Thanks to visit codestin.com
Credit goes to patents.google.com

CN106060073B - Channel key machinery of consultation - Google Patents

Channel key machinery of consultation Download PDF

Info

Publication number
CN106060073B
CN106060073B CN201610535023.1A CN201610535023A CN106060073B CN 106060073 B CN106060073 B CN 106060073B CN 201610535023 A CN201610535023 A CN 201610535023A CN 106060073 B CN106060073 B CN 106060073B
Authority
CN
China
Prior art keywords
key
close state
identifier
data
state data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610535023.1A
Other languages
Chinese (zh)
Other versions
CN106060073A (en
Inventor
罗燕京
刘鹏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Xinchangcheng Technology Development Co ltd
Original Assignee
Beijing Ren Letter Card Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Ren Letter Card Technology Co Ltd filed Critical Beijing Ren Letter Card Technology Co Ltd
Priority to CN201610535023.1A priority Critical patent/CN106060073B/en
Publication of CN106060073A publication Critical patent/CN106060073A/en
Application granted granted Critical
Publication of CN106060073B publication Critical patent/CN106060073B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a kind of channel key machineries of consultation, it is related to technical field of data security, the present invention is managed and is applied by way of User ID and password for existing cloud storage system, or the heart saves the insecurity of key in storage, by providing or being implanted into corresponding identity private key and mark public key matrix to each user equipment and server, so that the link between user equipment and server must be all mutually authenticated by respective tagged keys could formally establish workflow, and mutual interaction data all encrypts, ensure the safety of entire cloud storage system.

Description

Channel key machinery of consultation
Technical field
The present invention relates to technical field of data security, in particular to a kind of channel key machinery of consultation.
Background technique
With the popularization that cloud storage is applied, more and more users begin to use cloud storage system to store data.Cloud storage System can provide the functions such as cooperate between data backup, data sharing, data are synchronous and user for user
However, the cloud storage system safety problem explanation to take place frequently in recent years: there is some leakages for existing cloud storage system Hole, the privacy for leading to user data, integrality are by certain threat.The main problem of existing mainstream cloud storage system have with Lower several points:
(1) some cloud storage systems do not have encryption function directly in the server by data clear text storage only to pass through user Name and PIN code realize data access management;
(2) some cloud storage systems and are taken care of by server end to being stored in cloud storage after data encryption by server Key.
Summary of the invention
In view of the above problems, it proposes on the present invention overcomes the above problem or at least be partially solved in order to provide one kind State a kind of channel key machinery of consultation, a kind of client and a kind of server of problem.
First aspect according to the present invention, provides a kind of user equipment, and the user equipment includes:
Key generating unit, for generating a random number as channel key by randomizer;
Public key acquisition unit, it is public for obtaining corresponding first identifier from mark public key matrix according to server identification Key;
Asymmetric encryption unit, for carrying out asymmetric encryption to the channel key using the first identifier public key, Obtain the first close state data;
Private key signature unit signs the described first close state data for the first identifier private key by local device Name;
Data transmission unit is sent to server for the first close state data after signing;
Feedback reception unit, for receiving the data packet of server feedback;
Data unwrapper unit obtains key file and the second close state data for the data packet to be carried out data unpacking;
Signature verification unit, for the signature by key file described in the first identifier public key verifications;
Private key decryption unit, for being carried out to the key file by the first identifier private key when being verified Decryption, obtains symmetric cryptography;
Status code acquiring unit obtains shape for the described second close state data to be decrypted by the symmetric cryptography State code;
Unit is realized in communication, for regarding as negotiating successfully when the status code is default value, and passes through the letter Road key realizes the communication between the server.
The second aspect according to the present invention provides a kind of channel key machinery of consultation, which comprises
One random number is generated as channel key by randomizer;
Corresponding first identifier public key is obtained from mark public key matrix according to server identification;
Asymmetric encryption is carried out to the channel key using the first identifier public key, obtains the first close state data;
It is signed by the first identifier private key of local device to the described first close state data;
The first close state data after signature are sent to server;
Receive the data packet of server feedback;
The data packet is subjected to data unpacking, obtains key file and the second close state data;
Pass through the signature of key file described in the first identifier public key verifications;
When being verified, the key file is decrypted by the first identifier private key, obtains symmetric cryptography;
The described second close state data are decrypted by the symmetric cryptography, obtain status code;
If the status code be default value, regard as negotiating successfully, and by the channel key realization with it is described Communication between server.
In terms of third according to the present invention, a kind of server is provided, the server includes:
Data receipt unit, for receiving the first close state data sent by user equipment;
Encryption key generation unit, for generating a random number as symmetric key by randomizer;
Public key acquisition unit, it is public for obtaining corresponding second identifier from mark public key matrix according to customer equipment identification Key;
Signature verification unit, for the signature using the first close state data described in the second identifier public key verifications;
Private key decryption unit, it is close to described first by the second identifier private key of local device for when being verified State data are decrypted, and obtain channel key;
Symmetric cryptography unit, for carrying out symmetric cryptography to the status code for being set as default value by the symmetric cryptography, Obtain the second close state data;
Asymmetric encryption unit, for carrying out asymmetric encryption to the symmetric cryptography by the second identifier public key, Obtain key file;
Private key signature unit, for being signed by the second identifier private key to the key file;
Data packetization unit is obtained for being packaged the key file data after the described second close state data and signature To data packet;
Data transmission unit, for obtained data packet to be sent to the user equipment.
The 4th aspect according to the present invention, provides a kind of channel key machinery of consultation, which comprises
Receive the first close state data sent by user equipment;
One random number is generated as symmetric key by randomizer;
Corresponding second identifier public key is obtained from mark public key matrix according to customer equipment identification;
Using the signature of the first close state data described in the second identifier public key verifications;
When being verified, the described first close state data are decrypted by the second identifier private key of local device, are obtained To channel key;
Symmetric cryptography is carried out to the status code for being set as default value by the symmetric cryptography, obtains the second close state data;
Asymmetric encryption is carried out to the symmetric cryptography by the second identifier public key, obtains key file;
It is signed by the second identifier private key to the key file;
Key file after described second close state data and signature is subjected to data packing, obtains data packet;
Obtained data packet is sent to the user equipment.
The 5th aspect according to the present invention, provides a kind of user equipment, the user equipment includes:
Key generating unit, for generating a random number as channel key by randomizer;
Public key acquisition unit, it is public for obtaining corresponding first identifier from mark public key matrix according to server identification Key;
Asymmetric encryption unit, for carrying out asymmetric encryption to the channel key using the first identifier public key, Obtain the first close state data;
Private key signature unit signs the described first close state data for the first identifier private key by local device Name;
Data transmission unit is sent to server for the first close state data after signing;
Feedback reception unit, for receiving the data packet of server feedback;
Signature verification unit, for the signature by data packet described in the first identifier public key verifications;
The data packet is carried out data unpacking for when being verified by data unwrapper unit, obtain key file and Second close state data;
Private key decryption unit obtains symmetrical for the key file to be decrypted by the first identifier private key Password;
Status code acquiring unit obtains shape for the described second close state data to be decrypted by the symmetric cryptography State code;
Unit is realized in communication, for regarding as negotiating successfully when the status code is default value, and passes through the letter Road key realizes the communication between the server.
The 6th aspect according to the present invention, provides a kind of channel key machinery of consultation, which comprises
One random number is generated as channel key by randomizer;
Corresponding first identifier public key is obtained from mark public key matrix according to server identification;
Asymmetric encryption is carried out to the channel key using the first identifier public key, obtains the first close state data;
It is signed by the first identifier private key of local device to the described first close state data;
The first close state data after signature are sent to server;
Receive the data packet of server feedback;
Pass through the signature of data packet described in the first identifier public key verifications;
When being verified, the data packet is subjected to data unpacking, obtains key file and the second close state data;
The key file is decrypted by the first identifier private key, obtains symmetric cryptography;
The described second close state data are decrypted by the symmetric cryptography, obtain status code;
If the status code be default value, regard as negotiating successfully, and by the channel key realization with it is described Communication between server.
