CN116506120A - Key loading method, key system and readable storage medium - Google Patents
Key loading method, key system and readable storage medium Download PDFInfo
- Publication number
- CN116506120A CN116506120A CN202310750445.0A CN202310750445A CN116506120A CN 116506120 A CN116506120 A CN 116506120A CN 202310750445 A CN202310750445 A CN 202310750445A CN 116506120 A CN116506120 A CN 116506120A
- Authority
- CN
- China
- Prior art keywords
- key
- white
- dynamic library
- browser
- box password
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000011068 loading method Methods 0.000 title claims abstract description 46
- 230000006870 function Effects 0.000 claims abstract description 62
- 230000004044 response Effects 0.000 claims abstract description 8
- 238000000034 method Methods 0.000 claims description 27
- 230000005540 biological transmission Effects 0.000 claims description 12
- 238000012423 maintenance Methods 0.000 abstract description 6
- 238000012795 verification Methods 0.000 description 11
- 238000004590 computer program Methods 0.000 description 10
- 238000010586 diagram Methods 0.000 description 9
- 238000004891 communication Methods 0.000 description 7
- XXQCMVYBAALAJK-UHFFFAOYSA-N ethyl n-[4-[benzyl(2-phenylethyl)amino]-2-(2-phenylethyl)-1h-imidazo[4,5-c]pyridin-6-yl]carbamate Chemical compound N=1C=2C(N(CCC=3C=CC=CC=3)CC=3C=CC=CC=3)=NC(NC(=O)OCC)=CC=2NC=1CCC1=CC=CC=C1 XXQCMVYBAALAJK-UHFFFAOYSA-N 0.000 description 6
- 238000012545 processing Methods 0.000 description 6
- 238000012986 modification Methods 0.000 description 5
- 230000004048 modification Effects 0.000 description 5
- 230000008569 process Effects 0.000 description 4
- 238000011161 development Methods 0.000 description 3
- 230000004075 alteration Effects 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 238000013500 data storage Methods 0.000 description 1
- 239000006185 dispersion Substances 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0822—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3297—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/16—Obfuscation or hiding, e.g. involving white box
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/121—Timestamp
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a key loading method, a key system and a readable storage medium, and belongs to the technical field of confidentiality. The invention is applied to a browser, encrypts a service function key of the browser based on a root key in a pre-stored white box password dynamic library to obtain a target key, and stores the target key in a local memory of a computer; when receiving a key index sent by a service function module of a browser, acquiring the target key corresponding to the key index; decrypting the target key based on a root key in a pre-stored white box password dynamic library to obtain the service function key; responding to the password service required by the business function module based on the business function key; and when the password service response is completed, clearing the decrypted target key. The software mode can be realized through the white-box password dynamic library, so that the operation and maintenance cost of the browser is reduced while the security of the key loading is improved.
Description
Technical Field
The present invention relates to the field of security technologies, and in particular, to a key loading method, a key system, and a readable storage medium.
Background
When the browser accesses some websites, such as banking websites, shopping websites and other websites related to financial services, the browser needs to load the security key, and when the security key is loaded, the risk of security key leakage exists, so that the browser needs to ensure the security of key loading.
In the existing browser, the method for ensuring the safety of the secret key mainly adopts external safety equipment such as an intelligent password key and the like to ensure the safety of the secret key loading. Although the method has a strong effect of guaranteeing the safety of key loading, when the browser is developed, a browser developer needs to purchase a password component, and the problems of high development cost and high operation and maintenance cost exist.
The foregoing is provided merely for the purpose of facilitating understanding of the technical solutions of the present invention and is not intended to represent an admission that the foregoing is prior art.
Disclosure of Invention
The invention mainly aims to provide a key loading method, which aims to solve the problems that in order to ensure the security of key loading when a browser is developed, a browser developer needs to purchase a password component, and the development cost and the operation and maintenance cost are high.
In order to achieve the above object, the present invention provides a key loading method, applied to a browser, the key loading method comprising the following steps:
Encrypting a service function key of the browser based on a root key in a pre-stored white box password dynamic library to obtain a target key, and storing the target key in a local memory of a computer;
when receiving a key index sent by a service function module of a browser, acquiring the target key corresponding to the key index;
decrypting the target key based on a root key in a pre-stored white box password dynamic library to obtain the service function key;
responding to the password service required by the business function module based on the business function key;
and when the password service response is completed, clearing the decrypted target key.
Optionally, before the step of obtaining the target key and storing the target key in the local memory of the computer by encrypting the service function key of the browser based on the root key in the pre-stored white-box password dynamic library, the method further comprises:
sending the MAC address and the time stamp of the current computer to a background service module;
receiving the MAC address and the timestamp sent by the background service module and generating a white box password dynamic library;
and storing the white-box password dynamic library into a local memory to serve as the pre-stored white-box password dynamic library.
Optionally, before the step of sending the MAC address and the timestamp of the current computer to the background service module, the method further includes:
receiving a security channel establishment request which is sent by the background service module and is generated based on a security protocol;
responding to the safety channel establishment request sent by the background service module within preset time;
and establishing a secure channel with the background service module based on the secure protocol for secure transmission of information.
Optionally, before the step of acquiring the target key corresponding to the key index when the key index sent by the service function module of the browser is received, the method further includes:
determining whether the pre-stored white box password dynamic library is configured in a target storage path;
sending the MAC address and the current time stamp of the current computer to a background service module;
receiving a current hash value generated by the background service module based on the MAC address and the current timestamp;
and determining whether the pre-stored white-box password dynamic library is tampered according to the current hash value and the historical hash value, wherein the historical hash value is the hash value in the pre-stored white-box password dynamic library.
