CN109639409A - Cipher key initialization method, apparatus, electronic equipment and computer readable storage medium - Google Patents

Cipher key initialization method, apparatus, electronic equipment and computer readable storage medium Download PDF

Info

Publication number
CN109639409A
CN109639409A CN201811102728.XA CN201811102728A CN109639409A CN 109639409 A CN109639409 A CN 109639409A CN 201811102728 A CN201811102728 A CN 201811102728A CN 109639409 A CN109639409 A CN 109639409A
Authority
CN
China
Prior art keywords
cipher key
equipment
instruction
key
password
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201811102728.XA
Other languages
Chinese (zh)
Other versions
CN109639409B (en
Inventor
肖淑婷
林孝旦
方海峰
谷胜才
方恒禄
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Advanced New Technologies Co Ltd
Advantageous New Technologies Co Ltd
Original Assignee
Alibaba Group Holding Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alibaba Group Holding Ltd filed Critical Alibaba Group Holding Ltd
Priority to CN201811102728.XA priority Critical patent/CN109639409B/en
Publication of CN109639409A publication Critical patent/CN109639409A/en
Application granted granted Critical
Publication of CN109639409B publication Critical patent/CN109639409B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the invention discloses a kind of cipher key initialization method, apparatus, electronic equipment and computer readable storage mediums, the described method includes: sending cipher key initialization instruction to first password equipment, the cipher key initialization instruction generates the first device keys and target cipher key for triggering first password equipment off-line, and the first proof of identity data of offline write-in, and receive the first equipment public key in the first device keys that first password equipment returns;Cipher key initialization preparation instruction is sent to the second encryption device, the cipher key initialization preparation instruction generates the second device keys for triggering the second encryption device offline, and receives the second equipment public key in the second device keys that the second encryption device returns;The target cipher key is exported from first password equipment, by its second encryption device of online write-in.The technical program can satisfy the demand of high-volume crypto module cipher key initialization, while also will be greatly reduced cost, improves working efficiency, is conducive to the dilatation of crypto module.

Description

Cipher key initialization method, apparatus, electronic equipment and computer readable storage medium
Technical field
The present embodiments relate to field of information security technology, and in particular to a kind of cipher key initialization method, apparatus, electronics Equipment and computer readable storage medium.
Background technique
With the continuous development of information technology, information security issue is outstanding day by day, in the environment of massive information communication, such as What ensures the problem of safety of information system has become whole society's concern, is based on crypto module (cryptographic module) Cryptographic service platform be an effective information security solution infrastructure.The distribution based on crypto module is close Code service platform is used by the cryptographic service platform of multiple servers for being integrated with crypto module mode construction in a distributed manner Crypto module generates and storage work master key, using work master key encryption business cipher key, and the business cipher key of generation is close Text is stored in cryptographic service platform database, and ciphertext is loaded into crypto module again when using business cipher key, using depositing The work master key of storage is decrypted ciphertext to obtain business cipher key.Therefore, in order to be capable of providing cryptographic service platform effectively Distributed cryptographic service ability, it is desirable that the work master key in each crypto module is the same, and crypto module work The initialization for making master key just becomes the basic point and core point of entire cryptographic service platform safety Establishing.
In order to ensure the safety of cipher key initialization, the method for generalling use whole offline cipher key initialization, but due to offline Cipher key initialization generally uses manual operation to complete, therefore is suitable for the cipher key initialization of small lot crypto module, for large quantities of The cipher key initialization for measuring crypto module, can generate huge cost of labor and time cost.
Summary of the invention
The embodiment of the present invention provides a kind of cipher key initialization method, apparatus, electronic equipment and computer readable storage medium.
In a first aspect, providing a kind of cipher key initialization method in the embodiment of the present invention.
Specifically, the cipher key initialization method, comprising:
Cipher key initialization instruction is sent to first password equipment, the cipher key initialization instruction is close for triggering described first Decoding apparatus generates the first device keys and target cipher key, and the first proof of identity data of offline write-in offline, and described in reception The first equipment public key in the first device keys that first password equipment returns;
Cipher key initialization preparation instruction is sent to the second encryption device, the cipher key initialization preparation instruction is for triggering institute It states the second encryption device and generates the second device keys offline, and receive in the second device keys that second encryption device returns The second equipment public key;
The target cipher key is exported from the first password equipment, it is written to second encryption device online.
With reference to first aspect, the embodiment of the present invention is in the first implementation of first aspect, to first password equipment Cipher key initialization instruction is sent, and receives the first equipment public key in the first device keys that the first password equipment returns, Include:
To the first password equipment send the first device keys generate instruction, the first proof of identity data write instruction with And target cipher key generates instruction;
Instruction in response to receiving the first password equipment feedback receives information, by the first proof of identity data Offline write-in first password equipment, and the first device keys for receiving the first password equipment feedback generate successful information, the One equipment public key and target cipher key generate successful information.
With reference to first aspect with the first implementation of first aspect, second in first aspect of the embodiment of the present invention It is described to send cipher key initialization preparation instruction offline to the second encryption device in implementation, and receive second password and set The second equipment public key in standby the second device keys returned, comprising:
Cipher key initialization preparation instruction is sent to second encryption device;
The cipher key initialization for receiving the second encryption device feedback prepares in successful information and the second device keys Second equipment public key.
With reference to first aspect, second of implementation of the first implementation of first aspect and first aspect, this hair Bright embodiment is in the third implementation of first aspect, and described to export the target from the first password equipment close Second encryption device is written in it by key online, comprising:
Obtain tiers e'tat verification data and the second equipment public key;
Target cipher key export instruction is sent to the first password equipment, wherein the target cipher key export instruction carries There are the tiers e'tat verification data and the second equipment public key, the tiers e'tat verification data are used for and first identity school It tests data cooperation and proof of identity is carried out for the first password equipment, the second equipment public key is used to carry out target cipher key Encryption generates target cipher key ciphertext;
Receive the target cipher key ciphertext and signing messages that the first password equipment returns, wherein the signing messages is Signature calculation is carried out to the target cipher key ciphertext according to the first device private in the first device keys to obtain;
The signing messages is verified using the first equipment public key in first device keys, and in response to right It is proved to be successful in the signing messages, second encryption device is written into the target cipher key online.
With reference to first aspect, the first implementation of first aspect, first aspect second of implementation and first The third implementation of aspect, the embodiment of the present invention are described to utilize described the in the 4th kind of implementation of first aspect The first equipment public key in one device keys verifies the signing messages, and in response to verifying for the signing messages Success, is written second encryption device for the target cipher key online, comprising:
The signing messages is verified using the first equipment public key in first device keys;
In response to being proved to be successful for the signing messages, the target cipher key ciphertext is sent to second password and is set It is standby, wherein the target cipher key ciphertext can be decrypted to obtain target cipher key by the second device private in second device keys;
Receive the target cipher key write-in feedback information that the first password equipment returns.
Second aspect provides a kind of cipher key initialization device in the embodiment of the present invention.
Specifically, the cipher key initialization device, comprising:
First sending module is configured as sending cipher key initialization instruction, the cipher key initialization to first password equipment Instruction generates the first device keys and target cipher key, and the first body of offline write-in for triggering the first password equipment off-line Part verification data, and receive the first equipment public key in the first device keys that the first password equipment returns;
Second sending module is configured as sending cipher key initialization preparation instruction to the second encryption device, at the beginning of the key Beginningization preparation instruction generates the second device keys for triggering second encryption device offline, and receives second password and set The second equipment public key in standby the second device keys returned;
Writing module is configured as exporting the target cipher key from the first password equipment, by its online write-in institute State the second encryption device.
In conjunction with second aspect, for the embodiment of the present invention in the first implementation of second aspect, described first sends mould Block includes:
First sending submodule, is configured as sending the first device keys to the first password equipment and generates instruction, the One identity check number generates instruction according to write instruction and target cipher key;
First receiving submodule, the instruction for being configured to respond to receive the first password equipment feedback receive letter First password equipment is written in the first proof of identity off-line data by breath, and receive that the first password equipment feeds back the One device keys generate successful information, the first equipment public key and target cipher key and generate successful information.
In conjunction with the first of second aspect and second aspect implementation, second in second aspect of the embodiment of the present invention In implementation, second sending module includes:
Second sending submodule is configured as sending cipher key initialization preparation instruction to second encryption device;
Second receiving submodule, the cipher key initialization for being configured as receiving the second encryption device feedback prepare successfully to believe The second equipment public key in breath and the second device keys.
In conjunction with the first implementation of second aspect, second aspect and second of implementation of second aspect, this hair In the third implementation of second aspect, the write module includes: bright embodiment
Acquisition submodule is configured as obtaining tiers e'tat verification data and the second equipment public key;
Third sending submodule is configured as sending target cipher key export instruction to the first password equipment, wherein institute It states target cipher key export instruction and carries the tiers e'tat verification data and the second equipment public key, the tiers e'tat check number According to for carrying out proof of identity, second equipment for the first password equipment with the first proof of identity data cooperation Public key is used to carry out target cipher key encryption to generate target cipher key ciphertext;
Third receiving submodule is configured as receiving the target cipher key ciphertext and A.L.S. that the first password equipment returns Breath, wherein the signing messages is to be carried out according to the first device private in the first device keys to the target cipher key ciphertext Signature calculation obtains;
Submodule is written, is configured as using the first equipment public key in first device keys to the signing messages It is verified, and in response to being proved to be successful for the signing messages, second password is written into the target cipher key online Equipment.
