CN104092537B - A kind of device and its method of work for realizing key information encoding and decoding - Google Patents
A kind of device and its method of work for realizing key information encoding and decoding Download PDFInfo
- Publication number
- CN104092537B CN104092537B CN201410314409.0A CN201410314409A CN104092537B CN 104092537 B CN104092537 B CN 104092537B CN 201410314409 A CN201410314409 A CN 201410314409A CN 104092537 B CN104092537 B CN 104092537B
- Authority
- CN
- China
- Prior art keywords
- node
- key
- added
- text
- value
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000000034 method Methods 0.000 title claims abstract description 179
- 230000004044 response Effects 0.000 claims description 68
- 238000013508 migration Methods 0.000 claims description 26
- 230000005012 migration Effects 0.000 claims description 26
- 238000012545 processing Methods 0.000 claims description 17
- 230000005540 biological transmission Effects 0.000 claims description 15
- 201000007094 prostatitis Diseases 0.000 claims 1
- 238000012795 verification Methods 0.000 abstract description 15
- 238000007596 consolidation process Methods 0.000 abstract description 8
- 230000008569 process Effects 0.000 abstract description 7
- 230000009286 beneficial effect Effects 0.000 description 5
- 230000000630 rising effect Effects 0.000 description 5
- 230000015572 biosynthetic process Effects 0.000 description 4
- 238000004364 calculation method Methods 0.000 description 2
- 101100217298 Mus musculus Aspm gene Proteins 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 235000013399 edible fruits Nutrition 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
Landscapes
- Storage Device Security (AREA)
Abstract
The present invention discloses a kind of device and its method of work for realizing key information encoding and decoding, wherein, key information is encoded to the key file of consolidation form by code device, decoding apparatus is decoded to key file, obtain key information, the key information that Verification System is configured to multiple equipment manufacturer performs unified handling process, alleviates the work load of Verification System.
Description
Technical field
The present invention relates to information security field, more particularly to a kind of device for realizing key information encoding and decoding and its work side
Method.
Background technology
With the development of information security technology, seed key is as parameter essential in data handling procedure, extensively
It is general to be applied to the fields such as data encrypting and deciphering, authentication and integrity verification.
In the prior art, equipment vendors will be configured in Verification System including the key information including seed key, certification
The key information that system is configured to multiple equipment manufacturer carries out integrated.To improve the compatibility of the key information in Verification System,
Usually require that equipment vendors use the key file configuring cipher key information of consolidation form.
However, the key file not based on consolidation form provides the decoding method of key information in the prior art,
Cause Verification System can not perform unified handling process to the key information that multiple equipment manufacturer configures, so as to aggravate certification
The work load of system.
The content of the invention
The invention provides a kind of device and its method of work for realizing key information encoding and decoding, to solve in the prior art
The defect of Verification System work load weight.
The invention provides a kind of method of work for the device for realizing key information coding, comprise the following steps:
S1, code device generation cryptographic key containers node, key text is added to using the cryptographic key containers node as root node
In part;
S2, code device generation key packet node, regard the key packet node as the cryptographic key containers node
Child node is added in the cryptographic key containers node;
S3, code device generation facility information node, regard the facility information node as the key packet node
Child node be added in the key packet node;
S4, code device generation manufacturer's node and sequence number node, by manufacturer's node and the sequence number section
Point is added in the facility information node as the child node of the facility information node, is arranged from the key attribute of key information
Manufacturer's information and equipment Serial Number are read in table, is added to the manufacturer's information as text node in manufacturer's node,
It is added to the equipment Serial Number as text node in the sequence number node;
S5, the code device generation cipher key node, using the cipher key node as the key packet node child node
It is added in the key packet node;
It is bright that S6, the code device read key identification, key algorithm information and key from the key attribute list
Text, key identification node is generated according to the key identification, key algorithm node is generated according to the key algorithm information, by institute
State key identification node and the key algorithm node is added in the cipher key node as attribute node;The code device
Back end is generated, is added to the back end as the child node of the cipher key node in the cipher key node;It is described
Code device generates key value node, and the child node of key value node as the back end is added into the data
In node, the key plain or key ciphertext corresponding with the key plain are added in the key value node.
Present invention also offers a kind of method of work for the device for realizing key information decoding, comprise the following steps:
S1, decoding apparatus search key packet node from the root node of key file, if found, perform step
S2;Otherwise, error message is shown, terminates flow;
S2, the decoding apparatus search facility information node from the key packet node, from the facility information node
Middle lookup manufacturer's node and sequence number node, obtain the content of text of the child node of manufacturer's node, by the text got
Content is preserved as manufacturer's information, the content of text of the child node of the sequence number node is obtained, by the text got
Content is preserved as equipment Serial Number;
S3, the decoding apparatus search cipher key node from the key packet node, if found, perform step
S4;Otherwise, error message is shown, terminates flow;
S4, the decoding apparatus obtain the property value of the key algorithm node in the cipher key node, by the category got
Property value is preserved as key algorithm information;The property value of the key identification node in the cipher key node is obtained, will be obtained
To property value preserved as key identification;
S5, the decoding apparatus searching data node from the cipher key node, if found, perform step S6;
Otherwise, error message is shown, terminates flow;
S6, the decoding apparatus search key value node from the back end, if found, perform step
S7;Otherwise, error message is shown, terminates flow;
S7, the decoding apparatus obtain key plain from the key value node and preserved,
Or, the decoding apparatus obtains key ciphertext from the key value node, and the key ciphertext is solved
It is close, the key plain that decryption is obtained is preserved.
Present invention also offers a kind of code device, including:
Read module, for reading manufacturer's information, equipment Serial Number, key mark from the key attribute list of key information
Knowledge, key algorithm information and key plain;
Generation module, for generating cryptographic key containers node, key is added to using the cryptographic key containers node as root node
In file;Key packet node is generated, the child node of the key packet node as the cryptographic key containers node is added to described
In cryptographic key containers node;Facility information node and cipher key node are generated, the facility information node and the cipher key node are made
It is added to for the child node of the key packet node in the key packet node;
Manufacturer's node and sequence number node are generated, manufacturer's node and the sequence number node are believed as the equipment
The child node of breath node is added in the facility information node;The manufacturer's information that the read module is read as
Text node is added in manufacturer's node, regard the equipment Serial Number that the read module is read as text node
It is added in the sequence number node;
The key algorithm information read according to the read module generates key algorithm node, is read according to described
Key identification that module is read generation key identification node, using the key identification node and the key algorithm node as
Attribute node is added in the cipher key node;Generate back end, using the back end as the cipher key node son
Node is added in the cipher key node;Generate key value node, using the key value node as the back end son
Node is added in the back end;
Add module, for the key plain or corresponding with the key plain for reading the read module
Key ciphertext is added in the key value node.
Present invention also offers a kind of decoding apparatus, including:
Searching modul, for searching key packet node from the root node of key file, if finding the key packet
Node, then search facility information node from the key packet node, and manufacturer's node, sequence are searched from the facility information node
Row number node, cipher key node is searched from key packet node;If finding the cipher key node, from the cipher key node
Searching data node;If finding the back end, key value node is searched from the back end;
First acquisition module, for when the searching modul finds manufacturer's node, obtaining manufacturer's node
Child node content of text, the content of text got is preserved as manufacturer's information;Searched in the searching modul
During to the sequence number node, the content of text of the child node of the sequence number node is obtained, the content of text got is made
Preserved for equipment Serial Number;When the searching modul finds the cipher key node, obtain in the cipher key node
The property value of key algorithm node, is preserved the property value got as key algorithm information;Obtain the key section
The property value of key identification node in point, the property value got is preserved as key identification;
Second acquisition module, for when the searching modul finds key value node, from the key value node
Key plain is obtained to be preserved,
Or, key ciphertext is obtained from the key value node, the key ciphertext is decrypted, decryption is obtained
Key plain preserved;
Display module, for not finding the key packet node in the searching modul, the cipher key node, described
When back end or the key value node, error message is shown.
The beneficial effect that the present invention reaches:Key information is encoded to the key file of consolidation form by code device, decoding
Device is decoded to key file, obtains key information so that the key that Verification System can be configured to multiple equipment manufacturer
Information performs unified handling process, alleviates the work load of Verification System.
Brief description of the drawings
Fig. 1 and Fig. 2 is a kind of flow chart of work methods for realizing the device that key information is encoded in the embodiment of the present invention;
Fig. 3 to Fig. 6 is a kind of flow chart of work methods for realizing the device that key information is decoded in the embodiment of the present invention;
Fig. 7 be the embodiment of the present invention in a kind of code device structural representation;
Fig. 8 be the embodiment of the present invention in a kind of decoding apparatus structural representation.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete
Site preparation is described, it is clear that described embodiment is only a part of embodiment of the invention, rather than whole embodiments.It is based on
Embodiment in the present invention, it is every other that those of ordinary skill in the art are obtained under the premise of creative work is not made
Embodiment, belongs to the scope of protection of the invention.
The embodiments of the invention provide a kind of device and its method of work for realizing key information encoding and decoding, applied to including
The system of encoding apparatus and decoding apparatus, wherein, code device is encoded to key information, generates key file, the key
File is XML file;Correspondingly, decoding apparatus is decoded to key file, obtains key information.
Wherein, key information can include cipher key delivery mode and at least one key attribute list, each key attribute
List includes manufacturer's information, equipment Serial Number, key identification, key algorithm information and key plain.When cipher key delivery mode is
When ciphertext is transmitted, encryption key name and encryption key algorithm information are also included in key information, and can also further comprise that MAC is close
Key and MAC algorithm informations.
Based on above-mentioned key information, the embodiments of the invention provide a kind of work side for the device for realizing key information coding
Method, as depicted in figs. 1 and 2, comprises the following steps:
Step 101, code device generation cryptographic key containers node, key text is added to using cryptographic key containers node as root node
In part.
Specifically, code device generates the start mark and end mark of cryptographic key containers node, by cryptographic key containers node
Start mark and end mark are added in key file.
For example, code device adds the start mark of cryptographic key containers node in key file<KeyContainer>And knot
Beam is marked</KeyContainer>.
Step 102, code device reads cipher key delivery mode from key information, and whether judge cipher key delivery mode is bright
Text transmission, if it is, performing step 103;Otherwise, then step 117 is performed.
Specifically, code device may determine that whether the cipher key delivery mode in key information is preset characters, if it is,
Then determine that cipher key delivery mode is plaintext transmission, otherwise, it determines cipher key delivery mode is not plaintext transmission.
For example, when preset characters are " PLAIN ", when the cipher key delivery mode in key information is " PLAIN ", coding dress
It is plaintext transmission to put determination cipher key delivery mode;When the cipher key delivery mode in key information is " AES128 ", code device
It is not plaintext transmission to determine cipher key delivery mode.
Step 103, code device chooses the key attribute list of a not processed mistake as current from key information
List.
Step 104, code device generation key packet node, the child node of key packet node as cryptographic key containers node is added
It is added in cryptographic key containers node.
Specifically, code device generates the start mark and end mark of key packet node, by the starting of key packet node
Mark and end mark are added between the start mark of cryptographic key containers node and end mark.
For example, code device is by the start mark of key packet node<KeyPackage>And end mark</KeyPackage
>It is added to the start mark of cryptographic key containers node<KeyContainer>And end mark</KeyContainer>Between.
Step 105, code device generation facility information node, using facility information node as key packet node child node
It is added in key packet node.
Specifically, code device generates the start mark and end mark of facility information node, by facility information node
Start mark and end mark are added between the start mark of key packet node and end mark.
For example, code device is by the start mark of facility information node<DeviceInfo>And end mark</
DeviceInfo>It is added to the start mark of key packet node<KeyPackage>And end mark</KeyPackage>Between.
Step 106, code device generation manufacturer node, the child node of manufacturer's node as facility information node is added to
In facility information node.
Specifically, the start mark and end mark of code device generation manufacturer node, by the start mark of manufacturer's node
And end mark is added between the start mark of facility information node and end mark.
For example, code device is by the start mark of manufacturer's node<Manufacturer>And end mark</
Manufacturer>It is added to the start mark of facility information node<DeviceInfo>And end mark</DeviceInfo>
Between.
Step 107, code device reads manufacturer's information from the current list, is added to manufacturer's information as text node
In manufacturer's node.
Specifically, code device reads manufacturer's information from the current list, and manufacturer's information is added into manufacturer's node
Between start mark and end mark.
For example, code device reads manufacturer's information " Manufacturer " from the current list, and by manufacturer's information
" Manufacturer " is added to the start mark of manufacturer's node<DeviceInfo>And end mark</DeviceInfo>It
Between.
Step 108, code device formation sequence node, the child node of sequence number node as facility information node is added
It is added in facility information node.
Specifically, the start mark and end mark of code device formation sequence node, by the starting of sequence number node
Mark and end mark are added between the start mark of facility information node and end mark.
For example, code device is by the start mark of sequence number node<SerialNo>And end mark</SerialNo>Add
It is added to the start mark of facility information node<DeviceInfo>And end mark</DeviceInfo>Between.
Step 109, code device reads equipment Serial Number from the current list, adds equipment Serial Number as text node
It is added in sequence number node.
Specifically, code device reads equipment Serial Number from the current list, and sequence number node start mark and
Equipment Serial Number is added between end mark.
For example, code device reads equipment Serial Number " 987654321 ", and rising in sequence number node from the current list
Begin addition equipment Serial Number " 987654321 " between mark and end mark.
Step 110, code device generation cipher key node, cipher key node is added to as the child node of key packet node close
In key packet node.
Specifically, code device generates the start mark and end mark of cipher key node, by the start mark of cipher key node
And end mark is added between the start mark of key packet node and end mark.
For example, code device is by the start mark of cipher key node<Key>And end mark</Key>It is added to key packet section
The start mark of point<KeyPackage>And end mark</KeyPackage>Between.
Step 111, code device reads key identification and key algorithm information from the current list, is given birth to according to key identification
Into key identification node, key algorithm node is generated according to key algorithm information, by key identification node and key algorithm node
It is added to as attribute node in cipher key node.
Specifically, code device reads key identification and key algorithm information from the current list, using key identification as
Attribute value generation key identification node, using key algorithm information as attribute value generation key algorithm node, and in cipher key node
Start mark in addition key identification node and key algorithm node.Wherein, key identification node and key algorithm node are equal
For attribute node, including attribute-name and property value.
For example, code device reads key identification " 12345678 " and key algorithm information " urn from the current list:
ietf:params:xml:ns:keyprov:pskc:Hotp ", generates key identification node, i.e. Id=" according to key identification
12345678";Key algorithm node is generated according to key algorithm information, i.e. Algorithm=" urn:ietf:params:
xml:ns:keyprov:pskc:Hotp ", and in the start mark of cipher key node<Key>The above-mentioned key identification node of middle addition and
Key algorithm node.
Wherein, key identification node includes attribute-name " Id " and property value " 12345678 ", and key algorithm node includes category
Property name " Algorithm " and property value " urn:ietf:params:xml:ns:keyprov:pskc:Hotp ", adds above-mentioned letter
After breath, the start mark of cipher key node is updated to:<Key Id=" 12345678 " Algorithm=" urn:ietf:
params:xml:ns:keyprov:pskc:hotp">。
Step 112, code device generation back end, key is added to using back end as the child node of cipher key node
In node.
Specifically, code device generates the start mark and end mark of back end, by the start mark of back end
And end mark is added between the start mark of cipher key node and end mark.
For example, code device is by the start mark of back end<Data>And end mark</Data>It is added to key section
The start mark of point<Key>And end mark</Key>Between.
Step 113, code device generation key value node, the child node of key value node as back end is added to
In back end.
Specifically, code device generates the start mark and end mark of key value node, in the starting mark of back end
The start mark and end mark of key value node are added between note and end mark.
For example, start mark of the code device in back end<Data>And end mark</Data>Between add key
The start mark of value node<Secret>And end mark</Secret>.
Step 114, code device generate the first plaintext node, using the first plaintext node as key value node child node
It is added in key value node.
Specifically, code device generates the start mark and end mark of the first plaintext node, by the first plaintext node
Start mark and end mark are added between the start mark of key value node and end mark.
For example, start mark of the code device in key value node<Secret>And end mark</Secret>Between add
Plus first plaintext node start mark<PlainValue>And end mark</PlainValue>.
