WO2017118436A1 - 密钥存储方法、密钥管理方法及装置 - Google Patents
密钥存储方法、密钥管理方法及装置 Download PDFInfo
- Publication number
- WO2017118436A1 WO2017118436A1 PCT/CN2017/070606 CN2017070606W WO2017118436A1 WO 2017118436 A1 WO2017118436 A1 WO 2017118436A1 CN 2017070606 W CN2017070606 W CN 2017070606W WO 2017118436 A1 WO2017118436 A1 WO 2017118436A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- key
- digest
- terminal
- storage area
- designated storage
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
-
- G—PHYSICS
- G09—EDUCATION; CRYPTOGRAPHY; DISPLAY; ADVERTISING; SEALS
- G09C—CIPHERING OR DECIPHERING APPARATUS FOR CRYPTOGRAPHIC OR OTHER PURPOSES INVOLVING THE NEED FOR SECRECY
- G09C1/00—Apparatus or methods whereby a given sequence of signs, e.g. an intelligible text, is transformed into an unintelligible sequence of signs by transposing the signs or groups of signs or by replacing them by others according to a predetermined system
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/088—Usage controlling of secret information, e.g. techniques for restricting cryptographic keys to pre-authorized uses, different access levels, validity of crypto-period, different key- or password length, or different strong and weak cryptographic algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3239—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/041—Key generation or derivation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/043—Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
- H04W12/0433—Key management protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/80—Wireless
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
Definitions
- the present application relates to the field of terminal technologies, and in particular, to a key storage method, a key management method, and an apparatus.
- the present application provides a key storage method, a key management method, and an apparatus.
- Some examples of the present application provide a key storage method, the method comprising:
- the terminal root key is stored in a first designated storage area of the terminal, where the first designated storage area is a password protected area;
- the first key digest is stored in a second designated storage area of the terminal, the second designated storage area being a programmable hardware area having a fusing feature.
- Some examples of the present application provide a key management method, the method comprising:
- the first designated storage area is a password protected area
- the second designated storage area refers to a programmable hardware area having a blown feature
- the terminal root key is continuously used.
- Some examples of the present application provide a key storage device, the device comprising:
- a root key generation module configured to generate a terminal root key
- a first key digest generating module configured to generate a first key digest of the terminal root key generated by the root key generating module
- a root key storage module configured to store the terminal root key generated by the root key generation module in a first designated storage area of the terminal, where the first designated storage area is a password protection area;
- a key digest storage module configured to store the first key digest generated by the first key digest generating module in a second designated storage area of the terminal, where the second designated storage area is a fusible feature Programming hardware area.
- Some examples of the present application provide a key management apparatus, the apparatus comprising:
- An acquiring module configured to obtain a terminal root key and a first key digest from the first designated storage area of the terminal and the second designated storage area, where the first key digest is a key digest of the terminal root key
- the first designated storage area is a password protected area
- the second designated storage area is a programmable hardware area having a fuse feature
- a second key digest generating module configured to generate a second key digest of the terminal key
- a comparison module configured to compare the first key digest with the second key digest
- a processing module configured to continue if the first key digest is consistent with the second key digest Use the terminal root key.
- Some examples of the present application provide a key storage device, the device comprising:
- One or more memories are One or more memories
- One or more processors among them,
- the one or more memories storing one or more instruction modules configured to be executed by the one or more processors;
- the one or more instruction modules include:
- a root key generation module configured to generate a terminal root key
- a key digest generating module configured to generate a key digest of the terminal root key generated by the root key generating module
- a root key storage module configured to store the terminal root key generated by the root key generation module in a first designated storage area of the terminal, where the first designated storage area is a password protection area;
- a key digest storage module configured to store the key digest generated by the key digest generating module in a second designated storage area of the terminal, where the second designated storage area refers to a fusible feature Programming hardware area.
- Some examples of the present application provide a key storage device, the device comprising:
- One or more memories are One or more memories
- One or more processors among them,
- the one or more memories storing one or more instruction modules configured to be executed by the one or more processors;
- the one or more instruction modules include:
- An acquiring module configured to obtain a terminal root key and a first key digest in the first designated storage area and the second specified storage area, where the first key digest is the secret of the terminal root key a key summary, the first designated storage area is a password protected area, and the second designated storage area is a programmable hardware area having a fuse feature;
- a second key digest generating module configured to generate a second key digest of the terminal key
- a comparing module configured to compare the first key digest and the second key digest
- a processing module configured to continue to use the terminal root key if the first key digest is consistent with the second key digest.
- Some examples of the present application provide a non-volatile computer readable storage medium comprising: one or more programs;
- the one or more programs are configured to be executed by one or more processors to implement the following steps:
- the first key digest is stored in a second designated storage area of the terminal, the second designated storage area being a programmable hardware area having a fusing feature.
- Some examples of the present application provide a non-volatile computer readable storage medium comprising: one or more programs; the one or more programs configured to be executed by one or more processors to implement the following steps:
- the first designated storage area is a password protected area
- the second designated storage area refers to a programmable hardware area having a blown feature
- the terminal root key is continuously used.
- FIG. 1 is a flowchart of a key storage method provided by an example of the present application.
- FIG. 2 is a flowchart of a key management method provided by an example of the present application.
- FIG. 3 is a flowchart of a key storage method provided by an example of the present application.
- FIG. 5 is a schematic structural diagram of a key storage device according to an example of the present application.
- FIG. 6 is a schematic structural diagram of a key management apparatus provided by an example of the present application.
- FIG. 7 is a block diagram of a key storage device 700 provided by an example of the present application.
- FIG. 1 is a flowchart of a key storage method provided by an example of the present application. As shown in FIG. 1 , the method includes the following steps:
- the terminal root key is stored in a first designated storage area of the terminal, where the first designated storage area is a password protected area.
- the first key digest in a second designated storage area of the terminal, where the second designated storage area refers to a programmable hardware area having a fuse feature.
- the method provided in the example of the present application can save the first key storage of the terminal root key to the second designated storage area of the terminal by storing the terminal root key in the first designated storage area of the terminal, so as to avoid other program pairs.
