CN104092537B

CN104092537B - A kind of device and its method of work for realizing key information encoding and decoding

Info

Publication number: CN104092537B
Application number: CN201410314409.0A
Authority: CN
Inventors: 陆舟; 于华章
Original assignee: Feitian Technologies Co Ltd
Current assignee: Feitian Technologies Co Ltd
Priority date: 2014-07-03
Filing date: 2014-07-03
Publication date: 2017-07-14
Anticipated expiration: 2034-07-03
Also published as: CN104092537A

Abstract

The present invention discloses a kind of device and its method of work for realizing key information encoding and decoding, wherein, key information is encoded to the key file of consolidation form by code device, decoding apparatus is decoded to key file, obtain key information, the key information that Verification System is configured to multiple equipment manufacturer performs unified handling process, alleviates the work load of Verification System.

Description

Device for realizing coding and decoding of key information and working method thereof

Technical Field

The invention relates to the field of information security, in particular to a device for realizing key information coding and decoding and a working method thereof.

Background

With the development of information security technology, the seed key is used as an essential parameter in the data processing process, and has been widely applied to the fields of data encryption and decryption, identity authentication, integrity verification and the like.

In the prior art, a device manufacturer configures key information including a seed key into an authentication system, and the authentication system integrates the key information configured by a plurality of device manufacturers. To improve the compatibility of key information in authentication systems, device manufacturers are typically required to configure key information using key files of a uniform format.

However, in the prior art, there is no encoding and decoding method for providing key information based on a key file with a uniform format, so that the authentication system cannot perform a uniform processing flow on key information configured by multiple device manufacturers, thereby increasing the workload of the authentication system.

Disclosure of Invention

The invention provides a device for realizing coding and decoding of key information and a working method thereof, which aim to overcome the defect of heavy workload of an authentication system in the prior art.

The invention provides a working method of a device for realizing key information coding, which comprises the following steps:

s1, the encoding device generates a key container node, and the key container node is used as a root node to be added into a key file;

s2, the encoding apparatus generates a key packet node, and adds the key packet node as a child node of the key container node to the key container node;

s3, the encoding device generates a device information node, and the device information node is used as a child node of the key packet node and is added into the key packet node;

s4, the coding device generates a manufacturer node and a serial number node, the manufacturer node and the serial number node are used as child nodes of the equipment information node and added into the equipment information node, manufacturer information and an equipment serial number are read from a key attribute list of key information, the manufacturer information is used as a text node and added into the manufacturer node, and the equipment serial number is used as a text node and added into the serial number node;

s5, the encoding device generates a key node, and the key node is used as a child node of the key package node to be added into the key package node;

s6, the encoding device reads a key identifier, key algorithm information and a key plaintext from the key attribute list, generates a key identifier node according to the key identifier, generates a key algorithm node according to the key algorithm information, and adds the key identifier node and the key algorithm node as attribute nodes to the key node; the encoding device generates a data node, and the data node is used as a child node of the key node and is added into the key node; the encoding apparatus generates a key value node, adds the key value node to the data node as a child node of the data node, and adds the key plaintext or a key ciphertext corresponding to the key plaintext to the key value node.

The invention also provides a working method of the device for realizing the key information decoding, which comprises the following steps:

s1, the decoding device searches the key package node from the root node of the key file, if so, the step S2 is executed; otherwise, displaying error information and ending the process;

s2, the decoding device searches for an equipment information node from the key packet node, searches for a manufacturer node and a serial number node from the equipment information node, obtains the text content of the child node of the manufacturer node, saves the obtained text content as manufacturer information, obtains the text content of the child node of the serial number node, and saves the obtained text content as an equipment serial number;

s3, the decoding device searches the key node from the key packet node, if so, the step S4 is executed; otherwise, displaying error information and ending the process;

s4, the decoding device acquires the attribute value of the key algorithm node in the key nodes, and the acquired attribute value is used as key algorithm information to be stored; acquiring an attribute value of a key identifier node in the key nodes, and storing the acquired attribute value as a key identifier;

s5, the decoding device searches data nodes from the key nodes, if so, the step S6 is executed; otherwise, displaying error information and ending the process;

s6, the decoding device searches the key value node from the data node, if so, the step S7 is executed; otherwise, displaying error information and ending the process;

s7, the decoding device obtains the plaintext of the key from the key value node for saving,

or the decoding device acquires a key ciphertext from the key value node, decrypts the key ciphertext, and stores the decrypted key plaintext.

The present invention also provides an encoding apparatus, comprising:

the reading module is used for reading manufacturer information, an equipment serial number, a key identification, key algorithm information and a key plaintext from a key attribute list of the key information;

the generation module is used for generating a key container node and adding the key container node as a root node into a key file; generating a key packet node, and adding the key packet node as a child node of the key container node into the key container node; generating an equipment information node and a key node, and adding the equipment information node and the key node into the key packet node as child nodes of the key packet node;

generating a manufacturer node and a serial number node, and adding the manufacturer node and the serial number node into the equipment information node as child nodes of the equipment information node; adding the manufacturer information read by the reading module into the manufacturer node as a text node, and adding the equipment serial number read by the reading module into the serial number node as a text node;

generating a key algorithm node according to the key algorithm information read by the reading module, generating a key identification node according to the key identification read by the reading module, and adding the key identification node and the key algorithm node into the key node as attribute nodes; generating a data node, and adding the data node as a child node of the key node into the key node; generating a key value node, and adding the key value node as a child node of the data node into the data node;

and the adding module is used for adding the key plaintext read by the reading module or the key ciphertext corresponding to the key plaintext into the key value node.

The present invention also provides a decoding apparatus, comprising:

the searching module is used for searching the key packet node from the root node of the key file, searching the equipment information node from the key packet node if the key packet node is searched, searching the manufacturer node and the serial number node from the equipment information node, and searching the key node from the key packet node; if the key node is found, searching a data node from the key node; if the data node is found, searching a key value node from the data node;

the first obtaining module is used for obtaining the text content of the child node of the manufacturer node when the searching module finds the manufacturer node, and storing the obtained text content as manufacturer information; when the searching module searches the serial number node, acquiring text contents of child nodes of the serial number node, and storing the acquired text contents as an equipment serial number; when the searching module searches the key nodes, acquiring attribute values of key algorithm nodes in the key nodes, and storing the acquired attribute values as key algorithm information; acquiring an attribute value of a key identifier node in the key nodes, and storing the acquired attribute value as a key identifier;

a second obtaining module, configured to obtain a plaintext of the key from the key value node for storage when the searching module finds the key value node,

or acquiring a key ciphertext from the key value node, decrypting the key ciphertext, and storing a key plaintext obtained by decryption;

a display module, configured to display error information when the search module does not find the key packet node, the key node, the data node, or the key value node.

The invention achieves the following beneficial effects: the encoding device encodes the key information into the key file with the uniform format, and the decoding device decodes the key file to obtain the key information, so that the authentication system can execute uniform processing flow on the key information configured by a plurality of equipment manufacturers, and the workload of the authentication system is reduced.

Drawings

Fig. 1 and fig. 2 are flowcharts of a method for implementing an apparatus for encoding key information according to an embodiment of the present invention;

fig. 3 to fig. 6 are flowcharts of a method for implementing an apparatus for decoding key information according to an embodiment of the present invention;

FIG. 7 is a schematic structural diagram of an encoding apparatus according to an embodiment of the present invention;

fig. 8 is a schematic structural diagram of a decoding apparatus according to an embodiment of the present invention.

Detailed Description

The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.

The embodiment of the invention provides a device for realizing coding and decoding of key information and a working method thereof, which are applied to a system comprising a coding device and a decoding device, wherein the coding device codes the key information to generate a key file, and the key file is an XML file; accordingly, the decoding device decodes the key file to obtain the key information.

The key information may include a key transmission mode and at least one key attribute list, where each key attribute list includes manufacturer information, a device serial number, a key identifier, key algorithm information, and a key plaintext. When the key transmission mode is ciphertext transmission, the key information further comprises an encryption key name and encryption key algorithm information, and further comprises an MAC key and MAC algorithm information.

Based on the key information, an embodiment of the present invention provides a working method of an apparatus for implementing key information encoding, as shown in fig. 1 and fig. 2, including the following steps:

in step 101, the encoding apparatus generates a key container node, and adds the key container node as a root node to a key file.

Specifically, the encoding apparatus generates a start marker and an end marker of the key container node, and adds the start marker and the end marker of the key container node to the key file.

For example, the encoding apparatus adds a start flag < KeyContainer > and an end flag </KeyContainer > of the key container node in the key file.

Step 102, the coding device reads the key transmission mode from the key information, judges whether the key transmission mode is plaintext transmission, if yes, executes step 103; otherwise, step 117 is performed.

Specifically, the encoding apparatus may determine whether a key transmission mode in the key information is a preset character, and if so, determine that the key transmission mode is plaintext transmission, otherwise, determine that the key transmission mode is not plaintext transmission.

For example, when the preset character is "play", and when the key transmission mode in the key information is "play", the encoding apparatus determines that the key transmission mode is plaintext transmission; when the key transmission scheme in the key information is "AES 128", the encoding apparatus determines that the key transmission scheme is not plaintext transmission.

In step 103, the encoding apparatus selects an unprocessed key attribute list from the key information as a current list.

In step 104, the encoding apparatus generates a key packet node, and adds the key packet node to the key container node as a child node of the key container node.

Specifically, the encoding apparatus generates a start marker and an end marker of the key packet node, and adds the start marker and the end marker of the key packet node between the start marker and the end marker of the key container node.

For example, the encoding apparatus adds a start flag < KeyPackage > and an end flag </KeyPackage > of the key wrapper node to between the start flag < KeyContainer > and the end flag </KeyContainer > of the key container node.

In step 105, the encoding apparatus generates a device information node, and adds the device information node to the key packet node as a child node of the key packet node.

Specifically, the encoding apparatus generates a start marker and an end marker of the device information node, and adds the start marker and the end marker of the device information node between the start marker and the end marker of the key packet node.

For example, the encoding apparatus adds a start tag < DeviceInfo > and an end tag </DeviceInfo > of the device information node between the start tag < KeyPackage > and the end tag </KeyPackage > of the key wrapper node.

And 106, generating a manufacturer node by the encoding device, and adding the manufacturer node into the equipment information node as a child node of the equipment information node.

Specifically, the encoding means generates a start marker and an end marker of the vendor node, and adds the start marker and the end marker of the vendor node between the start marker and the end marker of the device information node.

For example, the encoding apparatus adds a start flag < manfacturer > and an end flag </manfacturer > of the vendor node to between a start flag < DeviceInfo > and an end flag </DeviceInfo > of the device information node.

Step 107, the encoding device reads the manufacturer information from the current list and adds the manufacturer information as a text node to the manufacturer node.

Specifically, the encoding apparatus reads vendor information from the current list and adds the vendor information between a start marker and an end marker of the vendor node.

For example, the encoding apparatus reads vendor information "Manufacturer" from the current list and adds the vendor information "Manufacturer" between a start tag < DeviceInfo > and an end tag </DeviceInfo > of the vendor node.

And step 108, the coding device generates a serial number node, and adds the serial number node as a child node of the equipment information node into the equipment information node.

Specifically, the encoding means generates a start marker and an end marker of the serial number node, and adds the start marker and the end marker of the serial number node between the start marker and the end marker of the device information node.

For example, the encoding apparatus adds a start flag < SerialNo > and an end flag </SerialNo > of the sequence number node to between a start flag < DeviceInfo > and an end flag </DeviceInfo > of the device information node.

Step 109, the encoding apparatus reads the device serial number from the current list, and adds the device serial number as a text node to the serial number node.

Specifically, the encoding apparatus reads the device serial number from the current list, and adds the device serial number between the start marker and the end marker of the serial number node.

For example, the encoding apparatus reads the device serial number "987654321" from the current list and adds the device serial number "987654321" between the start marker and the end marker of the serial number node.

In step 110, the encoding apparatus generates a key node, and adds the key node to the key packet node as a child node of the key packet node.

Specifically, the encoding apparatus generates a start marker and an end marker of the key node, and adds the start marker and the end marker of the key node between the start marker and the end marker of the key packet node.

For example, the encoding apparatus adds a start flag < Key > and an end flag </Key > of the Key node to between a start flag < KeyPackage > and an end flag </KeyPackage > of the Key wrapper node.

And step 111, the encoding device reads the key identifier and the key algorithm information from the current list, generates a key identifier node according to the key identifier, generates a key algorithm node according to the key algorithm information, and adds the key identifier node and the key algorithm node as attribute nodes to the key node.

