WO2017054436A1 - 一种动态加密方法、终端、服务器 - Google Patents
一种动态加密方法、终端、服务器 Download PDFInfo
- Publication number
- WO2017054436A1 WO2017054436A1 PCT/CN2016/079217 CN2016079217W WO2017054436A1 WO 2017054436 A1 WO2017054436 A1 WO 2017054436A1 CN 2016079217 W CN2016079217 W CN 2016079217W WO 2017054436 A1 WO2017054436 A1 WO 2017054436A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- signature
- key
- data
- index
- server
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0457—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply dynamic encryption, e.g. stream encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/061—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3297—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
Definitions
- the present invention relates to encryption technologies, and in particular, to a dynamic encryption method, a terminal, and a server.
- the communication between the terminal and the server generally uses the Hyper Text Transfer Protocol over Secure Socket Layer (HTTPS) to authenticate the server and establish a trusted channel, specifically through the browser's CA certificate.
- HTTPS Hyper Text Transfer Protocol over Secure Socket Layer
- the server certificate is authenticated to obtain the public key of the server, and the asymmetric key is negotiated by using the public key of the server and the private key stored in the server, and once negotiated, it is kept in the session object. Both the terminal and the server use asymmetric key encryption in subsequent sessions.
- the communication between the terminal and the server can also develop a symmetric encryption system by itself, hard coding the symmetric key to the terminal, and the symmetric encryption efficiency is high.
- SSL/TLS Secure Socket Layer/Transport Layer Security
- Waste Socket Layer/Transport Layer Security Waste Socket Layer/Transport Layer Security
- Symmetric encryption systems such as the Advanced Encryption Standard (AES) cannot meet the requirements of dynamic keys and tamper resistance.
- AES Advanced Encryption Standard
- an embodiment of the present invention provides a dynamic encryption signature method, a terminal, and a server.
- a predetermined first key index and a random first signature index are selected;
- the server After the server decrypts and verifies the session request data, the session response data sent by the server and signed by a random second signature and encrypted by a random second key is received.
- the session request data sent by the terminal and signed by the first signature and the first key is encrypted
- the second key index and the second signature index are randomly selected
- the session response data is signed by using the second signature corresponding to the second signature index, and the session response data is encrypted by using the second key corresponding to the second key index, and then sent to the terminal.
- a processor configured to: execute, by the executable instruction, one or more keys and one or more signatures through the native data; when the session connection is made, select the predetermined first key An index and a random first signature index; indexing the first key and the first signature from the one or more keys and the one or more signatures according to the first key index and the first signature index; Decoding the session request data by the first signature, and encrypting the session request data by using the first key;
- a communication interface configured to send the encrypted session request data to a server; after the server decrypts and verifies the session request data, receiving a second signature signed by the server and using a random second signature And a random second key to encrypt the session response data.
- a communication interface configured to receive session request data sent by the terminal and signed by the first signature and encrypted by the first key when the session connection is performed;
- a processor configured to: perform, by executable instructions, a predetermined first key index and a random first signature index; and from the pre-stored one or more according to the first key index and the first signature index Indexing the first key and the first signature in the key and the one or more signatures; decrypting the session request data by using the first key, and performing verification of the session request data by using the first signature After the verification is passed, the second key index and the second signature index are randomly selected; the session response data is signed by using the second signature corresponding to the second signature index, and the second key index is used by the second key index.
- the second key encrypts the session response data;
- the communication interface is further configured to send the encrypted session response data to the terminal.
- the request configuration message is signed by the first signature, and the first key is encrypted;
- the first instruction set is searched by using the configuration information
- the card reading operation is performed by using the first instruction set to obtain card information.
- a communication interface configured to send a request configuration message to the server, the request configuration message is signed by the first signature, and the first key is encrypted; receiving configuration information sent by the server, where the configuration information is performed by the server by using the second signature Signature, and the second key is encrypted;
- the processor is configured to perform the following operations by using the executable instruction: after decrypting and verifying the configuration information, using the configuration information to find a first instruction set; and using the first instruction set to perform a card reading operation, Get the card information.
- the terminal is buried with a series of symmetric keys and signatures, and the server also embeds a key and a signature corresponding to the terminal one by one, and the keys and signatures are generated by the original data. Improves the security of keys and signatures and avoids the risk of keys and signatures being cracked.
- the server randomly selects the key index and the signature index to establish a symmetric encryption system.
- the negotiated signature key life cycle is a login state session, and the symmetric encryption channel is used to negotiate a session life cycle signature key and a one-time valid signature key, thereby implementing a three-layer system of encrypted communication and dynamic signature.
- the server dynamically generates a one-time valid signature and sends it to the terminal along with the server response data.
- the terminal uses the last issue in the next interaction.
- the signature of the signature is sent to the server, which can guarantee the tampering of the result of the terminal request.
- FIG. 1 is a schematic flowchart of a dynamic encryption signature method according to Embodiment 1 of the present invention
- FIG. 2 is a schematic flowchart of a dynamic encryption signature method according to Embodiment 2 of the present invention.
- FIG. 3 is a schematic flowchart of a dynamic encryption signature method according to Embodiment 3 of the present invention.
- FIG. 4 is a schematic flowchart of a dynamic encryption signature method according to Embodiment 4 of the present invention.
- FIG. 5 is a schematic structural diagram of a terminal according to an embodiment of the present invention.
- FIG. 6 is a schematic structural diagram of a server according to an embodiment of the present invention.
- FIG. 7 is a schematic flowchart diagram of a dynamic encryption signature method according to another embodiment of the present invention.
- FIG. 8 is a schematic structural diagram of a terminal according to another embodiment of the present invention.
- FIG. 9 is a schematic diagram of hardware entities of a terminal according to an embodiment of the present invention.
- FIG. 10 is a schematic diagram of hardware entities of a server according to an embodiment of the present invention.
- FIG. 1 is a schematic flowchart of a dynamic cryptographic signature method according to Embodiment 1 of the present invention.
- the dynamic cryptographic signature method in this example is applied to a terminal side.
- the dynamic cryptographic signature method includes the following steps:
- Step 101 Generate one or more keys and one or more signatures from the native data.
- the terminal may be a fixed electronic device such as a personal computer (PC), and may also be a portable electronic device such as a personal digital assistant (PAD), a tablet computer, a laptop computer, and of course, such as Smart phone such as smart mobile terminal.
- PC personal computer
- PDA personal digital assistant
- Smart phone such as smart mobile terminal.
- the key and signature of the terminal are implemented by using native data, such as C language, and Provide relevant interfaces in the form of dynamic native libraries.
- native data such as C language
- a series of symmetric keys and signatures are buried in the native library, and access methods based on key index and signature index are provided to avoid burying.
- the incoming symmetric key and signature are read.
- the server is also configured with a symmetric key and signature corresponding to the terminal one by one.
- Table 1 configures a total of five sets of key indexes and corresponding keys, five sets of signature indexes and their corresponding signatures.
- the key index can be used to index the corresponding key
- the signature index can be used to index the corresponding signature.
- the key index 2 can be used to index the corresponding key as C1
- the signature index 0 can be used to index the corresponding signature as A2.
- Step 102 When a session connection is made, a predetermined first key index and a random first signature index are selected.
- the terminal in each session initialization process, the terminal first selects a predetermined first key index and a random first signature index.
- the predetermined first key index is a key index agreed by the terminal and the server in advance, and can generally be set as a default key index, and the key index number is 0.
- the random first signature index may be determined by acquiring the current time stamp or a random number.
- acquiring a current timestamp performing a first transform process on the current timestamp to obtain the first signature index, or acquiring a random number, performing a second transform process on the random number, to obtain the first timestamp Signature index.
- the current timestamp is 2015.05.05.08.34, which indicates that at 8:34 on May 5, 2015, the timestamp is transformed. For example, if the number of seconds is divided by 5, the remainder is obtained. The result is the signature index.
- the random function of the terminal is used to take a random number, and the remainder is divided by 5 to obtain a remainder, and the obtained result is a signature index.
- a session manages a series of mutually state-dependent objects, and a context of a business process can be concatenated through a session.
- Step 103 Index the first key and the first signature from the one or more keys and one or more signatures according to the first key index and the first signature index.
- the first key and the first signature may be indexed from the one or more keys and one or more signatures according to the first key index and the first signature index.
- the key index 2 can be used to index the corresponding key as C1
- the signature index 0 can be used to index the corresponding signature as A2.
- Step 104 Sign the session request data by using the first signature, and encrypt the session request data by using the first key, and then send the data to the server.
- the session request data is different according to the specific implementation manner of the terminal.
- the terminal is an NFC (Near Field Communication) type electronic device, and the terminal implements the circle storage function by using NFC
- the session request data includes User identification, transaction information, etc.
- NFC is a short-range high-frequency radio technology that operates at a distance of 13 cm at a frequency of 13.56 MHz. Its transmission speed is 106Kbit/sec, 212Kbit/sec or 424Kbit/sec.
- near field communication has passed the ISO/IEC IS 18092 international standard, the ECMA-340 standard and the ETSI TS 102 190 standard.
- NFC technology can be used as airport check-in verification, building access keys, traffic cards, credit cards, payment cards, and more.
- Circulation refers to the process of directly depositing (storing) money in a consumer bank account on an IC chip, that is, having an electronic wallet, so that consumers are excused from carrying cash to change, lost, counterfeit, and The risk of grabbing.
- the terminal is an NFC type electronic device
- information verification work is implemented by using NFC. Yes, the user ID is included in the session request data.
- the terminal when the terminal has a Bluetooth function, the terminal sends a request for querying the bill to the server through the Bluetooth, and the session request data includes the user identifier, the query object information, and the like.
- Step 105 After the server decrypts and verifies the session request data, the session response data sent by the server and signed by a random second signature and encrypted by a random second key is received.
- the second session index and the second signature index are stored in the login session object.
- the session is always present, and the session is in the login state.
- the server releases the session resource.
- the terminal may send many session requests to the server, and these session requests are stored in the same session.
- the session object is used to store information required for a particular terminal session, such as session ID (ID, IDentification), session key, etc.; when the session is established, the server establishes a session object for the terminal due to the session.
- Objects are suitable for login status and are therefore called login session objects.
- the second key index and the second signature index are stored in the login session object, so that both the terminal and the server can obtain the second key index and the second signature index by logging in the session object, thereby further obtaining
- the corresponding second key and the second signature implement data encryption and decryption of both parties, thereby improving data security.
- the session request data of the server to the terminal is decrypted and checked according to the agreed key index and the signature index.
- the server randomly selects a new key index and signature index, and indexes the new key and The signature index is saved to the login session object along with the login state. Therefore, the key index and the signature index exist in the entire login session, and the response data is signed by the signature corresponding to the new signature index (First Key). And encrypting the response data by using the key corresponding to the new key index, and then transmitting the response data to the terminal.
- the terminal receives a session response sent by the server with a new signature (First Key) for signature and a new key for encryption. data.
- an encrypted channel is established from the terminal to the login state of the server.
- the session identifier data is encrypted by using the first key, and the first signature index is encrypted; and the encrypted session request data and the first signature index are sent to The server.
- the server may obtain the first signature index, and then index the first signature for verification.
- a subsequent session can be performed between the terminal and the server, specifically:
- the server decrypts and checks the first data, receiving, by the server, second data that is signed by the second signature and encrypted by the second key, where the The second data is an execution result of the first data.
- the above solution is applicable to a one-time operation process, such as a terminal request order list. Since the process does not have a dependency relationship with each other, the terminal performs the following processing: the user triggers the first operation (request order list) on the terminal, and the terminal acquires the first operation. Corresponding first data (account data, order list identifier, etc.), after signing the first data with a new signature (second signature), encrypting with a new key (second key), and then transmitting to server.
- the server first determines the login state, reads the key index and the signature index from the login state session object, decrypts the key corresponding to the key index, and uses the signature corresponding to the signature index to perform the verification. Then, the business logic is executed to obtain the second data, and the second data signature is encrypted by using the new key and the signature, and then sent to the terminal.
- a subsequent session can be performed between the terminal and the server, specifically:
- the server After the server decrypts and checks the third data, receiving, by the server, fourth data that is signed by the third signature and encrypted by the second key, where the fourth The data is a result of execution of the third data, and the second session index and the third signature index are stored in the login session object.
- the server specifies a brand new signature index in each request response process, and The signature index is stored together with the login session object and sent to the terminal along with the response.
- the entire communication process is encrypted using the key corresponding to the key index (second key), and signed using the signature corresponding to the constantly updated signature index (Next Key).
- the server uses the signature of the one-time valid signature index (Next Key) for verification. Increased security.
- FIG. 2 is a schematic flowchart of a dynamic encryption signature method according to Embodiment 2 of the present invention, which includes the following steps:
- Step 201 The terminal encrypts the session request data signature by using a default key and a random signature, and sends the data to the server.
- Step 202 The server receives the session request data, and after the decryption check is passed, randomly selects a new key and a signature and sends the key to the terminal.
- Step 203 The terminal encrypts and encrypts the subsequent session data by using the new key and the signature, and sends the packet to the server.
- FIG. 3 is a schematic flowchart of a dynamic encryption signature method according to Embodiment 3 of the present invention, which includes the following steps. :
- Step 301 The terminal encrypts the request data signature by using the key and the signature in the current login session object, and sends the request data to the server.
- Step 302 The server receives the request data, and after the decryption check is passed, randomly selects a new signature and sends the new signature to the terminal.
- the new signature is saved to the login session object.
- Step 303 The terminal uses the key in the current login session object and the new signature to perform signature encryption on the subsequent session data, and sends the packet to the server.
- the server dynamically generates a one-time valid signature and sends it to the terminal along with the server response data.
- the terminal uses the last issued signature in the next interaction. After being signed and sent to the server, the terminal can guarantee the tamper-proof of the result.
- FIG. 4 is a schematic flowchart of a dynamic encryption signature method according to Embodiment 4 of the present invention.