In conjunction with the first implementation of second aspect, second aspect, second of implementation and second of second aspect The third implementation of aspect, the embodiment of the present invention is in the 4th kind of implementation of second aspect, said write submodule Include:
Submodule is verified, is configured as using the first equipment public key in first device keys to the signing messages It is verified;
4th sending submodule is configured to respond to be proved to be successful the signing messages, by the target cipher key Ciphertext is sent to second encryption device, wherein the target cipher key ciphertext can be by second in second device keys Device private decrypts to obtain target cipher key;
4th receiving submodule is configured as receiving the target cipher key write-in feedback letter that the first password equipment returns Breath.
The third aspect, the embodiment of the invention provides a kind of electronic equipment, including memory and processor, the memories The computer of cipher key initialization method in above-mentioned first aspect is executed for storing one or more support cipher key initialization device Instruction, the processor is configured to for executing the computer instruction stored in the memory.The cipher key initialization dress Setting can also include communication interface, for cipher key initialization device and other equipment or communication.
Fourth aspect, the embodiment of the invention provides a kind of computer readable storage mediums, for storing cipher key initialization Computer instruction used in device, it includes be cipher key initialization dress for executing cipher key initialization method in above-mentioned first aspect Set related computer instruction.
Technical solution provided in an embodiment of the present invention can include the following benefits:
Above-mentioned technical proposal passes through the combination of off-line operation and on-line operation, hierarchically crypto module is carried out in batches close Key initialization, to most of workload be gone in automatic online process flow, therefore the technical solution can guarantee Under the premise of information security, meets the needs of high-volume crypto module cipher key initialization, while also will be greatly reduced cost of labor And time cost, working efficiency is improved, the subsequent dilatation of crypto module is conducive to.
It should be understood that above general description and following detailed description be only it is exemplary and explanatory, not The embodiment of the present invention can be limited.
Detailed description of the invention
In conjunction with attached drawing, pass through the detailed description of following non-limiting embodiment, other feature, the mesh of the embodiment of the present invention And advantage will be apparent.In the accompanying drawings:
Fig. 1 shows the flow chart of cipher key initialization method according to an embodiment of the present invention;
Fig. 2 shows the flow charts of the step S101 of the cipher key initialization method of embodiment according to Fig. 1;
Fig. 3 shows the flow chart of the step S102 of the cipher key initialization method of embodiment according to Fig. 1;
Fig. 4 shows the flow chart of the step S103 of the cipher key initialization method of embodiment according to Fig. 1;
Fig. 5 shows the flow chart of the step S404 of the cipher key initialization method of embodiment according to Fig.4,;
Fig. 6 shows the structural block diagram of cipher key initialization device according to an embodiment of the present invention;
Fig. 7 shows the structural frames of the first sending module 601 of the cipher key initialization device of embodiment according to Fig.6, Figure;
Fig. 8 shows the structural frames of the second sending module 602 of the cipher key initialization device of embodiment according to Fig.6, Figure;
Fig. 9 shows the structural block diagram of the writing module 603 of the cipher key initialization device of embodiment according to Fig.6,;
Figure 10 shows the structural block diagram of the write-in submodule 904 of the cipher key initialization device of embodiment according to Fig. 9;
Figure 11 shows the structural block diagram of electronic equipment according to an embodiment of the present invention;
Figure 12 is adapted for the computer system for realizing cipher key initialization method according to an embodiment of the present invention Structural schematic diagram.
Specific embodiment
Hereinafter, the illustrative embodiments of the embodiment of the present invention will be described in detail with reference to the attached drawings, so that art technology Them are easily implemented in personnel.In addition, for the sake of clarity, being omitted in the accompanying drawings unrelated with description illustrative embodiments Part.
In embodiments of the present invention, it should be appreciated that the term of " comprising " or " having " etc. is intended to refer in this specification The presence of disclosed feature, number, step, behavior, component, part or combinations thereof, and be not intended to exclude it is one or more its A possibility that his feature, number, step, behavior, component, part or combinations thereof exist or are added.
It also should be noted that in the absence of conflict, the feature in embodiment and embodiment in the present invention It can be combined with each other.Embodiment that the present invention will be described in detail below with reference to the accompanying drawings and embodiments.
Technical solution provided in an embodiment of the present invention by the combination of off-line operation and on-line operation, in batches hierarchically for Crypto module carries out cipher key initialization, to most of workload be gone in automatic online process flow, therefore the technology Scheme can meet the needs of high-volume crypto module cipher key initialization, while can also be big under the premise of ensuring information security It is big to reduce cost of labor and time cost, working efficiency is improved, the subsequent dilatation of crypto module is conducive to.
Fig. 1 shows the flow chart of cipher key initialization method according to an embodiment of the present invention, and the method can be applied to Server end, as shown in Figure 1, the cipher key initialization method includes the following steps S101-S103:
In step s101, cipher key initialization instruction is sent to first password equipment, the cipher key initialization instruction is used for It triggers the first password equipment off-line and generates the first device keys and target cipher key, and the first proof of identity number of offline write-in According to, and receive the first equipment public key in the first device keys that the first password equipment returns;
In step s 102, cipher key initialization preparation instruction is sent to the second encryption device, the cipher key initialization prepares Instruction generates the second device keys for triggering second encryption device offline, and receives what second encryption device returned The second equipment public key in second device keys;
In step s 103, the target cipher key is exported from the first password equipment, it is written to described online Two encryption devices.
Mentioned above, the distribution routing algorithm service platform based on crypto module, which is one, can effectively solve the problem that information security Approach, and the initialization of crypto module work master key is the basic point and core of entire cryptographic service platform safety Establishing Point.In order to ensure the safety of cipher key initialization, the method that the prior art generallys use whole offline cipher key initialization, but this side Method is completed by manual operation, is only applicable to the cipher key initialization of small lot crypto module, for the close of high-volume crypto module Key initialization, can generate huge cost of labor and time cost, and also result in working efficiency and be greatly reduced, while also not Conducive to crypto module dilatation.
In view of drawbacks described above, in this embodiment, a kind of cipher key initialization method is proposed, this method by grasping offline The combination of work and on-line operation hierarchically carries out cipher key initialization for crypto module in batches, so that most of workload be turned Into automatic online process flow, therefore the technical solution it is close can to meet high-volume under the premise of ensuring information security The demand of code module cipher key initialization, while also will be greatly reduced cost of labor and time cost, working efficiency is improved, is conducive to The subsequent dilatation of crypto module.
Wherein, the encryption device refer to crypto module, cipher card or other can separately provide cryptographic service and close The equipment of key management function.
Wherein, the signature or encryption of first device keys and the second device keys for being communicated between encryption device.? In one optional implementation of the present embodiment, first device keys and the second device keys are used cooperatively.For example, described First device keys and the second device keys can be combined into key pair, and the first device keys are the public key of cipher key pair, and second Device keys are the private key of cipher key pair, in this way, just the first device keys can be used to be encrypted for first password equipment, and are encrypted Information afterwards can be decrypted by the second encryption device using the second device keys.
Wherein, the proof of identity data are for verifying the identity of equipment, to ensure mesh in follow-up process Mark safety when key export.In an optional implementation of the present embodiment, the proof of identity data are simultaneously referred not only to For a certain proof of identity data, but refer to the data that can be used for proof of identity, for example may refer to proof of identity critical data, The encryption device of write-in proof of identity critical data may act as first device keys, realize the function of safety export target cipher key Can, it also may refer to match the data for realizing authentication with the proof of identity critical data.
Wherein, the target cipher key refers to master key or other needs in the close of initial phase write-in encryption device Key.
Wherein, the first password equipment just completes cipher key initialization work after generating offline and storing target cipher key Make, therefore the first password equipment is the encryption device that first batch is performed cipher key initialization, second encryption device Corresponding cipher key initialization is also just completed after line is written and stores target cipher key subsequent, that is to say, that described second is close Decoding apparatus is the encryption device that subsequent batches are performed cipher key initialization.And when second encryption device completes cipher key initialization It afterwards, can be based on the target cipher key that it is stored according to above-mentioned stream if second encryption device is also written into proof of identity data Journey carries out cipher key initialization for other encryption devices.Thus it is formed the encryption device cipher key initialization machine being classified in batches System, while by the combination and multi-level verification mechanism of the operation of offline and online cipher key initialization, it can will be at the beginning of most of key Beginning chemical industry safely goes in automatic online process flow and carries out, so that at the beginning of effective key of high-volume crypto module Beginningization is possibly realized.
In an optional implementation of the present embodiment, as shown in Fig. 2, the step S101, i.e., set to first password Preparation send cipher key initialization to instruct, and receives the first equipment public key in the first device keys that the first password equipment returns The step of, include the following steps S201-S202:
In step s 201, Xiang Suoshu first password equipment sends the first device keys and generates instruction, the first proof of identity Data write instruction and target cipher key generate instruction;
In step S202, the instruction in response to receiving first password equipment feedback receives information, by described the One identity check number is according to offline write-in first password equipment, and the first device keys for receiving the first password equipment feedback are raw Successful information is generated at successful information, the first equipment public key and target cipher key.
In this embodiment, completing specifically can be first to institute for the offline cipher key initialization of first password equipment It states first password equipment and sends the generation instruction of the first device keys;Receive the first device keys of the first password equipment feedback Generate successful information and the first equipment public key;The first proof of identity data write instruction is sent to the first password equipment; Instruction in response to receiving the first password equipment feedback receives information, and the first proof of identity off-line data is written First password equipment;Target cipher key, which is sent, to the first password equipment generates instruction;Receive the first password equipment feedback Target cipher key generate successful information.It should be noted that the transmission sequence of above-metioned instruction is not particularly limited in the present invention, Those skilled in the art can be configured according to the needs of practical application.
Wherein, the first proof of identity data write instruction can be come real by the first proof of identity data write request It is existing, data write-in interface call request can also be verified by first password equipment identities to realize, the present invention does not make to have to it Body limits.
Mentioned above, the proof of identity data are used to carry out proof of identity for relevant device, the one of the present embodiment In a optional implementation, the proof of identity data can be digital signature, Message Authentication Code, public key certificate or MAC key Etc. data, or the relevant supplemental characteristic of proof of identity, when practical application, those skilled in the art can be according to various identity The characteristics of verifying data and specifically used demand select suitable proof of identity data, and the present invention is not especially limited it.
Wherein, the target cipher key generates instruction and can realize by target cipher key generation request, can also be by first Encryption device target cipher key generates interface call request to realize, the present invention is not especially limited it.
In an optional implementation of the present embodiment, the target cipher key can be according to goal-selling key create-rule It is generated by key generation devices such as random number generators, specific target cipher key create-rule content can be according to practical application It needs to be configured, specific key generation device can also be selected according to the needs of practical application, and the present invention does not make it It is specific to limit.
In an optional implementation of the present embodiment, as shown in figure 3, the step S102, i.e., set to the second password It is standby offline to send cipher key initialization preparation instruction, and receive in the second device keys that second encryption device returns second The step of equipment public key, include the following steps S301-S302:
In step S301, the second encryption device of Xiang Suoshu sends cipher key initialization preparation instruction;
In step s 302, the cipher key initialization for receiving the second encryption device feedback prepares successful information and second The second equipment public key in device keys.
In this embodiment, the offline cipher key initialization preparation for the second encryption device is completed.Specifically, to Second encryption device sends cipher key initialization preparation instruction;It receives second encryption device and completes cipher key initialization standard The cipher key initialization fed back after standby work prepares the second equipment public key in successful information and the second device keys.
Wherein, to generate the second equipment offline close for triggering second encryption device for the cipher key initialization preparation instruction Key.In addition, the cipher key initialization preparation instruction can be realized by cipher key initialization preparation request, it can also be by the second password Device keys initialization prepares interface call request to realize, the present invention is not especially limited it.
In an optional implementation of the present embodiment, the cipher key initialization preparation instruction can also be used in triggering to institute It states the second encryption device and the second proof of identity data is written offline, the second encryption device of the second proof of identity data is written, after It is continuous to can be used as first password equipment, cipher key initialization is carried out for other encryption devices based on this paper process.Wherein, described second Proof of identity data may be the same or different with the first proof of identity data.
In an optional implementation of the present embodiment, as shown in figure 4, the step S103, i.e., close from described first The step of exporting the target cipher key in decoding apparatus, it is written to second encryption device online, includes the following steps S401- S404:
In step S401, tiers e'tat verification data and the second equipment public key are obtained;
In step S402, Xiang Suoshu first password equipment sends target cipher key export instruction, wherein the target cipher key Export instruction carries the tiers e'tat verification data and the second equipment public key, and the tiers e'tat verification data are used for and institute State the first proof of identity data cooperation for the first password equipment carry out proof of identity, the second equipment public key for pair Encryption, which is carried out, in target cipher key generates target cipher key ciphertext;
In step S403, the target cipher key ciphertext and signing messages that the first password equipment returns are received, wherein institute Stating signing messages is to carry out signature calculation to the target cipher key ciphertext according to the first device private in the first device keys to obtain It arrives;
In step s 404, the signing messages is tested using the first equipment public key in first device keys Card, and in response to being proved to be successful for the signing messages, second encryption device is written into the target cipher key online.
In this embodiment, the online cipher key initialization for the second encryption device is completed.Specifically, the is obtained first Three proof of identity data and the second equipment public key;Then target cipher key export instruction is sent to the first password equipment;It receives The target cipher key ciphertext and signing messages that the first password equipment returns;Finally utilize first in first device keys Equipment public key verifies the signing messages, and in response to being proved to be successful for the signing messages, and the target is close Second encryption device is written in key online.
Wherein, the tiers e'tat verification data can be obtained by terminal token device, can specifically be enabled by terminal Board equipment sends proof of identity request of data to realize, can also calculate interface by calling terminal token device proof of identity data It realizes, the present invention is not especially limited it.The terminal token device is that can be realized crypto-operation and key management function The terminal password equipment of cryptographic service can, be provided, for example can be USB Key, bluetooth Key, audio Key, U-shield, password board etc. Deng.
Wherein, the tiers e'tat verification data can match with the first proof of identity data and the second proof of identity data To using, i.e., when carrying out proof of identity to the first password equipment based on tiers e'tat verification data, storage can be passed through The first proof of identity data in first password equipment are matched or are verified to tiers e'tat verification data to realize, and root Authentication is completed according to matching or verifying situation.Wherein, the proof of identity is the concept of a general justice, be can be understood as pair It is verified in the identity of verified object, it is understood that be the legitimacy identity that a certain operation is executed for verified object It is verified, for example the legitimacy of first password equipment export target cipher key is verified.
In an optional implementation of the present embodiment, as shown in figure 5, the step S404, that is, utilize described first The first equipment public key in device keys verifies the signing messages, and in response to for the signing messages verifying at Function, includes the following steps S501-S503 at the step of second encryption device is written in the target cipher key online:
In step S501, the signing messages is tested using the first equipment public key in first device keys Card;
In step S502, in response to being proved to be successful for the signing messages, the target cipher key ciphertext is sent to Second encryption device, wherein the target cipher key ciphertext can be by the second device private solution in second device keys It is close to obtain target cipher key;
In step S503, the target cipher key write-in feedback information that the first password equipment returns is received.
In this embodiment, the online cipher key initialization of the second encryption device is completed by encrypting and decrypting mechanism.Specifically The signing messages is verified using the first equipment public key in first device keys in ground;In response to for described Signing messages is proved to be successful, that is, when proving that the first password equipment is legitimate device, the target cipher key ciphertext is sent to Second encryption device, wherein the target cipher key ciphertext can be by the second device private solution in second device keys It is close to obtain target cipher key;Receive the target cipher key write-in feedback information that the first password equipment returns.
Wherein, the target cipher key ciphertext is sent to the second encryption device, mesh can be sent by the second encryption device It marks key ciphertext and imports request to realize, can also be realized by the second encryption device target cipher key ciphertext introducting interface is called, The present invention is not especially limited it.
Following is apparatus of the present invention embodiment, can be used for executing embodiment of the present invention method.
Fig. 6 shows the structural block diagram of cipher key initialization device according to an embodiment of the present invention, which can pass through Being implemented in combination with as some or all of of electronic equipment for software, hardware or both, can be applied to server end.Such as Fig. 6 Shown, the cipher key initialization device includes:
First sending module 601 is configured as sending cipher key initialization instruction to first password equipment, and the key is initial Change instruction and generate the first device keys and target cipher key for triggering the first password equipment off-line, and first is written offline Proof of identity data, and receive the first equipment public key in the first device keys that the first password equipment returns;
Second sending module 602 is configured as sending cipher key initialization preparation instruction, the key to the second encryption device Initialization preparation instruction generates the second device keys for triggering second encryption device offline, and receives second password The second equipment public key in the second device keys that equipment returns;
Writing module 603 is configured as exporting the target cipher key from the first password equipment, by its online write-in Second encryption device.
Mentioned above, the distribution routing algorithm service platform based on crypto module, which is one, can effectively solve the problem that information security Approach, and the initialization of crypto module work master key is the basic point and core of entire cryptographic service platform safety Establishing Point.In order to ensure that the safety of cipher key initialization, the prior art generally use the device of whole offline cipher key initialization, but this dress It sets and is completed by manual operation, be only applicable to the cipher key initialization of small lot crypto module, for the close of high-volume crypto module Key initialization, can generate huge cost of labor and time cost, and also result in working efficiency and be greatly reduced, while also not Conducive to crypto module dilatation.
In view of drawbacks described above, in this embodiment, a kind of cipher key initialization device is proposed, the device by grasping offline The combination of work and on-line operation hierarchically carries out cipher key initialization for crypto module in batches, so that most of workload be turned Into automatic online process flow, therefore the technical solution it is close can to meet high-volume under the premise of ensuring information security The demand of code module cipher key initialization, while also will be greatly reduced cost of labor and time cost, working efficiency is improved, is conducive to The subsequent dilatation of crypto module.
Wherein, the encryption device refer to crypto module, cipher card or other can separately provide cryptographic service and close The equipment of key management function.
Wherein, the signature or encryption of first device keys and the second device keys for being communicated between encryption device.? In one optional implementation of the present embodiment, first device keys and the second device keys are used cooperatively.For example, described First device keys and the second device keys can be combined into key pair, and the first device keys are the public key of cipher key pair, and second Device keys are the private key of cipher key pair, in this way, just the first device keys can be used to be encrypted for first password equipment, and are encrypted Information afterwards can be decrypted by the second encryption device using the second device keys.
Wherein, the proof of identity data are for verifying the identity of equipment, to ensure mesh in follow-up process Mark safety when key export.In an optional implementation of the present embodiment, the proof of identity data are simultaneously referred not only to For a certain proof of identity data, but refer to the data that can be used for proof of identity, for example may refer to proof of identity critical data, The encryption device of write-in proof of identity critical data may act as first device keys, realize the function of safety export target cipher key Can, it also may refer to match the data for realizing authentication with the proof of identity critical data.
Wherein, the target cipher key refers to master key or other needs in the close of initial phase write-in encryption device Key.
Wherein, the first password equipment just completes cipher key initialization work after generating offline and storing target cipher key Make, therefore the first password equipment is the encryption device that first batch is performed cipher key initialization, second encryption device Corresponding cipher key initialization is also just completed after line is written and stores target cipher key subsequent, that is to say, that described second is close Decoding apparatus is the encryption device that subsequent batches are performed cipher key initialization.And when second encryption device completes cipher key initialization It afterwards, can be based on the target cipher key that it is stored according to above-mentioned stream if second encryption device is also written into proof of identity data Journey carries out cipher key initialization for other encryption devices.Thus it is formed the encryption device cipher key initialization machine being classified in batches System, while by the combination and multi-level verification mechanism of the operation of offline and online cipher key initialization, it can will be at the beginning of most of key Beginning chemical industry safely goes in automatic online process flow and carries out, so that at the beginning of effective key of high-volume crypto module Beginningization is possibly realized.
In an optional implementation of the present embodiment, as shown in fig. 7, first sending module 601 includes:
First sending submodule 701, be configured as to the first password equipment send the first device keys generate instruction, First proof of identity data write instruction and target cipher key generate instruction;
First receiving submodule 702, the instruction for being configured to respond to receive the first password equipment feedback receive First password equipment is written in the first proof of identity off-line data by information, and receives the first password equipment feedback First device keys generate successful information, the first equipment public key and target cipher key and generate successful information.
In this embodiment, the offline cipher key initialization for first password equipment is completed, specifically, first sends son Module 701 to the first password equipment send the first device keys generate instruction, the first proof of identity data write instruction with And target cipher key generates instruction;First receiving submodule 702 connects in response to receiving the instruction of the first password equipment feedback By information, first password equipment is written into the first proof of identity off-line data, and receives the first password equipment feedback The first device keys generate successful information, the first equipment public key and target cipher key generate successful information.It should be noted that The transmission sequence of above-metioned instruction is not particularly limited in first sending submodule 701, and those skilled in the art can be according to reality The needs of application are configured.
Wherein, the first proof of identity data write instruction can be come real by the first proof of identity data write request It is existing, data write-in interface call request can also be verified by first password equipment identities to realize, the present invention does not make to have to it Body limits.
Mentioned above, the proof of identity data are used to carry out proof of identity for relevant device, the one of the present embodiment In a optional implementation, the proof of identity data can be digital signature, Message Authentication Code, public key certificate or MAC key Etc. data, or the relevant supplemental characteristic of proof of identity, when practical application, those skilled in the art can be according to various identity The characteristics of verifying data and specifically used demand select suitable proof of identity data, and the present invention is not especially limited it.
Wherein, the target cipher key generates instruction and can realize by target cipher key generation request, can also be by first Encryption device target cipher key generates interface call request to realize, the present invention is not especially limited it.
In an optional implementation of the present embodiment, the target cipher key can be according to goal-selling key create-rule It is generated by key generation devices such as random number generators, specific target cipher key create-rule content can be according to practical application It needs to be configured, specific key generation device can also be selected according to the needs of practical application, and the present invention does not make it It is specific to limit.
In an optional implementation of the present embodiment, as shown in figure 8, second sending module 602 includes:
Second sending submodule 801 is configured as sending cipher key initialization preparation instruction to second encryption device;
Second receiving submodule 802, the cipher key initialization for being configured as receiving the second encryption device feedback are prepared to The second equipment public key in function information and the second device keys.
In this embodiment, the offline cipher key initialization preparation for the second encryption device is completed.Specifically, Two sending submodules 801 send cipher key initialization preparation instruction to second encryption device;Second receiving submodule 802 receives The cipher key initialization of the second encryption device feedback prepares the second equipment public key in successful information and the second device keys.
Wherein, to generate the second equipment offline close for triggering second encryption device for the cipher key initialization preparation instruction Key.In addition, the cipher key initialization preparation instruction can be realized by cipher key initialization preparation request, it can also be by the second password Device keys initialization prepares interface call request to realize, the present invention is not especially limited it.
In an optional implementation of the present embodiment, the cipher key initialization preparation instruction can also be used in triggering to institute It states the second encryption device and the second proof of identity data is written offline, the second encryption device of the second proof of identity data is written, after It is continuous to can be used as first password equipment, cipher key initialization is carried out for other encryption devices based on this paper process.Wherein, described second Proof of identity data may be the same or different with the first proof of identity data.
In an optional implementation of the present embodiment, as shown in figure 9, the write module 603 includes:
Acquisition submodule 901 is configured as obtaining tiers e'tat verification data and the second equipment public key;
Third sending submodule 902 is configured as sending target cipher key export instruction to the first password equipment, In, the target cipher key export instruction carries the tiers e'tat verification data and the second equipment public key, the tiers e'tat It verifies data to be used to carry out proof of identity for the first password equipment with the first proof of identity data cooperation, described the Two equipment public keys are used to carry out target cipher key encryption to generate target cipher key ciphertext;
Third receiving submodule 903 is configured as receiving the target cipher key ciphertext and label that the first password equipment returns Name information, wherein the signing messages is according to the first device private in the first device keys to the target cipher key ciphertext Signature calculation is carried out to obtain;
Submodule 904 is written, is configured as using the first equipment public key in first device keys to the signature Information is verified, and in response to being proved to be successful for the signing messages, the target cipher key is written described second online Encryption device.
In this embodiment, the online cipher key initialization for the second encryption device is completed.Specifically, acquisition submodule 901 obtain tiers e'tat verification data and the second equipment public key;Third sending submodule 902 is sent to the first password equipment Target cipher key export instruction;Third receiving submodule 903 receives the target cipher key ciphertext and label that the first password equipment returns Name information;Write-in submodule 904 tests the signing messages using the first equipment public key in first device keys Card, and in response to being proved to be successful for the signing messages, second encryption device is written into the target cipher key online.
Wherein, the tiers e'tat verification data can be obtained by terminal token device, can specifically be enabled by terminal Board equipment sends proof of identity request of data to realize, can also calculate interface by calling terminal token device proof of identity data It realizes, the present invention is not especially limited it.The terminal token device is that can be realized crypto-operation and key management function The terminal password equipment of cryptographic service can, be provided, for example can be USB Key, bluetooth Key, audio Key, U-shield, password board etc. Deng.
Wherein, the tiers e'tat verification data can match with the first proof of identity data and the second proof of identity data To using, i.e., when carrying out proof of identity to the first password equipment based on tiers e'tat verification data, storage can be passed through The first proof of identity data in first password equipment are matched or are verified to tiers e'tat verification data to realize, and root Authentication is completed according to matching or verifying situation.Wherein, the proof of identity is the concept of a general justice, be can be understood as pair It is verified in the identity of verified object, it is understood that be the legitimacy identity that a certain operation is executed for verified object It is verified, for example the legitimacy of first password equipment export target cipher key is verified.
In an optional implementation of the present embodiment, as shown in Figure 10, said write submodule 904 includes:
Submodule 1001 is verified, is configured as using the first equipment public key in first device keys to the signature Information is verified;
4th sending submodule 1002 is configured to respond to be proved to be successful the signing messages, by the target Key ciphertext is sent to second encryption device, wherein the target cipher key ciphertext can be by second device keys Second device private decrypts to obtain target cipher key;
4th receiving submodule 1003 is configured as receiving the target cipher key write-in feedback that the first password equipment returns Information.
In this embodiment, the online cipher key initialization of the second encryption device is completed by encrypting and decrypting mechanism.Specifically Ground, verifying submodule 1001 verify the signing messages using the first equipment public key in first device keys; In response to being proved to be successful for the signing messages, the target cipher key ciphertext is sent to described by the 4th sending submodule 1002 Second encryption device;4th receiving submodule 1003 receives the target cipher key write-in feedback letter that the first password equipment returns Breath.
Wherein, the target cipher key ciphertext is sent to the second encryption device, mesh can be sent by the second encryption device It marks key ciphertext and imports request to realize, can also be realized by the second encryption device target cipher key ciphertext introducting interface is called, The present invention is not especially limited it.
The embodiment of the invention also discloses a kind of electronic equipment, Figure 11 shows electronics according to an embodiment of the present invention and sets Standby structural block diagram, as shown in figure 11, the electronic equipment 1100 include memory 1101 and processor 1102;Wherein,
The memory 1101 is for storing one or more computer instruction, wherein one or more computer Instruction is executed by the processor 1102 to realize any of the above-described method and step.
Figure 12 is suitable for being used to realize the structure of the computer system of the cipher key initialization method of embodiment according to the present invention Schematic diagram.
As shown in figure 12, computer system 1200 include central processing unit (CPU) 1201, can according to be stored in only It reads the program in memory (ROM) 1202 or is loaded into random access storage device (RAM) 1203 from storage section 1208 Program and execute the various processing in above embodiment.In RAM1203, be also stored with system 1200 operate it is required various Program and data.CPU1201, ROM1202 and RAM1203 are connected with each other by bus 1204.Input/output (I/O) interface 1205 are also connected to bus 1204.
I/O interface 1205 is connected to lower component: the importation 1206 including keyboard, mouse etc.;Including such as cathode The output par, c 1207 of ray tube (CRT), liquid crystal display (LCD) etc. and loudspeaker etc.;Storage section including hard disk etc. 1208;And the communications portion 1209 of the network interface card including LAN card, modem etc..Communications portion 1209 passes through Communication process is executed by the network of such as internet.Driver 1210 is also connected to I/O interface 1205 as needed.It is detachable to be situated between Matter 1211, such as disk, CD, magneto-optic disk, semiconductor memory etc. are mounted on as needed on driver 1210, so as to In being mounted into storage section 1208 as needed from the computer program read thereon.
Particularly, embodiment according to the present invention, method as described above may be implemented as computer software programs. For example, embodiments of the present invention include a kind of computer program product comprising be tangibly embodied in and its readable medium on Computer program, the computer program includes program code for executing the cipher key initialization method.Such In embodiment, which can be downloaded and installed from network by communications portion 1209, and/or from detachable Medium 1211 is mounted.
Flow chart and block diagram in attached drawing illustrate system, method and computer according to the various embodiments of the present invention The architecture, function and operation in the cards of program product.In this regard, each box in course diagram or block diagram can be with A part of a module, section or code is represented, a part of the module, section or code includes one or more Executable instruction for implementing the specified logical function.It should also be noted that in some implementations as replacements, institute in box The function of mark can also occur in a different order than that indicated in the drawings.For example, two boxes succeedingly indicated are practical On can be basically executed in parallel, they can also be executed in the opposite order sometimes, and this depends on the function involved.Also it wants It is noted that the combination of each box in block diagram and or flow chart and the box in block diagram and or flow chart, Ke Yiyong The dedicated hardware based system of defined functions or operations is executed to realize, or can be referred to specialized hardware and computer The combination of order is realized.
Being described in unit or module involved in embodiment of the present invention can be realized by way of software, can also It is realized in a manner of through hardware.Described unit or module also can be set in the processor, these units or module Title do not constitute the restriction to the unit or module itself under certain conditions.
As on the other hand, the embodiment of the invention also provides a kind of computer readable storage mediums, this is computer-readable Storage medium can be computer readable storage medium included in device described in above embodiment;It is also possible to individually In the presence of without the computer readable storage medium in supplying equipment.Computer-readable recording medium storage has one or one Procedure above, described program are used to execute the method for being described in the embodiment of the present invention by one or more than one processor.
Above description is only presently preferred embodiments of the present invention and the explanation to institute's application technology principle.Those skilled in the art Member is it should be appreciated that invention scope involved in the embodiment of the present invention, however it is not limited to which the specific combination of above-mentioned technical characteristic forms Technical solution, while should also cover in the case where not departing from the inventive concept, by above-mentioned technical characteristic or its equivalent spy Levy the other technical solutions for carrying out any combination and being formed.Such as features described above with it is (but unlimited disclosed in the embodiment of the present invention In) technical characteristic with similar functions is replaced mutually and the technical solution that is formed.

Claims (12)

1. a kind of cipher key initialization method characterized by comprising
Cipher key initialization instruction is sent to first password equipment, the cipher key initialization instruction is set for triggering the first password The first device keys of standby offline generation and target cipher key, and the first proof of identity data of offline write-in, and receive described first The first equipment public key in the first device keys that encryption device returns;
Cipher key initialization preparation instruction is sent to the second encryption device, the cipher key initialization preparation instruction is for triggering described the Two encryption devices generate the second device keys offline, and receive in the second device keys that second encryption device returns the Two equipment public keys;
The target cipher key is exported from the first password equipment, it is written to second encryption device online.
2. the method according to claim 1, wherein described refer to first password equipment transmission cipher key initialization It enables, and receives the first equipment public key in the first device keys that the first password equipment returns, comprising:
The first device keys, which are sent, to the first password equipment generates instruction, the first proof of identity data write instruction and mesh It marks key and generates instruction;
Instruction in response to receiving the first password equipment feedback receives information, by the first proof of identity off-line data The first device keys that first password equipment is written, and receives first password equipment feedback generate successful information, first set Standby public key and target cipher key generate successful information.
3. method according to claim 1 or 2, which is characterized in that it is described send key offline to the second encryption device at the beginning of Beginningization preparation instruction, and receive the second equipment public key in the second device keys that second encryption device returns, comprising:
Cipher key initialization preparation instruction is sent to second encryption device;
Receive second in the cipher key initialization preparation successful information and the second device keys that second encryption device is fed back Equipment public key.
4. method according to claim 1 to 3, which is characterized in that described to export institute from the first password equipment Target cipher key is stated, it is written to second encryption device online, comprising:
Obtain tiers e'tat verification data and the second equipment public key;
Target cipher key export instruction is sent to the first password equipment, wherein the target cipher key export instruction carries Tiers e'tat verification data and the second equipment public key are stated, the tiers e'tat verification data are used for and the first proof of identity number Proof of identity is carried out for the first password equipment according to cooperation, the second equipment public key is for encrypting target cipher key Generate target cipher key ciphertext;
Receive the target cipher key ciphertext and signing messages that the first password equipment returns, wherein according to the signing messages The first device private in first device keys carries out signature calculation to the target cipher key ciphertext and obtains;
The signing messages is verified using the first equipment public key in first device keys, and in response to for institute It states signing messages to be proved to be successful, second encryption device is written into the target cipher key online.
5. according to the method described in claim 4, it is characterized in that, first equipment using in first device keys Public key verifies the signing messages, and in response to being proved to be successful for the signing messages, the target cipher key is existed Second encryption device is written in line, comprising:
The signing messages is verified using the first equipment public key in first device keys;
In response to being proved to be successful for the signing messages, the target cipher key ciphertext is sent to second encryption device, Wherein, the target cipher key ciphertext can be decrypted to obtain target cipher key by the second device private in second device keys;
Receive the target cipher key write-in feedback information that the first password equipment returns.
6. a kind of cipher key initialization device characterized by comprising
First sending module is configured as sending cipher key initialization instruction to first password equipment, the cipher key initialization instruction The first device keys and target cipher key, and the first identity school of offline write-in are generated for triggering the first password equipment off-line Data are tested, and receive the first equipment public key in the first device keys that the first password equipment returns;
Second sending module is configured as sending cipher key initialization preparation instruction, the cipher key initialization to the second encryption device Preparation instruction generates the second device keys for triggering second encryption device offline, and receives second encryption device and return The the second equipment public key in the second device keys returned;
Writing module is configured as exporting the target cipher key from the first password equipment, it is written to described online Two encryption devices.
7. cipher key initialization device according to claim 6, which is characterized in that first sending module includes:
First sending submodule is configured as sending the first device keys generation instruction, the first body to the first password equipment Part verification data write instruction and target cipher key generate instruction;
First receiving submodule, the instruction for being configured to respond to receive the first password equipment feedback receive information, will First password equipment is written in the first proof of identity off-line data, and receives the first equipment of the first password equipment feedback Key generates successful information, the first equipment public key and target cipher key and generates successful information.
8. cipher key initialization device according to claim 6 or 7, which is characterized in that second sending module includes:
Second sending submodule is configured as sending cipher key initialization preparation instruction to second encryption device;
Second receiving submodule, be configured as receiving the second encryption device feedback cipher key initialization prepare successful information with And second the second equipment public key in device keys.
9. according to device as claimed in claim 6 to 8, which is characterized in that the write module includes:
Acquisition submodule is configured as obtaining tiers e'tat verification data and the second equipment public key;
Third sending submodule is configured as sending target cipher key export instruction to the first password equipment, wherein the mesh Mark key export instruction carries the tiers e'tat verification data and the second equipment public key, and the tiers e'tat verification data are used Proof of identity, the second equipment public key are carried out for the first password equipment in cooperating with the first proof of identity data Target cipher key ciphertext is generated for carrying out encryption to target cipher key;
Third receiving submodule is configured as receiving the target cipher key ciphertext and signing messages that the first password equipment returns, Wherein, the signing messages is to be signed according to the first device private in the first device keys to the target cipher key ciphertext It is calculated;
Submodule is written, is configured as carrying out the signing messages using the first equipment public key in first device keys Verifying, and in response to being proved to be successful for the signing messages, second encryption device is written into the target cipher key online.
10. device according to claim 9, which is characterized in that said write submodule includes:
Submodule is verified, is configured as carrying out the signing messages using the first equipment public key in first device keys Verifying;
4th sending submodule is configured to respond to be proved to be successful the signing messages, by the target cipher key ciphertext It is sent to second encryption device, wherein the target cipher key ciphertext can be by the second equipment in second device keys Private key is decrypted to obtain target cipher key;
4th receiving submodule is configured as receiving the target cipher key write-in feedback information that the first password equipment returns.
11. a kind of electronic equipment, which is characterized in that including memory and processor;Wherein,
The memory is for storing one or more computer instruction, wherein one or more computer instruction is by institute Processor is stated to execute to realize the described in any item method and steps of claim 1-5.
12. a kind of computer readable storage medium, is stored thereon with computer instruction, which is characterized in that the computer instruction quilt Claim 1-5 described in any item method and steps are realized when processor executes.
CN201811102728.XA 2018-09-20 2018-09-20 Key initialization method, key initialization device, electronic equipment and computer-readable storage medium Active CN109639409B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811102728.XA CN109639409B (en) 2018-09-20 2018-09-20 Key initialization method, key initialization device, electronic equipment and computer-readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811102728.XA CN109639409B (en) 2018-09-20 2018-09-20 Key initialization method, key initialization device, electronic equipment and computer-readable storage medium

Publications (2)

Publication Number Publication Date
CN109639409A true CN109639409A (en) 2019-04-16
CN109639409B CN109639409B (en) 2021-05-04

Family

ID=66066319

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811102728.XA Active CN109639409B (en) 2018-09-20 2018-09-20 Key initialization method, key initialization device, electronic equipment and computer-readable storage medium

Country Status (1)

Country Link
CN (1) CN109639409B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115174043A (en) * 2019-12-31 2022-10-11 华为技术有限公司 Method for sharing equipment and electronic equipment

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1977513A (en) * 2004-06-29 2007-06-06 皇家飞利浦电子股份有限公司 System and methods for efficient authentication of medical wireless self-organizing network nodes
CN101414908A (en) * 2008-12-04 2009-04-22 苏盛辉 Symbolism stamping method based on public key system
CN102970679A (en) * 2012-11-21 2013-03-13 联想中望***服务有限公司 Identity-based safety signature method
CN103229451A (en) * 2010-11-30 2013-07-31 英特尔公司 Method and apparatus for key provisioning of hardware devices
US20140032758A1 (en) * 2011-10-11 2014-01-30 Citrix Systems, Inc. Policy-Based Application Management
CN103973449A (en) * 2014-04-23 2014-08-06 南通大学 ABOOE method capable of being proved to be safe
EP3091689A1 (en) * 2015-05-06 2016-11-09 Morpho Method for generating a message signature from a signature token encrypted by means of an homomorphic encryption function
CN106533661A (en) * 2016-10-25 2017-03-22 北京大学 Online generation method for cryptographic currency address based on combined public key
US20170214683A1 (en) * 2016-01-26 2017-07-27 Red Hat, Inc. Secret store for oauth offline tokens

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1977513A (en) * 2004-06-29 2007-06-06 皇家飞利浦电子股份有限公司 System and methods for efficient authentication of medical wireless self-organizing network nodes
CN101414908A (en) * 2008-12-04 2009-04-22 苏盛辉 Symbolism stamping method based on public key system
CN103229451A (en) * 2010-11-30 2013-07-31 英特尔公司 Method and apparatus for key provisioning of hardware devices
US20140032758A1 (en) * 2011-10-11 2014-01-30 Citrix Systems, Inc. Policy-Based Application Management
CN102970679A (en) * 2012-11-21 2013-03-13 联想中望***服务有限公司 Identity-based safety signature method
CN103973449A (en) * 2014-04-23 2014-08-06 南通大学 ABOOE method capable of being proved to be safe
EP3091689A1 (en) * 2015-05-06 2016-11-09 Morpho Method for generating a message signature from a signature token encrypted by means of an homomorphic encryption function
US20170214683A1 (en) * 2016-01-26 2017-07-27 Red Hat, Inc. Secret store for oauth offline tokens
CN106533661A (en) * 2016-10-25 2017-03-22 北京大学 Online generation method for cryptographic currency address based on combined public key

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115174043A (en) * 2019-12-31 2022-10-11 华为技术有限公司 Method for sharing equipment and electronic equipment

Also Published As

Publication number Publication date
CN109639409B (en) 2021-05-04

Similar Documents

Publication Publication Date Title
US8701169B2 (en) Using a single certificate request to generate credentials with multiple ECQV certificates
CN110264200B (en) Block chain data processing method and device
US20020049906A1 (en) Digital signature system, digital signature method, digital signature mediation method, digital signature mediation system, information terminal and storage medium
CN101965574B (en) Authentication information generation system, authentication information generation method and a client device
CN101771541B (en) Secret key certificate generating method and system for home gateway
CN109672537A (en) Anti- quantum certificate acquisition system and acquisition methods based on public key pond
CN109670803A (en) Method, apparatus, medium and the electronic equipment tested before online trading
CN107506650A (en) Message processing device and information processing method
CN112532656B (en) Block chain-based data encryption and decryption method and device and related equipment
KR20110140122A (en) Methods for producing products which contain certificates and keys
US8220040B2 (en) Verifying that group membership requirements are met by users
CN113242134B (en) Digital certificate signing method, device, system and storage medium
CN105933338A (en) Method and device for performing virtual card transaction
CN115760082B (en) Digital payment processing method, device, equipment, system and medium
CN109981287A (en) A kind of code signature method and its storage medium
CN108199847A (en) Security processing method, computer equipment and storage medium
CN111291420B (en) Distributed off-link data storage method based on block chain
CN110716724B (en) Method and device for realizing privacy block chain based on FPGA
CN109948370A (en) A kind of method for processing business based on block chain, device and electronic equipment
CN113328854B (en) Service processing method and system based on block chain
CN114143306A (en) Block chain-based bid document transmission method and transmission device
CN115964733B (en) Block chain-based data sharing method and device, electronic equipment and storage medium
CN117240473A (en) Electronic contract signing method, electronic contract signing device, electronic equipment and storage medium
CN109639409A (en) Cipher key initialization method, apparatus, electronic equipment and computer readable storage medium
CN103873245A (en) Virtual machine system data encryption method and apparatus

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right
TA01 Transfer of patent application right

Effective date of registration: 20200918

Address after: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands

Applicant after: Innovative advanced technology Co.,Ltd.

Address before: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands

Applicant before: Advanced innovation technology Co.,Ltd.

Effective date of registration: 20200918

Address after: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands

Applicant after: Advanced innovation technology Co.,Ltd.

Address before: A four-storey 847 mailbox in Grand Cayman Capital Building, British Cayman Islands

Applicant before: Alibaba Group Holding Ltd.

GR01 Patent grant
GR01 Patent grant