CN109768853A - A kind of key component verification method, device and terminal device - Google Patents
A kind of key component verification method, device and terminal device Download PDFInfo
- Publication number
- CN109768853A CN109768853A CN201811654834.9A CN201811654834A CN109768853A CN 109768853 A CN109768853 A CN 109768853A CN 201811654834 A CN201811654834 A CN 201811654834A CN 109768853 A CN109768853 A CN 109768853A
- Authority
- CN
- China
- Prior art keywords
- key
- record
- component
- original text
- group member
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/14—Error detection or correction of the data by redundancy in operation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Quality & Reliability (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The application is suitable for technical field of data processing, provide a kind of key component verification method, device and terminal device, the described method includes: receiving component reads instruction, instruction, which is read, according to the component reads first key group member record, wherein, key group member record includes key component and component satellite information;Hash calculation is carried out to the first key group member record, judges whether the first cryptographic Hash being calculated is consistent with the second cryptographic Hash in key authentication record;When first cryptographic Hash is consistent with second cryptographic Hash, the first key group member record is verified.It can solve existing key component verification algorithm poor universality, not can guarantee system seed key and realize carrying out safety backup storage and accurate the problem of restoring.
Description
Technical field
The application belongs to technical field of data processing more particularly to a kind of key component verification method, device and terminal are set
It is standby.
Background technique
With the development of encryption technology, key is gradually applied to encrypt the various files for needing to encrypt.In a key
In system, can by system seed key dissipate generate other keys so that each terminal device in system be both able to satisfy it is close
The requirement of key uniqueness, and key storage space can be saved.
Key management host system in safe house may suffer from the external worlds such as chance failure or power-off and natural calamity
The destruction of factor, so as to cause the damage of system seed key, therefore, it is necessary to be backed up to system seed key.It is extensive in system
During multiple, can from the medium of backup recovery system seed key.
Key component is a kind of common cipher key backup mode, and a key can contain two or more keys
Component, each key component length may be the same or different, and each key component is generated close by the composite formula of agreement
Therefore key in backup procedure, key component can be transferred to different full-time staff be managed, when needing to go back original cipher key
When, each key component is obtained later by the composite formula also original cipher key of agreement.
But theoretically there is error (such as error code occur in the data of individual key components), misuse (example in key component
Such as component mismatch, version mismatch, be more than validity period), forge, be maliciously tampered or by secret replacement possibility, in order to
Ensure that the key restored is correctly, to need to verify key component.
Conventional key component verification algorithm is to go out a string of verifyings to the key calculation verified using authentication secret
Code, still, the poor universality of this verification mode, when the key component verified is the key group timesharing of system seed key,
Be difficult to create again an authentication secret for verify calculating.
To sum up, existing key component verification algorithm poor universality not can guarantee system seed key and realize carrying out safety backup
Storage restores with accurate.
Summary of the invention
In view of this, the embodiment of the present application provides a kind of key component verification method, device and terminal device, to solve
Existing key component verification algorithm poor universality not can guarantee system seed key and realize that carrying out safety backup storage restores with accurate
The problem of.
The first aspect of the embodiment of the present application provides a kind of key component verification method, comprising:
It receives component and reads instruction, instruction is read according to the component and reads first key group member record, wherein key group
Member record includes key component and component satellite information;
To the first key group member record carry out Hash calculation, judge the first cryptographic Hash being calculated whether with key
The second cryptographic Hash in verifying record is consistent;
When first cryptographic Hash is consistent with second cryptographic Hash, the first key group member record is verified.
The second aspect of the embodiment of the present application provides a kind of key component verifying device, comprising:
Component logging modle reads instruction for receiving component, reads instruction according to the component and read first key group
Member record, wherein key group member record includes key component and component satellite information;
First authentication module, for carrying out Hash calculation to the first key group member record, judge to be calculated the
Whether one cryptographic Hash is consistent with the second cryptographic Hash in key authentication record;
Component is used for the first key when first cryptographic Hash is consistent with second cryptographic Hash by module
Group member record is verified.
The third aspect of the embodiment of the present application provides a kind of terminal device, including memory, processor and is stored in
In the memory and the computer program that can run on the processor, when the processor executes the computer program
It realizes such as the step of the above method.
The fourth aspect of the embodiment of the present application provides a kind of computer readable storage medium, the computer-readable storage
Media storage has computer program, realizes when the computer program is executed by processor such as the step of the above method.
Existing beneficial effect is the embodiment of the present application compared with prior art:
In the key component verification method of the application, Hash calculation is carried out to first key group member record, judges Hash meter
Whether the first obtained cryptographic Hash is consistent with the second cryptographic Hash in key authentication record, due in Hash calculation, even if
Small variations occur for value calculated, and the result of Hash calculation can also be made to generate great deviation, therefore, when the first cryptographic Hash with
When second cryptographic Hash is consistent, it can determine that first key component is recorded as reliably recording, the verifying of first key group member record is logical
Cross, key group member record verifying in, do not need additionally to generate authentication secret, can the key component to any key test
Card, versatility is high, solves existing key component verification algorithm poor universality, not can guarantee system seed key and realizes safety
Backup storage and accurate the problem of restoring.