The 7th aspect according to the present invention, provides a kind of server, the server includes:
Data receipt unit, for receiving the first close state data sent by user equipment;
Encryption key generation unit, for generating a random number as symmetric key by randomizer;
Public key acquisition unit, it is public for obtaining corresponding second identifier from mark public key matrix according to customer equipment identification Key;
Signature verification unit, for the signature using the first close state data described in the second identifier public key verifications;
Private key decryption unit, it is close to described first by the second identifier private key of local device for when being verified State data are decrypted, and obtain channel key;
Symmetric cryptography unit, for carrying out symmetric cryptography to the status code for being set as default value by the symmetric cryptography, Obtain the second close state data;
Asymmetric encryption unit, for carrying out asymmetric encryption to the symmetric cryptography by the second identifier public key, Obtain key file;
Data packetization unit obtains data packet for the described second close state data and key file to be carried out data packing;
Private key signature unit, for being signed by the second identifier private key to the data packet;
Data transmission unit, for the data packet after signature to be sent to the user equipment.
The 8th aspect according to the present invention, provides a kind of channel key machinery of consultation, which comprises
Receive the first close state data sent by user equipment;
One random number is generated as symmetric key by randomizer;
Corresponding second identifier public key is obtained from mark public key matrix according to customer equipment identification;
Using the signature of the first close state data described in the second identifier public key verifications;
When being verified, the described first close state data are decrypted by the second identifier private key of local device, are obtained To channel key;
Symmetric cryptography is carried out to the status code for being set as default value by the symmetric cryptography, obtains the second close state data;
Asymmetric encryption is carried out to the symmetric cryptography by the second identifier public key, obtains key file;
Described second close state data and key file are subjected to data packing, obtain data packet;
It is signed by the second identifier private key to the data packet;
Data packet after signature is sent to the user equipment.
The present invention be managed and applied by way of User ID and password for existing cloud storage system or Storage center saves the insecurity of key, by providing or being implanted into corresponding identity private key to each user equipment and server And mark public key matrix, so that the link between user equipment and server must be all mutually authenticated by respective tagged keys Workflow could be formally established, and mutual interaction data all encrypts, it is ensured that the safety of entire cloud storage system.
Detailed description of the invention
By reading the following detailed description of the preferred embodiment, various other advantages and benefits are common for this field Technical staff will become clear.The drawings are only for the purpose of illustrating a preferred embodiment, and is not considered as to the present invention Limitation.And throughout the drawings, the same reference numbers will be used to refer to the same parts.In the accompanying drawings:
Fig. 1 is the flow chart of the channel key machinery of consultation of one embodiment of the present invention;
Fig. 2 is the flow diagram of key production;
Fig. 3 is the flow chart of the channel key machinery of consultation of one embodiment of the present invention;
Fig. 4 is a kind of schematic diagram of the channel key machinery of consultation of specific embodiment of the present invention;
Fig. 5 is a kind of schematic diagram of the channel key machinery of consultation of specific embodiment of the present invention;
Fig. 6 is the flow chart of the channel key machinery of consultation of one embodiment of the present invention;
Fig. 7 is the flow chart of the channel key machinery of consultation of one embodiment of the present invention;
Fig. 8 is the structural block diagram of the user equipment of one embodiment of the present invention;
Fig. 9 is the structural block diagram of the server of one embodiment of the present invention;
Figure 10 is the structural block diagram of the user equipment of one embodiment of the present invention;
Figure 11 is the structural block diagram of the server of one embodiment of the present invention.
Specific embodiment
With reference to the accompanying drawings and examples, specific embodiments of the present invention will be described in further detail.Implement below Example is not intended to limit the scope of the invention for illustrating the present invention.
Fig. 1 is the flow chart of the channel key machinery of consultation of one embodiment of the present invention;Referring to Fig.1, the method packet It includes:
S101: a random number is generated as channel key by randomizer;
It should be noted that the executing subject of the method for present embodiment is user equipment, the user equipment can be PC The equipment such as machine, notebook computer, tablet computer or smart phone, present embodiment are without restriction to this.
It will be appreciated that due to using the random number generated as channelization codes in present embodiment, so that channelization codes For dynamic password, to improve the safety of data.
In the concrete realization, it in user equipment after safety is opened, needs to be registered in the server, that is to say, that The user equipment sends customer equipment identification to the server, is received and stored by the server by the user equipment The customer equipment identification of transmission.
Certainly, usually the server also can send server identification to the user equipment, by the user equipment pair The server identification that the server is sent is received and stored.
In the concrete realization, pseudo random number can be used in the random number, it also may be preferable for uses true random number, present embodiment It is without restriction to this.
S102: corresponding first identifier public key is obtained from mark public key matrix according to server identification;
It will be appreciated that being equipped with product or customer digital certificate in the user equipment, the digital certificate includes: mark The first identifier private key of public key matrix and local device.
For in present embodiment, referring to Fig. 2, the key of dedicated development can be first passed through in advance convenient for generating the digital certificate Production system produces identity private key matrix and mark public key matrix, by product or user identifier (i.e. for reflecting product identification Mark, or the mark for reflecting user identity) be used as customer equipment identification, and HASH to identity private key matrix pass through mould N Integer arithmetic generates the first identifier private key of local device, then generates product or number of users together with mark public key matrix Word certificate.
In the present embodiment, the local device refers to user equipment.
Certainly, the digital certificate, which can be used close state software data form and directly write in product, uses, or write-in User is issued in mark USBKEY to use.
The mark USBKEY includes but is not limited to TF card KEY and SIM card KEY, by meeting the close certification of state and permit Special safety chip (such as: HS08K, HS32U2, Z8D64, Z8168 or Z32) make further development and production and form, and producing The digital signature and encryption to product or the information such as user identifier and data, instruction are completed in product and user's application process.
The digital certificate or tagged keys meet the certificate specification of Conbined public or double key cipher system.
S103: asymmetric encryption is carried out to the channel key using the first identifier public key, obtains the first close state number According to;
It will be appreciated that the first identifier public key is mark public key corresponding with customer equipment identification, that is to say, that institute State between first identifier public key and customer equipment identification that there are one-to-one relationships.
It should be noted that carrying out asymmetric encryption to the channel key using the first identifier public key, can obtain To the first close state data, that is to say, that the first close state data are the numbers carried out after asymmetric encryption to the channel key According to.
S104: it is signed by the first identifier private key of local device to the described first close state data;
Due to the first identifier private key of the local device be generated according to product or user identifier, so, with product Or there are one-to-one relationships for user identifier, that is to say, that the first identifier private key of the local device is able to reflect the production The identity of product or user identifier.
S105: the first close state data after signature are sent to server;
It should be noted that clothes can be sent to the first close state data after signature by the communication modes such as wired, wireless Business device.
S106: the data packet of server feedback is received;
It will be appreciated that server can feedback data packet after the first close state data after signature are sent to server.
S107: the data packet is subjected to data unpacking, obtains key file and the second close state data;
In the concrete realization, the data packet can be subjected to data unpacking by proprietary protocol algorithm.
S108: pass through the signature of key file described in the first identifier public key verifications;
It is carried out it will be appreciated that the key file is used as server with identity private key corresponding to first identifier public key Signature, so, the signature of key file described in the first identifier public key verifications can be passed through.
It should be noted that mark public key and identity private key correspondence refer to: can be mutual between mark public key and identity private key Carry out encryption and decryption.
S109: when being verified, being decrypted the key file by the first identifier private key, obtains symmetrical Password;
It is carried out it will be appreciated that the key file is used as server with mark public key corresponding to first identifier private key Asymmetric encryption, so, the key file can be decrypted by the first identifier private key.
S110: the described second close state data are decrypted by the symmetric cryptography, obtain status code;
It should be noted that the second close state data carry out symmetric cryptography using symmetric cryptography by server, so, it can The described second close state data are decrypted by symmetric cryptography.
S111: if the status code be default value, regard as negotiating successfully, and by the channel key realization and Communication between the server.
In the concrete realization, it is generally the case that the status code is default value, it is also possible to there are some special feelings Condition, such as: when occurring the problems such as loss of data as caused by network delay, it may be necessary to by server prompts user equipment into Row data such as retransmit at the operation, therefore, the status code may for for prompt user equipment carry out the operations such as data re-transmission its His numerical value, so, it needs just regard as negotiating successfully when the status code is default value.
Certainly, after negotiating successfully, that is, it can be regarded as user equipment and server-side assert channel key, The communication between the server can be realized by channel key, that is to say, that the data between user equipment and server Communication is encrypted by channel key.
Present embodiment be managed and applied by way of User ID and password for existing cloud storage system or Person in storage the heart save key insecurity, by providing or being implanted into corresponding mark to each user equipment and server Private key and mark public key matrix, so that the link between user equipment and server all must be mutual by respective tagged keys Certification could formally establish workflow, and mutual interaction data all encrypts, it is ensured that entire cloud storage system Safety.
Fig. 3 is the flow chart of the channel key machinery of consultation of one embodiment of the present invention;Referring to Fig. 3, the method packet It includes:
S301: the first close state data sent by user equipment are received;
It should be noted that the executing subject of the method for present embodiment is server, present embodiment is not subject to this Limitation.
S302: a random number is generated as symmetric key by randomizer;
It will be appreciated that can accomplish primary due to using the random number generated as symmetric cryptography in present embodiment One is close, to further improve the safety of data.
S303: corresponding second identifier public key is obtained from mark public key matrix according to customer equipment identification;
It will be appreciated that being equipped with product or customer digital certificate in the server, the digital certificate includes: that mark is public The second identifier private key of key matrix and local device.
For in present embodiment, the key production system of dedicated development can be first passed through in advance convenient for generating the digital certificate Produce identity private key matrix and mark public key matrix, by product or user identifier (i.e. for reflecting the mark of product identification, or For reflecting the mark of user identity) it is used as server identification, and HASH is generated to identity private key matrix by mould N integer arithmetic Then the first identifier private key of local device generates product or customer digital certificate together with mark public key matrix.
In the present embodiment, the local device refers to server.
Certainly, the product or customer digital certificate can be used close state software data form and directly write in product and make With, or be written in mark USBKEY and be issued to user's use.
The mark USBKEY includes but is not limited to TF card KEY and SIM card KEY, by meeting the close certification of state and permit Special safety chip (such as: HS08K, HS32U2, Z8D64, Z8168 or Z32) make further development and production and form, and producing The digital signature and encryption to product or the information such as user identifier and data, instruction are completed in product and user's application process.
The digital certificate or tagged keys meet the certificate specification of Conbined public or double key cipher system.
S304: using the signature of the first close state data described in the second identifier public key verifications;
It will be appreciated that the second identifier public key is mark public key corresponding with customer equipment identification, that is to say, that institute State between second identifier public key and customer equipment identification that there are one-to-one relationships.
It should be noted that the first close state data are used and mark corresponding to second identifier public key as user equipment Private key (i.e. above-mentioned " first identifier private key ") is signed, so, it can be by first described in the second identifier public key verifications The signature of close state data.
Certainly, there are corresponding relationships between the second identifier public key and first identifier private key, that is to say, that described second Encryption and decryption can be mutually carried out between mark public key and first identifier private key.
S305: when being verified, the described first close state data are solved by the second identifier private key of local device It is close, obtain channel key;
It will be appreciated that the first close state data are used and the public affairs of mark corresponding to second identifier private key as user equipment Key (i.e. above-mentioned " first identifier public key ") carries out asymmetric encryption, so, it can be by the second identifier private key to described the One close state data are decrypted.
Certainly, there are corresponding relationships between the second identifier private key and first identifier public key, that is to say, that described second Encryption and decryption can be mutually carried out between identity private key and first identifier public key.
S306: symmetric cryptography is carried out to the status code for being set as default value by the symmetric cryptography, obtains the second close state Data;
It will be appreciated that carrying out symmetric cryptography to the status code for being set as default value by the symmetric cryptography, can obtain To the second close state data, that is to say, that the second close state data are to carry out symmetric cryptography to the status code for being set as default value Data afterwards.
In the concrete realization, when server normally receives the channel key, the status code can be set as present count Value, it is also possible to there are some special circumstances, such as: it, may when occurring the problems such as loss of data as caused by network delay It needs to carry out the operation such as data re-transmission by server prompts user equipment, therefore, the status code may be set as prompting to use Family equipment carries out other numerical value of the operations such as data re-transmission.
S307: asymmetric encryption is carried out to the symmetric cryptography by the second identifier public key, obtains key file;
It will be appreciated that carrying out asymmetric encryption to the symmetric cryptography by the second identifier public key, can be obtained Key file, that is to say, that the key file is asymmetric to symmetric cryptography progress by the second identifier public key Encrypted file.
S308: it is signed by the second identifier private key to the key file;
S309: the key file after the described second close state data and signature is subjected to data packing, obtains data packet;
It will be appreciated that the key file after the described second close state data and signature is carried out data packing, can be obtained Data packet, that is to say, that the data packet is that the key file after the described second close state data and signature is carried out data packing Data afterwards.
In the concrete realization, can by the described second close state data and signature after key file by proprietary protocol algorithm into Row data are packaged.
S310: obtained data packet is sent to the user equipment.
It is set it should be noted that the user can be sent to obtained data packet by the communication modes such as wired, wireless It is standby.
Referring to Fig. 4, user equipment A generates random number as channel key, user equipment A installation by randomizer After opening, corresponding server X is linked and is registered to, user equipment A record has server X mark, by identifying public key matrix It calculates server X and identifies corresponding X mark public key (corresponding to above-mentioned " first identifier public key "), public key pair is identified using X Channel key carries out asymmetric encryption, obtains the close state data of A (i.e. above-mentioned " the first close state data "), then passes through user equipment A A identity private key (corresponding to above-mentioned " first identifier private key ") sign to the close state data of A, by the close state number of A after signature The server is sent to according to by wired or wireless network.
The key negotiation request that user equipment A is sent, which is received, referring to Fig. 5, server X (has above-mentioned " the close state number of A According to "), the close state data of A are verified by A mark public key (corresponding to above-mentioned " second identifier public key ") of user equipment A first Signature, when being verified, by the X identity private key (corresponding to above-mentioned " second identifier private key ") of server X to the close state number of A According to asymmetric decryption is carried out, channel key is obtained.
After server X obtains channel key, server X needs to feed back a key agreement to user equipment A successful Status code, detailed process are as follows: server X generates a random cipher as symmetric cryptography by randomizer, then uses The symmetric cryptography carries out symmetric cryptography to status code and obtains the close state data of X (corresponding to above-mentioned " the second close state data "), simultaneously Asymmetric encryption is carried out to symmetric key with A mark public key and obtains X key file, X key file is carried out by X identity private key Signature, then by after signature X key file and the close state data of X transmit and give user equipment A.
The data packet of server X feedback is received referring to Fig. 4, user equipment A, data unpacking is carried out to data packet, it is close to obtain X Key file and the close state data of X identify public key by X and utilize A identity private key after sign test passes through to X key file progress sign test X key file is decrypted, symmetric key is obtained, then symmetrically decrypted to the close state data of X by symmetric key, is taken The status code that business device X is returned authenticates, key agreement completion, hereafter user if status code prompt certification, key agreement success The channel key of communication all through consultation between equipment A and server X is encrypted.
Compared with the mode of the prior art, the various embodiments described above have the advantages that following at least one:
1, using the verifying of Pin code and tagged keys double factor authentication, security level is improved;
2, the symmetric cryptography that file encryption is generated using random number, can accomplish a realizing one secrete key for one file;
3, symmetric cryptography is encrypted using asymmetric arithmetic, improves the safety of symmetric cryptography.
4, encrypted file is digitally signed using the identity private key of encipherer again, it is ensured that data are being transmitted Safety on the way, it is anti-tamper.
5, at each end, all by the digital certificate of their own, which is extracted based on user identifier, realize from The local key of line mode exchanges, and greatly facilitates systematic difference and high strength safe guarantee.
6, the information data of entire cloud storage system is constructed, instruction is all complete close state transmission under any platform and mode With interactive system.
Fig. 6 is the flow chart of the channel key machinery of consultation of one embodiment of the present invention;Referring to Fig. 6, the method packet It includes:
S601: a random number is generated as channel key by randomizer;
S602: corresponding first identifier public key is obtained from mark public key matrix according to server identification;
S603: asymmetric encryption is carried out to the channel key using the first identifier public key, obtains the first close state number According to;
S604: it is signed by the first identifier private key of local device to the described first close state data;
S605: the first close state data after signature are sent to server;
S606: the data packet of server feedback is received;
It should be noted that step S601~S606 is identical as step S101~S106 of embodiment shown in FIG. 1, This is repeated no more.
It will be appreciated that the executing subject of the method for present embodiment is similarly user equipment.
S607: pass through the signature of data packet described in the first identifier public key verifications;
Present embodiment and embodiment shown in FIG. 1 the difference is that, embodiment shown in FIG. 1 is first to data Packet is unpacked, and after obtaining key file and the second close state file, is passing through key file described in first identifier public key verifications Signature, and present embodiment is the signature for first passing through data packet described in the first identifier public key verifications, then carries out data unpacking, To further improve Information Security.
Since present embodiment is the signature for first passing through data packet described in the first identifier public key verifications, so, this reality The data packet for applying mode be used to sign with identity private key corresponding to first identifier public key as server, so, can lead to Cross the signature of data packet described in the first identifier public key verifications.
It should be noted that mark public key and identity private key correspondence refer to: can be mutual between mark public key and identity private key Carry out encryption and decryption.
S608: when being verified, the data packet is subjected to data unpacking, obtains key file and the second close state number According to;
S609: the key file is decrypted by the first identifier private key, obtains symmetric cryptography;
It will be appreciated that signature verification is carried out to data packet in present embodiment, so, it no longer needs to verify described close The signature of key file.
S610: the described second close state data are decrypted by the symmetric cryptography, obtain status code;
S611: if the status code be default value, regard as negotiating successfully, and by the channel key realization and Communication between the server.
It should be noted that step S610~S611 is identical as step S110~S111 of embodiment shown in FIG. 1, This is repeated no more.
Fig. 7 is the flow chart of the channel key machinery of consultation of one embodiment of the present invention;Referring to Fig. 7, the method packet It includes:
S701: the first close state data sent by user equipment are received;
S702: a random number is generated as symmetric key by randomizer;
S703: corresponding second identifier public key is obtained from mark public key matrix according to customer equipment identification;
S704: using the signature of the first close state data described in the second identifier public key verifications;
S705: when being verified, the described first close state data are solved by the second identifier private key of local device It is close, obtain channel key;
S706: symmetric cryptography is carried out to the status code for being set as default value by the symmetric cryptography, obtains the second close state Data;
S707: asymmetric encryption is carried out to the symmetric cryptography by the second identifier public key, obtains key file;
It should be noted that step S701~S707 is identical as step S301~S307 of embodiment shown in Fig. 3, This is repeated no more.
It will be appreciated that the executing subject of the method for present embodiment is similarly server.
S708: the described second close state data and key file are subjected to data packing, obtain data packet;
In the concrete realization, in present embodiment, without signing to key file.
S709: it is signed by the second identifier private key to the data packet;
Present embodiment and embodiment shown in Fig. 3 the difference is that, embodiment shown in Fig. 3 is to first pass through institute Second identifier private key is stated to sign to key file, then by after signature key file and the second close state file carry out data and beat Packet, and present embodiment is that the described second close state data and key file are first carried out data packing, obtains data packet, then pass through The second identifier private key signs to data packet, to further improve Information Security.
S710: the data packet after signature is sent to the user equipment.
Correspondingly, in present embodiment, data packet after signature can be sent to institute by the communication modes such as wired, wireless State user equipment.
For method implementation, for simple description, therefore, it is stated as a series of action combinations, but ability Field technique personnel should be aware of, and embodiment of the present invention is not limited by the described action sequence, because according to the present invention Embodiment, some steps may be performed in other sequences or simultaneously.Secondly, those skilled in the art should also know that, Embodiment described in this description belongs to preferred embodiment, related movement embodiment party not necessarily of the present invention Necessary to formula.
Fig. 8 is the structural block diagram of the user equipment of one embodiment of the present invention;Referring to Fig. 8, the user equipment includes:
Key generating unit 801, for generating a random number as channel key by randomizer;
Public key acquisition unit 802, for obtaining corresponding first identifier from mark public key matrix according to server identification Public key;
Asymmetric encryption unit 803, for carrying out asymmetric add to the channel key using the first identifier public key It is close, obtain the first close state data;
Private key signature unit 804 carries out the described first close state data for the first identifier private key by local device Signature;
Data transmission unit 805 is sent to server for the first close state data after signing;
Feedback reception unit 806, for receiving the data packet of server feedback;
Data unwrapper unit 807 obtains key file and the second close state number for the data packet to be carried out data unpacking According to;
Signature verification unit 808, for the signature by key file described in the first identifier public key verifications;
Private key decryption unit 809, for when being verified, by the first identifier private key to the key file into Row decryption, obtains symmetric cryptography;
Status code acquiring unit 810 is obtained for the described second close state data to be decrypted by the symmetric cryptography Status code;
Unit 811 is realized in communication, for regarding as negotiating successfully, and pass through institute when the status code is default value State the communication between channel key realization and the server.
Fig. 9 is the structural block diagram of the server of one embodiment of the present invention;Referring to Fig. 9, the server includes:
Data receipt unit 901, for receiving the first close state data sent by user equipment;
Encryption key generation unit 902, for generating a random number as symmetric key by randomizer;
Public key acquisition unit 903, for obtaining corresponding second mark from mark public key matrix according to customer equipment identification Know public key;
Signature verification unit 904, for the signature using the first close state data described in the second identifier public key verifications;
Private key decryption unit 905, for when being verified, by the second identifier private key of local device to described first Close state data are decrypted, and obtain channel key;
Symmetric cryptography unit 906, for symmetrically add to the status code for being set as default value by the symmetric cryptography It is close, obtain the second close state data;
Asymmetric encryption unit 907, for carrying out asymmetric add to the symmetric cryptography by the second identifier public key It is close, obtain key file;
Private key signature unit 908, for being signed by the second identifier private key to the key file;
Data packetization unit 909, for the key file data after the described second close state data and signature to be packaged, Obtain data packet;
Data transmission unit 910, for obtained data packet to be sent to the user equipment.
Figure 10 is the structural block diagram of the user equipment of one embodiment of the present invention;Referring to Fig.1 0, the user equipment packet It includes:
Key generating unit 1001, for generating a random number as channel key by randomizer;
Public key acquisition unit 1002, for obtaining corresponding first identifier from mark public key matrix according to server identification Public key;
Asymmetric encryption unit 1003, for carrying out asymmetric add to the channel key using the first identifier public key It is close, obtain the first close state data;
Private key signature unit 1004 carries out the described first close state data for the first identifier private key by local device Signature;
Data transmission unit 1005 is sent to server for the first close state data after signing;
Feedback reception unit 1006, for receiving the data packet of server feedback;
Signature verification unit 1007, for the signature by data packet described in the first identifier public key verifications;
Data unwrapper unit 1008 obtains key text for when being verified, the data packet to be carried out data unpacking Part and the second close state data;
Private key decryption unit 1009 is obtained for the key file to be decrypted by the first identifier private key Symmetric cryptography;
Status code acquiring unit 1010 is obtained for the described second close state data to be decrypted by the symmetric cryptography To status code;
Unit 1011 is realized in communication, for regarding as negotiating successfully, and pass through institute when the status code is default value State the communication between channel key realization and the server.
Figure 11 is the structural block diagram of the server of one embodiment of the present invention;Referring to Fig.1 1, the server includes:
Data receipt unit 1101, for receiving the first close state data sent by user equipment;
Encryption key generation unit 1102, for generating a random number as symmetric key by randomizer;
Public key acquisition unit 1103, for obtaining corresponding second mark from mark public key matrix according to customer equipment identification Know public key;
Signature verification unit 1104, for the signature using the first close state data described in the second identifier public key verifications;
Private key decryption unit 1105, for when being verified, by the second identifier private key of local device to described One close state data are decrypted, and obtain channel key;
Symmetric cryptography unit 1106, for symmetrically add to the status code for being set as default value by the symmetric cryptography It is close, obtain the second close state data;
Asymmetric encryption unit 1107, for carrying out asymmetric add to the symmetric cryptography by the second identifier public key It is close, obtain key file;
Data packetization unit 1108 is counted for the described second close state data and key file to be carried out data packing According to packet;
Private key signature unit 1109, for being signed by the second identifier private key to the data packet;
Data transmission unit 1110, for the data packet after signature to be sent to the user equipment.
For device embodiments, since it is substantially similar to method implementation, so be described relatively simple, Related place illustrates referring to the part of method implementation.
It should be noted that in all parts of the device of the invention, according to the function that it to be realized to therein Component has carried out logical partitioning, and still, the present invention is not only restricted to this, can according to need all parts are repartitioned or Person's combination.
All parts embodiment of the invention can be implemented in hardware, or to transport on one or more processors Capable software module is realized, or is implemented in a combination thereof.In the present apparatus, PC is by realizing internet to equipment or device Long-range control, the step of accurately controlling equipment or device each operation.The present invention is also implemented as executing here Some or all device or device programs of described method are (for example, computer program and computer program produce Product).Program of the invention, which is achieved, can store on a computer-readable medium, and the file or document tool that program generates There is statistics available property, generates data report etc..It should be noted that above embodiment the present invention will be described rather than to this Invention is limited, and those skilled in the art can be designed replacement without departing from the scope of the appended claims Embodiment.In the claims, any reference symbol between parentheses should not be configured to limitations on claims. Word "comprising" does not exclude the presence of element or step not listed in the claims.Word " one " located in front of the element or " one It is a " do not exclude the presence of multiple such elements.The present invention can by means of include several different elements hardware and by It is realized in properly programmed computer.In the unit claims listing several devices, several in these devices It can be and be embodied by the same item of hardware.The use of word first, second, and third does not indicate any suitable Sequence.These words can be construed to title.
The above embodiments are only used to illustrate the present invention, and not limitation of the present invention, in relation to the common of technical field Technical staff can also make a variety of changes and modification without departing from the spirit and scope of the present invention, therefore all Equivalent technical solution also belongs to scope of the invention, and scope of patent protection of the invention should be defined by the claims.

Claims (8)

1. a kind of user equipment, which is characterized in that the user equipment includes:
Key generating unit, for generating a random number as channel key by randomizer;
Public key acquisition unit, for obtaining corresponding first identifier public key from mark public key matrix according to server identification;
Asymmetric encryption unit is obtained for carrying out asymmetric encryption to the channel key using the first identifier public key First close state data;
Private key signature unit signs to the described first close state data for the first identifier private key by local device;
Data transmission unit is sent to server for the first close state data after signing;
Feedback reception unit, for receiving the data packet of server feedback;
Data unwrapper unit obtains key file and the second close state data for the data packet to be carried out data unpacking;
Signature verification unit, for the signature by key file described in the first identifier public key verifications;
Private key decryption unit, for the key file being decrypted by the first identifier private key when being verified, Obtain symmetric cryptography;
Status code acquiring unit obtains status code for the described second close state data to be decrypted by the symmetric cryptography;
Unit is realized in communication, for regarding as negotiating successfully when the status code is default value, and it is close by the channel Key realizes the communication between the server.
2. a kind of channel key machinery of consultation, which is characterized in that the described method includes:
One random number is generated as channel key by randomizer;
Corresponding first identifier public key is obtained from mark public key matrix according to server identification;
Asymmetric encryption is carried out to the channel key using the first identifier public key, obtains the first close state data;
It is signed by the first identifier private key of local device to the described first close state data;
The first close state data after signature are sent to server;
Receive the data packet of server feedback;
The data packet is subjected to data unpacking, obtains key file and the second close state data;
Pass through the signature of key file described in the first identifier public key verifications;
When being verified, the key file is decrypted by the first identifier private key, obtains symmetric cryptography;
The described second close state data are decrypted by the symmetric cryptography, obtain status code;
If the status code is default value, regard as negotiating successfully, and is realized and the service by the channel key Communication between device.
3. a kind of server, which is characterized in that the server includes:
Data receipt unit, for receiving the first close state data sent by user equipment;
Encryption key generation unit, for generating a random number as symmetric key by randomizer;
Public key acquisition unit, for obtaining corresponding second identifier public key from mark public key matrix according to customer equipment identification;
Signature verification unit, for the signature using the first close state data described in the second identifier public key verifications;
Private key decryption unit, for when being verified, by the second identifier private key of local device to the described first close state number According to being decrypted, channel key is obtained;
Symmetric cryptography unit is obtained for carrying out symmetric cryptography to the status code for being set as default value by the symmetric cryptography Second close state data;
Asymmetric encryption unit is obtained for carrying out asymmetric encryption to the symmetric cryptography by the second identifier public key Key file;
Private key signature unit, for being signed by the second identifier private key to the key file;
Data packetization unit is counted for being packaged the key file data after the described second close state data and signature According to packet;
Data transmission unit, for obtained data packet to be sent to the user equipment.
4. a kind of channel key machinery of consultation, which is characterized in that the described method includes:
Receive the first close state data sent by user equipment;
One random number is generated as symmetric key by randomizer;
Corresponding second identifier public key is obtained from mark public key matrix according to customer equipment identification;
Using the signature of the first close state data described in the second identifier public key verifications;
When being verified, the described first close state data are decrypted by the second identifier private key of local device, obtain letter Road key;
Symmetric cryptography is carried out to the status code for being set as default value by the symmetric cryptography, obtains the second close state data;
Asymmetric encryption is carried out to the symmetric cryptography by the second identifier public key, obtains key file;
It is signed by the second identifier private key to the key file;
Key file after described second close state data and signature is subjected to data packing, obtains data packet;
Obtained data packet is sent to the user equipment.
5. a kind of user equipment, which is characterized in that the user equipment includes:
Key generating unit, for generating a random number as channel key by randomizer;
Public key acquisition unit, for obtaining corresponding first identifier public key from mark public key matrix according to server identification;
Asymmetric encryption unit is obtained for carrying out asymmetric encryption to the channel key using the first identifier public key First close state data;
Private key signature unit signs to the described first close state data for the first identifier private key by local device;
Data transmission unit is sent to server for the first close state data after signing;
Feedback reception unit, for receiving the data packet of server feedback;
Signature verification unit, for the signature by data packet described in the first identifier public key verifications;
Data unwrapper unit, for the data packet being carried out data unpacking, obtains key file and second when being verified Close state data;
Private key decryption unit obtains symmetric cryptography for the key file to be decrypted by the first identifier private key;
Status code acquiring unit obtains status code for the described second close state data to be decrypted by the symmetric cryptography;
Unit is realized in communication, for regarding as negotiating successfully when the status code is default value, and it is close by the channel Key realizes the communication between the server.
6. a kind of channel key machinery of consultation, which is characterized in that the described method includes:
One random number is generated as channel key by randomizer;
Corresponding first identifier public key is obtained from mark public key matrix according to server identification;
Asymmetric encryption is carried out to the channel key using the first identifier public key, obtains the first close state data;
It is signed by the first identifier private key of local device to the described first close state data;
The first close state data after signature are sent to server;
Receive the data packet of server feedback;
Pass through the signature of data packet described in the first identifier public key verifications;
When being verified, the data packet is subjected to data unpacking, obtains key file and the second close state data;
The key file is decrypted by the first identifier private key, obtains symmetric cryptography;
The described second close state data are decrypted by the symmetric cryptography, obtain status code;
If the status code is default value, regard as negotiating successfully, and is realized and the service by the channel key Communication between device.
7. a kind of server, which is characterized in that the server includes:
Data receipt unit, for receiving the first close state data sent by user equipment;
Encryption key generation unit, for generating a random number as symmetric key by randomizer;
Public key acquisition unit, for obtaining corresponding second identifier public key from mark public key matrix according to customer equipment identification;
Signature verification unit, for the signature using the first close state data described in the second identifier public key verifications;
Private key decryption unit, for when being verified, by the second identifier private key of local device to the described first close state number According to being decrypted, channel key is obtained;
Symmetric cryptography unit is obtained for carrying out symmetric cryptography to the status code for being set as default value by the symmetric cryptography Second close state data;
Asymmetric encryption unit is obtained for carrying out asymmetric encryption to the symmetric cryptography by the second identifier public key Key file;
Data packetization unit obtains data packet for the described second close state data and key file to be carried out data packing;
Private key signature unit, for being signed by the second identifier private key to the data packet;
Data transmission unit, for the data packet after signature to be sent to the user equipment.
8. a kind of channel key machinery of consultation, which is characterized in that the described method includes:
Receive the first close state data sent by user equipment;
One random number is generated as symmetric key by randomizer;
Corresponding second identifier public key is obtained from mark public key matrix according to customer equipment identification;
Using the signature of the first close state data described in the second identifier public key verifications;
When being verified, the described first close state data are decrypted by the second identifier private key of local device, obtain letter Road key;
Symmetric cryptography is carried out to the status code for being set as default value by the symmetric cryptography, obtains the second close state data;
Asymmetric encryption is carried out to the symmetric cryptography by the second identifier public key, obtains key file;
Described second close state data and key file are subjected to data packing, obtain data packet;
It is signed by the second identifier private key to the data packet;
Data packet after signature is sent to the user equipment.
CN201610535023.1A 2016-07-07 2016-07-07 Channel key machinery of consultation Active CN106060073B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610535023.1A CN106060073B (en) 2016-07-07 2016-07-07 Channel key machinery of consultation

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610535023.1A CN106060073B (en) 2016-07-07 2016-07-07 Channel key machinery of consultation

Publications (2)

Publication Number Publication Date
CN106060073A CN106060073A (en) 2016-10-26
CN106060073B true CN106060073B (en) 2019-03-26

Family

ID=57185016

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610535023.1A Active CN106060073B (en) 2016-07-07 2016-07-07 Channel key machinery of consultation

Country Status (1)

Country Link
CN (1) CN106060073B (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109962767A (en) * 2017-12-25 2019-07-02 航天信息股份有限公司 A kind of safety communicating method
KR102411883B1 (en) * 2018-01-11 2022-06-22 삼성전자주식회사 Electronic device, server and control method thereof
GB2577122A (en) * 2018-09-17 2020-03-18 Trustonic Ltd Establishing a protected communication channel
CN111355683A (en) * 2018-12-20 2020-06-30 航天信息股份有限公司 Method, device and storage medium for ensuring http data transmission safety
CN110838910B (en) * 2019-10-16 2022-04-05 郑州地铁集团有限公司 Subway comprehensive monitoring system based on SM3 and SM4 communication encryption
CN111654503A (en) * 2020-06-08 2020-09-11 工业和信息化部网络安全产业发展中心(工业和信息化部信息中心) Remote control method, device, equipment and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101989991A (en) * 2010-11-24 2011-03-23 北京天地融科技有限公司 Method for importing secret keys safely, electronic signature tool, authentication device and system
CN103618607A (en) * 2013-11-29 2014-03-05 北京易国信科技发展有限公司 Method for data security transmission and key exchange
CN104112205A (en) * 2014-07-09 2014-10-22 北京信长城技术研究院 Commodity authentication and source tracing system and method based on combined public-key cryptosystem
CN104735068A (en) * 2015-03-24 2015-06-24 江苏物联网研究发展中心 SIP security authentication method based on commercial passwords

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101989991A (en) * 2010-11-24 2011-03-23 北京天地融科技有限公司 Method for importing secret keys safely, electronic signature tool, authentication device and system
CN103618607A (en) * 2013-11-29 2014-03-05 北京易国信科技发展有限公司 Method for data security transmission and key exchange
CN104112205A (en) * 2014-07-09 2014-10-22 北京信长城技术研究院 Commodity authentication and source tracing system and method based on combined public-key cryptosystem
CN104735068A (en) * 2015-03-24 2015-06-24 江苏物联网研究发展中心 SIP security authentication method based on commercial passwords

Also Published As

Publication number Publication date
CN106060073A (en) 2016-10-26

Similar Documents

Publication Publication Date Title
CN106060073B (en) Channel key machinery of consultation
CN100477833C (en) Authentication method
CN101300808B (en) Method and arrangement for secure autentication
CN100533456C (en) Security code production method and methods of using the same, and programmable device therefor
CN104283688B (en) A kind of USBKey security certification systems and safety certifying method
CN104270338A (en) A method and system of electronic identity registration and authentication login
CN101815091A (en) Cipher providing equipment, cipher authentication system and cipher authentication method
CN106059757A (en) Audio and video monitoring device, data encryption and decryption method, and audio and video display device
CN114143117B (en) Data processing method and device
CN106161444A (en) Secure storage method of data and subscriber equipment
CN104424676A (en) Identity information sending method, identity information sending device, access control card reader and access control system
CN107453874A (en) Digital sealing and its generation method, service request and offer method and electronic equipment
CN106936588A (en) A kind of trustship method, the apparatus and system of hardware controls lock
CN109981287A (en) A kind of code signature method and its storage medium
CN103916363A (en) Communication security management method and system for encryption machine
CN109587100A (en) A kind of cloud computing platform user authentication process method and system
CN105897784A (en) Internet of things terminal equipment encryption communication method and device
CN101944216A (en) Double-factor online transaction security authentication method and system
CN106650372B (en) The activating method and device of administrator right
CN108667801A (en) A kind of Internet of Things access identity safety certifying method and system
US20100005519A1 (en) System and method for authenticating one-time virtual secret information
CN107707562A (en) A kind of method, apparatus of asymmetric dynamic token Encrypt and Decrypt algorithm
CN104835038A (en) Networking payment device and networking payment method
CN110198320A (en) A kind of ciphered information transmission method
CN107171784B (en) Emergency command scheduling method and system for emergency environment events

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right

Effective date of registration: 20170825

Address after: 100190, room 5, building 5165, Shen Chang building, 51 Zhichun Road, Beijing, Haidian District

Applicant after: BEIJING RENXINZHENG TECHNOLOGY CO.,LTD.

Address before: Beijing city Pinggu District 101212 South River Central School dule Road No. 19

Applicant before: BEIJING XINCHANGCHENG TECHNOLOGY RESEARCH INSTITUTE

TA01 Transfer of patent application right
GR01 Patent grant
GR01 Patent grant
CP03 Change of name, title or address

Address after: 100086 A1501, Floor 15, No. 22, Zhongguancun Street, Haidian District, Beijing

Patentee after: Beijing xinchangcheng Technology Development Co.,Ltd.

Address before: 100190 room 5165, 5 / F, Shenchang building, 51 Zhichun Road, Haidian District, Beijing

Patentee before: BEIJING RENXINZHENG TECHNOLOGY CO.,LTD.

CP03 Change of name, title or address