Unlock instant, AI-driven research and patent intelligence for your innovation.

Method and device for key storage and device identity authentication

A key storage and session key technology, applied in the field of information security, can solve problems such as increasing system costs, and achieve the effect of reducing the amount of calculation

Active Publication Date: 2020-02-07
SUZHOU KEDA TECH
View PDF3 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

This tends to increase system cost

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for key storage and device identity authentication
  • Method and device for key storage and device identity authentication
  • Method and device for key storage and device identity authentication

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0032] figure 2 A flow chart of a key storage method according to an embodiment of the present invention is shown, and the method is used in a server. according to figure 2 As shown, the method includes the following steps:

[0033] S101: Import the first encryption key into the security chip. This method requires an encryption key, and according to the security chip national secret standard, the encryption key must be generated externally and safely imported. Unless it specifically refers to the public key or private key of the encryption key, the encryption key in this application refers to the encryption key pair, including the public key and the private key.

[0034] S102: Deriving the public key of the first encryption key. According to the security chip national secret standard, only the public key of the encryption key can be exported, and the private key cannot be exported.

[0035] S103: Using the public key of the first encryption key to generate a first sessi...

Embodiment 2

[0042] image 3 A flow chart of another key storage method according to an embodiment of the present invention is shown, and the method is used for a server. Figure 4 A schematic diagram of the key storage method is shown.

[0043] according to image 3 As shown, the method includes the following steps:

[0044] S201: Control the security chip to internally generate and derive the first signature key.

[0045] Such as Figure 4 As shown, the control generates the first signature key P1 (pu1, pr1) inside the security chip, and pu1 and pr1 are the public key and private key of the first signature key P1 (pu1, pr1) respectively.

[0046] S202: Generate a second session key inside the security chip by using the first signature key, and derive a second session key ciphertext and a second session key handle.

[0047] After the above-mentioned first signature key P1 (pu1, pr1) is generated inside the security chip, the security chip can be directly controlled to use the first s...

Embodiment 3

[0069] Figure 5 It shows a flow chart of a device identity authentication method according to an embodiment of the present invention, the method is used in a server, and the server uses the key storage method described in Embodiment 1 or Embodiment 2 to store the signature private key. according to Figure 5 As shown, the method includes the following steps:

[0070] S301: Receive a client certificate and first encrypted data sent by a client. The first encrypted data is encrypted using the signature public key of the server.

[0071] S302: Obtain the signature private key from the readable and writable storage area of ​​the security chip when the client certificate is verified to be valid.

[0072] S303: Decrypt the first encrypted data by using the signature private key.

[0073] Since the first encrypted data is encrypted using the server's signature public key, if the decryption is successful using the server's signature private key, it can be shown that the client ho...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a key storage method and device and an equipment identity authentication method and device. The key storage method comprises the steps that a first encryption key is imported in a security chip; a public key of the first encryption key is exported; first session key ciphertext and a first session key handle are generated on the exterior of the security chip by means of the public key of the first encryption key; a storage key is generated on the exterior of the security chip; the storage key is encrypted by the first session key handle to obtain storage ciphertext; the first session key ciphertext and the storage ciphertext are stored in a read-write storage area on the interior of the security chip; and the first session key ciphertext is imported into the security chip, and the first session key handle can be acquired. According to the key storage method, the storage key can be acquired from the exterior of the security chip, and then to-be-processed information can be signed or decrypted through the storage key on the exterior of the security chip without being imported into the security chip to be processed, so that the computation amount of the security chip is decrease.

Description

technical field [0001] The invention relates to the technical field of information security, in particular to a key storage and device identity authentication method and device. Background technique [0002] In order to improve the security of information transmission between devices, a key is usually used to encrypt the information before transmission. The keys used for information encryption include signature key pair, encryption key pair and session key pair, where the encryption key pair is used to protect the session key, the signature key pair is used for digital signature and verification, and the session key pair It is used for data encryption and decryption and MAC operation. In order to protect the security of the key and further improve the security of information transmission, the key pair is usually stored in a non-readable and writable area of ​​the security chip, and the key cannot usually be exported. [0003] figure 1 Shown is the application logic struct...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L9/08H04L9/30H04L29/06G06F21/78
CPCG06F21/78H04L9/0861H04L9/0894H04L9/30H04L63/0823H04L63/083
Inventor 胡传文顾振华顾志松
Owner SUZHOU KEDA TECH