Specifically, the encoding apparatus reads the key identifier and the key algorithm information from the current list, generates a key identifier node using the key identifier as an attribute value, generates a key algorithm node using the key algorithm information as an attribute value, and adds the key identifier node and the key algorithm node to a start flag of the key node. The key identification node and the key algorithm node are both attribute nodes and both comprise attribute names and attribute values.

For example, the encoding apparatus reads the key identifier "12345678" and the key algorithm information "urn: ietf: params: xml: ns: keyprov: pskc: http" from the current list, and generates a key identifier node, that is, Id: 12345678", from the key identifier; and generating a Key Algorithm node according to the Key Algorithm information, namely, adding the Key identification node and the Key Algorithm node in a starting mark < Key > of the Key node, wherein the Algorithm is 'urn: ietf: params: xml: ns: keyprov: pskc: http'.

The key identification node comprises an attribute name 'Id' and an attribute value '12345678', the key Algorithm node comprises an attribute name 'Algorithm' and an attribute value 'urn: ietf: params: xml: ns: keyprov: pskcc: http', and after the information is added, the initial mark of the key node is updated as follows: < Key Id ═ 12345678, "Algorithm ═ urn: ietf: params: xml: ns: keyprov: pskc: hopp" >.

In step 112, the encoding apparatus generates a data node, and adds the data node to the key node as a child node of the key node.

Specifically, the encoding apparatus generates a start marker and an end marker of the data node, and adds the start marker and the end marker of the data node between the start marker and the end marker of the key node.

For example, the encoding apparatus adds a start marker < Data > and an end marker </Data > of a Data node to between a start marker < Key > and an end marker </Key > of a Key node.

In step 113, the encoding apparatus generates a key value node, and adds the key value node to the data node as a child node of the data node.

Specifically, the encoding apparatus generates a start marker and an end marker of the key value node, and adds the start marker and the end marker of the key value node between the start marker and the end marker of the data node.

For example, the encoding apparatus adds a start marker < Secret > and an end marker </Secret > of a key value node between a start marker < Data > and an end marker </Data > of a Data node.

In step 114, the encoding apparatus generates a first plaintext node, and adds the first plaintext node to the key value node as a child node of the key value node.

Specifically, the encoding apparatus generates a start marker and an end marker of the first plaintext node, and adds the start marker and the end marker of the first plaintext node between the start marker and the end marker of the key value node.

For example, the encoding apparatus adds a start flag < PlainValue > and an end flag </PlainValue > of the first plaintext node between the start flag < Secret > and the end flag </Secret > of the key value node.

In step 115, the encoding device reads the key plaintext from the current list, and adds the key plaintext as a text node to the first plaintext node.

Specifically, the encoding apparatus reads the key plaintext from the current list, and adds the key plaintext between the start flag and the end flag of the first plaintext node.

For example, the encoding apparatus reads the key plaintext "MTIzNA ═ from the current list, and adds the key plaintext" MTIzNA ═ between the start flag < PlainValue > and the end flag </PlainValue > of the first plaintext node.

By performing the above operations, the key file generated by the encoding apparatus is:

step 116, the encoding device determines whether the key information has an unprocessed key attribute list, if yes, the step returns to step 103; otherwise, the flow ends.

In step 117, the encoding apparatus generates an encryption key node, and adds the encryption key node to the key container node as a child node of the key container node.

Specifically, the encoding apparatus generates a start marker and an end marker of the encryption key node, and adds the start marker and the end marker of the encryption key node between the start marker and the end marker of the key container node.

For example, the encoding apparatus adds a start flag < encryption key > and an end flag </encryption key > of an encryption key node to between a start flag < KeyContainer > and an end flag </KeyContainer > of a key container node.

In step 118, the encoding apparatus generates a key name node, and adds the key name node to the encryption key node as a child node of the encryption key node.

Specifically, the encoding apparatus generates a start flag and an end flag of the key name node, and adds the start flag and the end flag of the key name node between the start flag and the end flag of the encryption key node.

For example, the encoding apparatus adds a start flag < ds: KeyName > and an end flag </ds: KeyName > of a key name node to between a start flag < EncryptionKey > and an end flag </EncryptionKey > of an encryption key node.

In step 119, the encoding apparatus reads the encryption key name from the key information, and adds the encryption key name as a text node to the key name node.

Specifically, the encoding apparatus reads the encryption key name from the key information, and adds the encryption key name between the start flag and the end flag of the key name node.

For example, the encoding apparatus reads the encryption key name "Pre-shared-key" from the key information, and adds the encryption key name "Pre-shared-key" between the start mark and the end mark of the key name node.

In step 120, the encoding apparatus generates a MAC method node, and adds the MAC method node to the key container node as a child node of the key container node.

Specifically, the encoding apparatus generates a start marker and an end marker of the MAC method node, and adds the start marker and the end marker of the MAC method node between the start marker and the end marker of the key container node.

For example, the encoding apparatus adds a start flag < MACMethod > and an end flag </MACMethod > of the MAC method node to between a start flag < KeyContainer > and an end flag </KeyContainer > of the key container node.

And step 121, the encoding device reads the MAC algorithm information from the key information, generates an MAC algorithm node according to the MAC algorithm information, and adds the MAC algorithm node as an attribute node to the MAC method node.

Specifically, the encoding device reads the MAC algorithm information from the key information, generates a MAC algorithm node using the MAC algorithm information as an attribute value, and adds the MAC algorithm node to a start flag of the MAC method node.

For example, the encoding device reads MAC Algorithm information, "hmac-sha1", from the key information, generates a MAC Algorithm node, i.e., almac-sha 1, using the MAC Algorithm information as an attribute value, adds the MAC Algorithm node to the start flag of the MAC method node, and updates the start flag of the MAC method node to: < MACMethodalgorithm ═ hmac-sha1 ">.

In step 122, the encoding apparatus generates a MAC key node, and adds the MAC key node to the MAC method node as a child node of the MAC method node.

Specifically, the encoding apparatus generates a start flag and an end flag of the MAC key node, and adds the start flag and the end flag of the MAC key node between the start flag and the end flag of the MAC method node.

For example, the encoding apparatus adds a start flag < MACKey > and an end flag </MACKey > of a MAC key node to between a start flag < MACMethod > and an end flag </MACMethod > of a MAC method node.

In step 123, the encoding apparatus generates a second encryption method node, and adds the second encryption method node as a child node to the MAC key node.

Specifically, the encoding apparatus generates a second encryption method node, and adds the second encryption method node between the start flag and the end flag of the MAC key node.

For example, the encoding apparatus adds a second encryption method node < xenc: EncryptionMethod/> between the start flag < MACKey > and the end flag </MACKey > of the MAC key node.

In step 124, the encoding apparatus reads the encryption key algorithm information from the key information, generates a second encryption key algorithm node according to the encryption key algorithm information, and adds the second encryption key algorithm node as an attribute node to the second encryption method node.

Specifically, the encoding device reads encryption key algorithm information from the key information, generates a second encryption key algorithm node using the encryption key algorithm information as an attribute value, and adds the second encryption key algorithm node to the second encryption method node.

For example, the encoding device reads encryption key Algorithm information, "aes128-cbc", from the key information, generates a second encryption key Algorithm node, i.e., Algorithm ═ aes128-cbc, using the encryption key Algorithm information as an attribute value, adds the second encryption key Algorithm node to the second encryption method node, and updates the second encryption method node to:

<xenc:EncryptionMethod

Algorithm＝"aes128-cbc"/>。

in step 125, the encoding apparatus generates a second cryptographic data node, and adds the second cryptographic data node to the MAC key node as a child node of the MAC key node.

Specifically, the encoding apparatus generates a start flag and an end flag of the second cipher data node, and adds the start flag and the end flag of the second cipher data node between the start flag and the end flag of the MAC key node.

For example, the encoding apparatus adds a start marker < xenc: CipherData > and an end marker </xenc: CipherData > of the second cryptographic data node to between a start marker < MACKey > and an end marker </MACKey > of the MAC key node.

Step 126, the encoding device generates a second password value node, and adds the second password value node to the second password data node as a child node of the second password data node.

Specifically, the encoding apparatus generates a start flag and an end flag of the second cipher value node, and adds the start flag and the end flag of the second cipher value node between the start flag and the end flag of the second cipher data node.

For example, the encoding apparatus adds a start marker < xenc: CipherValue > and an end marker </xenc: CipherValue > of the second cryptographic value node to between the start marker < xenc: CipherData > and the end marker </xenc: CipherData > of the second cryptographic data node.

In step 127, the encoding apparatus reads the MAC key from the key information, encrypts the MAC key using a policy corresponding to the encryption key algorithm information in the key information according to the key corresponding to the encryption key name in the key information, and adds the encrypted ciphertext as a text node to the second cipher value node.

Specifically, the encoding device reads the MAC key from the key information, encrypts the MAC key using a policy corresponding to encryption key algorithm information in the key information, based on a key corresponding to an encryption key name in the key information, and adds an encrypted ciphertext between a start tag and an end tag of the second cipher value node.

For example, the encoding apparatus reads the MAC key from the key information, encrypts the MAC key using a policy corresponding to the encryption key algorithm information "hmac-sha1" in the key information, based on a key corresponding to the encryption key name "Pre-shared-key" in the key information, and obtains a ciphertext as: ESIzRFVmd4iZABEiM0RVZgKn6WjLaTC1sbeBMSvIhRejN9vJa2BOlSaMrR7I5wSX, which adds the above ciphertext to the second password value node between the start tag < xenc: CipherValue > and the end tag </xenc: CipherValue >.

In step 128, the encoding apparatus selects an unprocessed key attribute list from the key information as a current list.

In step 129, the encoding apparatus generates a key package node, and adds the key package node to the key container node as a child node of the key container node.

In step 130, the encoding apparatus generates a device information node, and adds the device information node to the key packet node as a child node of the key packet node.

Step 131, the encoding device generates a manufacturer node, and adds the manufacturer node to the device information node as a child node of the device information node.

In step 132, the encoding device reads the vendor information from the current list and adds the vendor information as a text node to the vendor node.

In step 133, the encoding apparatus generates a serial number node, and adds the serial number node as a child node of the device information node to the device information node.

In step 134, the encoding apparatus reads the device serial number from the current list, and adds the device serial number as a text node to the serial number node.

In step 135, the encoding apparatus generates a key node, and adds the key node to the key packet node as a child node of the key packet node.

And step 136, the encoding device reads the key identifier and the key algorithm information from the current list, generates a key identifier node according to the key identifier, generates a key algorithm node according to the key algorithm information, and adds the key identifier node and the key algorithm node as attribute nodes to the key node.

In step 137, the encoding apparatus generates a data node, and adds the data node to the key node as a child node of the key node.

In step 138, the encoding apparatus generates a key value node, and adds the key value node to the data node as a child node of the data node.

In step 139, the encoding apparatus generates a ciphertext node, and adds the ciphertext node to the key value node as a child node of the key value node.

Specifically, the encoding apparatus generates a start flag and an end flag of the ciphertext node, and adds the start flag and the end flag of the ciphertext node between the start flag and the end flag of the key value node.

For example, the encoding apparatus adds a start flag < EncryptedValue > and an end flag </EncryptedValue > of the ciphertext node to between a start flag < Secret > and an end flag </Secret > of the key value node.

In step 140, the encoding apparatus generates a first encryption method node, and adds the first encryption method node as a child node to the ciphertext node.

Specifically, the encoding apparatus generates a first encryption method node, and adds the first encryption method node between the start marker and the end marker of the ciphertext node.

For example, the encoding apparatus adds a first encryption method node < xenc: EncryptionMethod/> between a start marker < EncryptedValue > and an end marker </EncryptedValue > of the ciphertext node.

In step 141, the encoding apparatus reads the encryption key algorithm information from the key information, generates a first encryption key algorithm node according to the encryption key algorithm information, and adds the first encryption key algorithm node as an attribute node to the first encryption method node.

Specifically, the encoding device reads encryption key algorithm information from the key information, generates a first encryption key algorithm node using the encryption key algorithm information as an attribute value, and adds the first encryption key algorithm node to the first encryption method node.

For example, the encoding device reads encryption key Algorithm information, "aes128-cbc", from the key information, generates a first encryption key Algorithm node, that is, Algorithm ═ aes128-cbc, using the encryption key Algorithm information as an attribute value of the first encryption key Algorithm node, adds the first encryption key Algorithm node to the first encryption method node, and updates the first encryption method node to:

<xenc:EncryptionMethod

Algorithm＝"aes128-cbc"/>。

and 142, generating a first password data node by the encoding device, and adding the first password data node into the ciphertext node as a child node of the ciphertext node.

Specifically, the encoding apparatus generates a start flag and an end flag of the first cryptographic data node, and adds the start flag and the end flag of the first cryptographic data node between the start flag and the end flag of the ciphertext node.

For example, the encoding apparatus adds a start flag < xenc: CipherData > and an end flag </xenc: CipherData > of the first cipher data node to between the start flag < EncryptedValue > and the end flag </EncryptedValue > of the cipher text node.

Step 143, the encoding apparatus generates a first password value node, and adds the first password value node as a child node of the first password data node to the first password data node.

Specifically, the encoding apparatus generates a start flag and an end flag of the first cipher value node, and adds the start flag and the end flag of the first cipher value node between the start flag and the end flag of the first cipher data node.

For example, the encoding apparatus adds a start marker < xenc: CipherValue > and an end marker </xenc: CipherValue > of the first cryptographic value node to between the start marker < xenc: CipherData > and the end marker </xenc: CipherData > of the first cryptographic data node.

In step 144, the encoding apparatus reads the key plaintext from the current list, encrypts the key plaintext using a policy corresponding to the encryption key algorithm information in the key information according to the key corresponding to the encryption key name in the key information, and adds the encrypted key ciphertext to the first cipher value node as a text node.

Specifically, the encoding apparatus reads a key plaintext from the current list, encrypts the key plaintext using a policy corresponding to encryption key algorithm information in the key information according to a key corresponding to an encryption key name in the key information, and adds a key ciphertext obtained by the encryption between a start flag and an end flag of the first cipher value node.

For example, the encoding device reads a key plaintext, that is, "MTIzNA ═ from the current list, encrypts the key plaintext" MTIzNA ═ according to a key corresponding to the encryption key name "Pre-shared-key" in the key information, using a policy corresponding to the encryption key algorithm information "hmac-sha1" in the key information, and obtains a key ciphertext as: AAECAwQFBgcICQoLDA0OD + cIHItlB3Wra1DUpxVvOx2lef1 VmNPPML 8jwZqIUqGv, which adds the above-described key ciphertext to the first password value node between the start marker < xenc: CipherValue > and the end marker </xenc: CipherValue >.

In step 145, the encoding apparatus generates a MAC value node, and adds the MAC value node to the key value node as a child node of the key value node.

Specifically, the encoding apparatus generates a start flag and an end flag of the MAC value node, and adds the start flag and the end flag of the MAC value node between the start flag and the end flag of the key value node.

For example, the encoding apparatus adds a start flag < valumac > and an end flag </valumac > of the MAC value node to between a start flag < Secret > and an end flag </Secret > of the key value node.

In step 146, the encoding apparatus digests the key plaintext according to the MAC key in the key information by using a policy corresponding to the MAC algorithm information in the key information, and adds the obtained digest value as a text node to the MAC value node.

Specifically, the encoding device digests the key plaintext according to the MAC key in the key information using a policy corresponding to the MAC algorithm information in the key information, and adds the obtained digest value as a text node between the start flag and the end flag of the MAC value node.

For example, the encoding device digests the key plaintext "MTIzNA ═ using a policy corresponding to the MAC algorithm information" hmac-sha1 "in the key information, based on the MAC key in the key information, to obtain a digest value" Su + nvtqfvjzf 6 bmqijolrexc ═ and adds the digest value as a text node between the start flag < ValueMAC > and the end flag </ValueMAC > of the MAC value node.

step 147, the encoding apparatus determines whether there is an unprocessed key attribute list in the key information, and if so, returns to step 128; otherwise, the flow ends.

The invention achieves the following beneficial effects: the encoding device encodes the key information into the key file with the uniform format, so that the authentication system can execute uniform processing flow on the key information configured by a plurality of equipment manufacturers, and the workload of the authentication system is reduced.

Further, in another embodiment of the present invention, the encoding apparatus generates a key container node, adds the key container node as a root node to a key file, and after determining that a key transmission mode is plaintext transmission, concurrently sends a plurality of threads, and allocates all key attribute lists in the key information to the plurality of threads; each thread acquires at least one key attribute list, each key attribute list is used as a current list, and the steps 104 to 115 are executed to generate at least one key packet node; the encoding device adds the key packet nodes generated by all threads to the key container nodes to realize the encoding of the key information.

The encoding device generates a key container node, adds the key container node as a root node into a key file, and after judging that the key transmission mode is not plaintext transmission, concurrently transmits a plurality of threads, and distributes all key attribute lists in the key information to the plurality of threads; each thread acquires at least one key attribute list, takes each key attribute list as a current list, and executes the steps 117 to 146 to generate at least one key packet node; the encoding device adds the key packet nodes generated by all threads to the key container nodes to realize the encoding of the key information. The working mechanism can accelerate the coding speed of the coding device.

In another embodiment of the present invention, the key attribute list may further include issuer information, and the encoding apparatus generates an issuer node in response, adds the issuer node to the key node as a child of the key node, reads the issuer information from the key attribute list, and adds the issuer information to the issuer node as a text node.

Specifically, the encoding apparatus generates a start flag and an end flag of the issuer node, adds the start flag and the end flag of the issuer node between the start flag and the end flag of the key node, reads issuer information from the key attribute list, and adds the issuer information between the start flag and the end flag of the issuer node.

For example, the encoding apparatus adds a start flag < issue > and an end flag </issue > of the Issuer node to between a start flag < Key > and an end flag </issue > of the Key node, reads Issuer information "issue-a" from the Key attribute list, and adds the Issuer information "issue-a" between the start flag < issue > and the end flag </issue > of the Issuer node.

In another embodiment of the present invention, the key attribute list may further include a device user identifier, and accordingly, the encoding apparatus generates a device user identifier node, adds the device user identifier node to the device information node as a child node of the device information node, reads the device user identifier from the key attribute list, and adds the device user identifier to the device user identifier node as a text node.

Specifically, the encoding apparatus generates a start marker and an end marker of the device user identification node, adds the start marker and the end marker of the device user identification node between the start marker and the end marker of the device information node, and adds the device user identification between the start marker and the end marker of the device user identification node.

For example, the encoding means adds a start flag < UserId > and an end flag </UserId > of the device user identification node to between a start flag < DeviceInfo > and an end flag </DeviceInfo > of the device information node, and adds a device user identification "DC ═ example-bank, DC ═ net" between the start flag < UserId > and the end flag </UserId > of the device user identification node.

In another embodiment of the present invention, the key attribute list may further include a cryptographic module identifier, and accordingly, the encoding device generates a cryptographic module node, adds the cryptographic module node as a child node of the key package node to the key package node, generates a cryptographic module identifier node, adds the cryptographic module identifier node as a child node of the cryptographic module node to the cryptographic module node, reads the cryptographic module identifier from the key attribute list, and adds the cryptographic module identifier as a text node to the cryptographic module identifier node.

Specifically, the encoding apparatus generates a start marker and an end marker of a cryptographic module node, adds the start marker and the end marker of the cryptographic module node between the start marker and the end marker of the key packet node, adds the start marker and the end marker of a cryptographic module identification node between the start marker and the end marker of the cryptographic module node, and adds the cryptographic module identification between the start marker and the end marker of the cryptographic module identification node.

For example, the encoding apparatus adds a start flag < crypto-moduleinfo > and an end flag </crypto-moduleinfo > of the cryptographic module node to between a start flag < keyPack > and an end flag </keyPack > of the key wrapper node, adds a start flag < Id > and an end flag </Id > of the cryptographic module identification node to between a start flag < crypto-moduleinfo > and an end flag </crypto-moduleinfo > of the cryptographic module node, and adds a cryptographic module identification "CM _ ID _ 001" to between a start flag < Id > and an end flag </Id > of the cryptographic module identification node.

In another embodiment of the present invention, the key attribute list may further include a key user identifier, and accordingly, the encoding apparatus generates a key user identifier node, adds the key user identifier node as a child node of the key node to the key node, reads the key user identifier from the key attribute list, and adds the key user identifier as a text node to the key user identifier node.

Specifically, the encoding apparatus generates a start marker and an end marker of the key user identification node, adds the start marker and the end marker of the key user identification node between the start marker and the end marker of the key node, and adds the key user identification between the start marker and the end marker of the key user identification node.

For example, the encoding apparatus adds a start flag < UserId > and an end flag </UserId > of the Key user identification node to between a start flag < Key > and an end flag </Key > of the Key node, and adds a Key user identification "UID ═ jsmith, DC ═ example-bank, DC ═ net" between the start flag < UserId > and the end flag </UserId > of the Key user identification node.

In another embodiment of the present invention, the key attribute list may further include a key start date, a key end date, and key usage information, and accordingly, the encoding apparatus generates a policy node, adds the policy node as a child node of the key node to the key node, generates a start date node, an end date node, and a key usage node, adds the start date node, the end date node, and the key usage node to the policy node, reads the key start date, the key end date, and the key usage information from the key attribute list, adds the key start date as a text node to the start date node, adds the key end date as a text node to the end date node, and adds the key usage information as a text node to the key usage node.

Specifically, the encoding apparatus generates a start flag and an end flag of a policy node, adds the start flag and the end flag of the policy node between the start flag and the end flag of the key node, adds the start flag and the end flag of a start date node between the start flag and the end flag of the policy node, reads a key start date from a key attribute list, adds a key start date between the start flag and the end flag of the start date node, adds the start flag and the end flag of an end date node between the start flag and the end flag of the policy node, reads a key end date from the key attribute list, adds a key end date between the start flag and the end flag of the end date node, adds the start flag and the end flag of a key usage node between the start flag and the end flag of the policy node, the key usage information is read from the key attribute list and added between the start marker and the end marker of the key usage node.

For example, the encoding apparatus adds a start marker < Policy > and an end marker </Policy > of the Policy node between a start marker < Key > and an end marker </Key > of the Key node, adds a start marker < StartDate > and an end marker </StartDate > of the start date node between the start marker and the end marker of the Policy node, reads a Key start date "2014-05-07T 02:58: 31Z" from the Key attribute list, adds the above-mentioned Key start date between the start marker < StartDate > and the end marker </StartDate > of the start date node, adds a start marker < ExpiryDate > and an end marker </ExpiryDate > of the end date node between the start marker < Policy > and the end marker </Policy > of the Policy node, reads an end Key date "2019-05-07T 02:57: 37Z" from the Key attribute list, the key end date is added between the start marker < ExpiryDate > and the end marker </ExpiryDate > of the end date node, the start marker < KeyUsage > and the end marker </KeyUsage > of the key use node are added between the start marker < Policy > and the end marker </Policy > of the Policy node, the key use information "OTP" is read from the key attribute list, and the key use information "OTP" is added between the start marker < KeyUsage > and the end marker </KeyUsage > of the key use node.

In addition, when the key information is related to the seed key in the time-type dynamic token, the key attribute list may further include a response code length, response code encoding information, a time interval value, an initial value of a time offset, and an initial value of a time factor, and accordingly, the encoding apparatus generates an algorithm parameter node, adds the algorithm parameter node as a child node of the key node to the key node, generating a response code format node, adding the response code format node as a child node of the algorithm parameter node into the algorithm parameter node, reading the length of the response code and the coding information of the response code from the key attribute list, generating a response code length node according to the response code length, generating a response code coding information node according to the response code coding information, and adding the response code length node and the response code coding information node as attribute nodes into a response code format node; generating a time node, adding the time node as a child node of the data node into the data node, generating a second plaintext node, adding the second plaintext node as a child node of the time node into the time node, reading an initial value of a time factor from a key attribute list, and adding the initial value of the time factor as a text node into the second plaintext node; generating a time interval node, adding the time interval node as a child node of the data node into the data node, generating a third plain text node, adding the third plain text node as a child node of the time interval node into the time interval node, reading a time interval value from the key attribute list, and adding the time interval value as a text node into the third plain text node; generating a time offset node, adding the time offset node as a child node of the data node into the data node, generating a fourth plaintext node, adding the fourth plaintext node as a child node of the time offset node into the time offset node, reading an initial value of the time offset from the key attribute list, and adding the initial value of the time offset as a text node into the fourth plaintext node.

Specifically, the encoding apparatus may add a start flag and an end flag of the algorithm parameter node between the start flag and the end flag of the key node, add the response code format node between the start flag and the end flag of the algorithm parameter node, read the response code length and the response code encoding information from the key attribute list, generate the response code length node using the response code length as an attribute value, generate the response code encoding information node using the response code encoding information as an attribute value, and add the response code length node and the response code encoding information node to the response code format node. The response code length node and the response code coding information node are both attribute nodes and both comprise attribute names and attribute values.

The encoding apparatus may add a start marker and an end marker of the time node between the start marker and the end marker of the data node, add a start marker and an end marker of the second plaintext node between the start marker and the end marker of the time node, read an initial value of the time factor from the key attribute list, and add the initial value of the time factor between the start marker and the end marker of the second plaintext node; adding a start mark and an end mark of a time interval node between the start mark and the end mark of a data node, adding a start mark and an end mark of a third plain text node between the start mark and the end mark of the time interval node, reading a time interval value from a key attribute list, and adding the time interval value between the start mark and the end mark of the third plain text node; adding a start mark and an end mark of the time offset node between the start mark and the end mark of the data node, adding a start mark and an end mark of a fourth plaintext node between the start mark and the end mark of the time offset node, reading an initial value of the time offset from the key attribute list, and adding the initial value of the time offset between the start mark and the end mark of the fourth plaintext node.

For example, the Encoding apparatus adds a start flag < AlgorithmParameters > and an end flag </AlgorithmParameters > of an algorithm parameter node between a start flag < Key > and an end flag </Key > of a Key node, adds a response code format node < ResponseFormat/> between the start flag and the end flag of the algorithm parameter node, reads a response code Length "8" and response code Encoding information "DECIMAL" from a Key attribute list, generates a response code Length node "Length" 8 "with the response code Length" 8 "as an attribute value, generates a response code Encoding information node" Encoding "", which includes an attribute name "Length" and an attribute value "8" with the response code Encoding information "DECIMAL" as an attribute value, generates a response code Encoding information node "Encoding" ", which includes an attribute name" Length "and an attribute value" 8", adds the response code Length node and the response code Encoding information node to the response code format node, the response code format node is updated to: < ResponseFormat Length ═ 8"Encoding ═ DECIMAL"/>. The encoding apparatus adds a start flag < Time > and an end flag </Time > of a Time node between a start flag < Data > and an end flag </Data > of a Data node, adds a start flag < plainValue > and an end flag </plainValue > of a second plaintext node between the start flag < Time > and the end flag </Time > of the Time node, reads an initial value "0" of a Time factor from a key attribute list, and adds the initial value "0" of the Time factor between the start flag < plainValue > and the end flag </plainValue > of the second plaintext node; adding a start mark < TimeInterval > and an end mark </TimeInterval > of a time interval node between a start mark < Data > and an end mark </Data > of a Data node, adding a start mark < PlainValue > and an end mark </PlainValue > of a third plain text node between the start mark < TimeInterval > and the end mark </TimeInterval > of the time interval node, reading a time interval value "60" from a key attribute list, and adding a time interval value "60" between the start mark < PlainValue > and the end mark </PlainValue > of the third plain text node; a start flag < TimeDrift > and an end flag </TimeDrift > of a time offset node are added between a start flag < Data > and an end flag </Data > of a Data node, a start flag < PlainValue > and an end flag </PlainValue > of a fourth plaintext node are added between the start flag < TimeDrift > and the end flag </TimeDrift > of the time offset node, an initial value "0" of a time offset amount is read from a key attribute list, and an initial value "0" of the time offset amount is added between the start flag < PlainValue > and the end flag </PlainValue > of the fourth plaintext node.

In addition, when the key information is related to a seed key in the event-type dynamic token, the key attribute list may further include a response code length, response code encoding information, and an initial value of an event factor, and accordingly, the encoding apparatus generates an algorithm parameter node, adds the algorithm parameter node to the key node as a child node of the key node, generates a response code format node, adds the response code format node to the algorithm parameter node as a child node of the algorithm parameter node, reads the response code length and the response code encoding information from the key attribute list, generates a response code length node according to the response code length, generates a response code encoding information node according to the response code encoding information, adds the response code length node and the response code encoding information node to the response code format node as attribute nodes, generates a counter node, and adds the counter node to the data node as a child node of the data node, and generating a fifth plaintext node, adding the fifth plaintext node into the counter node as a child node of the counter node, and adding the initial value of the event factor into the fifth plaintext node as a text node.

The encoding apparatus may add a start marker and an end marker of the counter node between the start marker and the end marker of the data node, add a start marker and an end marker of the fifth plaintext node between the start marker and the end marker of the counter node, and add an initial value of the event factor between the start marker and the end marker of the fifth plaintext node.

For example, the Encoding apparatus adds a start flag < AlgorithmParameters > and an end flag </AlgorithmParameters > of an algorithm parameter node between a start flag < Key > and an end flag </Key > of a Key node, adds a response code format node < ResponseFormat/> between the start flag and the end flag of the algorithm parameter node, reads a response code Length "8" and response code Encoding information "DECIMAL" from a Key attribute list, generates a response code Length node "Length" 8 "with the response code Length" 8 "as an attribute value, generates a response code Encoding information node" Encoding "", which includes an attribute name "Length" and an attribute value "8" with the response code Encoding information "DECIMAL" as an attribute value, generates a response code Encoding information node "Encoding" ", which includes an attribute name" Length "and an attribute value" 8", adds the response code Length node and the response code Encoding information node to the response code format node, the response code format node is updated to: < ResponseFormat Length ═ 8"Encoding ═ DECIMAL"/>. The encoding apparatus adds a start flag < Counter > and an end flag </Counter > of the Counter node between a start flag < Data > and an end flag </Data > of the Data node, adds a start flag < plainValue > and an end flag </plainValue > of a fifth plaintext node between the start flag < Counter > and the end flag </Counter > of the Counter node, and adds an initial value "0" of the event factor between the start flag < plainValue > and the end flag </plainValue > of the fifth plaintext node.

Corresponding to the working method of the apparatus for implementing key information encoding shown in fig. 1 and fig. 2, an embodiment of the present invention further provides a working method of an apparatus for implementing key information decoding, as shown in fig. 3 to fig. 6, including the following steps:

step 201, the decoding device searches the key package node from the root node of the key file, if so, step 202 is executed; otherwise, the decoding device displays the error information and ends the process.

Specifically, the decoding device may search for the start marker and the end marker of the key package node between the start marker and the end marker of the root node of the ciphertext file, and if found, determine to find the key package node from the root node of the key file; otherwise, determining that the key package node is not found from the root node of the key file. And the root node of the ciphertext file is a key container node.

For example, the decoding apparatus searches for the start marker < KeyPackage > and the end marker </KeyPackage > of the keybag node between the start marker < KeyContainer > and the end marker </KeyContainer > of the KeyContainer node, and if found, determines to find the keybag node from the root node of the key file; otherwise, determining that the key package node is not found from the root node of the key file.

Step 202, the decoding device searches the equipment information node from the key packet node, and if the equipment information node is found, step 203 is executed; otherwise, step 208 is performed.

Specifically, the decoding apparatus may search for the start marker and the end marker of the device information node between the start marker and the end marker of the key packet node, and if found, determine to find the device information node from the key packet node; otherwise, determining that the equipment information node is not found from the key packet node.

For example, the decoding apparatus searches for the start marker < DeviceInfo > and the end marker </DeviceInfo > of the device information node between the start marker < KeyPackage > and the end marker </KeyPackage > of the keybag node, and if found, determines to find the device information node from the keybag node; otherwise, determining that the equipment information node is not found from the key packet node.

Step 203, the decoding device searches the manufacturer node from the equipment information node, and if the manufacturer node is found, step 204 is executed; otherwise, step 205 is performed.

Specifically, the decoding apparatus may search for the start mark and the end mark of the vendor node between the start mark and the end mark of the device information node, and if found, determine to find the vendor node from the device information node; otherwise, determining that the manufacturer node is not found from the equipment information node.

For example, the decoding apparatus searches for a start flag < manfacturer > and an end flag </manfacturer > of a vendor node between a start flag < DeviceInfo > and an end flag </DeviceInfo > of a device information node, and if found, determines that the vendor node is found from the device information node; otherwise, determining that the manufacturer node is not found from the equipment information node.

In step 204, the decoding apparatus acquires the text content of the child node of the vendor node, stores the acquired text content as vendor information, and executes step 205.

Specifically, the decoding apparatus may acquire the text content of the text node located between the start mark and the end mark of the vendor node, and store the text content as vendor information.

For example, the decoding apparatus acquires the text content "Manufacturer" of the text node located between the start flag < Manufacturer > and the end flag </Manufacturer >, and saves the text content "Manufacturer" as the Manufacturer information.

Step 205, the decoding apparatus searches the serial number node from the device information node, and if the serial number node is found, step 206 is executed; otherwise, step 207 is performed.

Specifically, the decoding apparatus may search for the start marker and the end marker of the serial number node between the start marker and the end marker of the device information node, and if found, determine to find the serial number node from the device information node; otherwise, determining that the serial number node is not searched from the equipment information node.

For example, the decoding apparatus searches for a start marker < SerialNo > and an end marker </SerialNo > of a serial number node between a start marker < DeviceInfo > and an end marker </DeviceInfo > of a device information node, and if found, determines to find the serial number node from the device information node; otherwise, determining that the serial number node is not searched from the equipment information node.

In step 206, the decoding apparatus acquires the text content of the child node of the serial number node, saves the acquired text content as the device serial number, and executes step 207.

Specifically, the decoding apparatus may acquire the text content of the text node located between the start mark and the end mark of the serial number node, and store the text content as the device serial number.

For example, the decoding apparatus acquires the text content "987654321" of the text node located between the start marker < SerialNo > and the end marker </SerialNo > of the serial number node, and saves the text content "987654321" as the device serial number.

Step 207, the decoding device searches the key node from the key packet node, and if the key node is found, step 208 is executed; otherwise, the decoding device displays the error information and ends the process.

Specifically, the decoding apparatus may search for the start marker and the end marker of the key node between the start marker and the end marker of the key packet node, and if found, determine to find the key node from the key packet node; otherwise, determining that the key node is not found from the key packet node.

For example, the decoding device searches the start mark < Key > and the end mark </Key > of the Key node between the start mark < KeyPackage > and the end mark </KeyPackage > of the Key package node, and if found, determines to find the Key node from the Key package node; otherwise, determining that the key node is not found from the key packet node.

In step 208, the decoding device acquires an attribute value of a key algorithm node among the key nodes, and stores the acquired attribute value as key algorithm information.

Specifically, the decoding device may use the key algorithm node located in the start flag of the key node as an attribute node, obtain an attribute value of the key algorithm node, and store the obtained attribute value as key algorithm information.

For example, the decoding apparatus uses a Key Algorithm node "Algorithm" ("urn: ietf: params: xml: ns: keyprov: pskc: http") located in the start flag < Key > of the Key node as an attribute node, obtains an attribute value of the Key Algorithm node, that is, "urn: ietf: params: xml: ns: keyprov: pskc: http", and stores the obtained attribute value as Key Algorithm information.

In step 209, the decoding apparatus acquires an attribute value of a key identifier node among the key nodes, and stores the acquired attribute value as a key identifier.

Specifically, the decoding device may use a key identifier node located in the start flag of the key node as an attribute node, obtain an attribute value of the key identifier node, and store the obtained attribute value as the key identifier.

For example, the decoding apparatus acquires an attribute value "12345678" of the Key algorithm node using a Key identification node "Id ═ 12345678" "located in the start flag < Key > of the Key node as an attribute node, and stores the acquired attribute value" 12345678 "as a Key identification.

Step 210, the decoding apparatus searches for a data node from the key nodes, and if the data node is found, step 211 is executed; otherwise, the decoding device displays the error information and ends the process.

Specifically, the decoding apparatus may search for the start marker and the end marker of the data node between the start marker and the end marker of the key node, and if found, determine to find the data node from the key node; otherwise, determining that the data node is not found from the key node.

For example, the decoding device searches the start mark < Data > and the end mark </Data > of the Data node between the start mark < Key > and the end mark </Key > of the Key node, and if found, determines to find the Data node from the Key node; otherwise, determining that the data node is not found from the key node.

Step 211, the decoding apparatus searches the key value node from the data node, and if the key value node is found, step 212 is executed; otherwise, the decoding device displays the error information and ends the process.

Specifically, the decoding apparatus may search for a start marker and an end marker of the key value node between a start marker and an end marker of the data node, and if found, determine to find the key value node from the data node; otherwise, it is determined that no key value node is found from the data node.

For example, the decoding apparatus searches for a start marker < Secret > and an end marker </Secret > of a key value node between a start marker and < Data > and an end marker </Data > of a Data node, and if found, determines to find the key value node from the Data node; otherwise, it is determined that no key value node is found from the data node.

Step 212, the decoding apparatus searches the first plaintext node from the key value node, and if so, performs step 213; otherwise, step 214 is performed.

Specifically, the decoding apparatus may search for the start marker and the end marker of the first plaintext node between the start marker and the end marker of the key value node, and if found, determine that the first plaintext node is found from the key value node; otherwise, it is determined that the first plaintext node is not located from the key value node.

For example, the decoding apparatus searches for a start flag < PlainValue > and an end flag </PlainValue > of a first plaintext node between the start flag < Secret > and the end flag </Secret > of the key value node, and if found, determines that the first plaintext node is found from the key value node; otherwise, it is determined that the first plaintext node is not located from the key value node.

In step 213, the decoding apparatus acquires the text content of the child node of the first plaintext node, and saves the acquired text content as the key plaintext.

Specifically, the decoding apparatus may acquire the text content of the text node located between the start mark and the end mark of the first plaintext node, and save the text content as the key plaintext.

For example, the decoding device acquires the text content "MTIzNA ═ of the text node located between the start flag < PlainValue > and the end flag </PlainValue > of the first plaintext node, and stores the text content" MTIzNA ═ as the key plaintext.

Step 214, the decoding apparatus searches the ciphertext node from the key value node, and if the ciphertext node is found, step 215 is executed; otherwise, the decoding device displays the error information and ends the process.

Specifically, the decoding apparatus may search for the start mark and the end mark of the ciphertext node between the start mark and the end mark of the key value node, and if found, determine to find the ciphertext node from the key value node; otherwise, determining that the ciphertext node is not found from the key value node.

For example, the decoding apparatus searches for a start marker < EncryptedValue > and an end marker </EncryptedValue > of a ciphertext node between a start marker < Secret > and an end marker </Secret > of a key value node, and if found, determines to find the ciphertext node from the key value node; otherwise, determining that the ciphertext node is not found from the key value node.

Step 215, the decoding device searches the first encryption method node from the ciphertext node, and if the first encryption method node is found, step 216 is executed; otherwise, the decoding device displays the error information and ends the process.

Specifically, the decoding apparatus may search for the first encryption method node between the start mark and the end mark of the ciphertext node, and if found, determine to find the first encryption method node from the ciphertext node; otherwise, determining that the first encryption method node is not found from the ciphertext node.

For example, the decoding apparatus searches for a first encryption method node < xenc: EncryptionMethod/>, between a start marker < EncryptedValue > and an end marker </EncryptedValue > of a ciphertext node, and if found, determines to find the first encryption method node from the ciphertext node; otherwise, determining that the first encryption method node is not found from the ciphertext node.

In step 216, the decoding apparatus acquires an attribute value of a first encryption key algorithm node in the first encryption method node as encryption key algorithm information.

Specifically, the decoding device may use a key algorithm node in the first encryption method node as an attribute node, obtain an attribute value of the key algorithm node, and store the obtained attribute value as key algorithm information.

For example, the decoding device acquires an attribute value of a key Algorithm node, that is, "aes128-cbc", using a key Algorithm node "Algorithm" in the first encryption method node as an attribute node, and stores the acquired attribute value as key Algorithm information.

Step 217, the decoding device searches the first password data node from the ciphertext node, and if the first password data node is found, step 218 is executed; otherwise, the decoding device displays the error information and ends the process.

Specifically, the decoding device may search for the start marker and the end marker of the first cryptographic data node between the start marker and the end marker of the ciphertext node, and if found, determine to find the first cryptographic data node from the ciphertext node; otherwise, determining that the first password data node is not searched from the ciphertext node.

For example, the decoding device searches a starting mark (CipherData) and an ending mark (CipherData) of a first cipher data node between a starting mark (EncryptedValue) and an ending mark (EncryptedValue) of a cipher text node, and if the starting mark (CipherData) and the ending mark (CipherData) are found, the decoding device determines that the first cipher data node is found from the cipher text node; otherwise, determining that the first password data node is not searched from the ciphertext node.

Step 218, the decoding apparatus searches the first password value node from the first password data node, and if the first password value node is found, step 219 is executed; otherwise, the decoding device displays the error information and ends the process.

Specifically, the decoding apparatus may search for the start marker and the end marker of the first password value node between the start marker and the end marker of the first password data node, and if found, determine to find the first password value node from the first password data node; otherwise, it is determined that the first password value node is not found from the first password data node.

For example, the decoding device searches a starting mark (CipherValue) and an ending mark (CipherValue) of a first password value node between the starting mark (CipherData) and the ending mark (CipherData) of the first password data node, and if the starting mark (CipherData) and the ending mark (CipherData) of the first password data node are found, the decoding device determines to find the first password value node from the first password data node; otherwise, it is determined that the first password value node is not found from the first password data node.

In step 219, the decoding apparatus obtains the text content of the child node of the first password value node as the key ciphertext.

Specifically, the decoding apparatus may acquire, as the key ciphertext, the text content of a text node located between the start flag and the end flag of the first password value node.

For example, the decoding apparatus acquires the text contents of the text node located between the start mark < xenc: CipherValue > and the end mark </xenc: CipherValue > of the first password value node, i.e., AAECAwQFBgcICQoLDA0OD + cIHItlB3Wra1DUpxVvOx2lef1VmNPCML8 jwZqIqGv, as the key ciphertext.

Step 220, the decoding device searches the encryption key node from the root node of the key file, and if the encryption key node is found, step 221 is executed; otherwise, the decoding device displays the error information and ends the process.

Specifically, the decoding apparatus may search for the start mark and the end mark of the encryption key node between the start mark and the end mark of the root node of the ciphertext file, and if found, determine to find the encryption key node from the root node of the key file; otherwise, determining that the encryption key node is not found from the root node of the key file. Wherein, the root node of the key file is a key container node

For example, the decoding apparatus searches for the start flag < encryption key > and the end flag </encryption key > of the encryption key node between the start flag < KeyContainer > and the end flag </KeyContainer > of the key container node, and if found, determines to find the encryption key node from the root node of the key file; otherwise, determining that the encryption key node is not found from the root node of the key file.

Step 221, the decoding apparatus searches the key name node from the encryption key nodes, and if the key name node is found, step 222 is executed; otherwise, the decoding device displays the error information and ends the process.

Specifically, the decoding apparatus may search for the start mark and the end mark of the key name node between the start mark and the end mark of the encryption key node, and if found, determine to find the key name node from the encryption key node; otherwise, determining that the key name node is not found from the encryption key nodes.

For example, the decoding device searches the initial mark < ds: KeyName > and the end mark </ds: KeyName > of the key name node between the initial mark < EncryptionKey > and the end mark </EncryptionKey > of the encryption key node, and if the initial mark < ds: KeyName > and the end mark </eddenamelkey > are found, determines to find the key name node from the encryption key node; otherwise, determining that the key name node is not found from the encryption key nodes.

In step 222, the decoding apparatus obtains the text content of the child node of the key name node as the encryption key name, and decrypts the obtained key ciphertext by using the policy corresponding to the obtained encryption key algorithm information according to the key corresponding to the encryption key name, so as to obtain the key plaintext.

Specifically, the decoding device may acquire the text content of the text node located between the start mark and the end mark of the key name node as the encryption key name, and decrypt the acquired key ciphertext according to the key corresponding to the encryption key name using the policy corresponding to the acquired encryption key algorithm information to obtain the key plaintext.

For example, the decoding apparatus acquires the text content "Pre-shared-key" of the text node located between the start mark < ds: KeyName > and the end mark </ds: KeyName > of the key name node as the encryption key name, and decrypts the key ciphertext acquired in step 219, that is, "aaecawqfbbcgicqolda 0OD + citlb 3Wra1 duipxvox 2lef1 vmcmnpl 8 jwzqqgv" using a policy corresponding to "aes128-cbc", which is the encryption key algorithm information acquired in step 216, based on the key corresponding to the encryption key name "Pre-shared-key", to obtain the key plaintext "MTIzNA ═ g".

Step 223, the decoding apparatus searches the MAC value node from the key value node, and if the MAC value node is found, step 225 is executed; otherwise, step 224 is performed.

Specifically, the decoding apparatus may search for a start marker and an end marker of the MAC value node between start markers and end markers of the key value node, and if found, determine to find the MAC value node from the key value node; otherwise, determining that no MAC value node is found from the key value node.

For example, the decoding apparatus searches for a start flag < valumac > and an end flag </valumac > of a MAC value node between a start flag < Secret > and an end flag </Secret > of a key value node, and if found, determines to find the MAC value node from the key value node; otherwise, determining that no MAC value node is found from the key value node.

In step 224, the decoding apparatus saves the decrypted key plaintext.

For example, the decoding apparatus stores the key plaintext "MTIzNA ═ decrypted in step 222.

In step 225, the decoding apparatus obtains the text contents of the child nodes of the MAC value node as digest values.

Specifically, the decoding apparatus may acquire the text content of the text node located between the start flag and the end flag of the MAC value node as the digest value.

For example, the decoding apparatus acquires, as a digest value, the text content "Su + nvttqfvfjzf 6 bmqijolrexc ═ of a text node located between the start flag < ValueMAC > and the end flag </ValueMAC > of the MAC value node.

Step 226, the decoding device searches the MAC method node from the root node of the key file, and if the MAC method node is found, step 227 is executed; otherwise, the decoding device displays the error information and ends the process.

Specifically, the decoding device may search for the start marker and the end marker of the MAC method node between the start marker and the end marker of the root node of the ciphertext file, and if found, determine to find the MAC method node from the root node of the key file; otherwise, determining that the MAC method node is not found from the root node of the key file. And the root node of the ciphertext file is a key container node.

For example, the decoding apparatus searches for the start marker < MACMethod > and the end marker </MACMethod > of the MAC method node between the start marker < KeyContainer > and the end marker </KeyContainer > of the key container node, and if found, determines to find the MAC method node from the root node of the key file; otherwise, determining that the MAC method node is not found from the root node of the key file.

In step 227, the decoding apparatus obtains an attribute value of a MAC algorithm node in the MAC method node as MAC algorithm information.

Specifically, the decoding apparatus may use a key algorithm node located in the start flag of the MAC method node as an attribute node, and obtain an attribute value of the MAC algorithm node as MAC algorithm information.

For example, the decoding apparatus takes the MAC Algorithm node located in the start flag < MAC method > of the MAC method node, that is, "Algorithm-sha 1", as the attribute node, and acquires the attribute value of the MAC Algorithm node, that is, "hmac-sha1", as the MAC Algorithm information.

Step 228, the decoding apparatus searches for the MAC key node from the MAC method node, and if the MAC key node is found, step 229 is executed; otherwise, the decoding device displays the error information and ends the process.

Specifically, the decoding apparatus may search for the start marker and the end marker of the MAC key node between the start marker and the end marker of the MAC method node, and if found, determine to find the MAC key node from the MAC method node; otherwise, determining that the MAC key node is not found from the MAC method node.

For example, the decoding device searches the starting mark < MACKey > and the ending mark </MACKey > of the MAC key node between the starting mark < MACMethod > and the ending mark </MACMethod > of the MAC method node, and if the starting mark < MACKey > and the ending mark </MACMethod > are found, the decoding device determines that the MAC key node is found from the MAC method node; otherwise, determining that the MAC key node is not found from the MAC method node.

Step 229, the decoding apparatus searches the second encryption method node from the MAC key node, and if found, performs step 230; otherwise, the decoding device displays the error information and ends the process.

Specifically, the decoding apparatus may search for the second encryption method node between the start mark and the end mark of the MAC key node, and if found, determine to find the second encryption method node from the MAC key node; otherwise, determining that the second encryption method node is not found from the MAC key node.

For example, the decoding apparatus searches for a second encryption method node between the start marker < MACKey > and the end marker </MACKey > of the MAC key node, and if found, determines to find the second encryption method node from the MAC key node; otherwise, determining that the second encryption method node is not found from the MAC key node.

In step 230, the decoding apparatus obtains an attribute value of a second encryption key algorithm node in the second encryption method node as encryption key algorithm information.

Specifically, the decoding device may use a second encryption key algorithm node in the second encryption method node as an attribute node, and obtain an attribute value of the second encryption key algorithm node as encryption key algorithm information.

For example, the decoding apparatus takes the second encryption key Algorithm node "Algorithm ═ aes128-cbc" in the second encryption method node as an attribute node, and acquires the attribute value of the second encryption key Algorithm node, that is, "aes128-cbc" as the encryption key Algorithm information.

Step 231, the decoding apparatus searches the second cryptographic data node from the MAC key node, and if found, performs step 232; otherwise, the decoding device displays the error information and ends the process.

Specifically, the decoding apparatus may search for a start marker and an end marker of the second cryptographic data node between a start marker and an end marker of the MAC key node, and if found, determine to find the second cryptographic data node from the MAC key node; otherwise, determining that the second cipher data node is not found from the MAC key node.

For example, the decoding device searches a starting mark (CipherData) and an ending mark (CipherData) of a second password data node between a starting mark (MACKey) and an ending mark (MACKey) of the MAC key node, and if the starting mark (CipherData) and the ending mark (CipherData) are found, the decoding device determines to find the second password data node from the MAC key node; otherwise, determining that the second cipher data node is not found from the MAC key node.

Step 232, the decoding apparatus searches the second password value node from the second password data node, and if the second password value node is found, step 233 is executed; otherwise, the decoding device displays the error information and ends the process.

Specifically, the decoding apparatus may search for the start flag and the end flag of the second password value node between the start flag and the end flag of the second password data node, and if found, determine to find the second password value node from the second password data node; otherwise, it is determined that the second password value node is not found from the second password data node.

For example, the decoding device searches a starting mark (CipherValue) and an ending mark (CipherValue) of a second password value node between the starting mark (CipherData) and the ending mark (CipherData) of the second password data node, and if the starting mark (CipherData) and the ending mark (CipherData) of the second password data node are found, the decoding device determines to find the second password value node from the second password data node; otherwise, it is determined that the second password value node is not found from the second password data node.

In step 233, the decoding apparatus obtains the text content of the child node of the second password value node as the MAC key ciphertext.

Specifically, the decoding apparatus may acquire the text content of the text node located between the start flag and the end flag of the second password value node as the MAC key ciphertext.

For example, the decoding apparatus acquires the text content of the text node located between the start flag < xenc: CipherValue > and the end flag </xenc: CipherValue > of the second password value node, that is, "ESIzRFVmd 4iZABEiM0RVZgKn6WjLaTC1sbeBMSvIhRejn9vJa2BOlSaMrR7I5 wSX" as the MAC key ciphertext.

In step 234, the decoding device decrypts the acquired MAC key ciphertext using the policy corresponding to the acquired encryption key algorithm information, based on the key corresponding to the acquired encryption key name, to obtain the MAC key.

For example, the decoding apparatus decrypts the MAC key ciphertext obtained in step 233, that is, "esizrfvmvmd 4 iazabeim 0RVZgKn6 wjlattc 1 sbebmsvhrejn 9vJa2 bolsamrrr 7I5 wSX", using the policy corresponding to the encryption key algorithm information "aes128-cbc" obtained in step 230, based on the key corresponding to the encryption key name "Pre-shared-key" obtained in step 222, and obtains the MAC key.

And 235, the decoding device performs digest processing on the decrypted key plaintext according to the decrypted MAC key to obtain a digest value.

For example, the decoding apparatus performs digest processing on the key plaintext "MTIzNA ═ decrypted in step 222 based on the MAC key decrypted in step 234, and obtains a digest value" Su + NvtQfmvfJzF6bmQiJqoLRExc ═ g ".

Step 236, the decoding apparatus determines whether the digest value obtained by the digest processing is the same as the digest value obtained from the MAC value node, if so, step 237 is executed; otherwise, the decoding device displays the error information and ends the process.

For example, the decoding apparatus determines that the digest value "Su + nvtqfvmfjzf 6 bmqijolrexc" obtained by the digest processing in step 235 is the same as the digest value "Su + nvtqfvjzf 6 bmqijolrexc" obtained from the MAC value node in step 225.

In step 237, the decoding apparatus saves the decrypted key plaintext.

The invention achieves the following beneficial effects: the decoding device decodes the key file with the uniform format to obtain the key information, so that the authentication system can execute uniform processing flow on the key information configured by a plurality of equipment manufacturers, and the workload of the authentication system is reduced.

Further, in another embodiment of the present invention, after the decoding apparatus finds the key node from the key package node, the decoding apparatus may also find the issuer node from the key node, obtain the text content of the child node of the issuer node, and store the obtained text content as issuer information.

After the decoding device finds the equipment information node from the key packet node, the decoding device can also find the equipment user identification node from the equipment information node, obtain the text content of the child node of the equipment user identification node, and store the obtained text content as the equipment user identification.

After the decoding device finds the key packet node from the root node of the key file, the decoding device can also find the cryptographic module node from the key packet node, find the cryptographic module identification node from the cryptographic module node, obtain the text content of the child node of the cryptographic module identification node, and store the obtained text content as the cryptographic module identification.

After the decoding device finds the key node from the key packet node, the decoding device can also find the key user identification node from the key node, obtain the text content of the child node of the key user identification node, and store the obtained text content as the key user identification.

After the decoding device searches the key node from the key packet node, the decoding device can also search a strategy node from the key node, search a starting date node, an ending date node and a key use node from the strategy node, acquire the text content of the child node of the starting date node and store the acquired text content as the key starting date; acquiring text contents of child nodes of the ending date node, and storing the acquired text contents as the ending date of the key; and acquiring the text content of the child node of the key usage node, and storing the acquired text content as key usage information.

After the decoding device searches the key node from the key packet node, the decoding device can also search the algorithm parameter node from the key node, search the response code format node from the algorithm parameter node, obtain the attribute value of the response code length node in the response code format node, store the obtained attribute value as the length of the response code, obtain the attribute value of the response code coding information node in the response code format node, and store the obtained attribute value as the response code coding information;

correspondingly, after the decoding device searches the data node from the key node, the decoding device can also search a time node, a time interval node and a time offset node from the data node, search a second plaintext node from the time node, acquire the text content of the child node of the second plaintext node, and store the acquired text content as the initial value of the time factor; searching a third plaintext node from the time interval nodes, acquiring the text content of the child node of the third plaintext node, and storing the acquired text content as a time interval value; and searching a fourth plaintext node from the time offset node, acquiring the text content of the child node of the fourth plaintext node, and storing the acquired text content as an initial value of the time offset.

After the decoding device finds the data node from the key node, the decoding device can also find a counter node from the data node, find a fifth plaintext node from the counter node, obtain the text content of the child node of the fifth plaintext node, and store the obtained text content as the initial value of the event factor.

Based on the above working method of the device for implementing key information encoding, an embodiment of the present invention further provides an encoding device, as shown in fig. 7, including:

a reading module 710, configured to read manufacturer information, a device serial number, a key identifier, key algorithm information, and a key plaintext from a key attribute list of the key information;

a generating module 720, configured to generate a key container node, and add the key container node as a root node to a key file; generating a key packet node, and adding the key packet node into the key container node as a child node of the key container node; generating an equipment information node and a key node, and adding the equipment information node and the key node into the key packet node as child nodes of the key packet node;

generating a manufacturer node and a serial number node, and adding the manufacturer node and the serial number node into an equipment information node as child nodes of the equipment information node; adding the manufacturer information read by the reading module 710 as a text node into the manufacturer node, and adding the device serial number read by the reading module 710 as a text node into the serial number node;

generating a key algorithm node according to the key algorithm information read by the reading module 710, generating a key identification node according to the key identification read by the reading module 710, and adding the key identification node and the key algorithm node as attribute nodes into the key node; generating a data node, and adding the data node as a child node of the key node into the key node; generating a key value node, and adding the key value node into the data node as a child node of the data node;

an adding module 730, configured to add the key plaintext read by the reading module 710 or the key ciphertext corresponding to the key plaintext to the key value node.

Further, the reading module 710 is further configured to read a key transmission mode from the key information;

accordingly, the above coding apparatus further includes:

a first determining module 740, configured to determine whether the key transmission mode is plaintext transmission;

the adding module 730 is specifically configured to generate a first plaintext node when the first determining module 740 determines that the key transmission mode is plaintext transmission, add the first plaintext node as a child node of the key value node to the key value node, and add the key plaintext read by the reading module 710 as a text node to the first plaintext node.

Further, the reading module 710 is further configured to read an encryption key name and encryption key algorithm information from the key information;

the generating module 720 is further configured to generate an encryption key node, and add the encryption key node as a child node of the key container node to the key container node; generating a key name node, and adding the key name node as a child node of the encryption key node into the encryption key node; adding the encryption key name read by the reading module 710 as a text node to the key name node;

the adding module 730 is specifically configured to generate a ciphertext node when the first determining module 740 determines that the key transmission mode is not plaintext transmission, and add the ciphertext node as a child node of the key value node to the key value node; generating a first encryption method node and a first password data node, and adding the first encryption method node and the first password data node into a ciphertext node as child nodes of the ciphertext node; generating a first encryption key algorithm node according to the encryption key algorithm information read by the reading module 710, and adding the first encryption key algorithm node as an attribute node to a first encryption method node; generating a first password value node, and adding the first password value node into a first password data node as a child node of the first password data node; and encrypting a plaintext of the key by using a strategy corresponding to the algorithm information of the encryption key according to the key corresponding to the name of the encryption key, and adding a ciphertext of the encrypted key into the first password value node as a text node.

Further, the reading module 710 is further configured to read MAC algorithm information, encryption key algorithm information, and a MAC key from the key information;

correspondingly, the generating module 720 is further configured to generate a MAC method node, and add the MAC method node as a child node of the key container node to the key container node; generating an MAC algorithm node according to the MAC algorithm information read by the reading module 710, and adding the MAC algorithm node as an attribute node into an MAC method node; generating an MAC key node, and adding the MAC key node into an MAC method node as a child node of the MAC method node; generating a second encryption method node and a second password data node, and adding the second encryption method node and the second password data node as child nodes into the MAC key node; generating a second encryption key algorithm node according to the encryption key algorithm information read by the reading module 710, and adding the second encryption key algorithm node as an attribute node to a second encryption method node; generating a second password value node, and adding the second password value node into a second password data node as a child node of the second password data node; encrypting the MAC key read by the reading module 710 by using a strategy corresponding to encryption key algorithm information according to the key corresponding to the encryption key name read by the reading module 710, and adding a ciphertext obtained by encryption as a text node into a second password value node; generating an MAC value node, and adding the MAC value node as a child node of the key value node into the key value node; according to the MAC key read by the reading module 710, the key plaintext is subjected to digest processing by using a strategy corresponding to the MAC algorithm information read by the reading module 710, and the obtained digest value is added to the MAC value node as a text node.

Further, the encoding apparatus further includes:

a selecting module 750, configured to select an unprocessed key attribute list from the key information as a current list;

correspondingly, the reading module 710 is specifically configured to read manufacturer information, a device serial number, a key identifier, key algorithm information, and a key plaintext from the current list selected by the selecting module 750;

the above coding apparatus further includes:

a second determining module 760, configured to determine whether an unprocessed key attribute list exists in the key information after the adding module 730 adds the key plaintext or the key ciphertext corresponding to the key plaintext to the key value node, and if so, trigger the selecting module 750 to select an unprocessed key attribute list from the key information as a current list; otherwise, determining that the encoding is finished.

Correspondingly, the reading module 710 is further configured to read issuer information from the key attribute list;

the generating module 720 is further configured to generate an issuer node, add the issuer node to the key node as a child node of the key node, and add the issuer information to the issuer node as a text node.

Further, the reading module 710 is further configured to read a device user identifier from the key attribute list;

correspondingly, the generating module 720 is further configured to generate a device user identifier node, add the device user identifier node as a child node of the device information node to the device information node, and add the device user identifier as a text node to the device user identifier node.

Further, the reading module 710 is further configured to read the cryptographic module identifier from the key attribute list,

the generating module 720 is further configured to generate a cryptographic module node, add the cryptographic module node as a child node of the cryptographic key package node to the cryptographic key package node, generate a cryptographic module identifier node, add the cryptographic module identifier node as a child node of the cryptographic module node to the cryptographic module node, and add the cryptographic module identifier as a text node to the cryptographic module identifier node.

Further, the reading module 710 is further configured to read a key user identifier from the key attribute list;

correspondingly, the generating module 720 is further configured to generate a key user identifier node, add the key user identifier node as a child node of the key node to the key node, and add the key user identifier as a text node to the key user identifier node.

Further, the reading module 710 is further configured to read a key start date, a key end date, and key usage information from the key attribute list;

correspondingly, the generating module 720 is further configured to generate a policy node, add the policy node as a child node of the key node to the key node, generate a start date node, an end date node, and a key usage node, add the start date node, the end date node, and the key usage node to the policy node, add the key start date as a text node to the start date node, add the key end date as a text node to the end date node, and add the key usage information as a text node to the key usage node.

Further, the reading module 710 is further configured to read the response code length, the response code encoding information, the initial value of the time factor, the time interval value, and the initial value of the time offset from the key attribute list;

correspondingly, the generating module 720 is further configured to generate an algorithm parameter node, add the algorithm parameter node as a child node of the key node to the key node, generate a response code format node, add the response code format node as a child node of the algorithm parameter node to the algorithm parameter node, generate a response code length node according to the response code length, generate a response code encoding information node according to the response code encoding information, and add the response code length node and the response code encoding information node as attribute nodes to the response code format node; generating a time node, adding the time node as a child node of the data node into the data node, generating a second plaintext node, adding the second plaintext node as a child node of the time node into the time node, and adding an initial value of a time factor as a text node into the second plaintext node; generating a time interval node, adding the time interval node as a child node of the data node into the data node, generating a third plain text node, adding the third plain text node as a child node of the time interval node into the time interval node, and adding a time interval value as a text node into the third plain text node; and generating a time offset node, adding the time offset node as a child node of the data node into the data node, generating a fourth plaintext node, adding the fourth plaintext node as a child node of the time offset node into the time offset node, and adding an initial value of a time offset as a text node into the fourth plaintext node.

