Nothing Special   »   [go: up one dir, main page]

CN108400868B - Seed key storage method and device and mobile terminal - Google Patents

Seed key storage method and device and mobile terminal Download PDF

Info

Publication number
CN108400868B
CN108400868B CN201810043839.1A CN201810043839A CN108400868B CN 108400868 B CN108400868 B CN 108400868B CN 201810043839 A CN201810043839 A CN 201810043839A CN 108400868 B CN108400868 B CN 108400868B
Authority
CN
China
Prior art keywords
seed key
mobile terminal
preset rule
key information
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810043839.1A
Other languages
Chinese (zh)
Other versions
CN108400868A (en
Inventor
陈柳章
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Excelsecu Data Technology Co Ltd
Original Assignee
Shenzhen Excelsecu Data Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Excelsecu Data Technology Co Ltd filed Critical Shenzhen Excelsecu Data Technology Co Ltd
Priority to CN201810043839.1A priority Critical patent/CN108400868B/en
Publication of CN108400868A publication Critical patent/CN108400868A/en
Application granted granted Critical
Publication of CN108400868B publication Critical patent/CN108400868B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Telephone Function (AREA)

Abstract

The invention is suitable for the technical field of information security, and provides a storage method and a storage device of a seed key, a mobile terminal and a computer readable storage medium, wherein the storage method comprises the following steps: dividing the seed key into at least two parts of seed key information according to a preset rule; at least a part of the seed key information is stored by the user and/or a third party, and the rest and at least a part of the seed key information are stored in the mobile terminal. The invention can increase the difficulty of breaking the seed key and improve the safety of the seed key.