Step 115, code device reads key plain from the current list, is added to key plain as text node
In first plaintext node.
Specifically, code device reads key plain from the current list, and the first plaintext node start mark and
Key plain is added between end mark.
For example, code device reads key plain " MTIzNA==" from the current list, and in the first plaintext node
Start mark<PlainValue>And end mark</PlainValue>Between addition key plain " MTIzNA==".
By performing aforesaid operations, the key file of code device generation is:
Step 116, code device judges to whether there is the key attribute list of not processed mistake in key information, if
It is, then return to step 103;Otherwise, flow is terminated.
Step 117, code device generation encryption key node, the son of encryption key node as cryptographic key containers node is saved
Point is added in cryptographic key containers node.
Specifically, code device generates the start mark and end mark of encryption key node, by encryption key node
Start mark and end mark are added between the start mark of cryptographic key containers node and end mark.
For example, code device is by the start mark of encryption key node<EncryptionKey>And end mark</
EncryptionKey>It is added to the start mark of cryptographic key containers node<KeyContainer>And end mark</
KeyContainer>Between.
Step 118, code device generation key name node, the child node of key name node as encryption key node is added
It is added in encryption key node.
Specifically, code device generates the start mark and end mark of key name node, by the starting of key name node
Mark and end mark are added between the start mark of encryption key node and end mark.
For example, code device is by the start mark of key name node<ds:KeyName>And end mark</ds:KeyName
>It is added to the start mark of encryption key node<EncryptionKey>And end mark</EncryptionKey>Between.
Step 119, code device reads encryption key name from key information, and encryption key name is added as text node
It is added in key name node.
Specifically, code device reads encryption key name from key information, and encryption key name is added into key reputation and integrity
Between the start mark and end mark of point.
For example, code device reads encryption key name " Pre-shared-key " from key information, by encryption key name
" Pre-shared-key " is added between the start mark of key name node and end mark.
Step 120, code device generation MAC method nodes, using MAC methods node as cryptographic key containers node child node
It is added in cryptographic key containers node.
Specifically, code device generates the start mark and end mark of MAC method nodes, by rising for MAC method nodes
Begin to mark and end mark is added between the start mark of cryptographic key containers node and end mark.
For example, code device is by the start mark of MAC method nodes<MACMethod>And end mark</MACMethod>
It is added to the start mark of cryptographic key containers node<KeyContainer>And end mark</KeyContainer>Between.
Step 121, code device reads MAC algorithm informations from key information, and generating MAC according to MAC algorithm informations calculates
Method node, is added to MAC algorithms node as attribute node in MAC method nodes.
Specifically, code device reads MAC algorithm informations from key information, and MAC algorithm informations are given birth to as property value
Into MAC algorithm nodes, MAC algorithm nodes are added in the start mark of MAC method nodes.
For example, code device reads MAC algorithm informations from key information, i.e. " hmac-sha1 ", the MAC algorithms are believed
Breath generates MAC algorithm nodes, i.e. Algorithm=hmac-sha1, above-mentioned MAC algorithms node is added to as property value
In the start mark of MAC method nodes, the start mark of MAC method nodes is updated to:<MACMethodAlgorithm="
hmac-sha1">。
Step 122, code device generation MAC cipher key nodes, using MAC cipher key nodes as MAC method nodes child node
It is added in MAC method nodes.
Specifically, code device generates the start mark and end mark of MAC cipher key nodes, by rising for MAC cipher key nodes
Begin to mark and end mark is added between the start mark of MAC method nodes and end mark.
For example, code device is by the start mark of MAC cipher key nodes<MACKey>And end mark</MACKey>It is added to
The start mark of MAC method nodes<MACMethod>And end mark</MACMethod>Between.
Step 123, code device generates the second encryption method node, and the second encryption method node is added as child node
Into MAC cipher key nodes.
Specifically, code device generates the second encryption method node, and the second encryption method node is added into MAC key sections
Between the start mark and end mark of point.
For example, code device is by the second encryption method node<xenc:EncryptionMethod/>It is added to MAC keys
The start mark of node<MACKey>And end mark</MACKey>Between.
Step 124, code device reads encryption key algorithm information from key information, according to encryption key algorithm information
The second encryption key algorithm node is generated, the second encryption key algorithm node is added to the second encryption method as attribute node
In node.
Specifically, code device reads encryption key algorithm information from key information, and encryption key algorithm information is made
For property value, the second encryption key algorithm node is generated, the second encryption key algorithm node is added to the second encryption method section
Point in.
, will be above-mentioned for example, code device reads encryption key algorithm information from key information, i.e. " aes128-cbc "
Encryption key algorithm information generates the second encryption key algorithm node, i.e. Algorithm=aes128-cbc as property value,
Above-mentioned second encryption key algorithm node is added in the second encryption method node, is by the second encryption method node updates:
<xenc:EncryptionMethod
Algorithm=" aes128-cbc "/>.
Step 125, code device generates the second code data node, regard the second code data node as MAC key sections
The child node of point is added in MAC cipher key nodes.
Specifically, code device generates the start mark and end mark of the second code data node, by the second password number
It is added to according to the start mark and end mark of node between the start mark of MAC cipher key nodes and end mark.
For example, code device is by the start mark of the second code data node<xenc:CipherData>And end mark
</xenc:CipherData>It is added to the start mark of MAC cipher key nodes<MACKey>And end mark</MACKey>Between.
Step 126, code device generates the second password value node, regard the second password value node as the second code data section
The child node of point is added in the second code data node.
Specifically, code device generates the start mark and end mark of the second password value node, by the second password value section
The start mark and end mark of point are added between the start mark of the second code data node and end mark.
For example, code device is by the start mark of the second password value node<xenc:CipherValue>And end mark</
xenc:CipherValue>It is added to the start mark of the second code data node<xenc:CipherData>And end mark
</xenc:CipherData>Between.
Step 127, code device reads MAC keys from key information, according to in key information encryption key name
Corresponding key, using strategy corresponding with the encryption key algorithm information in key information, MAC keys are encrypted, will
Obtained ciphertext is encrypted as text node to be added in the second password value node.
Specifically, code device reads MAC keys from key information, according to in key information encryption key name it is right
The key answered, using strategy corresponding with the encryption key algorithm information in key information, is encrypted to MAC keys, will add
Close obtained ciphertext is added between the start mark of the second password value node and end mark.
For example, code device reads MAC keys from key information, according to the encryption key name in key information
" Pre-shared-key " corresponding key, using corresponding with the encryption key algorithm information " hmac-sha1 " in key information
Strategy, MAC keys are encrypted, obtained ciphertext is:
ESIzRFVmd4iZABEiM0RVZgKn6WjLaTC1sbeBMSvIhRejN9vJa2BOlSaM rR7I5wSX, above-mentioned ciphertext is added
It is added to the start mark of the second password value node<xenc:CipherValue>And end mark</xenc:CipherValue>It
Between.
Step 128, code device chooses the key attribute list of a not processed mistake as current from key information
List.
Step 129, code device generation key packet node, the child node of key packet node as cryptographic key containers node is added
It is added in cryptographic key containers node.
Specifically, code device generates the start mark and end mark of key packet node, by the starting of key packet node
Mark and end mark are added between the start mark of cryptographic key containers node and end mark.
For example, code device is by the start mark of key packet node<KeyPackage>And end mark</KeyPackage
>It is added to the start mark of cryptographic key containers node<KeyContainer>And end mark</KeyContainer>Between.
Step 130, code device generation facility information node, using facility information node as key packet node child node
It is added in key packet node.
Specifically, code device generates the start mark and end mark of facility information node, by facility information node
Start mark and end mark are added between the start mark of key packet node and end mark.
For example, code device is by the start mark of facility information node<DeviceInfo>And end mark</
DeviceInfo>It is added to the start mark of key packet node<KeyPackage>And end mark</KeyPackage>Between.
Step 131, code device generation manufacturer node, the child node of manufacturer's node as facility information node is added to
In facility information node.
Specifically, the start mark and end mark of code device generation manufacturer node, by the start mark of manufacturer's node
And end mark is added between the start mark of facility information node and end mark.
For example, code device is by the start mark of manufacturer's node<Manufacturer>And end mark</
Manufacturer>It is added to the start mark of facility information node<DeviceInfo>And end mark</DeviceInfo>
Between.
Step 132, code device reads manufacturer's information from the current list, is added to manufacturer's information as text node
In manufacturer's node.
Specifically, code device reads manufacturer's information from the current list, and manufacturer's information is added into manufacturer's node
Between start mark and end mark.
For example, code device reads manufacturer's information " Manufacturer " from the current list, and by manufacturer's information
" Manufacturer " is added to the start mark of manufacturer's node<DeviceInfo>And end mark</DeviceInfo>It
Between.
Step 133, code device formation sequence node, the child node of sequence number node as facility information node is added
It is added in facility information node.
Specifically, the start mark and end mark of code device formation sequence node, by the starting of sequence number node
Mark and end mark are added between the start mark of facility information node and end mark.
For example, code device is by the start mark of sequence number node<SerialNo>And end mark</SerialNo>Add
It is added to the start mark of facility information node<DeviceInfo>And end mark</DeviceInfo>Between.
Step 134, code device reads equipment Serial Number from the current list, adds equipment Serial Number as text node
It is added in sequence number node.
Specifically, code device reads equipment Serial Number from the current list, and sequence number node start mark and
Equipment Serial Number is added between end mark.
For example, code device reads equipment Serial Number " 987654321 ", and rising in sequence number node from the current list
Begin addition equipment Serial Number " 987654321 " between mark and end mark.
Step 135, code device generation cipher key node, cipher key node is added to as the child node of key packet node close
In key packet node.
Specifically, code device generates the start mark and end mark of cipher key node, by the start mark of cipher key node
And end mark is added between the start mark of key packet node and end mark.
For example, code device is by the start mark of cipher key node<Key>And end mark</Key>It is added to key packet section
The start mark of point<KeyPackage>And end mark</KeyPackage>Between.
Step 136, code device reads key identification and key algorithm information from the current list, is given birth to according to key identification
Into key identification node, key algorithm node is generated according to key algorithm information, by key identification node and key algorithm node
It is added to as attribute node in cipher key node.
Specifically, code device reads key identification and key algorithm information from the current list, using key identification as
Attribute value generation key identification node, using key algorithm information as property value, generates key algorithm node, and in cipher key node
Start mark in addition key identification node and key algorithm node.Wherein, key identification node and key algorithm node are equal
For attribute node, including attribute-name and property value.
For example, code device reads key identification " 12345678 " and key algorithm information " urn from the current list:
ietf:params:xml:ns:keyprov:pskc:Hotp ", generates key identification node, i.e. Id=" according to key identification
12345678";Key algorithm node is generated according to key algorithm information, i.e. Algorithm=" urn:ietf:params:
xml:ns:keyprov:pskc:Hotp ", and in the start mark of cipher key node<Key>The above-mentioned key identification node of middle addition and
Key algorithm node.
Wherein, key identification node includes attribute-name " Id " and property value " 12345678 ", and key algorithm node includes category
Property name " Algorithm " and property value " urn:ietf:params:xml:ns:keyprov:pskc:Hotp ", adds above-mentioned letter
After breath, the start mark of cipher key node is updated to:<Key Id=" 12345678 " Algorithm=" urn:ietf:
params:xml:ns:keyprov:pskc:hotp">。
Step 137, code device generation back end, key is added to using back end as the child node of cipher key node
In node.
Specifically, code device generates the start mark and end mark of back end, by the start mark of back end
And end mark is added between the start mark of cipher key node and end mark.
For example, code device is by the start mark of back end<Data>And end mark</Data>It is added to key section
The start mark of point<Key>And end mark</Key>Between.
Step 138, code device generation key value node, the child node of key value node as back end is added to
In back end.
Specifically, code device generates the start mark and end mark of key value node, in the starting mark of back end
The start mark and end mark of key value node are added between note and end mark.
For example, start mark of the code device in back end<Data>And end mark</Data>Between add key
The start mark of value node<Secret>And end mark</Secret>.
Step 139, code device generation ciphertext node, the child node of ciphertext node as key value node is added to close
In key value node.
Specifically, code device generates the start mark and end mark of ciphertext node, by the start mark of ciphertext node
And end mark is added between the start mark of key value node and end mark.
For example, code device is by the start mark of ciphertext node<EncryptedValue>And end mark</
EncryptedValue>It is added to the start mark of key value node<Secret>And end mark</Secret>Between.
Step 140, code device generates the first encryption method node, and the first encryption method node is added as child node
Into ciphertext node.
Specifically, code device generates the first encryption method node, and the first encryption method node is added into ciphertext node
Start mark and end mark between.
For example, code device is by the first encryption method node<xenc:EncryptionMethod/>It is added to ciphertext node
Start mark<EncryptedValue>And end mark</EncryptedValue>Between.
Step 141, code device reads encryption key algorithm information from key information, according to encryption key algorithm information
The first encryption key algorithm node is generated, the first encryption key algorithm node is added to the first encryption method as attribute node
In node.
Specifically, code device reads encryption key algorithm information from key information, and encryption key algorithm information is made
For property value, the first encryption key algorithm node is generated, the first encryption key algorithm node is added to the first encryption method section
Point in.
, will be above-mentioned for example, code device reads encryption key algorithm information from key information, i.e. " aes128-cbc "
Encryption key algorithm information generates the first encryption key algorithm node as the property value of the first encryption key algorithm node, i.e.
Algorithm=" aes128-cbc ", above-mentioned first encryption key algorithm node is added in the first encryption method node, will
First encryption method node updates are:
<xenc:EncryptionMethod
Algorithm=" aes128-cbc "/>.
Step 142, code device generation first password back end, regard first password back end as ciphertext node
Child node is added in ciphertext node.
Specifically, code device generates the start mark and end mark of first password back end, by first password number
It is added to according to the start mark and end mark of node between the start mark of ciphertext node and end mark.
For example, code device is by the start mark of first password back end<xenc:CipherData>And end mark
</xenc:CipherData>It is added to the start mark of ciphertext node<EncryptedValue>And end mark</
EncryptedValue>Between.
Step 143, code device generation first password value node, regard first password value node as first password data section
The child node of point is added in first password back end.
Specifically, code device generates the start mark and end mark of first password value node, by first password value section
The start mark and end mark of point are added between the start mark of first password back end and end mark.
For example, code device is by the start mark of first password value node<xenc:CipherValue>And end mark</
xenc:CipherValue>It is added to the start mark of first password back end<xenc:CipherData>And end mark
</xenc:CipherData>Between.
Step 144, code device reads key plain from the current list, according to in key information encryption key name
Corresponding key, using strategy corresponding with the encryption key algorithm information in key information, key plain is encrypted, will
Obtained key ciphertext is encrypted as text node to be added in first password value node.
Specifically, code device reads key plain from the current list, according to in key information encryption key name
Corresponding key, using strategy corresponding with the encryption key algorithm information in key information, key plain is encrypted, will
Obtained key ciphertext is encrypted to be added between the start mark of first password value node and end mark.
For example, code device reads key plain from the current list, i.e., " MTIzNA==", according to in key information
Encryption key name " Pre-shared-key " corresponding key, using with the encryption key algorithm information in key information
" hmac-sha1 " corresponding strategy, key plain " MTIzNA==" is encrypted, and obtained key ciphertext is:
AAECAwQFBgcICQoLDA0OD+cIHItlB3Wra1DUpxVvOx2lef1VmNPCMl8j wZqIUqGv, above-mentioned key is close
Text is added to the start mark of first password value node<xenc:CipherValue>And end mark</xenc:
CipherValue>Between.
Step 145, code device generation MAC value node, the child node of MAC value node as key value node is added to
In key value node.
Specifically, code device generates the start mark and end mark of MAC value node, by the starting mark of MAC value node
Note and end mark are added between the start mark of key value node and end mark.
For example, code device is by the start mark of MAC value node<ValueMAC>And end mark</ValueMAC>Addition
To the start mark of key value node<Secret>And end mark</Secret>Between.
Step 146, MAC key of the code device in key information, using with the MAC algorithm informations in key information
Corresponding strategy, carries out summary processing to key plain, MAC value node is added to using obtained digest value as text node
In.
Specifically, MAC key of the code device in key information, using with the MAC algorithm informations in key information
Corresponding strategy, carries out summary processing to key plain, MAC value node is added to using obtained digest value as text node
Between start mark and end mark.
For example, MAC key of the code device in key information, using with the MAC algorithm informations in key information
" hmac-sha1 " corresponding strategy, carries out summary processing to key plain " MTIzNA==", obtains digest value " Su+
NvtQfmvfJzF6bmQiJqoLRExc=", and the digest value is added to the start mark of MAC value node as text node
<ValueMAC>And end mark</ValueMAC>Between.
By performing aforesaid operations, the key file of code device generation is:
Step 147, code device judges to whether there is the key attribute list of not processed mistake in key information, if
It is, then return to step 128;Otherwise, flow is terminated.
The beneficial effect that the present invention reaches:Key information is encoded to the key file of consolidation form by code device so that
Verification System can perform unified handling process to the key information that multiple equipment manufacturer configures, and alleviate the work of Verification System
Bear.
Further, in another embodiment of the invention, code device generation cryptographic key containers node, by cryptographic key containers
Node is added in key file as root node, and after judging that cipher key delivery mode is plaintext transmission, concurrent multiple lines
All key attribute lists in key information are distributed to above-mentioned multiple threads by journey;Each thread obtains at least one key
Attribute list, and using each key attribute list as the current list, perform step 104 to step 115, generate at least one close
Key packet node;The key packet node that all threads are generated is added in cryptographic key containers node by code device, realizes and key is believed
The coding of breath.
Code device generates cryptographic key containers node, and cryptographic key containers node is added in key file as root node, and
After judging cipher key delivery mode and not being plaintext transmission, concurrent multiple threads arrange all key attributes in key information
Table distributes to above-mentioned multiple threads;Each thread obtains at least one key attribute list, and each key attribute list is made
For the current list, step 117 is performed to step 146, at least one key packet node is generated;Code device generates all threads
Key packet node be added in cryptographic key containers node, realize to the coding of key information.Above-mentioned working mechanism can accelerate to compile
The coding rate of code device.
It should be noted that in another embodiment of the invention, publisher's letter is may also include in key attribute list
Publisher's node is added to key section by breath, correspondingly, code device generation publisher's node
In point, publisher's information is read from key attribute list, publisher's node is added to using publisher's information as text node
In.
Specifically, code device generates the start mark and end mark of publisher's node, by the starting of publisher's node
Mark and end mark are added between the start mark of cipher key node and end mark, and distribution is read from key attribute list
Square information, and addition publisher's information between the start mark and end mark of publisher's node.
For example, code device is by the start mark of publisher's node<Issuer>And end mark</Issuer>It is added to
The start mark of cipher key node<Key>And end mark</Key>Between, publisher's information is read from key attribute list
" Issuer-A ", and in the start mark of publisher's node<Issuer>And end mark</Issuer>Between add publisher
Information " Issuer-A ".
In another embodiment of the invention, equipment user's mark is may also include in key attribute list, correspondingly, is compiled
Code device generation equipment user's mark node, the child node that equipment user is identified into node as facility information node, which is added to, to be set
In standby information node, equipment user's mark is read from key attribute list, equipment user's mark is added as text node
Into equipment user's mark node.
Specifically, code device generation equipment user identifies the start mark and end mark of node, and equipment user is marked
The start mark and end mark for knowing node are added between the start mark of facility information node and end mark, and in equipment
Addition equipment user's mark between the start mark and end mark of user's mark node.
For example, code device identifies equipment user the start mark of node<UserId>And end mark</UserId>
It is added to the start mark of facility information node<DeviceInfo>And end mark</DeviceInfo>Between, and in equipment
User identifies the start mark of node<UserId>And end mark</UserId>Between addition equipment user mark " DC=
Example-bank, DC=net ".
In another embodiment of the invention, crypto module mark is may also include in key attribute list, correspondingly, is compiled
Code device generation crypto module node, key packet node is added to using the child node of crypto module node as key packet node
In, generation crypto module mark node, the child node that crypto module is identified into node as crypto module node is added to password
In Module nodes, crypto module mark is read from key attribute list, crypto module mark is added to as text node
In crypto module mark node.
Specifically, code device generates the start mark and end mark of crypto module node, by crypto module node
Start mark and end mark are added between the start mark of key packet node and end mark, and crypto module is identified into node
Start mark and end mark be added between the start mark of crypto module node and end mark, and by crypto module mark
Know and be added between the start mark of crypto module mark node and end mark.
For example, code device is by the start mark of crypto module node<CryptoModuleInfo>And end mark</
CryptoModuleInfo>It is added to the start mark of key packet node<KeyPackage>And end mark</KeyPackage
>Between, crypto module is identified to the start mark of node<Id>And end mark</Id>It is added to the starting of crypto module node
Mark<CryptoModuleInfo>And end mark</CryptoModuleInfo>Between, and crypto module is identified into " CM_
ID_001 " is added to the start mark that crypto module identifies node<Id>And end mark</Id>Between.
In another embodiment of the invention, cipher key user mark is may also include in key attribute list, correspondingly, is compiled
Code device generation cipher key user mark node, identifies node using cipher key user and is added to key section as the child node of cipher key node
In point, cipher key user mark is read from key attribute list, cipher key user mark is added into key as text node uses
In the mark node of family.
Specifically, code device generation cipher key user identifies the start mark and end mark of node, by cipher key user mark
The start mark and end mark for knowing node are added between the start mark of cipher key node and end mark, and in cipher key user
Identify addition cipher key user mark between the start mark and end mark of node.
For example, code device identifies cipher key user the start mark of node<UserId>And end mark</UserId>
It is added to the start mark of cipher key node<Key>And end mark</Key>Between, and identify the starting of node in cipher key user
Mark<UserId>And end mark</UserId>Between addition cipher key user mark " UID=jsmith, DC=example-
Bank, DC=net ".
In another embodiment of the invention, key from date, key termination are may also include in key attribute list
Date and key purposes information, correspondingly, code device generation strategy node, using polices node as cipher key node child node
Be added in cipher key node, generation from date node, termination date node and key purposes node, by from date node,
Termination date node and key purposes node are added in polices node, read from key attribute list key from date,
Key termination date and key purposes information, are added to key from date as text node in from date node, will
The key termination date is added in termination date node as text node, and key purposes information is added to as text node
In key purposes node.
Specifically, the start mark and end mark of code device generation strategy node, by the start mark of polices node
And end mark is added between the start mark of cipher key node and end mark, by the start mark and knot of from date node
Beam mark is added between the start mark of polices node and end mark, and key starting date is read from key attribute list
Phase, key from date is added between the start mark of from date node and end mark, by the date node that terminates
Start mark and end mark are added between the start mark of polices node and end mark, are read from key attribute list
Key terminates the date, the key termination date is added between the start mark of termination date node and end mark, by key
The start mark and end mark of purposes node are added between the start mark of polices node and end mark, from key attribute
In list read key purposes information, by key purposes information be added to key purposes node start mark and end mark it
Between.
For example, code device is by the start mark of polices node<Policy>And end mark</Policy>It is added to close
The start mark of key node<Key>And end mark</Key>Between, by the start mark of from date node<StartDate>
And end mark</StartDate>It is added between the start mark of polices node and end mark, from key attribute list
Read key from date " 2014-05-07T02:58:31Z ", from date node is added to by above-mentioned key from date
Start mark<StartDate>And end mark</StartDate>Between, by the start mark of date node that terminates<
ExpiryDate>And end mark</ExpiryDate>It is added to the start mark of polices node<Policy>And end mark
</Policy>Between, the key termination date " 2019-05-07T02 is read from key attribute list:57:37Z ", will be above-mentioned close
The key termination date is added to the start mark of termination date node<ExpiryDate>And end mark</ExpiryDate>It
Between, by the start mark of key purposes node<KeyUsage>And end mark</KeyUsage>It is added to rising for polices node
Begin mark<Policy>And end mark</Policy>Between, key purposes information " OTP " is read from key attribute list,
Key purposes information " OTP " is added to the start mark of key purposes node<KeyUsage>And end mark</KeyUsage
>Between.
In addition, when key information is related to the seed key in time type dynamic token, may be used also in key attribute list
Including the initial of response code length, answer code coding information, time interval value, the initial value of time offset and time factor
Value, correspondingly, algorithm parameter node is added to close by code device generating algorithm Parameter nodes as the child node of cipher key node
In key node, answer code form node is generated, the child node of answer code form node as algorithm parameter node is added to calculation
In method Parameter nodes, response code length and answer code coding information are read from key attribute list, according to response code length life
Into response code length node, according to answer code coding information generate answer code coding information node, will response code length node and
Answer code coding information node is added in answer code form node as attribute node;Timing node is generated, by timing node
It is added to as the child node of back end in back end, generates second plaintext node, regard second plaintext node as the time
The child node of node is added in timing node, the initial value of the read access time factor from key attribute list, by time factor
Initial value be added to as text node in second plaintext node;Generate time interval node, using time interval node as
The child node of back end is added in back end, generates the 3rd plaintext node, regard the 3rd plaintext node as time interval
The child node of node is added in time interval node, the read access time spacing value from key attribute list, by time interval value
It is added to as text node in the 3rd plaintext node;Time migration node is generated, time migration node is regard as back end
Child node be added in back end, generate the 4th plaintext node, using the 4th plaintext node as time migration node son
Node is added in time migration node, the initial value of read access time offset from key attribute list, by time offset
Initial value be added to as text node in the 4th plaintext node.
Specifically, the start mark and end mark of algorithm parameter node can be added to cipher key node by code device
Between start mark and end mark, answer code form node is added to the start mark and end mark of algorithm parameter node
Between, response code length and answer code coding information are read from key attribute list, response code length is given birth to as property value
Into response code length node, using answer code coding information as attribute value generation answer code coding information node, code length will be responded
Degree node and answer code coding information node are added in answer code form node.Wherein, response code length node and answer code
Coding information node is attribute node, including attribute-name and property value.
Code device the start mark and end mark of timing node can be added to back end start mark and
Between end mark, the start mark and end mark of second plaintext node are added to start mark and the end of timing node
Between mark, the initial value of time factor is added to second bright by the initial value of the read access time factor from key attribute list
Between the start mark and end mark of literary node;The start mark and end mark of time interval node are added to data section
Between the start mark and end mark of point, the start mark and end mark of the 3rd plaintext node are added to time interval section
Between the start mark and end mark of point, time interval value is added to by the read access time spacing value from key attribute list
Between the start mark and end mark of 3rd plaintext node;The start mark and end mark of time migration node are added to
Between the start mark and end mark of back end, the start mark and end mark of the 4th plaintext node are added to the time
Offset node start mark and end mark between, the initial value of read access time offset from key attribute list, by when
Between the initial value of offset be added between the start mark of the 4th plaintext node and end mark.
For example, code device is by the start mark of algorithm parameter node<AlgorithmParameters>And end mark
</AlgorithmParameters>It is added to the start mark of cipher key node<Key>And end mark</Key>Between, by sound
Answer code form node<ResponseFormat/>It is added between the start mark of algorithm parameter node and end mark, from close
Response code length " 8 " and answer code coding information " DECIMAL " are read in key attribute list, response code length " 8 " is regard as category
Property value, generation response code length node " Length=" 8 " ", using answer code coding information " DECIMAL " be used as property value, generation
Answer code coding information node " Encoding=" DECIMAL " ", wherein, response code length node includes attribute-name " Length "
With property value " 8 ", answer code coding information node includes attribute-name " Encoding " and property value " DECIMAL ", code device
Above-mentioned response code length node and answer code coding information node are added to after answer code form node, answer code form node
It is updated to:<ResponseFormat Length=" 8 " Encoding=" DECIMAL "/>.Code device is by timing node
Start mark<Time>And end mark</Time>It is added to the start mark of back end<Data>And end mark</
Data>Between, by the start mark of second plaintext node<PlainValue>And end mark</PlainValue>When being added to
The start mark of intermediate node<Time>And end mark</Time>Between, the read access time factor is first from key attribute list
Initial value " 0 ", the start mark of second plaintext node is added to by the initial value " 0 " of time factor<PlainValue>With end mark
Note</PlainValue>Between;By the start mark of time interval node<TimeInterval>And end mark</
TimeInterval>It is added to the start mark of back end<Data>And end mark</Data>Between, the 3rd is saved in plain text
The start mark of point<PlainValue>And end mark</PlainValue>It is added to the start mark of time interval node<
TimeInterval>And end mark</TimeInterval>Between, the read access time spacing value from key attribute list
" 60 ", time interval value " 60 " are added to the start mark of the 3rd plaintext node<PlainValue>And end mark</
PlainValue>Between;By the start mark of time migration node<TimeDrift>And end mark</TimeDrift>Addition
To the start mark of back end<Data>And end mark</Data>Between, by the start mark of the 4th plaintext node<
PlainValue>And end mark</PlainValue>It is added to the start mark of time migration node<TimeDrift>And knot
Beam is marked</TimeDrift>Between, the initial value " 0 " of read access time offset from key attribute list, by time offset
Initial value " 0 " be added to the start mark of the 4th plaintext node<PlainValue>And end mark</PlainValue>It
Between.
In addition, when key information is related to the seed key in event mode dynamic token, may be used also in key attribute list
Include the initial value of response code length, answer code coding information and event factor, correspondingly, code device generating algorithm parameter section
Point, is added to algorithm parameter node as the child node of cipher key node in cipher key node, answer code form node is generated, by sound
Answer code form node to be added to as the child node of algorithm parameter node in algorithm parameter node, read from key attribute list
Code length and answer code coding information are responded, according to response code length generation response code length node, is encoded and believed according to answer code
Breath generation answer code coding information node, response code length node and answer code coding information node are added as attribute node
Into answer code form node, counter node is generated, the child node of counter node as back end is added to data
In node, the 5th plaintext node is generated, the child node of the 5th plaintext node as counter node is added to counter node
In, it is added to the initial value of event factor as text node in the 5th plaintext node.
Specifically, the start mark and end mark of algorithm parameter node can be added to cipher key node by code device
Between start mark and end mark, answer code form node is added to the start mark and end mark of algorithm parameter node
Between, response code length and answer code coding information are read from key attribute list, response code length is given birth to as property value
Into response code length node, using answer code coding information as attribute value generation answer code coding information node, code length will be responded
Degree node and answer code coding information node are added in answer code form node.Wherein, response code length node and answer code
Coding information node is attribute node, including attribute-name and property value.
The start mark and end mark of counter node can be added to the start mark of back end by code device
Between end mark, by the start mark and end mark of the 5th plaintext node be added to counter node start mark and
Between end mark, and between the start mark and end mark of the 5th plaintext node add event factor initial value.
For example, code device is by the start mark of algorithm parameter node<AlgorithmParameters>And end mark
</AlgorithmParameters>It is added to the start mark of cipher key node<Key>And end mark</Key>Between, by sound
Answer code form node<ResponseFormat/>It is added between the start mark of algorithm parameter node and end mark, from close
Response code length " 8 " and answer code coding information " DECIMAL " are read in key attribute list, response code length " 8 " is regard as category
Property value, generation response code length node " Length=" 8 " ", using answer code coding information " DECIMAL " be used as property value, generation
Answer code coding information node " Encoding=" DECIMAL " ", wherein, response code length node includes attribute-name " Length "
With property value " 8 ", answer code coding information node includes attribute-name " Encoding " and property value " DECIMAL ", code device
Above-mentioned response code length node and answer code coding information node are added to after answer code form node, answer code form node
It is updated to:<ResponseFormat Length=" 8 " Encoding=" DECIMAL "/>.Code device is by counter section
The start mark of point<Counter>And end mark</Counter>It is added to the start mark of back end<Data>And end
Mark</Data>Between, by the start mark of the 5th plaintext node<PlainValue>And end mark</PlainValue>Add
It is added to the start mark of counter node<Counter>And end mark</Counter>Between, and in the 5th plaintext node
Start mark<PlainValue>And end mark</PlainValue>Between add event factor initial value " 0 ".
Method of work with the device for realizing key information coding shown in Fig. 1 and Fig. 2 is corresponding, and the embodiment of the present invention is also
There is provided the method for work for the device for realizing key information decoding, as shown in Figures 3 to 6, comprise the following steps:
Step 201, decoding apparatus searches key packet node from the root node of key file, if found, performs
Step 202;Otherwise, decoding apparatus shows error message, terminates flow.
Specifically, decoding apparatus can search key between the start mark and end mark of the root node of cryptograph files
The start mark and end mark of packet node, if found, it is determined that find key packet from the root node of key file
Node;Otherwise, it determines not finding key packet node from the root node of key file.Wherein, the root node of cryptograph files
For cryptographic key containers node.
For example, start mark of the decoding apparatus in cryptographic key containers node<KeyContainer>And end mark</
KeyContainer>Between search key packet node start mark<KeyPackage>And end mark</KeyPackage>,
If found, it is determined that find key packet node from the root node of key file;Otherwise, it determines not from key file
Root node in find key packet node.
Step 202, decoding apparatus searches facility information node from key packet node, if found, performs step
203;Otherwise, step 208 is performed.
Specifically, decoding apparatus can search facility information section between the start mark and end mark of key packet node
The start mark and end mark of point, if found, it is determined that find facility information node from key packet node;It is no
Then, it is determined that without finding facility information node from key packet node.
For example, start mark of the decoding apparatus in key packet node<KeyPackage>And end mark</KeyPackage
>Between search facility information node start mark<DeviceInfo>And end mark</DeviceInfo>If searched
Arrive, it is determined that facility information node is found from key packet node;Set otherwise, it determines not found from key packet node
Standby information node.
Step 203, manufacturer's node is searched in decoding apparatus slave unit information node, if found, step is performed
204;Otherwise, step 205 is performed.
Specifically, decoding apparatus can search manufacturer's node between the start mark and end mark of facility information node
Start mark and end mark, if found, it is determined that find manufacturer's node in slave unit information node;Otherwise, really
Manufacturer's node is found in fixed no slave unit information node.
For example, start mark of the decoding apparatus in facility information node<DeviceInfo>And end mark</
DeviceInfo>Between search the start mark of manufacturer node<Manufacturer>And end mark</Manufacturer>,
If found, it is determined that find manufacturer's node in slave unit information node;Otherwise, it determines without in slave unit information node
Find manufacturer's node.
Step 204, decoding apparatus obtains the content of text of the child node of manufacturer node, using the content of text got as
Manufacturer's information is preserved, and performs step 205.
Specifically, decoding apparatus can obtain the text node between the start mark and end mark of manufacturer's node
Content of text, text content is preserved as manufacturer's information.
For example, decoding apparatus obtains the start mark positioned at manufacturer's node<Manufacturer>And end mark</
Manufacturer>Between text node content of text " Manufacturer ", by text content
" Manufacturer " is preserved as manufacturer's information.
Step 205, sequence number node is searched in decoding apparatus slave unit information node, if found, step is performed
206;Otherwise, step 207 is performed.
Specifically, decoding apparatus can search sequence number section between the start mark and end mark of facility information node
The start mark and end mark of point, if found, it is determined that find sequence number node in slave unit information node;It is no
Then, determine to find sequence number node in no slave unit information node.
For example, start mark of the decoding apparatus in facility information node<DeviceInfo>And end mark</
DeviceInfo>Between search sequence number node start mark<SerialNo>And end mark</SerialNo>If looked into
Find, it is determined that sequence number node is found in slave unit information node;Otherwise, it determines without lookup in slave unit information node
To sequence number node.
Step 206, decoding apparatus obtains the content of text of the child node of sequence number node, and the content of text got is made
Preserved for equipment Serial Number, and perform step 207.
Specifically, decoding apparatus can obtain the text section between the start mark and end mark of sequence number node
The content of text of point, text content is preserved as equipment Serial Number.
For example, decoding apparatus obtains the start mark positioned at sequence number node<SerialNo>And end mark</
SerialNo>Between text node content of text " 987654321 ", regard text content " 987654321 " as equipment
Sequence number is preserved.
Step 207, decoding apparatus searches cipher key node from key packet node, if found, and performs step 208;
Otherwise, decoding apparatus shows error message, terminates flow.
Specifically, decoding apparatus can search cipher key node between the start mark and end mark of key packet node
Start mark and end mark, if found, it is determined that find cipher key node from key packet node;Otherwise, it determines not having
Have and find cipher key node from key packet node.
For example, start mark of the decoding apparatus in key packet node<KeyPackage>And end mark</KeyPackage
>Between search cipher key node start mark<Key>And end mark</Key>If found, it is determined that from key packet section
Cipher key node is found in point;Otherwise, it determines not finding cipher key node from key packet node.
Step 208, decoding apparatus obtains the property value of the key algorithm node in cipher key node, by the property value got
Preserved as key algorithm information.
Specifically, decoding apparatus can regard the key algorithm node in the start mark of cipher key node as attribute section
Point, obtains the property value of key algorithm node, and is preserved the property value got as key algorithm information.
For example, decoding apparatus is by positioned at the start mark of cipher key node<Key>In key algorithm node " Algorithm
=" urn:ietf:params:xml:ns:keyprov:pskc:Hotp " " obtains above-mentioned key algorithm section as attribute node
The property value of point, i.e. " urn:ietf:params:xml:ns:keyprov:pskc:Hotp ", and the property value got is made
Preserved for key algorithm information.
Step 209, decoding apparatus obtains the property value of the key identification node in cipher key node, by the property value got
Preserved as key identification.
Specifically, decoding apparatus can regard the key identification node in the start mark of cipher key node as attribute section
Point, obtains the property value of key identification node, and the property value got is preserved as key identification.
For example, decoding apparatus is by positioned at the start mark of cipher key node<Key>In key identification node " Id="
12345678 " " as attribute node, the property value " 12345678 " of key algorithm node is obtained, and by the property value got
" 12345678 " are preserved as key identification.
Step 210, decoding apparatus searching data node from cipher key node, if found, performs step 211;It is no
Then, decoding apparatus shows error message, terminates flow.
Specifically, decoding apparatus can between the start mark and end mark of cipher key node searching data node rise
Begin mark and end mark, if found, it is determined that find back end from cipher key node;Otherwise, it determines not from
Back end is found in cipher key node.
For example, start mark of the decoding apparatus in cipher key node<Key>And end mark</Key>Between searching data section
The start mark of point<Data>And end mark</Data>If found, it is determined that find data section from cipher key node
Point;Otherwise, it determines not finding back end from cipher key node.
Step 211, decoding apparatus searches key value node from back end, if found, and performs step 212;
Otherwise, decoding apparatus shows error message, terminates flow.
Specifically, decoding apparatus can search key value node between the start mark and end mark of back end
Start mark and end mark, if found, it is determined that key value node is found from back end;Otherwise, it determines not having
Have and key value node is found from back end.
For example, decoding apparatus back end start mark and<Data>And end mark</Data>Between search it is close
The start mark of key value node<Secret>And end mark</Secret>If found, it is determined that looked into from back end
Find key value node;Otherwise, it determines not finding key value node from back end.
Step 212, decoding apparatus searches the first plaintext node from key value node, if found, performs step
213;Otherwise, step 214 is performed.
Specifically, decoding apparatus can search first between the start mark and end mark of key value node and save in plain text
The start mark and end mark of point, if found, it is determined that find the first plaintext node from key value node;It is no
Then, it is determined that without finding the first plaintext node from key value node.
For example, start mark of the decoding apparatus in key value node<Secret>And end mark</Secret>Between look into
Look for the start mark of the first plaintext node<PlainValue>And end mark</PlainValue>If found, it is determined that
The first plaintext node is found from key value node;Saved in plain text otherwise, it determines not finding first from key value node
Point.
Step 213, decoding apparatus obtains the content of text of the child node of the first plaintext node, by the content of text got
Preserved as key plain.
Specifically, decoding apparatus can obtain the text between the start mark and end mark of the first plaintext node
The content of text of node, text content is preserved as key plain.
For example, decoding apparatus obtains the start mark positioned at the first plaintext node<PlainValue>And end mark</
PlainValue>Between text node content of text " MTIzNA==", using text content " MTIzNA==" as
Key plain is preserved.
Step 214, decoding apparatus searches ciphertext node from key value node, if found, and performs step 215;
Otherwise, decoding apparatus shows error message, terminates flow.
Specifically, decoding apparatus can search ciphertext node between the start mark and end mark of key value node
Start mark and end mark, if found, it is determined that ciphertext node is found from key value node;Otherwise, it determines not having
Have and ciphertext node is found from key value node.
For example, start mark of the decoding apparatus in key value node<Secret>And end mark</Secret>Between look into
Look for the start mark of ciphertext node<EncryptedValue>And end mark</EncryptedValue>If found,
It is determined that finding ciphertext node from key value node;Otherwise, it determines not finding ciphertext node from key value node.
Step 215, decoding apparatus searches the first encryption method node from ciphertext node, if found, performs step
Rapid 216;Otherwise, decoding apparatus shows error message, terminates flow.
Specifically, decoding apparatus can search the first encryption method between the start mark and end mark of ciphertext node
Node, if found, it is determined that the first encryption method node is found from ciphertext node;Otherwise, it determines not from ciphertext
The first encryption method node is found in node.
For example, start mark of the decoding apparatus in ciphertext node<EncryptedValue>And end mark</
EncryptedValue>Between search the first encryption method node<xenc:EncryptionMethod/>If found,
It is determined that finding the first encryption method node from ciphertext node;Add otherwise, it determines not finding first from ciphertext node
Decryption method node.
Step 216, decoding apparatus obtains the property value of the first encryption key algorithm node in the first encryption method node
It is used as encryption key algorithm information.
Specifically, decoding apparatus can be obtained using the key algorithm node in the first encryption method node as attribute node
The property value of key algorithm node is taken, and is preserved the property value got as key algorithm information.
For example, decoding apparatus is by the key algorithm node " Algorithm=" aes128- in the first encryption method node
Cbc " " obtains the property value of key algorithm node, i.e. " aes128-cbc " as attribute node, and by the property value got
Preserved as key algorithm information.
Step 217, decoding apparatus searches first password back end from ciphertext node, if found, performs step
Rapid 218;Otherwise, decoding apparatus shows error message, terminates flow.
Specifically, decoding apparatus can search first password data between the start mark and end mark of ciphertext node
The start mark and end mark of node, if found, it is determined that first password back end is found from ciphertext node;
Otherwise, it determines not finding first password back end from ciphertext node.
For example, start mark of the decoding apparatus in ciphertext node<EncryptedValue>And end mark</
EncryptedValue>Between search first password back end start mark<xenc:CipherData>And end mark
</xenc:CipherData>If found, it is determined that find first password back end from ciphertext node;Otherwise,
It is determined that without finding first password back end from ciphertext node.
Step 218, decoding apparatus searches first password value node from first password back end, if found,
Perform step 219;Otherwise, decoding apparatus shows error message, terminates flow.
Specifically, decoding apparatus can search first between the start mark and end mark of first password back end
The start mark and end mark of password value node, if found, it is determined that is found from first password back end
One password value node;Otherwise, it determines not finding first password value node from first password back end.
For example, start mark of the decoding apparatus in first password back end<xenc:CipherData>And end mark
</xenc:CipherData>Between search first password value node start mark<xenc:CipherValue>With end mark
Note</xenc:CipherValue>If found, it is determined that find first password value section from first password back end
Point;Otherwise, it determines not finding first password value node from first password back end.
Step 219, the content of text of the child node of decoding apparatus acquisition first password value node is used as key ciphertext.
Specifically, decoding apparatus can obtain the text between the start mark and end mark of first password value node
The content of text of this node is used as key ciphertext.
For example, decoding apparatus obtains the start mark positioned at first password value node<xenc:CipherValue>And end
Mark</xenc:CipherValue>Between text node content of text, i.e. AAECAwQFBgcICQoLDA0OD+
CIHItlB3Wra1DUpxVvOx2lef1VmNPCMl8jwZqIUqGv, is used as key ciphertext.
Step 220, decoding apparatus searches encryption key node from the root node of key file, if found, holds
Row step 221;Otherwise, decoding apparatus shows error message, terminates flow.
Specifically, decoding apparatus can search encryption between the start mark and end mark of the root node of cryptograph files
The start mark and end mark of cipher key node, if found, it is determined that encryption is found from the root node of key file
Cipher key node;Otherwise, it determines not finding encryption key node from the root node of key file.Wherein, key file
Root node is cryptographic key containers node
For example, start mark of the decoding apparatus in cryptographic key containers node<KeyContainer>And end mark</
KeyContainer>Between search encryption key node start mark<EncryptionKey>And end mark</
EncryptionKey>If found, it is determined that find encryption key node from the root node of key file;Otherwise,
It is determined that without finding encryption key node from the root node of key file.
Step 221, decoding apparatus searches key name node from encryption key node, if found, performs step
222;Otherwise, decoding apparatus shows error message, terminates flow.
Specifically, decoding apparatus can search key reputation and integrity between the start mark and end mark of encryption key node
The start mark and end mark of point, if found, it is determined that find key name node from encryption key node;It is no
Then, it is determined that without finding key name node from encryption key node.
For example, start mark of the decoding apparatus in encryption key node<EncryptionKey>And end mark</
EncryptionKey>Between search key name node start mark<ds:KeyName>And end mark</ds:KeyName
>If found, it is determined that find key name node from encryption key node;Otherwise, it determines not from encryption key section
Key name node is found in point.
Step 222, decoding apparatus obtain key name node child node content of text as encryption key name, according to
The corresponding key of encryption key name, using the corresponding strategy of encryption key algorithm information with getting, to the key got
Ciphertext is decrypted, and obtains key plain.
Specifically, decoding apparatus can obtain the text section between the start mark and end mark of key name node
The content of text of point, according to key corresponding with encryption key name, uses the encryption key with getting as encryption key name
The corresponding strategy of algorithm information, is decrypted to the key ciphertext got, obtains key plain.
For example, decoding apparatus obtains the start mark positioned at key name node<ds:KeyName>And end mark</ds:
KeyName>Between text node content of text " Pre-shared-key " as encryption key name, according to encryption key
Name " Pre-shared-key " corresponding key, using the encryption key algorithm information with being got by step 216, i.e.,
" aes128-cbc, " corresponding strategy, to the key ciphertext got by step 219, i.e.
" AAECAwQFBgcICQoLDA0OD+cIHItlB3Wra1DUpxVvOx2lef1VmNPCMl8j wZqIUqGv " are decrypted, and obtain
To key plain " MTIzNA==".
Step 223, decoding apparatus searches MAC value node from key value node, if found, and performs step 225;
Otherwise, step 224 is performed.
Specifically, decoding apparatus can search MAC value node between the start mark and end mark of key value node
Start mark and end mark, if found, it is determined that find MAC value node from key value node;Otherwise, it determines
MAC value node is not found from key value node.
For example, start mark of the decoding apparatus in key value node<Secret>And end mark</Secret>Between look into
Look for the start mark of MAC value node<ValueMAC>And end mark</ValueMAC>If found, it is determined that from key
MAC value node is found in value node;Otherwise, it determines not finding MAC value node from key value node.
Step 224, the key plain that decoding apparatus is obtained to decryption is preserved.
For example, decoding apparatus is preserved to decrypting obtained key plain " MTIzNA==" by step 222.
Step 225, the content of text of the child node of decoding apparatus acquisition MAC value node is used as digest value.
Specifically, decoding apparatus can obtain the text section between the start mark and end mark of MAC value node
The content of text of point is used as digest value.
For example, decoding apparatus obtains the start mark positioned at MAC value node<ValueMAC>And end mark</
ValueMAC>Between the content of text " Su+NvtQfmvfJzF6bmQiJqoLRExc=" of text node be used as digest value.
Step 226, decoding apparatus searches MAC method nodes from the root node of key file, if found, performs
Step 227;Otherwise, decoding apparatus shows error message, terminates flow.
Specifically, decoding apparatus can search MAC between the start mark and end mark of the root node of cryptograph files
The start mark and end mark of method node, if found, it is determined that find MAC side from the root node of key file
Method node;Otherwise, it determines not finding MAC method nodes from the root node of key file.Wherein, the root section of cryptograph files
Point is cryptographic key containers node.
For example, start mark of the decoding apparatus in cryptographic key containers node<KeyContainer>And end mark</
KeyContainer>Between search MAC method nodes start mark<MACMethod>And end mark</MACMethod>,
If found, it is determined that find MAC method nodes from the root node of key file;Otherwise, it determines not from key text
MAC method nodes are found in the root node of part.
Step 227, decoding apparatus obtains the property value of the MAC algorithm nodes in MAC method nodes as MAC algorithms letter
Breath.
Specifically, decoding apparatus can regard the key algorithm node in the start mark of MAC method nodes as category
Property node, obtain MAC algorithm nodes property value be used as MAC algorithm informations.
For example, decoding apparatus is by positioned at the start mark of MAC method nodes<MACMethod>In MAC algorithm nodes,
That is, " Algorithm=" hmac-sha1 " " obtains the property value of MAC algorithm nodes, i.e. " hmac- as attribute node
Sha1 " is used as MAC algorithm informations.
Step 228, decoding apparatus searches MAC cipher key nodes from MAC method nodes, if found, performs step
229;Otherwise, decoding apparatus shows error message, terminates flow.
Specifically, decoding apparatus can search MAC key sections between the start mark and end mark of MAC method nodes
The start mark and end mark of point, if found, it is determined that find MAC cipher key nodes from MAC method nodes;It is no
Then, it is determined that without finding MAC cipher key nodes from MAC method nodes.
For example, start mark of the decoding apparatus in MAC method nodes<MACMethod>And end mark</MACMethod>
Between search MAC cipher key nodes start mark<MACKey>And end mark</MACKey>If found, it is determined that from
MAC cipher key nodes are found in MAC method nodes;Otherwise, it determines not finding MAC cipher key nodes from MAC method nodes.
Step 229, decoding apparatus searches the second encryption method node from MAC cipher key nodes, if found, performs
Step 230;Otherwise, decoding apparatus shows error message, terminates flow.
Specifically, decoding apparatus can search the second encryption between the start mark and end mark of MAC cipher key nodes
Method node, if found, it is determined that the second encryption method node is found from MAC cipher key nodes;Otherwise, it determines not having
The second encryption method node is found from MAC cipher key nodes.
For example, start mark of the decoding apparatus in MAC cipher key nodes<MACKey>And end mark</MACKey>Between look into
The second encryption method node is looked for, if found, it is determined that the second encryption method node is found from MAC cipher key nodes;It is no
Then, it is determined that without finding the second encryption method node from MAC cipher key nodes.
Step 230, decoding apparatus obtains the property value of the second encryption key algorithm node in the second encryption method node
It is used as encryption key algorithm information.
Specifically, decoding apparatus can regard the second encryption key algorithm node in the second encryption method node as attribute
Node, the property value for obtaining the second encryption key algorithm node is used as encryption key algorithm information.
For example, decoding apparatus is by the second encryption key algorithm node " Algorithm=" in the second encryption method node
Aes128-cbc " " obtains the property value of the second encryption key algorithm node, i.e. " aes128-cbc " conduct as attribute node
Encryption key algorithm information.
Step 231, decoding apparatus searches the second code data node from MAC cipher key nodes, if found, performs
Step 232;Otherwise, decoding apparatus shows error message, terminates flow.
Specifically, decoding apparatus can search the second password between the start mark and end mark of MAC cipher key nodes
The start mark and end mark of back end, if found, it is determined that the second password number is found from MAC cipher key nodes
According to node;Otherwise, it determines not finding the second code data node from MAC cipher key nodes.
For example, start mark of the decoding apparatus in MAC cipher key nodes<MACKey>And end mark</MACKey>Between look into
Look for the start mark of the second code data node<xenc:CipherData>And end mark</xenc:CipherData>, such as
Fruit is found, it is determined that the second code data node is found from MAC cipher key nodes;Otherwise, it determines not from MAC key sections
The second code data node is found in point.
Step 232, decoding apparatus searches the second password value node from the second code data node, if found,
Perform step 233;Otherwise, decoding apparatus shows error message, terminates flow.
Specifically, decoding apparatus can search second between the start mark and end mark of the second code data node
The start mark and end mark of password value node, if found, it is determined that is found from the second code data node
Two password value nodes;Otherwise, it determines not finding the second password value node from the second code data node.
For example, start mark of the decoding apparatus in the second code data node<xenc:CipherData>And end mark
</xenc:CipherData>Between search the start mark of the second password value node<xenc:CipherValue>With end mark
Note</xenc:CipherValue>If found, it is determined that find the second password value section from the second code data node
Point;Otherwise, it determines not finding the second password value node from the second code data node.
Step 233, the content of text of the child node of the second password value node of decoding apparatus acquisition is used as MAC key ciphertexts.
Specifically, decoding apparatus can obtain the text between the start mark and end mark of the second password value node
The content of text of this node is used as MAC key ciphertexts.
For example, decoding apparatus obtains the start mark positioned at the second password value node<xenc:CipherValue>And end
Mark</xenc:CipherValue>Between text node content of text, i.e.
" ESIzRFVmd4iZABEiM0RVZgKn6WjLaTC1sbeBMSvIhRejN9vJa2BOlSaM rR7I5wSX " are used as MAC keys
Ciphertext.
Step 234, decoding apparatus uses the encryption with getting according to the corresponding key of encryption key name with getting
The corresponding strategy of key algorithm information, is decrypted to the MAC key ciphertexts got, obtains MAC keys.
For example, decoding apparatus is corresponding according to the encryption key name " Pre-shared-key " with being got by step 222
Key, using the corresponding strategy of encryption key algorithm information " aes128-cbc " with being got by step 230, to passing through
The MAC key ciphertexts that step 233 is got, i.e.
" ESIzRFVmd4iZABEiM0RVZgKn6WjLaTC1sbeBMSvIhRejN9vJa2BOlSaM rR7I5wSX " are decrypted, and obtain
To MAC keys.
Step 235, the MAC keys that decoding apparatus is obtained according to decryption, are carried out at summary to the key plain that decryption is obtained
Reason, obtains digest value.
For example, decoding apparatus decrypts obtained MAC keys according to by step 234, to decrypting what is obtained by step 222
Key plain " MTIzNA==" carries out summary processing, obtains digest value " Su+NvtQfmvfJzF6bmQiJqoLRExc=".
Step 236, decoding apparatus judge the obtained digest value of summary processing whether with the summary that is obtained from MAC value node
Value is identical, if it is, performing step 237;Otherwise, decoding apparatus shows error message, terminates flow.
For example, decoding apparatus is judged to handle obtained digest value " Su+ by step 235 summary
NvtQfmvfJzF6bmQiJqoLRExc=" and digest value " the Su+ obtained by step 225 from MAC value node
NvtQfmvfJzF6bmQiJqoLRExc=" is identical.
Step 237, the key plain that decoding apparatus is obtained to decryption is preserved.
For example, decoding apparatus is preserved to decrypting obtained key plain " MTIzNA==" by step 222.
The beneficial effect that the present invention reaches:Decoding apparatus is decoded to the key file of consolidation form, obtains key letter
Breath so that Verification System can perform unified handling process to the key information that multiple equipment manufacturer configures, and alleviate certification
The work load of system.
Further, in another embodiment of the invention, decoding apparatus finds key section from key packet node
After point, publisher's node can also be searched from cipher key node, the content of text of the child node of publisher's node is obtained, will obtain
The content of text got is preserved as publisher's information.
Decoding apparatus is found from key packet node after facility information node, can be to be looked into slave unit information node
Look for equipment user to identify node, the content of text of the child node of equipment user's mark node is obtained, by the content of text got
Preserved as equipment user's mark.
Decoding apparatus is found from the root node of key file after key packet node, can also be from key packet node
Crypto module node is searched, crypto module mark node is searched from crypto module node, crypto module mark node is obtained
The content of text of child node, is preserved the content of text got as crypto module mark.
Decoding apparatus is found from key packet node after cipher key node, and key use can also be searched from cipher key node
Family identifies node, obtains the content of text of the child node of cipher key user mark node, regard the content of text got as key
User's mark is preserved.
Decoding apparatus is found from key packet node after cipher key node, can also from cipher key node search strategy section
Point, from date node, termination date node and key purposes node are searched from polices node, from date node is obtained
The content of text of child node, is preserved the content of text got as key from date;Obtain termination date node
Child node content of text, using the content of text got as key termination the date preserved;Obtain key purposes section
The content of text of the child node of point, is preserved the content of text got as key purposes information.
Decoding apparatus is found from key packet node after cipher key node, lookup algorithm can also be joined from cipher key node
It is several sections of, answer code form node is searched from algorithm parameter node, the response code length section in answer code form node is obtained
The property value of point, is preserved the property value got as response code length, obtains the response in answer code form node
The property value of code coding information node, is preserved the property value got as answer code coding information;
Correspondingly, after decoding apparatus finds back end from cipher key node, it can also be searched from back end
Timing node, time interval node and time migration node, search second plaintext node from timing node, obtain second plaintext
The content of text of the child node of node, is preserved the content of text got as the initial value of time factor;From the time
It is spaced in node and searches the 3rd plaintext node, the content of text of the child node of the 3rd plaintext node is obtained, by the text got
Content is preserved as time interval value;The 4th plaintext node is searched from time migration node, the 4th plaintext node is obtained
Child node content of text, preserved the content of text got as the initial value of time offset.
Decoding apparatus is found from cipher key node after back end, and counter section can also be searched from back end
Point, searches the 5th plaintext node from counter node, obtains the content of text of the child node of the 5th plaintext node, will get
Content of text preserved as the initial value of event factor.
Based on the method for work of the above-mentioned device for realizing key information coding, the embodiment of the present invention additionally provides a kind of coding
Device, as shown in fig. 7, comprises:
Read module 710, for reading manufacturer's information from the key attribute list of key information, equipment Serial Number, close
Key mark, key algorithm information and key plain;
Generation module 720, for generating cryptographic key containers node, key text is added to using cryptographic key containers node as root node
In part;Key packet node is generated, the child node of key packet node as cryptographic key containers node is added in cryptographic key containers node;
Facility information node and cipher key node are generated, facility information node and cipher key node are added as the child node of key packet node
Into key packet node;
Manufacturer's node and sequence number node are generated, the son of manufacturer's node and sequence number node as facility information node is saved
Point is added in facility information node;The manufacturer's information that read module 710 is read is added to manufacturer's section as text node
In point, the equipment Serial Number that read module 710 is read is added in sequence number node as text node;
The key algorithm information read according to read module 710 generates key algorithm node, is read according to read module 710
The key identification generation key identification node got, key identification node and key algorithm node are added to as attribute node
In cipher key node;Back end is generated, is added to back end as the child node of cipher key node in cipher key node;Generation is close
Key value node, the child node of key value node as back end is added in back end;
Add module 730, it is close for the key plain for reading read module 710 or key corresponding with key plain
Text is added in key value node.
Further, above-mentioned read module 710, is additionally operable to from key information read cipher key delivery mode;
Correspondingly, above-mentioned code device, also includes:
First judge module 740, for judging whether cipher key delivery mode is plaintext transmission;
Above-mentioned add module 730, specifically for judging that cipher key delivery mode is plaintext transmission in the first judge module 740
When, the first plaintext node is generated, the child node of the first plaintext node as key value node is added in key value node, will
The key plain that read module 710 is read is added in the first plaintext node as text node.
Further, above-mentioned read module 710, is additionally operable to read encryption key name from key information and encryption key is calculated
Method information;
Above-mentioned generation module 720, is additionally operable to generate encryption key node, regard encryption key node as cryptographic key containers node
Child node be added in cryptographic key containers node;Generate key name node, using key name node as encryption key node son
Node is added in encryption key node;The encryption key name that read module 710 is read is added to close as text node
In key name node;
Above-mentioned add module 730, specifically for judging that cipher key delivery mode is not to pass in plain text in the first judge module 740
When defeated, ciphertext node is generated, the child node of ciphertext node as key value node is added in key value node;Generation first
Encryption method node and first password back end, regard the first encryption method node and first password back end as ciphertext section
The child node of point is added in ciphertext node;The encryption key algorithm information generation first read according to read module 710 adds
Close key algorithm node, is added to the first encryption key algorithm node as attribute node in the first encryption method node;It is raw
Into first password value node, the child node of first password value node as first password back end is added to first password number
According in node;It is bright to key using strategy corresponding with encryption key algorithm information according to key corresponding with encryption key name
Text is encrypted, and the key ciphertext that encryption is obtained is added in first password value node as text node.
Further, above-mentioned read module 710, is additionally operable to read MAC algorithm informations, encryption key calculation from key information
Method information and MAC keys;
Correspondingly, above-mentioned generation module 720, is additionally operable to generate MAC method nodes, MAC method nodes is held as key
The child node of device node is added in cryptographic key containers node;The MAC algorithm informations read according to read module 710 generate MAC
Algorithm node, is added to MAC algorithms node as attribute node in MAC method nodes;MAC cipher key nodes are generated, MAC is close
Key node is added in MAC method nodes as the child node of MAC method nodes;Generate the second encryption method node and second close
Code back end, the second encryption method node and the second code data node are added in MAC cipher key nodes as child node;
The encryption key algorithm information read according to read module 710 generates the second encryption key algorithm node, and the second encryption is close
Key algorithm node is added in the second encryption method node as attribute node;The second password value node is generated, by the second password
Value node is added in the second code data node as the child node of the second code data node;According to read module 710
The corresponding key of encryption key name read, using strategy corresponding with encryption key algorithm information, reads read module 710
The MAC keys got are encrypted, and the ciphertext that encryption is obtained is added in the second password value node as text node;Generation
MAC value node, the child node of MAC value node as key value node is added in key value node;According to read module 710
The MAC keys read, using strategy corresponding with the MAC algorithm informations that read module 710 is read, are carried out to key plain
Summary processing, is added to obtained digest value as text node in MAC value node.
Further, above-mentioned code device, also includes:
Selecting module 750, for choosing the key attribute list of a not processed mistake from key information as current
List;
Correspondingly, above-mentioned read module 710, specifically for reading manufacturer in the current list for being chosen from selecting module 750
Information, equipment Serial Number, key identification, key algorithm information and key plain;
Above-mentioned code device, also includes:
Second judge module 760, in add module 730 by key plain or key ciphertext corresponding with key plain
After being added in key value node, judge to whether there is the key attribute list of not processed mistake in key information, if it is,
The key attribute list that triggering selection module 750 chooses a not processed mistake from key information is used as the current list;Otherwise,
Determine end-of-encode.
Correspondingly, above-mentioned read module 710, is additionally operable to from key attribute list read publisher's information;
Above-mentioned generation module 720, be additionally operable to generate publisher's node, using publisher's node as cipher key node child node
It is added in cipher key node, is added to publisher's information as text node in publisher's node.
Further, above-mentioned read module 710, is additionally operable to read equipment user's mark from key attribute list;
Correspondingly, above-mentioned generation module 720, is additionally operable to generation equipment user's mark node, equipment user is identified into node
It is added to as the child node of facility information node in facility information node, equipment user's mark is added to as text node
In equipment user's mark node.
Further, above-mentioned read module 710, is additionally operable to read crypto module mark from key attribute list,
Generation module 720, is additionally operable to generate crypto module node, and the son of crypto module node as key packet node is saved
Point is added in key packet node, generation crypto module mark node, regard crypto module mark node as crypto module node
Child node be added in crypto module node, using crypto module mark as text node be added to crypto module mark node
In.
Further, above-mentioned read module 710, is additionally operable to read cipher key user mark from key attribute list;
Correspondingly, above-mentioned generation module 720, is additionally operable to generation cipher key user mark node, cipher key user is identified into node
It is added to as the child node of cipher key node in cipher key node, cipher key user mark is added to cipher key user as text node
Identify in node.
Further, above-mentioned read module 710, is additionally operable to from key attribute list read key from date, key
Terminate date and key purposes information;
Correspondingly, above-mentioned generation module 720, is additionally operable to generation strategy node, using polices node as cipher key node son
Node is added in cipher key node, generation from date node, termination date node and key purposes node, by from date section
Point, termination date node and key purposes node are added in polices node, and key from date is added as text node
Into from date node, the date that key is terminated is added in termination date node as text node, and key purposes is believed
Breath is added in key purposes node as text node.
Further, above-mentioned read module 710, is additionally operable to read response code length, answer code from key attribute list
Coding information, the initial value of time factor, the initial value of time interval value and time offset;
Correspondingly, above-mentioned generation module 720, is additionally operable to generating algorithm Parameter nodes, regard algorithm parameter node as key
The child node of node is added in cipher key node, generates answer code form node, regard answer code form node as algorithm parameter
The child node of node is added in algorithm parameter node, according to response code length generation response code length node, according to answer code
Coding information generates answer code coding information node, regard response code length node and answer code coding information node as attribute section
Point is added in answer code form node;Timing node is generated, the child node of timing node as back end is added to number
According in node, second plaintext node is generated, the child node of second plaintext node as timing node is added in timing node,
It is added to the initial value of time factor as text node in second plaintext node;Time interval node is generated, by between the time
It is added to every node as the child node of back end in back end, generates the 3rd plaintext node, the 3rd plaintext node is made
It is added to for the child node of time interval node in time interval node, the 3rd is added to using time interval value as text node
In plaintext node;Time migration node is generated, the child node of time migration node as back end is added to back end
In, the 4th plaintext node is generated, the child node of the 4th plaintext node as time migration node is added to time migration node
In, it is added to the initial value of time offset as text node in the 4th plaintext node.
Further, above-mentioned read module 710, is additionally operable to read response code length, answer code from key attribute list
The initial value of coding information and event factor;
Correspondingly, above-mentioned generation module 720, is additionally operable to generating algorithm Parameter nodes, regard algorithm parameter node as key
The child node of node is added in cipher key node, generates answer code form node, regard answer code form node as algorithm parameter
The child node of node is added in algorithm parameter node, according to response code length generation response code length node, according to answer code
Coding information generates answer code coding information node, regard response code length node and answer code coding information node as attribute section
Point is added in answer code form node;Counter node is generated, the child node of counter node as back end is added
Into back end, the 5th plaintext node is generated, the child node of the 5th plaintext node as counter node is added to counting
In device node, it is added to the initial value of event factor as text node in the 5th plaintext node.
The beneficial effect that the present invention reaches:Key information is encoded to the key file of consolidation form by code device so that
Verification System can perform unified handling process to the key information that multiple equipment manufacturer configures, and alleviate the work of Verification System
Bear.
Based on the method for work of the above-mentioned device for realizing key information decoding, the embodiment of the present invention additionally provides a kind of decoding
Device, as shown in figure 8, including:
Searching modul 810, for searching key packet node from the root node of key file, if finding key packet section
Point, then search from key packet node and manufacturer's node, sequence number node searched in facility information node, slave unit information node,
Cipher key node is searched from key packet node;If finding cipher key node, the searching data node from cipher key node;If
Back end is found, then key value node is searched from back end;
First acquisition module 820, the son section for when searching modul 810 finds manufacturer's node, obtaining manufacturer's node
The content of text of point, the content of text got is preserved as manufacturer's information;Sequence number is found in searching modul 810
During node, the content of text of the child node of sequence number node is obtained, is carried out the content of text got as equipment Serial Number
Preserve;When searching modul 810 finds cipher key node, the property value of the key algorithm node in cipher key node is obtained, will be obtained
The property value got is preserved as key algorithm information;The property value of the key identification node in cipher key node is obtained, will
The property value got is preserved as key identification;
Second acquisition module 830, for when searching modul 810 finds key value node, being obtained from key value node
Key plain is taken to be preserved,
Or, key ciphertext is obtained from key value node, key ciphertext is decrypted, the key obtained to decryption is bright
Text is preserved;
Display module 840, for searching modul 810 do not find key packet node, cipher key node, back end or
During key value node, error message is shown.
Specifically, above-mentioned second acquisition module 830, specifically for searching plaintext node from key value node, is obtained bright
The content of text of the child node of literary node, the content of text got is preserved as key plain.
Or,
Ciphertext node is searched from key value node, the first encryption method node and first password are searched from ciphertext node
Back end, the property value for obtaining the first encryption key algorithm node in the first encryption method node is used as encryption key algorithm
Information, searches first password value node from first password back end, obtains the text of the child node of first password value node
Content is used as key ciphertext;
Encryption key node is searched from the root node of key file, key name node is searched from encryption key node,
The content of text of child node of key name node is obtained as encryption key name, according to key corresponding with encryption key name, is made
With strategy corresponding with encryption key algorithm information, key ciphertext is decrypted, key plain is obtained.
Further, above-mentioned searching modul 810, is additionally operable to after key value node is found from back end, from
MAC value node is searched in key value node, MAC method nodes are searched from the root node of key file, from MAC method nodes
MAC cipher key nodes are searched, the second encryption method node and the second code data node are searched from MAC cipher key nodes, from second
The second password value node is searched in code data node;
Correspondingly, above-mentioned first acquisition module 820, is additionally operable to obtain the content of text conduct of the child node of MAC value node
The property value of MAC algorithm nodes in digest value, acquisition MAC method nodes obtains the second encryption method as MAC algorithm informations
The property value of the second encryption key algorithm node in node obtains the second password value node as encryption key algorithm information
The content of text of child node, according to the corresponding key of encryption key name, is believed as MAC key ciphertexts using with encryption key algorithm
Corresponding strategy is ceased, MAC key ciphertexts are decrypted, MAC keys are obtained;
Above-mentioned decoding apparatus, also includes:
Summarization module 850, for the MAC keys got according to the first acquisition module 820, makes a summary to key plain
Processing;
Judge module 860, for judge the obtained digest value of the summary of summarization module 850 processing whether with the first acquisition module
820 digest value obtained from MAC value node are identical;
Second acquisition module 830, specifically for obtaining key ciphertext from key value node, is solved to key ciphertext
It is close, key plain is obtained, and judge that the digest value that the processing of the summary of summarization module 850 is obtained is obtained with first in judge module 860
When the digest value that modulus block 820 is obtained from the MAC value node in key value node is identical, key plain is preserved;
Display module 840, is additionally operable to judge the digest value that the processing of the summary of summarization module 850 is obtained in judge module 860
When different from the digest value that the first acquisition module 820 is obtained from the MAC value node in key value node, error message is shown.
Further, above-mentioned searching modul 810, is additionally operable to after cipher key node is found from key packet node, from
Publisher's node is searched in cipher key node;
Correspondingly, above-mentioned first acquisition module 820, is additionally operable to when searching modul 810 finds publisher's node, obtains
The content of text of the child node of publisher's node, is preserved the content of text got as publisher's information.
Further, above-mentioned searching modul 810, be additionally operable to found from key packet node facility information node it
Afterwards, equipment user's mark node is searched in slave unit information node;
Correspondingly, above-mentioned first acquisition module 820, is additionally operable to find equipment user's mark node in searching modul 810
When, the content of text of the child node of equipment user's mark node is obtained, the content of text got is identified as equipment user
Preserved.
Further, above-mentioned searching modul 810, is additionally operable to find key packet node in the root node from key file
Afterwards, crypto module node is searched from key packet node, crypto module mark node is searched from crypto module node;
Correspondingly, above-mentioned first acquisition module 820, is additionally operable to find crypto module mark node in searching modul 810
When, the content of text of the child node of crypto module mark node is obtained, the content of text got is identified as crypto module
Preserved.
Further, above-mentioned searching modul 810, is additionally operable to after cipher key node is found from key packet node, from
Cipher key user mark node is searched in cipher key node;
Correspondingly, above-mentioned first acquisition module 820, is additionally operable to find cipher key user mark node in searching modul 810
When, the content of text of the child node of cipher key user mark node is obtained, the content of text got is identified as cipher key user
Preserved.
Further, above-mentioned searching modul 810, is additionally operable to after cipher key node is found from key packet node, from
Search strategy node in cipher key node, searches from date node, termination date node and key purposes section from polices node
Point;
Correspondingly, above-mentioned first acquisition module 820, is additionally operable to, when searching modul 810 finds from date node, obtain
The content of text of the child node of from date node is taken, is preserved the content of text got as key from date;
When searching modul 810 finds termination date node, the content of text of the child node of termination date node is obtained, will be got
Content of text as key termination the date preserved;When searching modul 810 finds key purposes node, key is obtained
The content of text of the child node of purposes node, is preserved the content of text got as key purposes information.
Further, above-mentioned searching modul 810, is additionally operable to after cipher key node is found from key packet node, from
Lookup algorithm Parameter nodes in cipher key node, search answer code form node from algorithm parameter node;From cipher key node
Find after back end, timing node, time interval node and time migration node are searched from back end, from the time
Second plaintext node is searched in node, the 3rd plaintext node is searched from time interval node, is searched from time migration node
4th plaintext node;
Correspondingly, above-mentioned first acquisition module 820, is additionally operable to when searching modul 810 finds answer code form node,
The property value of the response code length node in answer code form node is obtained, is entered the property value got as response code length
Row preserve, obtain answer code form node in answer code coding information node property value, using the property value got as
Answer code coding information is preserved;When searching modul 810 finds second plaintext node, the son of second plaintext node is obtained
The content of text of node, is preserved the content of text got as the initial value of time factor;Looked into searching modul 810
When finding the 3rd plaintext node, obtain the 3rd plaintext node child node content of text, using the content of text got as
Time interval value is preserved;When searching modul 810 finds the 4th plaintext node, the child node of the 4th plaintext node is obtained
Content of text, preserved the content of text got as the initial value of time offset.
Further, above-mentioned searching modul 810, is additionally operable to after cipher key node is found from key packet node, from
Lookup algorithm Parameter nodes in cipher key node, search answer code form node from algorithm parameter node;From cipher key node
Find after back end, counter node is searched from back end, the 5th plaintext node is searched from counter node;
Correspondingly, above-mentioned first acquisition module 820, is additionally operable to when searching modul 810 finds answer code form node,
The property value of the response code length node in answer code form node is obtained, is entered the property value got as response code length
Row preserve, obtain answer code form node in answer code coding information node property value, using the property value got as
Answer code coding information is preserved;When searching modul 810 finds the 5th plaintext node, the son of the 5th plaintext node is obtained
The content of text of node, the initial value of the content of text got as event factor is preserved.
The beneficial effect that the present invention reaches:Decoding apparatus is decoded to the key file of consolidation form, obtains key letter
Breath so that Verification System can perform unified handling process to the key information that multiple equipment manufacturer configures, and alleviate certification
The work load of system.
Hardware, computing device can be directly used with reference to the step in the method that the embodiments described herein is described
Software module, or the two combination are implemented.Software module can be placed in random access memory (RAM), internal memory, read-only storage
(ROM), electrically programmable ROM, electrically erasable ROM, register, hard disk, moveable magnetic disc, CD-ROM or technical field
In any other form of storage medium well known to interior.
The foregoing is only a specific embodiment of the invention, but protection scope of the present invention is not limited thereto, any
Those familiar with the art the invention discloses technical scope in, change or replacement can be readily occurred in, should all be contained
Cover within protection scope of the present invention.Therefore, protection scope of the present invention described should be defined by scope of the claims.
Claims (46)
1. a kind of method of work for the device for realizing key information coding, it is characterised in that comprise the following steps:
S1, code device generation cryptographic key containers node, the cryptographic key containers node is added in key file as root node;
S2, code device generation key packet node, the son of the key packet node as the cryptographic key containers node is saved
Point is added in the cryptographic key containers node;
S3, the code device generation facility information node, using the facility information node as the key packet node son
Node is added in the key packet node;
S4, code device generation manufacturer's node and sequence number node, manufacturer's node and the sequence number node are made
It is added to for the child node of the facility information node in the facility information node, from the key attribute list of key information
Manufacturer's information and equipment Serial Number are read, is added to the manufacturer's information as text node in manufacturer's node, by institute
Equipment Serial Number is stated as text node to be added in the sequence number node;
S5, code device generation cipher key node, are added the cipher key node as the child node of the key packet node
Into the key packet node;
S6, the code device read key identification, key algorithm information and key plain, root from the key attribute list
Key identification node is generated according to the key identification, key algorithm node is generated according to the key algorithm information, will be described close
Key identifies node and the key algorithm node is added in the cipher key node as attribute node;The code device generation
Back end, is added to the back end as the child node of the cipher key node in the cipher key node;The coding
Device generates key value node, and the child node of key value node as the back end is added into the back end
In, the key plain or key ciphertext corresponding with the key plain are added in the key value node.
2. the method as described in claim 1, it is characterised in that the key plain is added to described close by the code device
Before in key value node, also include:
The code device reads cipher key delivery mode from the key information, and judges that the cipher key delivery mode is bright
Text transmission;
The key plain is added in the key value node by the code device, is specially:
The code device generates the first plaintext node, using the first plaintext node as the key value node child node
It is added in the key value node, is added to the key plain as text node in the first plaintext node.
3. the method as described in claim 1, it is characterised in that after the step S1, also include:
The code device reads cipher key delivery mode from the key information, and judges that the cipher key delivery mode is not
Plaintext transmission;
The code device generates encryption key node, and the son of the encryption key node as the cryptographic key containers node is saved
Point is added in the cryptographic key containers node;The code device generates key name node, regard the key name node as institute
The child node for stating encryption key node is added in the encryption key node;The code device is read from the key information
Encryption key name is taken, encryption key name is added in the key name node as text node;
Key ciphertext corresponding with the key plain is added in the key value node by the code device, is specially:
The code device generates ciphertext node, and the child node of the ciphertext node as the key value node is added into institute
State in key value node;
The code device generates the first encryption method node and first password back end, by the first encryption method node
It is added to the first password back end as the child node of the ciphertext node in the ciphertext node;The coding dress
The reading encryption key algorithm information from the key information is put, it is close according to the encryption of encryption key algorithm information generation first
Key algorithm node, the first encryption method node is added to using the first encryption key algorithm node as attribute node
In;The code device generates first password value node, regard the first password value node as the first password data section
The child node of point is added in the first password back end;The code device is according to corresponding with encryption key name
Key, using strategy corresponding with the encryption key algorithm information, the key plain is encrypted, and will encrypt what is obtained
Key ciphertext is added in the first password value node as text node.
4. method as claimed in claim 3, it is characterised in that before the step S2, also include:
The code device generates MAC method nodes, using the MAC methods node as the cryptographic key containers node child node
It is added in the cryptographic key containers node;
The code device reads MAC algorithm informations from the key information, and generating MAC according to the MAC algorithm informations calculates
Method node, is added to the MAC algorithms node as attribute node in the MAC methods node;The code device generation
MAC cipher key nodes, the MAC methods node is added to using the MAC cipher key nodes as the child node of the MAC methods node
In;The code device generates the second encryption method node and the second code data node, by the second encryption method node
It is added to the second code data node as child node in the MAC cipher key nodes;The code device is from described close
Encryption key algorithm information is read in key information, the second encryption key algorithm section is generated according to the encryption key algorithm information
Point, is added to the second encryption key algorithm node as attribute node in the second encryption method node;It is described to compile
Code device generate the second password value node, using the second password value node as the second code data node child node
It is added in the second code data node;The code device reads MAC keys from the key information, according to institute
The corresponding key of encryption key name is stated, using strategy corresponding with the encryption key algorithm information, the MAC keys are carried out
Encryption, the ciphertext that encryption is obtained is added in the second password value node as text node;
After the code device generation key value node, also include:
The code device generates MAC value node, and the child node of the MAC value node as the key value node is added to
In the key value node;
The code device is bright to the key using strategy corresponding with the MAC algorithm informations according to the MAC keys
Text carries out summary processing, is added to obtained digest value as text node in the MAC value node.
5. the method as described in claim 1, it is characterised in that before the step S2, also include:
The key attribute list that S7, the code device choose a not processed mistake from key information is used as the current list;
The code device reads manufacturer's information and equipment Serial Number from the key attribute list of key information, is specially:
The code device reads manufacturer's information and equipment Serial Number from the current list;
The code device reads key identification, key algorithm information and key plain from the key attribute list, specifically
For:
The code device reads key identification, key algorithm information and key plain from the current list;
After the step S6, also include:
The code device judges the key attribute list with the presence or absence of not processed mistake in the key information, if it is,
Return to step S7;Otherwise, flow is terminated.
6. the method as described in claim 1, it is characterised in that after the code device generation cipher key node, also include:
The code device generates publisher's node, and publisher's node is added to as the child node of the cipher key node
In the cipher key node, publisher's information is read from the key attribute list, publisher's information is regard as text section
Point is added in publisher's node.
7. the method as described in claim 1, it is characterised in that after the code device generation facility information node, also wrap
Include:
The code device generation equipment user mark node, regard equipment user mark node as the facility information section
The child node of point is added in the facility information node, equipment user's mark is read from the key attribute list, by institute
Equipment user's mark is stated as text node to be added in equipment user's mark node.
8. the method as described in claim 1, it is characterised in that after the code device generation key packet node, also include:
The code device generates crypto module node, using the crypto module node as the key packet node child node
It is added in the key packet node, generation crypto module mark node identifies the crypto module node as described close
The child node of code Module nodes is added in the crypto module node, and crypto module mark is read from the key attribute list
Know, crypto module mark is added into the crypto module as text node identifies in node.
9. the method as described in claim 1, it is characterised in that after the code device generation cipher key node, also include:
The code device generation cipher key user mark node, regard cipher key user mark node as the cipher key node
Child node is added in the cipher key node, and cipher key user mark is read from the key attribute list, the key is used
Family mark is added to the cipher key user as text node and identified in node.
10. the method as described in claim 1, it is characterised in that after the code device generation cipher key node, also include:
The code device generation strategy node, the child node of the polices node as the cipher key node is added to described
In cipher key node, generation from date node, termination date node and key purposes node, by the from date node, institute
State termination date node and the key purposes node be added in the polices node as the child node of the polices node,
Key from date, key termination date and key purposes information are read from the key attribute list, the key is risen
Date beginning is added in the from date node as text node, and the key termination date is added as text node
Into the termination date node, it is added to the key purposes information as text node in the key purposes node.
11. the method as described in claim 1, it is characterised in that after the code device generation cipher key node, also include:
The code device generating algorithm Parameter nodes, the algorithm parameter node is added as the child node of the cipher key node
It is added in the cipher key node, generates answer code form node, regard the answer code form node as the algorithm parameter section
The child node of point is added in the algorithm parameter node, and response code length and answer code are read from the key attribute list
Coding information, according to the response code length generation response code length node, generates according to the answer code coding information and responds
Code coding information node, the response code length node and the answer code coding information node are added to as attribute node
In the answer code form node;
After the code device generation back end, also include:
The code device generates timing node, the child node of the timing node as the back end is added to described
In back end, second plaintext node is generated, the child node of second plaintext node as the timing node is added to
In the timing node, the initial value of the read access time factor from the key attribute list, by the initial of the time factor
Value is added in the second plaintext node as text node;
The code device generates time interval node, and the child node of time interval node as the back end is added
It is added in the back end, generates the 3rd plaintext node, regard the 3rd plaintext node as the time interval node
Child node is added in the time interval node, the read access time spacing value from the key attribute list, by the time
Spacing value is added in the 3rd plaintext node as text node;
The code device generates time migration node, and the child node of time migration node as the back end is added
It is added in the back end, generates the 4th plaintext node, regard the 4th plaintext node as the time migration node
Child node is added in the time migration node, the initial value of read access time offset from the key attribute list, will
The initial value of the time offset is added in the 4th plaintext node as text node.
12. the method as described in claim 1, it is characterised in that after the code device generation cipher key node, also include:
The code device generating algorithm Parameter nodes, the algorithm parameter node is added as the child node of the cipher key node
It is added in the cipher key node, generates answer code form node, regard the answer code form node as the algorithm parameter section
The child node of point is added in the algorithm parameter node, and response code length and answer code are read from the key attribute list
Coding information, according to the response code length generation response code length node, generates according to the answer code coding information and responds
Code coding information node, the response code length node and the answer code coding information node are added to as attribute node
In the answer code form node;
After the code device generation back end, also include:
The code device generates counter node, and the child node of counter node as the back end is added to
In the back end, generate the 5th plaintext node, using the 5th plaintext node as the counter node child node
Be added in the counter node, from the key attribute list read event factor initial value, by the event because
The initial value of son is added in the 5th plaintext node as text node.
13. a kind of method of work for the device for realizing key information decoding, it is characterised in that comprise the following steps:
S1, decoding apparatus search key packet node from the root node of key file, if found, and perform step S2;It is no
Then, error message is shown, terminates flow;
S2, the decoding apparatus search facility information node from the key packet node, are looked into from the facility information node
Manufacturer's node and sequence number node are looked for, the content of text of the child node of manufacturer's node is obtained, by the content of text got
Preserved as manufacturer's information, the content of text of the child node of the sequence number node is obtained, by the content of text got
Preserved as equipment Serial Number;
S3, the decoding apparatus search cipher key node from the key packet node, if found, and perform step S4;It is no
Then, error message is shown, terminates flow;
S4, the decoding apparatus obtain the property value of the key algorithm node in the cipher key node, by the property value got
Preserved as key algorithm information;The property value of the key identification node in the cipher key node is obtained, by what is got
Property value is preserved as key identification;
S5, the decoding apparatus searching data node from the cipher key node, if found, perform step S6;Otherwise,
Error message is shown, terminates flow;
S6, the decoding apparatus search key value node from the back end, if found, and perform step S7;It is no
Then, error message is shown, terminates flow;
S7, the decoding apparatus obtain key plain from the key value node and preserved,
Or, the decoding apparatus obtains key ciphertext from the key value node, and the key ciphertext is decrypted, right
Obtained key plain is decrypted to be preserved.
14. method as claimed in claim 13, it is characterised in that the decoding apparatus obtains close from the key value node
Key is preserved in plain text, is specially:
The decoding apparatus searches the first plaintext node from the key value node, obtains the son section of the first plaintext node
The content of text of point, the content of text got is preserved as key plain.
15. method as claimed in claim 13, it is characterised in that the decoding apparatus obtains close from the key value node
Key ciphertext, the key ciphertext is decrypted, and the key plain that decryption is obtained is preserved, and is specially:
The decoding apparatus searches ciphertext node from the key value node, and the first encryption side is searched from the ciphertext node
Method node and first password back end, obtain the category of the first encryption key algorithm node in the first encryption method node
Property value as encryption key algorithm information, first password value node is searched from the first password back end, is obtained described
The content of text of the child node of first password value node is used as key ciphertext;
The decoding apparatus searches encryption key node from the root node of the key file, from the encryption key node
Search key name node, obtain the content of text of child node of the key name node as encryption key name, according to it is described
The corresponding key of encryption key name, using strategy corresponding with the encryption key algorithm information, is carried out to the key ciphertext
Decryption, obtains key plain.
16. method as claimed in claim 15, it is characterised in that the decoding apparatus finds close from the back end
After key value node, also include:
The decoding apparatus searches MAC method nodes from the root node of the key file, obtains in the MAC methods node
MAC algorithm nodes property value as MAC algorithm informations, from the MAC methods node search MAC cipher key nodes, from institute
State and the second encryption method node and the second code data node are searched in MAC cipher key nodes, obtain the second encryption method section
The property value of the second encryption key algorithm node in point is as encryption key algorithm information, from the second code data node
The second password value node of middle lookup, obtains the content of text of child node of the second password value node as MAC key ciphertexts,
According to the corresponding key of encryption key name, believe using with the encryption key algorithm in the second encryption method node
Corresponding strategy is ceased, the MAC keys ciphertext is decrypted, MAC keys are obtained;
The decoding apparatus carries out summary processing according to the MAC keys to the key plain, judges what summary processing was obtained
Whether digest value is identical with the digest value obtained from the MAC value node in the key value node, if it is, to described close
Key is preserved in plain text;Otherwise, error message is shown, terminates flow.
17. method as claimed in claim 13, it is characterised in that the decoding apparatus is found from the key packet node
After cipher key node, also include:
The decoding apparatus searches publisher's node from the cipher key node, obtains the text of the child node of publisher's node
This content, is preserved the content of text got as publisher's information.
18. method as claimed in claim 13, it is characterised in that the decoding apparatus is found from the key packet node
After facility information node, also include:
The decoding apparatus searches equipment user's mark node from the facility information node, obtains equipment user's mark
The content of text of the child node of node, is preserved the content of text got as equipment user's mark.
19. method as claimed in claim 13, it is characterised in that the decoding apparatus is searched from the root node of key file
To after key packet node, also include:
The decoding apparatus searches crypto module node from the key packet node, is searched from the crypto module node close
Code module id node, obtains the content of text of the child node of the crypto module mark node, by the content of text got
Preserved as crypto module mark.
20. method as claimed in claim 13, it is characterised in that the decoding apparatus is found from the key packet node
After cipher key node, also include:
The decoding apparatus searches cipher key user mark node from the cipher key node, obtains the cipher key user mark node
Child node content of text, using the content of text got as cipher key user mark preserved.
21. method as claimed in claim 13, it is characterised in that the decoding apparatus is found from the key packet node
After cipher key node, also include:
Decoding apparatus search strategy node from the cipher key node, searches from date section from the polices node
Point, termination date node and key purposes node, obtain the content of text of the child node of the from date node, will get
Content of text preserved as key from date;The content of text of the child node of the termination date node is obtained, will
The content of text got is preserved as the key termination date;In the text for the child node for obtaining the key purposes node
Hold, preserved the content of text got as key purposes information.
22. method as claimed in claim 13, it is characterised in that the decoding apparatus is found from the key packet node
After cipher key node, also include:
Decoding apparatus lookup algorithm Parameter nodes from the cipher key node, search response from the algorithm parameter node
Code form node, obtains the property value of the response code length node in the answer code form node, by the property value got
Preserved as response code length, obtain the property value of the answer code coding information node in the answer code form node,
Preserved the property value got as answer code coding information;
The decoding apparatus is found from the cipher key node after back end, is also included:
The decoding apparatus searches timing node, time interval node and time migration node from the back end, from institute
Lookup second plaintext node in timing node is stated, the content of text of the child node of the second plaintext node is obtained, will get
Content of text preserved as the initial value of time factor;The 3rd plaintext node is searched from the time interval node,
The content of text of the child node of the 3rd plaintext node is obtained, the content of text got is protected as time interval value
Deposit;The 4th plaintext node is searched from the time migration node, in the text for the child node for obtaining the 4th plaintext node
Hold, preserved the content of text got as the initial value of time offset.
23. method as claimed in claim 13, it is characterised in that the decoding apparatus is found from the key packet node
After cipher key node, also include:
Decoding apparatus lookup algorithm Parameter nodes from the cipher key node, search response from the algorithm parameter node
Code form node, obtains the property value of the response code length node in the answer code form node, by the property value got
Preserved as response code length, obtain the property value of the answer code coding information node in the answer code form node,
Preserved the property value got as answer code coding information;
The decoding apparatus is found from the cipher key node after back end, is also included:
The decoding apparatus searches counter node from the back end, and the 5th is searched from the counter node in plain text
Node, obtains the content of text of the child node of the 5th plaintext node, regard the content of text got as event factor
Initial value is preserved.
24. a kind of code device, it is characterised in that including:
Read module, for from the key attribute list of key information read manufacturer's information, equipment Serial Number, key identification,
Key algorithm information and key plain;
Generation module, for generating cryptographic key containers node, key file is added to using the cryptographic key containers node as root node
In;Key packet node is generated, the child node of the key packet node as the cryptographic key containers node is added to the key
In container node;Facility information node and cipher key node are generated, the facility information node and the cipher key node is regard as institute
The child node for stating key packet node is added in the key packet node;
Manufacturer's node and sequence number node are generated, manufacturer's node and the sequence number node is regard as the facility information section
The child node of point is added in the facility information node;The manufacturer's information that the read module is read is used as text
Node is added in manufacturer's node, and the equipment Serial Number that the read module is read is added as text node
Into the sequence number node;
The key algorithm information read according to the read module generates key algorithm node, according to the read module
The key identification generation key identification node read, regard the key identification node and the key algorithm node as attribute
Node is added in the cipher key node;Generate back end, using the back end as the cipher key node child node
It is added in the cipher key node;Generate key value node, using the key value node as the back end child node
It is added in the back end;
Add module, for the key plain for reading the read module or key corresponding with the key plain
Ciphertext is added in the key value node.
25. code device as claimed in claim 24, it is characterised in that
The read module, is additionally operable to from the key information read cipher key delivery mode;
The code device, also includes:
First judge module, for judging whether the cipher key delivery mode is plaintext transmission;
The add module, specifically for judging that the cipher key delivery mode is plaintext transmission in first judge module
When, the first plaintext node is generated, the child node of the first plaintext node as the key value node is added to described close
In key value node, the key plain that the read module is read is added to described first as text node and saved in plain text
Point in.
26. code device as claimed in claim 24, it is characterised in that
The read module, is additionally operable to read cipher key delivery mode, encryption key name and encryption key from the key information
Algorithm information;
The code device, also includes:
First judge module, for judging whether the cipher key delivery mode is plaintext transmission;
The generation module, is additionally operable to generate encryption key node, regard the encryption key node as the cryptographic key containers section
The child node of point is added in the cryptographic key containers node;Key name node is generated, the key name node is added as described
The child node of close cipher key node is added in the encryption key node;The encryption key that the read module is read
Name is added in the key name node as text node;
The add module, specifically for judging that the cipher key delivery mode is not plaintext transmission in first judge module
When, ciphertext node is generated, the child node of the ciphertext node as the key value node is added to the key value node
In;The first encryption method node and first password back end are generated, by the first encryption method node and described first close
Code back end is added in the ciphertext node as the child node of the ciphertext node;Read according to the read module
The encryption key algorithm information generate the first encryption key algorithm node, using the first encryption key algorithm node as
Attribute node is added in the first encryption method node;First password value node is generated, by the first password value node
It is added to as the child node of the first password back end in the first password back end;According to close with the encryption
The corresponding key of key name, using strategy corresponding with the encryption key algorithm information, the key plain is encrypted, will
Obtained key ciphertext is encrypted as text node to be added in the first password value node.
27. code device as claimed in claim 26, it is characterised in that
The read module, is additionally operable to from the key information read MAC algorithm informations, encryption key algorithm information and MAC
Key;
The generation module, is additionally operable to generate MAC method nodes, regard the MAC methods node as the cryptographic key containers node
Child node be added in the cryptographic key containers node;The MAC algorithm informations generation read according to the read module
MAC algorithm nodes, are added to the MAC algorithms node as attribute node in the MAC methods node;Generate MAC keys
Node, is added to the MAC cipher key nodes as the child node of the MAC methods node in the MAC methods node;Generation
Second encryption method node and the second code data node, by the second encryption method node and the second code data section
Point is added in the MAC cipher key nodes as child node;The encryption key algorithm read according to the read module
Information generates the second encryption key algorithm node, the second encryption key algorithm node is added to as attribute node described
In second encryption method node;The second password value node is generated, the second password value node is regard as the second password number
It is added to according to the child node of node in the second code data node;According to the encryption read with the read module
The corresponding key of key name, using strategy corresponding with the encryption key algorithm information, reads to the read module
The MAC keys are encrypted, and the ciphertext that encryption is obtained is added in the second password value node as text node;It is raw
Into MAC value node, the child node of the MAC value node as the key value node is added in the key value node;
The MAC keys read according to the read module, use the MAC algorithm informations read with the read module
Corresponding strategy, carries out summary processing to the key plain, the MAC is added to using obtained digest value as text node
In value node.
28. code device as claimed in claim 24, it is characterised in that also include:
Selecting module, for choosing the key attribute list of a not processed mistake from the key information as working as prostatitis
Table;
The read module, specifically for reading manufacturer's information, equipment sequence in the current list for being chosen from the selecting module
Number, key identification, key algorithm information and key plain;
The code device, also includes:
Second judge module, in the add module that the key plain or key corresponding with the key plain is close
After text is added in the key value node, judge that the key attribute in the key information with the presence or absence of not processed mistake is arranged
Table, if it is, triggering the key attribute list that the selecting module chooses a not processed mistake from the key information
It is used as the current list;Otherwise, it determines end-of-encode.
29. code device as claimed in claim 24, it is characterised in that
The read module, is additionally operable to from the key attribute list read publisher's information;
The generation module, is additionally operable to generate publisher's node, is saved publisher's node as the son of the cipher key node
Point is added in the cipher key node, is added to publisher's information as text node in publisher's node.
30. code device as claimed in claim 24, it is characterised in that
The read module, is additionally operable to read equipment user's mark from the key attribute list;
The generation module, is additionally operable to generation equipment user's mark node, equipment user mark node is set as described
The child node of standby information node is added in the facility information node, and equipment user mark is added as text node
Into equipment user mark node.
31. code device as claimed in claim 24, it is characterised in that
The read module, is additionally operable to read crypto module mark from the key attribute list,
The generation module, is additionally operable to generate crypto module node, regard the crypto module node as the key packet node
Child node be added in the key packet node, generation crypto module mark node, by the crypto module mark node make
Child node for the crypto module node is added in crypto module node, regard crypto module mark as text node
It is added in the crypto module mark node.
32. code device as claimed in claim 24, it is characterised in that
The read module, is additionally operable to read cipher key user mark from the key attribute list;
The generation module, is additionally operable to generation cipher key user mark node, the cipher key user is identified to node as described close
The child node of key node is added in the cipher key node, cipher key user mark is added to as text node described close
In key user mark node.
33. code device as claimed in claim 24, it is characterised in that
The read module, is additionally operable to read key from date, key termination date and close from the key attribute list
Key purposes information;
The generation module, is additionally operable to generation strategy node, and the child node of the polices node as the cipher key node is added
It is added in the cipher key node, generation from date node, termination date node and key purposes node, by the from date
Node, the termination date node and the key purposes node are added to the strategy as the child node of the polices node
In node, it is added to the key from date as text node in the from date node, the key is terminated
Date is added in the termination date node as text node, and the key purposes information is added to as text node
In the key purposes node.
34. code device as claimed in claim 24, it is characterised in that
The read module, is additionally operable to read response code length, answer code coding information, time from the key attribute list
The initial value of the initial value of the factor, time interval value and time offset;
The generation module, is additionally operable to generating algorithm Parameter nodes, regard the algorithm parameter node as the cipher key node
Child node is added in the cipher key node, generates answer code form node, and the answer code form node is calculated as described
The child node of method Parameter nodes is added in the algorithm parameter node, according to the response code length generation response code length section
Point, answer code coding information node is generated according to the answer code coding information, by the response code length node and the sound
Code coding information node is answered to be added to as attribute node in the answer code form node;Timing node is generated, when will be described
Intermediate node is added in the back end as the child node of the back end, generates second plaintext node, by described the
Two plaintext nodes are added in the timing node as the child node of the timing node, by the initial value of the time factor
It is added to as text node in the second plaintext node;Generate time interval node, using the time interval node as
The child node of the back end is added in the back end, the 3rd plaintext node is generated, by the 3rd plaintext node
It is added to as the child node of the time interval node in the time interval node, regard the time interval value as text
Node is added in the 3rd plaintext node;Time migration node is generated, the time migration node is regard as the data
The child node of node is added in the back end, generates the 4th plaintext node, using the 4th plaintext node as described
The child node of time migration node is added in the time migration node, regard the initial value of the time offset as text
Node is added in the 4th plaintext node.
35. code device as claimed in claim 24, it is characterised in that
The read module, is additionally operable to read response code length, answer code coding information and thing from the key attribute list
The initial value of the part factor;
The generation module, is additionally operable to generating algorithm Parameter nodes, regard the algorithm parameter node as the cipher key node
Child node is added in the cipher key node, generates answer code form node, and the answer code form node is calculated as described
The child node of method Parameter nodes is added in the algorithm parameter node, according to the response code length generation response code length section
Point, answer code coding information node is generated according to the answer code coding information, by the response code length node and the sound
Code coding information node is answered to be added to as attribute node in the answer code form node;Counter node is generated, will be described
Counter node is added in the back end as the child node of the back end, the 5th plaintext node is generated, by institute
State the 5th plaintext node as the child node of the counter node to be added in the counter node, by the event factor
Initial value be added to as text node in the 5th plaintext node.
36. a kind of decoding apparatus, it is characterised in that including:
Searching modul, for searching key packet node from the root node of key file, if finding the key packet node,
Facility information node is then searched from the key packet node, manufacturer's node, sequence number are searched from the facility information node
Node, cipher key node is searched from the key packet node;If finding the cipher key node, from the cipher key node
Searching data node;If finding the back end, key value node is searched from the back end;
First acquisition module, for when the searching modul finds manufacturer's node, obtaining the son of manufacturer's node
The content of text of node, the content of text got is preserved as manufacturer's information;Institute is found in the searching modul
When stating sequence number node, the content of text of the child node of the sequence number node is obtained, using the content of text got as setting
Standby sequence number is preserved;When the searching modul finds the cipher key node, the key in the cipher key node is obtained
The property value of algorithm node, is preserved the property value got as key algorithm information;Obtain in the cipher key node
Key identification node property value, the property value got is preserved as key identification;
Second acquisition module, for when the searching modul finds key value node, being obtained from the key value node
Key plain is preserved,
Or, key ciphertext is obtained from the key value node, the key ciphertext is decrypted, what decryption was obtained is close
Key is preserved in plain text;
Display module, for not finding the key packet node, the cipher key node, the data in the searching modul
When node or the key value node, error message is shown.
37. decoding apparatus as claimed in claim 36, it is characterised in that
Second acquisition module, specifically for searching the first plaintext node from the key value node, obtains described first
The content of text of the child node of plaintext node, the content of text got is preserved as key plain.
38. decoding apparatus as claimed in claim 36, it is characterised in that
Second acquisition module, specifically for searching ciphertext node from the key value node, from the ciphertext node
The first encryption method node and first password back end are searched, the first encryption obtained in the first encryption method node is close
The property value of key algorithm node searches first password value as encryption key algorithm information from the first password back end
Node, the content of text for obtaining the child node of the first password value node is used as key ciphertext;
Encryption key node is searched from the root node of the key file, key reputation and integrity are searched from the encryption key node
Point, obtains the content of text of child node of the key name node as encryption key name, according to right with encryption key name
The key answered, using strategy corresponding with the encryption key algorithm information, is decrypted to the key ciphertext, obtains key
In plain text.
39. decoding apparatus as claimed in claim 38, it is characterised in that
The searching modul, is additionally operable to after key value node is found from the back end, from the key value section
MAC value node is searched in point, MAC method nodes are searched from the root node of the key file, from the MAC methods node
MAC cipher key nodes are searched, the second encryption method node and the second code data node are searched from the MAC cipher key nodes, from
The second password value node is searched in the second code data node;
First acquisition module, is additionally operable to obtain the content of text of the child node of the MAC value node as digest value, obtains
The property value of MAC algorithm nodes in the MAC methods node obtains the second encryption method section as MAC algorithm informations
The property value of the second encryption key algorithm node in point obtains the second password value node as encryption key algorithm information
Child node content of text as MAC key ciphertexts, according to the corresponding key of encryption key name, using with described second
The corresponding strategy of the encryption key algorithm information in encryption method node, is decrypted to the MAC keys ciphertext, obtains
MAC keys;
The decoding apparatus, also includes:
Summarization module, for the MAC keys got according to first acquisition module, is plucked to the key plain
Handle;
Judge module, for judge digest value that summarization module summary processing obtains whether with first acquisition module from
The digest value obtained in the MAC value node is identical;
Second acquisition module, specifically for obtaining key ciphertext from the key value node, enters to the key ciphertext
Row decryption, obtains key plain, and the judge module judge digest value that the summarization module summary processing obtains with
When the digest value that first acquisition module is obtained from the MAC value node in the key value node is identical, to the key
Preserved in plain text;
The display module, be additionally operable to the judge module judge digest value that summarization module summary processing obtains with
When the digest value that first acquisition module is obtained from the MAC value node in the key value node is different, display mistake letter
Breath.
40. decoding apparatus as claimed in claim 36, it is characterised in that
The searching modul, is additionally operable to after cipher key node is found from the key packet node, from the cipher key node
Middle lookup publisher's node;
First acquisition module, is additionally operable to when the searching modul finds publisher's node, obtains the distribution
The content of text of Fang Jiedian child node, is preserved the content of text got as publisher's information.
41. decoding apparatus as claimed in claim 36, it is characterised in that
The searching modul, is additionally operable to after facility information node is found from the key packet node, from the equipment
Equipment user's mark node is searched in information node;
First acquisition module, is additionally operable to, when the searching modul finds equipment user's mark node, obtain institute
The content of text of the child node of equipment user's mark node is stated, is protected the content of text got as equipment user's mark
Deposit.
42. decoding apparatus as claimed in claim 36, it is characterised in that
The searching modul, is additionally operable to after key packet node is found from the root node of the key file, from described
Crypto module node is searched in key packet node, crypto module mark node is searched from the crypto module node;
First acquisition module, is additionally operable to, when the searching modul finds the crypto module mark node, obtain institute
The content of text of the child node of crypto module mark node is stated, is protected the content of text got as crypto module mark
Deposit.
43. decoding apparatus as claimed in claim 36, it is characterised in that
The searching modul, is additionally operable to after cipher key node is found from the key packet node, from the cipher key node
Middle lookup cipher key user mark node;
First acquisition module, is additionally operable to, when the searching modul finds the cipher key user mark node, obtain institute
The content of text of the child node of cipher key user mark node is stated, is protected the content of text got as cipher key user mark
Deposit.
44. decoding apparatus as claimed in claim 36, it is characterised in that
The searching modul, is additionally operable to after cipher key node is found from the key packet node, from the cipher key node
Middle search strategy node, searches from date node, termination date node and key purposes node from the polices node;
First acquisition module, is additionally operable to when the searching modul finds the from date node, obtains described rise
The content of text of the child node of beginning date node, is preserved the content of text got as key from date;Institute
State searching modul find it is described termination date node when, obtain it is described termination date node child node content of text, will
The content of text got is preserved as the key termination date;The key purposes node is found in the searching modul
When, the content of text of the child node of the key purposes node is obtained, the content of text got is regard as key purposes information
Preserved.
45. decoding apparatus as claimed in claim 36, it is characterised in that
The searching modul, is additionally operable to after cipher key node is found from the key packet node, from the cipher key node
Middle lookup algorithm Parameter nodes, search answer code form node from the algorithm parameter node;From the cipher key node
Find after back end, timing node, time interval node and time migration node are searched from the back end, from
In the timing node search second plaintext node, from the time interval node search the 3rd plaintext node, from it is described when
Between skew node in search the 4th plaintext node;
First acquisition module, is additionally operable to when the searching modul finds the answer code form node, obtains described
The property value of response code length node in answer code form node, is protected the property value got as response code length
Deposit, obtain the property value of the answer code coding information node in the answer code form node, using the property value got as
Answer code coding information is preserved;When the searching modul finds the second plaintext node, described second is obtained bright
The content of text of the child node of literary node, is preserved the content of text got as the initial value of time factor;Institute
When stating searching modul and finding the 3rd plaintext node, the content of text of the child node of the 3rd plaintext node is obtained, will
The content of text got is preserved as time interval value;The 4th plaintext node is found in the searching modul
When, the content of text of the child node of the 4th plaintext node is obtained, the content of text got is regard as time offset
Initial value is preserved.
46. decoding apparatus as claimed in claim 36, it is characterised in that
The searching modul, is additionally operable to after cipher key node is found from the key packet node, from the cipher key node
Middle lookup algorithm Parameter nodes, search answer code form node from the algorithm parameter node;From the cipher key node
Find after back end, counter node is searched from the back end, the 5th is searched from the counter node
Plaintext node;
First acquisition module, is additionally operable to when the searching modul finds the answer code form node, obtains described
The property value of response code length node in answer code form node, is protected the property value got as response code length
Deposit, obtain the property value of the answer code coding information node in the answer code form node, using the property value got as
Answer code coding information is preserved;When the searching modul finds the 5th plaintext node, the described 5th is obtained bright
The content of text of the child node of literary node, the initial value of the content of text got as event factor is preserved.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410314409.0A CN104092537B (en) | 2014-07-03 | 2014-07-03 | A kind of device and its method of work for realizing key information encoding and decoding |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410314409.0A CN104092537B (en) | 2014-07-03 | 2014-07-03 | A kind of device and its method of work for realizing key information encoding and decoding |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104092537A CN104092537A (en) | 2014-10-08 |
| CN104092537B true CN104092537B (en) | 2017-07-14 |
Family
ID=51640219
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410314409.0A Expired - Fee Related CN104092537B (en) | 2014-07-03 | 2014-07-03 | A kind of device and its method of work for realizing key information encoding and decoding |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104092537B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108038383B (en) * | 2017-11-24 | 2020-08-11 | 北京顶象技术有限公司 | File encryption method, file decryption method and device |
| CN110517389B (en) * | 2019-08-30 | 2021-11-09 | 联永智能科技(上海)有限公司 | Method, device, equipment and storage medium for generating and verifying equipment password |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5487166A (en) * | 1994-09-19 | 1996-01-23 | Amdahl Corporation | Computer with two-dimensional merge tournament sort using offset-value coding |
| CN1337649A (en) * | 2000-07-24 | 2002-02-27 | 索尼公司 | Data processing system and method, and medium for providing programme |
| CN1831900A (en) * | 2005-03-08 | 2006-09-13 | 株式会社东芝 | Decryption apparatus and decryption method |
| CN101542966A (en) * | 2006-11-16 | 2009-09-23 | 索尼株式会社 | Information processing device |
| CN103701833A (en) * | 2014-01-20 | 2014-04-02 | 深圳大学 | Ciphertext access control method and system based on cloud computing platform |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2006086568A (en) * | 2004-09-14 | 2006-03-30 | Sony Corp | Information processing method, decryption processing method, information processing apparatus, and computer program |
-
2014
- 2014-07-03 CN CN201410314409.0A patent/CN104092537B/en not_active Expired - Fee Related
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5487166A (en) * | 1994-09-19 | 1996-01-23 | Amdahl Corporation | Computer with two-dimensional merge tournament sort using offset-value coding |
| CN1337649A (en) * | 2000-07-24 | 2002-02-27 | 索尼公司 | Data processing system and method, and medium for providing programme |
| CN1831900A (en) * | 2005-03-08 | 2006-09-13 | 株式会社东芝 | Decryption apparatus and decryption method |
| CN101542966A (en) * | 2006-11-16 | 2009-09-23 | 索尼株式会社 | Information processing device |
| CN103701833A (en) * | 2014-01-20 | 2014-04-02 | 深圳大学 | Ciphertext access control method and system based on cloud computing platform |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104092537A (en) | 2014-10-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8966276B2 (en) | System and method providing disconnected authentication | |
| US10187200B1 (en) | System and method for generating a multi-stage key for use in cryptographic operations | |
| US7739733B2 (en) | Storing digital secrets in a vault | |
| US8892881B2 (en) | Split key secure access system | |
| CN107251476A (en) | Secret communication is managed | |
| CN105763563A (en) | Identity authentication method during quantum secret key application process | |
| CN104579680B (en) | A kind of method of secure distribution seed | |
| CN106664200A (en) | Controlling access to a resource via a computing device | |
| CN107070660A (en) | A kind of design Storage method of block chain encrypted radio-frequency chip | |
| CN106533663B (en) | Data ciphering method, encryption method, apparatus and data decryption method, decryption method, apparatus | |
| CN110868287A (en) | Authentication encryption ciphertext coding method, system, device and storage medium | |
| CN106548353A (en) | A kind of commodity counterfeit prevention code is generated and verification method | |
| KR20080025121A (en) | Generating a secret key from an asymmetric private key | |
| CN109858255A (en) | Data encryption storage method, device and realization device | |
| CN106685980A (en) | Cryptographic method of large files | |
| CN106059760B (en) | A kind of cryptographic system from user terminal crypto module calling system private key | |
| CN105635135A (en) | Encryption system based on attribute sets and relational predicates and access control method | |
| CN106878322A (en) | A kind of encryption and decryption method of the fixed length ciphertext based on attribute and key | |
| CN102255725A (en) | Random hybrid key encryption/decryption method | |
| CN105339995B (en) | Decrypt device, decryption capabilities provide device, its method and recording medium | |
| TW201003451A (en) | Safety storage device with two-stage symmetrical encryption algorithm | |
| CN106789053A (en) | Random ciphertext generation method and system, decryption method and system | |
| CN104092537B (en) | A kind of device and its method of work for realizing key information encoding and decoding | |
| Zenner | Why IV setup for stream ciphers is difficult | |
| CN103634113B (en) | Encryption and decryption method and device with user/equipment identity authentication |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20170714 |