Optionally, the step of determining whether the pre-stored white-box cryptographic dynamic library is tampered according to the current hash value and the historical hash value includes:
checking whether the current hash value matches the history hash value;
if yes, the pre-stored white box password dynamic library is not tampered, and the step of acquiring a target key corresponding to the key index is executed when the key index sent by a business function module of the browser is received;
if not, the pre-stored white box password dynamic library is tampered; and receiving a current white-box password dynamic library associated with the current timestamp by the background service module, and replacing the pre-stored white-box password dynamic library based on the current white-box password dynamic library.
Optionally, after the step of determining whether the pre-stored white-box password dynamic library is tampered according to the current hash value and the historical hash value, the method further includes:
determining whether to update the white-box password dynamic library according to the time interval between the time stamp in the pre-stored white-box password dynamic library and the current time stamp;
if the time interval between the current time stamps is larger than a preset interval threshold value, updating a white box password dynamic library;
And if the time interval between the current time stamps is not greater than the preset interval threshold, executing the step of acquiring a target key corresponding to the key index when the key index sent by the business function module of the browser is received.
Optionally, the step of updating the white-box password dynamic library includes:
acquiring a current white-box password dynamic library associated with the current timestamp from the background service module;
and decrypting each ciphertext according to the pre-stored dynamic white box password library, decrypting a plaintext obtained by decrypting the ciphertext, and encrypting again based on the current dynamic white box password library to finish updating the dynamic white box password library.
In addition, in order to achieve the above object, the present invention provides a key loading method, which is applied to a background service module, and the key loading method includes the following steps:
determining a hash value according to the current computer MAC address and the timestamp sent by the browser, and sending the hash value to the browser;
dispersing a preset basic key according to the hash value to determine a root key;
the root key and a preset encryption algorithm are stored in an associated mode to obtain a preset encryption table;
generating a white-box password dynamic library according to the preset password table, the timestamp and the hash value;
And sending the white-box password dynamic library to the browser, so that the browser dynamically determines whether updating is needed and whether the browser is tampered according to the white-box password, and determines whether to execute the step of acquiring a target key corresponding to the key index when receiving the key index sent by the service function module of the browser.
In addition, to achieve the above object, the present invention also provides a key system including: the system comprises a browser, a background service module, a memory, a processor and a key loading program which is stored in the memory and can run on the processor, wherein the key loading program realizes the steps of the key loading method when being executed by the processor.
In addition, in order to achieve the above object, the present invention also provides a computer-readable storage medium having stored thereon a key loading program which, when executed by a processor, implements the steps of the key loading method as described above.
The embodiment of the invention provides a key loading method, a key system and a readable storage medium, wherein a target key corresponding to a password service is obtained through a key index, and a key required for realizing the password service can be obtained only by decrypting the target key based on a root key in a white-box password dynamic library. The white box password dynamic library is adopted to hide the secret key, so that the operation and maintenance cost of the browser can be reduced while the secret key loading safety is improved in a software mode.
Drawings
FIG. 1 is a schematic diagram of the hardware operating environment of a key system according to an embodiment of the present invention;
FIG. 2 is a flow chart of a first embodiment of the key loading method of the present invention;
FIG. 3 is a flow chart of a second embodiment of the key loading method of the present invention;
FIG. 4 is a flow chart of a third embodiment of the key loading method of the present invention;
FIG. 5 is a flow chart of a fourth embodiment of the key loading method of the present invention;
FIG. 6 is a flowchart of a fifth embodiment of the key loading method of the present invention;
FIG. 7 is a flowchart of a sixth embodiment of the key loading method of the present invention;
fig. 8 is a schematic diagram of a system architecture of the key loading method of the present invention.
The achievement of the objects, functional features and advantages of the present invention will be further described with reference to the accompanying drawings, in conjunction with the embodiments.
Detailed Description
According to the key loading method, the key system and the readable storage medium, the target key corresponding to the password service is obtained through the key index, and the key required for realizing the password service can be obtained only by decrypting the target key based on the root key in the white-box password dynamic library. The white box password dynamic library is adopted to hide the secret key, so that the operation and maintenance cost of the browser can be reduced while the secret key loading safety is improved in a software mode.
In order to better understand the above technical solution, exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
As an implementation scheme, fig. 1 is a schematic architecture diagram of a hardware running environment of a key system according to an embodiment of the present invention.
As shown in fig. 1, the key system may include: a processor 101, such as a central processing unit (Central Processing Unit, CPU), a memory 102, a communication bus 103. The Memory 102 may be a high-speed random access Memory (Random Access Memory, RAM) Memory or a stable nonvolatile Memory (NVM), such as a disk Memory. The memory 102 may alternatively be a storage device separate from the aforementioned processor 101. The communication bus 103 is used to enable connected communication among the components.
Those skilled in the art will appreciate that the structure shown in fig. 1 is not limiting of the key system and may include more or fewer components than shown, or may combine certain components, or a different arrangement of components.
As shown in fig. 1, an operating system, a data storage module, a network communication module, a user interface module, and a key loader may be included in the memory 102, which is one type of computer-readable storage medium.
In the key system shown in fig. 1, the processor 101, the memory 102 may be provided in a key system that calls a key loader stored in the memory 102 through the processor 101 and performs the following operations:
encrypting a service function key of the browser based on a root key in a pre-stored white box password dynamic library to obtain a target key, and storing the target key in a local memory of a computer;
when receiving a key index sent by a service function module of a browser, acquiring the target key corresponding to the key index;
decrypting the target key based on a root key in a pre-stored white box password dynamic library to obtain the service function key;
responding to the password service required by the business function module based on the business function key;
And when the password service response is completed, clearing the decrypted target key.
