WO2015135398A1 - Procédé de traitement de données basé sur des clés de négociation - Google Patents

Procédé de traitement de données basé sur des clés de négociation Download PDF

Info

Publication number
WO2015135398A1
WO2015135398A1 PCT/CN2015/070911 CN2015070911W WO2015135398A1 WO 2015135398 A1 WO2015135398 A1 WO 2015135398A1 CN 2015070911 W CN2015070911 W CN 2015070911W WO 2015135398 A1 WO2015135398 A1 WO 2015135398A1
Authority
WO
WIPO (PCT)
Prior art keywords
information
mobile phone
security module
verification
random
Prior art date
Application number
PCT/CN2015/070911
Other languages
English (en)
Chinese (zh)
Inventor
李东声
Original Assignee
天地融科技股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 天地融科技股份有限公司 filed Critical 天地融科技股份有限公司
Publication of WO2015135398A1 publication Critical patent/WO2015135398A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/56Financial cryptography, e.g. electronic payment or e-cash
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless

Definitions

  • the user identification card wherein the first processing information at least includes: the information to be transmitted and the first verification information; after receiving the first processing information, the user identification card passes The first identification information is verified by the negotiation key of the user identification card end; if the user identification card verifies the first processing information, the user identification card pairs the information to be transmitted Sign the signature to get the first signature information.
  • the user identification card sends the second processing information to the mobile phone security module, where the second processing information includes at least: the first And the second verification information is verified by the negotiation key of the mobile phone security module end; if the mobile phone security module receives the second processing information, if the mobile phone After the security module verifies the second processing information, the mobile phone security module sends out at least the first signature information; or the user identity identification card passes the negotiation key of the user identity card end.
  • Step S105 After obtaining the first random verification factor, the user identity identification card performs a check calculation on the first random verification factor according to the preset first key, and obtains the first verification verification information.
  • the second random factor acquired by the user identity card may be directly generated by the user identity card, or may be generated by the mobile phone security module and sent to the user identity card.
  • the second random factor may also be one or a string of random numbers, or may be one or a string of random characters, or any combination of a string of random numbers and random combinations.
  • Manner 5 generating according to the first key and the preset second key, and the first random verification factor.
  • Method 7 Generate according to the first key, and the first random verification factor and the second random factor.
  • Manner 2 generated according to the first key and the second random verification factor.
  • Manner 5 generating according to the first key and the second key, and the first random factor.
  • Manner 6 generated according to the first key and the second key, and the second random verification factor.
  • the mode 1 to mode 4 negotiation key generation factor is less, the generation rate is faster; the mode 5 to mode 9 negotiation key generation factors are more, and the generated negotiation key is more complicated and safe.
  • Step S113 The mobile security module and the user identification card perform secure transmission of information through the negotiation key of the mobile security module end and the negotiation key of the user identification card end.
  • the mobile phone security module and the user identification card pass the negotiation key of the two ends. Secure transmission of information.
  • the mobile phone security module obtains the information to be transmitted, and the information to be transmitted may be confidential information that needs to be transmitted securely, or may be transaction information to be traded in the online banking.
  • the information to be transmitted may be transaction information of a transaction to be executed, for example, transaction information such as a transaction account number and a transaction amount obtained by the mobile phone through an online banking client.
  • Step S116a The mobile phone security module sends the first processing information to the user identification card, where the first processing information includes at least: first ciphertext information.
  • the user identity card signs the information to be transmitted to ensure the integrity and non-repudiation of the information to be transmitted.
  • step S120 the user identification card sends the second processing information to the mobile phone security module, where the second processing information includes at least: second ciphertext information.
  • the mobile phone security module decrypts the second ciphertext information through the negotiation key of the mobile phone security module to obtain the real first signature information.
  • a secure information interaction is completed between the mobile phone security module and the user identification card.
  • Step S122a The mobile phone security module issues at least the first signature information.
  • the signed confidential information is sent out to the device for extracting confidential information
  • the mobile phone security module obtains the information to be transmitted, and the information to be transmitted may be confidential information that needs to be transmitted securely, or may be transaction information to be traded in the online banking.
  • the information to be transmitted may be confidential information that the mobile phone needs to output, for example, confidential information obtained by the mobile phone from a secure storage area of the mobile phone.
  • the information to be transmitted may be transaction information of a transaction to be executed, for example, transaction information such as a transaction account number and a transaction amount obtained by the mobile phone through an online banking client.
  • Step S115b the mobile phone security module performs verification on the transmitted information by using the negotiation key of the mobile security module end. Calculate, get the first verification information.
  • the mobile phone security module performs check calculation on the transmission information through the negotiation key of the mobile phone security module generated by the mobile phone security module, thereby ensuring the integrity of the information to be transmitted.
  • the negotiation key includes at least one verification calculation key, and the verification calculation may be any verification manner such as calculating a MAC value.
  • Step S116b The mobile phone security module sends the first processing information to the user identification card, where the first processing information includes at least: information to be transmitted and first verification information.
  • the mobile phone security module performs verification calculation on the first ciphertext information through the negotiation key of the mobile phone security module end generated by the mobile phone security module, thereby ensuring the integrity of the first ciphertext information.
  • the check calculation can be any verification method such as calculating a MAC value.
  • the negotiation key includes at least one encryption key and one verification calculation key.
  • the first ciphertext information is verified by the negotiation key of the mobile phone security module.
  • the user identity identification card passes the user identification card.
  • the negotiation key in the same manner performs the check calculation on the first ciphertext information, and compares with the first check information, and after the comparison is consistent, the verification passes, thereby ensuring that the obtained first ciphertext information has not been tampered with.
  • Step S123c If the mobile phone security module verifies the second processing information, the second ciphertext information is decrypted by using the negotiation key of the mobile phone security module to obtain the first signature information.
  • the signed transaction information is transmitted to an online banking server or the like.
  • step S119d the user identification card signs the transmission information to obtain the first signature information.
  • Step S122d The mobile phone security module decrypts the second ciphertext information through the negotiation key of the mobile phone security module to obtain the first signature information.
  • Step S117e After receiving the first processing information, the user identity identification card verifies the first processing information by using the negotiation key of the user identity card end.
  • Step S121e The user identification card sends the second processing information to the mobile phone security module, where the second processing information includes at least: first signature information and second verification information.
  • Step S122e After receiving the second processing information, the mobile phone security module verifies the second processing information by using the negotiation key of the mobile security module.
  • Step S121f After receiving the second processing information, the mobile phone security module verifies the second processing information by using the negotiation key of the mobile security module.
  • Step S122f If the mobile phone security module verifies the second processing information, the second ciphertext information is decrypted by using the negotiation key of the mobile phone security module to obtain the first signature information.
  • Step S114g The mobile phone security module acquires information to be transmitted.
  • Step S115g The mobile phone security module performs a check calculation on the transmission information by using the negotiation key of the mobile phone security module, and obtains the first verification information.
  • Step S116g The mobile phone security module sends the first processing information to the user identification card, where the first processing information includes at least: information to be transmitted and first verification information.
  • Step S117g After receiving the first processing information, the user identity identification card verifies the first processing information by using the negotiation key of the user identity card end.
  • Step S118g If the user identification card verifies the first processing information, the user identity card signs the transmission information to obtain the first signature information.
  • Step S119g The user identity card encrypts the first signature information by using the negotiation key of the user identity card, obtains the second ciphertext information, and performs a check calculation on the second ciphertext information to obtain the second verification information.
  • Step S120g The user identification card sends the second processing information to the mobile phone security module, where the second processing information includes at least: second ciphertext information and second verification information.
  • Step S122g if the mobile phone security module verifies the second processing information, the mobile security module end The negotiation key decrypts the second ciphertext information to obtain the first signature information.
  • Step S123g The mobile phone security module sends out at least the first signature information.
  • Step S116h The mobile phone security module sends the first processing information to the user identification card, where the first processing information includes at least: first ciphertext information.
  • step S118h the user identification card signs the transmission information to obtain the first signature information.
  • step S120h the user identification card sends the second processing information to the mobile phone security module, where the second processing information includes at least: first signature information and first verification information.
  • Step S121h After receiving the second processing information, the mobile phone security module verifies the second processing information by using the negotiation key of the mobile security module.
  • Step S122h If the mobile phone security module verifies the second processing information, the mobile phone security module issues at least the first signature information.
  • Step S114i The mobile phone security module acquires information to be transmitted.
  • Step S116i The mobile phone security module sends the first processing information to the user identification card, where the first processing information includes at least: first ciphertext information and first verification information.
  • Step S117i After receiving the first processing information, the user identity identification card verifies the first processing information by using the negotiation key of the user identity card end.
  • the step of performing verification calculation on each ciphertext information may be replaced by performing verification calculation on the original text of the ciphertext information, and after obtaining the verification information and the ciphertext information, , the first decryption to obtain the original text of the ciphertext information, and then verify the verification information.
  • the original text of ciphertext information or ciphertext information cannot be tampered with.
  • Step S1141 The mobile phone security module extracts key information in the information to be transmitted.
  • the mobile phone security module can extract key information such as the file name in the confidential information, so that the user can confirm whether the confidential file needs to be extracted for secure output.
  • the mobile security module can extract key information in the transaction information, such as transaction account number and transaction amount, so that the user can confirm whether the transaction is a real transaction.
  • the mobile phone security module and the user identity identification card are included in the mobile phone according to the embodiment 1 of the present invention.
  • the mobile phone security module and the user identification card can be divided into any module and/or any combination of the transceiver unit, the encryption and decryption unit, the verification calculation unit, the generation unit, the verification unit, the signature unit and the like to complete the corresponding functions. I will not repeat them here.
  • Step S205 After obtaining the first random verification factor, the mobile phone security module performs a check calculation on the first random verification factor according to the preset first key, and obtains the first verification verification information.
  • the data processing method based on the negotiation key of the present invention enables the mobile phone to securely perform online banking service and/or confidential information transmission.
  • the above mentioned storage medium may be a read only memory, a magnetic disk or an optical disk or the like.

Abstract

L'invention concerne un procédé de traitement de données basé sur des clés de négociation, comportant les étapes suivantes: un module de sécurité de téléphone mobile obtient un premier facteur aléatoire et envoie des informations de contrôle du premier facteur aléatoire à un module d'identité d'abonné; le module d'identité d'abonné vérifie si les informations de contrôle du premier facteur aléatoire sont identiques aux premières informations de vérification de contrôle, si oui, un deuxième facteur aléatoire est obtenu, une clé de négociation du côté module d'identité d'abonné est générée et des informations de contrôle du deuxième facteur aléatoire sont envoyées au module de sécurité de téléphone mobile; le module de sécurité de téléphone mobile vérifie si les informations de contrôle du deuxième facteur aléatoire sont identiques aux deuxièmes informations de vérification de contrôle, si oui, une clé de négociation du côté module de sécurité de téléphone mobile est générée et il est procédé à la transmission sécurisée d'informations d'après la clé de négociation. Le procédé de traitement de données basé sur des clés de négociation permet à un téléphone mobile de réaliser de façon sécurisée un service bancaire en ligne et/ou une transmission d'informations confidentielles.
PCT/CN2015/070911 2014-03-12 2015-01-16 Procédé de traitement de données basé sur des clés de négociation WO2015135398A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201410089815.1A CN103888453B (zh) 2014-03-12 2014-03-12 一种基于协商密钥的数据处理方法
CN201410089815.1 2014-03-12

Publications (1)

Publication Number Publication Date
WO2015135398A1 true WO2015135398A1 (fr) 2015-09-17

Family

ID=50957173

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2015/070911 WO2015135398A1 (fr) 2014-03-12 2015-01-16 Procédé de traitement de données basé sur des clés de négociation

Country Status (3)

Country Link
CN (1) CN103888453B (fr)
HK (1) HK1199567A1 (fr)
WO (1) WO2015135398A1 (fr)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111526509A (zh) * 2020-05-26 2020-08-11 中国联合网络通信集团有限公司 一种卡数据处理方法及装置
CN111814137A (zh) * 2020-06-29 2020-10-23 深圳市海邻科信息技术有限公司 终端的运维方法、运维系统及存储介质
CN112787977A (zh) * 2019-11-07 2021-05-11 中国电信股份有限公司 安全传输方法和系统

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103888453B (zh) * 2014-03-12 2018-02-16 天地融科技股份有限公司 一种基于协商密钥的数据处理方法
CN108924161A (zh) * 2018-08-13 2018-11-30 南京敞视信息科技有限公司 一种交易数据加密通信方法及系统
CN109787955B (zh) * 2018-12-12 2021-07-16 东软集团股份有限公司 信息传输的方法、装置及存储介质
CN112149099B (zh) * 2019-06-26 2024-02-13 天地融科技股份有限公司 一种办公安全控制方法、安全键盘及办公系统

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101626370A (zh) * 2008-07-07 2010-01-13 华为技术有限公司 节点间密钥的分配方法、系统及设备
CN101686127A (zh) * 2008-09-24 2010-03-31 北京创原天地科技有限公司 一种新型的USBKey安全调用方法和USBKey装置
US20130159195A1 (en) * 2011-12-16 2013-06-20 Rawllin International Inc. Authentication of devices
CN103888453A (zh) * 2014-03-12 2014-06-25 天地融科技股份有限公司 一种基于协商密钥的数据处理方法

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7783041B2 (en) * 2005-10-03 2010-08-24 Nokia Corporation System, method and computer program product for authenticating a data agreement between network entities
CN100488099C (zh) * 2007-11-08 2009-05-13 西安西电捷通无线网络通信有限公司 一种双向接入认证方法
CN102014386B (zh) * 2010-10-15 2012-05-09 西安西电捷通无线网络通信股份有限公司 一种基于对称密码算法的实体鉴别方法及系统
CN103002442A (zh) * 2012-12-20 2013-03-27 邱华 无线局域网密钥安全分发方法
CN203278851U (zh) * 2013-03-06 2013-11-06 上海阳扬电子科技有限公司 一种带有无线通信功能的加密认证设备

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101626370A (zh) * 2008-07-07 2010-01-13 华为技术有限公司 节点间密钥的分配方法、系统及设备
CN101686127A (zh) * 2008-09-24 2010-03-31 北京创原天地科技有限公司 一种新型的USBKey安全调用方法和USBKey装置
US20130159195A1 (en) * 2011-12-16 2013-06-20 Rawllin International Inc. Authentication of devices
CN103888453A (zh) * 2014-03-12 2014-06-25 天地融科技股份有限公司 一种基于协商密钥的数据处理方法

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112787977A (zh) * 2019-11-07 2021-05-11 中国电信股份有限公司 安全传输方法和系统
CN112787977B (zh) * 2019-11-07 2022-11-11 中国电信股份有限公司 安全传输方法和系统
CN111526509A (zh) * 2020-05-26 2020-08-11 中国联合网络通信集团有限公司 一种卡数据处理方法及装置
CN111526509B (zh) * 2020-05-26 2022-08-02 中国联合网络通信集团有限公司 一种卡数据处理方法及装置
CN111814137A (zh) * 2020-06-29 2020-10-23 深圳市海邻科信息技术有限公司 终端的运维方法、运维系统及存储介质
CN111814137B (zh) * 2020-06-29 2024-03-22 深圳市海邻科信息技术有限公司 终端的运维方法、运维系统及存储介质

Also Published As

Publication number Publication date
CN103888453B (zh) 2018-02-16
HK1199567A1 (en) 2015-07-03
CN103888453A (zh) 2014-06-25

Similar Documents

Publication Publication Date Title
US20240007308A1 (en) Confidential authentication and provisioning
WO2015161689A1 (fr) Procédé de traitement de données basé sur une clé de négociation
WO2015135398A1 (fr) Procédé de traitement de données basé sur des clés de négociation
EP3324572B1 (fr) Procédé de transmission d'informations et dispositif mobile
AU2019240671A1 (en) Methods for secure cryptogram generation
US20160080157A1 (en) Network authentication method for secure electronic transactions
CN108234115B (zh) 信息安全的验证方法、装置和系统
CN103095456B (zh) 交易报文的处理方法和系统
CN109194465B (zh) 用于管理密钥的方法、用户设备、管理设备、存储介质
CN108566381A (zh) 一种安全升级方法、装置、服务器、设备和介质
CN103078742B (zh) 数字证书的生成方法和系统
WO2015158172A1 (fr) Carte d'identification de l'identité d'un utilisateur
CN109064324A (zh) 基于联盟链的交易方法、电子装置及可读存储介质
WO2014107977A1 (fr) Procédé et système de protection par clé
CN109861813B (zh) 基于非对称密钥池的抗量子计算https通信方法和系统
CN112055019B (zh) 一种建立通信信道的方法及用户终端
WO2018120938A1 (fr) Procédé de transmission de clé hors ligne, terminal et support de stockage
TWI724684B (zh) 用於執行經過身分驗證的加密操作的方法、系統及裝置
WO2015109958A1 (fr) Procédé de traitement de données basé sur une clé de négociation, et téléphone mobile
WO2015158173A1 (fr) Procédé de traitement de données à base de clé d'accord
CN114143117A (zh) 数据处理方法及设备
CN112003697A (zh) 密码模块加解密方法、装置、电子设备及计算机存储介质
CN114389860A (zh) 语音通信方法及其装置
CN112583588B (zh) 一种通信方法及装置、可读存储介质
CN109510711B (zh) 一种网络通信方法、服务器、客户端及系统

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15761603

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15761603

Country of ref document: EP

Kind code of ref document: A1