- the change of the terminal root key and the key digest can further improve the security of the key storage.
- the first designated storage area and the second designated storage area are two mutually independent storage areas in the terminal.
- the terminal root key is a private key in a key pair generated according to an asymmetric key algorithm.
- FIG. 2 is a flowchart of a key management method provided by an example of the present application. As shown in FIG. 2, the method includes the following steps:
- the first designated storage area is a password protected area
- the second designated storage area refers to a programmable hardware area having a blown feature.
- first key digest is consistent with the second key digest, continue to use the terminal root key.
- the method further includes:
- an algorithm used to generate a first key digest of a private key in the terminal root key and a second key digest used to generate a private key in the terminal root key are used.
- the algorithm is the same.
- the terminal root key is a private key in a key pair generated according to an asymmetric key algorithm.
- FIG. 3 is a flowchart of a key storage method provided by an example of the present application. Referring to FIG. 3, the method includes:
- the transmitting party When transmitting data with the terminal, the transmitting party needs to encrypt the transmitted data through the key, so that only the recipient of the corresponding key can decrypt the encrypted data to obtain the data transmitted by the transmitting party.
- the terminal root key is an asymmetric key
- the private key of the root key is stored in the terminal, and the transmitted data is encrypted or decrypted by using the private key of the terminal root key;
- the third party performing data transmission by the terminal needs to acquire the public key of the terminal root key, and encrypt or decrypt the transmitted data by using the public key of the terminal root key, thereby realizing data transmission between the terminal and the third party.
- the terminal manufacturer writes the terminal root key generated by the key generation server to the terminal TA (Trusted Application) code before the terminal leaves the factory, so as to implement storage of the terminal root key.
- the TA runs in the TEE (Trusted Execution Environment) of the terminal.
- the logical behavior and storage behavior of the TA application are safe.
- the TEE can be considered as another operating system in the terminal.
- the operating environment of the operating system For trusted environments, the data processed in the TEE is independent of the terminal's visual operating system.
- this method achieves the terminal key by writing the terminal key in the TA code.
- the key storage method can cause only one key or one key pair to be shared by the same model or the same batch of terminals. Once a key leak occurs, it will cause great security risks. That is to say, the externally generated terminal root key is prone to tampering or other illegal application stealing, resulting in low key storage security.
- the present application provides a code for generating a terminal root key into a TA, so that the terminal can generate a terminal root key of the terminal when receiving the root key generation instruction, and according to the digest algorithm.
- a summary of the terminal root key is generated, and the summary of the terminal root key and the terminal root key are respectively stored in different storage areas of the terminal, so as to improve the security of the terminal root key storage.
- the asymmetric key pair includes a public key and a private key
- the terminal root key refers to a private key in the key pair
- the terminal root key is For the key used for transmitting data between the terminal and other devices or applications, the method of the present application does not limit the method for generating the terminal root key.
- the method for generating the first key digest of the private key in the terminal root key may be: using an irreversible string transformation algorithm, using the private key in the terminal root key as a text message to generate the private key in the terminal root key.
- the first key digest of the key, the irreversible string transformation algorithm may be a hash algorithm, or may be other algorithms. This application example does not limit this; of course, other methods may also be used to generate the private key of the terminal root key.
- the first key digest of the key is not limited in this application example.
- the generated first key digest is a key digest of the private key.
- the terminal By generating a first key digest of the terminal root key, when an illegal user or a program tampers with the terminal root key, the terminal can know in time and take corresponding measures to prevent a greater security risk and data loss.
- the terminal root key Store the terminal root key in a first designated storage area of the terminal, where the first finger
- the storage area is a password protected area.
- the first designated storage area may be a RPMB (Replay Protected Memory Block), and the RPMB is a special storage area of an eMMC (Embedded Multi Media Card) chip.
- a password is required to access the area.
- the process can be performed, that is, the first designated storage area is a password protected area.
- eMMC consists of an embedded storage solution with MMC (multimedia card) interface, flash memory device and main controller.
- the first designated storage area may also be another password protected area in the terminal, which is not limited in this application example.
- the terminal root key public key may be stored by the corresponding vendor of the terminal, or may be used by The key management server storing the root key public key of the terminal is stored.
- the method for storing the root key public key of the terminal is not limited in this application example.
- the possibility that the terminal root key is falsified can be effectively reduced, and the security of the root key storage can be improved.
- the second designated storage area may be an eFUSE area, which is a programmable hardware area in the terminal central processing unit chip, which can dynamically write data during program running, and the area data has a fusing characteristic, that is, once written The data may not be changed; of course, the second designated storage area may also be a storage area having the above features in the terminal, which is not limited in this application example.
- first designated storage area and the second designated storage area are two mutually independent storage areas in the terminal.
- the fuse feature of the second designated storage area can be utilized, so that other programs cannot change the first key digest, thereby improving key storage. safety.
- the key storage method provided by the example of the present application can save the first key storage of the terminal root key to the second designated storage area of the terminal by storing the terminal root key in the first designated storage area of the terminal.
- the two independent storage areas can further avoid stealing or changing the terminal root key and the summary of the terminal root key at the same time, thereby further improving the security of the key storage.
- the terminal root key When the terminal root key needs to be used, the terminal root key may be obtained from the first designated storage area; for example, when the terminal needs to send encrypted data to a third party, the terminal is obtained from the first designated storage area.
- the root key and use the terminal root key to encrypt the data to be transmitted.
- After obtaining the root key of the terminal calculate a second key digest of the terminal root key, and perform the first key digest stored in the second specified storage area. In contrast, it is determined whether the terminal root key stored in the first designated storage area is changed to further improve the security of the key storage.
- the first designated storage area is a password protection area
- the method for obtaining the terminal root key from the first designated storage area may be: using an application interface that generates a terminal root key by using a password, The application acquires the terminal root key from the first designated storage area.
- the method for obtaining the root key of the terminal may be different according to the first specified storage area, which is not limited by the example in the application.
- the terminal root key and the first key digest enable the terminal to securely store the first key digest, so that the data to be transmitted can be securely encrypted using the terminal root key, and the first key digest can be passed Check if the terminal root key has changed.
- the method for generating the second key digest of the terminal root key is the same as the method for generating the first key digest of the terminal root key in step 302, and details are not described herein.
- the algorithm used to calculate the first key digest and the second key digest according to the terminal root key is the same. Calculating the first key digest and the second key digest of the terminal root key by using the same algorithm, so that when the terminal root key does not change, the calculated first key digest and the second key digest are the same .
- step 404 is performed; if the first key digest is inconsistent with the second key digest, step 405 is performed.
- the terminal root key used for calculating the key digest is consistent, that is, the terminal root secret stored in the first designated storage space of the terminal.
- the key has not been tampered with or falsified, so the terminal root key can continue to be used.
- the terminal root key can be used to encrypt the data to be transmitted, so that only the third-party server capable of acquiring the public key corresponding to the terminal root key can use the public key pair.
- the data is decrypted to obtain the data.
- the terminal root key used to calculate the key digest changes, that is, the terminal root stored in the first specified storage space of the terminal.
- the key has been falsified or bit flipped, and the terminal root key cannot be paired with the public key stored in another storage area other than the terminal, thereby causing the terminal to fail to perform encrypted data transmission with other terminals. Therefore, if the first key digest is inconsistent with the second key digest, the terminal key is stopped and error processing is performed.
- the specific form adopted by the example in the application is not limited.
- the error can enable the terminal to know the change of the root key of the terminal in time, stop using the root key of the terminal, and timely avoid data loss or theft. happening.
- the second key digest of the terminal root key is calculated by acquiring the terminal root key and the first key digest, and calculating the first key digest, by comparing the first secret Determining, by the key digest, the second key digest, whether the terminal root key stored in the first specified storage area is changed, and if the terminal root key changes, reporting an error and stopping using the terminal root key, and time Avoid data loss or theft.
- FIG. 5 is a block diagram of a key storage device provided by an example of the present application.
- the apparatus includes a root key generation module 501, a first key digest generation module 502, a root key storage module 503, and a key digest storage module 504.
- a root key generation module 501 configured to generate a terminal root key
- a first key digest generating module 502 configured to generate a first key digest of the terminal root key generated by the root key generating module
- the root key storage module 503 is configured to store the terminal root key generated by the root key generation module in a first designated storage area of the terminal, where the first designated storage area is a password protection area. area;
- the key digest storage module 504 is configured to store the first key digest generated by the first key digest generating module in a second designated storage area of the terminal, where the second designated storage area refers to a fuse having a fuse feature Programmable hardware area.
- the first designated storage area and the second designated storage area are two mutually independent storage areas in the terminal.
- the terminal root key is a private key in a key pair generated according to an asymmetric key algorithm.
- FIG. 6 is a block diagram of a key storage device provided by an example of the present application.
- the apparatus includes: an obtaining module 601, a second key digest generating module 602, a comparing module 603, and a processing module 604.
- the obtaining module 601 is configured to obtain a terminal root key and a first key digest respectively from the first designated storage area of the terminal and the second designated storage area, where the first key digest is the terminal root key a key digest, the first designated storage area is a password protected area, and the second designated storage area is a programmable hardware area having a fusing feature;
- a second key digest generating module 602 configured to generate a second key digest of the terminal key
- the comparing module 603 is configured to compare the first key digest and the second key digest
- the processing module 604 is configured to continue to use the terminal root key if the first key digest is consistent with the second key digest.
- processing module 604 is further configured to:
- the algorithm used to calculate the first key digest and the second key digest according to the terminal root key is the same.
- the terminal root key is a private key in a key pair generated according to an asymmetric key algorithm.
- the key storage device provided by the above example is used for processing the key storage service, only the division of each functional module described above is used for illustration. In an actual application, the foregoing function may be allocated by different functional modules according to requirements. Completion, that is, the internal structure of the device is divided into different functional modules to complete all or part of the functions described above.
- the key storage device provided by the above example is the same as the example of the key storage method. For details of the implementation process, refer to the method example, and details are not described herein again.
- the terminal 700 can include a memory 120 including one or more computer readable storage media and a processor 180 including one or more processing cores. It will be understood by those skilled in the art that the terminal structure shown in FIG. 7 does not constitute a limitation to the terminal, and may include more or less components than those illustrated, or a combination of certain components, or different component arrangements. among them,
- the memory 120 can be used to store software programs and modules, and the processor 180 executes various functional applications and data processing by running software programs and modules stored in the memory 120.
- the memory 120 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application required for at least one function (such as a sound playing function, an image playing function, etc.), and the like; the storage data area may be stored according to The data created by the use of the terminal 700 (such as audio data, phone book, etc.) and the like.
- memory 120 can include high speed random access memory, and can also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device. Accordingly, memory 120 may also include a memory controller to provide access to memory 120 by processor 180 and input unit 130.
- the processor 180 is a control center of the terminal 700 that connects various portions of the entire handset using various interfaces and lines, by running or executing software programs stored in the memory 120 and/or The module, as well as calling data stored in the memory 120, performs various functions and processing data of the terminal 700 to thereby perform overall monitoring of the handset.
- the processor 180 may include one or more processing cores; preferably, the processor 180 may integrate an application processor and a modem processor, where the application processor mainly processes an operating system, a user interface, an application, and the like.
- the modem processor primarily handles wireless communications. It can be understood that the above modem processor may not be integrated into the processor 180.
- the aforementioned memory 120 will store one or more programs and be configured to be executed by one or more processors 180.
- the one or more programs described above may include the following instruction modules:
- a root key generation module 501 configured to generate a terminal root key
- a first key digest generating module 502 configured to generate a first key digest of the terminal root key generated by the root key generating module
- the root key storage module 503 is configured to store the terminal root key generated by the root key generation module in a first designated storage area of the terminal, where the first designated storage area is a password protection area;
- the key digest storage module 504 is configured to store the first key digest generated by the first key digest generating module in a second designated storage area of the terminal, where the second designated storage area refers to a fuse having a fuse feature Programmable hardware area.
- the one or more programs described above may further include the following instruction modules:
- the obtaining module 601 is configured to obtain a terminal root key and a first key digest respectively from the first designated storage area of the terminal and the second designated storage area, where the first key digest is the terminal root key a key digest, the first designated storage area is a password protected area, and the second designated storage area is a programmable hardware area having a fusing feature;
- a second key digest generating module 602 configured to generate a second key digest of the terminal key
- a comparison module 603 configured to compare the first key digest and the second key digest Relative
- the processing module 604 is configured to continue to use the terminal root key if the first key digest is consistent with the second key digest.
- processing module 604 is further configured to:
- the terminal 700 may further include an RF (Radio Frequency) circuit 110, an input unit 130, a display unit 140, a sensor 150, an audio circuit 160, a WiFi (Wireless Fidelity) module 170, And components such as power supply 190.
- RF Radio Frequency
- the terminal structure shown in FIG. 7 does not constitute a limitation to the terminal, and may include more or less components than those illustrated, or a combination of certain components, or different component arrangements. among them:
- the RF circuit 110 can be used for transmitting and receiving information or during a call, and receiving and transmitting signals. Specifically, after receiving downlink information of the base station, the downlink information is processed by one or more processors 180. In addition, the data related to the uplink is sent to the base station. .
- the RF circuit 110 includes, but is not limited to, an antenna, at least one amplifier, a tuner, one or more oscillators, a Subscriber Identity Module (SIM) card, a transceiver, a coupler, an LNA (Low Noise Amplifier). , duplexer, etc.
- RF circuitry 110 can also communicate with the network and other devices via wireless communication.
- the wireless communication may use any communication standard or protocol, including but not limited to GSM (Global System of Mobile communication), GPRS (General Packet Radio Service), CDMA (Code Division Multiple Access). , Code Division Multiple Access), WCDMA (Wideband Code Division Multiple Access), LTE (Long Term Evolution), e-mail, SMS (Short Messaging Service), and the like.
- GSM Global System of Mobile communication
- GPRS General Packet Radio Service
- CDMA Code Division Multiple Access
- WCDMA Wideband Code Division Multiple Access
- LTE Long Term Evolution
- e-mail Short Messaging Service
- the input unit 130 can be configured to receive input numeric or character information, and generate a keyboard, mouse, joystick, optical or trackball signal input related to user settings and function control.
- input unit 130 can include touch-sensitive surface 131 as well as other input devices 132.
- Touch-sensitive surface 131 also referred to as a touch display or trackpad, can collect touch operations on or near the user (such as a user using a finger, stylus, etc., on any suitable object or accessory on touch-sensitive surface 131 or The operation near the touch-sensitive surface 131) and driving the corresponding connecting device according to a preset program.
- the touch-sensitive surface 131 can include two portions of a touch detection device and a touch controller.
- the touch detection device detects the touch orientation of the user, and detects a signal brought by the touch operation, and transmits the signal to the touch controller; the touch controller receives the touch information from the touch detection device, converts the touch information into contact coordinates, and sends the touch information.
- the processor 180 is provided and can receive commands from the processor 180 and execute them.
- the touch-sensitive surface 131 can be implemented in various types such as resistive, capacitive, infrared, and surface acoustic waves.
- the input unit 130 can also include other input devices 132.
- other input devices 132 may include, but are not limited to, one or more of a physical keyboard, function keys (such as volume control buttons, switch buttons, etc.), trackballs, mice, joysticks, and the like.
- Display unit 140 can be used to display information entered by the user or information provided to the user and various graphical user interfaces of terminal 700, which can be constructed from graphics, text, icons, video, and any combination thereof.
- the display unit 140 may include a display panel 141.
- the display panel 141 may be configured in the form of an LCD (Liquid Crystal Display), an OLED (Organic Light-Emitting Diode), or the like.
- the touch-sensitive surface 131 may cover the display panel 141, and when the touch-sensitive surface 131 detects a touch operation thereon or nearby, it is transmitted to the processor 180 to determine the type of the touch event, and then the processor 180 according to the touch event The type provides a corresponding visual output on display panel 141.
- the touch-sensitive surface 131 and the display panel 141 function as two separate components to implement input and input functions, in some examples, the touch-sensitive surface 131 can be integrated with the display panel 141 to implement input and Output function.
- Terminal 700 can also include at least one type of sensor 150, such as a light sensor, motion sensor, and other sensors.
- the light sensor may include an ambient light sensor and a proximity sensor, wherein, the ambient light sensor can adjust the brightness of the display panel 141 according to the brightness of the ambient light, and the proximity sensor can close the display panel 141 and/or the backlight when the terminal 700 moves to the ear.
- the gravity acceleration sensor can detect the magnitude of acceleration in all directions (usually three axes). When it is stationary, it can detect the magnitude and direction of gravity.
- the gesture of the mobile phone such as horizontal and vertical screen switching, related Game, magnetometer attitude calibration), vibration recognition related functions (such as pedometer, tapping), etc.; as for the terminal 700 can also be configured with gyroscopes, barometers, hygrometers, thermometers, infrared sensors and other sensors, here Let me repeat.
- the audio circuit 160, the speaker 161, and the microphone 162 can provide an audio interface between the user and the terminal 700.
- the audio circuit 160 can transmit the converted electrical data of the received audio data to the speaker 161 for conversion to the sound signal output by the speaker 161; on the other hand, the microphone 162 converts the collected sound signal into an electrical signal by the audio circuit 160. After receiving, it is converted into audio data, and then processed by the audio data output processor 180, transmitted to the terminal, for example, via the RF circuit 110, or outputted to the memory 120 for further processing.
- the audio circuit 160 may also include an earbud jack to provide communication of the peripheral earphones with the terminal 700.
- WiFi is a short-range wireless transmission technology
- the terminal 700 can help users to send and receive emails , browse web pages, and access streaming media through the WiFi module 170, which provides wireless broadband Internet access for users.
- FIG. 7 shows the WiFi module 170, it can be understood that it does not belong to the essential configuration of the terminal 700, and may be omitted as needed within the scope of not changing the essence of the invention.
- the terminal 700 also includes a power source 190 (such as a battery) for powering various components.
- a power source 190 such as a battery
- the power source can be logically coupled to the processor 180 through a power management system to manage functions such as charging, discharging, and power management through the power management system.
- Power supply 190 may also include any one or more of a DC or AC power source, a recharging system, a power failure detection circuit, a power converter or inverter, a power status indicator, and the like.
- the terminal 700 may further include a camera, a Bluetooth module, and the like, and details are not described herein again.
- the display unit of the terminal is a touch screen display, and the terminal further includes There are memories, and one or more programs, one or more of which are stored in a memory and configured to be executed by one or more processors.
- the one or more programs include methods for performing the above-described key storage.
- the program can be stored in a computer readable storage medium.
- the above mentioned storage medium may be a read only memory, a magnetic disk or an optical disk or the like.
- the computer readable storage medium described above may be a non-discrete computer readable storage medium.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Storage Device Security (AREA)
- Telephone Function (AREA)
Abstract
Description
Claims (20)
- 一种密钥存储方法,其中,所述方法包括:生成终端根密钥;生成所述终端根密钥的第一密钥摘要;将所述终端根密钥存储于终端的第一指定存储区域中,所述第一指定存储区域为密码保护区域;以及将所述第一密钥摘要存储于所述终端的第二指定存储区域中,所述第二指定存储区域是指具有熔断特征的可编程硬件区域。
- 根据权利要求1所述的方法,其中,所述生成终端根密钥包括:根据终端可信应用中存储的生成所述终端根密钥的代码生成所述终端根密钥。
- 根据权利要求1所述的方法,其中,所述生成所述终端根密钥的第一密钥摘要包括:采用不可逆的字符串变换算法,将所述终端根密钥中私钥作为一个文本信息,生成所述第一密钥摘要。
- 根据权利要求1所述的方法,其中,所述第一指定存储区域和所述第二指定存储区域为所述终端中两个相互独立的存储区域。
- 根据权利要求1所述的方法,其中,所述终端根密钥为根据非对称密钥算法所生成的密钥对中的私钥。
- 一种密钥管理方法,其中,所述方法包括:从终端的第一指定存储区域中和第二指定存储区域中分别获取终端根密钥和第一密钥摘要,所述第一密钥摘要为所述终端根密钥的密钥摘要,所述第一指定存储区域为密码保护区域,所述第二指定存储区域是指具有熔断特征的可编程硬件区域;生成所述终端根密钥的第二密钥摘要;将所述第一密钥摘要和所述第二密钥摘要进行比较;以及如果所述第一密钥摘要与所述第二密钥摘要一致,继续使用所述终端根密钥。
- 根据权利要求6所述的方法,其中,将所述第一密钥摘要和所述第二密钥摘要进行比较之后,所述方法还包括:如果所述第一密钥摘要与所述第二密钥摘要不一致,报错并停止使用所述终端根密钥。
- 根据权利要求6所述的方法,其中,生成所述终端根密钥中私钥的第一密钥摘要所使用的算法与生成所述终端根密钥中私钥的第二密钥摘要所使用的算法相同。
- 根据权利要求6所述的方法,其中,所述终端根密钥为根据非对称密钥算法所生成的密钥对中的私钥。
- 一种密钥存储装置,其中,所述装置包括:根密钥生成模块,用于生成终端根密钥;密钥摘要生成模块,用于生成所述根密钥生成模块生成的所述终端根密钥的密钥摘要;根密钥存储模块,用于将所述根密钥生成模块生成的所述终端根密钥存储于终端的第一指定存储区域中,所述第一指定存储区域为密码保护区域;密钥摘要存储模块,用于将所述密钥摘要生成模块生成的所述密钥摘要存储于所述终端的第二指定存储区域中,所述第二指定存储区域是指具有熔断特征的可编程硬件区域。
- 根据权利要求10所述的装置,其中,所述第一指定存储区域和所述第二指定存储区域为所述终端中两个相互独立的存储区域。
- 根据权利要求10所述的装置,其中,所述终端根密钥为根据非对称密钥算法所生成的密钥对中的私钥。
- 一种密钥管理装置,其中,所述装置还包括:获取模块,用于从终端的第一指定存储区域中和第二指定存储区域中分别获取终端根密钥和第一密钥摘要,所述第一密钥摘要为所述终端根密钥的密钥摘要,所述第一指定存储区域为密码保护区域,所述第二指定存储区域是指具有熔断特征的可编程硬件区域;第二密钥摘要生成模块,用于生成所述终端密钥的第二密钥摘要;比较模块,用于将所述第一密钥摘要和所述第二密钥摘要进行比较;以及处理模块,用于如果所述第一密钥摘要与所述第二密钥摘要一致,继续使用所述终端根密钥。
- 根据权利要求13所述的装置,其中,所述处理模块还用于:如果所述第一密钥摘要与所述第二密钥摘要不一致,报错并停止使用所述终端根密钥。
- 根据权利要求13所述的装置,其中,根据所述终端根密钥计算所述第一密钥摘要和所述第二密钥摘要所使用的算法相同。
- 根据权利要求13所述的装置,其中,所述终端根密钥为根据非对称密钥算法所生成的密钥对中的私钥。
- 一种密钥存储装置,其中,所述装置包括:一个或一个以上存储器;一个或一个以上处理器;其中,所述一个或一个以上存储器存储有一个或者一个以上指令模块,经配置由所述一个或者一个以上处理器执行;其中,所述一个或者一个以上指令模块包括:根密钥生成模块,用于生成终端根密钥;密钥摘要生成模块,用于生成所述根密钥生成模块生成的所述终端根密钥的密钥摘要;根密钥存储模块,用于将所述根密钥生成模块生成的所述终端根密 钥存储于终端的第一指定存储区域中,所述第一指定存储区域为密码保护区域;以及密钥摘要存储模块,用于将所述密钥摘要生成模块生成的所述密钥摘要存储于所述终端的第二指定存储区域中,所述第二指定存储区域是指具有熔断特征的可编程硬件区域。
- 一种密钥管理装置,其中,所述装置包括:一个或一个以上存储器;一个或一个以上处理器;其中,所述一个或一个以上存储器存储有一个或者一个以上指令模块,经配置由所述一个或者一个以上处理器执行;其中,所述一个或者一个以上指令模块包括:获取模块,用于从终端的第一指定存储区域中和第二指定存储区域中分别获取终端根密钥和第一密钥摘要,所述第一密钥摘要为所述终端根密钥的密钥摘要,所述第一指定存储区域为密码保护区域,所述第二指定存储区域是指具有熔断特征的可编程硬件区域;第二密钥摘要生成模块,用于生成所述终端密钥的第二密钥摘要;比较模块,用于将所述第一密钥摘要和所述第二密钥摘要进行比较;以及处理模块,用于如果所述第一密钥摘要与所述第二密钥摘要一致,继续使用所述终端根密钥。
- 一种非异失性计算机可读存储介质,其中,包括:一个或一个以上程序;所述一个或一个以上程序经配置由一个或者一个以上处理器执行实现以下步骤:生成终端根密钥;生成所述终端根密钥的第一密钥摘要;将所述终端根密钥存储于终端的第一指定存储区域中,所述第一指定存储区域为密码保护区域;以及将所述第一密钥摘要存储于所述终端的第二指定存储区域中,所述第二指定存储区域是指具有熔断特征的可编程硬件区域。
- 一种非异失性计算机可读存储介质,其中,包括:一个或一个以上程序;所述一个或一个以上程序经配置由一个或者一个以上处理器执行实现以下步骤:从终端的第一指定存储区域中和第二指定存储区域中分别获取终端根密钥和第一密钥摘要,所述第一密钥摘要为所述终端根密钥的密钥摘要,所述第一指定存储区域为密码保护区域,所述第二指定存储区域是指具有熔断特征的可编程硬件区域;生成所述终端根密钥的第二密钥摘要;将所述第一密钥摘要和所述第二密钥摘要进行比较;以及如果所述第一密钥摘要与所述第二密钥摘要一致,继续使用所述终端根密钥。
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020187019322A KR102224553B1 (ko) | 2016-01-08 | 2017-01-09 | 키 저장 방법, 키 관리 방법 및 디바이스 |
US15/997,981 US10944558B2 (en) | 2016-01-08 | 2018-06-05 | Key storing method, key managing method and apparatus |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610015004.6 | 2016-01-08 | ||
CN201610015004.6A CN105681032B (zh) | 2016-01-08 | 2016-01-08 | 密钥存储方法、密钥管理方法及装置 |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US15/997,981 Continuation US10944558B2 (en) | 2016-01-08 | 2018-06-05 | Key storing method, key managing method and apparatus |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2017118436A1 true WO2017118436A1 (zh) | 2017-07-13 |
Family
ID=56299835
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2017/070606 WO2017118436A1 (zh) | 2016-01-08 | 2017-01-09 | 密钥存储方法、密钥管理方法及装置 |
Country Status (4)
Country | Link |
---|---|
US (1) | US10944558B2 (zh) |
KR (1) | KR102224553B1 (zh) |
CN (1) | CN105681032B (zh) |
WO (1) | WO2017118436A1 (zh) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN118250685A (zh) * | 2024-05-30 | 2024-06-25 | 江西斐耳科技有限公司 | 一种应用于电子设备的密钥管理方法及*** |
Families Citing this family (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105681032B (zh) * | 2016-01-08 | 2017-09-12 | 腾讯科技(深圳)有限公司 | 密钥存储方法、密钥管理方法及装置 |
CN107122139A (zh) * | 2017-04-28 | 2017-09-01 | 深圳天珑无线科技有限公司 | 数据写入方法及装置、数据读取方法及装置 |
CN109286495B (zh) * | 2017-07-21 | 2022-03-01 | 展讯通信(上海)有限公司 | Dcp公钥的保护方法、装置及hdcp设备 |
CN107465504A (zh) * | 2017-08-15 | 2017-12-12 | 上海与德科技有限公司 | 一种提高密钥安全性的方法及装置 |
CN109560918B (zh) * | 2017-09-27 | 2021-10-26 | 华为终端有限公司 | 一种ntru密钥生成的方法和终端设备 |
CN110324138B (zh) * | 2018-03-29 | 2022-05-24 | 阿里巴巴集团控股有限公司 | 数据加密、解密方法及装置 |
CN111045855B (zh) * | 2018-10-12 | 2024-01-26 | 伊姆西Ip控股有限责任公司 | 备份数据的方法、装置和计算机程序产品 |
CN113508380A (zh) * | 2019-01-25 | 2021-10-15 | 华为技术有限公司 | 用于终端实体认证的方法 |
CN110096909B (zh) * | 2019-04-19 | 2021-04-20 | 深圳忆联信息***有限公司 | 一种保证efuse秘钥稳定性的方法及其*** |
CN110727940A (zh) * | 2019-09-20 | 2020-01-24 | Oppo(重庆)智能科技有限公司 | 一种电子设备密码管理方法、装置、设备及存储介质 |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1697372A (zh) * | 2004-05-13 | 2005-11-16 | 华为技术有限公司 | 密钥存储方法 |
CN101174942A (zh) * | 2006-10-31 | 2008-05-07 | 华为技术有限公司 | 一种实现密钥保护的方法及*** |
CN101447870A (zh) * | 2008-12-25 | 2009-06-03 | 中国电子科技集团公司第五十四研究所 | 一种基于分布式口令技术的私钥安全存储方法 |
CN103731260A (zh) * | 2013-03-15 | 2014-04-16 | 福建联迪商用设备有限公司 | 一种终端主密钥tmk安全下载方法及*** |
CN105681032A (zh) * | 2016-01-08 | 2016-06-15 | 腾讯科技(深圳)有限公司 | 密钥存储方法、密钥管理方法及装置 |
Family Cites Families (50)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2001059660A1 (en) * | 2000-02-11 | 2001-08-16 | Marcio Marc Abreu | System and method for communicating product recall information, product warnings or other product-related information to users of products |
US7904720B2 (en) * | 2002-11-06 | 2011-03-08 | Palo Alto Research Center Incorporated | System and method for providing secure resource management |
JP2004199138A (ja) * | 2002-12-16 | 2004-07-15 | Matsushita Electric Ind Co Ltd | メモリデバイスとそれを使用する電子機器 |
EP1435558A1 (en) * | 2003-01-02 | 2004-07-07 | Texas Instruments Incorporated | On-device random number generator |
US7546459B2 (en) * | 2004-03-10 | 2009-06-09 | Telefonaktiebolaget L M Ericsson (Publ) | GSM-like and UMTS-like authentication in a CDMA2000 network environment |
KR100897075B1 (ko) * | 2004-07-14 | 2009-05-14 | 인텔 코오퍼레이션 | 배포 cd를 사용하는 장치에 서명 그룹의 다이렉트 증명개인 키들을 전달하는 방법 |
US7693286B2 (en) * | 2004-07-14 | 2010-04-06 | Intel Corporation | Method of delivering direct proof private keys in signed groups to devices using a distribution CD |
EP1836641A2 (en) * | 2004-12-21 | 2007-09-26 | SanDisk Corporation | Versatile content control with partitioning |
US8601283B2 (en) * | 2004-12-21 | 2013-12-03 | Sandisk Technologies Inc. | Method for versatile content control with partitioning |
US7886076B2 (en) * | 2005-01-12 | 2011-02-08 | International Business Machines Corporation | Bypassing routing stacks using mobile internet protocol |
