Method and system for key reset in a closed network environment

By combining global dynamic challenge codes and static feature factors, a key reset method is used to solve the problems of single-point permission risk and reset deadlock in closed network environments, realize multi-center collaborative verification, and improve the security and reliability of system operation and maintenance.

CN122247706APending Publication Date: 2026-06-19BEIJING ELECTRONIC DIGITAL INTELLIGENCE TECHNOLOGY CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
BEIJING ELECTRONIC DIGITAL INTELLIGENCE TECHNOLOGY CO LTD
Filing Date
2026-03-31
Publication Date
2026-06-19

AI Technical Summary

Technical Problem

Existing offline permission reset solutions cannot meet the high security requirements of trusted data spaces and critical information infrastructures. They suffer from single point of failure risks, reset deadlocks, and the lack of dynamic entropy, making them vulnerable to attack. This makes it difficult to guarantee the security and reliability of system operation and maintenance.

Method used

A key reset method combining a global dynamic challenge code and static feature factors is adopted. A global dynamic challenge code is generated and rendered on the target hardware display. The verification sub-code is determined by combining the static feature factors of each analysis center and analyzed within a preset period to dynamically determine the key reset strategy and realize multi-center collaborative verification.

Benefits of technology

It does not rely on network verification methods, adapts to closed network environments, eliminates single point of failure risks, avoids reset deadlock, improves operational reliability and security, and achieves deep integration of static feature factors and dynamic verification to ensure system security and reliability.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122247706A_ABST
    Figure CN122247706A_ABST
Patent Text Reader

Abstract

This disclosure presents a key reset method and system in a closed network environment. The method includes: in response to a key reset signal, generating a global dynamic challenge code based on current system information and the current date; rendering and displaying the global dynamic challenge code on the target hardware's display screen; determining a verification sub-code for each analysis center based on the global dynamic challenge code and static feature factors corresponding to each analysis center; and analyzing the verification sub-codes received from analysis centers within a preset period to dynamically determine a key reset strategy. This method does not rely on network verification methods. It generates a global dynamic challenge code based on current information and combines it with static feature factors to generate verification sub-codes, combining static security with the flexibility of dynamic challenge codes. This perfectly adapts to the closed network deployment requirements of critical information infrastructure and trusted data spaces, enabling secure and efficient permission reset and ensuring stable system operation and maintenance as well as the security of sensitive data.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This disclosure relates to the fields of information security and intrinsic security technology, and in particular to a key reset method and system in a closed network environment. Background Technology

[0002] Trusted Data Space (TDS) and critical information infrastructure, as core carriers of sensitive data and supporting core businesses, are directly related to national security and public interests. Therefore, they are generally deployed in closed networks to block Internet connections to ensure security. This also means that conventional SMS and email verification methods cannot be used for permission reset, which imposes constraints on solution design.

[0003] Currently, offline permission reset solutions in the industry mainly fall into three categories: single administrator authorization, hardware verification such as UKey, and static security question verification. While these solutions are adaptable to offline scenarios, they cannot meet high security requirements and have significant shortcomings. The core issues are concentrated in three points: first, single point of failure risk—the leakage of a single administrator's private key or internal threats can directly lead to system security collapse; second, reset deadlock—resets cannot be remotely reissued when hardware media is damaged or there is no network connection, causing maintenance to stall; and third, lack of dynamic entropy—static security questions are vulnerable to social engineering attacks. These shortcomings have become bottlenecks restricting the security and reliability of system maintenance in high-security scenarios. Summary of the Invention

[0004] In view of this, the present disclosure provides a key reset method and system in a closed network environment, which can solve the problems that existing offline permission reset schemes cannot adapt to the high security requirements of closed network scenarios such as trusted data spaces and critical information infrastructures, and have single point of permission risks, reset deadlocks and lack of dynamic entropy which make them easy to be cracked, making it difficult to ensure the security and reliability of system operation and maintenance.

[0005] In a first aspect, embodiments of this disclosure provide a key reset method in a closed network environment, including: In response to the key reset signal, a global dynamic challenge code is generated based on the current system information and the current date; The global dynamic challenge code is rendered and displayed on the target hardware's display screen; Based on the global dynamic challenge code displayed on the display screen of the target hardware and the static feature factors corresponding to each analysis center, the verification sub-code corresponding to each analysis center is determined. The verification subcodes received from the analysis center within a preset period are analyzed to dynamically determine the key reset strategy.

[0006] Secondly, embodiments of this disclosure also provide a key reset system in a closed network environment, comprising: A global dynamic challenge code generation unit is used to generate a global dynamic challenge code based on the current system information and the current date in response to a key reset signal; A rendering and display unit is used to render and display the global dynamic challenge code on the display screen of the target hardware; The verification subcode acquisition unit is used to determine the verification subcode corresponding to each analysis center based on the global dynamic challenge code displayed on the display screen of the target hardware and the static feature factor corresponding to each analysis center. The analysis unit is used to analyze the verification subcodes received from the analysis center within a preset period and dynamically determine the key reset strategy.

[0007] This application discloses a key reset method in a closed network environment. In response to a key reset signal, it generates a global dynamic challenge code based on current system information and the current date; renders and displays the global dynamic challenge code on the target hardware's display screen; determines a verification sub-code for each analysis center based on the global dynamic challenge code displayed on the target hardware's display screen and the static feature factors corresponding to each analysis center; and analyzes the verification sub-codes received from analysis centers within a preset period to dynamically determine the key reset strategy. This application does not rely on conventional online verification methods such as SMS or email. Its core functionality relies on generating a global dynamic challenge code based on current system information and the current date, and combining this with the static feature factors corresponding to each analysis center to generate verification sub-codes. This perfectly adapts to the closed network deployment requirements of critical information infrastructure and Trusted Data Space (TDS), both blocking internet connections to ensure security and avoiding the problem of permission reset being impossible in offline states. Simultaneously, it achieves deep integration of static feature factors and dynamic verification, combining the static security of static feature factors with the flexibility of dynamic challenge codes, fully leveraging the identity identification value of static feature factors. Meanwhile, the verification subcode is generated based on the static feature factors corresponding to each analysis center. Multiple analysis centers need to collaborate to submit the verification subcode, rather than a single entity authorizing it. This multi-center collaborative verification logic is highly consistent with the core characteristics of static feature factors being exclusive, unique, and tamper-proof. It fundamentally eliminates system security collapse caused by the leakage of a single administrator's private key or internal threats. It not only leverages the static security advantages of static feature factors but also solves the single point of access risk through the collaboration of multiple static feature factors, meeting the core protection requirements of high-security scenarios.

[0008] The above description is merely an overview of the technical solution disclosed herein. In order to better understand the technical means of this disclosure and to implement it in accordance with the contents of the specification, and to make the above and other objects, features and advantages of this disclosure more apparent and understandable, preferred embodiments are described below in detail with reference to the accompanying drawings. Attached Figure Description

[0009] To more clearly illustrate the technical solutions of the embodiments of this disclosure, the drawings used in the embodiments will be briefly introduced below. Obviously, the drawings described below are only some embodiments of this disclosure. For those skilled in the art, other drawings can be obtained based on these drawings without creative effort.

[0010] Figure 1 This is a flowchart illustrating a key reset method in a closed network environment provided in an embodiment of this disclosure.

[0011] Figure 2 This is a flowchart illustrating the method for generating a global dynamic challenge code provided in an embodiment of this disclosure.

[0012] Figure 3 This is a flowchart illustrating the method for determining the verification subcode corresponding to each analysis center provided in this embodiment of the disclosure.

[0013] Figure 4 This is a flowchart illustrating a method for determining a unique static feature factor corresponding to each analysis center based on a preset fusion strategy, as provided in an embodiment of this disclosure.

[0014] Figure 5 This is a flowchart illustrating the method for obtaining the verification subcode corresponding to each analysis center provided in this embodiment of the disclosure. Detailed Implementation

[0015] The embodiments of this disclosure will now be described in detail with reference to the accompanying drawings.

[0016] It should be understood that the following specific examples illustrate the implementation of this disclosure, and those skilled in the art can easily understand other advantages and effects of this disclosure from the content disclosed in this specification. Obviously, the described embodiments are only a part of the embodiments of this disclosure, and not all of them. This disclosure can also be implemented or applied through other different specific implementation methods, and the details in this specification can also be modified or changed based on different viewpoints and applications without departing from the spirit of this disclosure. It should be noted that, in the absence of conflict, the following embodiments and features in the embodiments can be combined with each other. Based on the embodiments in this disclosure, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of this disclosure.

[0017] It should be noted that various aspects of embodiments within the scope of the appended claims are described below. It will be apparent that the aspects described herein can be embodied in a wide variety of forms, and any particular structure and / or function described herein is merely illustrative. Based on this disclosure, those skilled in the art will understand that one aspect described herein can be implemented independently of any other aspect, and two or more of these aspects can be combined in various ways. For example, any number of aspects set forth herein can be used to implement the device and / or practice the method. Additionally, this device and / or method can be implemented using structures and / or functionalities other than one or more of the aspects set forth herein.

[0018] It should also be noted that the illustrations provided in the following embodiments are only schematic representations of the basic concept of this disclosure. The drawings only show the components related to this disclosure and are not drawn according to the number, shape and size of the components in actual implementation. In actual implementation, the form, quantity and proportion of each component can be arbitrarily changed, and the layout of the components may also be more complex.

[0019] Furthermore, specific details are provided in the following description to facilitate a thorough understanding of the examples. However, those skilled in the art will understand that the described aspects can be practiced without these specific details.

[0020] Reference Figure 1 This application discloses a key reset method in a closed network environment, including: S100, in response to the key reset signal, generates a global dynamic challenge code based on the current system information and the current date.

[0021] In this embodiment, the global dynamic challenge code includes the current system date, a random number, and a hardware fingerprint.

[0022] The S200 renders and displays the global dynamic challenge code on the target hardware's display screen.

[0023] In this embodiment, the system visually presents the generated global dynamic challenge code through a display. This process uses a visible light physical link instead of an electronic communication link to achieve contactless synchronization of data from the closed network to the administrator side.

[0024] S300 determines the verification sub-code corresponding to each analysis center based on the global dynamic challenge code displayed on the target hardware's display screen and the static feature factors corresponding to each analysis center.

[0025] In this embodiment, each analysis center corresponds to a unique static feature factor. The static feature factors of each analysis center are different and have uniqueness, stability, unforgeability, and multi-level correlation. That is, the static feature factor corresponding to each analysis center is unique and difficult to crack, while taking into account the stability of static features (not changing with the administrator's regular information changes).

[0026] S400 analyzes the verification subcodes received from the analysis center within a preset period and dynamically determines the key reset strategy.

[0027] The key reset method disclosed in this application for a closed network environment specifically involves a scheme for dynamic identity verification, multi-person collaborative approval, and system key reset using multiple offline feature factors in a physically isolated or closed network environment. This application does not rely on conventional online verification methods such as SMS and email. The core relies on the current system information and the current date to generate a global dynamic challenge code, and combines it with the static feature factors corresponding to each analysis center to generate verification subcodes. It perfectly adapts to the closed network deployment requirements of critical information infrastructure and Trusted Data Space (TDS), which not only blocks Internet connections to ensure security, but also avoids the problem that permission reset cannot be carried out in the absence of network. At the same time, it realizes the deep integration of static feature factors and dynamic verification, combining the static security of static feature factors with the flexibility of dynamic challenge codes, and giving full play to the identity identification value of static feature factors. Meanwhile, the verification subcode is generated based on the static feature factors corresponding to each analysis center. Multiple analysis centers need to collaborate to submit the verification subcode, rather than a single entity authorizing it. This multi-center collaborative verification logic is highly consistent with the core characteristics of static feature factors being exclusive, unique, and tamper-proof. It fundamentally eliminates system security collapse caused by the leakage of a single administrator's private key or internal threats. It not only leverages the static security advantages of static feature factors but also solves the single point of access risk through the collaboration of multiple static feature factors, meeting the core protection requirements of high-security scenarios.

[0028] This method can perfectly solve the pain point of permission reset in critical information infrastructure (closed network deployment, no Internet connection). It does not rely on conventional online verification methods such as SMS and email. The reset process can be completed simply by displaying a global dynamic challenge code on the target hardware display. It is compatible with the security deployment requirements of Trusted Data Space (TDS) and critical information infrastructure, and takes into account both offline features and security.

[0029] This application eliminates the need for hardware media such as UKeys, avoiding operational disruptions caused by hardware damage or the inability to remotely reissue keys when offline. Key reset can be initiated solely through a combination of dynamic challenge codes and static feature factors, ensuring uninterrupted system operation in closed network environments and enhancing operational reliability. The entire process requires no internet connection; all verification steps are completed locally using dynamic challenge codes and static feature factors. This ensures data integrity, a secure and controllable reset process, and simplified operational procedures, eliminating the need for additional investment in hardware reissue and network deployment, achieving a balance between high security and high operability.

[0030] Reference Figure 2 For S100, the method for generating the global dynamic challenge code specifically includes: S110, in response to the key reset signal, determines the target hardware that sent the signal and the current date.

[0031] Among them, the "key reset signal" can be a preset periodic password reset, such as a password reset signal that will be automatically triggered every 3 months, or a password reset task that is uniformly notified by the enterprise, or a password reset signal initiated by any administrator.

[0032] S120: Obtain the hardware fingerprint of the target hardware and generate random numbers based on the target hardware's built-in operating system.

[0033] The S130 processes the current date, hardware fingerprint, and random number to generate a global dynamic challenge code.

[0034] Specifically, a global dynamic challenge code is generated by hashing or encoding the current date, hardware fingerprint, and random number. This application generates a global dynamic challenge code using the current system information and the current date, and determines the verification subcode by combining the static feature factors of each analysis center. This breaks the fixed defects of existing static security measures, increases dynamic entropy, effectively resists social engineering attacks, solves the problem of static security measures being easily cracked, and further improves the security of key reset.

[0035] Reference Figure 3 For S300, the specific method for determining the verification subcode corresponding to each analysis center includes: S310, determine the unique static characteristic factor corresponding to each analysis center according to the preset factor strategy; S320: Obtain the preset fusion strategy corresponding to the static feature factor, and process the static feature factor and global dynamic challenge code based on the preset fusion strategy to obtain the verification sub-code corresponding to each analysis center.

[0036] In the first embodiment, for reference to S310 Figure 4The method for determining a unique static characteristic factor for each analysis center based on a pre-defined factor strategy includes: S311, Obtain the original association information for each analysis center.

[0037] The original associated information includes at least one of the following: basic identity information of the analysis center, exclusive identification information, and permission-related information.

[0038] Specifically, taking the analysis center administrator as an example, the basic identity information preferably includes the administrator's valid resident ID card number (18 digits) and its non-public associated fields, avoiding the direct use of the complete ID card number and reducing the risk of leakage. The exclusive identification information preferably includes the unique employee ID assigned to the administrator upon joining the company (6-10 digits, including letters and numbers, unique within the company) and the exclusive office device MAC address (12-digit hexadecimal, bound to commonly used office terminals, and cannot be changed arbitrarily). The permission-related information preferably includes the administrator's department code (4-6 digits), job level code (3 digits), and permission level code (3 digits). These codes are strongly bound to the administrator's identity and change very infrequently (only changing when the job position is adjusted; after a change, Si needs to be recalculated and updated synchronously).

[0039] S312, perform desensitization and encryption preprocessing on the original associated information to generate an encrypted string.

[0040] Specifically, the AES-256 encryption algorithm is preferred to encrypt the original associated information, and after generating the encrypted string, it is then used for subsequent level operations to avoid leakage of the original information.

[0041] S313. Based on the information type in the original associated information, determine the layering strategy corresponding to the encrypted string, perform layered processing on the original associated information based on the layering strategy, and extract the core feature fields of the corresponding layer to obtain the original feature set of the corresponding information type.

[0042] If the information type in the original associated information only contains basic identity information, the hierarchical strategy corresponding to the basic identity information in the encrypted string is determined to be the first strategy. Based on the first strategy, the basic identity information in the encrypted string is divided into three levels, and the information corresponding to the three levels is extracted respectively. After encryption, the identity feature set is obtained.

[0043] In a preferred embodiment, the basic identity information in the encrypted string is divided into three levels, specifically including: 1) Sub-level 1-1: Extract the 3rd to 6th digits of the ID number (the last 4 digits of the administrative division code of the place of household registration), denoted as A1; 2) Sub-level 1-2: Extract the 7th to 14th digits of the ID number (date of birth), and concatenate them into an 8-digit number according to "year + month + day", denoted as A2; 3) Sub-level 1-3: Extract the 15th to 17th digits of the ID number (sequence code) + the 18th digit (check code), and concatenate them into a 4-digit number (if the check code is X, replace it with 10), denoted as A3.

[0044] ID card number feature set: A = [A1, A2, A3]. Perform MD5 encryption (16-bit encryption result) on each element in A to obtain the encrypted ID card feature set A' = [A1', A2', A3'].

[0045] If the information type in the original associated information only contains exclusive identifier information, the hierarchical strategy corresponding to the exclusive identifier information in the encrypted string is determined to be the second strategy. Based on the second strategy, the exclusive identifier information in the encrypted string is divided into two levels, and the information corresponding to the two levels is extracted respectively. After encryption, the exclusive identifier feature set is obtained.

[0046] In a preferred embodiment, the unique identification information in the encrypted string is divided into two levels, specifically including: 1) Sub-level 2-1: Employee ID layered processing - the employee ID is split into "prefix letters (1-2 digits) + numeric part (4-8 digits)", the letter part is converted to ASCII code (uppercase, each letter corresponds to 1 ASCII code), the numeric part is kept as is, and concatenated into a string, denoted as B1; 2) Sub-level 2-2: MAC address layered processing - the 12-bit MAC address is split into 3 groups (4 bits per group), each group is converted to decimal numbers, denoted as B2-1, B2-2, B2-3, and concatenated into a 12-bit numeric string, denoted as B2.

[0047] The exclusive identifier feature set is B = [B1, B2]. Each element in B is encrypted using SHA-1 (20-bit encryption result) to obtain the encrypted exclusive identifier feature set B' = [B1', B2'].

[0048] If the information type in the original associated information only contains permission associated information, the hierarchical strategy corresponding to the permission associated information in the encrypted string is determined to be the third strategy. Based on the third strategy, the permission associated information in the encrypted string is divided into two levels, and the information corresponding to the two levels is extracted respectively. After encryption, the permission associated feature set is obtained.

[0049] In a preferred embodiment, the permission association information in the encrypted string is divided into two levels, specifically: 1) Sub-level 3-1: Department code + job level code, concatenated into a 7-12 character string, denoted as C1; 2) Sub-level 3-2: Permission level code + administrator's year of employment (4 characters), concatenated into a 7 character string, denoted as C2.

[0050] Permission association feature set: C = [C1, C2]. Each element in C is encrypted using SHA-256 (32-bit encryption result) to obtain the encrypted permission association feature set C' = [C1', C2'].

[0051] S314 performs operations and merges all the original feature sets to generate intermediate feature factors.

[0052] Taking the original associated information, which includes the basic identity information, exclusive identification information, and permission association information of the analysis center, as an example, the method for generating intermediate feature factors specifically includes: performing operations and fusion on the identity feature set, exclusive identification feature set, and permission association feature set through at least one of XOR operation, hash fusion, and weight allocation to generate intermediate feature factors.

[0053] The following is a detailed explanation of how to generate intermediate feature factors by merging identity feature sets, exclusive identifier feature sets, and permission-related feature sets through XOR operation, weight allocation, and hash fusion.

[0054] 1) Feature set XOR operation, specifically including: performing XOR operation on the elements within each feature set to generate a fused value for a single feature set, and introducing a random verification factor K (K is a 16-bit random number, unique to each administrator, generated and encrypted by the system, not involved in the final generation of Si, but used for calculation verification): ID card feature set fusion: A1'XOR A2'XOR A3'XORK = D1 (after XOR operation, converted to a 32-bit hexadecimal string).

[0055] Exclusive identifier feature set fusion: B1'XOR B2'XOR K = D2 (after XOR operation, convert to a 32-bit hexadecimal string).

[0056] Access control feature set fusion: C1'XOR C2'XOR K = D3 (after XOR operation, convert to a 32-bit hexadecimal string).

[0057] 2) Feature set weight allocation, specifically including: assigning different weights to D1, D2, and D3 based on the administrator's job level and permission level (weights are dynamically adjusted; the higher the permission, the more complex the weight allocation, avoiding consistent calculation patterns for administrators with different permissions): The job level code (3 digits) is converted to a decimal number, denoted as W1; the permission level code (3 digits) is converted to a decimal number, denoted as W2; the weight coefficient W = (W1 + W2) / 1000 (value range 0.006~0.6); the final weight allocation: D1 weight = 0.4 + W / 2, D2 weight = 0.3 + W / 3, D3 weight = 0.3 - W / 6 (ensuring the sum of the three weights is 1, and the weights dynamically change with the permission level). Convert D1, D2, and D3 to decimal numbers respectively, multiply by the corresponding weights, and sum to obtain E (E is a decimal number, rounded to 10 decimal places).

[0058] 3) Feature set hash fusion, specifically including: converting E into a string, concatenating it with the random check factor K and the encrypted value of the management employee number B1' to obtain the string F = E (string form) + K + B1', and performing "double hash operation" on F: First hash: SHA-512 encryption on F to obtain a 512-bit hexadecimal string F1; Second hash: extracting the 10th to 60th bits of F1 (a total of 50 bits), and performing MD5 encryption (16 bits) on this 50-bit string to obtain the intermediate feature factor S0 (a 16-bit hexadecimal string).

[0059] S315: The calibration factor is obtained by concatenating the generation date of each analysis center with its corresponding unique identifier.

[0060] Specifically, the generation date (preferably an 8-digit number corresponding to the administrator's onboarding date) and unique identification information (preferably a 10-digit number corresponding to the administrator's unique identifier) ​​of each analysis center are concatenated and then encrypted using MD5 (16 bits) to obtain the calibration factor.

[0061] S316 performs an XOR operation between the intermediate characteristic factor and the calibration factor of each analysis center to obtain the target result.

[0062] S317 converts the target result into a preset format string and extracts the preset number of bits in the preset format string as a unique static feature factor for each analysis center.

[0063] Specifically, the target result is converted into a 16-digit hexadecimal string; the 2nd to 15th digits (14 digits in total) of the string are extracted as unique static feature factors for each analysis center.

[0064] Assume the administrator's basic information is as follows: ID number: 11010119900101123X. After desensitization and encryption, extract A1=0101, A2=19900101, A3=12310, and encrypt to get A'=[A1', A2', A3'].

[0065] Employee ID: AD123456, MAC address: 00-1A-2B-3C-4D-5E, obtained B1=6568123456, B2=001A2B3C4D5E (converted to decimal and concatenated), after encryption, we get B'=[B1', B2'].

[0066] Department code: 001, job level: 002, access level: 003, year of employment: 2020, obtain C1=001002, C2=0032020, after encryption we get C'=[C1', C2'].

[0067] Determine the random verification factor K: 1234567890ABCDEF. Calculation process: XOR A' / B' / C' with K, assign weights (W=(2+3) / 1000=0.005, weights are 0.4025, 0.3017, 0.2958 respectively), sum to obtain E, double hash to obtain S0, generate the calibration factor G, XOR operation to obtain 8A3B5C7D9E2F4G61 (example value), extract the 2nd to 15th characters (14 characters in total) from the string, and use A3B5C7D9E2F4G6 as the unique static feature factor corresponding to each analysis center.

[0068] Reference Figure 5 The method for obtaining the verification sub-code corresponding to each analysis center in S320 specifically includes: S321, determine the salt value corresponding to each analysis center.

[0069] Specifically, the salt value is preferably a fixed / semi-fixed encryption auxiliary string, which is equivalent to an additional password, further improving the security of the hash result and preventing brute-force attacks.

[0070] S322 concatenates the static feature factor, the global dynamic challenge code, and the salt value to generate the original string.

[0071] S323 performs a hash operation on the original string to obtain a fixed-length value.

[0072] Specifically, MD5 is used to obtain a 32-bit hexadecimal string, SHA-256 is used to obtain a 64-bit hexadecimal string, and then this hexadecimal encryption result is converted into a decimal number. For example, a 32-bit hexadecimal number can be converted into a very large decimal number, which may have dozens of digits.

[0073] S324 performs a modulo operation on a fixed-length numerical value to determine a verification subcode of a preset number of digits.

[0074] Specifically, divide the large decimal number obtained in the second step by 10. 6 Take the remainder, because the remainder when divided by 1,000,000 is always in the range of 0 to 999,999, which is exactly 6 digits. If it is less than 6 digits, add 0s in front. For example, if the remainder is 123, it becomes 000123. This remainder is the final 6-digit sub-code (i.e., the verification sub-code).

[0075] In the method of determining the unique static feature factor corresponding to each analysis center according to the preset factor strategy, the offline local client corresponding to each analysis center can randomly select one or more easy-to-remember information from basic identity information, exclusive identification information, and permission association information as the information that the administrator needs to provide. Then, the offline local client generates the verification sub-code corresponding to the analysis center based on the preset factor strategy and the information actually filled in by the administrator. Then, each analysis center (i.e. the administrator) sends the verification sub-code calculated by the offline local client to the system center.

[0076] The system center analyzes the verification subcodes received from the analysis center within a preset period. Specifically, based on the calculation rules pre-stored in the system center's backend and the corresponding analysis center information, it recalculates the verification. If the value calculated by the system backend matches the received verification subcode, the corresponding administrator has passed verification. This method ensures the uniqueness of each administrator, while also providing high security and strong anti-forgery capabilities. Each analysis center has a unique static feature factor, and the verification subcode is generated by combining exclusive information with preset strategies, making it difficult for external parties to forge legitimate subcodes using general rules. This effectively prevents malicious behaviors such as impersonating administrators to log in and unauthorized access. By binding a unique static feature factor to each analysis center, the system center can accurately locate the entity that has passed / failed verification, facilitating access control, anomaly detection, and operation tracing, and achieving unified control across multiple nodes. Furthermore, administrators only need to provide basic information that is easy to remember, eliminating the need to memorize complex keys or passwords, thus lowering the barrier to entry. Verification is performed within a preset period, and verification subcodes exceeding the period automatically expire, preventing the reuse of historical verification information to launch replay attacks and further improving the reliability of the verification mechanism.

[0077] In the second embodiment, for S300, the method for determining the verification subcode corresponding to each analysis center specifically includes: determining a unique static feature factor corresponding to each analysis center, wherein the static feature factor is a unique identity information corresponding to each analysis center; performing salted hash processing on the static feature factor and the global dynamic challenge code to obtain the verification subcode corresponding to each analysis center.

[0078] In this embodiment, the static feature factor is a unique identity information customized by each administrator, such as a unique ID card number or mobile phone number. This embodiment ensures that each administrator's static feature factor is stored in their personal memory; that is, the authentication factor is no longer physically stored in the device, but is generated by the administrator's memorized factors and the algorithm, realizing the "person is the key." Even if the displayed global dynamic challenge code is recorded by surveillance cameras in a physical environment, due to its spatiotemporal uniqueness (valid only in the current time window) and the lack of static feature seeds in the administrator's mind, attackers cannot reverse-engineer the final verification code even if they obtain the global dynamic challenge code. This embodiment innovatively introduces a distributed consensus algorithm into an offline environment. Even if 1-2 administrators leave or forget their factors, the system can still be maintained as long as the threshold M is reached, solving the operational deadlock.

[0079] The method of S400 for "analyzing the verification sub-codes received from the analysis center within a preset period and dynamically determining the key reset strategy" specifically includes: obtaining several verification sub-codes fed back by the analysis center within a preset period; if the number of verification sub-codes is greater than a preset threshold and each verification sub-code satisfies the matching relationship, triggering the opening of the key reset window.

[0080] The preset threshold is no greater than the total number of analysis centers and greater than 2, ensuring that multiple people must participate in each reset, and the system can record which administrators provided the factors, thus achieving operation traceability in a high-security environment.

[0081] Furthermore, to ensure that the administrator successfully obtains the credentials, the system interface has a "record confirmation" interaction logic; after the administrator manually confirms "credential obtained", the system background starts a verification timer. Only if the verification is completed within the timer's validity period can the service be unlocked and reset; otherwise, it will be invalid.

[0082] Specifically, the system provides M input boxes for receiving verification subcodes from the analysis center. The system backend uses a stored preset verification strategy to perform the same operation on each analysis center that receives the verification code, and obtains M calculated codes from the system backend. If the M verification subcodes and the M calculated codes all match, the consensus logic is triggered, which means that the verification is successful. Then the system opens the key reset window, allowing the administrator to set a new key and record the audit log.

[0083] It should be noted that all calculation formulas involved in this application are stored in the system backend. This ensures that after the global dynamic challenge code is generated, the notified administrator can see the global dynamic challenge code on the display screen of the target hardware in a physically isolated or closed network environment (i.e., the administrator records the code offline). The administrator then enters the verification sub-code obtained based on the global dynamic challenge code and their own static characteristic factors on their corresponding device. In other words, the calculation method for each administrator's verification sub-code is stored in the system backend. When the system backend receives the verification sub-code entered by a single administrator, it verifies each administrator's verification sub-code. Specifically, the system backend recalculates the code based on each administrator's information and the corresponding calculation method. If the value calculated by the system backend matches the verification sub-code, it means that the corresponding administrator has passed the verification.

[0084] Furthermore, in this application, once the analysis center successfully obtains the global dynamic challenge code, it will trigger the generation of a "credential obtained" signal. After receiving this signal, the system backend will start a verification timer. Only by completing the verification within the timer's validity period can the reset service be unlocked; otherwise, it will be invalid.

[0085] In this application, attackers must simultaneously steal the private factors of M administrators and crack the system's built-in algorithm to forge reset commands, making the difficulty increase exponentially. This application requires no expensive HSM (Hardware Security Module) or physical tokens; it is implemented purely through code logic and is easily ported to various domestically developed closed systems (such as Kylin and UnionTech). It effectively solves the operational challenges of isolated deployments of trusted data spaces and fully complies with the preset requirements for identity authentication and access control.

[0086] In one specific embodiment, Administrator A initiates a key reset request, and the system recognizes that this operation requires "3-of-6" consensus. Challenge Distribution: The system screen displays the global challenge code TDS-7788. Collaborative Calculation: Administrator A uses their seed SA and challenge code to calculate the subcode VA = 112233 offline. Administrator B uses their seed SB and challenge code to calculate the subcode VB = 445566 offline. Administrator C uses their seed SC and challenge code to calculate the subcode VC = 881123 offline. Administrator D is not present at this time and does not participate in the calculation. Summary Verification: Administrators A, B, and C sequentially input their respective subcodes into the system. The system verifies that VA, VB, and VC are all correct, determining that the policy of at least three authorizations is met, and the system officially initiates the reset process.

[0087] The method disclosed in this application effectively prevents single-point malicious activity. Even if any administrator knows the algorithm, they cannot complete the reset independently; at least two other administrators must cooperate, greatly enhancing internal audit security. It also possesses a high degree of fault tolerance; even if administrator D is absent or forgets the factor, as long as A, B, and C are present, the system's operational logic will not be interrupted, solving the problem of redundant personnel management in closed networks.

[0088] Secondly, this application discloses a key reset system in a closed network environment, used to execute the key reset method in a closed network environment disclosed in the first aspect of this application. The system includes: A global dynamic challenge code generation unit is used to generate a global dynamic challenge code based on the current system information and the current date in response to a key reset signal; A rendering and display unit is used to render and display the global dynamic challenge code on the display screen of the target hardware; The verification subcode acquisition unit is used to determine the verification subcode corresponding to each analysis center based on the global dynamic challenge code displayed on the display screen of the target hardware and the static feature factor corresponding to each analysis center. The analysis unit is used to analyze the verification subcodes received from the analysis center within a preset period and dynamically determine the key reset strategy.

[0089] For a detailed description of this embodiment, please refer to the corresponding descriptions in the foregoing embodiments, which will not be repeated here.

[0090] The basic principles of this disclosure have been described above with reference to specific embodiments. However, it should be noted that the advantages, benefits, and effects mentioned in this disclosure are merely examples and not limitations, and should not be considered as essential features of each embodiment of this disclosure. Furthermore, the specific details disclosed above are for illustrative and facilitative purposes only, and are not limitations. These details do not limit the scope of this disclosure to the necessity of employing the aforementioned specific details for implementation.

[0091] In this disclosure, relational terms such as "first" and "second" are used merely to distinguish one entity or operation from another, and do not necessarily require or imply any such actual relationship or order between these entities or operations. The block diagrams of devices, apparatuses, devices, and systems involved in this disclosure are merely illustrative examples and are not intended to require or imply that they must be connected, arranged, or configured in the manner shown in the block diagrams. As those skilled in the art will recognize, these devices, apparatuses, devices, and systems can be connected, arranged, and configured in any manner. Words such as "comprising," "including," "having," etc., are open-ended terms meaning "including but not limited to," and are used interchangeably with them. The terms "or" and "and" as used herein refer to the terms "and / or," and are used interchangeably with them unless the context clearly indicates otherwise. The term "such as" as used herein refers to the phrase "such as but not limited to," and is used interchangeably with it.

[0092] Additionally, as used herein, the "or" used in a list of items beginning with "at least one" indicates a separate list, such that a list of, for example, "at least one of A, B, or C" means A or B or C, or AB or AC or BC, or ABC (i.e., A and B and C). Furthermore, the word "exemplary" does not imply that the described example is preferred or better than other examples.

[0093] It should also be noted that in the systems and methods of this disclosure, the components or steps can be decomposed and / or recombined. These decompositions and / or recombinations should be considered as equivalent solutions to this disclosure.

[0094] Various changes, substitutions, and modifications can be made to the technology described herein without departing from the teachings defined by the appended claims. Furthermore, the scope of the claims of this disclosure is not limited to the specific aspects of the processes, machines, manufactures, events, means, methods, and actions described above. Currently existing or later-developed processes, machines, manufactures, events, means, methods, or actions that perform substantially the same function or achieve substantially the same result as the corresponding aspects described herein can be utilized. Therefore, the appended claims include such processes, machines, manufactures, events, means, methods, or actions within their scope.

[0095] The above description of the disclosed aspects is provided to enable any person skilled in the art to make or use this disclosure. Various modifications to these aspects will be readily apparent to those skilled in the art, and the general principles defined herein may be applied to other aspects without departing from the scope of this disclosure. Therefore, this disclosure is not intended to be limited to the aspects shown herein, but rather to be carried out within the widest scope consistent with the principles and novel features disclosed herein.

[0096] The above description has been given for purposes of illustration and description. Furthermore, this description is not intended to limit the embodiments of this disclosure to the forms disclosed herein. Although numerous exemplary aspects and embodiments have been discussed above, those skilled in the art will recognize certain variations, modifications, alterations, additions, and sub-combinations therein.

Claims

1. A key reset method in a closed network environment, characterized in that, include: In response to the key reset signal, a global dynamic challenge code is generated based on the current system information and the current date; The global dynamic challenge code is rendered and displayed on the target hardware's display screen; Based on the global dynamic challenge code displayed on the display screen of the target hardware and the static feature factors corresponding to each analysis center, the verification sub-code corresponding to each analysis center is determined. The verification subcodes received from the analysis center within a preset period are analyzed to dynamically determine the key reset strategy.

2. The key reset method in a closed network environment according to claim 1, characterized in that, The process of generating a global dynamic challenge code in response to a key reset signal, based on current system information and the current date, includes: In response to a key reset signal, determine the target hardware that sent the signal and the current date; Obtain the hardware fingerprint of the target hardware and generate random numbers based on the built-in operating system of the target hardware; The current date, the hardware fingerprint, and the random number are processed to generate a global dynamic challenge code.

3. The key reset method in a closed network environment according to claim 2, characterized in that, The determination of the verification sub-code corresponding to each analysis center, based on the global dynamic challenge code displayed on the display screen of the target hardware and the static feature factors corresponding to each analysis center, includes: A unique static characteristic factor is determined for each analysis center based on a pre-defined factor strategy. Obtain the preset fusion strategy corresponding to the static feature factor, and process the static feature factor and the global dynamic challenge code based on the preset fusion strategy to obtain the verification sub-code corresponding to each analysis center.

4. The key reset method in a closed network environment according to claim 3, characterized in that, The step of determining the unique static characteristic factor corresponding to each analysis center according to the preset factor strategy includes: Obtain the original association information for each analysis center; the original association information includes at least one of the following: basic identity information, unique identifier information, and permission association information of the analysis center. The original associated information is subjected to de-identification and encryption preprocessing to generate an encrypted string; Based on the information type in the original associated information, determine the hierarchical strategy corresponding to the encrypted string, and perform hierarchical processing on the original associated information based on the hierarchical strategy, and extract the core feature fields of the corresponding level to obtain the original feature set of the corresponding information type; All the original feature sets are processed and fused to generate intermediate feature factors; The calibration factor is obtained by concatenating the generation date of each analysis center with its corresponding unique identifier. The intermediate feature factor of each analysis center is XORed with the calibration factor to obtain the target result; The target result is converted into a preset format string, and a preset number of bits is extracted from the preset format string as a unique static feature factor corresponding to each analysis center.

5. The key reset method in a closed network environment according to claim 4, characterized in that, If the original association information includes the analysis center's basic identity information, exclusive identification information, and permission association information, then based on the information type in the original association information, the layering strategy corresponding to the encrypted string is determined, and the original association information is processed in layers based on the layering strategy. The core feature fields of the corresponding layers are extracted to obtain the original feature set of the corresponding information type, including: The layering strategy corresponding to the basic identity information in the encrypted string is determined to be the first strategy, the layering strategy corresponding to the exclusive identifier information is determined to be the second strategy, and the layering strategy corresponding to the permission association information is determined to be the third strategy; Based on the first strategy, the basic identity information in the encrypted string is divided into three levels, and the information corresponding to the three levels is extracted respectively. After encryption, the identity feature set is obtained. Based on the second strategy, the unique identifier information in the encrypted string is divided into two levels, and the information corresponding to the two levels is extracted respectively. After encryption, a unique identifier feature set is obtained. Based on the third strategy, the permission association information in the encrypted string is divided into two levels, and the information corresponding to the two levels is extracted respectively. After encryption, the permission association feature set is obtained.

6. The key reset method in a closed network environment according to claim 5, characterized in that, The step of performing calculations and fusing all the original feature sets to generate intermediate feature factors includes: The identity feature set, the exclusive identifier feature set, and the permission association feature set are fused together using at least one of the following methods: XOR operation, hash fusion, and weight allocation, to generate an intermediate feature factor.

7. The key reset method in a closed network environment according to claim 3, characterized in that, The step of obtaining the preset fusion strategy corresponding to the static feature factor, and processing the static feature factor and the global dynamic challenge code based on the preset fusion strategy to obtain the verification sub-code corresponding to each analysis center includes: Determine the salt value corresponding to each of the analysis centers; The static feature factor, the global dynamic challenge code, and the salt value are concatenated to generate the original string; Perform a hash operation on the original string to obtain a fixed-length value; Perform a modulo operation on the fixed-length value to determine a verification subcode of a preset number of digits.

8. The key reset method in a closed network environment according to claim 2, characterized in that, The step of analyzing the verification subcodes received from the analysis center within a preset period and dynamically determining the key reset strategy includes: Obtain the verification sub-codes fed back by several of the analysis centers within a preset period; If the number of verification subcodes is greater than a preset threshold and each verification subcode satisfies a matching relationship, the key reset window is triggered.

9. The key reset method in a closed network environment according to claim 2, characterized in that, The determination of the verification sub-code corresponding to each analysis center, based on the global dynamic challenge code displayed on the display screen of the target hardware and the static feature factors corresponding to each analysis center, includes: Each analysis center is identified as having a unique static characteristic factor, which is a unique identity information for each analysis center. The static feature factors and the global dynamic challenge code are subjected to salted hashing to obtain the verification subcode corresponding to each analysis center.

10. A key reset system in a closed network environment, characterized in that, include: A global dynamic challenge code generation unit is used to generate a global dynamic challenge code based on the current system information and the current date in response to a key reset signal; A rendering and display unit is used to render and display the global dynamic challenge code on the display screen of the target hardware; The verification subcode acquisition unit is used to determine the verification subcode corresponding to each analysis center based on the global dynamic challenge code displayed on the display screen of the target hardware and the static feature factor corresponding to each analysis center. The analysis unit is used to analyze the verification subcodes received from the analysis center within a preset period and dynamically determine the key reset strategy.