Description

Seed key storage method and device and mobile terminal
Technical Field
The invention belongs to the technical field of information security, and particularly relates to a seed key storage method and device, a mobile terminal and a computer readable storage medium.
Background
The dynamic password is generated into an unpredictable random number combination according to a special algorithm, each secret key can be used only once, and the dynamic password is widely applied to the fields of internet banking, internet games, electronic commerce and the like at present. In the prior art, a dynamic password is generated at a mobile terminal, and a seed key required for generating the dynamic password is generally stored in the mobile terminal. However, the seed key is stored in the mobile terminal and is easy to be analyzed or copied by others, so that the seed key is cracked by others, and the security is low.
Therefore, a new technical solution is needed to solve the above technical problems.
Disclosure of Invention
In view of this, the present invention provides a method and an apparatus for storing a seed key, a mobile terminal, and a computer-readable storage medium, so as to increase the difficulty of cracking the seed key and improve the security of the seed key.
The first aspect of the present invention provides a seed key storage method, including:
dividing the seed key into at least two parts of seed key information according to a preset rule;
at least a part of the seed key information is stored by the user and/or a third party, and the rest and at least a part of the seed key information are stored in the mobile terminal.
A second aspect of the present invention provides a seed key storage apparatus, comprising:
the seed key dividing module is used for dividing the seed key into at least two parts of seed key information according to a preset rule;
the first information processing module is used for storing at least one part of seed key information by a user and/or a third party and storing the rest and at least one part of seed key information in the mobile terminal.
A third aspect of the present invention provides a mobile terminal comprising a memory, a processor and a computer program stored in the memory and executable on the processor, the processor implementing the steps of the method according to the first aspect when executing the computer program.
A fourth aspect of the invention provides a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, performs the steps of the method according to the first aspect.
Compared with the prior art, the scheme of the invention has the following beneficial effects: the scheme of the invention divides the seed key into at least two parts of seed key information according to the preset rule, records and stores at least one part of seed key information by a user and/or a third party, and stores the rest and at least one part of seed key information in the mobile terminal. The seed key is divided into at least two parts, at least one part is stored by a user and/or a third party, and the other part is stored by the mobile terminal, so that the seed key is stored separately, the difficulty of cracking the seed key is increased, and the safety of the seed key is improved.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the embodiments or the prior art descriptions will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without inventive exercise.
Fig. 1 is a schematic flow chart of an implementation of a method for storing a seed key according to an embodiment of the present invention;
fig. 2 is a schematic flow chart illustrating an implementation of a method for storing a seed key according to a second embodiment of the present invention;
fig. 3 is a schematic diagram of a storage apparatus for seed keys according to a third embodiment of the present invention;
fig. 4 is a schematic diagram of a mobile terminal according to a fourth embodiment of the present invention;
fig. 5 is a schematic diagram of a mobile terminal according to a fifth embodiment of the present invention.
Detailed Description
In the following description, for purposes of explanation and not limitation, specific details are set forth, such as particular system structures, techniques, etc. in order to provide a thorough understanding of the embodiments of the invention. It will be apparent, however, to one skilled in the art that the present invention may be practiced in other embodiments that depart from these specific details. In other instances, detailed descriptions of well-known systems, devices, circuits, and methods are omitted so as not to obscure the description of the present invention with unnecessary detail.
It will be understood that the terms "comprises" and/or "comprising," when used in this specification and the appended claims, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.
It is also to be understood that the terminology used in the description of the invention herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used in the specification of the present invention and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.
It should be further understood that the term "and/or" as used in this specification and the appended claims refers to and includes any and all possible combinations of one or more of the associated listed items.
As used in this specification and the appended claims, the term "if" may be interpreted contextually as "when", "upon" or "in response to a determination" or "in response to a detection". Similarly, the phrase "if it is determined" or "if a [ described condition or event ] is detected" may be interpreted contextually to mean "upon determining" or "in response to determining" or "upon detecting [ described condition or event ]" or "in response to detecting [ described condition or event ]".
In particular implementations, mobile terminals described in embodiments of the invention include, but are not limited to, other portable devices such as mobile phones, laptop computers, or tablet computers having touch sensitive surfaces (e.g., touch screen displays and/or touch pads). It should also be understood that in some embodiments, the device is not a portable communication device, but is a desktop computer having a touch-sensitive surface (e.g., a touch screen display and/or touchpad).
In the discussion that follows, a mobile terminal that includes a display and a touch-sensitive surface is described. However, it should be understood that the mobile terminal may include one or more other physical user interface devices such as a physical keyboard, mouse, and/or joystick.
The mobile terminal supports various applications, such as one or more of the following: a drawing application, a presentation application, a word processing application, a website creation application, a disc burning application, a spreadsheet application, a gaming application, a telephone application, a video conferencing application, an email application, an instant messaging application, an exercise support application, a photo management application, a digital camera application, a web browsing application, a digital music player application, and/or a digital video player application.
Various applications that may be executed on the mobile terminal may use at least one common physical user interface device, such as a touch-sensitive surface. One or more functions of the touch-sensitive surface and corresponding information displayed on the terminal can be adjusted and/or changed between applications and/or within respective applications. In this way, a common physical architecture (e.g., touch-sensitive surface) of the terminal can support various applications with user interfaces that are intuitive and transparent to the user.
It should be understood that, the sequence numbers of the steps in this embodiment do not mean the execution sequence, and the execution sequence of each process should be determined by the function and the inherent logic of the process, and should not constitute any limitation on the implementation process of the embodiment of the present invention.
In order to explain the technical means of the present invention, the following description will be given by way of specific examples.
Referring to fig. 1, which is a schematic diagram illustrating an implementation flow of a method for storing a seed key according to an embodiment of the present invention, where the method for storing a seed key is applied to a mobile terminal, as shown in the figure, the method for storing a seed key may include the following steps:
step S101, dividing the seed key into at least two parts of seed key information according to a preset rule.
In the embodiment of the present invention, the preset rule may be a first preset rule or a second preset rule, and the seed key is divided into at least two parts of seed key information according to the preset rule.
The seed key can be sent to the mobile terminal by the server as a whole, or the server sends a plurality of calculation factors for calculating the seed key to the mobile terminal, and then the seed key is calculated at the mobile terminal.
If the seed key is integrally issued to the mobile terminal by the server, the preset rule is a first preset rule, and the mobile terminal divides the seed key into at least two parts of seed key information according to the first preset rule.
If the server issues the plurality of calculation factors for calculating the seed key to the mobile terminal, and the preset rule is a second preset rule at this time, the mobile terminal divides the plurality of calculation factors for calculating the seed key into at least two parts of seed key information according to the second preset rule, which is not limited herein. The calculation factor may refer to a parameter required when calculating the seed key. For example, the seed key is calculated from the information of the user password, the user name, the card number, etc., and the user password, the user name, the card number, etc. at this time may all be calculation factors of the seed key. Therefore, the seed key can be divided into at least two parts of seed key information by dividing the calculation factor for calculating the seed key.
The preset rule may refer to a rule set by a user in advance how to divide (i.e., split) the seed key. The first preset rule may refer to a rule set by a user in advance how to divide the seed key issued by the server to the mobile terminal, and the user may set the rule by himself or herself as needed, which is not limited herein, for example, the seed key is 128 kbytes of data, the first 32 kbytes of data may be used as a part of information of the seed key, and the remaining 96 kbytes of data may be used as another part of information of the seed key, which is not limited herein. Optionally, the seed key may be a plaintext or a ciphertext, which is not limited herein. The second preset rule may refer to a rule set in advance by the user how to divide a plurality of calculation factors for calculating the seed key, which are issued to the mobile terminal by the server, and the user may set the rule by himself or herself as needed, which is not limited herein.
Step S102, at least a part of seed key information is saved by a user and/or a third party, and the rest and at least a part of seed key information are saved in the mobile terminal.
In the embodiment of the present invention, the seed key may be divided into at least two parts, at least one part of the seed key is recorded and stored by the user and/or the third party, and at least the other part of the seed key is stored in the mobile terminal, so that even if someone cracks the seed password information stored in the mobile terminal, the intact seed key cannot be obtained, because at least a part of the seed key information of the seed key is stored by the user and/or the third party, the someone cannot obtain the seed key information stored by the user and/or the third party. For example, the seed key may be divided into two parts, one part is stored by the user, and the other part is stored in the mobile terminal; or dividing the seed key into three parts, wherein one part is stored by the user, one part is sent to the server for storage, and the other part is stored by the mobile terminal.
Optionally, after at least a portion of the seed key information is fed back to the user (for example, displayed to the user), if a confirmation instruction for at least a portion of the seed key information is received (for example, after the user remembers the at least a portion of the seed key information, the area where the at least a portion of the seed key information is located is clicked), or after a preset time (for example, 1 minute), the at least a portion of the seed key information is no longer displayed.
Or after at least part of the seed key information is sent to the third party, the third party feeds back a response instruction to the mobile terminal after receiving and storing the at least part of the seed key information, and the mobile terminal does not display the at least part of the seed key information after receiving the response instruction, wherein the response instruction is used for indicating that the third party has received and stored the seed key information sent by the mobile terminal. The third party may refer to a device other than the user and the mobile terminal, for example, a server preset by the user.
Optionally, the storing at least a part of the seed key information by the user and/or a third party includes:
and displaying a part of the seed key information for the user to store, or sending a part of the seed key information to a third party to store, or displaying a part of the seed key information for the user to store, and sending a part of the seed key information to the third party to store.
Optionally, the seed key information stored in the mobile terminal may be encrypted and then stored in the mobile terminal.
Optionally, the embodiment of the present invention further includes:
dividing the encryption factors of the encryption seed key information into at least two parts of encryption factor information according to a third preset rule;
at least a part of encryption factor information is stored by a user and/or a third party, and the rest of encryption factor information or at least a part of encryption factor information is stored or encrypted and then stored in the mobile terminal.
Optionally, the storing at least a part of the encryption factor information by the user and/or a third party includes:
and displaying a part of the encryption factor information for a user to store, or sending a part of the encryption factor information to a third party to store, or displaying a part of the encryption factor information for the user to store, and sending a part of the encryption factor information to the third party to store.
The third preset rule may refer to a rule set by a user in advance how to divide the encryption factor, and the user may set the rule by himself or herself as required, which is not limited herein.
The seed key is divided into at least two parts, one part is stored by a user and/or a third party, and the other part is stored by the mobile terminal, so that the seed key is stored separately, the difficulty of cracking the seed key is increased, and the safety of the seed key is improved. And further, the encryption factor is divided into at least two parts which are respectively stored by the user or a third party and the mobile terminal, so that the security of seed key storage is enhanced.
Referring to fig. 2, which is a schematic diagram illustrating an implementation flow of a method for storing a seed key according to a second embodiment of the present invention, where the method for storing a seed key is applied to an OTP of a mobile terminal, as shown in the figure, the method for storing a seed key may include the following steps:
step S201, in the OTP activation stage, the seed key is integrally issued to the mobile terminal by the server, and the integral seed key is divided into at least two parts of seed key information according to a first preset rule; or in the OTP activation stage, the server issues a plurality of calculation factors of the seed key to the mobile terminal, and the calculation factors of the seed key are divided into at least two parts of seed key information according to a second preset rule.
The OTP in the embodiment of the present invention refers to a soft OTP applied to a mobile terminal, which calculates a dynamic password through a dynamic password calculation method by software according to a seed key and a current time. Wherein, the dynamic password generates an unpredictable random number combination which is relevant to time and is generated at regular time intervals according to a special algorithm.
The first preset rule may refer to a rule set by a user in advance how to divide the seed key issued by the server to the mobile terminal, and the user may set the rule by himself or herself as needed without limitation, for example, the seed key is 128 kbytes of data, the first 32 kbytes of data may be used as the first part of information of the seed key, and the remaining 96 kbytes of data may be used as the second part of information of the seed key, without limitation. Optionally, the seed key may be a plaintext or a ciphertext, which is not limited herein.
The calculation factor may refer to a parameter required for calculating the seed key. For example, the seed key is calculated from the information of the user password, the user name, the card number, etc., and the user password, the user name, the card number, etc. at this time may all be calculation factors of the seed key. Therefore, the seed key can be divided into at least two parts of seed key information by dividing the calculation factor for calculating the seed key.
The second preset rule may refer to a rule set by a user in advance how to divide the plurality of calculation factors, and the user may set the rule by himself or herself as required, which is not limited herein.
Step S202, at least a part of seed key information is saved by the user and/or a third party, and the rest and at least a part of seed key information are saved in the mobile terminal.
In the embodiment of the present invention, the seed key may be divided into at least two parts, at least one part of the seed key is recorded and stored by the user and/or the third party, and at least the other part of the seed key is stored in the mobile terminal, so that even if someone cracks the seed password information stored in the mobile terminal, the intact seed key cannot be obtained, because at least a part of the seed key information of the seed key is stored by the user and/or the third party, the someone cannot obtain the seed key information stored by the user and/or the third party. For example, the seed key may be divided into two parts, one part is stored by the user, and the other part is stored in the mobile terminal; or dividing the seed key into three parts, wherein one part is stored by the user, one part is sent to the server for storage, and the other part is stored by the mobile terminal.
Optionally, after at least a portion of the seed key information is fed back to the user (for example, displayed to the user), if a confirmation instruction for at least a portion of the seed key information is received (for example, after the user remembers the at least a portion of the seed key information, the area where the at least a portion of the seed key information is located is clicked), or after a preset time (for example, 1 minute), the at least a portion of the seed key information is no longer displayed.
Or after at least part of the seed key information is sent to the third party, the third party feeds back a response instruction to the mobile terminal after receiving and storing the at least part of the seed key information, and the mobile terminal does not display the at least part of the seed key information after receiving the response instruction, wherein the response instruction is used for indicating that the third party has received and stored the seed key information sent by the mobile terminal. The third party may refer to a device other than the user and the mobile terminal, for example, a server preset by the user.
Optionally, the storing at least a part of the seed key information by the user and/or a third party includes:
and displaying a part of the seed key information for the user to store, or sending a part of the seed key information to a third party to store, or displaying a part of the seed key information for the user to store, and sending a part of the seed key information to the third party to store.
Optionally, the seed key information stored in the mobile terminal may be encrypted and then stored in the mobile terminal.
Optionally, the embodiment of the present invention further includes:
dividing the encryption factors of the encryption seed key information into at least two parts of encryption factor information according to a third preset rule;
at least a part of encryption factor information is stored by a user and/or a third party, and the rest of encryption factor information or at least a part of encryption factor information is stored or encrypted and then stored in the mobile terminal.
Optionally, the storing at least a part of the encryption factor information by the user and/or a third party includes:
and displaying a part of the encryption factor information for a user to store, or sending a part of the encryption factor information to a third party to store, or displaying a part of the encryption factor information for the user to store, and sending a part of the encryption factor information to the third party to store.
The third preset rule may refer to a rule set by a user in advance how to divide the encryption factor, and the user may set the rule by himself or herself as required, which is not limited herein.
Step S203, when the OTP is started, acquiring the seed key information saved by the user and/or obtained by the user from a third party, which is input by the user, and acquiring the seed key information saved by the mobile terminal.
In the embodiment of the present invention, when the OTP is started, the user may input, through the mobile terminal, seed key information saved by the user or obtained by the user from a third party (for example, the seed key information is input on a touch screen of the mobile terminal) or seed key information saved by the user and obtained by the user from the third party, so as to obtain the seed key information input by the user, and obtain the seed key information saved by the user from the mobile terminal.
And step S204, recovering the seed key plaintext according to all the obtained seed key information.
In the embodiment of the invention, because the seed key information input by the user and the seed key information stored in the mobile terminal are obtained by dividing the seed key, the seed key information input by the user and the seed key information stored in the mobile terminal can be combined to obtain the complete seed key. If part of the seed key information stored in the mobile terminal is encrypted, the seed key information is decrypted and then recovered with the seed key information input by the user to obtain a seed key plaintext.
And step S205, calculating a dynamic password according to the seed key plaintext and the dynamic password algorithm.
The seed key is divided into at least two parts, at least one part is stored by a user and/or a third party, and the other part is stored by the mobile terminal, so that the seed key is stored separately, the difficulty of cracking the seed key is increased, the safety of the seed key is improved, and the calculated dynamic password is safer and more reliable.
Fig. 3 is a schematic diagram of a storage apparatus for seed keys according to a third embodiment of the present invention, and for convenience of description, only the portions related to the third embodiment of the present invention are shown.
The device comprises:
the seed key dividing module 31 is configured to divide a seed key into at least two parts of seed key information according to a preset rule;
the first information processing module 32 is configured to store at least a part of the first information of the seed key by the user and/or a third party, and store the rest of the first information of the seed key in the mobile terminal.
Optionally, the seed key dividing module 31 is specifically configured to:
the preset rule is a first preset rule, the seed key is integrally issued to the mobile terminal by the server in the OTP activation stage, and the integral seed key is divided into at least two parts of seed key information according to the first preset rule; or
The preset rule is a second preset rule, in the OTP activation stage, a plurality of calculation factors of the seed key are issued to the mobile terminal by the server, and the plurality of calculation factors of the seed key are divided into at least two parts of seed key information according to the second preset rule.
Optionally, the apparatus further comprises:
the information obtaining module 33 is configured to obtain seed key information, which is input by a user and saved by the user and/or obtained by the user from a third party, when the OTP is started, and obtain the seed key information saved by the mobile terminal;
a seed key recovery module 34, configured to recover a seed key plaintext according to all the obtained seed key information;
and the dynamic password calculation module 35 is configured to calculate a dynamic password according to the seed key plaintext and the dynamic password algorithm.
Optionally, the seed key information stored in the mobile terminal is encrypted and then stored in the mobile terminal.
Optionally, the apparatus further comprises:
the encryption factor dividing module is used for dividing the encryption factors of the encryption seed key information into at least two parts of encryption factor information according to a third preset rule;
and the second information processing module is used for storing at least one part of encryption factor information by a user and/or a third party, and storing the rest of encryption factor information or at least one part of encryption factor information after encryption in the mobile terminal.
Wherein the encryption factor dividing module and the second information processing module are not shown in fig. 3.
The apparatus provided in the embodiment of the present invention may be applied to the first method embodiment and the second method embodiment, and for details, reference is made to the description of the first method embodiment and the second method embodiment, and details are not repeated herein.
Fig. 4 is a schematic diagram of a mobile terminal according to a fourth embodiment of the present invention. The mobile terminal as shown in the figure may include: one or more processors 401 (only one shown); one or more input devices 402 (only one shown), one or more output devices 403 (only one shown), and memory 404. The processor 401, the input device 402, the output device 403, and the memory 404 are connected by a bus 405. The memory 404 is used for storing instructions and the processor 401 is used for executing the instructions stored by the memory 404. Wherein:
the processor 401 is configured to divide the seed key into at least two parts of seed key information according to a preset rule; at least a part of the seed key information is stored by the user and/or a third party, and the rest and at least a part of the seed key information are stored in the mobile terminal.
Optionally, the processor 401 is specifically configured to:
the preset rule is a first preset rule, the seed key is integrally issued to the mobile terminal by the server in the OTP activation stage, and the integral seed key is divided into at least two parts of seed key information according to the first preset rule; or
The preset rule is a second preset rule, in the OTP activation stage, a plurality of calculation factors of the seed key are issued to the mobile terminal by the server, and the plurality of calculation factors of the seed key are divided into at least two parts of seed key information according to the second preset rule.
Optionally, the processor 401 is further configured to:
when the OTP is started, the seed key information which is input by a user and is saved by the user and/or obtained by the user from a third party is obtained, and the seed key information saved by the mobile terminal is obtained;
recovering seed key plaintext according to all the obtained seed key information;
and calculating the dynamic password according to the seed key plaintext and the dynamic password algorithm.
Optionally, the seed key information stored in the mobile terminal is encrypted and then stored in the mobile terminal.
Optionally, the processor 401 is further configured to:
dividing the encryption factors of the encryption seed key information into at least two parts of encryption factor information according to a third preset rule;
at least a part of encryption factor information is stored by a user and/or a third party, and the rest of encryption factor information or at least a part of encryption factor information is stored or encrypted and then stored in the mobile terminal.
It should be understood that, in the embodiment of the present invention, the Processor 401 may be a Central Processing Unit (CPU), and the Processor may also be other general-purpose processors, Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs) or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components, and the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The input device 402 may include a touch pad, a fingerprint sensor (for collecting fingerprint information of a user and direction information of the fingerprint), a microphone, a data receiving interface, and the like. The output devices 403 may include a display (LCD, etc.), speakers, a data transmission interface, and the like.
The memory 404 may include a read-only memory and a random access memory, and provides instructions and data to the processor 401. A portion of the memory 404 may also include non-volatile random access memory. For example, the memory 404 may also store device type information.
In a specific implementation, the processor 401, the input device 402, the output device 403, and the memory 404 described in this embodiment of the present invention may execute the implementation described in the embodiment of the method for storing a seed key provided in this embodiment of the present invention, or may execute the implementation described in the storage device for a seed key described in the third embodiment, which is not described herein again.
Fig. 5 is a schematic diagram of a mobile terminal according to a fifth embodiment of the present invention. As shown in fig. 5, the mobile terminal 5 of this embodiment includes: a processor 50, a memory 51 and a computer program 52 stored in said memory 51 and executable on said processor 50. The processor 50, when executing the computer program 52, implements the steps in the above embodiments of the storage method for each seed key, such as the steps S101 to S102 shown in fig. 1. Alternatively, the processor 50 implements the functions of the modules/units in the above-described device embodiments when executing the computer program 52.
Illustratively, the computer program 52 may be partitioned into one or more modules/units that are stored in the memory 51 and executed by the processor 50 to implement the present invention. The one or more modules/units may be a series of computer program instruction segments capable of performing specific functions, which are used to describe the execution of the computer program 52 in the mobile terminal 5. For example, the computer program 52 may be divided into a seed key dividing module, a first information processing module, an information obtaining module, a seed key recovering module, a dynamic password calculating module, an encryption factor dividing module, and a second information processing module, and each module has the following specific functions:
the seed key dividing module is used for dividing the seed key into at least two parts of seed key information according to a preset rule;
the first information processing module is used for storing at least one part of seed key information by a user and/or a third party and storing the rest and at least one part of seed key information in the mobile terminal.
Optionally, the seed key dividing module is specifically configured to:
the preset rule is a first preset rule, the seed key is integrally issued to the mobile terminal by the server in the OTP activation stage, and the integral seed key is divided into at least two parts of seed key information according to the first preset rule; or
The preset rule is a second preset rule, in the OTP activation stage, a plurality of calculation factors of the seed key are issued to the mobile terminal by the server, and the plurality of calculation factors of the seed key are divided into at least two parts of seed key information according to the second preset rule.
Optionally, the information obtaining module is configured to, when the OTP is started, obtain seed key information that is input by the user and is saved by the user and/or obtained by the user from a third party, and obtain the seed key information saved by the mobile terminal;
the seed key recovery module is used for recovering seed key plaintext according to all the obtained seed key information;
and the dynamic password calculation module is used for calculating a dynamic password according to the seed key plaintext and a dynamic password algorithm.
Optionally, the encryption factor dividing module is configured to divide the encryption factor of the encryption seed key information into at least two parts of encryption factor information according to a third preset rule;
and the second information processing module is used for storing at least one part of encryption factor information by a user and/or a third party, and storing the rest of encryption factor information or at least one part of encryption factor information after encryption in the mobile terminal.
The mobile terminal 5 may be a desktop computer, a notebook, a palm computer, a cloud server, or other computing devices. The mobile terminal may include, but is not limited to, a processor 50, a memory 51. Those skilled in the art will appreciate that fig. 5 is merely an example of a mobile terminal 5 and does not constitute a limitation of the mobile terminal 5 and may include more or less components than those shown, or some of the components may be combined, or different components, e.g., the mobile terminal may also include input-output devices, network access devices, buses, etc.
The processor 50 may be a central processing unit CPU, but may also be other general purpose processors, digital signal processors DSP, application specific integrated circuits ASIC, off-the-shelf programmable gate arrays FPGA or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The memory 51 may be an internal storage unit of the mobile terminal 5, such as a hard disk or a memory of the mobile terminal 5. The memory 51 may also be an external storage device of the mobile terminal 5, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), and the like, provided on the mobile terminal 5. Further, the memory 51 may also include both an internal storage unit and an external storage device of the mobile terminal 5. The memory 51 is used for storing the computer program and other programs and data required by the mobile terminal. The memory 51 may also be used to temporarily store data that has been output or is to be output.
It will be apparent to those skilled in the art that, for convenience and brevity of description, only the above-mentioned division of the functional units and modules is illustrated, and in practical applications, the above-mentioned function distribution may be performed by different functional units and modules according to needs, that is, the internal structure of the apparatus is divided into different functional units or modules to perform all or part of the above-mentioned functions. Each functional unit and module in the embodiments may be integrated in one processing unit, or each unit may exist alone physically, or two or more units are integrated in one unit, and the integrated unit may be implemented in a form of hardware, or in a form of software functional unit. In addition, specific names of the functional units and modules are only for convenience of distinguishing from each other, and are not used for limiting the protection scope of the present application. The specific working processes of the units and modules in the system may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the above embodiments, the descriptions of the respective embodiments have respective emphasis, and reference may be made to the related descriptions of other embodiments for parts that are not described or illustrated in a certain embodiment.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
In the embodiments provided in the present invention, it should be understood that the disclosed apparatus/mobile terminal and method may be implemented in other ways. For example, the above-described apparatus/mobile terminal embodiments are merely illustrative, and for example, the division of the modules or units is only one logical division, and there may be other divisions when actually implemented, for example, multiple units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated modules/units, if implemented in the form of software functional units and sold or used as separate products, may be stored in a computer readable storage medium. Based on such understanding, all or part of the flow of the method according to the embodiments of the present invention may also be implemented by a computer program, which may be stored in a computer-readable storage medium, and when the computer program is executed by a processor, the steps of the method embodiments may be implemented. Wherein the computer program comprises computer program code, which may be in the form of source code, object code, an executable file or some intermediate form, etc. The computer-readable medium may include: any entity or device capable of carrying the computer program code, recording medium, usb disk, removable hard disk, magnetic disk, optical disk, computer Memory, Read-Only Memory (ROM), Random Access Memory (RAM), electrical carrier wave signals, telecommunications signals, software distribution medium, and the like. It should be noted that the computer readable medium may contain content that is subject to appropriate increase or decrease as required by legislation and patent practice in jurisdictions, for example, in some jurisdictions, computer readable media does not include electrical carrier signals and telecommunications signals as is required by legislation and patent practice.
The above-mentioned embodiments are only used for illustrating the technical solutions of the present invention, and not for limiting the same; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; such modifications and substitutions do not substantially depart from the spirit and scope of the embodiments of the present invention, and are intended to be included within the scope of the present invention.

Claims (10)

1. A method for storing seed keys, comprising:
dividing the seed key into at least two parts of seed key information according to a preset rule;
storing at least a part of seed key information by a user and/or a third party, and storing the rest of seed key information and at least a part of seed key information in the mobile terminal;
the preset rule is a first preset rule or a second preset rule; if the seed key is integrally issued to the mobile terminal by the server, the preset rule is a first preset rule, and the mobile terminal divides the seed key into at least two parts of seed key information according to the first preset rule; if the server issues a plurality of calculation factors for calculating the seed key to the mobile terminal, and the preset rule is a second preset rule at this time, the mobile terminal divides the plurality of calculation factors for calculating the seed key into at least two parts of seed key information according to the second preset rule;
the saving at least a part of the seed key information by the user and/or the third party comprises:
and displaying a part of the seed key information for the user to store, or sending a part of the seed key information to a third party to store, or displaying a part of the seed key information for the user to store, and sending a part of the seed key information to the third party to store.
2. The method for storing the seed key according to claim 1, wherein dividing the seed key into at least two parts of seed key information according to the preset rule comprises:
the preset rule is a first preset rule, the seed key is integrally issued to the mobile terminal by the server in the OTP activation stage, and the integral seed key is divided into at least two parts of seed key information according to the first preset rule; or
The preset rule is a second preset rule, in the OTP activation stage, a plurality of calculation factors of the seed key are issued to the mobile terminal by the server, and the plurality of calculation factors of the seed key are divided into at least two parts of seed key information according to the second preset rule.
3. The method for storing a seed key according to claim 1, further comprising:
when the OTP is started, the seed key information which is input by a user and is saved by the user and/or obtained by the user from a third party is obtained, and the seed key information saved by the mobile terminal is obtained;
recovering seed key plaintext according to all the obtained seed key information;
and calculating the dynamic password according to the seed key plaintext and the dynamic password algorithm.
4. The method for storing a seed key according to claim 1, wherein the seed key information stored in the mobile terminal is encrypted and stored in the mobile terminal.
5. The method for storing a seed key according to claim 4, further comprising:
dividing the encryption factors of the encryption seed key information into at least two parts of encryption factor information according to a third preset rule;
at least a part of encryption factor information is stored by a user and/or a third party, and the rest of encryption factor information or at least a part of encryption factor information is stored or encrypted and then stored in the mobile terminal.
6. An apparatus for storing seed keys, comprising:
the seed key dividing module is used for dividing a seed key into at least two parts of seed key information according to a preset rule, wherein the preset rule is a first preset rule or a second preset rule; if the seed key is integrally issued to the mobile terminal by the server, the preset rule is a first preset rule, and the mobile terminal divides the seed key into at least two parts of seed key information according to the first preset rule; if the server issues a plurality of calculation factors for calculating the seed key to the mobile terminal, and the preset rule is a second preset rule at this time, the mobile terminal divides the plurality of calculation factors for calculating the seed key into at least two parts of seed key information according to the second preset rule;
the first information processing module is configured to store at least a part of seed key information by a user and/or a third party, and store the rest of at least a part of seed key information in the mobile terminal, where the storing of at least a part of seed key information by a user and/or a third party includes: and displaying a part of the seed key information for the user to store, or sending a part of the seed key information to a third party to store, or displaying a part of the seed key information for the user to store, and sending a part of the seed key information to the third party to store.
7. The apparatus for storing a seed key according to claim 6, wherein the seed key partitioning module is specifically configured to:
the preset rule is a first preset rule, the seed key is integrally issued to the mobile terminal by the server in the OTP activation stage, and the integral seed key is divided into at least two parts of seed key information according to the first preset rule; or
The preset rule is a second preset rule, in the OTP activation stage, a plurality of calculation factors of the seed key are issued to the mobile terminal by the server, and the plurality of calculation factors of the seed key are divided into at least two parts of seed key information according to the second preset rule;
the device further comprises:
the information acquisition module is used for acquiring seed key information which is input by a user and is stored by the user and/or is obtained by the user from a third party when the OTP is started, and acquiring the seed key information stored by the mobile terminal;
the seed key recovery module is used for recovering seed key plaintext according to all the obtained seed key information;
and the dynamic password calculation module is used for calculating a dynamic password according to the seed key plaintext and a dynamic password algorithm.
8. The apparatus for storing a seed key according to claim 6, wherein the seed key information stored in the mobile terminal is encrypted and stored in the mobile terminal;
the device further comprises:
the encryption factor dividing module is used for dividing the encryption factors of the encryption seed key information into at least two parts of encryption factor information according to a third preset rule;
and the second information processing module is used for storing at least one part of encryption factor information by a user and/or a third party, and storing the rest of encryption factor information or at least one part of encryption factor information after encryption in the mobile terminal.
9. A mobile terminal comprising a memory, a processor and a computer program stored in the memory and executable on the processor, characterized in that the processor implements the steps of the method according to any of claims 1 to 5 when executing the computer program.
10. A computer-readable storage medium, in which a computer program is stored which, when being executed by a processor, carries out the steps of the method according to any one of claims 1 to 5.
CN201810043839.1A 2018-01-17 2018-01-17 Seed key storage method and device and mobile terminal Active CN108400868B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810043839.1A CN108400868B (en) 2018-01-17 2018-01-17 Seed key storage method and device and mobile terminal

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810043839.1A CN108400868B (en) 2018-01-17 2018-01-17 Seed key storage method and device and mobile terminal

Publications (2)

Publication Number Publication Date
CN108400868A CN108400868A (en) 2018-08-14
CN108400868B true CN108400868B (en) 2021-06-15

Family

ID=63094569

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810043839.1A Active CN108400868B (en) 2018-01-17 2018-01-17 Seed key storage method and device and mobile terminal

Country Status (1)

Country Link
CN (1) CN108400868B (en)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109389397B (en) * 2018-09-28 2021-11-26 北京金山安全软件有限公司 Hardware wallet
CN110166425B (en) * 2019-04-09 2021-08-20 北京奇艺世纪科技有限公司 Data processing method, device, system and computer readable storage medium
CN110069949A (en) * 2019-04-19 2019-07-30 浙江鲸腾网络科技有限公司 A kind of electronic contract signature method, apparatus, equipment and medium
CN112636907B (en) * 2020-12-18 2023-04-18 深圳前海微众银行股份有限公司 Key management method, key using method, device and equipment
CN113507368A (en) * 2021-06-17 2021-10-15 北京惠而特科技有限公司 Industrial control equipment identity authentication method and device based on dynamic password
CN113595727B (en) * 2021-09-26 2021-12-21 南京慧链和信数字信息科技研究院有限公司 Key safety system based on key separate storage and hardware binding
CN113806787A (en) * 2021-11-19 2021-12-17 苏州浪潮智能科技有限公司 Method, device and equipment for automatic decryption of ARM platform and readable medium

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106961336A (en) * 2017-04-18 2017-07-18 北京百旺信安科技有限公司 A kind of key components trustship method and system based on SM2 algorithms

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8194858B2 (en) * 2009-02-19 2012-06-05 Physical Optics Corporation Chaotic cipher system and method for secure communication
CN101826957A (en) * 2010-01-19 2010-09-08 北京信安世纪科技有限公司 Dynamic token seed key injection method
US20130051552A1 (en) * 2010-01-20 2013-02-28 Héléna Handschuh Device and method for obtaining a cryptographic key
CN103746801A (en) * 2014-01-21 2014-04-23 北京智控美信信息技术有限公司 Method for protecting dynamic password seed key on smart phone or tablet personal computer
CN106330868B (en) * 2016-08-14 2019-11-26 北京数盾信息科技有限公司 A kind of high speed network encryption storage key management system and method
CN106878005B (en) * 2016-12-23 2020-03-03 中国电子科技集团公司第三十研究所 Root key management method and device based on network friends

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106961336A (en) * 2017-04-18 2017-07-18 北京百旺信安科技有限公司 A kind of key components trustship method and system based on SM2 algorithms

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
2.4 密钥管理;张剑主编;《信息安全技术》;成都电子科技大学出版社;20130901;第2.4节 *
密钥共享Secret key sharing;邱卫东主编;《英汉信息安全技术辞典》;20151101;第528页 *

Also Published As

Publication number Publication date
CN108400868A (en) 2018-08-14

Similar Documents

Publication Publication Date Title
CN108400868B (en) Seed key storage method and device and mobile terminal
CN108038112B (en) File processing method, mobile terminal and computer readable storage medium
CN109660352B (en) Block chain-based distribution relation recording method and device and terminal equipment
US8171546B2 (en) Keyboard security status check module and method
CN107506637B (en) Information display method and device, terminal and readable storage medium
CN107451244B (en) Folder naming method, mobile terminal and computer readable storage medium
CN107368735B (en) Application installation method, mobile terminal and computer readable storage medium
CN107317928B (en) Information processing method, mobile terminal and computer readable storage medium
CN110489994B (en) File authority management method and device for nuclear power station and terminal equipment
CN111489290A (en) Face image super-resolution reconstruction method and device and terminal equipment
CN107864039A (en) A kind of application signature method, terminal and computer-readable recording medium
CN108174018A (en) A kind of information processing method and terminal
CN107783932B (en) Information processing method of calculator, mobile terminal and computer readable storage medium
CN109324843B (en) Fingerprint processing system and method and fingerprint equipment
CN117633835A (en) Data processing method, device, equipment and storage medium
CN110874729B (en) Switching method and switching device for electronic red packet identification strategy and mobile terminal
CN108985758B (en) Data processing method, data processing system and terminal equipment
WO2016018682A1 (en) Processing image to identify object for insertion into document
CN107609119B (en) File processing method, mobile terminal and computer readable storage medium
CN109104481B (en) File integrity detection method, file integrity detection device and terminal equipment
CN107301236A (en) Application searches method, mobile terminal, server and computer-readable recording medium
CN109492249B (en) Rapid generation method and device of design drawing and terminal equipment
CN108521460B (en) Information pushing method and device, mobile terminal and computer readable storage medium
WO2018053988A1 (en) Secure input system and method, intelligent terminal, and storage medium
CN110162479B (en) Abnormal application detection method and device and terminal equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant