Disclosure of Invention
According to the defects of the prior art, the invention designs a new scene of using the pure end-to-end or local encryption service without server participation, wherein the whole encryption process does not have any server participation, the hardware password equipment does not have any server participation during production, authorization and factory return, and different batches of KEYs can not be communicated, thereby ensuring the safety of the application, avoiding the influence of the server on the service and KEY safety, improving the application safety level, and also meeting the safety level requirements of individuals and user terminals and ensuring the safety of the user service in the environments of non-trusted servers and third-party servers. The method is realized by the following technical scheme.
A method for producing encryption and decryption device without server environment includes the following steps:
step one, the firmware of the security chip is burnt, a program is written into a COS memory, and the life cycle of the security chip is jumped;
secondly, producing protection keys and transmission keys, wherein the two groups of keys are used for protecting a safe production safety chip of a local production tool ciphertext in an intranet environment;
step three, the security chip randomly generates a group of 16-byte random numbers, and derives a confusion parameter which can not be derived;
step four, the production tool acquires a chip life cycle ciphertext mark, detects whether the safety chip life cycle ciphertext mark is in a hardware initialization state or not, assembles a product batch mark ciphertext message by using an initialization key after detection and confirmation are correct, calculates a ciphertext message MAC value by using a transmission key, assembles a final production message, sends the safety chip, and writes the product batch mark;
and fifthly, the security chip detects the ciphertext MAC, decrypts the production message, extracts the product batch message, writes the production information, performs self-checking on the production algorithm and the integrity, changes the life cycle to the initialization state of the personal information, and completes the production of the security chip.
An application method of an encryption and decryption device of a server-free environment comprises a first terminal and a second terminal, wherein the first terminal is provided with a security chip, the first terminal is provided with a first security chip and a first unique identifier, and the second terminal is provided with a second security chip and a second unique identifier, and the application method comprises the steps of:
the first terminal assembles the first unique identifier to form a communication connection authentication message, and sends the communication connection authentication message to the first security chip, the first security chip splices the first unique identifier and the second unique identifier according to the second unique identifier of the second terminal to form a third unique identifier, and then splices a product batch mark to be used as a session key root key generation source, and the SM3 value odd number bit, even number bit exclusive or value of the source is used as a session key;
the first security chip encrypts by using a session key root key, assembles and connects a message derivative factor ciphertext and the rest of message content, encrypts by using a derivative current session key aiming at a message key item, calculates a corresponding message by using the derivative current session key, and sends the corresponding message to the first terminal;
the first terminal sends a call invitation to the second terminal, and sends a connection authentication message, the second terminal receives the connection authentication message, the second security chip verifies the communication connection message, the connection authentication result is returned to the second terminal, and the second terminal establishes ciphertext communication with the first terminal.
Further, the application method comprises the steps of encrypting the local file, wherein the steps are as follows:
when a terminal has a local data file to be encrypted, the security chip analyzes the file format, splices the local chip SN, the product batch information and the local encryption confusion parameter according to the file information of the file header, uses the local chip SN, the product batch information and the local encryption confusion parameter as a data source of a local data encryption root key, uses the odd number bits and even number bits of the value SM3 of the data source or the value SM as the local encryption root key, generates an encryption key of the current file according to the encryption file header as a derivative factor, encrypts the main content of the data file, and returns the encrypted data file to the terminal for storage.
Further, the application method further comprises decrypting the encrypted file, and the steps are as follows:
when the terminal has a local ciphertext file to be decrypted, after the security chip obtains the file to be decrypted, the security chip analyzes the file format, splices encryption confusion parameters according to file information of a file header to serve as a data source of a local data encryption root key, generates an encryption key of a current file according to the encryption file header serving as a derivative factor, then performs MAC (media access control) verification on the content of a main body of the data file to obtain a plaintext data file, and returns the plaintext data file to the terminal for storage.
The beneficial effects of the invention are as follows: the method solves the problem that the server can influence the user service and the key security, adapts to more scenes, ensures smooth completion of the services such as terminal ciphertext communication, local data protection and the like in the non-server scene, the non-trusted server and the third-party server environment, avoids the influence of the server on the user service and the key, improves the security level of application encryption, and ensures the security of the user service and the data.
Detailed Description
Embodiments of the invention are described in detail below with reference to the attached drawings, but the invention can be implemented in a number of different ways, which are defined and covered by the claims.
Fig. 1 is a timing diagram of the production of a security chip according to an embodiment of the present invention. The production of the security chip is carried out in a security intranet environment, and comprises the following production steps.
Step one, the firmware of the security chip is burned, a program is written into a COS memory, and the life cycle of the security chip is jumped.
And secondly, the production protection key is effective, the transmission key is effective, the production protection key is a 16-byte SM4 key and is used for decrypting the production tool ciphertext production message, the transmission key is a 16-byte SM4 key and is used for generating a ciphertext production message MAC value, and the two groups of keys are used for protecting a local production tool ciphertext safety production safety chip in an intranet environment.
And thirdly, randomly generating a group of 16-byte random numbers by each chip, deriving confusion parameters, wherein the confusion parameters of each hardware are different and can not be derived from outside.
Step four, the production tool acquires a chip life cycle ciphertext mark, detects whether the safety chip life cycle ciphertext mark is in a hardware initialization state (firmware is downloaded, COS is written, and product batch mark is not written), assembles a product batch mark ciphertext message by using an initialization KEY after detection and confirmation are correct, calculates a ciphertext message MAC value by using a transmission KEY, assembles a final production message, issues a safety chip, writes the product batch mark, and the same product batch KEY can verify through end-to-end communication service to achieve the effect of domain isolation, but the KEYs of different batches cannot be communicated.
And fifthly, the security chip detects the ciphertext MAC, decrypts the production message, extracts the product batch message, writes the production information, carries out self-checking on the production algorithm and the integrity, changes the life cycle to the initialization state of the personal information, and completes the production of the security chip.
In the above steps, the hardware of the encryption and decryption device includes:
the upper computer: the host computer with a chip can be attached without limitation (mobile phone, card reader, etc.).
And PC, installing firmware burning software.
The PC system comprises: and is not limited.
Network environment: a safe intranet.
As shown in FIG. 2, the timing diagram of the serverless secure communication of the present invention comprises two terminals and a secure chip.
Firstly, a first terminal assembles unique identifiers such as a receiver mobile phone number, an IM call account ID and the like to form a communication connection authentication message, the communication connection authentication message is sent to a first security chip, the first security chip splices the unique identifiers of the mobile phone number and the IM call account according to the unique identifiers such as the receiver mobile phone number, the IM call record account and the like, then splices a product batch mark to be used as a session key root key generation source, and takes SM3 value odd number bits, even number bits or exclusive or values of the source as a session root key.
Then, generating a session key derivative factor 16 byte random number, using a session key root key generation source, generating a session key of the current session according to the derivative factor, encrypting the derivative factor 16 byte random number by using the session key root key, assembling a connection authentication message derivative factor ciphertext, then assembling the rest message content including the contents of an initiator, a receiver mobile phone number or an IM account ID, a service ID, a timestamp and the like, encrypting the message key item by using the derivative current session key, calculating a corresponding message MAC value by using the derivative current session key, assembling a connection and IM communication connection authentication message, transmitting the connection and IM communication connection authentication message to a first terminal, establishing and opening a dial-up or IM communication connection window of the first terminal, and transmitting the connection and IM communication connection authentication message to a second terminal.
The second terminal receives the message, the second security chip verifies the communication connection message, firstly the security chip B carries out MAC verification, decrypts the IDs of the initiator and the receiver and compares the IDs with the local machine to detect the correctness of the communication connection message, then decrypts the service ID, executes related service flow, splices the mobile phone number of the receiver, the unique identifier of the IM call account number according to the unique identifier of the mobile phone number of the receiver, the unique identifier of the IM call account number and the like, splices the product batch mark as a session key root key generation source, takes the SM3 value odd number bit and even number bit exclusive or value of the source as a session key root key, decrypts the 16-byte random number of the derivative factor of the session key by using the session key root key, generates the session key of the current session according to the derivative factor, and the second chip stores the current session key. And returning the connection authentication result to the second terminal.
The data to be sent by the first terminal is encrypted by the first security chip by using the session key of the current session, and the encrypted data is returned to the first terminal. Similarly, the second terminal and the first terminal smoothly complete ciphertext communication.
The first terminal and the second terminal are communicated by cipher text, one phone is encrypted, the server encryption transfer is not needed, the session root key is generated when the session is created, only two parties of the session can calculate, only hardware in the domain can communicate, and the communication safety of the terminals is ensured.
When two terminals are in ciphertext communication, if a third party server is used for transfer or in an untrusted server environment, the negotiation key information and the current session root key can be generated by the unique marks of both parties of the session and the security chip in hardware by the computer, the sending data are also ciphertext data, and in the authentication process, no account plaintext, derived factor plaintext and other data are generated. Under the un-trusted environment, the key can be ensured to be safe, the data is generated as ciphertext, and the key is discarded and cannot be recovered after the current session is ended.
In the embodiment of the invention, the message of the negotiation key comprises a request message and a response message, and the method comprises the following specific steps:
bidirectional authentication request message:
{"dataEncrypt":"FA9E2F1025B3755F231C85B1B4E4B2AF0CEC87881D8600B0AC9752069AE9E272B44B26B48C6BDEA40B6471CABE09809FE207B2F3E3FED13405EE0EFE42B04EE25CA6CFE8682A6639EC77B57196749F201E9DA469240DBB42C753BEDBF45BC86EF34065C6C11832DB5429523E23D2A3EE3BC3058C21A8566B675D688602C3CD293BC3058C21A8566B675D688602C3CD293BC3058C21A8566B675D688602C3CD293BC3058C21A8566B675D688602C3CD293BC3058C21A8566B675D688602C3CD293BC3058C21A8566B675D688602C3CD29","keyEncrypt":"04B33F18FFF6566586DFF1E8CEEE5F2500F33DB10DA6B98E6F3BFF94C44BD9C043B5D8A56180A03836553668CE3295E4B5030D9CE419BBC90CCFFDCD5550743BC71FF3058D61373624B0673E269AFA42B0726AD311B0BCA333ABE4BE62155DAC550CE00EB19FA1E6DC64071B7139C9508AED17774BC7871914B843F90867550E40","timeStamp":"1638930316250","authCode":"3045022039FD115483F40C002B6C94B658B087671ECBFEB665761752ADD9BB7D5E4881EE022100B4DACAF1038F8E2480BC175C568834511FAC8BD2FBD15B9FAE93CE4FE1253DBA"}
and (3) responding to a message:
{"dataEncrypt":"041693FC8FE08E1D9BAD38E85E898CF49EE9AFC886C8E92B1B8A29296DF886DE2464BC4C602E7A8902DA05A11C2A9FFA57CB8FED1CDB53CA9D47B2BE24E317A5FE96089CC6C064A3B9D7E185C238AB144BA37C56823F8AD471BF9572378DD2384D1040315272E0EC9ED5518CE631AE32D53BED2B551D5D44FD94A30FB4BF5CA4D53BED2B551D5D44FD94A30FB4BF5CA4D53BED2B551D5D44FD94A30FB4BF5CA4D53BED2B551D5D44FD94A30FB4BF5CA4D53BED2B551D5D44FD94A30FB4BF5CA4D53BED2B551D5D44FD94A30FB4BF5CA4","keyEncrypt":"042C1F049124F68846040423EDB737E52EAFC89B2E1D5FECBDAD00D09BE88E50C335C3B7418DC2754D0E76DD5C5412E2932028086D64826841745DEE24C96290A5EF4C4BB6E8055DF5C2E71C5DF1FD88A71E4FF84B25DCC6DA91BE3FF847AEC441753248BCB55E8C9931219EEB3EEC22F34B8B1B42CAF1FE256F52443324B3E4D8","timeStamp":"1638930316442","authCode":"3044022052D89F62769442A14B48226AB31715E5F479DB219AF901ED61C0D14B756E6E8402205B88894B7D7C5620EF2DED315B12AFD005D270024DBF7FF4A34FE349429E20A0"}
the data sending message comprises a request message and a response message, and is specifically as follows:
sending a request message:
{"dataEncrypt":"268FEE93CAE508CC0B4D3A357412D2893EE764B46B8441429F5469BAEEAEC44CD24A682C58046AD4C1075B046CD285E205B080E01F07D7465133F859A5C7FE1C39186F3CBC23996F18605168B62C3D928062CA639AD820CF99F41603128346E935E108C60818B9FB246736E0EAA43B8197C06519D1A6E021CFC1E2719DCB5AC497C06519D1A6E021CFC1E2719DCB5AC497C06519D1A6E021CFC1E2719DCB5AC497C06519D1A6E021CFC1E2719DCB5AC497C06519D1A6E021CFC1E2719DCB5AC497C06519D1A6E021CFC1E2719DCB5AC4","keyEncrypt":"041734B0BEAE23DB685E007ECFC7C4FE88862FC1C8DD221C7084B32F3184D665E39CCF426CCDF8DF380736AF444FDBDDFAECC87A30A6E48949B75AB63BE09ED3F2DEAE6CEE5FB18796E527B5C15CE8C86B76C4B563968D948A66F05703E2AF8DFDA73390FBD50B0FF3B8B2C18C0265D07A61781D68DE626370F8B82DECE69FF334","timeStamp":"1638929258371","authCode":"304402203DF1225542E99857608100B6E7961DD53AE1D7C3FAA77F30193CFBEC8AC8B07A022030557F574C169079543CA177351005F9DAE312942E3387B15EA707B6A796E25D"}
and (3) responding to a message:
{ msg=successful, code=0,
data={"dataEncrypt":"7C571904D0C7BC86CAA91483F67DCA80EA7E6A9F3E2084724A494659A6EB623C052F9158108792E3864C0550383AB1A78BA5BBD94DD398807E29D1F0A99D59C64765B8407A8CAE0B42BF4B46220E230E31CCD47201BC8C98EC1D122CFA539E446B90FC90F928184477268C4924CE068197E3C0860082293EECC4727F30348BA16C787830088D60B8A50A6B577D180BA6F7B944C683EC94EF5F4A47D2C2B08C77C1023515498B4130B207BC7E579903DF7BEFC21FF126F4F73C35211B9E27700F7BEFC21FF126F4F73C35211B9E27700F7BEFC21FF126F4F73C35211B9E27700F7BEFC21FF126F4F73C35211B9E27700F7BEFC21FF126F4F73C35211B9E27700F7BEFC21FF126F4F73C35211B9E27700F7BEFC21FF126F4F73C35211B9E27700F7BEFC21FF126F4F73C35211B9E27700F7BEFC21FF126F4F73C35211B9E27700F7BEFC21FF126F4F73C35211B9E27700F","keyEncrypt":"049E2BB98A22E78C79241B29E36C350F496D4CB1A5A874A4A418A67CE59C1CD81A78460BA8CEEA546FC8D633BFE24472D437431796E4145E8F6730CC1326854A55D457D3B8AD9D1DB881E7F284BC28FB4E99D49EFAD8248A7026D3E5619EEB5CCCC73931E361A4BF4AB6FB1A271BC6CCC68FB8569E3FD1BBE02B997C6764BDCE83","timeStamp":1638929258603,"authCode":"3046022100CC0148AF09F2395BF658E6F5E4482D1EA2F67C539121EB953FC34935DE06BF52022100FC0523300341EC70B568C2A748B459C29D119C5}}
as shown in fig. 3, the data encryption storage timing chart of the present invention is a protection of local data without service.
When a terminal has a local data file to be encrypted, the security chip analyzes the file format, splices the local chip SN, the product batch information and the local encryption confusion parameter according to the file information of the file header, uses the local chip SN, the product batch information and the local encryption confusion parameter as a data source of a local data encryption root key, uses the odd number bits and the even number bits of the value SM3 of the data source as the local encryption root key, uses the encryption file header as a derivative factor to generate an encryption key of a current file, encrypts the content of the main body of the data file, keeps the file header unchanged, ensures that the file format is not changed, displays a content ciphertext, adds the current file encryption key to calculate an MAC value for verifying the data, returns the local ciphertext data file to the terminal, and stores the local data file in a ciphertext.
Different data types of different files are guaranteed to be 'a data-key-hardware storage confusion parameter' due to different file heads, the confusion parameter cannot be derived and unique, the hardware cannot be recovered after being lost, the local encrypted data cannot be recovered after being separated from the hardware, no server participates, key parameters cannot be derived in a backup mode, the safety of the data is guaranteed, and the safety level of the data is improved.
As shown in fig. 4, a timing diagram for data decryption viewing in accordance with the present invention.
When a terminal has a local ciphertext file to be decrypted, after the security chip obtains the file to be decrypted, analyzing a file format, splicing a local chip SN, product batch information and local encryption confusion parameters according to file information of a file header, taking the local chip SN, the product batch information and the local encryption confusion parameters as a data source of a local data encryption root key, taking an SM3 value odd number bit and an even number bit exclusive or value of the data source as a local encryption root key, generating an encryption key of a current file according to an encryption file header as a derivative factor, then carrying out MAC (media access control) verification on the content of a main body of the data file, keeping the file header unchanged, ensuring that the file format is not changed, decrypting the content ciphertext to obtain a plaintext data file, returning the local data file to the terminal, and storing the local plaintext data file by the terminal.
The technical scheme is innovation on the prior art scheme, the prior art scheme needs participation of a server in the encryption service process of the application, the invention designs a new scene of using pure end-to-end or local encryption service without any server participation, the whole encryption service process has no server participation, the influence of the server on service and key security is avoided, the security of application encryption is improved, the security of user service is ensured, and the security level requirements of individuals and user terminals are met when the server is not trusted and the environment of a third party server is ensured.
The above is only a preferred embodiment of the present invention, and is not intended to limit the present invention, but various modifications and variations can be made to the present invention by those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention should be included in the protection scope of the present invention.