US8291226B2 (en) * | 2006-02-10 | 2012-10-16 | Qualcomm Incorporated | Method and apparatus for securely booting from an external storage device |
JP2007219802A (ja) | 2006-02-16 | 2007-08-30 | Hitachi Global Storage Technologies Netherlands Bv | 記憶装置、そのコントローラ、および、その制御方法 |
DE102006030767B4 (de) * | 2006-06-23 | 2008-04-10 | Atmel Germany Gmbh | Verfahren, Transponder und System zum sicheren Datenaustausch |
DE102008011925B4 (de) * | 2008-02-29 | 2018-03-15 | Globalfoundries Inc. | Sicheres Initialisieren von Computersystemen |
WO2010030149A2 (en) * | 2008-09-15 | 2010-03-18 | Samsung Electronics Co., Ltd. | Method and system for creating a mobile internet protocol version 4 connection |
US20110113443A1 (en) * | 2009-11-06 | 2011-05-12 | Xudong Yu | IP TV With DRM |
DE102009054395A1 (de) * | 2009-11-24 | 2011-06-01 | Fresenius Medical Care Deutschland Gmbh | Verfahren zum Anpassen von Grenzwertfenstern, Steuervorrichtung, medizinische Behandlungsvorrichtung und medizinische Überwachungsvorrichtung |
US9177152B2 (en) * | 2010-03-26 | 2015-11-03 | Maxlinear, Inc. | Firmware authentication and deciphering for secure TV receiver |
CN102281535A (zh) * | 2010-06-10 | 2011-12-14 | 华为技术有限公司 | 一种密钥更新方法与装置 |
JP2012175187A (ja) * | 2011-02-17 | 2012-09-10 | Mitsubishi Electric Corp | 鍵管理装置及び暗号処理システム及びコンピュータプログラム及び鍵管理方法 |
US20120290834A1 (en) * | 2011-05-11 | 2012-11-15 | Takahiro Yamaguchi | Key distribution device, terminal device, and content distribution system |
JP6021353B2 (ja) * | 2011-08-04 | 2016-11-09 | オリンパス株式会社 | 手術支援装置 |
US8984276B2 (en) * | 2012-01-10 | 2015-03-17 | Jpmorgan Chase Bank, N.A. | System and method for device registration and authentication |
EP2868031B1 (en) * | 2012-06-28 | 2019-04-17 | OLogN Technologies AG | Secure key storage systems, methods and apparatuses |
US9904788B2 (en) * | 2012-08-08 | 2018-02-27 | Amazon Technologies, Inc. | Redundant key management |
CN102929674B (zh) * | 2012-11-02 | 2016-02-10 | 威盛电子股份有限公司 | 电子装置以及开机方法 |
US20140250290A1 (en) * | 2013-03-01 | 2014-09-04 | St-Ericsson Sa | Method for Software Anti-Rollback Recovery |
CN103237005A (zh) | 2013-03-15 | 2013-08-07 | 福建联迪商用设备有限公司 | 密钥管理方法及*** |
US8964237B2 (en) * | 2013-06-28 | 2015-02-24 | Lexmark International, Inc. | Imaging device including wear leveling for non-volatile memory and secure erase of data |
CN103946856B (zh) * | 2013-09-30 | 2016-11-16 | 华为技术有限公司 | 加解密处理方法、装置和设备 |
US20150265221A1 (en) * | 2014-03-19 | 2015-09-24 | Boston Scientific Scimed, Inc. | Methods and systems for diagnostic monitoring |
GB2530040B (en) * | 2014-09-09 | 2021-01-20 | Arm Ip Ltd | Communication mechanism for data processing devices |
GB2530084B (en) * | 2014-09-12 | 2022-04-27 | Sw7 Ventures H K Ltd | Key usage detection |
CN105765897B (zh) * | 2014-11-06 | 2019-06-28 | 华为技术有限公司 | 一种安全信息配制方法、安全验证方法以及相关芯片 |
US9525555B2 (en) * | 2014-12-18 | 2016-12-20 | Intel Corporation | Partitioning access to system resources |
EP3035583A1 (fr) * | 2014-12-19 | 2016-06-22 | Nagravision S.A. | Dispositif et système de communication, méthode de traitement de données et méthode d'échange sécurisé de données |
US9479340B1 (en) * | 2015-03-30 | 2016-10-25 | Amazon Technologies, Inc. | Controlling use of encryption keys |
CN106301774B (zh) * | 2015-05-29 | 2019-08-06 | 辰芯科技有限公司 | 安全芯片、其加密密钥生成方法和加密方法 |
US9641516B2 (en) * | 2015-07-01 | 2017-05-02 | International Business Machines Corporation | Using resource records for digital certificate validation |
CN107113177B (zh) * | 2015-12-10 | 2019-06-21 | 深圳市大疆创新科技有限公司 | 数据连接、传送、接收、交互的方法及***,及存储器、飞行器 |
KR101727126B1 (ko) * | 2015-12-29 | 2017-04-14 | 주식회사 코인플러그 | 파일에 대한 공증 및 검증을 수행하는 방법 및 서버 |
US10498772B2 (en) * | 2016-03-21 | 2019-12-03 | Vireshwar K. Adhar | Method and system for digital privacy management |
DE102016015685A1 (de) * | 2016-12-22 | 2018-06-28 | Drägerwerk AG & Co. KGaA | Vorrichtung zum Kontrollieren eines Betriebszustandes mindestens eines Medizingerätes in einem medizinischen Datennetzwerk sowie Medizingerät für ein medizinisches Datennetzwerk |
US10230524B2 (en) * | 2017-01-26 | 2019-03-12 | Wickr Inc. | Securely transferring user information between applications |
KR20190099693A (ko) * | 2018-02-19 | 2019-08-28 | 에스케이하이닉스 주식회사 | 메모리 시스템 및 그것의 동작 방법 |
US20210019971A1 (en) * | 2018-04-17 | 2021-01-21 | Coinbase, Inc. | Offline storage system and method of use |
US10686799B2 (en) * | 2018-04-30 | 2020-06-16 | EMC IP Holding Company LLC | Blockchain-based method and system for providing tenant security and compliance in a cloud computing environment |
CN111045855B (zh) * | 2018-10-12 | 2024-01-26 | 伊姆西Ip控股有限责任公司 | 备份数据的方法、装置和计算机程序产品 |
US11328075B2 (en) * | 2019-01-04 | 2022-05-10 | Baidu Usa Llc | Method and system for providing secure communications between a host system and a data processing accelerator |
US11108545B2 (en) * | 2019-05-31 | 2021-08-31 | Advanced New Technologies Co., Ltd. | Creating a blockchain account and verifying blockchain transactions |
-
2016
- 2016-01-08 CN CN201610015004.6A patent/CN105681032B/zh active Active
-
2017
- 2017-01-09 WO PCT/CN2017/070606 patent/WO2017118436A1/zh active Application Filing
- 2017-01-09 KR KR1020187019322A patent/KR102224553B1/ko active IP Right Grant
-
2018
- 2018-06-05 US US15/997,981 patent/US10944558B2/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1697372A (zh) * | 2004-05-13 | 2005-11-16 | 华为技术有限公司 | 密钥存储方法 |
CN101174942A (zh) * | 2006-10-31 | 2008-05-07 | 华为技术有限公司 | 一种实现密钥保护的方法及*** |
CN101447870A (zh) * | 2008-12-25 | 2009-06-03 | 中国电子科技集团公司第五十四研究所 | 一种基于分布式口令技术的私钥安全存储方法 |
CN103731260A (zh) * | 2013-03-15 | 2014-04-16 | 福建联迪商用设备有限公司 | 一种终端主密钥tmk安全下载方法及*** |
CN105681032A (zh) * | 2016-01-08 | 2016-06-15 | 腾讯科技(深圳)有限公司 | 密钥存储方法、密钥管理方法及装置 |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN118250685A (zh) * | 2024-05-30 | 2024-06-25 | 江西斐耳科技有限公司 | 一种应用于电子设备的密钥管理方法及*** |
Also Published As
Publication number | Publication date |
---|---|
CN105681032A (zh) | 2016-06-15 |
KR102224553B1 (ko) | 2021-03-08 |
US20180287795A1 (en) | 2018-10-04 |
US10944558B2 (en) | 2021-03-09 |
CN105681032B (zh) | 2017-09-12 |
KR20180091055A (ko) | 2018-08-14 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2017118436A1 (zh) | 密钥存储方法、密钥管理方法及装置 | |
US12041165B2 (en) | Key updating method, apparatus, and system | |
US10880746B2 (en) | Network connection method, apparatus, storage medium and terminal | |
WO2017041599A1 (zh) | 业务处理方法及电子设备 | |
EP3200487B1 (en) | Message processing method and apparatus | |
CN106598584B (zh) | 一种处理资源文件的方法、装置和*** | |
WO2018201991A1 (zh) | 数据处理方法、***、装置、存储介质及设备 | |
CN104580167A (zh) | 一种传输数据的方法、装置和*** | |
US10454905B2 (en) | Method and apparatus for encrypting and decrypting picture, and device | |
WO2016192511A1 (zh) | 远程删除信息的方法和装置 | |
WO2019007371A1 (zh) | 一种防止信息被盗的方法、存储设备及移动终端 | |
WO2018049894A1 (zh) | 数据传输方法及设备 | |
WO2018049969A1 (zh) | 热点建立方法及相关设备 | |
US10764038B2 (en) | Method and apparatus for generating terminal key | |
WO2020132962A1 (zh) | 安全元件、数据处理装置及数据处理方法 | |
WO2019024882A1 (zh) | 一种自动加密短信的方法、存储设备及移动终端 | |
CN108737341B (zh) | 业务处理方法、终端及服务器 | |
CN113923005B (zh) | 一种写入数据的方法及*** | |
US10599866B2 (en) | Method and system for protecting personal information based on mobile terminal and the mobile terminal | |
US11775657B2 (en) | Systems and methods for enhancing security of device-internal encryption with externally generated entropy | |
US9633227B2 (en) | Method, apparatus, and system of detecting unauthorized data modification | |
TW201503937A (zh) | 一種數據安全性的檢測方法、裝置和系統 | |
CN111090894B (zh) | 一种锁卡数据重建的方法和装置 | |
CN115348028A (zh) | 加密存储方法、解密读取方法、装置、设备及介质 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 17735874 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 20187019322 Country of ref document: KR Kind code of ref document: A |
|
WWE | Wipo information: entry into national phase |
Ref document number: 1020187019322 Country of ref document: KR |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 17735874 Country of ref document: EP Kind code of ref document: A1 |