CN103312500A - Methods for protecting universal serial bus (USB) key information - Google Patents
Methods for protecting universal serial bus (USB) key information Download PDFInfo
- Publication number
- CN103312500A CN103312500A CN2012100658430A CN201210065843A CN103312500A CN 103312500 A CN103312500 A CN 103312500A CN 2012100658430 A CN2012100658430 A CN 2012100658430A CN 201210065843 A CN201210065843 A CN 201210065843A CN 103312500 A CN103312500 A CN 103312500A
- Authority
- CN
- China
- Prior art keywords
- key
- pin code
- random number
- ciphertext
- code
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention provides a method for protecting universal serial bus (USB) key information. The method comprises the following steps of A, allocating a protective key to a USB key; B, encrypting sensitive information in the USB key by utilizing the protective key; and C, encrypting the protective key by utilizing a PIN (personal identification number) code of the USB key. The invention also provides another method for protecting the USB key information. The invention also provides a third method for protecting the USB key information. The sensitive information in the USB key is encrypted through the protective key, and the PIN code of a user and a randomly generated random number are used as keys for encrypting the protective key, so that the condition that the user is required to decrypt the sensitive information and then re-encrypt the sensitive information by utilizing a new PIN code when modifying the PIN code; the amount of the sensitive information is greater than the information amount of the protective key, so that operation is reduced, and the system efficiency and user experiences are improved.
Description
Technical field
The present invention relates to the information encryption field, particularly a kind of method of protecting intelligent code key information.
Background technology
Intelligent code key (USB KEY) is a kind of and PKI (Public Key Infrastructure; PKIX) portable terminal device of system perfect adaptation; security performance is high; be widely used in Net silver, certificate verification, e-commerce field, provide for the user in the service fields such as authentication, digital certificate, Electronic Signature, data protection.
Store user's sensitive information in the safety chip of intelligent code key, for example certificate although the used safety chip of intelligent code key has the mechanism of anti-multiple detection means, guarantees the fail safe of its storage information.But along with the raising of various attack means, the safety chip internal data faces certain risk and threatens.
In order to tackle these risks; a kind of general solution is by PIN (Personal Identification Number; individual's recognition code) and random number composition Protective Key; and utilize this Protective Key that the sensitive information in the safety chip is encrypted, then ciphertext is stored in assigned address.The defective of this method is when revising the pin code, all to utilize former PIN code and random number that sensitive information is decrypted, to obtain sensitive information expressly, the key that then forms with new PIN code and new random number expressly is encrypted sensitive information, stores at last ciphertext.Because the common data volume of sensitive information is huge, this method efficient is low, and user experience is poor.
How a kind of highly effective and safe mechanism is provided, and is a problem demanding prompt solution.
Summary of the invention
For addressing the above problem, the invention provides a kind of method of protecting intelligent code key information.
The embodiment of the invention provides a kind of method of protecting intelligent code key information, may further comprise the steps: A. is that described intelligent code key distributes Protective Key; B. utilize described Protective Key, the sensitive information in the described intelligent code key is encrypted; C. utilize the PIN code of described intelligent code key, this Protective Key is encrypted.
By Protective Key the sensitive information in the intelligent code key is encrypted; recycling user's PIN code and the random random number that produces are encrypted Protective Key as key; thereby in the time of can avoiding the user to revise PIN code; need to be decrypted sensitive information; the new PIN code of recycling is to the sensitive information re-encrypted, because therefore the sensitive information amount is former greater than Protective Key, after the deciphering; reduce operand, improved efficient and the user experience of system.
Wherein, described Protective Key is random the first random number that generates.
Random number by random generation is as Protective Key, thus the fail safe that can improve intelligent code key.
Wherein, also comprise after the step B: the ciphertext (the first ciphertext) that will obtain after will being encrypted the sensitive information in the described intelligent code key stores in the assigned address of described intelligent code key.
Store in the assigned address of described intelligent code key by the ciphertext that will obtain after will being encrypted the sensitive information in the described intelligent code key, use during in order to this ciphertext of deciphering, improved the efficient of system.
Wherein, step C specifically comprises:, as key described Protective Key is encrypted with the PIN code of described intelligent code key and random the second random number that generates; Encrypted result (the second ciphertext) and described the second random number are stored in the assigned address.
By using PIN code and random the second random number that generates as key; described Protective Key is encrypted, in the time of can avoiding PIN code to revise sensitive information is decrypted, but can realize by the deciphering Protective Key; reduce operand, improved efficient and the user experience of system.
The embodiment of the invention also provides a kind of method of protecting intelligent code key information, may further comprise the steps: D. receives the former PIN code of user's input, and described former PIN code is authenticated; If E. described former PIN code has been passed through authentication, judge then whether the user revises PIN code; If F. the user has revised PIN code, then receive new PIN code; And from assigned address, take out the second ciphertext and the second random number, and utilize simultaneously described the second random number and former PIN code as key, described the second ciphertext is decrypted, key is protected; G. utilize random the 3rd random number that generates and described new PIN code as key, described Protective Key is encrypted.
By Protective Key the sensitive information in the intelligent code key is encrypted; recycling user's PIN code and the random random number that produces are encrypted Protective Key as key; thereby in the time of can avoiding the user to revise PIN code; need to be decrypted sensitive information; the new PIN code of recycling is to the sensitive information re-encrypted, because therefore the sensitive information amount is former greater than Protective Key, after the deciphering; reduce operand, improved efficient and the user experience of system.
Wherein, also comprise after the step F: store the content of the second ciphertext in the assigned address into the content replacement of described the 3rd ciphertext, the 3rd random number is replaced the second random number that stores in the assigned address, and new PIN code substitutes former PIN code.
By changing above-mentioned parameter, can make the user be easy to the key that is protected, improved the efficient of system.
The embodiment of the invention provides again a kind of method of protecting intelligent code key information, may further comprise the steps: H. receives the PIN code of user's input, and described PIN code is authenticated; If I. described PIN code has been passed through authentication, then take out the second ciphertext and the second random number from assigned address, utilize simultaneously described the second random number and PIN code as key, described the second ciphertext is decrypted, obtain the first Protective Key (former Protective Key); J. utilize the Protective Key (the second Protective Key) of new (after revising), resulting sensitive information expressly is encrypted, replace the first ciphertext that stores in the assigned address with the ciphertext that obtains; K. utilize PIN code and the random random number that generates that described the second Protective Key is encrypted, and resulting ciphertext is replaced the second ciphertext that stores in the assigned address, described random number is replaced the second random number that stores in the assigned address.
Generate intelligent code key by revising Protective Key, increased the flexibility of system, improved the fail safe of intelligent code key.
Description of drawings
A kind of particular flow sheet of protecting the method for intelligent code key information that Fig. 1 provides for the embodiment of the invention.
The particular flow sheet of the method for another protection intelligent code key information that Fig. 2 provides for the embodiment of the invention.
The particular flow sheet of the method for the another protection intelligent code key information that Fig. 3 provides for the embodiment of the invention.
Embodiment
The embodiment of the invention provides a kind of method of protecting intelligent code key information.Below in conjunction with accompanying drawing, the embodiment of the invention is described in detail.Referring to Fig. 1, may further comprise the steps:
S100: for intelligent code key distributes Protective Key, and utilize this Protective Key, the sensitive information in the intelligent code key is encrypted;
The present invention utilizes Protective Key rather than PIN code, is encrypted the ciphertext that generates intelligent code key for the sensitive information in the intelligent code key.
Intelligent code key is supported many certificates, large capacity storage, and in this example, the sensitive information of storing in the intelligent code key is certificate information, for example, stores 1000 certificate informations in the intelligent code key.
Utilize hardware module to generate a random number; with this random number (the first random number) as Protective Key; and utilize this Protective Key; by discussing close algorithm; sensitive information in the intelligent code key is encrypted the ciphertext (the first ciphertext) that generates intelligent code key, and the first ciphertext is stored into the assigned address of intelligent code key.
S110: as key, this Protective Key is encrypted, and this encrypted result (the second ciphertext) and the second random number are stored in assigned address with user's PIN code and random the second random number that generates;
Utilize user's PIN code and the random random number that produces as key Protective Key to be encrypted; thereby when the user revises PIN code; the information that need only decrypt by user's former PIN code Protective Key gets final product, and need not the sensitive information in the intelligent code key be decrypted.
The embodiment of the invention also provides a kind of method of protecting intelligent code key information.Referring to Fig. 2, may further comprise the steps:
S200: receive the PIN code of user's input, and this PIN code is authenticated;
After the user inputs PIN code, at first this PIN code is authenticated, for example, can pass through CSP (Cryptographic Service Providers, cryptographic services supplier) and authenticate.
S210: if this PIN code has been passed through authentication, judge whether the user revises PIN code;
If the PIN code that the user uses has been passed through, for example authentication of CSP, system will provide the chance of revising PIN code for the user, if user selection the modification PIN code, system receives the PIN code of the modification of user's input.
S220: if the user does not select to revise PIN code, then proceed the authentication of intelligent code key.
If the user does not select to revise PIN code, need not revise the second ciphertext and the second random number that are stored in the assigned address.
S230: if user selection the modification PIN code, then system receives the new PIN code of user's input; And take out the second ciphertext and the second random number from assigned address, and utilize simultaneously the second random number and former PIN code as key, the second ciphertext is decrypted, key is protected.
If the user has revised PIN code; need this moment again Protective Key to be encrypted, take out the second ciphertext and the second random number by the assigned address from intelligent code key so, utilize former PIN code and the second random number; the second ciphertext is decrypted, and key is protected.
S240: utilize random the 3rd random number that generates and new PIN code as key, Protective Key is encrypted.
After deciphering; key is protected; then utilize new PIN code that this Protective Key is re-started encryption; because after the PIN code change; the ciphertext of just Protective Key being encrypted is decrypted, and the Protective Key that then deciphering is obtained re-starts encryption and gets final product, and need not decipher sensitive information; usually the amount of information of sensitive information can reach the 100K byte, and the byte number of Protective Key is generally the 6-16 byte.Therefore, greatly reduce operand, improved efficient and the user experience of system.
S250: with the content of content replacement second ciphertext of the 3rd ciphertext, the 3rd random number is replaced the second random number, and amended PIN code substitutes former PIN code.
Utilizing new PIN code that this Protective Key is re-started the ciphertext (the 3rd ciphertext) that obtains after the encryption replaces in the second ciphertext that stores in the assigned address; namely; replace the second ciphertext with the 3rd ciphertext, replace the former PIN code that stores in the assigned address with amended PIN code (new PIN code).
The embodiment of the invention also provides a kind of method of protecting intelligent code key information.Referring to Fig. 3, may further comprise the steps:
S300: receive the PIN code of user's input, and this PIN code is authenticated;
S310: if this PIN code has been passed through authentication, take out the second ciphertext and the second random number from assigned address, utilize simultaneously the second random number and PIN code as key, the second ciphertext is decrypted, obtain the first Protective Key (former Protective Key).
S320: utilize the first Protective Key, the first ciphertext (sensitive information ciphertext) is decrypted, obtain sensitive information expressly.
The first ciphertext (sensitive information ciphertext) is encrypted sensitive information by the first Protective Key and obtains; after obtaining the first Protective Key, take out the first ciphertext from assigned address, then utilize the first Protective Key; the first ciphertext is decrypted, obtains sensitive information expressly.
S330: utilize the Protective Key (the second Protective Key) of new (after revising), resulting sensitive information expressly is encrypted, replace the first ciphertext that stores in the assigned address with the ciphertext that obtains.
In the situation of the applicable modification of the method that the present embodiment provides Protective Key, the method for protection intelligent code key information.The user need to utilize PIN code to obtain original Protective Key, obtains sensitive information by original Protective Key, and the Protective Key that recycling is revised carries out re-encrypted to resulting sensitive information.
S340: utilize PIN code and the random random number that generates that the Protective Key (the second Protective Key) of revising is encrypted; and resulting ciphertext replaced the second ciphertext that stores in the assigned address, this random number is replaced the second random number that stores in the assigned address.
The above only is preferred embodiment of the present invention; not in order to limit the present invention; for example; the module of difference in functionality can be realized by an integrated chip etc.; all within the spirit and principles in the present invention; any modification of doing, be equal to replacement, improvement etc., all should be included within the protection range of the present utility model.
Claims (7)
1. a method of protecting intelligent code key information is characterized in that, may further comprise the steps:
A. be that described intelligent code key distributes Protective Key;
B. utilize described Protective Key, the sensitive information in the described intelligent code key is encrypted;
C. utilize the PIN code of described intelligent code key, this Protective Key is encrypted.
2. method according to claim 1 is characterized in that, described Protective Key is random the first random number that generates.
3. method according to claim 1 is characterized in that, also comprises after the step B:
The ciphertext that will obtain after will being encrypted the sensitive information in the described intelligent code key stores in the assigned address of described intelligent code key.
4. method according to claim 1 is characterized in that, step C specifically comprises:
, as key described Protective Key is encrypted with the PIN code of described intelligent code key and random the second random number that generates;
Encrypted result and described the second random number are stored in the assigned address.
5. a method of protecting intelligent code key information is characterized in that, may further comprise the steps:
D. receive the former PIN code of user's input, and described former PIN code is authenticated;
If E. described former PIN code has been passed through authentication, judge then whether the user revises PIN code;
If F. the user has revised PIN code, then receive new PIN code; And from assigned address, take out the second ciphertext and the second random number, and utilize simultaneously described the second random number and former PIN code as key, described the second ciphertext is decrypted, key is protected;
G. utilize random the 3rd random number that generates and described new PIN code as key, described Protective Key is encrypted.
6. method according to claim 5 is characterized in that, also comprises after the step F:
Store the content of the second ciphertext in the assigned address into the content replacement of described the 3rd ciphertext, the 3rd random number is replaced the second random number that stores in the assigned address, and new PIN code substitutes former PIN code.
7. a method of protecting intelligent code key information is characterized in that, may further comprise the steps:
H. receive the PIN code of user's input, and described PIN code is authenticated;
If I. described PIN code has been passed through authentication, then take out the second ciphertext and the second random number from assigned address, utilize simultaneously described the second random number and PIN code as key, described the second ciphertext is decrypted, obtain the first Protective Key;
J. utilize the second Protective Key, resulting sensitive information expressly is encrypted, replace the first ciphertext that stores in the assigned address with the ciphertext that obtains;
K. utilize PIN code and the random random number that generates that described the second Protective Key is encrypted, and resulting ciphertext is replaced the second ciphertext that stores in the assigned address, described random number is replaced the second random number that stores in the assigned address.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210065843.0A CN103312500B (en) | 2012-03-13 | 2012-03-13 | A kind of method protecting intelligent code key information |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210065843.0A CN103312500B (en) | 2012-03-13 | 2012-03-13 | A kind of method protecting intelligent code key information |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103312500A true CN103312500A (en) | 2013-09-18 |
| CN103312500B CN103312500B (en) | 2016-10-05 |
Family
ID=49137311
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210065843.0A Active CN103312500B (en) | 2012-03-13 | 2012-03-13 | A kind of method protecting intelligent code key information |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103312500B (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103560892A (en) * | 2013-11-21 | 2014-02-05 | 深圳中兴网信科技有限公司 | Secret key generation method and secret key generation device |
| CN104519063A (en) * | 2014-12-17 | 2015-04-15 | 飞天诚信科技股份有限公司 | Method for reexamining signatures |
| CN104917763A (en) * | 2015-06-08 | 2015-09-16 | 飞天诚信科技股份有限公司 | PIN code caching method |
| CN110474768A (en) * | 2019-08-22 | 2019-11-19 | 上海豆米科技有限公司 | A kind of information safety transmission system and method having the control of group's decrypted rights |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1495666A (en) * | 2002-09-11 | 2004-05-12 | ��ʽ���������Ƽ� | Storage card |
| CN101494541A (en) * | 2009-03-06 | 2009-07-29 | 中国工商银行股份有限公司 | System and method for implementing security protection of PIN code |
| CN101645124A (en) * | 2009-09-03 | 2010-02-10 | 北京飞天诚信科技有限公司 | Method for unlocking PIN code and intelligent secret key device |
| CN102170357A (en) * | 2011-05-31 | 2011-08-31 | 北京虎符科技有限公司 | Combined secret key dynamic security management system |
| CN102215108A (en) * | 2010-11-17 | 2011-10-12 | 北京曙光天演信息技术有限公司 | Encryption card certification and authority method adopting USB intelligent secret key and encryption card |
-
2012
- 2012-03-13 CN CN201210065843.0A patent/CN103312500B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1495666A (en) * | 2002-09-11 | 2004-05-12 | ��ʽ���������Ƽ� | Storage card |
| CN101494541A (en) * | 2009-03-06 | 2009-07-29 | 中国工商银行股份有限公司 | System and method for implementing security protection of PIN code |
| CN101645124A (en) * | 2009-09-03 | 2010-02-10 | 北京飞天诚信科技有限公司 | Method for unlocking PIN code and intelligent secret key device |
| CN102215108A (en) * | 2010-11-17 | 2011-10-12 | 北京曙光天演信息技术有限公司 | Encryption card certification and authority method adopting USB intelligent secret key and encryption card |
| CN102170357A (en) * | 2011-05-31 | 2011-08-31 | 北京虎符科技有限公司 | Combined secret key dynamic security management system |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103560892A (en) * | 2013-11-21 | 2014-02-05 | 深圳中兴网信科技有限公司 | Secret key generation method and secret key generation device |
| CN104519063A (en) * | 2014-12-17 | 2015-04-15 | 飞天诚信科技股份有限公司 | Method for reexamining signatures |
| CN104519063B (en) * | 2014-12-17 | 2017-07-14 | 飞天诚信科技股份有限公司 | A kind of implementation method for checking signature |
| CN104917763A (en) * | 2015-06-08 | 2015-09-16 | 飞天诚信科技股份有限公司 | PIN code caching method |
| CN104917763B (en) * | 2015-06-08 | 2018-04-27 | 飞天诚信科技股份有限公司 | A kind of PIN cache method |
| CN110474768A (en) * | 2019-08-22 | 2019-11-19 | 上海豆米科技有限公司 | A kind of information safety transmission system and method having the control of group's decrypted rights |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103312500B (en) | 2016-10-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| WO2021013245A1 (en) | Data key protection method and system, electronic device and storage medium | |
| CN105144626B (en) | The method and apparatus of safety is provided | |
| CN105760764B (en) | Encryption and decryption method and device for embedded storage device file and terminal | |
| CN106301774B (en) | Safety chip, its encryption key generation method and encryption method | |
| CN103067170B (en) | encrypting method based on EXT2 file system | |
| CN1708942A (en) | Secure implementation and utilization of device-specific security data | |
| US20100262841A1 (en) | Method for secure program code execution in an electronic device | |
| CN102156843B (en) | Data encryption method and system as well as data decryption method | |
| CN104506504B (en) | A kind of storage method and safety device of card-free terminal classified information | |
| US20190379537A1 (en) | Protecting usage of key store content | |
| US20120284534A1 (en) | Memory Device and Method for Accessing the Same | |
| CN102693385A (en) | Embedded terminal based on SD (secure digital) trusted computing module and implementation method thereof | |
| CN102163267A (en) | Solid state disk as well as method and device for secure access control thereof | |
| CN109687966A (en) | Encryption method and its system | |
| CN103914662A (en) | Access control method and device of file encrypting system on the basis of partitions | |
| CN103138932B (en) | The collocation method of a kind of Mifare card sector key and system | |
| CN103929312A (en) | Mobile terminal and method and system for protecting individual information of mobile terminal | |
| CN103312500A (en) | Methods for protecting universal serial bus (USB) key information | |
| CN104574652A (en) | Method for increasing and deducting pollution discharge data of IC card and IC card | |
| CN102612025B (en) | Protective system and protective method for mobile phone documents | |
| CN103370718B (en) | Use the data guard method of distributed security key, equipment and system | |
| CN101174941A (en) | Off-line digital copyright protection method and device for mobile terminal document | |
| JP2011172000A (en) | Authentication system and authentication method | |
| CN103501220A (en) | Encryption method and device | |
| KR101318668B1 (en) | Portable memory card having information security function |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: 100094, Beijing, Haidian District, West Road, No. 8, Zhongguancun Software Park, building 9, international software building E, one floor, two layers Applicant after: BEIJING HAITAI FANGYUAN HIGH TECHNOLOGY CO., LTD. Address before: 100094, Beijing, Haidian District, West Road, No. 8, Zhongguancun Software Park, building 9, international software building E, one floor, two layers Applicant before: Beijing Haitai Fangyuan High Technology Co., Ltd. |
|
| COR | Change of bibliographic data | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |