KEY AGREEMENT METHOD AND DEVICE FOR VERIFICATION INFORMATION

US 20170208049A1
Filed: 05/29/2015
Published: 07/20/2017
Est. Priority Date: 05/30/2014
Status: Abandoned Application

First Claim

Patent Images

1. A key agreement method for verification information, comprising:

generating a key pair for encrypting and decrypting the verification information in a terminal, transmitting a public key to a network device via a network, and storing a private key locally, wherein the verification information is a message used for verifying a terminal or a user'"'"'s identity or permission during execution of a specific service by a target application;

encrypting, by the network device, the verification information by using the public key before the verification information is sent to the terminal, and sending the encrypted verification information to the terminal;

decrypting, by the terminal, the encrypted verification information by using the private key, and obtaining the verification information.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed is a key agreement method for verification information. The method comprises: generating a key pair for encrypting and decrypting verification information in a terminal, transmitting a public key to a network device via a network, and storing a private key locally, wherein the verification information is a message used for verifying a terminal or user'"'"'s identity or permission during execution of a specific service by a target application; the network device uses the public key to encrypt the verification information before the verification information is sent to the terminal, and sends the encrypted verification information to the terminal; the terminal uses the private key to decrypt the encrypted verification information, and obtains the verification information.

9 Citations

40 Claims

1. A key agreement method for verification information, comprising:
- generating a key pair for encrypting and decrypting the verification information in a terminal, transmitting a public key to a network device via a network, and storing a private key locally, wherein the verification information is a message used for verifying a terminal or a user'"'"'s identity or permission during execution of a specific service by a target application;
  
  encrypting, by the network device, the verification information by using the public key before the verification information is sent to the terminal, and sending the encrypted verification information to the terminal;
  
  decrypting, by the terminal, the encrypted verification information by using the private key, and obtaining the verification information.
- View Dependent Claims (2, 3, 4, 8, 10, 11, 12, 13)
- - 2. The method according to claim 1, wherein, after encrypting, by the network device, the verification information by using the public key, signing the encrypted verification information by using a network device private key;
    - prior to decrypting, by the terminal, the encrypted verification information by using the private key, firstly checking the signature of the encrypted verification information by using a pre-obtained network device public key.
  - 3. The method according to claim 2, further comprises:
    - regularly sending, by the terminal, to the network device a session key encrypted by the network device public key;
      
      after encrypting, by the network device, the verification information by using the public key, performing secondary encryption upon the verification information by using the session key;
      
      prior to decrypting the encrypted verification information by using the private key, performing secondary decryption upon the encrypted verification information by using the session key stored locally in the terminal.
  - 4. The method according to claim 3, wherein providing the user with a password input interface, receiving a user-input password, and using the user-input password to encrypt the private key;
    - before decrypting the encrypted verification information by using the private key, requiring the user to input the password, and if the user-input password is correct, using the user-input password to decrypt the encrypted private key to obtain the private key and performing the step of decrypting the encrypted verification information by using the private key.
  - 8. The method according to claim 1, wherein a security application on the terminal performs the step of generating the key pair for encrypting and decrypting the verification information and decrypting the encrypted verification information by using the private key;
    - after obtaining the verification information, the method further comprises;
      
      providing, by the security application, the verification information to the target application or exhibiting the verification information to the user.
  - 10. The method according to claim 8, wherein further comprises:
    - verifying, by the security application, the legality of the target application; and
      
      providing the verification information to the target application only when the target application is legal.
  - 11. The method according to claim 10, wherein verifying, by the security application, the legality of the target application comprises:
    - judging whether the target application is legal according to a signature of the target application, and/or, judging whether the target application has a permission to read the verification information.
  - 12. The method according to claim 11, wherein the judging whether the target application is legal comprises:
    - judging whether the target application belongs to a safe application according to the signature of the target application, or judging whether the target application belongs to a malicious application according to the signature of the target application, and determining the target application legal if the target application belongs to the safe application or does not belong to a malicious application.
  - 13. The method according to claim 11, wherein the judging whether the target application has a permission to read the verification information comprises:
    - judging whether the target application is an application corresponding to the network device providing the verification information, and, if yes, determining that the target application has a permission to read the verification information.

5. (canceled)

6. (canceled)

7. (canceled)

9. (canceled)

14. (canceled)

15. (canceled)

16. (canceled)

17. (canceled)

18. (canceled)

19. (canceled)

20. A key agreement device for verification information, comprising a memory having instructions stored thereon and at least one processor to execute the instructions to perform operations for key agreement for verification information, the operations comprising:
- generating a key pair for encrypting and decrypting the verification information in a terminal, transmitting a public key to a network device via a network, and storing a private key locally, wherein the verification information is a message used for verifying a terminal or a user'"'"'s identity or permission during execution of a specific service by a target application;
  
  receiving from the network device the encrypted verification information which is encrypted by using the public key;
  
  decrypting the encrypted verification information by using the private key, and obtaining the verification information.
- View Dependent Claims (21, 22, 23, 27, 29, 30, 31, 32)
- - 21. The device according to claim 20, wherein the encrypted verification information is processed by signing using a network device private key;
    - the decrypting the encrypted verification information by using the private key, and obtaining the verification information comprises;
      
      prior to using the private key to decrypt, using a pre-obtained network device public key to verify the signature of the encrypted verification information.
  - 22. The device according to claim 21, wherein the operations further comprises:
    - generating a session key encrypted by using the network device public key and providing the session key to the network device;
      
      after using the public key to encrypt the verification information, using, by the network device, the session key to perform secondary encryption for the verification information;
      
      the decrypting the encrypted verification information by using the private key, and obtaining the verification information comprises;
      
      prior to using the private key to decrypt the encrypted verification information, using the session key stored locally in the terminal to perform secondary decryption.
  - 23. The device according to claim 22, whereinthe private key stored locally is subject to encryption processing using a password input by the user;
    - the decrypting the encrypted verification information by using the private key, and obtaining the verification information comprises;
      
      prior to using the private key to decrypt the encrypted verification information, firstly using the user-input password to decrypt the encrypted private key to obtain the private key.
  - 27. The device according to claim 2025, wherein a security application on the terminal performs generation of the key pair for encrypting and decrypting the verification information and use of the private key to decrypt the encrypted verification information;
    - the operations further comprises;
      
      using the security application to provide the verification information to the target application;
      
      orusing the security application to exhibit the decrypted verification information to the user.
  - 29. The device according to claim 27, wherein the operations further comprises:
    - using the security application to verify the legality of the target application;
      
      the using the security application to provide the verification information to the target application comprises;
      
      providing the verification information to the target application only when the target application is legal.
  - 30. The device according to claim 29, wherein the using the security application to verify the legality of the target application comprises:
    - judging whether the target application is legal by a signature of the target application, and/or, judging whether the target application has a permission to read the verification information.
  - 31. The device according to claim 30, wherein the using the security application to verify the legality of the target application comprises:
    - judging whether the target application belongs to a safe application according to the signature of the target application, or judging whether the target application belongs to a malicious application according to the signature of the target application, and determining the target application as legal if the target application belongs to the safe application or does not belong to the malicious application.
  - 32. The device according to claim 30, wherein the using the security application to verify the legality of the target application comprises:
    - judging whether the target application is an application corresponding to the network device providing the verification information, and, if yes, determining that the target application has a permission to read the verification information.

24. (canceled)

25. (canceled)

26. (canceled)

28. (canceled)

33. (canceled)

34. (canceled)

35. (canceled)

36. (canceled)

37. (canceled)

38. (canceled)

39. (canceled)

40. A computer-readable medium, having instructions stored thereon, when executed by at least one processor, cause the at least one processor to perform operations for key agreement for verification information, the operations comprising:
- generating a key pair for encrypting and decrypting the verification information in a terminal, transmitting a public key to a network device via a network, and storing a private key locally, wherein the verification information is a message used for verifying a terminal or a user'"'"'s identity or permission during execution of a specific service by a target application;
  
  encrypting, by the network device, the verification information by using the public key before the verification information is sent to the terminal, and sending the encrypted verification information to the terminal; and
  
  decrypting, by the terminal, the encrypted verification information by using the private key, and obtaining the verification information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Beijing Qihu Technology Co. Ltd. (360 Security Technology, Inc.)
Original Assignee
Beijing Qihu Technology Co. Ltd. (360 Security Technology, Inc.)
Inventors
Hu, Yuguang

Application Number

US15/315,205
Publication Number

US 20170208049A1
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

H04L 2209/72   Signcrypting, i.e. digital ...

H04L 63/0435   wherein the sending and rec...

H04L 63/0442   wherein the sending and rec...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/0823   using certificates cryptogr...

H04L 63/083   using passwords cryptograph...

H04L 67/10   in which an application is ...

H04L 9/0825   using asymmetric-key encryp...

H04L 9/14   using a plurality of keys o...

H04L 9/3247   involving digital signatures

H04W 12/03   Protecting confidentiality,...

H04W 12/04   Key management, e.g. using ...

H04W 4/12   Messaging; Mailboxes; Annou...

KEY AGREEMENT METHOD AND DEVICE FOR VERIFICATION INFORMATION

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

9 Citations

40 Claims

Specification

Solutions

Use Cases

Quick Links

KEY AGREEMENT METHOD AND DEVICE FOR VERIFICATION INFORMATION

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

9 Citations

40 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links