WO2019134241A1 - Procédé d'acquisition de clé dynamique, dispositif, appareil terminal, et support de stockage - Google Patents

Procédé d'acquisition de clé dynamique, dispositif, appareil terminal, et support de stockage Download PDF

Info

Publication number
WO2019134241A1
WO2019134241A1 PCT/CN2018/077474 CN2018077474W WO2019134241A1 WO 2019134241 A1 WO2019134241 A1 WO 2019134241A1 CN 2018077474 W CN2018077474 W CN 2018077474W WO 2019134241 A1 WO2019134241 A1 WO 2019134241A1
Authority
WO
WIPO (PCT)
Prior art keywords
time
dynamic key
variable factor
configuration file
random seed
Prior art date
Application number
PCT/CN2018/077474
Other languages
English (en)
Chinese (zh)
Inventor
黄飞
Original Assignee
平安科技(深圳)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 平安科技(深圳)有限公司 filed Critical 平安科技(深圳)有限公司
Publication of WO2019134241A1 publication Critical patent/WO2019134241A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds

Definitions

  • the present application relates to the field of data encryption, and in particular, to a method, an apparatus, a terminal device, and a storage medium for acquiring a dynamic key.
  • the traditional encryption mechanism generally uses an encryption machine for encryption or a software program for encryption.
  • the encryption is performed by the encryption machine, although the key acquired by the encryption machine is not easily leaked, the key acquisition time is too long due to the large amount of calculation.
  • software programs for encryption although the efficiency of software encryption is high, since the acquired key is fixed, it will cause a big security risk when the key is leaked, causing different degrees of loss and greatly reducing. The security of the data.
  • the embodiment of the present invention provides a method, an apparatus, a terminal device, and a storage medium for acquiring a dynamic key, so as to solve the problem that the traditional encryption mechanism is time-consuming or low in security.
  • an embodiment of the present application provides a method for acquiring a dynamic key, including the following steps performed by a server:
  • the dynamic seed generation algorithm is used to process the random seed and the variable factor, obtain a dynamic key, and send the dynamic key to the client.
  • the embodiment of the present application provides a device for acquiring a dynamic key, including a server, where the server includes:
  • a configuration file obtaining module configured to acquire a configuration file sent by the client, where the configuration file includes an encrypted ciphertext and an update time obtained by the encryption machine;
  • the encryption machine decryption module is configured to invoke the encryption machine to decrypt the encrypted ciphertext, and obtain the decrypted random seed and the reference time;
  • variable factor acquisition module configured to acquire a variable factor based on the update time and the reference time
  • the dynamic key acquisition module is configured to process the random seed and the variable factor by using a dynamic key generation algorithm, obtain a dynamic key, and send the dynamic key to the client.
  • the embodiment of the present application provides a method for acquiring a dynamic key, which includes the following steps performed by a client:
  • the embodiment of the present application provides a dynamic key obtaining apparatus, including a client, where the client includes:
  • a random seed and reference time acquisition module for acquiring a random seed and a reference time using a seed generation tool
  • An encrypted ciphertext obtaining module configured to invoke an encryption machine to encrypt the random seed and the reference time to obtain an encrypted ciphertext
  • a configuration file obtaining module configured to acquire a configuration file based on the encrypted ciphertext and an update time, and send the configuration file to a server;
  • a dynamic key receiving module configured to receive the dynamic key generated by the server based on the configuration file.
  • an embodiment of the present application provides a terminal device, including a memory, a processor, and computer readable instructions stored in the memory and executable on the processor.
  • the processor executes the computer readable instructions, the following steps are implemented:
  • the dynamic seed generation algorithm is used to process the random seed and the variable factor, obtain a dynamic key, and send the dynamic key to the client.
  • an embodiment of the present application provides a terminal device, including a memory, a processor, and computer readable instructions stored in the memory and executable on the processor, where the processor executes the computer The following steps are implemented when reading the instruction:
  • the embodiment of the present application provides a computer readable storage medium, where the computer readable storage medium stores computer readable instructions, and when the computer readable instructions are executed by the processor, the following steps are implemented:
  • the dynamic seed generation algorithm is used to process the random seed and the variable factor, obtain a dynamic key, and send the dynamic key to the client.
  • an embodiment of the present application provides a computer readable medium storing computer readable instructions, where the computer readable instructions are executed by a processor to implement the following steps:
  • the seed generation tool is first used on the client to obtain the random seed and the reference time, so that the client invokes the encryption machine to the random seed and the reference time. Encryption is performed to obtain encrypted ciphertext, which increases the security of the dynamic key. Then, the client obtains the configuration file based on the encrypted ciphertext and the update time, and sends the configuration file to the server, so that the server automatically operates according to the configuration of the configuration file, and the operation is simple, and the efficiency of obtaining the dynamic key is improved.
  • the server obtains the configuration file sent by the client, so that the server invokes the encryption machine to decrypt the encrypted ciphertext in the configuration file, and obtains the decrypted random seed and the reference time, so that the server obtains the variable factor based on the update time and the reference time. So that the server uses the dynamic key generation algorithm to process the random seed and the variable factor to obtain the dynamic key, which improves the key acquisition efficiency and the security of the key.
  • FIG. 1 is a flowchart of a method for acquiring a dynamic key provided in Embodiment 1.
  • FIG. 2 is a specific schematic diagram of step S16 of FIG. 1.
  • FIG. 3 is a specific schematic diagram of step S17 of FIG. 1.
  • Embodiment 4 is a schematic diagram of an apparatus for acquiring a dynamic key provided in Embodiment 2.
  • FIG. 5 is a schematic diagram of a terminal device provided in Embodiment 4.
  • the method for obtaining the dynamic key provided by the application includes the steps of generating a configuration file on the client and generating a dynamic key on the server, which effectively solves the problem that the current traditional encryption mechanism has time-consuming or low security.
  • the client performs the following steps to implement the configuration file generation process:
  • the server performs the following steps to implement the dynamic key generation process:
  • the dynamic seed generation algorithm is used to process the random seed and the variable factor, obtain a dynamic key, and send the dynamic key to the client.
  • FIG. 1 is a flow chart showing a method of acquiring a dynamic key in this embodiment. As shown in FIG. 1 , the method for acquiring the dynamic key includes the following steps:
  • S11 The client uses a seed generation tool to obtain a random seed and a reference time.
  • the seed generation tool is an executable program document pre-written by the developer.
  • a random seed is a string of strings randomly generated by the client using a seed generation tool. Since the random seed is randomly generated, the random seed is not easily leaked, and the safety is improved.
  • the base time is the system time generated by the seed generation tool.
  • the client is a terminal with a seed generation tool installed, including but not limited to computers, tablets, and smartphones.
  • the reference time generated by the seed generation tool on the client specifically converting the acquired system time to the value of milliseconds as the reference time, is advantageous for calculation.
  • the system time can be obtained by using the Long.parseLong (encryptedDate) method, and then the millisecond value of the system time is obtained by using the System.currentTimeMillis (current time) method.
  • S12 The client invokes the encryption machine to encrypt the random seed and the reference time to obtain the encrypted ciphertext.
  • the encryption machine is a domestically-developed host encryption device that has been authenticated and approved by the national commercial password authority.
  • the key of the encryption machine is not easy to be leaked, and it is mostly used in financial institutions to ensure the case of financial business.
  • the encrypted ciphertext is a string of characters obtained by encrypting with an encryption machine.
  • the client invokes the encryption machine to encrypt the random seed and the reference time respectively, and forms a character string obtained by encrypting the random seed (hereinafter referred to as the first character string) and a string encrypted by the reference time (hereinafter referred to as the second String) to obtain the encrypted ciphertext based on the first string and the second character.
  • the client invokes the encryption machine connected thereto to generate a key pair (public key and private key) by using a public key encryption algorithm, and encrypts the random seed and the reference time by using the public key in the key pair, and
  • the key pair is stored in a password management system in the encryption machine.
  • the public key encryption algorithm refers to the use of different keys (ie, public and private keys) for encryption and decryption, and the "private key” is not known to others, and the "public key” can be made public. The two must be paired. The data encrypted with the public key must be decrypted with the corresponding private key. The technical security is high, so that the key is not easily leaked.
  • the public key encryption algorithm used by the encryption machine includes, but is not limited to, an RSA encryption algorithm.
  • RSA encryption algorithm is currently the most influential and most commonly used public key encryption algorithm. It can resist most of the password attacks known so far, and has high security.
  • public key encryption and private key decryption are adopted. .
  • the client obtains the configuration file based on the encrypted ciphertext and the update time, and sends the configuration file to the server.
  • the update time represents the number of time steps, that is, how long it takes to generate a new key.
  • the update time is pre-configured and stored in the configuration file, ultimately guaranteeing when the key update changes.
  • the configuration file is the file that the client obtains based on the update time and the encrypted ciphertext. This configuration file can be written by the developer based on the Java language using the Notepad tool. It can be understood that the configuration file includes a character string obtained after encrypting the random seed (ie, the first character string), a character string obtained by encrypting the reference time (ie, the second character string), and an update time.
  • the client obtains a configuration file based on the encrypted ciphertext and the update time, and sends the configuration file to the server, so that the server can generate a key according to the configuration file.
  • the update time in this embodiment is X days, and the specific value of the parameter X is determined by the developer depending on the project situation.
  • the encrypted ciphertext sent back by the encryption machine and the update time preset by the client are written into the configuration file, and the configuration file is sent to the server, so that the server automatically operates according to the configuration of the configuration file, and the operation is simple. Improve the efficiency of getting dynamic keys.
  • S14 The server acquires a configuration file sent by the client, where the configuration file includes the encrypted ciphertext and the update time obtained by the encryption machine.
  • the server acquires a configuration file sent by the client, where the configuration file includes an encrypted ciphertext obtained by the encryption machine (including a character string obtained by encrypting the seed (ie, the first character string) and a character obtained by encrypting the reference time. String (ie the second string)) and update time.
  • the server provides support for generating a dynamic key by acquiring a configuration file.
  • S15 The server invokes the encryption machine to decrypt the encrypted ciphertext, and obtains the decrypted random seed and the reference time.
  • the server invokes an encryption machine connected to the server to decrypt the encrypted ciphertext in the configuration file, and obtains the decrypted random neutron and the reference time.
  • the encryption machine is an encryption machine connected to the client for generating an encrypted ciphertext. It can be understood that the encryption algorithm used by the encryption machine is decrypted with the private key generated by the RSA algorithm stored in the client calling the encryption machine to obtain the decrypted random seed and the reference time, and the decrypted random seed and the reference are obtained. Time is stored in the server's memory to provide support for subsequent generation of dynamic keys.
  • the server since the key pair generated by the client calling the encryption machine is stored in the password management system in the encryption machine, the server directly invokes the private key in the key pair stored in the encryption machine when the server invokes the encryption machine. To avoid the problem of not being able to decrypt the encrypted ciphertext to get random seed and reference time.
  • S16 The server acquires a variable factor based on the update time and the reference time.
  • variable factor is a calculation parameter in the dynamic encryption algorithm.
  • the server acquires the current time and the preset update time, calls the reference time stored in the server memory, and calculates the current time, the update time, and the reference time by using a variable factor calculation formula to obtain the variable factor.
  • Subsequent dynamic key generation algorithms are used to generate dynamic key provisioning support.
  • S17 The server processes the random seed and the variable factor by using a dynamic key generation algorithm, obtains a dynamic key, and sends the dynamic key to the client.
  • the dynamic key generation algorithm refers to an algorithm for regenerating a key with the occurrence of an event (a key is used or a certain time lapse, etc.), and has the advantages of high efficiency, simplicity, and high security.
  • a dynamic key is a key obtained by processing a random seed and a variable factor using a dynamic key generation algorithm.
  • the dynamic key generation algorithm is used to process the random seed and the variable factor, obtain a dynamic key, and send the dynamic key to the client, so that the client uses the generated dynamic key to perform certain specific information. encrypt and decode).
  • the dynamic key generation algorithm is used to process the random seed and the variable factor to obtain a dynamic key, which improves the key acquisition efficiency and the security of the key.
  • S18 The client receives a dynamic key generated by the configuration file sent by the server.
  • the client receives the dynamic key generated by the configuration file sent by the server, and uses the dynamic key to encrypt (decrypt) certain specific information, for example, when the user dynamically logs in to the system, using the dynamic key to log in.
  • the dynamic key is a key obtained by performing steps S14-S17.
  • the seed generation tool is first used on the client to obtain the random seed and the reference time, so that the client invokes the encryption machine to encrypt the random seed and the reference time, obtain the encrypted ciphertext, and increase the security of the dynamic key. Then, the client obtains the configuration file based on the encrypted ciphertext and the update time, and sends the configuration file to the server, so that the server automatically operates according to the configuration of the configuration file, and the operation is simple, and the efficiency of obtaining the dynamic key is improved.
  • the server obtains the configuration file sent by the client, so that the server invokes the encryption machine to decrypt the encrypted ciphertext in the configuration file, and obtains the decrypted random seed and the reference time, so that the server obtains the variable factor based on the update time and the reference time. So that the server uses the dynamic key generation algorithm to process the random seed and the variable factor to obtain the dynamic key, which improves the key acquisition efficiency and the security of the key.
  • the dynamic key is sent to the client, and the message digest is processed by the TOTP algorithm to obtain a dynamic key, which improves the efficiency of dynamic key acquisition.
  • step S16 the server acquires a variable factor based on the update time and the reference time, and specifically includes the following steps:
  • S161 The server determines the interval time based on the current time and the reference time.
  • the interval time is a parameter obtained by calculating the variable factor obtained by subtracting the reference time from the current time.
  • the current time is the millisecond value obtained by the server using the current time acquisition method.
  • the current time acquisition method includes but is not limited to System.currentTimeMillis(), which is convenient for quickly obtaining the millisecond value of the current time.
  • System.currentTimeMillis() produces a millisecond value of the current time, which is actually the number of milliseconds since 0:00 on January 1, 1970.
  • the server determines the interval based on the current time and the reference time (milliseconds).
  • the interval time and the update time are calculated using a variable factor calculation formula to obtain a variable factor.
  • calculating the variable factor based on the variable factor calculation formula first calculate the quotient of the interval time and the update time, then perform the rounding operation on the quotient value, obtain the rounding value, and then take the product of the rounded value and the update time as Variable factor.
  • the calculation process is simple and convenient, and the dynamic key acquisition efficiency is improved, and then the variable factor calculation formula is used.
  • Interval time and update time are calculated to obtain variable factors, which provide support for generating dynamic keys by using dynamic key generation algorithm.
  • the server determines whether the interval time is greater than the update time, so as to achieve the purpose of automatically updating the dynamic key.
  • the method for generating the dynamic key further includes the following steps:
  • the dynamic key invalidation information is used to remind the client that the dynamic key corresponding to the current time is invalid, and needs to generate a new dynamic key reminding information.
  • the server also obtains the interval time and compares it with the preset update time. If the interval time is greater than the update time, the key failure information is generated, and the key invalidation information is sent to the client, so that the client performs the step.
  • S11-S13 to obtain the updated configuration file, and send the updated configuration file to the server, so that the server generates a new dynamic key based on the updated configuration file, and sends the dynamic key to the client to achieve automatic replacement dynamics.
  • the purpose of the key is to improve security.
  • the updated configuration file includes the updated encrypted ciphertext and the preset update time.
  • the execution server calculates the interval time and the update time by using a variable factor calculation formula to obtain a variable factor.
  • the server continues to perform the step of calculating the interval time and the update time by using the variable factor calculation formula to obtain the variable factor, that is, performing step S162 .
  • the server determines whether the interval time is greater than the update time by using the timing interval. If the interval time is greater than the update time, the key failure information is generated, and the key failure information is sent to the client, so that the client performs the step. S11-S13, to obtain the updated configuration file, and send the updated configuration file to the server, so that the server generates a new dynamic key based on the updated configuration file, and sends the dynamic key to the client to achieve automatic replacement dynamics. The purpose of the key is to improve security. If the interval time is not greater than the update time, the execution server calculates the interval time and the update time by using a variable factor calculation formula to obtain a variable factor.
  • step S17 the server processes the random seed and the variable factor by using a dynamic key generation algorithm to obtain a dynamic key, which specifically includes the following steps:
  • S171 The server processes the random seed and the variable factor by using a one-way hash function to obtain a message digest.
  • Message Digest also known as Digital Digest. It is a fixed-length value that uniquely corresponds to a message or text, and is generated by a one-way hash function acting on the message.
  • the loop parameter, opad is the outer loop parameter.
  • the seed and variable factors are processed by the HMAC-SHA-1 algorithm in the one-way hash function.
  • HMAC-SHA-1 is a keyed hash algorithm constructed from the SHA1 hash function and is used as HMAC (Hash-based message authentication code). This HMAC process mixes the key with the message data, hashes the mixed result using a hash function, mixes the resulting hash value with the key, and then applies the hash function again.
  • the output hash value is 160 bits long.
  • SHA-1 Secure Hash Algorithm, also known as SHS, Secure Hash Standard
  • SHS Secure Hash Standard
  • S1711 Add 0 to the random seed K to create a first string with a sub-length B. Since K (random seed) is randomly generated, the length is not fixed. Therefore, it is necessary to add 0 after the random seed K to create a first character string of length B to ensure the smooth progress of the subsequent calculation process.
  • B is the processing block size.
  • S1712 Perform an exclusive OR operation on the character string of B length generated in step S1711 and the ipad to obtain the second character string.
  • ipad is 0x36363636..., and its length is the same as B (64 bytes).
  • variable factor T Fill the variable factor T into the second string to obtain the third string.
  • the variable factor T may be directly filled after the second character string to obtain the third character string.
  • H is a hash function
  • a hash function refers to mapping a binary string of arbitrary length into a short fixed-length binary string.
  • S1715 Perform an exclusive OR operation on the first character string of the B byte length generated in step S1711 and the opad to obtain the fifth character string.
  • the opad is 0x5c5c5c..., and its length is the same as B.
  • S1717 H is applied to the fourth character string to hash the fourth character string to obtain a message digest (a 20-byte (160 bite) array).
  • the HMAC-SHA-1 algorithm can accept a string of any size and generate a hash sequence of 160 bits (ie, a message digest), so The HMAC-SHA-1 algorithm processes the seed and variable factors to obtain a message digest, which is convenient for calculation and facilitates subsequent generation of dynamic keys.
  • S172 The message digest is processed by using the TOTP algorithm to obtain a dynamic key.
  • Truncate dynamic truncation function
  • the unsigned integer is modulo-operated with the d-th power of 10 to obtain a digital password of the d-bit, that is, the dynamic key.
  • the value of d may be 6 or 8, and should not be too long, so as to facilitate user input when using a dynamic key for encryption (decryption).
  • the resulting message digest (20 bytes) is as follows:
  • hmac_result[0]...hmac_result[19], hmac_result is the message digest).
  • the process of dynamic truncation is to perform a bitwise AND operation on the last byte of the message digest and 0xf to obtain an offset value (the initial value of the dynamic truncation function).
  • the bounce attempt mechanism refers to the decryption of the current time when the decryption is performed by using the generated key (for example, the current time point is 5:13:10s, and the update time is 30s, then at 5:13:40s)
  • the dynamic key has been updated, but the third-party authentication server may receive the updated key due to network delay, resulting in decryption failure.
  • the key is decrypted at the previous point in time to improve the fault tolerance of the algorithm. .
  • the server processes the seed and the variable factor by using a one-way hash function, obtains a fixed-length message digest for convenient calculation, and then processes the message digest by using the TOTP algorithm to obtain a dynamic key and improve the dynamic key. The efficiency of the acquisition.
  • the seed generation tool is first used on the client to obtain the random seed and the reference time, so that the client invokes the encryption machine to encrypt the random seed and the reference time, obtain the encrypted ciphertext, and increase the security of the dynamic key. Then, the client obtains the configuration file based on the encrypted ciphertext and the update time, and sends the configuration file to the server, so that the server automatically operates according to the configuration of the configuration file, and the operation is simple, and the efficiency of obtaining the dynamic key is improved. After that, the server obtains the configuration file sent by the client, so that the server invokes the encryption machine to decrypt the encrypted ciphertext in the configuration file, and obtains the decrypted random seed and the reference time.
  • the server determines the interval based on the current time and the reference time to calculate the interval and update time using a variable factor calculation formula to obtain a variable factor to enable the server to perform random seed and variable factors using a one-way hash function. Processing, obtaining a message digest to reduce the amount of calculation; using the TOTP algorithm to process the message digest, obtaining a dynamic key, and improving the efficiency of dynamic key acquisition.
  • the message digest is processed by the TOTP algorithm to obtain a dynamic key, which improves the efficiency of dynamic key acquisition.
  • a retraction attempt mechanism is also added, and when the current time point decryption fails, the key is decrypted by using the key at the previous time point to improve fault tolerance.
  • the server further determines whether the interval time is greater than the update time, so that the server obtains the updated dynamic key based on the updated configuration file sent by the client and performs the steps of S14-S18, so as to automatically replace the dynamic key. purpose.
  • FIG. 4 is a schematic block diagram showing a device for acquiring a dynamic key corresponding to the method for acquiring a dynamic key in the first embodiment.
  • the dynamic key acquisition apparatus includes a server 10 and a client 20.
  • the server includes a configuration file obtaining module 11, an encryption machine decryption module 12, a variable factor acquisition module 13, and a dynamic key acquisition module 14.
  • the client 20 includes the steps of the random seed and reference time acquisition module 21, the encrypted ciphertext acquisition module 22, the configuration file acquisition module 23, and the dynamic key receiving module 24, and the dynamic key acquisition method in the embodiment.
  • the present embodiment will not be described in detail.
  • the server 10 includes a profile acquisition module 11, a encryptor decryption module 12, a variable factor acquisition module 13, and a dynamic key acquisition module 14.
  • the configuration file obtaining module 11 is configured to obtain a configuration file sent by the client, where the configuration file includes the encrypted ciphertext and the update time obtained by the encryption machine.
  • the encryption machine decryption module 12 is configured to invoke the encryption machine to decrypt the encrypted ciphertext, and obtain the decrypted random seed and the reference time.
  • the variable factor acquisition module 13 is configured to acquire a variable factor based on the update time and the reference time.
  • the dynamic key obtaining module 14 is configured to process the random seed and the variable factor by using a dynamic key generation algorithm, obtain a dynamic key, and send the dynamic key to the client.
  • variable factor acquisition module 13 includes an interval time determination unit 131 and a variable factor acquisition unit 132.
  • the interval determining unit 131 is configured to determine the interval time based on the current time and the reference time.
  • the dynamic key acquiring apparatus further includes a key invalidation information acquiring unit 133 and a second variable factor acquiring unit 134.
  • the key invalidation information obtaining unit 133 is configured to generate key invalidation information if the interval time is greater than the update time, and send the key invalidation information to the client.
  • the second variable factor obtaining unit 134 is configured to: if the interval time is not greater than the update time, the execution server calculates the interval time and the update time by using a variable factor calculation formula to obtain a variable factor.
  • the dynamic key acquisition module 14 includes a message digest acquisition unit 141 and a dynamic key acquisition unit 142.
  • the message digest obtaining unit 141 processes the random seed and the variable factor by using a one-way hash function to obtain a message digest.
  • the dynamic key obtaining unit 142 processes the message digest by using the TOTP algorithm to obtain a dynamic key.
  • the client 20 includes a random seed and reference time acquisition module 21, an encrypted ciphertext acquisition module 22, a configuration file acquisition module 23, and a dynamic key receiving module 24.
  • the random seed and reference time acquisition module 21 is configured to acquire a random seed and a reference time using a seed generation tool.
  • the encrypted ciphertext obtaining module 22 is configured to invoke the encryption machine to encrypt the random seed and the reference time to obtain the encrypted ciphertext.
  • the configuration file obtaining module 23 is configured to obtain a configuration file based on the encrypted ciphertext and the update time, and send the configuration file to the server.
  • the dynamic key receiving module 24 is configured to receive a dynamic key generated by the server based on the configuration file.
  • the embodiment provides a computer readable storage medium on which computer readable instructions are stored, and when the computer readable instructions are executed by the processor, the method for acquiring the dynamic key in Embodiment 1 is implemented, in order to avoid duplication. , I won't go into details here.
  • the functions of the modules/units in the apparatus for acquiring the dynamic key in the second embodiment are implemented when the computer readable instructions are executed by the processor. To avoid repetition, details are not described herein again.
  • the computer readable storage medium can include any entity or device capable of carrying the computer readable instruction code, a recording medium, a USB flash drive, a removable hard drive, a magnetic disk, an optical disk, a computer memory, a read only memory (ROM, Read-Only) Memory), random access memory (RAM), electrical carrier signals, telecommunications signals, and software distribution media.
  • FIG. 5 is a schematic diagram of a terminal device according to an embodiment of the present application.
  • the terminal device 50 of this embodiment includes a processor 51, a memory 52, and computer readable instructions 53 stored in the memory 52 and operable on the processor 51.
  • the processor 51 executes the steps of the method for acquiring the dynamic key in the first embodiment, such as steps S11 to S18 shown in FIG. 1, when the computer readable instructions 53 are executed.
  • the processor 51 executes the computer readable instructions 53
  • the functions of each module/unit of the dynamic key acquisition apparatus in Embodiment 2 are implemented, such as the configuration file acquisition module 11 and the encryption machine decryption module 12 shown in FIG.
  • computer readable instructions 53 may be partitioned into one or more modules/units, one or more modules/units being stored in memory 52 and executed by processor 51 to complete the application.
  • the one or more modules/units may be an instruction segment of a series of computer readable instructions 53 capable of performing a particular function, which is used to describe the execution of computer readable instructions 53 in the terminal device 50.
  • each functional unit in each embodiment of the present application may be integrated into one processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit.
  • the above integrated unit can be implemented in the form of hardware or in the form of a software functional unit.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

La présente invention concerne un procédé d'acquisition d'une clé dynamique, un dispositif, un appareil terminal, et un support de stockage. Le procédé d'acquisition d'une clé dynamique comprend les étapes suivantes, exécutables par un serveur, et consistant à : acquérir un fichier de configuration envoyé par un client, le fichier de configuration contenant un cryptogramme chiffré acquis sur la base d'un chiffreur et d'un instant de mise à jour ; appeler le chiffreur pour déchiffrer le cryptogramme chiffré, et acquérir un germe aléatoire déchiffré et un instant de référence ; acquérir un facteur variable sur la base de l'instant de mise à jour et de l'instant de référence ; et traiter le germe aléatoire et le facteur variable au moyen d'un algorithme de génération de clé dynamique, acquérir une clé dynamique, et envoyer la clé dynamique au client. Le procédé d'acquisition d'une clé dynamique résout efficacement les problèmes de gaspillage de temps et de faible sécurité des mécanismes de chiffrement classiques.
PCT/CN2018/077474 2018-01-08 2018-02-28 Procédé d'acquisition de clé dynamique, dispositif, appareil terminal, et support de stockage WO2019134241A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201810014135.1 2018-01-08
CN201810014135.1A CN108462686B (zh) 2018-01-08 2018-01-08 动态密钥的获取方法、装置、终端设备及存储介质

Publications (1)

Publication Number Publication Date
WO2019134241A1 true WO2019134241A1 (fr) 2019-07-11

Family

ID=63220529

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/077474 WO2019134241A1 (fr) 2018-01-08 2018-02-28 Procédé d'acquisition de clé dynamique, dispositif, appareil terminal, et support de stockage

Country Status (2)

Country Link
CN (1) CN108462686B (fr)
WO (1) WO2019134241A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2022257411A1 (fr) * 2021-06-09 2022-12-15 深圳前海微众银行股份有限公司 Procédé et appareil de traitement de données

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110298941A (zh) * 2019-05-21 2019-10-01 杭州海兴电力科技股份有限公司 一种智能门锁一次性临时密码生成方法
CN111064571B (zh) * 2020-01-09 2022-04-22 青岛海信移动通信技术股份有限公司 一种通信终端、服务器及动态更新预共享密钥的方法
CN114095920A (zh) * 2020-07-29 2022-02-25 阿里巴巴集团控股有限公司 通信方法、系统、装置、设备和存储介质
CN111988143B (zh) * 2020-08-28 2024-03-01 百度时代网络技术(北京)有限公司 密钥更新方法、装置、设备以及存储介质
CN112287369A (zh) * 2020-11-02 2021-01-29 珠海格力电器股份有限公司 解密方法、装置、计算机设备及存储介质
CN113761551A (zh) * 2020-11-18 2021-12-07 北京沃东天骏信息技术有限公司 密钥的生成方法、加密方法、解密方法和装置
CN112564889B (zh) * 2020-12-04 2021-11-09 深圳市安室智能有限公司 数据加密传输方法及相关产品
CN113507363B (zh) * 2021-07-08 2023-08-01 中国建设银行股份有限公司 数据处理的方法、装置、电子设备和存储介质
CN115767503B (zh) * 2022-11-14 2024-06-07 杭州可当科技有限公司 一种应用于物联网的eSIM芯片
CN117040944B (zh) * 2023-10-10 2024-04-26 深圳市旗云智能科技有限公司 无线物联网远程信号传输装置

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101699820A (zh) * 2009-10-30 2010-04-28 北京飞天诚信科技有限公司 动态口令的认证方法和装置
CN103051460A (zh) * 2013-01-29 2013-04-17 赵忠华 基于惯性技术的动态令牌系统及其加密方法
CN103905195A (zh) * 2012-12-28 2014-07-02 中国电信股份有限公司 基于动态口令的用户卡认证方法和系统
CN104301109A (zh) * 2014-09-24 2015-01-21 飞天诚信科技股份有限公司 一种语音动态令牌的工作方法

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100563391C (zh) * 2007-09-03 2009-11-25 华为技术有限公司 移动通信终端设备数据保护的方法、系统及设备
CN101783800B (zh) * 2010-01-27 2012-12-19 华为终端有限公司 一种嵌入式系统安全通信方法、装置及系统
WO2013014734A1 (fr) * 2011-07-25 2013-01-31 三菱電機株式会社 Dispositif de chiffrement, procédé de chiffrement et programme de chiffrement
CN103067160B (zh) * 2013-01-14 2018-05-15 江苏智联天地科技有限公司 一种加密sd卡的动态密钥生成的方法及系统
CN104506497B (zh) * 2014-12-10 2018-02-27 青岛海信电器股份有限公司 一种信息发布方法和系统
CN107154935B (zh) * 2017-04-26 2020-09-11 腾讯科技(深圳)有限公司 业务请求方法及装置

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101699820A (zh) * 2009-10-30 2010-04-28 北京飞天诚信科技有限公司 动态口令的认证方法和装置
CN103905195A (zh) * 2012-12-28 2014-07-02 中国电信股份有限公司 基于动态口令的用户卡认证方法和系统
CN103051460A (zh) * 2013-01-29 2013-04-17 赵忠华 基于惯性技术的动态令牌系统及其加密方法
CN104301109A (zh) * 2014-09-24 2015-01-21 飞天诚信科技股份有限公司 一种语音动态令牌的工作方法

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2022257411A1 (fr) * 2021-06-09 2022-12-15 深圳前海微众银行股份有限公司 Procédé et appareil de traitement de données

Also Published As

Publication number Publication date
CN108462686B (zh) 2020-09-04
CN108462686A (zh) 2018-08-28

Similar Documents

Publication Publication Date Title
WO2019134241A1 (fr) Procédé d'acquisition de clé dynamique, dispositif, appareil terminal, et support de stockage
US8744076B2 (en) Method and apparatus for encrypting data to facilitate resource savings and tamper detection
US9537657B1 (en) Multipart authenticated encryption
US10439804B2 (en) Data encrypting system with encryption service module and supporting infrastructure for transparently providing encryption services to encryption service consumer processes across encryption service state changes
US8694467B2 (en) Random number based data integrity verification method and system for distributed cloud storage
US11487908B2 (en) Secure memory
CN107078904B (zh) 混合密码密钥导出
US20160094347A1 (en) Method and system for secure management of computer applications
US20040111600A1 (en) Deriving keys used to securely process electronic messages
US20200372183A1 (en) Digitally Signing Software Packages With Hash Values
JP2001514834A (ja) 安全決定性暗号鍵発生システムおよび方法
KR20080025121A (ko) 비대칭 개인키로부터 비밀키 생성
CN110781140B (zh) 区块链中数据签名的方法、装置、计算机设备及存储介质
US20230325516A1 (en) Method for file encryption, terminal, electronic device and computer-readable storage medium
WO2021114850A1 (fr) Procédé et appareil de chiffrement, de déchiffrement, de lecture et d'écriture de messages, dispositif informatique et support d'enregistrement
US9367700B2 (en) System and method for establishing a shared secret for communication between different security domains
EP4319041A1 (fr) Carte de chiffrement et procédé de protection de clé racine associé, et support de stockage lisible par ordinateur
US20200396054A1 (en) Secure Memory Read
US8832450B2 (en) Methods and apparatus for data hashing based on non-linear operations
Abela et al. Secure Implementation of a Quantum-Future GAKE Protocol
CN108880785B (zh) 一种检测C++虚表被hook的方法、装置、终端及可读介质
WO2021044465A1 (fr) Dispositif de chiffrement, dispositif de déchiffrement, programme informatique, procédé de chiffrement, procédé de déchiffrement et structure de données
US20240056295A1 (en) Verifiable remote resource management for cryptographic devices
Sahi et al. Parallel encryption mode for probabilistic scheme to secure data in the cloud
SIEMENS FIPS 140-2 Security Policy

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18898092

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 13.10.2020)

122 Ep: pct application non-entry in european phase

Ref document number: 18898092

Country of ref document: EP

Kind code of ref document: A1