In one embodiment, the processor 101 may be configured to call a key loader stored in the memory 102 and perform the following operations:
sending the MAC address and the time stamp of the current computer to a background service module;
receiving the MAC address and the timestamp sent by the background service module and generating a white box password dynamic library;
and storing the white-box password dynamic library into a local memory to serve as the pre-stored white-box password dynamic library.
In one embodiment, the processor 101 may be configured to call a key loader stored in the memory 102 and perform the following operations:
receiving a security channel establishment request which is sent by the background service module and is generated based on a security protocol;
responding to the safety channel establishment request sent by the background service module within preset time;
and establishing a secure channel with the background service module based on the secure protocol for secure transmission of information.
In one embodiment, the processor 101 may be configured to call a key loader stored in the memory 102 and perform the following operations:
determining whether the pre-stored white box password dynamic library is configured in a target storage path;
Sending the MAC address and the current time stamp of the current computer to a background service module;
receiving a current hash value generated by the background service module based on the MAC address and the current timestamp;
and determining whether the pre-stored white-box password dynamic library is tampered according to the current hash value and the historical hash value, wherein the historical hash value is the hash value in the pre-stored white-box password dynamic library.
In one embodiment, the processor 101 may be configured to call a key loader stored in the memory 102 and perform the following operations:
checking whether the current hash value matches the history hash value;
if yes, the pre-stored white box password dynamic library is not tampered, and the step of acquiring a target key corresponding to the key index is executed when the key index sent by a business function module of the browser is received;
if not, the pre-stored white box password dynamic library is tampered; and receiving a current white-box password dynamic library associated with the current timestamp by the background service module, and replacing the pre-stored white-box password dynamic library based on the current white-box password dynamic library.
In one embodiment, the processor 101 may be configured to call a key loader stored in the memory 102 and perform the following operations:
Determining whether to update the white-box password dynamic library according to the time interval between the time stamp in the pre-stored white-box password dynamic library and the current time stamp;
if the time interval between the current time stamps is larger than a preset interval threshold value, updating a white box password dynamic library;
and if the time interval between the current time stamps is not greater than the preset interval threshold, executing the step of acquiring a target key corresponding to the key index when the key index sent by the business function module of the browser is received.
In one embodiment, the processor 101 may be configured to call a key loader stored in the memory 102 and perform the following operations:
acquiring a current white-box password dynamic library associated with the current timestamp from the background service module;
and decrypting each ciphertext according to the pre-stored dynamic white box password library, decrypting a plaintext obtained by decrypting the ciphertext, and encrypting again based on the current dynamic white box password library to finish updating the dynamic white box password library.
In one embodiment, the processor 101 may be configured to call a key loader stored in the memory 102 and perform the following operations:
determining a hash value according to the current computer MAC address and the timestamp sent by the browser, and sending the hash value to the browser;
Dispersing a preset basic key according to the hash value to determine a root key;
the root key and a preset encryption algorithm are stored in an associated mode to obtain a preset encryption table;
generating a white-box password dynamic library according to the preset password table, the timestamp and the hash value;
and sending the white-box password dynamic library to the browser, so that the browser dynamically determines whether updating is needed and whether the browser is tampered according to the white-box password, and determines whether to execute the step of acquiring a target key corresponding to the key index when receiving the key index sent by the service function module of the browser.
Based on the hardware architecture of the access control system, the embodiment of the identity verification method is provided.
Referring to fig. 2, in a first embodiment, the key loading method is applied to a browser, and includes the steps of:
step S110: and encrypting the service function key of the browser based on the root key in the pre-stored white box password dynamic library to obtain a target key, and storing the target key in a local memory of the computer.
In this embodiment, the browser encrypts and stores the service function key based on the root key in the pre-stored white box password dynamic library, so that the service key can be hidden, and the service key is prevented from being revealed or illegally stolen by people.
Step S120: and when receiving the key index sent by the service function module of the browser, acquiring the target key corresponding to the key index.
In this embodiment, the service function module of the browser sends a key index corresponding to the cryptographic service to the browser according to the cryptographic service to be executed, and the browser obtains the target key corresponding to the cryptographic service according to the key index.
Optionally, the cryptographic services include, but are not limited to, encryption services, decryption services, signature verification services, and hash table look-up services.
In this embodiment, the service function module of the browser is used for retrieving, displaying and delivering the web page information resource by the browser.
In this embodiment, the target key refers to a key pre-stored in a local target path, and is a key stored in the local database after encrypting a key required for implementing a cryptographic service; optionally, when the cryptographic service is an encryption service, a key required to implement the encryption service is an encryption key; when the password service is a decryption service, a key required for realizing the decryption service is a decryption key; when the password service is signature service, a key required for realizing the signature service is a signature key; when the password service is the signature verification service, the key required for realizing the signature verification service is the signature verification key.
Step S130: and decrypting the target key based on a root key in a pre-stored white box password dynamic library to obtain the service function key.
In this embodiment, the white-box cryptographic dynamic library is generated based on a cryptographic table, a timestamp, and a hash value.
In this embodiment, the target key is decrypted based on the root key in the pre-stored white-box cryptographic dynamic library, so as to obtain the key required for implementing the cryptographic service.
In this embodiment, the root key is generated by the background service module, and it can be understood that the root key is used to encrypt the key required for implementing the cryptographic service, so as to obtain the target key.
In this embodiment, the root key is related to the MAC address of the computer and the timestamp at which the root key was generated; in this embodiment, the root key is hidden in the white-box password dynamic library, and the root key needs to be obtained by a table look-up method.
Optionally, when the cryptographic service is an encryption service, decrypting the target key based on the root key in the pre-stored white box cryptographic dynamic library to obtain an encryption key; when the password service is decryption service, decrypting the target key based on a root key in a pre-stored white box password dynamic library to obtain a decryption key; when the password service is signature service, decrypting the target key based on a root key in a pre-stored white box password dynamic library to obtain a signature key; and when the password service is the signature verification service, decrypting the target key based on the root key in the pre-stored white box password dynamic library, so as to obtain the signature verification key.
Step S140: and responding to the password service required by the business function module based on the business function key.
Alternatively, the service function key may be an encryption key, a decryption key, a signing key, or the like.
Illustratively, based on the encryption key, encrypting plaintext to be encrypted according to the encryption key and the encryption algorithm in response to the encryption service required by the service function module; based on the decryption key, responding to the decryption service required by the service function module, and decrypting the ciphertext to be decrypted according to the decryption key and a decryption algorithm; based on the signing key, responding to the signing service required by the service function module, and executing signing operation according to the signing key and a signing algorithm; and based on the signing verification key, responding to the signing verification service required by the service function module, and executing signing verification operation.
Step S150: and when the password service response is completed, clearing the decrypted target key.
In this embodiment, when the password service response is completed, the target key in the local memory of the computer is cleared, so as to avoid disclosure of the target key.
In a specific embodiment, when a user accesses a bank website by using a browser and logs in an account, in order to facilitate the next login, a login password needs to be stored in a local memory, that is, a service function module of the browser needs to provide encryption service. Specifically, in the process of saving the login password to the local memory by the browser, a target key related to the encryption key is required to be found according to an encryption key index, then the target key is decrypted based on a root key in a white box password dynamic library to obtain a common key for encryption, then the login password is encrypted based on the common key and a symmetric encryption algorithm to obtain a ciphertext, the ciphertext is saved to the memory, and finally the common key obtained by decryption is cleared from the local memory to complete encryption service, namely the encryption saving of the login password is completed. Of course, it can be understood that when the encryption service is performed, the encryption algorithm used corresponds to the encryption key, and the encryption algorithm may be a symmetric encryption algorithm or an asymmetric encryption algorithm, and if the symmetric encryption algorithm is used, the obtained encryption key is a common key; if an asymmetric encryption algorithm is used, the encryption key used is a public key.
In one embodiment, the business function module of the browser provides a signature service. The browser needs to decrypt the target key corresponding to the signing key based on the root key to obtain the signing key, and completes the signing operation based on the signing key and the signing algorithm. The target key is generated by encrypting the signature key by the root key and is stored in the local memory. When the browser is to load the signing key, it is necessary to decrypt the target key based on the root key to obtain the signing key. In the present embodiment, the signature algorithm is an algorithm that refers to digital signatures; the digital signature is a section of digital string which can not be forged by others only generated by the sender of the information, and the section of digital string is also an effective proof for the authenticity of the information sent by the sender of the information; digital signatures are an alphanumeric string that is processed through a one-way function to authenticate the source of the information and verify that the information has changed during transmission. The signature algorithm may be a Rabin signature algorithm, a DSS (Digital Signature Standard ) signature algorithm, and an RSA signature algorithm, among others. In this embodiment, the signing operation refers to encrypting a message to be encrypted based on a signing key and a signing algorithm, so as to obtain a digital signature. It will be appreciated, of course, that the signature is to prevent tampering of the information, to ensure data integrity and reliability and non-repudiation of the sender's role. It is assumed that the browser performs a signing operation by using an RSA signing algorithm, specifically, the browser extracts a message digest of a message, encrypts the message digest by using a signing key to generate a digital signature, encrypts the digital signature and the message together by using a public key of a signer to generate a ciphertext, and sends the ciphertext to the signer.
In the technical scheme provided by the embodiment, the target key corresponding to the password service is required to be obtained through the key index, and the target key is required to be decrypted based on the root key in the white-box password dynamic library so as to obtain the key required for realizing the password service. The white box password dynamic library is adopted to hide the secret key, so that the development cost of the browser can be reduced, and the safety of secret key loading can be ensured.
Further, referring to fig. 3, based on the foregoing embodiment, in a second embodiment, the step of encrypting the service function key of the browser to obtain the target key based on the root key in the pre-stored white-box password dynamic library and storing the target key in the local memory of the computer further includes:
step S210: and sending the MAC address and the timestamp of the current computer to the background service module.
Step S220: and receiving the MAC address and the timestamp sent by the background service module and generating a white box password dynamic library.
Step S230: and storing the white-box password dynamic library into a local memory to serve as the pre-stored white-box password dynamic library.
In this embodiment, the browser obtains the MAC address and the timestamp of the computer, and sends the MAC address and the timestamp of the computer to the background service module; and then, receiving a white box password dynamic library which is fed back by the background service module and is generated based on the MAC address and the time stamp, and storing the white box password dynamic library into a memory to be used as a pre-stored white box password dynamic library.
In this embodiment, the pre-stored white-box password dynamic library includes a hash value and a time stamp obtained when the white-box password dynamic library is generated, and when the browser is started, whether the pre-stored white-box password dynamic library is tampered and expired can be determined according to the hash value and the time stamp.
Alternatively, the hash value may be concatenated from the MAC address and the timestamp.
Optionally, whether the pre-stored white box password dynamic library is out of date may be determined according to a time interval between a time stamp in the pre-stored white box password dynamic library and a current time stamp, and if the pre-stored white box password dynamic library is out of date, the pre-stored white box password dynamic library needs to be updated.
In the technical scheme provided by the embodiment, the white box password dynamic library sent by the background service module is stored in the local memory and used for providing password service for the browser, so that the secret key can be hidden, and the security of secret key loading is improved.