- the dynamic cryptographic signature method is applied to the server side.
- the dynamic cryptographic signature method includes the following steps:
- Step 401 When the session connection is performed, the session request data sent by the terminal and signed by the first signature and the first key is encrypted.
- Step 402 Acquire a predetermined first key index and a random first signature index.
- the terminal and the server pre-agreed the first key index, and therefore, the server can directly acquire the first key index.
- the first signature index is obtained by the following steps:
- Step 403 Index the first key and the first signature from one or more pre-stored keys and one or more signatures according to the first key index and the first signature index.
- Step 404 Decrypt the session request data by using the first key, and perform verification on the session request data by using the first signature.
- Step 405 After the verification is passed, the second key index and the second signature index are randomly selected.
- Step 406 Store the second key index and the second signature index into the login session object, sign the session response data by using the second signature corresponding to the second signature index, and use the second key.
- the second key corresponding to the index encrypts the session response data and sends the session response data to the terminal.
- an encrypted channel is established from the terminal to the login state of the server.
- the first data sent by the terminal and signed by the second signature and the second key is encrypted
- the first data is processed to obtain the second data
- the above solution is applicable to a one-time operation process, such as a terminal request order list. Since the process does not have a dependency relationship with each other, the terminal performs the following processing: the user triggers the first operation (request order list) on the terminal, and the terminal acquires the first operation. Corresponding first data (account data, order list identifier, etc.), after signing the first data with a new signature (second signature), encrypting with a new key (second key), and then transmitting to server.
- the server first performs the login state judgment, reads the key index and the signature index from the login state session object, decrypts the key corresponding to the key index, uses the signature corresponding to the signature index to perform the verification, and executes the business logic if passed. Obtaining the second data, encrypting the second data signature with the new key and the signature, and transmitting the second data signature to the terminal.
- the third data sent by the terminal and signed by the second signature and encrypted by the second key is received;
- the third data is processed to obtain fourth data
- the server specifies a brand new signature index in each request response process, and The signature index is stored together with the login session object and sent to the terminal along with the response.
- next terminal request the entire communication process is encrypted using the key corresponding to the key index (second key), and signed using the signature corresponding to the constantly updated signature index (Next Key).
- next terminal request processing in addition to continuing to decrypt the key corresponding to the key index in the login session object, the server uses the signature of the one-time valid signature index (Next Key) for verification. Increased security.
- FIG. 5 is a schematic structural diagram of a terminal according to an embodiment of the present invention. As shown in FIG. 5, the terminal includes:
- the key signature library unit 51 is configured to generate one or more keys and one or more signatures through the native data
- the selecting unit 52 is configured to: when the session connection is performed, select a predetermined first key index and a random first signature index;
- the indexing unit 53 is configured to index the first key and the first signature from the one or more keys and one or more signatures according to the first key index and the first signature index;
- the signature encryption unit 54 is configured to use the first signature to sign the session request data, and encrypt the session request data by using the first key;
- the sending unit 55 is configured to send the encrypted session request data to the server
- the receiving unit 56 is configured to receive, after the server decrypts and check the session request data, the signature sent by the server and the random second signature, and the random The second key performs encrypted session response data, wherein the login session object stores a second key index and a second signature index.
- the selecting unit 52 is further configured to acquire a current timestamp, perform a first transform process on the current timestamp to obtain the first signature index, or obtain a random number, and obtain the random number. The number performs a second transform process to obtain the first signature index.
- the signature encryption unit 54 is further configured to encrypt the session request data by using the first key, and encrypt the first signature index;
- the sending unit 55 is further configured to send the encrypted session request data and the first signature index to the server.
- the terminal further includes:
- the first obtaining unit 57 is configured to acquire a first operation, and determine first data corresponding to the first operation;
- the indexing unit 53 is further configured to index the second key and the second signature from the one or more keys and the one or more signatures according to the second key index and the second signature index;
- the signature encryption unit 54 is further configured to: sign the first data by using the second signature, and encrypt the first data by using the second key;
- the sending unit 55 is further configured to send the encrypted first data to a server
- the receiving unit 56 is further configured to receive, after the server decrypts and check the first data, the signature sent by the server by using the second signature and the second key to be encrypted. Second data, wherein the second data is an execution result of the first data.
- the terminal further includes:
- the second obtaining unit 58 is configured to acquire a second operation, and determine third data corresponding to the second operation;
- the indexing unit 53 is further configured to, according to the second key index and the second signature a second key and a second signature are indexed from the one or more keys and one or more signatures;
- the signature encryption unit 54 is further configured to sign the third data by using the second signature, and encrypt the third data by using the second key;
- the sending unit 55 is further configured to send the encrypted third data to the server;
- the receiving unit 56 is further configured to: after the server decrypts and passes the third data, receive, by the server, a signature that is signed by using a third signature and encrypted by the second key.
- the implementation functions of the units in the terminal shown in FIG. 5 can be understood by referring to the related description of the foregoing dynamic cryptographic signature method.
- the functions of the units in the terminal shown in FIG. 5 can be implemented by a program running on the processor, or can be realized by a specific logic circuit.
- FIG. 6 is a schematic structural diagram of a server according to an embodiment of the present invention. As shown in FIG. 6, the server includes:
- the receiving unit 61 is configured to: when the session connection is performed, the session request data sent by the terminal and signed by the first signature and encrypted by the first key;
- the obtaining unit 62 is configured to acquire a predetermined first key index and a random first signature index
- the indexing unit 63 is configured to index the first key and the first signature from the pre-stored one or more keys and the one or more signatures according to the first key index and the first signature index;
- the decryption verification unit 64 is configured to decrypt the session request data by using the first key, and perform verification on the session request data by using the first signature;
- the first selecting unit 65 is configured to randomly select the second key index and the second signature index after the check is passed;
- the saving unit 66 is configured to store the second key index and the second signature index to the Recorded in the conversation object;
- the signature encryption unit 67 is configured to sign the session response data by using the second signature corresponding to the second signature index, and encrypt the session response data by using the second key corresponding to the second key index;
- the sending unit 68 is configured to send the encrypted session response data to the terminal.
- the receiving unit 61 is further configured to receive, by the terminal, the session request data that is signed by the first signature and the first key is encrypted, and the first terminal is used for encryption.
- First signature index ;
- the decryption verification unit 64 is further configured to decrypt the encrypted first signature index by using a predetermined first key index to obtain the first signature index.
- the receiving unit 61 is further configured to receive, by the terminal, first data that is signed by using the second signature and encrypted by the second key;
- the indexing unit 63 is further configured to: index the second key and the second signature from the pre-stored one or more keys and the one or more signatures according to the second key index and the second signature index;
- the decryption verification unit 64 is further configured to decrypt the first data by using the second key, and perform verification on the first data by using the second signature;
- the server further includes: an execution processing unit 69 configured to process the first data to obtain second data after the verification is passed;
- the signature encryption unit 67 is further configured to sign the second data by using the second signature, and encrypt the second data by using the second key;
- the sending unit 68 is further configured to send the encrypted second data to the terminal.
- the receiving unit 61 is further configured to receive, by the terminal, third data that is signed by using the second signature and encrypted by the second key;
- the indexing unit 63 is further configured to perform, according to the second key index and the second signature Leading, indexing the second key and the second signature from more than one pre-stored key and one or more signatures;
- the decryption verification unit 64 is further configured to decrypt the third data by using the second key, and perform verification on the third data by using the second signature;
- the server further includes: an execution processing unit 69, configured to process the third data after the verification is passed, to obtain fourth data;
- the second selecting unit 610 is configured to randomly select the third signature index
- the saving unit 66 is further configured to replace the second signature index in the login session object with the third signature index;
- the signature encryption unit 67 is further configured to: sign the fourth data by using a third signature corresponding to the third signature index, and use the second key corresponding to the second key index to Four data is encrypted;
- the sending unit 68 is further configured to send the encrypted fourth data to the terminal.
- the implementation functions of the units in the server shown in FIG. 6 can be understood by referring to the related description of the foregoing dynamic cryptographic signature method.
- the functions of the units in the server shown in FIG. 6 can be implemented by a program running on the processor, or can be realized by a specific logic circuit.
- FIG. 7 is a schematic flowchart of a dynamic cryptographic signature method according to another embodiment of the present invention, which is applied to a terminal. As shown in FIG. 7, the method includes the following steps:
- Step 701 Send a request configuration message to the server, where the request configuration message is signed by the first signature, and the first key is encrypted.
- the terminal has an NFC function and can be used as a bus card.
- the information in the bus card specifically includes which city the bus card belongs to, the balance information of the bus card, and the like.
- the bus card in the embodiment of the present invention can be applied to multiple cities. To this end, a variety of different configuration information is required to support the NFC to have these functions.
- an application related to the bus card is installed on the terminal, and after the user opens the application, an initialization request is sent to the server, and the initialization request includes the request configuration information.
- Step 702 Receive configuration information sent by the server, where the configuration information is signed by the server by using a second signature, and the second key is encrypted.
- the server does not send configuration information to the terminal every time, because this will consume a large amount of traffic.
- the terminal sends the request configuration information, it also sends the current version number of the terminal to the server, and the server compares the version number and needs of the terminal. Whether the updated version numbers are consistent, and only when there is an inconsistency, the updated configuration information is sent to the terminal.
- Step 703 After decrypting and verifying the configuration information, using the configuration information to find the first instruction set.
- the first instruction set is also configuration information, and the first instruction set includes but is not limited to: an Application Protocol Data Unit (APDU) instruction set, a UI dynamic copy, a business process switch, and the like.
- APDU Application Protocol Data Unit
- Step 704 Perform card reading operation by using the first instruction set to obtain card information.
- the card information may be the city described by the card, corresponding balance information, and the like.
- the key and the signature in the present example are obtained according to the key index and the signature index in the foregoing solution.
- the process of encrypting the signature is directly described in the above description. Those skilled in the art should understand that the use of the cryptographic signature is also included herein.
- the key index gets the key and the process of getting the signature using the signature index.
- FIG. 8 is a schematic structural diagram of a terminal according to another embodiment of the present invention. As shown in FIG. 8, the terminal includes:
- the sending unit 81 is configured to send a request configuration message to the server, where the request configuration message is signed by the first signature, and the first key is encrypted;
- the receiving unit 82 is configured to receive configuration information sent by the server, where the configuration information is signed by the server by using a second signature, and the second key is encrypted;
- the searching unit 83 is configured to: after decrypting and verifying the configuration information, using the configuration information to find a first instruction set;
- the card reading unit 84 is configured to perform a card reading operation using the first instruction set to obtain card information.
- FIG. 9 is a schematic diagram of a hardware entity of a terminal according to an embodiment of the present invention. As shown in FIG. 9, the terminal includes:
- the processor 91 is configured to: execute, by the executable instruction, one or more keys and one or more signatures by using the original data; when the session connection is performed, selecting the predetermined first key index and the random first signature index; Determining, by the first key index and the first signature index, a first key and a first signature from the one or more keys and one or more signatures; and signing session request data by using the first signature And encrypting the session request data by using the first key;
- the communication interface 92 is configured to send the encrypted session request data to the server; after the server decrypts and verifies the session request data, receiving the second signature generated by the server and using a random second signature The signature and the random second key are used to encrypt the session response data.
- the processor 91 is further configured to: perform an operation of: acquiring a current timestamp, performing a first transform process on the current timestamp, and obtaining the first signature index; or acquiring a random number, The random number performs a second transform process to obtain the first signature index.
- the processor 91 is further configured to: perform, by using an executable instruction, encrypting the session request data by using the first key, and encrypting the first signature index;
- the communication interface 92 is further configured to: the encrypted session request data and the first sign The name index is sent to the server.
- the processor 91 is further configured to: perform an operation of: acquiring a first operation, determining first data corresponding to the first operation; and, according to the second key index and the second signature index, by using an executable instruction Indexing a second key and a second signature from the one or more keys and one or more signatures; signing the first data with the second signature, and using the second key pair One data is encrypted;
- the communication interface 92 is further configured to: send the encrypted first data to a server; after the server decrypts the first data and pass the verification, the server receives the use of the first And signing the second data that is signed and the second key is encrypted, wherein the second data is an execution result of the first data.
- the processor 91 is further configured to: perform an operation of: obtaining a second operation, determining third data corresponding to the second operation; and, according to the second key index and the second signature index, by using an executable instruction Indexing a second key and a second signature from the one or more keys and one or more signatures; signing the third data with the second signature, and using the second key pair Three data is encrypted;
- the communication interface 92 is further configured to send the encrypted third data to the server; after the server decrypts the third data and passes the verification, receiving the third signature sent by the server Performing a signature and fourth data encrypted by the second key, wherein the fourth data is an execution result of the third data.
- a hardware entity of a terminal of another embodiment of the present invention includes: a communication interface configured to send a request configuration message to a server, the request configuration message is signed by a first signature, and the first key is encrypted; and the configuration sent by the receiving server Information, the configuration information is signed by the server by the second signature, and the second key is encrypted;
- a processor configured to: perform an operation of decrypting and verifying the configuration information, and using the configuration information to find a first instruction set; using the first The instruction set performs a card reading operation to obtain card information.
- FIG. 10 is a schematic diagram of a hardware entity of a server according to an embodiment of the present invention. As shown in FIG. 10, the server includes:
- the communication interface 11 is configured to receive session request data sent by the terminal and signed by the first signature and encrypted by the first key when the session connection is performed;
- the processor 12 is configured to: perform, by executable instructions, acquiring a predetermined first key index and a random first signature index; according to the first key index and the first signature index, from a pre-stored one Decrypting the first key and the first signature in the above key and the one or more signatures; decrypting the session request data by using the first key, and performing the session request data verification by using the first signature After the check is passed, the second key index and the second signature index are randomly selected; the session response data is signed by using the second signature corresponding to the second signature index, and the second key index is used to correspond to The second key encrypts the session response data;
- the communication interface 11 is further configured to send the encrypted session response data to the terminal.
- the communication interface 11 is further configured to receive, by the terminal, the first signature index that is sent by the terminal and is encrypted by using the first key, and the session request data that is encrypted by using the first signature and the first key is encrypted;
- the processor 12 is further configured to perform, by executable instructions, decrypting the encrypted first signature index with a predetermined first key index to obtain the first signature index.
- the communication interface 11 is further configured to receive, by the terminal, first data that is signed by using the second signature and encrypted by the second key;
- the processor 12 is further configured to, by executable instructions, perform operations of: pre-storing one or more keys and one or more signatures according to the second key index and the second signature index
- the second key and the second signature are indexed in the name; the first data is decrypted by using the second key, and the first data is checked by the second signature; after the verification is passed Processing the first data to obtain second data; signing the second data by using the second signature, and encrypting the second data by using the second key;
- the communication interface 11 is further configured to send the encrypted second data to the terminal.
- the communication interface 11 is further configured to receive, by the terminal, third data that is signed by using the second signature and encrypted by the second key;
- the processor 12 is further configured to: execute, by the executable instruction, the second key from the pre-stored one or more keys and the one or more signatures according to the second key index and the second signature index Decrypting the third data by using the second key, and performing verification on the third data by using the second signature; after the verification is passed, the third data is Processing, obtaining fourth data; randomly selecting a third signature index;
- the server includes: a memory 13 configured to replace the second signature index with the third signature index;
- the processor 12 is further configured to: perform, by using an executable instruction, the fourth data by using a third signature corresponding to the third signature index, and using the second key index corresponding to the first The second key encrypts the fourth data;
- the communication interface 11 is further configured to send the encrypted fourth data to the terminal.
- the integrated modules described in the embodiments of the present invention may also be stored in a computer readable storage medium if they are implemented in the form of software functional modules and sold or used as separate products. Based on such understanding, those skilled in the art will appreciate that embodiments of the present application can be provided as a method, system, or computer program product. Thus, the present application can take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment in combination of software and hardware.
- the application can take the form of a computer program product embodied on one or more computer usable storage media having computer usable program code, including but not limited to a USB flash drive, A hard disk, a read-only memory (ROM), a random access memory (RAM), a disk memory, a CD-ROM, an optical memory, and the like.
- a USB flash drive A hard disk
- ROM read-only memory
- RAM random access memory
- disk memory a CD-ROM, an optical memory, and the like.
- the computer program instructions can also be stored in a computer readable memory that can direct a computer or other programmable data processing device to operate in a particular manner, such that the instructions stored in the computer readable memory produce an article of manufacture comprising the instruction device.
- the apparatus implements the functions specified in one or more blocks of a flow or a flow and/or block diagram of the flowchart.
- These computer program instructions can also be loaded onto a computer or other programmable data processing device such that a series of operational steps are performed on a computer or other programmable device to produce computer-implemented processing for execution on a computer or other programmable device.
- the instructions provide steps for implementing the functions specified in one or more of the flow or in a block or blocks of a flow diagram.
- the embodiment of the present invention further provides a computer storage medium, wherein a computer program is stored, and the computer program is used to execute the dynamic encryption signature method of the embodiment of the present invention.
- the disclosed method and smart device may be implemented in other manners.
- the device embodiments described above are merely illustrative.
- the division of the unit is only a logical function division.
- there may be another division manner such as: multiple units or components may be combined, or Can be integrated into another system, or some features can be ignored or not executed.
- the coupling, or direct coupling, or communication connection of the components shown or discussed may be indirect coupling or communication connection through some interfaces, devices or units, and may be electrical, mechanical or other forms. of.
- the units described above as separate components may or may not be physically separated, and the components displayed as the unit may or may not be physical units, that is, may be located in one place or distributed to multiple network units; Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of the embodiment.
- each functional unit in each embodiment of the present invention may be integrated into one second processing unit, or each unit may be separately used as one unit, or two or more units may be integrated into one unit;
- the above integrated unit can be implemented in the form of hardware or in the form of hardware plus software functional units.
Abstract
Description
密钥索引 | 密钥 | 签名索引 | 签名 |
0 | A1 | 0 | A2 |
1 | B1 | 1 | B2 |
2 | C1 | 2 | C2 |
3 | D1 | 3 | D2 |
4 | E1 | 4 | E2 |
Claims (20)
- 一种动态加密签名方法,所述方法包括:通过原生数据生成一个以上密钥以及一个以上签名;当进行会话连接时,选择预定的第一密钥索引以及随机的第一签名索引;根据所述第一密钥索引和所述第一签名索引,从所述一个以上密钥以及一个以上签名中索引出第一密钥和第一签名;利用所述第一签名对会话请求数据进行签名,并利用所述第一密钥对所述会话请求数据进行加密后发送至服务器;当所述服务器对所述会话请求数据进行解密及验签通过后,接收所述服务器发送的利用随机的第二签名进行签名以及随机的第二密钥进行加密的会话响应数据。
- 根据权利要求1所述的动态加密签名方法,其中,选择的随机的第一签名索引,包括:获取当前时间戳,对所述当前时间戳进行第一变换处理,得到所述第一签名索引;或者,获取随机数,对所述随机数进行第二变换处理,得到所述第一签名索引。
- 根据权利要求1所述的动态加密签名方法,其中,所述方法还包括:利用所述第一密钥对所述会话请求数据进行加密的同时,对所述第一签名索引进行加密;将加密后的所述会话请求数据以及第一签名索引发送至所述服务器。
- 根据权利要求1所述的动态加密签名方法,其中,所述方法还包括:获取第一操作,确定所述第一操作对应的第一数据;根据所述第二密钥索引和所述第二签名索引,从所述一个以上密钥以 及一个以上签名中索引出第二密钥和第二签名;利用所述第二签名对所述第一数据进行签名,并利用所述第二密钥对所述第一数据进行加密后发送至服务器;当所述服务器对所述第一数据进行解密及验签通过后,接收所述服务器发送的利用所述第二签名进行签名以及所述第二密钥进行加密的第二数据,其中,所述第二数据为所述第一数据的执行结果。
- 根据权利要求1所述的动态加密签名方法,其中,所述方法还包括:获取第二操作,确定所述第二操作对应的第三数据;根据所述第二密钥索引和所述第二签名索引,从所述一个以上密钥以及一个以上签名中索引出第二密钥和第二签名;利用所述第二签名对所述第三数据进行签名,并利用所述第二密钥对所述第三数据进行加密后发送至服务器;当所述服务器对所述第三数据进行解密及验签通过后,接收所述服务器发送的利用第三签名进行签名以及所述第二密钥进行加密的第四数据,其中,所述第四数据为所述第三数据的执行结果。
- 一种动态加密签名方法,所述方法包括:当进行会话连接时,接收终端发送的利用第一签名进行签名以及第一密钥进行加密的会话请求数据;获取预定的第一密钥索引以及随机的第一签名索引;根据所述第一密钥索引和所述第一签名索引,从预存的一个以上密钥以及一个以上签名中索引出第一密钥和第一签名;利用所述第一密钥对所述会话请求数据进行解密,并利用所述第一签名对所述会话请求数据进行验签;验签通过后,随机选择出第二密钥索引以及第二签名索引;利用所述第二签名索引对应的第二签名对会话响应数据进行签名,并 利用所述第二密钥索引对应的第二密钥对所述会话响应数据进行加密后发送至所述终端。
- 根据权利要求6所述的动态加密签名方法,其中,获取第一签名索引,包括:接收终端发送的利用第一签名进行签名以及第一密钥进行加密的会话请求数据的同时,接收终端发送的利用第一密钥进行加密的第一签名索引;利用预定的第一密钥索引对所述加密的第一签名索引进行解密,得到所述第一签名索引。
- 根据权利要求6所述的动态加密签名方法,其中,所述方法还包括:接收所述终端发送的利用第二签名进行签名以及第二密钥进行加密的第一数据;根据所述第二密钥索引和所述第二签名索引,从预存的一个以上密钥以及一个以上签名中索引出第二密钥和第二签名;利用所述第二密钥对所述第一数据进行解密,并利用所述第二签名对所述第一数据进行验签;验签通过后,对所述第一数据进行处理,得到第二数据;利用所述第二签名对所述第二数据进行签名,并利用所述第二密钥对所述第二数据进行加密后发送至所述终端。
- 根据权利要求6所述的动态加密签名方法,其中,所述方法还包括:接收所述终端发送的利用第二签名进行签名以及第二密钥进行加密的第三数据;根据所述第二密钥索引和所述第二签名索引,从预存的一个以上密钥以及一个以上签名中索引出第二密钥和第二签名;利用所述第二密钥对所述第三数据进行解密,并利用所述第二签名对所述第三数据进行验签;验签通过后,对所述第三数据进行处理,得到第四数据;随机选择第三签名索引,并将所述第二签名索引替换为所述第三签名索引;利用所述第三签名索引对应的第三签名对所述第四数据进行签名,并利用所述第二密钥索引对应的第二密钥对所述第四数据进行加密后发送至所述终端。
- 一种终端,所述终端包括:处理器,配置为通过可执行指令执行以下操作:通过原生数据生成一个以上密钥以及一个以上签名;当进行会话连接时,选择预定的第一密钥索引以及随机的第一签名索引;根据所述第一密钥索引和所述第一签名索引,从所述一个以上密钥以及一个以上签名中索引出第一密钥和第一签名;利用所述第一签名对会话请求数据进行签名,并利用所述第一密钥对所述会话请求数据进行加密;通信接口,配置为将加密后的所述会话请求数据发送至服务器;当所述服务器对所述会话请求数据进行解密及验签通过后,接收所述服务器发送的利用随机的第二签名进行签名以及随机的第二密钥进行加密的会话响应数据。
- 根据权利要求10所述的终端,其中,所述处理器,还配置为通过可执行指令执行以下操作:获取当前时间戳,对所述当前时间戳进行第一变换处理,得到所述第一签名索引;或者,获取随机数,对所述随机数进行第二变换处理,得到所述第一签名索引。
- 根据权利要求10所述的终端,其中,所述处理器,还配置为通过可执行指令执行以下操作:利用所述第一密钥对所述会话请求数据进行加密的同时,对所述第一签名索引进行加密;所述通信接口,还配置为将加密后的所述会话请求数据以及第一签名 索引发送至所述服务器。
- 根据权利要求10所述的终端,其中,所述处理器,还配置为通过可执行指令执行以下操作:获取第一操作,确定所述第一操作对应的第一数据;根据所述第二密钥索引和所述第二签名索引,从所述一个以上密钥以及一个以上签名中索引出第二密钥和第二签名;利用所述第二签名对所述第一数据进行签名,并利用所述第二密钥对所述第一数据进行加密;所述通信接口,还配置为将加密后的所述第一数据发送至服务器;当所述服务器对所述第一数据进行解密及验签通过后,接收所述服务器发送的利用所述第二签名进行签名以及所述第二密钥进行加密的第二数据,其中,所述第二数据为所述第一数据的执行结果。
- 根据权利要求10所述的终端,其中,所述处理器,还配置为通过可执行指令执行以下操作:获取第二操作,确定所述第二操作对应的第三数据;根据所述第二密钥索引和所述第二签名索引,从所述一个以上密钥以及一个以上签名中索引出第二密钥和第二签名;利用所述第二签名对所述第三数据进行签名,并利用所述第二密钥对所述第三数据进行加密;所述通信接口,还配置为将加密后的所述第三数据发送至服务器;当所述服务器对所述第三数据进行解密及验签通过后,接收所述服务器发送的利用第三签名进行签名以及所述第二密钥进行加密的第四数据,其中,所述第四数据为所述第三数据的执行结果。
- 一种服务器,所述服务器包括:通信接口,配置为当进行会话连接时,接收终端发送的利用第一签名进行签名以及第一密钥进行加密的会话请求数据;处理器,配置为通过可执行指令执行以下操作:获取预定的第一密钥索引以及随机的第一签名索引;根据所述第一密钥索引和所述第一签名索引,从预存的一个以上密钥以及一个以上签名中索引出第一密钥和第一签 名;利用所述第一密钥对所述会话请求数据进行解密,并利用所述第一签名对所述会话请求数据进行验签;验签通过后,随机选择出第二密钥索引以及第二签名索引;利用所述第二签名索引对应的第二签名对会话响应数据进行签名,并利用所述第二密钥索引对应的第二密钥对所述会话响应数据进行加密;所述通信接口,还配置为将加密后的所述会话响应数据发送至所述终端。
- 根据权利要求15所述的服务器,其中,所述通信接口,还配置为接收终端发送的利用第一签名进行签名以及第一密钥进行加密的会话请求数据的同时,接收终端发送的利用第一密钥进行加密的第一签名索引;所述处理器,还配置为通过可执行指令执行以下操作:利用预定的第一密钥索引对所述加密的第一签名索引进行解密,得到所述第一签名索引。
- 根据权利要求15所述的服务器,其中,所述通信接口,还配置为接收所述终端发送的利用第二签名进行签名以及第二密钥进行加密的第一数据;所述处理器,还配置为通过可执行指令执行以下操作:根据所述第二密钥索引和所述第二签名索引,从预存的一个以上密钥以及一个以上签名中索引出第二密钥和第二签名;利用所述第二密钥对所述第一数据进行解密,并利用所述第二签名对所述第一数据进行验签;验签通过后,对所述第一数据进行处理,得到第二数据;利用所述第二签名对所述第二数据进行签名,并利用所述第二密钥对所述第二数据进行加密;所述通信接口,还配置为将加密后的所述第二数据发送至所述终端。
- 根据权利要求15所述的服务器,其中,所述通信接口,还配置为接收所述终端发送的利用第二签名进行签名以及第二密钥进行加密的第三数据;所述处理器,还配置为通过可执行指令执行以下操作:根据所述第二密钥索引和所述第二签名索引,从预存的一个以上密钥以及一个以上签名中索引出第二密钥和第二签名;利用所述第二密钥对所述第三数据进行解密,并利用所述第二签名对所述第三数据进行验签;验签通过后,对所述第三数据进行处理,得到第四数据;随机选择第三签名索引;所述服务器包括:存储器,配置为将所述第二签名索引替换为所述第三签名索引;所述处理器,还配置为通过可执行指令执行以下操作:利用所述第三签名索引对应的第三签名对所述第四数据进行签名,并利用所述第二密钥索引对应的第二密钥对所述第四数据进行加密;所述通信接口,还配置为将加密后的所述第四数据发送至所述终端。
- 一种动态加密签名方法,所述方法包括:向服务器发送请求配置消息,所述请求配置消息经第一签名进行签名,以及第一密钥进行加密;接收服务器发送的配置信息,所述配置信息由服务器经第二签名进行签名,以及第二密钥进行加密;对所述配置信息进行解密及验签通过后,利用所述配置信息查找到第一指令集;利用所述第一指令集进行读卡操作,得到卡信息。
- 一种终端,所述终端包括:通信接口,配置为向服务器发送请求配置消息,所述请求配置消息经第一签名进行签名,以及第一密钥进行加密;接收服务器发送的配置信息,所述配置信息由服务器经第二签名进行签名,以及第二密钥进行加密;处理器,配置为通过可执行指令执行以下操作:对所述配置信息进行解密及验签通过后,利用所述配置信息查找到第一指令集;利用所述第一 指令集进行读卡操作,得到卡信息。
Priority Applications (5)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2017552030A JP6620168B2 (ja) | 2015-09-29 | 2016-04-13 | 動的な暗号化方法、端末、およびサーバ |
EP16850062.7A EP3255832B1 (en) | 2015-09-29 | 2016-04-13 | Dynamic encryption method, terminal and server |
KR1020177030327A KR102004638B1 (ko) | 2015-09-29 | 2016-04-13 | 동적 암호화 방법, 단말기 및 서버 |
US15/692,378 US10742620B2 (en) | 2015-09-29 | 2017-08-31 | Method for dynamic encryption and signing, terminal and server |
US16/912,677 US11329965B2 (en) | 2015-09-29 | 2020-06-25 | Method for dynamic encryption and signing, terminal, and server |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510631689.2A CN106559217B (zh) | 2015-09-29 | 2015-09-29 | 一种动态加密方法、终端、服务器 |
CN201510631689.2 | 2015-09-29 |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US15/692,378 Continuation US10742620B2 (en) | 2015-09-29 | 2017-08-31 | Method for dynamic encryption and signing, terminal and server |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2017054436A1 true WO2017054436A1 (zh) | 2017-04-06 |
Family
ID=58417061
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2016/079217 WO2017054436A1 (zh) | 2015-09-29 | 2016-04-13 | 一种动态加密方法、终端、服务器 |
Country Status (6)
Country | Link |
---|---|
US (2) | US10742620B2 (zh) |
EP (1) | EP3255832B1 (zh) |
JP (1) | JP6620168B2 (zh) |
KR (1) | KR102004638B1 (zh) |
CN (1) | CN106559217B (zh) |
WO (1) | WO2017054436A1 (zh) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112184926A (zh) * | 2020-09-14 | 2021-01-05 | 南京通用电器有限公司 | 基于动态变化加密数据包防止计价器作弊的方法及装置 |
CN116318899A (zh) * | 2023-02-17 | 2023-06-23 | 深圳市创势互联科技有限公司 | 数据加密解密的处理方法、系统、设备及介质 |
Families Citing this family (18)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106559217B (zh) * | 2015-09-29 | 2019-09-20 | 腾讯科技(深圳)有限公司 | 一种动态加密方法、终端、服务器 |
US10476663B1 (en) | 2017-01-09 | 2019-11-12 | Amazon Technologies, Inc. | Layered encryption of short-lived data |
US11356254B1 (en) * | 2017-01-09 | 2022-06-07 | Amazon Technologies, Inc. | Encryption using indexed data from large data pads |
US10608813B1 (en) | 2017-01-09 | 2020-03-31 | Amazon Technologies, Inc. | Layered encryption for long-lived data |
WO2018227480A1 (en) * | 2017-06-15 | 2018-12-20 | Qualcomm Incorporated | Refreshing security keys in 5g wireless systems |
JP2019160057A (ja) * | 2018-03-15 | 2019-09-19 | キヤノン株式会社 | プリントサーバーと、その制御方法とプログラム |
CN108632044A (zh) * | 2018-04-27 | 2018-10-09 | 济南浪潮高新科技投资发展有限公司 | 一种基于自认证码的信息交互系统 |
CN108632296B (zh) * | 2018-05-17 | 2021-08-13 | 中体彩科技发展有限公司 | 一种网络通信的动态加密与解密方法 |
CN109493493B (zh) * | 2018-12-05 | 2021-02-05 | 西安电子科技大学 | 一种基于nfc的安全智能型酒店门禁控制系统及方法 |
CN110519222B (zh) * | 2019-07-12 | 2021-10-22 | 如般量子科技有限公司 | 基于一次性非对称密钥对和密钥卡的外网接入身份认证方法和系统 |
CN110519052B (zh) * | 2019-08-23 | 2022-07-05 | 青岛海尔科技有限公司 | 基于物联网操作系统的数据交互方法和装置 |
CN112769744B (zh) * | 2019-11-01 | 2022-07-15 | 苏州千米电子科技有限公司 | 一种数据发送方法和装置 |
US11675524B2 (en) | 2020-08-17 | 2023-06-13 | Crystal Group, Inc. | Isolated hardware data sanitize system and method |
CN112579125B (zh) * | 2020-12-10 | 2022-12-23 | 四川虹微技术有限公司 | 一种固件升级方法、装置、电子设备和存储介质 |
CN112688954B (zh) * | 2020-12-28 | 2022-08-05 | 上海创能国瑞数据系统有限公司 | 一种敏感数据传输的保护方法 |
CN113922952B (zh) * | 2021-09-30 | 2024-03-01 | 恒众创美(深圳)发展合伙企业(有限合伙) | 访问请求响应方法、装置、计算机设备和存储介质 |
CN114422256B (zh) * | 2022-01-24 | 2023-11-17 | 南京南瑞信息通信科技有限公司 | 一种基于ssal/ssl协议的高性能安全接入方法及装置 |
CN114237988B (zh) * | 2022-02-25 | 2022-06-03 | 广州锦行网络科技有限公司 | 内存快照的处理方法和装置、存储介质、电子装置 |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080072055A1 (en) * | 2006-05-09 | 2008-03-20 | Volkovs Nikolajs | Digital signature scheme based on the division algorithm and the discrete logarithm problem |
US20090006512A1 (en) * | 2007-06-30 | 2009-01-01 | Erdinc Ozturk | NORMAL-BASIS TO CANONICAL-BASIS TRANSFORMATION FOR BINARY GALOIS-FIELDS GF(2m) |
CN103220280A (zh) * | 2013-04-03 | 2013-07-24 | 天地融科技股份有限公司 | 动态口令牌、动态口令牌数据传输方法及系统 |
CN103986583A (zh) * | 2014-05-29 | 2014-08-13 | 上海斐讯数据通信技术有限公司 | 一种动态加密方法及其加密通信系统 |
Family Cites Families (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH05260163A (ja) * | 1992-03-09 | 1993-10-08 | Fujitsu Ltd | 加入者系伝送装置における項目設定方式 |
EP1280098A1 (en) | 2001-07-16 | 2003-01-29 | Trustcopy Pte Ltd | Electronic signing of documents |
JP4688426B2 (ja) | 2004-03-09 | 2011-05-25 | 富士通株式会社 | 無線通信システム |
DE102005030590B4 (de) * | 2005-06-30 | 2011-03-24 | Advanced Micro Devices, Inc., Sunnyvale | Sicheres Patchsystem |
JP5260163B2 (ja) | 2008-07-02 | 2013-08-14 | 日置電機株式会社 | 測定装置および測定方法 |
US8194858B2 (en) * | 2009-02-19 | 2012-06-05 | Physical Optics Corporation | Chaotic cipher system and method for secure communication |
CN102238002A (zh) | 2010-04-30 | 2011-11-09 | 国际商业机器公司 | 用于网络通信的动态加密和解密的方法和设备 |
JP5694047B2 (ja) * | 2011-05-17 | 2015-04-01 | エヌ・ティ・ティ・コミュニケーションズ株式会社 | 認証装置、ユーザ端末、認証方法、及びプログラム |
US8984298B2 (en) * | 2011-07-27 | 2015-03-17 | Hewlett-Packard Development Company, L.P. | Managing access to a secure content-part of a PPCD using a key reset point |
JP6182371B2 (ja) | 2013-06-28 | 2017-08-16 | ルネサスエレクトロニクス株式会社 | 半導体集積回路を含むシステム |
US8867743B1 (en) * | 2013-11-13 | 2014-10-21 | MGM Resorts International | Encryption of large amounts of data using secure encryption methods |
US10356068B2 (en) * | 2015-07-14 | 2019-07-16 | Avocado Systems Inc. | Security key generator module for security sensitive applications |
CN106559217B (zh) * | 2015-09-29 | 2019-09-20 | 腾讯科技(深圳)有限公司 | 一种动态加密方法、终端、服务器 |
-
2015
- 2015-09-29 CN CN201510631689.2A patent/CN106559217B/zh active Active
-
2016
- 2016-04-13 KR KR1020177030327A patent/KR102004638B1/ko active IP Right Grant
- 2016-04-13 EP EP16850062.7A patent/EP3255832B1/en active Active
- 2016-04-13 JP JP2017552030A patent/JP6620168B2/ja active Active
- 2016-04-13 WO PCT/CN2016/079217 patent/WO2017054436A1/zh active Application Filing
-
2017
- 2017-08-31 US US15/692,378 patent/US10742620B2/en active Active
-
2020
- 2020-06-25 US US16/912,677 patent/US11329965B2/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080072055A1 (en) * | 2006-05-09 | 2008-03-20 | Volkovs Nikolajs | Digital signature scheme based on the division algorithm and the discrete logarithm problem |
US20090006512A1 (en) * | 2007-06-30 | 2009-01-01 | Erdinc Ozturk | NORMAL-BASIS TO CANONICAL-BASIS TRANSFORMATION FOR BINARY GALOIS-FIELDS GF(2m) |
CN103220280A (zh) * | 2013-04-03 | 2013-07-24 | 天地融科技股份有限公司 | 动态口令牌、动态口令牌数据传输方法及系统 |
CN103986583A (zh) * | 2014-05-29 | 2014-08-13 | 上海斐讯数据通信技术有限公司 | 一种动态加密方法及其加密通信系统 |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112184926A (zh) * | 2020-09-14 | 2021-01-05 | 南京通用电器有限公司 | 基于动态变化加密数据包防止计价器作弊的方法及装置 |
CN116318899A (zh) * | 2023-02-17 | 2023-06-23 | 深圳市创势互联科技有限公司 | 数据加密解密的处理方法、系统、设备及介质 |
CN116318899B (zh) * | 2023-02-17 | 2023-10-17 | 深圳市创势互联科技有限公司 | 数据加密解密的处理方法、系统、设备及介质 |
Also Published As
Publication number | Publication date |
---|---|
EP3255832B1 (en) | 2022-01-05 |
US10742620B2 (en) | 2020-08-11 |
JP2018510592A (ja) | 2018-04-12 |
US20180013735A1 (en) | 2018-01-11 |
KR20170129910A (ko) | 2017-11-27 |
US11329965B2 (en) | 2022-05-10 |
CN106559217A (zh) | 2017-04-05 |
EP3255832A1 (en) | 2017-12-13 |
US20200329020A1 (en) | 2020-10-15 |
JP6620168B2 (ja) | 2019-12-11 |
KR102004638B1 (ko) | 2019-07-26 |
CN106559217B (zh) | 2019-09-20 |
EP3255832A4 (en) | 2018-11-14 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2017054436A1 (zh) | 一种动态加密方法、终端、服务器 | |
EP3847565B1 (en) | Methods and devices for managing user identity authentication data | |
CA3083508C (en) | Blockchain systems and methods for user authentication | |
US9681302B2 (en) | Method, apparatus, and system for providing and using a trusted tag | |
US11234105B2 (en) | Methods and systems for asset obfuscation | |
CA2965445C (en) | Transaction messaging | |
KR102381153B1 (ko) | 신원 정보에 기초한 암호화 키 관리 | |
EP2961094A1 (en) | System and method for generating a random number | |
TW201540040A (zh) | 授權方法、請求授權的方法及裝置 | |
TW201534092A (zh) | 設備間通訊的連接方法、裝置和系統 | |
US9973926B2 (en) | Secure multi-channel communication system and method | |
GB2515057A (en) | System and Method for Obtaining a Digital Signature | |
CN110598433B (zh) | 基于区块链的防伪信息处理方法、装置 | |
WO2013178154A1 (zh) | 一种在存储卡中实现加密的方法、解密的方法和装置 | |
CN104205900B (zh) | 无线存储装置认证 | |
CN110098915B (zh) | 认证方法及系统、终端 | |
US20220014358A1 (en) | Private key cloud storage | |
US20230188340A1 (en) | Key recovery based on contactless card authentication | |
US9900158B2 (en) | Cryptographically authenticated communication | |
CN115345606A (zh) | 资源转移请求的处理方法、装置、计算机设备、存储介质 | |
Vogl | On Austrian ePassport Security |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 16850062 Country of ref document: EP Kind code of ref document: A1 |
|
REEP | Request for entry into the european phase |
Ref document number: 2016850062 Country of ref document: EP |
|
ENP | Entry into the national phase |
Ref document number: 2017552030 Country of ref document: JP Kind code of ref document: A |
|
ENP | Entry into the national phase |
Ref document number: 20177030327 Country of ref document: KR Kind code of ref document: A |
|
NENP | Non-entry into the national phase |
Ref country code: DE |