Detailed description of the invention
It in order to more clearly explain the technical solutions in the embodiments of the present application, below will be to embodiment or description of the prior art
Needed in attached drawing be briefly described, it should be apparent that, the accompanying drawings in the following description is only some of the application
Embodiment for those of ordinary skill in the art without creative efforts, can also be attached according to these
Figure obtains other attached drawings.
Fig. 1 is a kind of implementation process schematic diagram of key component verification method provided by the embodiments of the present application;
Fig. 2 is a kind of schematic diagram of key component verifying device provided by the embodiments of the present application;
Fig. 3 is the schematic diagram of terminal device provided by the embodiments of the present application.
Specific embodiment
In being described below, for illustration and not for limitation, the tool of such as particular system structure, technology etc is proposed
Body details, so as to provide a thorough understanding of the present application embodiment.However, it will be clear to one skilled in the art that there is no these specific
The application also may be implemented in the other embodiments of details.In other situations, it omits to well-known system, device, electricity
The detailed description of road and method, so as not to obscure the description of the present application with unnecessary details.
In order to illustrate technical solution described herein, the following is a description of specific embodiments.
It should be appreciated that ought use in this specification and in the appended claims, term " includes " instruction is described special
Sign, entirety, step, operation, the presence of element and/or component, but be not precluded one or more of the other feature, entirety, step,
Operation, the presence or addition of element, component and/or its set.
It is also understood that mesh of the term used in this present specification merely for the sake of description specific embodiment
And be not intended to limit the application.As present specification and it is used in the attached claims, unless on
Other situations are hereafter clearly indicated, otherwise " one " of singular, "one" and "the" are intended to include plural form.
It will be further appreciated that the term "and/or" used in present specification and the appended claims is
Refer to any combination and all possible combinations of one or more of associated item listed, and including these combinations.
As used in this specification and in the appended claims, term " if " can be according to context quilt
Be construed to " when ... " or " once " or " in response to determination " or " in response to detecting ".Similarly, phrase " if it is determined that " or
" if detecting [described condition or event] " can be interpreted to mean according to context " once it is determined that " or " in response to true
It is fixed " or " once detecting [described condition or event] " or " in response to detecting [described condition or event] ".
In addition, term " first ", " second ", " third " etc. are only used for distinguishing description, and cannot in the description of the present application
It is interpreted as indication or suggestion relative importance.
Embodiment one:
A kind of key component verification method provided below the embodiment of the present application one is described, and please refers to attached drawing 1, this
Apply for that the key component verification method in embodiment one includes:
Step S101, it receives component and reads instruction, instruction is read according to the component and reads first key group member record,
In, key group member record includes key component and component satellite information;
When needing to carry out key recovery, instruction can be read according to component and read key to be restored from secure storage medium
Key component, synthesized according to the key component of key to be restored with preset composite formula, it is available to be restored close
The key original text of key.But since key component can in the presence of what is malfunctioned, misapply, forge, distort and replace in storing process
Can, therefore, in order to guarantee the reliability of the key original text restored, need to test the key group member record of key to be restored
Card.
At this point it is possible to which first reading instruction according to the component reads first key group member record, key group member record includes
Key component and component satellite information, wherein component satellite information can be configured according to actual needs, component satellite information
It can be set to sky, i.e., only include key component in key group member record, component satellite information can not also be sky, as needed
Corresponding component satellite information is arranged in the data of record, for example, component satellite information may include key version number, key generation
Time, key validity period, key title, the random number of key original text composite formula, component number, component length and filling.
Step S102, Hash calculation is carried out to the first key group member record, judges the first cryptographic Hash being calculated
It is whether consistent with the second cryptographic Hash in key authentication record;
Key authentication records recorded content and can be configured according to actual needs, for example, key authentication record can
To include key version number, key generation time, key validity period, key title, key original text composite formula, each key component
It records corresponding component length, corresponding second cryptographic Hash of each key group member record, key original text and records corresponding 4th Hash
Value.
Second cryptographic Hash is to carry out what Hash calculation obtained to the second key group member record when generating key authentication record
Cryptographic Hash, the second cryptographic Hash can verify first key group member record during key recovery.
Hash calculation is carried out to first key group member record, due in hash calculation process, even if value calculated generation
Small variations, so that the result of Hash calculation is generated great deviation therefore can be by judging the first cryptographic Hash and second
Whether cryptographic Hash unanimously judges whether first key group member record is reliable.
The algorithm of Hash calculation can be configured according to the actual situation, such as can select SHA256 algorithm, SHA256
Algorithm is one of secure hash algorithm SHA (Secure Hash Algorithm) serial algorithm, length of summarization 256bits,
That is 32 bytes, are primarily adapted for use in digital signature, are the Digital Signature Algorithms defined inside digital signature standard, which can be with
It is entered data to generate another regular length, small data segment, originally very regular input data, by operation according to one section
Afterwards, the result data obtained changes so much that one loses one's identity, it is at random can't bear, therefore referred to as hashing algorithm.
Step S103, when first cryptographic Hash is consistent with second cryptographic Hash, the first key group member record
It is verified.
When the first cryptographic Hash is consistent with the second cryptographic Hash, indicate that first key group member record does not malfunction or is tampered,
The key group member record is reliably that first key group member record is verified.
When the first cryptographic Hash and the second cryptographic Hash are inconsistent, indicate that first key group member record has the possibility of error
Property, the key group member record is insecure at this time, first key group member record authentication failed.
Further, the method also includes:
A1, the key component in each first key group member record is synthesized with preset composite formula, obtains
One key original text;
It, can also be by the close of each first key group member record after being verified to each first key group member record
Key component is synthesized with preset synthesis, obtains first key original text, is verified to the reliability of first key original text.
A2, using the first key original text and the corresponding original text satellite information of the first key original text as first key
Original text record;
First key original text record may include first key original text and the corresponding original text satellite information of first key original text,
Wherein, original text satellite information can be configured according to actual needs, and original text satellite information can be set to sky, i.e. key original text
It only include key original text in record, original text satellite information can not also be sky, and corresponding original is arranged in the data recorded as needed
Literary satellite information, for example, original text satellite information may include key version number, key generation time, key validity period, key name
Title, key original text composite formula, component number array and component length array, wherein component number array includes each key
The component number of component, component length array include the component length of each key component.
A3, to the first key original text record carry out Hash calculation, judge the third cryptographic Hash being calculated whether with
The 4th cryptographic Hash in the key authentication record is consistent;
4th cryptographic Hash is that when generating key authentication record, the Kazakhstan for carrying out Hash calculation and obtaining is recorded to the second key original text
Uncommon value, the 4th cryptographic Hash can verify first key original text record during key recovery.
A4, when the third cryptographic Hash is consistent with the 4th cryptographic Hash, first key original text record verifying is logical
It crosses.
Since during key recovery, administrator needs key component in each first key group member record with pre-
If composite formula synthesized to obtain first key original text, wherein it is possible that each first key group member record is reliable
Key group member record, but be likely to occur administrator taken by mistake the key group member record of different editions, taken it is duplicate close
Key group member record or situations such as taken the key group member record of other keys, although single first key group member record is caused to be tested
Card can pass through, but according to the first key original text of each first key group member record synthesis be the key original text of mistake, example
Such as, a key to be restored is synthesized by key group member record 1 and key group member record 2, and when going back original cipher key, administrator A is read
Key group member record 1 is taken, administrator B also has read key group member record 1, although single key group member record 1 can be verified
Pass through, but two key group member records 1 can not synthesize correct key original text, therefore, it is necessary to key original text record can
It is verified by property, it is ensured that correctness, completeness, validity and the legitimacy of key original text.
When third cryptographic Hash is consistent with the 4th cryptographic Hash, indicate that first key original text record is reliable, first key
The key that first key original text in original text record restores needed for being.
When third cryptographic Hash and the 4th cryptographic Hash are inconsistent, the first key group for synthesizing first key original text is indicated
For member record there are deviation, whether the first key group member record for needing to check synthesis first key original text is correct key component
Record.
Further, before the progress Hash calculation to the first key group member record further include:
B1, key authentication record reading instruction is received, key authentication is read according to key authentication reading instruction and is recorded,
Wherein, the key authentication record includes component satellite information, the second cryptographic Hash and the 4th cryptographic Hash;
B2, judge whether the key authentication record meets preset format requirement;
Before carrying out Hash calculation to first key group member record, the format that can first record to key authentication is examined
It tests, judges whether key authentication record meets preset format requirement.
It is accordingly, described that Hash calculation is carried out to the first key group member record specifically:
When key authentication record meets the preset format requirement, the first key group member record is breathed out
It is uncommon to calculate.
When key authentication record meets preset format requirement, then the verifying of first key group member record is carried out, to first
Key group member record carries out Hash calculation.When key authentication record in there are arbitrary fields not to meet preset format requirement, include
When idle character, then stop the verifying to key group member record, staff is given in report " verifying record is invalid ".
Further, described when key authentication record meets the preset format requirement, to the first key
Group member record carries out Hash calculation and specifically includes:
C1, when the key authentication record meet the preset format requirement when, judge the first key group member record
In component satellite information whether with the key authentication record in corresponding component satellite information it is consistent;
It, can also be to the attached letter of component in first key group member record other than the format of authentication secret verifying record
Breath is verified, judge component satellite information in first key group member record whether with corresponding component in key authentication record
Satellite information is consistent.
C2, when corresponding group in component satellite information and the key authentication record in the first key group member record
When dividing satellite information consistent, Hash calculation is carried out to the first key group member record.
When corresponding component satellite information in component satellite information and the key authentication record in first key group member record
When consistent, the verifying of first key group member record can be continued, Hash calculation is carried out to first key group member record.When
When corresponding component satellite information is inconsistent in component satellite information in one key group member record and key authentication record, then in
Only to the verifying of first key group member record, corresponding validation failure information is reported to staff, for example, close reading first
When the component satellite information of key group member record, can by first key group member record key version number, key generate the time,
The fields such as key validity period, key title, key original text composite formula carry out one by one with the same field in key authentication record
Compare, if inconsistent, report " packaging information authentication failed " and stop reading process;Then component number field, core are verified
Whether real its belongs to a member in key authentication record in component number array, if be not belonging to (such as first key group member record
In component number be 2, key authentication record in component number array in record number be one, two, three ...), then report
" component number authentication failed " simultaneously stops reading process;Then verify first key group member record in component length whether with it is close
Corresponding component length is consistent in key verifying record, if inconsistent, report " component length authentication failed " and stops to read
Journey.
Further, the calculation method of first cryptographic Hash is as follows:
D1, during cipher key backup, it is corresponding with key component to be backed up and the key component to be backed up
Component satellite information is as the second key group member record;
It is attached with key component to be backed up and the corresponding component of key component to be backed up during cipher key backup
As the second key group member record, the second key group member record can be stored in different secure storage mediums information, each
A secure storage medium is given different key component administrators and is taken care of, secure storage medium can according to actual needs into
Row selection, such as can choose IC card, U-shield etc..
D2, Hash calculation is carried out to the second key group member record, obtains second cryptographic Hash.
Hash calculation, available second cryptographic Hash are carried out to the second key group member record, the second cryptographic Hash can save
In key authentication record, first key group member record is verified for the process in key recovery, key authentication record
It can individually be stored in other secure storage medium, and give the secure storage medium to key authentication administrator and protect
Pipe.
During key recovery there are due to more error, though pass through the second cryptographic Hash and the 4th cryptographic Hash
The accuracy of key group member record and key original text record can be so recognized, but can not learn specific error reason, it therefore, can
With the component satellite information of data format and first key group member record before carrying out Hash calculation to key authentication record
Content verifying is compared, to find error reason in time, staff is facilitated to change operating method debug in time.
Further, the calculation method of second cryptographic Hash is as follows:
E1, during cipher key backup, with the key original text to be calculated and the key original text pair to be calculated
The original text satellite information answered is recorded as the second key original text;
E2, progress Hash calculation is recorded to the second key original text, obtain the 4th cryptographic Hash;
Second key original text is recorded and carries out Hash operation, available 4th cryptographic Hash, the 4th cryptographic Hash can save
In key authentication record, first key original text record is verified for the process in key recovery.
Further, it is also possible to after first key original text record is verified, to the key validity period in key authentication record
It is checked, judges whether the value of the key validity period in key authentication record is less than the current clock value of system, when key has
When the value of effect phase is greater than or equal to system current clock value, key validity verification passes through, first key original text be it is reliable,
Key trusty indicates that first key original text has been more than validity period when key validity period being less than the current clock value of system,
It cannot reuse, report " key has been more than validity period " to staff, and stop reading process.
In the key component verification method that the present embodiment one provides, Hash calculation is carried out to first key group member record, is sentenced
Whether the first cryptographic Hash that disconnected Hash calculation obtains is consistent with the second cryptographic Hash in key authentication record, due in Hash calculation
In, even if small variations occur for value calculated, it so that the result of Hash calculation is generated great deviation, therefore, when first
When cryptographic Hash is consistent with the second cryptographic Hash, it can determine that first key component is recorded as reliably recording, first key group minute mark
Record is verified, and in the verifying of key group member record, does not need additionally to generate authentication secret, can key group to any key
Divide and verified, versatility is high, solves existing key component verification algorithm poor universality, not can guarantee system seed key
Realize carrying out safety backup storage and accurate the problem of restoring.
After demonstrating first key group member record, first key original text record can also be verified by the 4th cryptographic Hash,
To guarantee correctness, completeness, validity and the legitimacy of first key original text.
It, can also be to the format and first key component that key authentication records before being verified using the first cryptographic Hash
The content of component satellite information in record is verified, so that staff is made to find mistake and corrective operation method in time,
Facilitate the use of staff.
During second cryptographic Hash and the 4th cryptographic Hash are cipher key backup, to the second key group member record and the second key
Original text calculates progress Hash operation and obtains, can be former to first key group member record and first key during key recovery
Text record is verified.
After the verifying of first key original text, it can verify whether the key validity period in record be less than and be with authentication secret
It unites current clock value;If key validity period is less than system current clock value, then it represents that first key original text has been more than to have
The effect phase cannot reuse, report " key has been more than validity period " to staff, and stop reading process;If key validity period
Value when being greater than or equal to the current clock value of system, key validity verification passes through, then confirms and report synthesized first
Key original text is key reliable, trusty.
It should be understood that the size of the serial number of each step is not meant that the order of the execution order in above-described embodiment, each process
Execution sequence should be determined by its function and internal logic, the implementation process without coping with the embodiment of the present application constitutes any limit
It is fixed.
Embodiment two:
The embodiment of the present application two provides a kind of key component verifying device, for purposes of illustration only, only showing and the application phase
The part of pass, as shown in Fig. 2, key component verifying device includes,
Component logging modle 201 reads instruction for receiving component, reads instruction according to the component and read first key
Group member record, wherein key group member record includes key component and component satellite information;
First authentication module 202 judges to be calculated for carrying out Hash calculation to the first key group member record
Whether the first cryptographic Hash is consistent with the second cryptographic Hash in key authentication record;
Component is by module 203, for when first cryptographic Hash is consistent with second cryptographic Hash, described first is close
Key group member record is verified.
Further, described device further include:
Original text synthesis module, for by the key component in each first key group member record with preset composite formula into
Row synthesis, obtains first key original text;
Original text logging modle, for the first key original text and the corresponding attached letter of original text of the first key original text
Breath is recorded as first key original text;
Second authentication module carries out Hash calculation for recording to the first key original text, judge to be calculated the
Whether three cryptographic Hash are consistent with the 4th cryptographic Hash in key authentication record;
Original text is used for the first key when the third cryptographic Hash is consistent with the 4th cryptographic Hash by module
Original text record is verified.
Further, described device further include:
Read module is verified, instruction is read for receiving key authentication record, instruction is read according to the key authentication and is read
Key authentication is taken to record, wherein the key authentication record includes component satellite information, the second cryptographic Hash and the 4th cryptographic Hash;
Format detection module, for judging whether the key authentication record meets preset format requirement;
Accordingly, the component is by module 203, specifically for meeting the preset format when key authentication record
It is required that when, to the first key group member record carry out Hash calculation, judge the first cryptographic Hash being calculated whether with key
The second cryptographic Hash in verifying record is consistent.
Further, the component is specifically included by module 203:
Information judging submodule, for when key authentication record meets the preset format requirement, described in judgement
Component satellite information in first key group member record whether with corresponding component satellite information one in key authentication record
It causes;
Hash judging submodule, for being tested when the component satellite information in the first key group member record with the key
When corresponding component satellite information is consistent in card record, Hash calculation is carried out to the first key group member record, judges to calculate
Whether the first obtained cryptographic Hash is consistent with the second cryptographic Hash in key authentication record.
Further, described device further include:
Component backup module, for during cipher key backup, with key component to be backed up and described to be backed up
The corresponding component satellite information of key component is as the second key group member record;
Second hash module obtains second Hash for carrying out Hash calculation to the second key group member record
Value.
Further, described device further include:
Second original text module, for during cipher key backup, by the key original text to be calculated and described in terms of
The corresponding original text satellite information of the key original text of calculation is recorded as the second key original text;
4th hash module carries out Hash calculation for recording to the second key original text, obtains the 4th Hash
Value.
It should be noted that the contents such as information exchange, implementation procedure between above-mentioned apparatus/unit, due to the application
Embodiment of the method is based on same design, concrete function and bring technical effect, for details, reference can be made to embodiment of the method part, this
Place repeats no more.
Embodiment three:
Fig. 3 is the schematic diagram for the terminal device that the embodiment of the present application three provides.As shown in figure 3, the terminal of the embodiment is set
Standby 3 include: processor 30, memory 31 and are stored in the meter that can be run in the memory 31 and on the processor 30
Calculation machine program 32.The processor 30 is realized when executing the computer program 32 in above-mentioned key component verification method embodiment
The step of, such as step S101 to S103 shown in FIG. 1.Alternatively, reality when the processor 30 executes the computer program 32
The function of each module/unit in existing above-mentioned each Installation practice, such as the function of module 201 to 203 shown in Fig. 2.
Illustratively, the computer program 32 can be divided into one or more module/units, it is one or
Multiple module/units are stored in the memory 31, and are executed by the processor 30, to complete the application.Described one
A or multiple module/units can be the series of computation machine program instruction section that can complete specific function, which is used for
Implementation procedure of the computer program 32 in the terminal device 3 is described.For example, the computer program 32 can be divided
Component logging modle, the first authentication module and component are cut by module, each module concrete function is as follows:
Component logging modle reads instruction for receiving component, reads instruction according to the component and read first key group
Member record, wherein key group member record includes key component and component satellite information;
First authentication module, for carrying out Hash calculation to the first key group member record, judge to be calculated the
Whether one cryptographic Hash is consistent with the second cryptographic Hash in key authentication record;
Component is used for the first key when first cryptographic Hash is consistent with second cryptographic Hash by module
Group member record is verified.
The terminal device 3 can be the calculating such as desktop PC, notebook, palm PC and cloud server and set
It is standby.The terminal device may include, but be not limited only to, processor 30, memory 31.It will be understood by those skilled in the art that Fig. 3
The only example of terminal device 3 does not constitute the restriction to terminal device 3, may include than illustrating more or fewer portions
Part perhaps combines certain components or different components, such as the terminal device can also include input-output equipment, net
Network access device, bus etc..
Alleged processor 30 can be central processing unit (Central Processing Unit, CPU), can also be
Other general processors, digital signal processor (Digital Signal Processor, DSP), specific integrated circuit
(Application Specific Integrated Circuit, ASIC), ready-made programmable gate array (Field-
Programmable Gate Array, FPGA) either other programmable logic device, discrete gate or transistor logic,
Discrete hardware components etc..General processor can be microprocessor or the processor is also possible to any conventional processor
Deng.
The memory 31 can be the internal storage unit of the terminal device 3, such as the hard disk or interior of terminal device 3
It deposits.The memory 31 is also possible to the External memory equipment of the terminal device 3, such as be equipped on the terminal device 3
Plug-in type hard disk, intelligent memory card (Smart Media Card, SMC), secure digital (Secure Digital, SD) card dodge
Deposit card (Flash Card) etc..Further, the memory 31 can also both include the storage inside list of the terminal device 3
Member also includes External memory equipment.The memory 31 is for storing needed for the computer program and the terminal device
Other programs and data.The memory 31 can be also used for temporarily storing the data that has exported or will export.
It is apparent to those skilled in the art that for convenience of description and succinctly, only with above-mentioned each function
Can unit, module division progress for example, in practical application, can according to need and by above-mentioned function distribution by different
Functional unit, module are completed, i.e., the internal structure of described device is divided into different functional unit or module, more than completing
The all or part of function of description.Each functional unit in embodiment, module can integrate in one processing unit, can also
To be that each unit physically exists alone, can also be integrated in one unit with two or more units, it is above-mentioned integrated
Unit both can take the form of hardware realization, can also realize in the form of software functional units.In addition, each function list
Member, the specific name of module are also only for convenience of distinguishing each other, the protection scope being not intended to limit this application.Above system
The specific work process of middle unit, module, can refer to corresponding processes in the foregoing method embodiment, and details are not described herein.
In the above-described embodiments, it all emphasizes particularly on different fields to the description of each embodiment, is not described in detail or remembers in some embodiment
The part of load may refer to the associated description of other embodiments.
Those of ordinary skill in the art may be aware that list described in conjunction with the examples disclosed in the embodiments of the present disclosure
Member and algorithm steps can be realized with the combination of electronic hardware or computer software and electronic hardware.These functions are actually
It is implemented in hardware or software, the specific application and design constraint depending on technical solution.Professional technician
Each specific application can be used different methods to achieve the described function, but this realization is it is not considered that exceed
Scope of the present application.
In embodiment provided herein, it should be understood that disclosed device/terminal device and method, it can be with
It realizes by another way.For example, device described above/terminal device embodiment is only schematical, for example, institute
The division of module or unit is stated, only a kind of logical function partition, there may be another division manner in actual implementation, such as
Multiple units or components can be combined or can be integrated into another system, or some features can be ignored or not executed.Separately
A bit, shown or discussed mutual coupling or direct-coupling or communication connection can be through some interfaces, device
Or the INDIRECT COUPLING or communication connection of unit, it can be electrical property, mechanical or other forms.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit
The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple
In network unit.It can select some or all of unit therein according to the actual needs to realize the mesh of this embodiment scheme
's.
It, can also be in addition, each functional unit in each embodiment of the application can integrate in one processing unit
It is that each unit physically exists alone, can also be integrated in one unit with two or more units.Above-mentioned integrated list
Member both can take the form of hardware realization, can also realize in the form of software functional units.
If the integrated module/unit be realized in the form of SFU software functional unit and as independent product sale or
In use, can store in a computer readable storage medium.Based on this understanding, the application realizes above-mentioned implementation
All or part of the process in example method, can also instruct relevant hardware to complete, the meter by computer program
Calculation machine program can be stored in a computer readable storage medium, the computer program when being executed by processor, it can be achieved that on
The step of stating each embodiment of the method.Wherein, the computer program includes computer program code, the computer program generation
Code can be source code form, object identification code form, executable file or certain intermediate forms etc..The computer-readable medium
It may include: any entity or device, recording medium, USB flash disk, mobile hard disk, magnetic that can carry the computer program code
Dish, CD, computer storage, read-only memory (ROM, Read-Only Memory), random access memory (RAM,
Random Access Memory), electric carrier signal, telecommunication signal and software distribution medium etc..It should be noted that described
The content that computer-readable medium includes can carry out increasing appropriate according to the requirement made laws in jurisdiction with patent practice
Subtract, such as does not include electric carrier signal and electricity according to legislation and patent practice, computer-readable medium in certain jurisdictions
Believe signal.
Embodiment described above is only to illustrate the technical solution of the application, rather than its limitations;Although referring to aforementioned reality
Example is applied the application is described in detail, those skilled in the art should understand that: it still can be to aforementioned each
Technical solution documented by embodiment is modified or equivalent replacement of some of the technical features;And these are modified
Or replacement, the spirit and scope of each embodiment technical solution of the application that it does not separate the essence of the corresponding technical solution should all
Comprising within the scope of protection of this application.
Claims (10)
1. a kind of key component verification method characterized by comprising
It receives component and reads instruction, instruction is read according to the component and reads first key group member record, wherein key group minute mark
Record includes key component and component satellite information;
To the first key group member record carry out Hash calculation, judge the first cryptographic Hash being calculated whether with key authentication
The second cryptographic Hash in record is consistent;
When first cryptographic Hash is consistent with second cryptographic Hash, the first key group member record is verified.
2. key component verification method as described in claim 1, which is characterized in that the method also includes:
Key component in each first key group member record is synthesized with preset composite formula, obtains first key original
Text;
Remember using the first key original text and the corresponding original text satellite information of the first key original text as first key original text
Record;
To the first key original text record carry out Hash calculation, judge the third cryptographic Hash being calculated whether with the key
The 4th cryptographic Hash in verifying record is consistent;
When the third cryptographic Hash is consistent with the 4th cryptographic Hash, the first key original text record is verified.
3. key component verification method as described in claim 1, which is characterized in that described to the first key group minute mark
Record carries out before Hash calculation further include:
It receives key authentication record and reads instruction, instruction is read according to the key authentication and reads key authentication record, wherein institute
Stating key authentication record includes component satellite information, the second cryptographic Hash and the 4th cryptographic Hash;
Judge whether the key authentication record meets preset format requirement;
It is accordingly, described that Hash calculation is carried out to the first key group member record specifically:
When key authentication record meets the preset format requirement, Hash meter is carried out to the first key group member record
It calculates.
4. key component verification method as claimed in claim 3, which is characterized in that described when key authentication record meets
When the preset format requires, Hash calculation is carried out to the first key group member record and is specifically included:
When key authentication record meets the preset format requirement, the component in the first key group member record is judged
Whether satellite information is consistent with corresponding component satellite information in key authentication record;
When the component satellite information in the first key group member record and corresponding component in key authentication record are attached
When information is consistent, Hash calculation is carried out to the first key group member record.
5. key component verification method as described in claim 1, which is characterized in that the calculation method of second cryptographic Hash is such as
Under:
It is attached with key component to be backed up and the corresponding component of key component to be backed up during cipher key backup
Information is as the second key group member record;
Hash calculation is carried out to the second key group member record, obtains second cryptographic Hash.
6. key component verification method as claimed in claim 5, which is characterized in that the calculation method of the 4th cryptographic Hash is such as
Under:
It is attached with key original text to be calculated and the corresponding original text of key original text to be calculated during cipher key backup
Information is recorded as the second key original text;
The second key original text is recorded and carries out Hash calculation, obtains the 4th cryptographic Hash.
7. a kind of key component verifies device characterized by comprising
Component logging modle reads instruction for receiving component, reads instruction according to the component and read first key group minute mark
Record, wherein key group member record includes key component and component satellite information;
First authentication module judges the be calculated first Kazakhstan for carrying out Hash calculation to the first key group member record
Whether uncommon value is consistent with the second cryptographic Hash in key authentication record;
Component is used for the first key component when first cryptographic Hash is consistent with second cryptographic Hash by module
Record is verified.
8. key component as claimed in claim 7 verifies device, which is characterized in that described device further include:
Original text synthesis module, for closing the key component in each first key group member record with preset composite formula
At obtaining first key original text;
Original text logging modle, for being made with the first key original text and the corresponding original text satellite information of the first key original text
For first key original text record;
Second authentication module carries out Hash calculation for recording to the first key original text, judges that the third being calculated is breathed out
Whether uncommon value is consistent with the 4th cryptographic Hash in key authentication record;
Original text is used for the first key original text when the third cryptographic Hash is consistent with the 4th cryptographic Hash by module
Record is verified.
9. a kind of terminal device, including memory, processor and storage are in the memory and can be on the processor
The computer program of operation, which is characterized in that the processor realizes such as claim 1 to 6 when executing the computer program
The step of any one the method.
10. a kind of computer readable storage medium, the computer-readable recording medium storage has computer program, and feature exists
In when the computer program is executed by processor the step of any one of such as claim 1 to 6 of realization the method.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811654834.9A CN109768853A (en) | 2018-12-29 | 2018-12-29 | A kind of key component verification method, device and terminal device |
| PCT/CN2019/116301 WO2020134637A1 (en) | 2018-12-29 | 2019-11-07 | Key component verification method and apparatus, and terminal device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811654834.9A CN109768853A (en) | 2018-12-29 | 2018-12-29 | A kind of key component verification method, device and terminal device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109768853A true CN109768853A (en) | 2019-05-17 |
Family
ID=66452564
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811654834.9A Pending CN109768853A (en) | 2018-12-29 | 2018-12-29 | A kind of key component verification method, device and terminal device |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN109768853A (en) |
| WO (1) | WO2020134637A1 (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2020134637A1 (en) * | 2018-12-29 | 2020-07-02 | 百富计算机技术(深圳)有限公司 | Key component verification method and apparatus, and terminal device |
| CN111967609A (en) * | 2020-08-14 | 2020-11-20 | 深圳前海微众银行股份有限公司 | Model parameter verification method, device and readable storage medium |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100088745A1 (en) * | 2008-10-06 | 2010-04-08 | Fujitsu Limited | Method for checking the integrity of large data items rapidly |
| CN103988189A (en) * | 2011-12-08 | 2014-08-13 | 国际商业机器公司 | Method for detecting data loss of data transfer between information devices |
| CN105224417A (en) * | 2006-12-05 | 2016-01-06 | 安全第一公司 | The tape backup method improved |
| CN107425962A (en) * | 2017-04-21 | 2017-12-01 | 济南浪潮高新科技投资发展有限公司 | A kind of high in the clouds data guard method of data staging encryption and segmentation |
| CN107609416A (en) * | 2017-09-11 | 2018-01-19 | 浙江志诚软件有限公司 | Safe encryption method, system, computer installation and the computer-readable recording medium of user data |
| US20180219871A1 (en) * | 2017-02-01 | 2018-08-02 | Futurewei Technologies, Inc. | Verification of fragmented information centric network chunks |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060036627A1 (en) * | 2004-08-06 | 2006-02-16 | Roger Deran | Method and apparatus for a restartable hash in a trie |
| CN107465505B (en) * | 2017-08-28 | 2021-07-09 | 创新先进技术有限公司 | Key data processing method and device and server |
| CN109768853A (en) * | 2018-12-29 | 2019-05-17 | 百富计算机技术(深圳)有限公司 | A kind of key component verification method, device and terminal device |
-
2018
- 2018-12-29 CN CN201811654834.9A patent/CN109768853A/en active Pending
-
2019
- 2019-11-07 WO PCT/CN2019/116301 patent/WO2020134637A1/en active Application Filing
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105224417A (en) * | 2006-12-05 | 2016-01-06 | 安全第一公司 | The tape backup method improved |
| US20100088745A1 (en) * | 2008-10-06 | 2010-04-08 | Fujitsu Limited | Method for checking the integrity of large data items rapidly |
| CN103988189A (en) * | 2011-12-08 | 2014-08-13 | 国际商业机器公司 | Method for detecting data loss of data transfer between information devices |
| US20180219871A1 (en) * | 2017-02-01 | 2018-08-02 | Futurewei Technologies, Inc. | Verification of fragmented information centric network chunks |
| CN107425962A (en) * | 2017-04-21 | 2017-12-01 | 济南浪潮高新科技投资发展有限公司 | A kind of high in the clouds data guard method of data staging encryption and segmentation |
| CN107609416A (en) * | 2017-09-11 | 2018-01-19 | 浙江志诚软件有限公司 | Safe encryption method, system, computer installation and the computer-readable recording medium of user data |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2020134637A1 (en) * | 2018-12-29 | 2020-07-02 | 百富计算机技术(深圳)有限公司 | Key component verification method and apparatus, and terminal device |
| CN111967609A (en) * | 2020-08-14 | 2020-11-20 | 深圳前海微众银行股份有限公司 | Model parameter verification method, device and readable storage medium |
| CN111967609B (en) * | 2020-08-14 | 2021-08-06 | 深圳前海微众银行股份有限公司 | Model parameter verification method, device and readable storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2020134637A1 (en) | 2020-07-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105391717B (en) | A kind of APK signature authentication method and its system | |
| CN104537293B (en) | Authenticating device and system | |
| EP3779760B1 (en) | Blockchain-based data processing method and apparatus, and electronic device | |
| EP3741082A1 (en) | Proof chaining and decomposition | |
| US10205747B2 (en) | Protection for computing systems from revoked system updates | |
| CN110225063A (en) | Upgrade method, upgrade-system, server and the car-mounted terminal of automobile mounted system | |
| CN101454751A (en) | Execution of a secured environment initialization instruction on a point-to-point interconnect system | |
| KR20180089670A (en) | Method for generating and verifying an digital signature or message authentication code based on a block chain that does not require key management | |
| CN112104627B (en) | Block chain-based data transmission method and device, electronic equipment and storage medium | |
| CN114154987B (en) | Meta-universe safety system based on NFR and inter-link network and operation method | |
| US9659171B2 (en) | Systems and methods for detecting tampering of an information handling system | |
| WO2011136767A1 (en) | Protecting the information encoded in a bloom filter using encoded bits of data | |
| CN110309160A (en) | Data enter chain transaction methods, device, computer equipment and storage medium | |
| CN109768853A (en) | A kind of key component verification method, device and terminal device | |
| CN107171808B (en) | A kind of verification method and device of electronic record authenticity | |
| CN107315945A (en) | The disk decryption method and device of a kind of electronic equipment | |
| US9965625B2 (en) | Control system and authentication device | |
| CN112560062B (en) | Anti-counterfeiting method and device for prescription signature, electronic equipment and storage medium | |
| CN110780900A (en) | Electric power acquisition terminal upgrading method and system and electric power acquisition terminal | |
| US9607135B2 (en) | Asset protection based on redundantly associated trusted entitlement verification | |
| CN108052842A (en) | Storage, verification method and the device of signed data | |
| CN113821446A (en) | Test verification method and device for transaction system | |
| CN110929271A (en) | Chip tamper-proofing method, system, terminal and storage medium | |
| CN109711177A (en) | Data safety control method and terminal device based on biological information identification | |
| CN114401096B (en) | Block chain data uplink control method, device, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190517 |