Referring to fig. 4, based on the foregoing embodiment, in a third embodiment, before the step of sending the MAC address and the timestamp of the current computer to the background service module, the method further includes:
step S310: receiving a security channel establishment request which is sent by the background service module and is generated based on a security protocol;
Step S320: responding to the safety channel establishment request sent by the background service module within preset time;
step S330: and establishing a secure channel with the background service module based on the secure protocol for secure transmission of information.
In this embodiment, to ensure the security of information transmission, a secure channel is established with the background service module based on a security protocol. For example, the browser sends the MAC address and timestamp of the current computer to the background service module; for another example, when the browser receives the white-box password dynamic library and the like sent by the background service module, the situation that information data is leaked in the transmission process of the information data needs to be ensured, so that the safety of a secret key is ensured.
In this embodiment, the browser needs to respond to the secure channel establishment request sent by the background service module within a preset time, and if the secure channel establishment request sent by the background service module fails after the preset time, the background service module is required to send the secure channel establishment request again, so as to prevent an illegal intruder from influencing the establishment of the secure channel and the security of the secure channel through a technical means.
Optionally, a secure channel may be established based on SSL (Secure Sockets Layer ) protocol, providing encryption protection for network communications, ensuring that information is not stolen or tampered with during transmission. Illustratively, the background service module sends an SSL certificate to the browser to prove its identity, and after the browser receives the SSL certificate, the browser verifies the identity of the background service module by verifying the validity of the SSL certificate, and if the SSL certificate is invalid or tampered with, the browser terminates the connection; if the authentication is passed, the browser and the background service module may begin to conduct encrypted communications, i.e., complete the establishment of the secure channel. It can be understood that in encrypted communication, the browser generates a session key, where the session key is used for encrypting and interfacing information, and the background service module and the browser both use the session key to encrypt and decrypt information, so as to ensure the security of the information in the transmission process.
In the technical scheme provided by the embodiment, the security of the MAC address, the timestamp, the white box password dynamic library and the like in the transmission process can be achieved by establishing a security channel between the browser and the background service module based on the security protocol for information transmission.
Referring to fig. 5, based on the foregoing embodiment, in a fourth embodiment, before the step of obtaining the target key corresponding to the key index when the key index sent by the service function module of the browser is received, the method further includes:
step S410: determining whether the pre-stored white box password dynamic library is configured in a target storage path;
step S420: sending the MAC address and the current time stamp of the current computer to a background service module;
step S430: receiving a current hash value generated by the background service module based on the MAC address and the current timestamp;
step S440: and determining whether the pre-stored white-box password dynamic library is tampered according to the current hash value and the historical hash value, wherein the historical hash value is the hash value in the pre-stored white-box password dynamic library.
In this embodiment, if a pre-stored white-box password dynamic library is configured in the target storage path, the pre-stored white-box password dynamic library is identified, and whether the pre-stored white-box password dynamic library is tampered is determined.
In this embodiment, after determining that a pre-stored white box password dynamic library is configured in a target storage path, a browser sends an MAC address and a current timestamp of a current computer to a background service module, and receives a current hash value generated by splicing the background service module based on the MAC address and the current timestamp; the browser can determine whether the pre-stored white-box password dynamic library is tampered by verifying whether the received current hash value is matched with the hash value in the pre-stored white-box password dynamic library.
Optionally, a target storage path may be determined according to an installation storage path of the browser, and a file in the target storage path may be scanned, so as to determine whether a white-box password dynamic library is pre-stored in the target storage path.
In the technical scheme provided by the embodiment, based on the second primary image attack resistance property of the hash value, whether the pre-stored white box password dynamic library is tampered or not can be further achieved by identifying whether the current hash value is matched with the historical hash value.
Further, the step of determining whether the pre-stored white-box password dynamic library is tampered according to the current hash value and the historical hash value includes:
Step S441: checking whether the current hash value matches the history hash value;
step S442: if yes, the pre-stored white box password dynamic library is not tampered, and the step of acquiring a target key corresponding to the key index is executed when the key index sent by a business function module of the browser is received;
step S443: if not, the pre-stored white box password dynamic library is tampered; and receiving a current white-box password dynamic library associated with the current timestamp by the background service module, and replacing the pre-stored white-box password dynamic library based on the current white-box password dynamic library.
In this embodiment, if it is determined that the pre-stored white-box password dynamic library is tampered, the pre-stored white-box password dynamic library needs to be discarded, if the tampered pre-stored white-box password dynamic library is not discarded, but the tampered white-box password dynamic library is continuously used, the key related to the password service stored in the local memory is loaded to provide the password service, and when the key related to the password service stored in the local memory is loaded by the browser, the risk of key leakage exists.
In the technical scheme provided by the embodiment, after the pre-stored white box password dynamic library is tampered, the pre-stored white box password dynamic library is abandoned, and the current white box password dynamic library associated with the current timestamp is acquired, so that the pre-stored white box password dynamic library is replaced, and the security of key loading is further ensured.
Referring to fig. 6, based on the foregoing embodiment, in a fifth embodiment, after the step of determining whether the pre-stored white-box cryptographic dynamic library is tampered according to the current hash value and the historical hash value, the method further includes:
step S510: determining whether to update the white-box password dynamic library according to the time interval between the time stamp in the pre-stored white-box password dynamic library and the current time stamp;
step S520: if the time interval between the current time stamps is larger than a preset interval threshold value, updating a white box password dynamic library;
step S530: and if the time interval between the current time stamps is not greater than the preset interval threshold, executing the step of acquiring a target key corresponding to the key index when the key index sent by the business function module of the browser is received.
In this embodiment, by acquiring a time stamp and a current time stamp in a pre-stored white box password dynamic library, and determining whether the pre-stored white box password dynamic library is expired according to a time interval between the time stamp and the current time stamp in the pre-stored white box password dynamic library, when the pre-stored white box password dynamic library is expired, the pre-stored white box password dynamic library needs to be updated, and then password service is provided for a browser.
Alternatively, the preset interval threshold may be set according to actual needs, so the preset interval threshold is not specifically limited herein.
For example, assuming that the preset interval threshold is seven days, after the user starts the browser, the browser obtains that the timestamp in the pre-stored white-box password dynamic library is two zero two three years, five month and one day, and obtains that the current timestamp is two zero two three years, six month and one day, so that the time interval between the timestamp in the pre-stored white-box password dynamic library and the current timestamp is thirty days, and the time interval is greater than the preset time interval threshold, it can be determined that the preset white-box password dynamic library has expired, and the preset white-box password dynamic library needs to be updated.
Further, the step of updating the white-box password dynamic library includes:
step 521: acquiring a current white-box password dynamic library associated with the current timestamp from the background service module;
step S522: and decrypting each ciphertext according to the pre-stored dynamic white box password library, decrypting a plaintext obtained by decrypting the ciphertext, and encrypting again based on the current dynamic white box password library to finish updating the dynamic white box password library.
In this embodiment, it can be understood that the current white-box password dynamic library associated with the current timestamp acquired from the background service module is the latest white-box password dynamic library.
In this embodiment. And after decrypting each ciphertext according to the pre-stored white box password dynamic library, immediately encrypting each decrypted ciphertext by using the current white box password dynamic library to finish updating the white box password dynamic library.
In the technical scheme provided by the embodiment, when the time interval between the time stamp in the pre-stored white box password dynamic library and the current time stamp is larger than the preset time interval threshold, the pre-stored white box password dynamic library is updated, so that the safety in the whole life cycle of the secret key can be ensured, and the secret key leakage is avoided.
Further, referring to fig. 7, based on the above-described embodiment, in a sixth embodiment, the key loading method is applied to a background service module, the key loading method includes the steps of:
step S610: determining a hash value according to the current computer MAC address and the timestamp sent by the browser, and sending the hash value to the browser;
step S620: dispersing a preset basic key according to the hash value to determine a root key;
step S630: the root key and a preset encryption algorithm are stored in an associated mode to obtain a preset encryption table;
step S640: generating a white-box password dynamic library according to the preset password table, the timestamp and the hash value;
Step S650: and sending the white-box password dynamic library to the browser, so that the browser dynamically determines whether updating is needed and whether the browser is tampered according to the white-box password, and determines whether to execute the step of acquiring a target key corresponding to the key index when receiving the key index sent by the service function module of the browser.
In one embodiment, before the step of determining the hash value according to the current computer MAC address and the timestamp sent by the browser and sending the hash value to the browser, the method further includes:
the background service module sends a security channel establishment request generated based on a security protocol to the browser, receives a response from the browser in a preset time, and further establishes a security channel with the browser based on the security protocol to realize the security transmission of information.
Illustratively, the background service module receives the current computer MAC address A0 and the timestamp B0 sent by the browser, and generates a hash value C0 based on the SM3 cryptographic algorithm with the current computer MAC address A0 and the timestamp B0, that is, c0=sm3 (a0||b0); dispersing a base key Kbass based on an SM4 cryptographic algorithm by using the hash value C0 as a dispersion factor to obtain a browser root key d0=sm4 (Kbass, C0); the background service module generates a white box password lookup table by using the root key D0, namely, the root key D0 is white-boxed, and the root key D0 is hidden; and preparing the white-box password lookup table into a white-box password dynamic library, and sending the white-box password dynamic library to a browser. The timestamp B0 included in the white-box password dynamic library can be used as a basis for identifying whether the white-box password dynamic library is out of date by a browser; the hash value C0 can be used as a basis for the browser to identify whether the white-box password dynamic library is tampered; the white-box password dynamic library is used for providing password service for the browser.
The background service module receives the current computer MAC address A1 and the current timestamp B1 sent by the browser through the secure channel, generates a current hash value C1 based on the SM3 cryptographic algorithm, that is, c1=sm3 (a 1||b1), and sends the current hash value C1 to the browser through the secure channel for the browser to identify whether the pre-stored white-box cryptographic dynamic library is tampered with.
In the technical scheme provided by the embodiment, a background service module is used for generating a hash value which can be used for identifying whether a pre-stored white box password dynamic library is tampered by a browser; the method generates the white-box password dynamic library, can be used for providing password service for the browser, and further reduces the operation and maintenance cost of the browser while improving the security of key loading in a software mode through the white-box password dynamic library.
Further, referring to fig. 8, the present embodiment also proposes a key system 10, the key system 10 including:
the browser service function module 11 may be used for browser retrieval, presentation and delivery of web page information resources.
The cryptographic service module 12 can provide cryptographic services for the browser, including algorithms such as SM2, SM3, SM4, and RSA, AES, SHA 256. The cipher service module is internally provided with a white-box cipher dynamic library 13 which comprises white-box cipher lookup tables of four algorithms of SM2, SM4, RSA and AES.
The background service module 14 can provide functions of random number generation, key generation, algorithm library, white-box password dynamic library update and the like, and can establish a secure channel based on a national security SSL secure channel and a browser.
In a specific embodiment, to obtain a random number, the browser needs to send a random number fetching instruction to the password service module 12 by the browser service function module 11, the password service module 12 forwards the random number fetching instruction to the white box password dynamic library 13, and the white box password dynamic library 13 establishes a secure SSL secure channel with the background service module 14 and sends the random number fetching instruction to the background service module 14 after receiving the random number fetching instruction; the background service module 14 generates a random number by adopting a hardware password component after receiving a random number taking instruction, and sends the generated random number to the white-box password dynamic library 13 through a secure channel, the white-box password dynamic library 13 forwards the random number to the password service module 12 after receiving the random number sent by the background service module 14, and then the password service module 12 returns the random number to the browser service function 11 module, so far, the key system 10 completes the process of obtaining the random number from the background service module by the browser.
For example, when a user logs in a bank account on a bank website by using a browser, in order to identify whether the login operation is an operation performed by the user or an operation performed by an illegal intruder, the browser receives a random number sent by the background service module 14 through a secure channel, the user is required to input the random number into the browser, and the browser identifies whether the random number input by the user is consistent with the random verification code, so that the login operation is determined whether the login operation is an operation performed by the user or an operation performed by the illegal intruder, and only if the authentication is passed, the browser can perform the login operation.
In the technical solution provided in this embodiment, the security protocol required for establishing the security channel is obtained based on the white-box password dynamic library 13, and then the security channel is established with the background service module 14, and the random number generated by the background service module 14 is received through the security channel, where the random number can be used for identity authentication, and can be used for authenticating whether the browser is illegally invaded or not, and so on.
Furthermore, it will be appreciated by those of ordinary skill in the art that implementing all or part of the processes in the methods of the above embodiments may be accomplished by computer programs to instruct related hardware. The computer program comprises program instructions, and the computer program may be stored in a storage medium, which is a computer readable storage medium. The program instructions are executed by at least one processor in the key system to implement the flow steps of the embodiments of the method described above.
Accordingly, the present invention also provides a computer-readable storage medium storing a key loading program which, when executed by a processor, implements the steps of the key loading method described in the above embodiments.
The computer readable storage medium may be a usb disk, a removable hard disk, a Read-Only Memory (ROM), a magnetic disk, or an optical disk, etc. which may store the program code.
It should be noted that, because the storage medium provided in the embodiments of the present application is a storage medium used to implement the method in the embodiments of the present application, based on the method described in the embodiments of the present application, a person skilled in the art can understand the specific structure and the modification of the storage medium, and therefore, the description thereof is omitted herein. All storage media used in the methods of the embodiments of the present application are within the scope of protection intended in the present application.
It will be appreciated by those skilled in the art that embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
It should be noted that in the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The invention may be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In the unit claims enumerating several means, several of these means may be embodied by one and the same item of hardware. The use of the words first, second and third, et cetera do not indicate any ordering. These words may be interpreted as names.
While preferred embodiments of the present invention have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. It is therefore intended that the following claims be interpreted as including the preferred embodiments and all such alterations and modifications as fall within the scope of the invention.
It will be apparent to those skilled in the art that various modifications and variations can be made to the present invention without departing from the spirit or scope of the invention. Thus, it is intended that the present invention also include such modifications and alterations insofar as they come within the scope of the appended claims or the equivalents thereof.
Claims (10)
1. A key loading method, characterized in that it is applied to a browser, said key loading method comprising the steps of:
encrypting a service function key of the browser based on a root key in a pre-stored white box password dynamic library to obtain a target key, and storing the target key in a local memory of a computer;
when receiving a key index sent by a service function module of a browser, acquiring the target key corresponding to the key index;
decrypting the target key based on a root key in a pre-stored white box password dynamic library to obtain the service function key;
Responding to the password service required by the business function module based on the business function key;
and when the password service response is completed, clearing the decrypted target key.
2. The key loading method according to claim 1, wherein the step of encrypting the service function key of the browser based on the root key in the pre-stored white-box password dynamic library to obtain the target key and storing the target key in the local memory of the computer further comprises:
sending the MAC address and the time stamp of the current computer to a background service module;
receiving the MAC address and the timestamp sent by the background service module and generating a white box password dynamic library;
and storing the white-box password dynamic library into a local memory to serve as the pre-stored white-box password dynamic library.
3. The key loading method of claim 2, wherein before the step of sending the MAC address and the timestamp of the current computer to the background service module, the method further comprises:
receiving a security channel establishment request which is sent by the background service module and is generated based on a security protocol;
responding to the safety channel establishment request sent by the background service module within preset time;
And establishing a secure channel with the background service module based on the secure protocol for secure transmission of information.
4. The key loading method according to claim 1, wherein before the step of obtaining the target key corresponding to the key index when the key index sent by the service function module of the browser is received, the method further comprises:
determining whether the pre-stored white box password dynamic library is configured in a target storage path;
sending the MAC address and the current time stamp of the current computer to a background service module;
receiving a current hash value generated by the background service module based on the MAC address and the current timestamp;
and determining whether the pre-stored white-box password dynamic library is tampered according to the current hash value and the historical hash value, wherein the historical hash value is the hash value in the pre-stored white-box password dynamic library.
5. The key loading method according to claim 4, wherein the step of determining whether the pre-stored white-box cryptographic dynamic library is tampered with based on the current hash value and the historical hash value comprises:
checking whether the current hash value matches the history hash value;
If yes, the pre-stored white box password dynamic library is not tampered, and the step of acquiring a target key corresponding to the key index is executed when the key index sent by a business function module of the browser is received;
if not, the pre-stored white box password dynamic library is tampered; and receiving a current white-box password dynamic library associated with the current timestamp by the background service module, and replacing the pre-stored white-box password dynamic library based on the current white-box password dynamic library.
6. The key loading method according to claim 4, wherein after the step of determining whether the pre-stored white-box cryptographic dynamic library is tampered with according to the current hash value and the history hash value, the method further comprises:
determining whether to update the white-box password dynamic library according to the time interval between the time stamp in the pre-stored white-box password dynamic library and the current time stamp;
if the time interval between the current time stamps is larger than a preset interval threshold value, updating a white box password dynamic library;
and if the time interval between the current time stamps is not greater than the preset interval threshold, executing the step of acquiring a target key corresponding to the key index when the key index sent by the business function module of the browser is received.
7. The key loading method of claim 6, wherein the step of updating the white-box cryptographic dynamic library comprises:
acquiring a current white-box password dynamic library associated with the current timestamp from the background service module;
and decrypting each ciphertext according to the pre-stored dynamic white box password library, decrypting a plaintext obtained by decrypting the ciphertext, and encrypting again based on the current dynamic white box password library to finish updating the dynamic white box password library.
8. The key loading method is characterized by being applied to a background service module, and comprises the following steps of:
determining a hash value according to the current computer MAC address and the timestamp sent by the browser, and sending the hash value to the browser;
dispersing a preset basic key according to the hash value to determine a root key;
the root key and a preset encryption algorithm are stored in an associated mode to obtain a preset encryption table;
generating a white-box password dynamic library according to the preset password table, the timestamp and the hash value;
and sending the white-box password dynamic library to the browser, so that the browser dynamically determines whether updating is needed and whether the browser is tampered according to the white-box password, and determines whether to execute the step of acquiring a target key corresponding to the key index when receiving the key index sent by the service function module of the browser.
9. A key system, the key system comprising: a browser, a background service module, a memory, a processor and a key loader stored on the memory and executable on the processor, the key loader being configured to implement the steps of the key loading method of any of claims 1 to 8.
10. A readable storage medium, wherein a key loading program is stored on the readable storage medium, which when executed by a processor, implements the steps of the key loading method according to any one of claims 1 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310750445.0A CN116506120B (en) | 2023-06-25 | 2023-06-25 | Key loading method, key system and readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310750445.0A CN116506120B (en) | 2023-06-25 | 2023-06-25 | Key loading method, key system and readable storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116506120A true CN116506120A (en) | 2023-07-28 |
| CN116506120B CN116506120B (en) | 2023-09-29 |
Family
ID=87316832
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310750445.0A Active CN116506120B (en) | 2023-06-25 | 2023-06-25 | Key loading method, key system and readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116506120B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20130016836A1 (en) * | 2011-07-14 | 2013-01-17 | Apple Inc. | Cryptographic process execution protecting an input value against attacks |
| CN111901109A (en) * | 2020-08-04 | 2020-11-06 | 华人运通(上海)云计算科技有限公司 | White-box-based communication method, device, equipment and storage medium |
| CN114710316A (en) * | 2022-02-23 | 2022-07-05 | 北京邮电大学 | In-band telemetry data verification method and white box switch |
| CN115442046A (en) * | 2022-07-08 | 2022-12-06 | 北京罗克维尔斯科技有限公司 | Signature method, signature device, electronic equipment and storage medium |
| CN115967485A (en) * | 2022-09-12 | 2023-04-14 | 国科量子通信网络有限公司 | Encryption and decryption system based on quantum key |
-
2023
- 2023-06-25 CN CN202310750445.0A patent/CN116506120B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20130016836A1 (en) * | 2011-07-14 | 2013-01-17 | Apple Inc. | Cryptographic process execution protecting an input value against attacks |
| CN111901109A (en) * | 2020-08-04 | 2020-11-06 | 华人运通(上海)云计算科技有限公司 | White-box-based communication method, device, equipment and storage medium |
| CN114710316A (en) * | 2022-02-23 | 2022-07-05 | 北京邮电大学 | In-band telemetry data verification method and white box switch |
| CN115442046A (en) * | 2022-07-08 | 2022-12-06 | 北京罗克维尔斯科技有限公司 | Signature method, signature device, electronic equipment and storage medium |
| CN115967485A (en) * | 2022-09-12 | 2023-04-14 | 国科量子通信网络有限公司 | Encryption and decryption system based on quantum key |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116506120B (en) | 2023-09-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109858262B (en) | Process approval method, device and system based on block chain system and storage medium | |
| US10652015B2 (en) | Confidential communication management | |
| US20210051022A1 (en) | Digital transaction signing for multiple client devices using secured encrypted private keys | |
| US11930103B2 (en) | Method, user device, management device, storage medium and computer program product for key management | |
| US9847880B2 (en) | Techniques for ensuring authentication and integrity of communications | |
| CN109981255B (en) | Method and system for updating key pool | |
| CN111130798B (en) | Request authentication method and related equipment | |
| JP2003521154A (en) | How to issue electronic identification information | |
| CN104836784B (en) | A kind of information processing method, client and server | |
| CN108199847B (en) | Digital security processing method, computer device, and storage medium | |
| CN114697040B (en) | Electronic signature method and system based on symmetric key | |
| CN111080299B (en) | Anti-repudiation method for transaction information, client and server | |
| JP2022521525A (en) | Cryptographic method for validating data | |
| CN111241492A (en) | Product multi-tenant secure credit granting method, system and electronic equipment | |
| CN112765626A (en) | Authorization signature method, device and system based on escrow key and storage medium | |
| US20240259196A1 (en) | Timestamp generation method and apparatus, and electronic device and storage medium | |
| US20030221109A1 (en) | Method of and apparatus for digital signatures | |
| CN114244508A (en) | Data encryption method, device, equipment and storage medium | |
| CN114244530A (en) | Resource access method and device, electronic equipment and computer readable storage medium | |
| US20240106633A1 (en) | Account opening methods, systems, and apparatuses | |
| CN117436043A (en) | Method and device for verifying source of file to be executed and readable storage medium | |
| CN113746916A (en) | Block chain-based third-party service providing method, system and related node | |
| CN110572257B (en) | Identity-based data source identification method and system | |
| WO2023174350A1 (en) | Identity authentication method, apparatus and device, and storage medium | |
| CN116506120B (en) | Key loading method, key system and readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |