CN117375814B - Data storage method, device, system, equipment and storage medium - Google Patents
Data storage method, device, system, equipment and storage medium Download PDFInfo
- Publication number
- CN117375814B CN117375814B CN202311319710.6A CN202311319710A CN117375814B CN 117375814 B CN117375814 B CN 117375814B CN 202311319710 A CN202311319710 A CN 202311319710A CN 117375814 B CN117375814 B CN 117375814B
- Authority
- CN
- China
- Prior art keywords
- public
- terminal
- sim card
- key
- super
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 133
- 238000013500 data storage Methods 0.000 title claims abstract description 69
- 238000012795 verification Methods 0.000 claims description 28
- 230000004044 response Effects 0.000 claims description 17
- 238000010586 diagram Methods 0.000 description 45
- 238000004590 computer program Methods 0.000 description 13
- 230000006870 function Effects 0.000 description 11
- 238000007726 management method Methods 0.000 description 10
- 238000012545 processing Methods 0.000 description 10
- 238000004891 communication Methods 0.000 description 8
- 230000003993 interaction Effects 0.000 description 7
- 230000004048 modification Effects 0.000 description 7
- 238000012986 modification Methods 0.000 description 7
- 230000005540 biological transmission Effects 0.000 description 4
- 230000003287 optical effect Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 101000822695 Clostridium perfringens (strain 13 / Type A) Small, acid-soluble spore protein C1 Proteins 0.000 description 1
- 101000655262 Clostridium perfringens (strain 13 / Type A) Small, acid-soluble spore protein C2 Proteins 0.000 description 1
- 101000655256 Paraclostridium bifermentans Small, acid-soluble spore protein alpha Proteins 0.000 description 1
- 101000655264 Paraclostridium bifermentans Small, acid-soluble spore protein beta Proteins 0.000 description 1
- 238000013473 artificial intelligence Methods 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 235000019800 disodium phosphate Nutrition 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 230000001953 sensory effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/30—Security of mobile devices; Security of mobile applications
- H04W12/35—Protecting application or service provisioning, e.g. securing SIM application provisioning
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Telephone Function (AREA)
- Telephonic Communication Services (AREA)
Abstract
The application discloses a data storage method, a data storage device, a data storage system, a data storage device and a data storage medium. The method is applied to the terminal, and comprises the following steps: generating a random key; receiving a first public key sent by a super Subscriber Identity Module (SIM) card; encrypting data to be stored based on the random key; encrypting the random key based on the first public key to obtain a first encrypted random key; and storing the encrypted data to be stored and the first encrypted random key. By the technical scheme, the data to be stored and the secret key can be encrypted and stored, and the safety of the data is improved.
Description
Technical Field
The present application relates to the field of data security technologies, and in particular, to a method, an apparatus, a system, a device, and a storage medium for storing data.
Background
In the related art, in order to realize secure storage of data, TEE (Trusted Execution Environment ) technology is mainly adopted, that is, a secure storage and execution space is provided for execution of data and code on a device, but data in the TEE environment can be obtained only through a specific API (Application Programming Interface ).
Disclosure of Invention
The application provides a data storage method, a data storage device, a data storage system, a data storage device and a data storage medium. The encryption storage of the data to be stored and the secret key can be realized, and the security of the data is improved.
In a first aspect, an embodiment of the present application provides a method for storing data, where the method is applied to a terminal, and the method includes: generating a random key; receiving a first public key sent by a super Subscriber Identity Module (SIM) card; encrypting data to be stored based on the random key; encrypting the random key based on the first public key to obtain a first encrypted random key; and storing the encrypted data to be stored and the first encrypted random key.
In the technical scheme, the terminal can encrypt the data to be stored based on the generated random key, and encrypt the random key by using the first public key sent by the super SIM card, so that the data to be stored and the key are encrypted and stored, and the security of the data is improved.
In one implementation, the generating the random key includes: providing a password verification interface; acquiring a first password input based on the password verification interface; comparing the first password with a preset second password to obtain a comparison result; and generating the random key in response to the comparison result meeting a preset first condition.
In an alternative implementation, the second password is obtained by: providing a password setting interface; and acquiring the second password set based on the password setting interface.
In one implementation, the method further comprises: transmitting the first encrypted random key to the super SIM card in response to receiving a reading instruction of the data to be stored; receiving the random key sent by the super SIM card; the super SIM card can decrypt the first encrypted random key based on a first private key corresponding to the first public key to obtain the random key; and decrypting the encrypted data to be stored based on the random key.
In an alternative implementation, the method further comprises: generating a second public-private key pair; sending a second public key of the second public-private key pair to the super SIM card; the second public key is used for encrypting the random key by the super SIM card to obtain a second encrypted random key.
Optionally, the receiving the random key sent by the super SIM card includes: receiving the second encryption random key sent by the super SIM card; decrypting the second encrypted random key based on a second private key in the second public-private key pair to obtain the random key.
In one implementation, the method further comprises: sending an identity verification request to network side equipment; the authentication request comprises authentication information, wherein the authentication information is used for authenticating the terminal by the network side equipment, and after the authentication is passed, a first instruction is sent to the super SIM card, the first instruction is used for indicating the super SIM card to modify an access control rule, and the access control rule is used for controlling the access authority of the terminal to the super SIM card; sending first identification information to the super SIM card; the first identification information is used for verifying the access authority of the terminal by the super SIM card.
In an alternative implementation, the method further comprises: sending second identification information to the super SIM card; the second identification information is used for verifying the access authority of the terminal by the super SIM card.
In a second aspect, an embodiment of the present application provides a method for storing data, where the method is applied to a super subscriber identity module SIM card, and the method includes: receiving a first public-private key pair sent by network side equipment; transmitting a first public key of the first public-private key pair to a terminal; the first public key is used for encrypting and storing the random key by the terminal.
In the technical scheme, the super SIM card can acquire the first public and private key pair sent by the network side equipment and send the first public key in the first public and private key pair to the terminal, so that the terminal can encrypt the random key for encrypting the data to be stored based on the first public key, thereby avoiding leakage of the random key and improving the safety of the data.
In one implementation, the method further comprises: receiving a first encryption random key sent by the terminal; the first encryption random key is obtained by encrypting the random key by the terminal based on the first public key; decrypting the first encrypted random key based on a first private key in the first public-private key pair to obtain the random key; and sending the random key to the terminal.
In an alternative implementation, the method further comprises: receiving a second public key sent by the terminal; and storing the second public key into a secure storage space corresponding to the terminal on the super SIM card.
Optionally, the sending the random key to the terminal includes: encrypting the random key based on the second public key to obtain a second encrypted random key; and sending the second encrypted random key to the terminal.
In one implementation manner, the receiving the first public-private key pair sent by the network side device includes: generating a third public-private key pair; transmitting a third public key in the third public-private key pair to network side equipment; the third public key is used for encrypting the first public-private key pair by the network side equipment to obtain a first encrypted public-private key pair; receiving the first encryption public-private key pair sent by the network side equipment; decrypting the first encrypted public-private key pair based on a third private key of the third public-private key pair, and obtaining the first public-private key pair.
In an alternative implementation, the method further comprises: and storing the first public and private key pair into a safe storage space corresponding to the terminal on the super SIM card.
In one implementation, the method further comprises: receiving a first instruction sent by network side equipment; the first instruction is used for indicating the super SIM card to modify an access control rule, and the access control rule is used for controlling the access authority of the terminal to the super SIM card; acquiring first identification information of the terminal; and adding the first identification information into the access control rule.
In an alternative implementation, the method further comprises: acquiring second identification information of the terminal; and carrying out access right verification based on the second identification information and the access control rule.
In a third aspect, an embodiment of the present application provides a method for storing data, where the method is applied to a network side device, and the method includes: generating a first public-private key pair; sending the first public and private key pair to a super Subscriber Identity Module (SIM) card; and the first public and private key pair is used for encrypting a random key for the super SIM card.
In the technical scheme, the network side equipment can send the generated first public and private key pair to the super SIM card so that the super SIM card encrypts when transmitting the random key to the terminal. Leakage of random keys can be avoided, and data security is improved.
In one implementation, the sending the first public-private key pair to the super SIM card includes: receiving a third public key sent by the super SIM card; encrypting the first public-private key pair based on the third public key to obtain a first encrypted public-private key pair; and sending the first encryption public and private key pair to the super SIM card.
In one implementation, the method further comprises: receiving an identity verification request sent by the terminal; wherein the authentication request includes authentication information; performing identity verification based on the identity verification information; responding to the authentication passing, and sending a first instruction to the super SIM card; the first instruction is used for indicating the super SIM card to modify an access control rule, and the access control rule is used for controlling the access authority of the terminal to the super SIM card.
In a fourth aspect, an embodiment of the present application provides a data storage device, where the device is applied to a terminal, and the device includes: a first generation module for generating a random key; the first receiving module is used for receiving a first public key sent by the super Subscriber Identity Module (SIM) card; the first encryption module is used for encrypting the data to be stored based on the random key; the second encryption module is used for encrypting the random key based on the first public key to obtain a first encrypted random key; and the storage module is used for storing the encrypted data to be stored and the first encrypted random key.
In one implementation, the apparatus further comprises: the interaction module is used for providing a password verification interface; the acquisition module is used for acquiring a first password input based on the password verification interface; the comparison module is used for comparing the first password with a preset second password to obtain a comparison result; the first generation module is specifically configured to: and generating the random key in response to the comparison result meeting a preset first condition.
In an alternative implementation, the interaction module is further configured to: providing a password setting interface; the acquisition module is further configured to: and acquiring the second password set based on the password setting interface.
In one implementation, the apparatus further comprises: the first sending module is used for responding to the received reading instruction of the data to be stored and sending the first encryption random key to the super SIM card; the second receiving module is used for receiving the random key sent by the super SIM card; the super SIM card can decrypt the first encrypted random key based on a first private key corresponding to the first public key to obtain the random key; and the decryption module is used for decrypting the encrypted data to be stored based on the random key.
In an alternative implementation, the apparatus further includes: the second generation module is used for generating a second public and private key pair; the second sending module is used for sending a second public key in the second public-private key pair to the super SIM card; the second public key is used for encrypting the random key by the super SIM card to obtain a second encrypted random key.
Optionally, the second receiving module is specifically configured to: receiving the second encryption random key sent by the super SIM card; decrypting the second encrypted random key based on a second private key in the second public-private key pair to obtain the random key.
In one implementation, the apparatus further comprises: the third sending module is used for sending an identity verification request to the network side equipment; the authentication request comprises authentication information, wherein the authentication information is used for authenticating the terminal by the network side equipment, and after the authentication is passed, a first instruction is sent to the super SIM card, the first instruction is used for indicating the super SIM card to modify an access control rule, and the access control rule is used for controlling the access authority of the terminal to the super SIM card; the fourth sending module is used for sending the first identification information to the super SIM card; the first identification information is used for verifying the access authority of the terminal by the super SIM card.
In an alternative implementation, the apparatus further includes: a fifth sending module, configured to send second identification information to the super SIM card; the second identification information is used for verifying the access authority of the terminal by the super SIM card.
In a fifth aspect, an embodiment of the present application provides a data storage device, where the device is applied to a super subscriber identity module SIM card, and the device includes: the first receiving module is used for receiving a first public-private key pair sent by the network side equipment; the first sending module is used for sending the first public key in the first public-private key pair to the terminal; the first public key is used for encrypting and storing the random key by the terminal.
In one implementation, the apparatus further comprises: the second receiving module is used for receiving the first encrypted random key sent by the terminal; the first encryption random key is obtained by encrypting the random key by the terminal based on the first public key; the first decryption module is used for decrypting the first encrypted random key based on a first private key in the first public-private key pair to obtain the random key; and the second sending module is used for sending the random key to the terminal.
In an alternative implementation, the apparatus further includes: the third receiving module is used for receiving the second public key sent by the terminal; and the storage module is used for storing the second public key into a safe storage space corresponding to the terminal on the super SIM card.
Optionally, the second sending module is specifically configured to: encrypting the random key based on the second public key to obtain a second encrypted random key; and sending the second encrypted random key to the terminal.
In one implementation, the apparatus further comprises: the generation module is used for generating a third public and private key pair; the third sending module is used for sending a third public key in the third public-private key pair to the network side equipment; the third public key is used for encrypting the first public-private key pair by the network side equipment to obtain a first encrypted public-private key pair; a fourth receiving module, configured to receive the first encrypted public-private key pair sent by the network side device; and the second decryption module is used for decrypting the first encrypted public-private key pair based on a third private key in the third public-private key pair to acquire the first public-private key pair.
In an alternative implementation, the apparatus further includes: and the second storage module is used for storing the first public and private key pair into a safe storage space corresponding to the terminal on the super SIM card.
In one implementation, the apparatus further comprises: a fifth receiving module, configured to receive a first instruction sent by the network side device; the first instruction is used for indicating the super SIM card to modify an access control rule, and the access control rule is used for controlling the access authority of the terminal to the super SIM card; the first acquisition module is used for acquiring first identification information of the terminal; and the processing module is used for adding the first identification information into the access control rule.
In an alternative implementation, the apparatus further includes: the second acquisition module is used for acquiring second identification information of the terminal; and the verification module is used for verifying the access permission based on the second identification information and the access control rule.
In a sixth aspect, an embodiment of the present application provides a data storage apparatus, where the apparatus is applied to a network side device, and the apparatus includes: the generation module is used for generating a first public-private key pair; the first sending module is used for sending the first public and private key pair to the super Subscriber Identity Module (SIM) card; and the first public and private key pair is used for encrypting a random key for the super SIM card.
In one implementation, the apparatus further comprises: the first receiving module is used for receiving the third public key sent by the super SIM card; the encryption module is used for encrypting the first public-private key pair based on the third public key to obtain a first encrypted public-private key pair; the first sending module is specifically configured to: and sending the first encryption public and private key pair to the super SIM card.
In one implementation, the apparatus further comprises: the second receiving module is used for receiving an identity verification request sent by the terminal; wherein the authentication request includes authentication information; the authentication module is used for carrying out identity authentication based on the identity authentication information; the second sending module is used for responding to the passing of the identity verification and sending a first instruction to the super SIM card; the first instruction is used for indicating the super SIM card to modify an access control rule, and the access control rule is used for controlling the access authority of the terminal to the super SIM card.
In a seventh aspect, an embodiment of the present application provides an electronic device, including: at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of storing data as described in the first aspect.
In an eighth aspect, an embodiment of the present application provides an electronic device, including: at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of storing data as described in the second aspect.
In a ninth aspect, an embodiment of the present application provides an electronic device, including: at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of storing data according to the third aspect.
In a tenth aspect, the present application provides a data storage system, which includes the data storage device according to the fourth aspect, the data storage device according to the fifth aspect, and the data storage device according to the sixth aspect, or includes the electronic apparatus according to the seventh aspect, the electronic apparatus according to the eighth aspect, and the electronic apparatus according to the ninth aspect.
In an eleventh aspect, an embodiment of the present application provides a computer readable storage medium storing instructions that, when executed, cause a method according to the first aspect to be implemented.
In a twelfth aspect, embodiments of the present application provide a computer readable storage medium storing instructions that, when executed, cause a method as described in the second aspect to be implemented.
In a thirteenth aspect, an embodiment of the present application provides a computer-readable storage medium storing instructions that, when executed, cause a method according to the third aspect to be implemented.
In a fourteenth aspect, an embodiment of the application provides a computer program product comprising a computer program which, when executed by a processor, implements the steps of the method of storing data as described in the first aspect.
In a fifteenth aspect, embodiments of the present application provide a computer program product comprising a computer program which, when executed by a processor, implements the steps of the method of storing data as described in the second aspect.
In a sixteenth aspect, an embodiment of the application provides a computer program product comprising a computer program which, when executed by a processor, implements the steps of the method of storing data according to the third aspect.
It should be understood that the description in this section is not intended to identify key or critical features of the embodiments of the application or to delineate the scope of the application. Other features of the present application will become apparent from the description that follows.
Drawings
The drawings are included to provide a better understanding of the present application and are not to be construed as limiting the application. Wherein:
FIG. 1 is a schematic diagram of a method for storing data according to an embodiment of the present application;
FIG. 2 is a schematic diagram of another method for storing data according to an embodiment of the present application;
FIG. 3 is a schematic diagram of a further method for storing data according to an embodiment of the present application;
FIG. 4 is a schematic diagram of a further method for storing data according to an embodiment of the present application;
FIG. 5 is a schematic diagram of a further method for storing data according to an embodiment of the present application;
FIG. 6 is a schematic diagram of a further method for storing data according to an embodiment of the present application;
FIG. 7 is a schematic diagram of a further method for storing data according to an embodiment of the present application;
FIG. 8 is a schematic diagram of a further method for storing data according to an embodiment of the present application;
FIG. 9 is a flow chart of an access control rule modification provided by an embodiment of the present application;
FIG. 10 is a schematic diagram of a data storage device according to an embodiment of the present application;
FIG. 11 is a schematic diagram of another data storage device according to an embodiment of the present application;
FIG. 12 is a schematic diagram of a further data storage device according to an embodiment of the present application;
FIG. 13 is a schematic diagram of a further data storage device according to an embodiment of the present application;
FIG. 14 is a schematic diagram of a further data storage device according to an embodiment of the present application;
FIG. 15 is a schematic diagram of a further data storage device according to an embodiment of the present application;
FIG. 16 is a schematic diagram of a further data storage device according to an embodiment of the present application;
FIG. 17 is a schematic diagram of a further data storage device according to an embodiment of the present application;
FIG. 18 is a schematic diagram of a further data storage device according to an embodiment of the present application;
FIG. 19 is a schematic diagram of a further data storage device according to an embodiment of the present application;
FIG. 20 is a schematic diagram of a further data storage device according to an embodiment of the present application;
FIG. 21 is a schematic diagram of a further data storage device according to an embodiment of the present application;
FIG. 22 is a schematic diagram of a further data storage device according to an embodiment of the present application;
FIG. 23 is a schematic block diagram of an example electronic device that may be used to implement embodiments of the present application.
Detailed Description
Exemplary embodiments of the present application will now be described with reference to the accompanying drawings, in which various details of the embodiments of the present application are included to facilitate understanding, and are to be considered merely exemplary. Accordingly, those of ordinary skill in the art will recognize that various changes and modifications of the embodiments described herein can be made without departing from the scope and spirit of the application. Also, descriptions of well-known functions and constructions are omitted in the following description for clarity and conciseness.
Wherein, in the description of the present application, "/" means or is meant unless otherwise indicated, for example, a/B may represent a or B; "and/or" herein is merely an association relationship describing an association object, and means that three relationships may exist, for example, a and/or B may mean: a exists alone, A and B exist together, and B exists alone. The first, second, etc. numbers referred to in the present application are merely for convenience of description and are not intended to limit the scope of the embodiments of the present application, nor represent the sequence.
Referring to fig. 1, fig. 1 is a schematic diagram of a data storage method according to an embodiment of the application. The method is applicable to the terminal. The terminal may be a software terminal or a hardware terminal. As shown in fig. 1, the method may include, but is not limited to, the steps of:
step S101: a random key is generated.
For example, the terminal randomly generates a set of random numbers as the random key.
Step S102: a first public key sent by a super SIM (Subscriber Identity Module ) card is received.
For example, the terminal receives a first public key sent by a hardware device where the super SIM card is located.
In the embodiment of the present application, when the terminal is a software terminal, the first hardware device installed with the software terminal may be the same as or different from the second hardware device installed with the super SIM card. If the first hardware device is the same as the second hardware device, the super SIM card can exchange data with the software terminal through the machine card channel.
In the embodiment of the present application, when the terminal is a hardware terminal, the hardware terminal may be the same as or different from the third hardware device on which the super SIM card is installed.
Step S103: the data to be stored is encrypted based on the random key.
Specifically, the terminal encrypts data to be stored based on the generated random key.
Step S104: the random key is encrypted based on the first public key to obtain a first encrypted random key.
Specifically, the terminal encrypts the random key based on the first public key to obtain a first encrypted random key.
Step S105: and storing the encrypted data to be stored and the first encryption random key.
Specifically, the terminal stores the data to be stored and the first encrypted random key.
By implementing the embodiment of the application, the terminal can encrypt the data to be stored based on the generated random key, and encrypt the random key by using the first public key sent by the super SIM card, thereby realizing the encrypted storage of the data to be stored and the key and improving the security of the data.
In one implementation, before generating a key for encrypting data to be stored, authentication may be performed by a preset password, and subsequent procedures may be performed after authentication is passed. As an example, please refer to fig. 2, fig. 2 is a schematic diagram illustrating another data storage method according to an embodiment of the present application. The method is applicable to the terminal. As shown in fig. 2, the method may include, but is not limited to, the steps of:
step S201: a password authentication interface is provided.
As an example, taking a terminal as a hardware terminal, the password authentication interface may be provided through a display device of the hardware terminal.
As another example, taking a terminal as a software terminal as an example, the password authentication interface may be provided through a hardware device in which the software terminal is installed.
Step S202: and acquiring a first password input based on the password verification interface.
Specifically, a first password input by a user based on a password setting interface is acquired.
Wherein, in an embodiment of the present application, the first password may include at least one of the following: character password, fingerprint password and face password.
Step S203: and comparing the first password with a preset second password to obtain a comparison result.
For example, the first password is compared with a preset second password, and a comparison result of the similarity between the first password and the second password is obtained.
In an alternative implementation, the second password is obtained by: providing a password setting interface; and acquiring a second password set based on the password setting interface.
As an example, taking a terminal as a hardware terminal as an example, a password setting interface may be provided through a display device of the terminal device, and a second password set by a user based on the password setting interface may be acquired.
As another example, taking a terminal as a software terminal as an example, a password setting interface may be provided by a hardware device in which the software terminal is installed, and a second password set by a user based on the password setting interface may be acquired.
Step S204: and generating a random key in response to the comparison result meeting a preset first condition.
As an example, taking the first password and the second password as character passwords, a random key is generated in response to the comparison result being that the first password and the second password are identical.
As an example, taking the first password and the second password as fingerprint passwords as examples, a random key is generated in response to the comparison result that the similarity of the first password and the second password is greater than or equal to a preset similarity threshold (e.g., 98%).
As an example, taking the first password and the second password as face passwords as an example, a random key is generated in response to the comparison result that the similarity of the first password and the second password is greater than or equal to a preset similarity threshold.
Step S205: and receiving the first public key sent by the super SIM card.
In the embodiment of the present application, step S205 may be implemented in any manner of each embodiment of the present application, which is not limited to this embodiment, and is not described in detail.
Step S206: the data to be stored is encrypted based on the random key.
In the embodiment of the present application, step S206 may be implemented in any manner of each embodiment of the present application, which is not limited to this embodiment, and is not described in detail.
Step S207: the random key is encrypted based on the first public key to obtain a first encrypted random key.
In the embodiment of the present application, step S207 may be implemented in any manner of each embodiment of the present application, which is not limited to this embodiment, and is not described in detail.
Step S208: and storing the encrypted data to be stored and the first encryption random key.
In the embodiment of the present application, step S208 may be implemented in any one of the embodiments of the present application, which is not limited to this embodiment, and is not described in detail.
By implementing the embodiment of the application, the terminal can carry out authentication through the preset password, encrypt the data to be stored based on the generated random key after the authentication is passed, and encrypt the random key by using the first public key sent by the super SIM card, thereby realizing the encrypted storage of the data to be stored and the key and improving the security of the data.
In one implementation, when the user needs to acquire the encrypted data to be stored, the terminal may decrypt the first encrypted random key through the SIM card, thereby acquiring the random key, so as to decrypt the encrypted data to be stored based on the random key. As an example, please refer to fig. 3, fig. 3 is a schematic diagram of another data storage method according to an embodiment of the present application. The method is applicable to the terminal. As shown in fig. 3, the method may include, but is not limited to, the steps of:
Step S301: a random key is generated.
In the embodiment of the present application, step S301 may be implemented in any manner of each embodiment of the present application, which is not limited to this embodiment, and is not described in detail.
Step S302: and receiving the first public key sent by the super SIM card.
In the embodiment of the present application, step S302 may be implemented in any manner of each embodiment of the present application, which is not limited to this embodiment, and is not described in detail.
Step S303: the data to be stored is encrypted based on the random key.
In the embodiment of the present application, step S303 may be implemented in any manner of each embodiment of the present application, which is not limited to this embodiment, and is not described in detail.
Step S304: the random key is encrypted based on the first public key to obtain a first encrypted random key.
In the embodiment of the present application, step S304 may be implemented in any manner of each embodiment of the present application, which is not limited to this embodiment, and is not described in detail.
Step S305: and storing the encrypted data to be stored and the first encryption random key.
In the embodiment of the present application, step S305 may be implemented by any one of the embodiments of the present application, which is not limited to this embodiment, and is not described in detail.
Step S306: and in response to receiving a read instruction of the data to be stored, sending the first encrypted random key to the super SIM card.
For example, the terminal sends the first encrypted random key to the SIM card in response to receiving a read instruction of the user to the data to be stored.
Step S307: and receiving the random key sent by the super SIM card.
The super SIM card can decrypt the first encrypted random key based on a first private key corresponding to the first public key to obtain the random key.
Specifically, a random key sent by the super SIM card through the located hardware device is received, wherein the random key is obtained by decrypting the first encrypted random key by the super SIM card based on the first private key.
In some embodiments of the application, the method further comprises: generating a second public-private key pair; and sending the second public key in the second public-private key pair to the super SIM card.
The second public key is used for encrypting the random key by the super SIM card to obtain a second encrypted random key.
Specifically, the terminal generates a second public-private key pair including a second public key and a second private key, and sends the second public key to the super SIM card, where the super SIM card can encrypt the random key based on the second public key to obtain a second encrypted random key.
Optionally, the receiving the random key sent by the super SIM card includes: receiving a second encrypted random key sent by the super SIM card; and decrypting the second encrypted random key based on the second private key in the second public-private key pair to obtain a random key.
Specifically, the terminal receives a second encrypted random key sent by the super SIM card through the hardware equipment, and decrypts the second encrypted random key based on a second private key to obtain the random key.
Step S308: and decrypting the encrypted data to be stored based on the random key.
Specifically, the terminal decrypts the data to be stored encrypted using the random key based on the random key.
By implementing the embodiment of the application, when the user needs to acquire the encrypted data to be stored, the terminal can acquire the random key by decrypting the first encryption random key through the SIM card so as to decrypt the encrypted data to be stored based on the random key. Thus avoiding the leakage of the random key and improving the security of the data.
In some embodiments of the present application, the method may further include sending an authentication request to the network side device; and sending the first identification information to the super SIM card.
In an embodiment of the present application, the authentication request includes authentication information, where the authentication information is used for authenticating a terminal by a network side device, and after the authentication is passed, a first instruction is sent to a super SIM card, where the first instruction is used to instruct the super SIM card to modify an access control rule, and the access control rule is used to control access rights of the terminal to the super SIM card.
Wherein, in the embodiment of the present application, the authentication information includes at least one of the following: identity information of a user of the terminal is used. Such as name, identification number, user's cell phone number. And identity information of the terminal. For example, IMEI (International Mobile Equipment Identity ) of a hardware terminal, ICCID (INTEGRATE CIRCUIT CARD IDENTITY, integrated circuit card identity) of a SIM card installed on the hardware terminal, and a mobile phone number corresponding to the SIM card installed on the hardware terminal.
In the embodiment of the application, the first identification information is used for verifying the access authority of the super SIM card to the terminal.
As an example, taking a terminal as a software terminal, the terminal sends its SHA 1 (Secure Hash Algorithm, secure hash algorithm 1) signature value as first identification information to the super SIM card.
As another example, taking the terminal as a hardware terminal as an example, the terminal sends its IMEI as the first identification information to the super SIM card.
In some embodiments of the present application, an access control management APP (Application) may be developed in advance, and the terminal may transmit an authentication request based on the access control management APP.
As an example, taking a terminal as a hardware terminal, the access control management APP may be pre-installed on the hardware terminal, and the terminal may send an authentication request to the network side device by calling the access control management APP.
As another example, taking a terminal as a software terminal as an example, the access control management APP may be pre-installed on a hardware device in which the terminal is installed, and the terminal may send an authentication request to the network side device by calling the access control management APP.
In an alternative implementation, the method further includes: sending second identification information to the super SIM card; the second identification information is used for verifying the access right of the terminal by the super SIM card.
As an example, taking a terminal as a software terminal, the terminal sends its SHA 1 signature value as second identification information to the super SIM card, and the super SIM card can verify the access right of the terminal based on the second identification information and the first identification information acquired in advance.
As another example, taking the terminal as a hardware terminal, the terminal sends its IMEI as second identification information to the super SIM card, and the super SIM card can verify the access right of the terminal based on the second identification information and the first identification information acquired in advance.
In the embodiment of the present application, the method for storing the data provided by the embodiment of the present application is described from the perspective of the terminal, and the method for storing the data provided by the embodiment of the present application is further described from the perspective of the super SIM card.
As an example, please refer to fig. 4, fig. 4 is a schematic diagram of another data storage method according to an embodiment of the present application. The method can be applied to super SIM cards. As shown in fig. 4, the method may include, but is not limited to, the steps of:
step S401: and receiving the first public and private key pair sent by the network side equipment.
Specifically, the super SIM card receives a first public-private key pair sent by the network side equipment, wherein the first public-private key pair comprises a first public key and a first private key.
Step S402: and sending the first public key in the first public-private key pair to the terminal.
The first public key is used for encrypting and storing the random key by the terminal.
Specifically, the super SIM card sends the first public key of the first public-private key pair to the terminal, and the terminal may encrypt the generated random key based on the first public key.
By implementing the embodiment of the application, the super SIM card can acquire the first public and private key pair sent by the network side equipment and send the first public key in the first public and private key pair to the terminal, so that the terminal can encrypt the random key for encrypting the data to be stored based on the first public key, thereby avoiding the leakage of the random key and improving the safety of the data.
In one implementation, the super SIM card may decrypt the encrypted random key sent by the terminal and return the decrypted random key to the terminal, so that the terminal obtains the data to be stored based on the random key. As an example, please refer to fig. 5, fig. 5 is a schematic diagram of another data storage method according to an embodiment of the present application. The method can be applied to super SIM cards. As shown in fig. 5, the method may include, but is not limited to, the steps of:
step S501: and receiving the first public and private key pair sent by the network side equipment.
In the embodiment of the present application, step S501 may be implemented in any manner of each embodiment of the present application, which is not limited to this embodiment, and is not described in detail.
Step S502: and sending the first public key in the first public-private key pair to the terminal.
In the embodiment of the present application, step S502 may be implemented in any manner of each embodiment of the present application, which is not limited to this embodiment, and is not described in detail.
Step S503: and receiving the first encrypted random key sent by the terminal.
The first encryption random key is obtained by encrypting the random key by the terminal based on the first public key.
Specifically, the super SIM card receives a first encrypted random key sent by the terminal, wherein the first encrypted random key is obtained by encrypting the random key based on a first public key by the terminal.
Step S504: and decrypting the first encrypted random key based on the first private key in the first public-private key pair to obtain a random key.
Specifically, the super SIM card decrypts the first encrypted random key based on the first private key in the first public-private key pair to obtain the random key.
Step S505: the random key is sent to the terminal.
Specifically, the super SIM card transmits the random key to the terminal.
In some embodiments of the present application, the method may further include receiving a second public key sent by the terminal; and storing the second public key in a secure storage space corresponding to the terminal on the super SIM card.
Specifically, the super SIM card receives the second public key sent by the terminal, and stores the second public key in a secure storage space corresponding to the terminal on the SIM card.
Optionally, the sending the random key to the terminal includes: encrypting the random key based on the second public key to obtain a second encrypted random key; the second encrypted random key is sent to the terminal.
Specifically, the super SIM card obtains a second encrypted random key based on the second public key encrypted random key, and transmits the second encrypted random key to the terminal.
By implementing the embodiment of the application, the super SIM card can decrypt the first encrypted random key sent by the terminal and return the random key obtained by decryption to the terminal so that the terminal decrypts the encrypted data to be stored based on the random key. And the leakage of the random key stored in the terminal is avoided, and the security of the data is improved.
In one implementation, the super SIM card may send a public key of a pre-generated public-private key pair to the network device, so that the network device may encrypt and transmit the first public-private key pair based on the public key, thereby avoiding leakage of the first public-private key pair in a transmission process. As an example, please refer to fig. 6, fig. 6 is a schematic diagram of another data storage method according to an embodiment of the present application. The method can be applied to super SIM cards. As shown in fig. 6, the method may include, but is not limited to, the following steps:
Step S601: a third public-private key pair is generated.
Specifically, the super SIM card generates a third public-private key pair including a third public key and a third private key.
Step S602: and sending the third public key in the third public-private key pair to the network side equipment.
In the embodiment of the application, the third public key is used for encrypting the first public-private key pair by the network side equipment to obtain the first encrypted public-private key pair.
Specifically, the super SIM card sends the third public key in the third public-private key pair to the network side device, where the network side device may encrypt the generated first public-private key pair based on the third public key pair to obtain a first encrypted public-private key pair.
Step S603: and receiving a first encryption public-private key pair sent by the network side equipment.
Specifically, the super SIM card receives a first encryption public-private key pair sent by the network side equipment.
Step S604: and decrypting the first encrypted public-private key pair based on a third private key in the third public-private key pair to obtain the first public-private key pair.
Specifically, the super SIM card decrypts the first encrypted public-private key pair based on the third private key to obtain the first public-private key pair.
In an alternative implementation, the method further includes: and storing the first public and private key pair into a safe storage space corresponding to the terminal on the super SIM card.
Specifically, the super SIM card stores the first private key pair in a secure storage space corresponding to the terminal on the super SIM card.
Step S605: and sending the first public key in the first public-private key pair to the terminal.
In the embodiment of the present application, step S605 may be implemented in any manner of each embodiment of the present application, which is not limited to this embodiment, and is not described in detail.
By implementing the embodiment of the application, the super SIM card can send the pre-generated public key to the network side equipment, so that the network side equipment can encrypt and transmit the first public and private key pair based on the public key, thereby avoiding the leakage of the first public and private key pair in the transmission process, further avoiding the leakage of the random key encrypted based on the first public key and improving the security of data.
In some embodiments of the application, the method further comprises: receiving a first instruction sent by network side equipment; acquiring first identification information of a terminal; and adding the first identification information into an access control rule.
In the embodiment of the application, the first instruction is used for instructing the super SIM card to modify an access control rule, and the access control rule is used for controlling the access authority of the terminal to the super SIM card.
Specifically, the super SIM card receives a first instruction sent by the network side equipment, the first instruction is used for instructing the super SIM card to modify the access control rule so as to allow the terminal to interact with the super SIM card, a safe storage space corresponding to the terminal is created on the SIM card, the super SIM card obtains first identification information of the terminal after receiving the first instruction, and the first identification information is added into the access control rule.
In an alternative implementation, the method further includes: acquiring second identification information of the terminal; and performing access right verification based on the second identification information and the access control rule.
For example, the super SIM card obtains the second identification information of the terminal, and compares the second identification information with the identification information in the access control rule to verify the access right of the terminal. If the second identification information is the same as any one of the identification information in the access control rule, the terminal is determined to have the access right.
It will be appreciated that if the terminal has access rights to the super SIM card, the first identification information, which is identical to the second identification information, should be present in the access control rule.
By implementing the embodiment of the application, the super SIM card responds to the first instruction sent by the receiving network side equipment to modify the access control rule so as to store the related secret key of the terminal into the corresponding safe storage space of the terminal, thereby avoiding the leakage of the secret key and improving the safety of data.
In the embodiment provided by the application, the method for storing the data provided by the embodiment of the application is introduced from the angles of the terminal and the super SIM card respectively, and the method for storing the data provided by the embodiment of the application is further introduced from the angle of the network side equipment.
As an example, please refer to fig. 7, fig. 7 is a schematic diagram of another data storage method according to an embodiment of the present application. The method is applied to the network side equipment. As shown in fig. 7, the method may include, but is not limited to, the steps of:
step S701: a first public-private key pair is generated.
Specifically, the network side device generates a first public-private key pair.
Step S702: and sending the first public and private key pair to the super SIM card.
Specifically, the network side device sends the generated first public and private key pair to the super SIM card.
Wherein, in the embodiment of the application, the first public-private key pair is used for encrypting the random key for the super SIM card.
By implementing the embodiment of the application, the network side equipment sends the generated first public-private key pair to the super SIM card so that the super SIM card encrypts when transmitting the random key to the terminal. Leakage of random keys can be avoided, and data security is improved.
In one implementation, the network device may encrypt the first public-private key pair based on the public key sent by the super SIM card, so as to avoid leakage of the first public-private key pair in the transmission process. As an example, please refer to fig. 8, fig. 8 is a schematic diagram of another data storage method according to an embodiment of the present application. The method is applied to the network side equipment. As shown in fig. 8, the method may include, but is not limited to, the steps of:
step S801: a first public-private key pair is generated.
In the embodiment of the present application, step S801 may be implemented by any one of the embodiments of the present application, which is not limited to this embodiment, and is not described in detail.
Step S802: and receiving a third public key sent by the super SIM card.
Specifically, the network side device receives a third public key sent by the super SIM card through the hardware device where the super SIM card is located, wherein the third public key is a third public key in a third public-private key pair generated by the super SIM card.
Step S803: and encrypting the first public-private key pair based on the third public key to obtain the first encrypted public-private key pair.
Specifically, the network side device encrypts the first public-private key pair based on the third public key to obtain a first encrypted public-private key pair
Step S804: and sending the first encryption public-private key pair to the super SIM card.
Specifically, the network side device sends the first encrypted public-private key pair to the super SIM card.
By implementing the embodiment of the application, the network side equipment can encrypt the first public and private key pair based on the public key sent by the super SIM card, so that the first public and private key pair is prevented from being leaked in the transmission process, and further the leakage of the random key encrypted by the first public key is prevented. Thereby improving the security of the data.
In some embodiments of the present application, the method may further include: receiving an identity verification request sent by a terminal; performing identity verification based on the identity verification information; and sending a first instruction to the super SIM card in response to the authentication passing.
Wherein in an embodiment of the application the authentication request comprises authentication information.
In the embodiment of the application, the first instruction is used for instructing the super SIM card to modify an access control rule, and the access control rule is used for controlling the access authority of the terminal to the super SIM card.
Specifically, the network side equipment receives an authentication request including authentication information sent by the terminal, performs authentication on the terminal based on the authentication information, and sends a first instruction to the super SIM card after the authentication is passed, wherein the first instruction is used for indicating the super SIM card to modify an access control rule, and the access control rule is used for controlling the access authority of the terminal to the super SIM card.
As an example, please refer to fig. 9, fig. 9 is a flowchart illustrating modification of an access control rule according to an embodiment of the present application. As shown in the figure, the terminal can send an access control rule modification request to the network side equipment through the access control management APP, the network side equipment verifies the request and sends an access control rule modification instruction to the super SIM card after the verification is passed; related applications in the super SIM card call related functions to modify the access control rule file. When the access control management APP needs to acquire the access control rule file in the super SIM card, the super SIM card returns the content of the AC file to the access control management APP.
Referring to fig. 10, fig. 10 is a schematic diagram of a data storage device according to an embodiment of the application. The apparatus 1000 may be applied to a terminal. As shown in fig. 10, the apparatus 1000 includes: a first generation module 1001 for generating a random key; a first receiving module 1002, configured to receive a first public key sent by a super subscriber identity module SIM card; a first encryption module 1003, configured to encrypt data to be stored based on a random key; a second encryption module 1004, configured to encrypt the random key based on the first public key to obtain a first encrypted random key; a storage module 1005 is configured to store the encrypted data to be stored and the first encrypted random key.
In one implementation, the apparatus further includes: the device comprises an interaction module, an acquisition module and a comparison module. As an example, please refer to fig. 11, fig. 11 is a schematic diagram of another data storage device according to an embodiment of the present application. The apparatus 1100 may be applied to a terminal. As shown in fig. 11, the apparatus 1100 further includes: an interaction module 1106 for providing a password authentication interface; an obtaining module 1107, configured to obtain a first password input based on the password authentication interface; the comparison module 1108 is configured to compare the first password with a preset second password to obtain a comparison result; the first generating module 1101 is specifically configured to: and generating a random key in response to the comparison result meeting a preset first condition. The blocks 1101 to 1105 in fig. 11 have the same structure and function as the blocks 1001 to 1005 in fig. 10.
In an alternative implementation, the interaction module 1106 is further configured to: providing a password setting interface; the acquisition module 1107 is further configured to: and acquiring a second password set based on the password setting interface.
In one implementation, the apparatus further includes: the system comprises a first sending module, a second receiving module and a decryption module. As an example, please refer to fig. 12, fig. 12 is a schematic diagram of a further data storage device according to an embodiment of the present application. The apparatus 1200 may be applied to a terminal. As shown in fig. 12, the apparatus 1200 further includes: a first sending module 1206, configured to send a first encrypted random key to the super SIM card in response to receiving a read instruction of data to be stored; a second receiving module 1207, configured to receive a random key sent by the super SIM card; the super SIM card can decrypt the first encrypted random key based on a first private key corresponding to the first public key to obtain a random key; a decryption module 1208, configured to decrypt the encrypted data to be stored based on the random key. The modules 1201 to 1205 in fig. 12 have the same structure and function as the modules 1001 to 1005 in fig. 10.
In an alternative implementation, the apparatus further includes: the system comprises a second generation module and a second sending module. As an example, please refer to fig. 13, fig. 13 is a schematic diagram of a further data storage device according to an embodiment of the present application. The apparatus 1300 may be applied to a terminal. As shown in fig. 13, the apparatus 1300 further includes: a second generating module 1309 configured to generate a second public-private key pair; a second sending module 1310, configured to send a second public key in a second public-private key pair to the super SIM card; the second public key is used for encrypting the random key by the super SIM card to obtain a second encrypted random key. The modules 1301 to 1308 in fig. 13 have the same structure and function as the modules 1201 to 1208 in fig. 12.
Optionally, the second receiving module 1307 is specifically configured to: receiving a second encrypted random key sent by the super SIM card; and decrypting the second encrypted random key based on the second private key in the second public-private key pair to obtain a random key.
In one implementation, the apparatus further includes: a third transmitting module and a fourth transmitting module. As an example, please refer to fig. 14, fig. 14 is a schematic diagram of a further data storage device according to an embodiment of the present application. The apparatus 1400 may be applied to a terminal. As shown in fig. 14, the apparatus 1400 further includes: a third sending module 1406, configured to send an authentication request to a network side device; the authentication request comprises authentication information, the authentication information is used for authenticating the terminal by the network side equipment, and after the authentication is passed, a first instruction is sent to the super SIM card, the first instruction is used for indicating the super SIM card to modify an access control rule, and the access control rule is used for controlling the access authority of the terminal to the super SIM card; a fourth sending module 1407, configured to send the first identification information to the super SIM card; the first identification information is used for verifying the access right of the terminal by the super SIM card.
In an alternative implementation manner, the fourth sending module 1407 is further configured to send second identification information to the super SIM card; the second identification information is used for verifying the access right of the terminal by the super SIM card.
By means of the device in the embodiment, the terminal can encrypt the data to be stored based on the generated random key, and encrypt the random key by using the first public key sent by the super SIM card, so that the data to be stored and the key are encrypted and stored, and the safety of the data is improved.
As an example, please refer to fig. 15, fig. 15 is a schematic diagram of a further data storage device according to an embodiment of the present application. The apparatus 1500 may be applied to a super SIM card. As shown in fig. 15, the apparatus 1500 includes: a first receiving module 1501, configured to receive a first public-private key pair sent by a network side device; a first sending module 1502, configured to send a first public key in a first public-private key pair to a terminal; the first public key is used for encrypting and storing the random key by the terminal.
In one implementation, the apparatus further includes: the system comprises a second receiving module, a first decryption module and a second sending module. As an example, please refer to fig. 16, fig. 16 is a schematic diagram of a further data storage device according to an embodiment of the present application. The apparatus 1600 may be applied to a super SIM card. As shown in fig. 16, the apparatus 1600 further includes: a second receiving module 1603, configured to receive a first encrypted random key sent by a terminal; the terminal encrypts the random key based on the first public key; a first decryption module 1604 configured to decrypt the first encrypted random key based on the first private key in the first public-private key pair, and obtain a random key; a second transmitting module 1605, configured to transmit the random key to the terminal. The modules 1601 to 1602 in fig. 16 have the same structure and function as the modules 1501 to 1502 in fig. 15.
In an alternative implementation, the apparatus further includes: a third receiving module and a first storage module. As an example, please refer to fig. 17, fig. 17 is a schematic diagram of a further data storage device according to an embodiment of the present application. The apparatus 1700 may be applied to a super SIM card. As shown in fig. 17, the apparatus 1700 further includes: a third receiving module 1706, configured to receive a second public key sent by the terminal; the first storage module 1707 is configured to store the second public key in a secure storage space corresponding to the terminal on the super SIM card. The modules 1701 to 1705 in fig. 17 have the same structure and function as the modules 1601 to 1605 in fig. 16.
Optionally, the second sending module 1705 is specifically configured to: encrypting the random key based on the second public key to obtain a second encrypted random key; the second encrypted random key is sent to the terminal.
In one implementation, the apparatus further includes: the device comprises a generating module, a third sending module, a fourth receiving module and a second decryption module. As an example, please refer to fig. 18, fig. 18 is a schematic diagram of a further data storage device according to an embodiment of the present application. The apparatus 1800 may be applied to a super SIM card. As shown in fig. 18, the apparatus 1800 further includes: a generating module 1803, configured to generate a third public-private key pair; a third sending module 1804, configured to send a third public key in a third public-private key pair to the network-side device; the third public key is used for encrypting the first public-private key pair by the network side equipment to obtain a first encrypted public-private key pair; a fourth receiving module 1805, configured to receive a first encryption public-private key pair sent by a network side device; the second decryption module 1806 is configured to decrypt the first encrypted public-private key pair based on the third private key in the third public-private key pair, and obtain the first public-private key pair.
In an alternative implementation, the apparatus further includes: and the second storage module 1807 is configured to store the first public-private key pair in a secure storage space corresponding to the terminal on the super SIM card.
In one implementation, the apparatus further includes: the device comprises a fifth receiving module, a first obtaining module and a processing module. As an example, please refer to fig. 19, fig. 19 is a schematic diagram of a further data storage device according to an embodiment of the present application. The apparatus 1900 may be applied to a super SIM card. As shown in fig. 19, the apparatus 1900 further includes: a fifth receiving module 1903, configured to receive a first instruction sent by the network side device; the method comprises the steps that a first instruction is used for indicating a super SIM card to modify an access control rule, and the access control rule is used for controlling the access authority of a terminal to the super SIM card; a first obtaining module 1904, configured to obtain first identification information of a terminal; a processing module 1905, configured to add the first identification information to the access control rule.
In an alternative implementation, the apparatus further includes: a second obtaining module 1906, configured to obtain second identification information of the terminal; and a verification module 1907, for performing access right verification based on the second identification information and the access control rule.
Through the device in the embodiment, the super SIM card can acquire the first public and private key pair sent by the network side equipment and send the first public key in the first public and private key pair to the terminal, so that the terminal can encrypt the random key for encrypting the data to be stored based on the first public key, thereby avoiding the leakage of the random key and improving the security of the data.
As an example, please refer to fig. 20, fig. 20 is a schematic diagram of a further data storage device according to an embodiment of the present application. The apparatus 2000 may be applied to a network side device. As shown in fig. 20, the apparatus 2000 further includes: a generating module 2001, configured to generate a first public-private key pair; a first sending module 2002, configured to send a first public-private key pair to a super subscriber identity module SIM card; wherein the first public-private key pair is used for encrypting the random key for the super SIM card.
In one implementation, the apparatus further includes: the first receiving module and the encryption module. As an example, please refer to fig. 21, fig. 21 is a schematic diagram of a further data storage device according to an embodiment of the present application. The apparatus 2100 may be applied to a network-side device. As shown in fig. 21, the apparatus 2100 further includes: a first receiving module 2103, configured to receive a third public key sent by the super SIM card; an encryption module 2104, configured to encrypt the first public-private key pair based on the third public key, to obtain a first encrypted public-private key pair; the first transmitting module 2101 is specifically configured to: and sending the first encryption public-private key pair to the super SIM card. Among them, the modules 2101 and 2102 in fig. 21 have the same structure and function as the modules 2001 and 2002 in fig. 20.
In one implementation, the apparatus further includes: the device comprises a second receiving module, a verification module and a second sending module. As an example, please refer to fig. 22, fig. 22 is a schematic diagram of a further data storage device according to an embodiment of the present application. The apparatus 2200 may be applied to a network-side device. As shown in fig. 22, the apparatus 2200 further includes: a second receiving module 2203, configured to receive an authentication request sent by a terminal; wherein the authentication request includes authentication information; a verification module 2204 for performing identity verification based on the identity verification information; a second sending module 2205, configured to send a first instruction to the super SIM card in response to passing of the authentication; the first instruction is used for indicating the super SIM card to modify an access control rule, and the access control rule is used for controlling the access authority of the terminal to the super SIM card. Among them, the modules 2201 and 2202 in fig. 22 have the same structure and function as the modules 2001 and 2002 in fig. 20.
Through the device in the above embodiment, the network side device may send the generated first public-private key pair to the super SIM card, so that the super SIM card encrypts when transmitting the random key to the terminal. Leakage of random keys can be avoided, and data security is improved.
The specific manner in which the various modules perform the operations in the apparatus of the above embodiments have been described in detail in connection with the embodiments of the method, and will not be described in detail herein.
Based on the embodiment of the application, the application also provides electronic equipment, which comprises: at least one processor; and a memory communicatively coupled to the at least one processor; the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of storing data of any of the foregoing embodiments.
The embodiment of the application also provides a data storage system, which comprises a data storage device used as a terminal in any one embodiment of the foregoing fig. 10 to 14, a data storage device used as a super SIM card in any one embodiment of the foregoing fig. 15 to 19, and a data storage device used as network side equipment in any one embodiment of the foregoing fig. 20 to 22.
Based on the embodiments of the present application, the present application also provides a computer-readable storage medium, in which computer instructions are used to make a computer execute the data storage method according to any one of the foregoing embodiments provided by the embodiments of the present application.
Referring now to FIG. 23, shown in FIG. 23 is a schematic block diagram of an example electronic device that may be used to implement an embodiment of the present application. Electronic devices are intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other appropriate computers. The components shown herein, their connections and relationships, and their functions, are meant to be exemplary only, and are not meant to limit implementations of the applications described and/or claimed herein.
As shown in fig. 23, the apparatus 2300 includes a computing unit 2301 that can perform various appropriate actions and processes according to a computer program stored in a Read-Only Memory (ROM) 2302 or a computer program loaded from a storage unit 2308 into a random access Memory (Random Access Memory, RAM) 2303. In the RAM 2303, various programs and data required for operation of the device 2300 can also be stored. The computing unit 2301, the ROM 2302, and the RAM 2303 are connected to each other by a bus 2304. An Input/Output (I/O) interface 2305 is also connected to bus 2304.
Various components in device 2300 are connected to I/O interface 2305, including: an input unit 2306 such as a keyboard, a mouse, or the like; an output unit 2307 such as various types of displays, speakers, and the like; a storage unit 2308 such as a magnetic disk, an optical disk, or the like; and a communication unit 2309 such as a network card, modem, wireless communication transceiver, or the like. The communication unit 2309 allows the device 2300 to exchange information/data with other devices via a computer network, such as the internet, and/or various telecommunications networks.
The computing unit 2301 may be a variety of general and/or special purpose processing components having processing and computing capabilities. Some examples of computing unit 2301 include, but are not limited to, a central processing unit (Central Processing Unit, CPU), a graphics processing unit (Graphics Processing Unit, GPU), various dedicated Artificial Intelligence (AI) computing chips, various computing units running machine learning model algorithms, digital signal processors (DIGITAL SIGNAL processes, DSPs), and any suitable processors, controllers, microcontrollers, etc. The computing unit 2301 performs the respective methods and processes described above, for example, a storage method of data. For example, in some embodiments, the method of storing data may be implemented as a computer software program tangibly embodied on a machine-readable medium, such as storage unit 2308. In some embodiments, part or all of the computer program may be loaded and/or installed onto device 2300 via ROM 2302 and/or communication unit 2309. When a computer program is loaded into RAM 2303 and executed by computing unit 2301, one or more steps of the data storage method described above may be performed. Alternatively, in other embodiments, computing unit 2301 may be configured to perform the method of storing data in any other suitable manner (e.g., by means of firmware).
Various implementations of the systems and techniques described here above can be implemented in digital electronic circuitry, integrated Circuit System, field programmable gate array (Field Programmable GATE ARRAY, FPGA), application-specific integrated Circuit (ASIC), application-specific standard product (Application SPECIFIC STANDARD PARTS, ASSP), system-On-Chip (SOC), load-programmable logic device (Complex Programmable Logic Device, CPLD), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include: implemented in one or more computer programs, the one or more computer programs may be executed and/or interpreted on a programmable system including at least one programmable processor, which may be a special purpose or general-purpose programmable processor, that may receive data and instructions from, and transmit data and instructions to, a storage system, at least one input device, and at least one output device.
Program code for carrying out methods of the present application may be written in any combination of one or more programming languages. These program code may be provided to a processor or controller of a general purpose computer, special purpose computer, or other programmable data processing apparatus such that the program code, when executed by the processor or controller, causes the functions/operations specified in the flowchart and/or block diagram to be implemented. The program code may execute entirely on the machine, partly on the machine, as a stand-alone software package, partly on the machine and partly on a remote machine or entirely on the remote machine or server.
In the context of the present application, a machine-readable medium may be a tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. The machine-readable medium may be a machine-readable signal medium or a machine-readable storage medium. The machine-readable medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-Only Memory (ROM), an erasable programmable read-Only Memory (EPROM) or flash Memory, an optical fiber, a portable compact disc read-Only Memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
To provide for interaction with a user, the systems and techniques described here can be implemented on a computer having: a display device (e.g., a Cathode Ray Tube (CRT) or an LCD (Liquid CRYSTAL DISPLAY) monitor) for displaying information to a user; and a keyboard and pointing device (e.g., a mouse or trackball) by which a user can provide input to the computer. Other kinds of devices may also be used to provide for interaction with a user; for example, feedback provided to the user may be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user may be received in any form, including acoustic input, speech input, or tactile input.
The systems and techniques described here can be implemented in a computing system that includes a background component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such background, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include: local area networks (Local Area Network, LANs), wide area networks (Wide Area Network, WANs), the internet, and blockchain networks.
The computer system may include a client and a server. The client and server are typically remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other. The server can be a cloud server, also called a cloud computing server or a cloud host, and is a host product in a cloud computing service system, so as to solve the defects of high management difficulty and weak service expansibility in the traditional physical host and Virtual private server (VPS PRIVATE SERVER) service. The server may also be a server of a distributed system or a server that incorporates a blockchain.
It should be appreciated that steps may be reordered, added, or deleted based on the various forms of flow shown above. For example, the steps described in the present application may be performed in parallel, sequentially, or in a different order, provided that the desired results of the technical solution of the present application are achieved, and are not limited herein.
The above embodiments do not limit the scope of the present application. It will be apparent to those skilled in the art that various modifications, combinations, sub-combinations and alternatives are possible, depending on design requirements and other factors. Any modifications, equivalent substitutions and improvements made within the spirit and principles of the present application should be included in the scope of the present application.
Claims (22)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311319710.6A CN117375814B (en) | 2023-10-11 | 2023-10-11 | Data storage method, device, system, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311319710.6A CN117375814B (en) | 2023-10-11 | 2023-10-11 | Data storage method, device, system, equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN117375814A CN117375814A (en) | 2024-01-09 |
| CN117375814B true CN117375814B (en) | 2024-11-22 |
Family
ID=89407051
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311319710.6A Active CN117375814B (en) | 2023-10-11 | 2023-10-11 | Data storage method, device, system, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117375814B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN118748796A (en) * | 2024-07-19 | 2024-10-08 | 中电信量子科技有限公司 | Data processing method, device, electronic device and storage medium based on SIM card |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101969638A (en) * | 2010-09-30 | 2011-02-09 | 中国科学院软件研究所 | Method for protecting international mobile subscriber identity (IMSI) in mobile communication |
| CN104868996A (en) * | 2014-02-25 | 2015-08-26 | 中兴通讯股份有限公司 | Data encryption and decryption method, device thereof, and terminal |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101478595A (en) * | 2008-09-08 | 2009-07-08 | 广东南方信息安全产业基地有限公司 | Mobile communication terminal data protection method |
| CN102346716B (en) * | 2011-09-20 | 2015-03-18 | 记忆科技(深圳)有限公司 | Encryption method and decryption method of hard disk storage device and encryption and decryption system used for hard disk storage device |
| CN106161444B (en) * | 2016-07-07 | 2019-11-15 | 北京仁信证科技有限公司 | Secure storage method of data and user equipment |
| CN106603496B (en) * | 2016-11-18 | 2019-05-21 | 新智数字科技有限公司 | A kind of guard method, smart card, server and the communication system of data transmission |
| CN109525989B (en) * | 2017-09-19 | 2022-09-02 | 阿里巴巴集团控股有限公司 | Data processing and identity authentication method and system, and terminal |
| CN113364760A (en) * | 2021-06-01 | 2021-09-07 | 平安科技(深圳)有限公司 | Data encryption processing method and device, computer equipment and storage medium |
-
2023
- 2023-10-11 CN CN202311319710.6A patent/CN117375814B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101969638A (en) * | 2010-09-30 | 2011-02-09 | 中国科学院软件研究所 | Method for protecting international mobile subscriber identity (IMSI) in mobile communication |
| CN104868996A (en) * | 2014-02-25 | 2015-08-26 | 中兴通讯股份有限公司 | Data encryption and decryption method, device thereof, and terminal |
Also Published As
| Publication number | Publication date |
|---|---|
| CN117375814A (en) | 2024-01-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10469469B1 (en) | Device-based PIN authentication process to protect encrypted data | |
| US9467430B2 (en) | Device, method, and system for secure trust anchor provisioning and protection using tamper-resistant hardware | |
| US8074265B2 (en) | Methods and systems for verifying a location factor associated with a token | |
| EP3324572B1 (en) | Information transmission method and mobile device | |
| US10601590B1 (en) | Secure secrets in hardware security module for use by protected function in trusted execution environment | |
| CN109714176B (en) | Password authentication method, device and storage medium | |
| CN108566381A (en) | A kind of security upgrading method, device, server, equipment and medium | |
| CN113422679B (en) | Key generation method, device and system, encryption method, electronic device, and computer-readable storage medium | |
| CN204360381U (en) | mobile device | |
| WO2025236608A1 (en) | Information verification method and related device | |
| US20230284027A1 (en) | Method for establishing communication channel, and user terminal | |
| CN108199847B (en) | Digital security processing method, computer device, and storage medium | |
| CN113422832B (en) | File transmission method, device, equipment and storage medium | |
| CN114117386A (en) | Conference management method and device, computer readable storage medium and electronic device | |
| CN113630412A (en) | Resource downloading method, resource downloading device, electronic equipment and storage medium | |
| CN114880630B (en) | Method and device for obtaining software usage rights | |
| CN114139176A (en) | A national secret-based protection method and system for industrial Internet core data | |
| WO2015135398A1 (en) | Negotiation key based data processing method | |
| CN114884714B (en) | Task processing method, device, equipment and storage medium | |
| CN117375814B (en) | Data storage method, device, system, equipment and storage medium | |
| CN109768969B (en) | Authority control method, Internet of things terminal and electronic equipment | |
| CN111064577A (en) | A security authentication method, device and electronic device | |
| WO2015158173A1 (en) | Agreement key-based data processing method | |
| CN114969711B (en) | A security authentication method, electronic device and storage medium | |
| CN118611909A (en) | Decryption method, encryption method, device, electronic device and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |