術不及的多種功效,已充分符合新穎性及進步性之法定發明專利要件,爰依法提出專利申請,懇請 貴局核准本件發明專利申請案以勵發明,至感德便。 Through the above-mentioned embodiments and illustrations, it should be understood that the present invention is technically innovative and possesses multiple effects that are inferior to the previous technology. It has fully met the statutory invention patent requirements for novelty and advancement, and filed a patent in accordance with the law. To apply, I urge your office to approve this invention patent application to encourage inventions.
Claims (5)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW105141005A TWI662825B (en) | 2016-12-12 | 2016-12-12 | Authorized key backup and recovery method of hardware password module |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW105141005A TWI662825B (en) | 2016-12-12 | 2016-12-12 | Authorized key backup and recovery method of hardware password module |
Publications (2)
Publication Number | Publication Date |
---|---|
TW201822500A TW201822500A (en) | 2018-06-16 |
TWI662825B true TWI662825B (en) | 2019-06-11 |
Family
ID=63258196
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
TW105141005A TWI662825B (en) | 2016-12-12 | 2016-12-12 | Authorized key backup and recovery method of hardware password module |
Country Status (1)
Country | Link |
---|---|
TW (1) | TWI662825B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TWI742670B (en) * | 2020-05-19 | 2021-10-11 | 中華電信股份有限公司 | Terminal device, server and method for private key protection and transaction supervision in blockchains |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070223706A1 (en) * | 2005-12-12 | 2007-09-27 | Alexander Gantman | Certify and split system and method for replacing cryptographic keys |
US20090327697A1 (en) * | 2006-10-16 | 2009-12-31 | Panasonic Corporation | Network security processing method and system for selecting one of software and hardware cryptographic modules by means of multimedia session information |
US20130080791A1 (en) * | 2002-03-25 | 2013-03-28 | John P. Brizek | Security Protocols for Processor-Based Systems |
TWI476629B (en) * | 2012-12-26 | 2015-03-11 | Chunghwa Telecom Co Ltd | Data security and security systems and methods |
TWI561046B (en) * | 2015-05-22 | 2016-12-01 | Mstar Semiconductor Inc | Key protecting device and key protecting method |
-
2016
- 2016-12-12 TW TW105141005A patent/TWI662825B/en active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20130080791A1 (en) * | 2002-03-25 | 2013-03-28 | John P. Brizek | Security Protocols for Processor-Based Systems |
US20070223706A1 (en) * | 2005-12-12 | 2007-09-27 | Alexander Gantman | Certify and split system and method for replacing cryptographic keys |
US20090327697A1 (en) * | 2006-10-16 | 2009-12-31 | Panasonic Corporation | Network security processing method and system for selecting one of software and hardware cryptographic modules by means of multimedia session information |
TWI476629B (en) * | 2012-12-26 | 2015-03-11 | Chunghwa Telecom Co Ltd | Data security and security systems and methods |
TWI561046B (en) * | 2015-05-22 | 2016-12-01 | Mstar Semiconductor Inc | Key protecting device and key protecting method |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TWI742670B (en) * | 2020-05-19 | 2021-10-11 | 中華電信股份有限公司 | Terminal device, server and method for private key protection and transaction supervision in blockchains |
Also Published As
Publication number | Publication date |
---|---|
TW201822500A (en) | 2018-06-16 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10439811B2 (en) | Method for securing a private key on a mobile device | |
CN106548345B (en) | Method and system for realizing block chain private key protection based on key partitioning | |
US9673975B1 (en) | Cryptographic key splitting for offline and online data protection | |
US20210083872A1 (en) | Systems, methods, and devices for secure blockchain transaction and subnetworks | |
US20180034810A1 (en) | A system and methods for protecting keys in computerized devices operating versus a server | |
CN102271037B (en) | Based on the key protectors of online key | |
CN102084313B (en) | Systems and method for data security | |
US8966269B2 (en) | Integrity protected smart card transaction | |
CN101651543B (en) | Creditable calculation platform key migration system and key migration method thereof | |
He et al. | A social-network-based cryptocurrency wallet-management scheme | |
CN108471352A (en) | Processing method, system, computer equipment based on distributed private key and storage medium | |
WO2015158172A1 (en) | User identity identification card | |
US20130124860A1 (en) | Method for the Cryptographic Protection of an Application | |
US20100031045A1 (en) | Methods and system and computer medium for loading a set of keys | |
TWI476629B (en) | Data security and security systems and methods | |
WO2021057124A1 (en) | Fpga-based privacy block chain implementing method and device | |
CN104881595B (en) | The self-help remote unlocking method managed based on PIN code | |
CN101651538A (en) | Method for safe transmission of data based on creditable password module | |
US8806216B2 (en) | Implementation process for the use of cryptographic data of a user stored in a data base | |
US20200118095A1 (en) | Cryptocurrency securing method and device thereof | |
CN114091123A (en) | Secure integrated circuit chip and protection method thereof | |
TWI662825B (en) | Authorized key backup and recovery method of hardware password module | |
TWI430643B (en) | Secure key recovery system and method | |
CN103825740A (en) | Mobile terminal payment password transmission system and method | |
CN102236754B (en) | Data security method and electronic device using same |