Further, the reading module 710 is further configured to read the length of the response code, the coding information of the response code, and the initial value of the event factor from the key attribute list;

correspondingly, the generating module 720 is further configured to generate an algorithm parameter node, add the algorithm parameter node as a child node of the key node to the key node, generate a response code format node, add the response code format node as a child node of the algorithm parameter node to the algorithm parameter node, generate a response code length node according to the response code length, generate a response code encoding information node according to the response code encoding information, and add the response code length node and the response code encoding information node as attribute nodes to the response code format node; and generating a counter node, adding the counter node into the data node as a child node of the data node, generating a fifth plaintext node, adding the fifth plaintext node into the counter node as a child node of the counter node, and adding an initial value of an event factor into the fifth plaintext node as a text node.

Based on the above working method of the device for implementing key information decoding, an embodiment of the present invention further provides a decoding device, as shown in fig. 8, including:

a searching module 810, configured to search a key package node from a root node of the key file, if the key package node is found, search an equipment information node from the key package node, search a manufacturer node and a serial number node from the equipment information node, and search a key node from the key package node; if the key node is found, searching a data node from the key node; if the data node is found, searching a key value node from the data node;

a first obtaining module 820, configured to obtain text contents of child nodes of a manufacturer node when the searching module 810 finds the manufacturer node, and store the obtained text contents as manufacturer information; when the searching module 810 searches the serial number node, text contents of child nodes of the serial number node are obtained, and the obtained text contents are stored as an equipment serial number; when the searching module 810 searches for the key node, the attribute value of the key algorithm node in the key node is obtained, and the obtained attribute value is stored as key algorithm information; acquiring an attribute value of a key identifier node in the key node, and storing the acquired attribute value as a key identifier;

a second obtaining module 830, configured to, when the searching module 810 finds the key value node, obtain the plaintext of the key from the key value node for storage,

a display module 840, configured to display error information when the search module 810 does not find the key package node, the key node, the data node, or the key value node.

Specifically, the second obtaining module 830 is specifically configured to search a plaintext node from the key value node, obtain text contents of child nodes of the plaintext node, and store the obtained text contents as a plaintext key.

Or,

searching a cipher text node from the key value node, searching a first encryption method node and a first cipher data node from the cipher text node, acquiring an attribute value of a first encryption key algorithm node in the first encryption method node as encryption key algorithm information, searching the first cipher value node from the first cipher data node, and acquiring text contents of child nodes of the first cipher value node as a cipher text;

searching an encryption key node from a root node of a key file, searching a key name node from the encryption key node, acquiring the text content of a child node of the key name node as an encryption key name, and decrypting a key ciphertext by using a strategy corresponding to encryption key algorithm information according to a key corresponding to the encryption key name to obtain a key plaintext.

Further, the searching module 810 is further configured to search, after finding the key value node from the data nodes, the MAC value node from the key value node, the MAC method node from the root node of the key file, the MAC key node from the MAC method node, the second encryption method node and the second password data node from the MAC key node, and the second password value node from the second password data node;

correspondingly, the first obtaining module 820 is further configured to obtain text contents of child nodes of the MAC value node as digest values, obtain attribute values of MAC algorithm nodes in the MAC method node as MAC algorithm information, obtain attribute values of second encryption key algorithm nodes in the second encryption method node as encryption key algorithm information, obtain text contents of child nodes of the second password value node as MAC key ciphertexts, and decrypt the MAC key ciphertexts by using a policy corresponding to the encryption key algorithm information according to keys corresponding to encryption key names to obtain MAC keys;

the decoding apparatus described above further includes:

the digest module 850 is configured to digest a key plaintext according to the MAC key acquired by the first acquisition module 820;

a determining module 860, configured to determine whether the digest value obtained by the digest processing performed by the digest module 850 is the same as the digest value obtained by the first obtaining module 820 from the MAC value node;

the second obtaining module 830 is specifically configured to obtain a key ciphertext from the key value node, decrypt the key ciphertext to obtain a key plaintext, and store the key plaintext when the determining module 860 determines that the digest value obtained by the digest processing of the digest module 850 is the same as the digest value obtained by the first obtaining module 820 from the MAC value node in the key value node;

the display module 840 is further configured to display an error message when the determining module 860 determines that the digest value obtained by the digest processing performed by the digest module 850 is different from the digest value obtained by the first obtaining module 820 from the MAC value node of the key value nodes.

Further, the searching module 810 is further configured to search the issuer node from the key node after the key node is found from the key package node;

correspondingly, the first obtaining module 820 is further configured to obtain the text content of the child node of the issuer node when the searching module 810 finds the issuer node, and store the obtained text content as issuer information.

Further, the searching module 810 is further configured to search the device user identifier node from the device information node after the device information node is searched from the key package node;

correspondingly, the first obtaining module 820 is further configured to, when the searching module 810 finds the device user identifier node, obtain text contents of child nodes of the device user identifier node, and store the obtained text contents as the device user identifier.

Further, the searching module 810 is further configured to search the cryptographic module node from the cryptographic module node after searching the cryptographic key package node from the root node of the cryptographic key file, and search the cryptographic module identifier node from the cryptographic module node;

correspondingly, the first obtaining module 820 is further configured to, when the searching module 810 finds the cryptographic module identifier node, obtain text contents of child nodes of the cryptographic module identifier node, and store the obtained text contents as the cryptographic module identifier.

Further, the searching module 810 is further configured to search the key user identifier node from the key node after the key node is found from the key package node;

correspondingly, the first obtaining module 820 is further configured to, when the searching module 810 finds the key user identifier node, obtain text contents of child nodes of the key user identifier node, and store the obtained text contents as the key user identifier.

Further, the searching module 810 is further configured to search the policy node from the key node after the key node is found from the key package node, and search the start date node, the end date node, and the key usage node from the policy node;

correspondingly, the first obtaining module 820 is further configured to, when the searching module 810 finds the start date node, obtain the text content of the child node of the start date node, and store the obtained text content as the start date of the key; when the search module 810 searches for the end date node, the text content of the child node of the end date node is obtained, and the obtained text content is stored as the key end date; when the search module 810 searches for the key usage node, the text content of the child node of the key usage node is acquired, and the acquired text content is stored as the key usage information.

Further, the searching module 810 is further configured to search the algorithm parameter node from the key node after the key node is found from the key package node, and search the response code format node from the algorithm parameter node; after the data node is searched from the key node, searching a time node, a time interval node and a time offset node from the data node, searching a second plaintext node from the time node, searching a third plaintext node from the time interval node and searching a fourth plaintext node from the time offset node;

correspondingly, the first obtaining module 820 is further configured to, when the searching module 810 searches for a response code format node, obtain an attribute value of a response code length node in the response code format node, store the obtained attribute value as a response code length, obtain an attribute value of a response code coding information node in the response code format node, and store the obtained attribute value as response code coding information; when the searching module 810 searches for the second plaintext node, the text content of the child node of the second plaintext node is acquired, and the acquired text content is stored as the initial value of the time factor; when the searching module 810 searches for the third plaintext node, the text content of the child node of the third plaintext node is acquired, and the acquired text content is stored as a time interval value; when the searching module 810 searches for the fourth plaintext node, the text content of the child node of the fourth plaintext node is acquired, and the acquired text content is stored as the initial value of the time offset.

Further, the searching module 810 is further configured to search the algorithm parameter node from the key node after the key node is found from the key package node, and search the response code format node from the algorithm parameter node; after the data node is searched from the key node, searching a counter node from the data node, and searching a fifth plaintext node from the counter node;

correspondingly, the first obtaining module 820 is further configured to, when the searching module 810 searches for a response code format node, obtain an attribute value of a response code length node in the response code format node, store the obtained attribute value as a response code length, obtain an attribute value of a response code coding information node in the response code format node, and store the obtained attribute value as response code coding information; when the searching module 810 searches for the fifth plaintext node, the text content of the child node of the fifth plaintext node is acquired, and the acquired text content is stored as the initial value of the event factor.

The steps of a method described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in Random Access Memory (RAM), memory, Read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.

The above description is only for the specific embodiments of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present invention, and all the changes or substitutions should be covered within the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.

Claims

1. An operating method of a device for realizing key information coding is characterized by comprising the following steps:

2. The method of claim 1, wherein prior to the encoding device plaintext adding the key into the key value node, further comprising:

the coding device reads a key transmission mode from the key information and judges that the key transmission mode is plaintext transmission;

the encoding apparatus adds the key plaintext to the key value node, specifically:

the encoding apparatus generates a first plaintext node, adds the first plaintext node as a child node of the key value node to the key value node, and adds the key plaintext as a text node to the first plaintext node.

3. The method of claim 1, wherein after the step S1, the method further comprises:

the coding device reads a key transmission mode from the key information and judges that the key transmission mode is not plaintext transmission;

the encoding device generates an encryption key node, and adds the encryption key node to the key container node as a child node of the key container node; the encoding device generates a key name node, and adds the key name node to the encryption key node as a child node of the encryption key node; the encoding device reads an encryption key name from the key information, and adds the encryption key name as a text node to the key name node;

the encoding device adds a key ciphertext corresponding to the key plaintext to the key value node, specifically:

the encoding device generates a ciphertext node, and adds the ciphertext node to the key value node as a child node of the key value node;

the coding device generates a first encryption method node and a first password data node, and the first encryption method node and the first password data node are used as child nodes of the ciphertext node to be added into the ciphertext node; the coding device reads encryption key algorithm information from the key information, generates a first encryption key algorithm node according to the encryption key algorithm information, and adds the first encryption key algorithm node as an attribute node to the first encryption method node; the coding device generates a first password value node, and the first password value node is used as a child node of the first password data node and is added into the first password data node; and the coding device encrypts the key plaintext by using a strategy corresponding to the encryption key algorithm information according to a key corresponding to the encryption key name, and adds a key ciphertext obtained by encryption as a text node to the first password value node.

4. The method of claim 3, wherein step S2 is preceded by the steps of:

the encoding device generates an MAC method node, and adds the MAC method node to the key container node as a child node of the key container node;

the encoding device reads MAC algorithm information from the key information, generates an MAC algorithm node according to the MAC algorithm information, and adds the MAC algorithm node as an attribute node to the MAC method node; the encoding device generates an MAC key node, and adds the MAC key node into the MAC method node as a child node of the MAC method node; the coding device generates a second encryption method node and a second password data node, and the second encryption method node and the second password data node are used as child nodes to be added into the MAC key node; the coding device reads encryption key algorithm information from the key information, generates a second encryption key algorithm node according to the encryption key algorithm information, and adds the second encryption key algorithm node as an attribute node to the second encryption method node; the coding device generates a second password value node, and the second password value node is used as a child node of the second password data node and is added into the second password data node; the encoding device reads an MAC key from the key information, encrypts the MAC key by using a strategy corresponding to the encryption key algorithm information according to a key corresponding to the encryption key name, and adds a ciphertext obtained by encryption as a text node to the second password value node;

after the encoding apparatus generates the key value node, the method further includes:

the encoding device generates a MAC value node, and adds the MAC value node as a child node of the key value node into the key value node;

and the encoding device performs digest processing on the key plaintext by using a strategy corresponding to the MAC algorithm information according to the MAC key, and adds the obtained digest value as a text node to the MAC value node.

5. The method of claim 1, wherein step S2 is preceded by:

s7, the coding device selects an unprocessed key attribute list from the key information as a current list;

the encoding device reads manufacturer information and an equipment serial number from a key attribute list of key information, and specifically comprises:

the coding device reads manufacturer information and an equipment serial number from a current list;

the encoding device reads a key identifier, key algorithm information and a key plaintext from the key attribute list, and specifically includes:

the encoding device reads a key identifier, key algorithm information and a key plaintext from a current list;

after the step S6, the method further includes:

the encoding apparatus determines whether or not there is an unprocessed key attribute list in the key information, and if so, returns to step S7; otherwise, the flow ends.

6. The method of claim 1, wherein after the encoding apparatus generates the key node, further comprising:

the encoding apparatus generates an issuer node, adds the issuer node to the key node as a child node of the key node, reads issuer information from the key attribute list, and adds the issuer information to the issuer node as a text node.

7. The method of claim 1, wherein after the encoding means generates the device information node, further comprising:

and the coding device generates an equipment user identification node, adds the equipment user identification node into the equipment information node as a child node of the equipment information node, reads an equipment user identification from the key attribute list, and adds the equipment user identification into the equipment user identification node as a text node.

8. The method of claim 1, wherein after the encoding device generates the key packet node, further comprising:

the coding device generates a cryptographic module node, adds the cryptographic module node as a child node of the cryptographic module node to the cryptographic module node, generates a cryptographic module identification node, adds the cryptographic module identification node as a child node of the cryptographic module node to the cryptographic module node, reads a cryptographic module identification from the key attribute list, and adds the cryptographic module identification as a text node to the cryptographic module identification node.

9. The method of claim 1, wherein after the encoding apparatus generates the key node, further comprising:

the encoding device generates a key user identification node, adds the key user identification node to the key node as a child node of the key node, reads a key user identification from the key attribute list, and adds the key user identification to the key user identification node as a text node.

10. The method of claim 1, wherein after the encoding apparatus generates the key node, further comprising:

the encoding apparatus generates a policy node, adds the policy node to the key node as a child of the key node, generates a start date node, an end date node, and a key use node, adds the start date node, the end date node, and the key use node to the policy node as children of the policy node, reads a key start date, a key end date, and key use information from the key attribute list, adds the key start date to the start date node as a text node, adds the key end date to the end date node as a text node, and adds the key use information to the key use node as a text node.

11. The method of claim 1, wherein after the encoding apparatus generates the key node, further comprising:

the coding device generates an algorithm parameter node, the algorithm parameter node is used as a child node of the key node and added into the key node, a response code format node is generated, the response code format node is used as a child node of the algorithm parameter node and added into the algorithm parameter node, the length of a response code and the coding information of the response code are read from the key attribute list, a length node of the response code is generated according to the length of the response code, a coding information node of the response code is generated according to the coding information of the response code, and the length node of the response code and the coding information node of the response code are used as attribute nodes and added into the format node of the response code;

after the encoding apparatus generates the data node, the encoding apparatus further includes:

the encoding device generates a time node, adds the time node as a child node of the data node to the data node, generates a second plaintext node, adds the second plaintext node as a child node of the time node to the time node, reads an initial value of a time factor from the key attribute list, and adds the initial value of the time factor as a text node to the second plaintext node;

the encoding device generates a time interval node, adds the time interval node as a child node of the data node to the data node, generates a third plaintext node, adds the third plaintext node as a child node of the time interval node to the time interval node, reads a time interval value from the key attribute list, and adds the time interval value as a text node to the third plaintext node;

the encoding device generates a time offset node, adds the time offset node as a child node of the data node to the data node, generates a fourth plaintext node, adds the fourth plaintext node as a child node of the time offset node to the time offset node, reads an initial value of a time offset from the key attribute list, and adds the initial value of the time offset as a text node to the fourth plaintext node.

12. The method of claim 1, wherein after the encoding apparatus generates the key node, further comprising:

the encoding device generates a counter node, adds the counter node as a child node of the data node to the data node, generates a fifth plaintext node, adds the fifth plaintext node as a child node of the counter node to the counter node, reads an initial value of an event factor from the key attribute list, and adds the initial value of the event factor as a text node to the fifth plaintext node.

13. An operating method of a device for realizing key information decoding is characterized by comprising the following steps:

14. The method according to claim 13, wherein the decoding apparatus obtains a key plaintext from the key value node for saving, specifically:

the decoding device searches a first plaintext node from the key value node, obtains the text content of the child node of the first plaintext node, and stores the obtained text content as the key plaintext.

15. The method according to claim 13, wherein the decoding apparatus obtains a key ciphertext from the key value node, decrypts the key ciphertext, and stores a key plaintext obtained by decryption, specifically:

the decoding device searches a cipher text node from the key value node, searches a first encryption method node and a first cipher data node from the cipher text node, acquires an attribute value of a first encryption key algorithm node in the first encryption method node as encryption key algorithm information, searches a first cipher value node from the first cipher data node, and acquires text contents of child nodes of the first cipher value node as a cipher text;

the decoding device searches an encryption key node from a root node of the key file, searches a key name node from the encryption key node, obtains text contents of child nodes of the key name node as an encryption key name, and decrypts the key ciphertext by using a strategy corresponding to the encryption key algorithm information according to a key corresponding to the encryption key name to obtain a key plaintext.

16. The method of claim 15, wherein after the decoding apparatus finds a key value node from the data nodes, further comprising:

the decoding device searches an MAC method node from a root node of the key file, acquires an attribute value of an MAC algorithm node in the MAC method node as MAC algorithm information, searches an MAC key node from the MAC method node, searches a second encryption method node and a second password data node from the MAC key node, acquires an attribute value of the second encryption key algorithm node in the second encryption method node as encryption key algorithm information, searches a second password value node from the second password data node, acquires text contents of child nodes of the second password value node as an MAC key ciphertext, and decrypts the MAC key ciphertext by using a strategy corresponding to the encryption key algorithm information in the second encryption method node according to a key corresponding to the encryption key name to acquire an MAC key;

the decoding device digests the key plaintext according to the MAC key, judges whether the digest value obtained by digest processing is the same as the digest value obtained from the MAC value node in the key value node, and stores the key plaintext if the digest value is the same as the digest value obtained from the MAC value node in the key value node; otherwise, displaying error information and ending the process.

17. The method as claimed in claim 13, wherein said decoding apparatus, after finding a key node from said key packet node, further comprises:

the decoding device searches for an issuer node from the key nodes, acquires text contents of child nodes of the issuer node, and stores the acquired text contents as issuer information.

18. The method as claimed in claim 13, wherein said decoding means, after finding the device information node from the key packet node, further comprises:

and the decoding device searches the equipment user identification node from the equipment information node, acquires the text content of the child node of the equipment user identification node, and stores the acquired text content as the equipment user identification.

19. The method as claimed in claim 13, wherein said decoding apparatus, after finding the key package node from the root node of the key file, further comprises:

and the decoding device searches the cipher module node from the cipher key packet node, searches the cipher module identification node from the cipher module node, acquires the text content of the child node of the cipher module identification node, and stores the acquired text content as the cipher module identification.

20. The method as claimed in claim 13, wherein said decoding apparatus, after finding a key node from said key packet node, further comprises:

and the decoding device searches a key user identification node from the key nodes, acquires the text content of the child node of the key user identification node, and stores the acquired text content as the key user identification.

21. The method as claimed in claim 13, wherein said decoding apparatus, after finding a key node from said key packet node, further comprises:

the decoding device searches strategy nodes from the key nodes, searches a starting date node, an ending date node and a key use node from the strategy nodes, obtains the text content of the child nodes of the starting date node, and stores the obtained text content as the key starting date; acquiring the text content of the child node of the ending date node, and storing the acquired text content as the ending date of the key; and acquiring the text content of the child node of the key usage node, and storing the acquired text content as key usage information.

22. The method as claimed in claim 13, wherein said decoding apparatus, after finding a key node from said key packet node, further comprises:

the decoding device searches algorithm parameter nodes from the key nodes, searches response code format nodes from the algorithm parameter nodes, obtains attribute values of response code length nodes in the response code format nodes, saves the obtained attribute values as response code lengths, obtains attribute values of response code coding information nodes in the response code format nodes, and saves the obtained attribute values as response code coding information;

after the decoding apparatus finds the data node from the key node, the decoding apparatus further includes:

the decoding device searches a time node, a time interval node and a time offset node from the data node, searches a second plaintext node from the time node, acquires the text content of the child node of the second plaintext node, and stores the acquired text content as the initial value of the time factor; searching a third plaintext node from the time interval nodes, acquiring text contents of child nodes of the third plaintext node, and storing the acquired text contents as time interval values; and searching a fourth plaintext node from the time offset node, acquiring the text content of the child node of the fourth plaintext node, and storing the acquired text content as an initial value of the time offset.

23. The method as claimed in claim 13, wherein said decoding apparatus, after finding a key node from said key packet node, further comprises:

the decoding device searches for a counter node from the data node, searches for a fifth plaintext node from the counter node, acquires text contents of child nodes of the fifth plaintext node, and stores the acquired text contents as initial values of event factors.

24. An encoding apparatus, comprising:

25. The encoding apparatus of claim 24,

the reading module is further configured to read a key transmission mode from the key information;

the encoding apparatus further includes:

the first judgment module is used for judging whether the secret key transmission mode is plaintext transmission;

the adding module is specifically configured to generate a first plaintext node when the first determining module determines that the key transmission mode is plaintext transmission, add the first plaintext node as a child node of the key value node to the key value node, and add the key plaintext read by the reading module as a text node to the first plaintext node.

26. The encoding apparatus of claim 24,

the reading module is further used for reading a key transmission mode, an encryption key name and encryption key algorithm information from the key information;

the encoding apparatus further includes:

the generation module is further configured to generate an encryption key node, and add the encryption key node to the key container node as a child node of the key container node; generating a key name node, and adding the key name node as a child node of the encryption key node into the encryption key node; adding the encryption key name read by the reading module into the key name node as a text node;

the adding module is specifically configured to generate a ciphertext node when the first determining module determines that the key transmission mode is not plaintext transmission, and add the ciphertext node as a child node of the key value node to the key value node; generating a first encryption method node and a first password data node, and adding the first encryption method node and the first password data node into the ciphertext node as child nodes of the ciphertext node; generating a first encryption key algorithm node according to the encryption key algorithm information read by the reading module, and adding the first encryption key algorithm node as an attribute node into the first encryption method node; generating a first password value node, and adding the first password value node as a child node of the first password data node into the first password data node; and encrypting the plaintext of the key by using a strategy corresponding to the algorithm information of the encryption key according to the key corresponding to the name of the encryption key, and adding a cipher text of the key obtained by encryption as a text node into the first cipher value node.

27. The encoding apparatus of claim 26,

the reading module is further used for reading the MAC algorithm information, the encryption key algorithm information and the MAC key from the key information;

the generation module is further configured to generate an MAC method node, and add the MAC method node to the key container node as a child node of the key container node; generating an MAC algorithm node according to the MAC algorithm information read by the reading module, and adding the MAC algorithm node as an attribute node into the MAC method node; generating an MAC key node, and adding the MAC key node into the MAC method node as a child node of the MAC method node; generating a second encryption method node and a second password data node, and adding the second encryption method node and the second password data node as child nodes into the MAC key node; generating a second encryption key algorithm node according to the encryption key algorithm information read by the reading module, and adding the second encryption key algorithm node as an attribute node into the second encryption method node; generating a second password value node, and adding the second password value node into the second password data node as a child node of the second password data node; encrypting the MAC key read by the reading module by using a strategy corresponding to the encryption key algorithm information according to the key corresponding to the encryption key name read by the reading module, and adding a ciphertext obtained by encryption as a text node into the second password value node; generating a MAC value node, and adding the MAC value node as a child node of the key value node into the key value node; and according to the MAC key read by the reading module, carrying out digest processing on the key plaintext by using a strategy corresponding to the MAC algorithm information read by the reading module, and adding the obtained digest value serving as a text node into the MAC value node.

28. The encoding apparatus of claim 24, further comprising:

a selection module, configured to select an unprocessed key attribute list from the key information as a current list;

the reading module is specifically used for reading manufacturer information, an equipment serial number, a key identifier, key algorithm information and a key plaintext from the current list selected by the selection module;

the encoding apparatus further includes:

a second determining module, configured to determine whether an unprocessed key attribute list exists in the key information after the adding module adds the key plaintext or a key ciphertext corresponding to the key plaintext to the key value node, and if so, trigger the selecting module to select an unprocessed key attribute list from the key information as a current list; otherwise, determining that the encoding is finished.

29. The encoding apparatus of claim 24,

the reading module is further used for reading issuer information from the key attribute list;

the generation module is further configured to generate an issuer node, add the issuer node to the key node as a child node of the key node, and add the issuer information to the issuer node as a text node.

30. The encoding apparatus of claim 24,

the reading module is further configured to read a device user identifier from the key attribute list;

the generation module is further configured to generate an equipment user identifier node, add the equipment user identifier node to the equipment information node as a child node of the equipment information node, and add the equipment user identifier to the equipment user identifier node as a text node.

31. The encoding apparatus of claim 24,

the reading module is also used for reading the identification of the cryptographic module from the key attribute list,

the generation module is further configured to generate a cryptographic module node, add the cryptographic module node as a child node of the cryptographic module node to the cryptographic module node, generate a cryptographic module identifier node, add the cryptographic module identifier node as a child node of the cryptographic module node to the cryptographic module node, and add the cryptographic module identifier as a text node to the cryptographic module identifier node.

32. The encoding apparatus of claim 24,

the reading module is further configured to read a key user identifier from the key attribute list;

the generation module is further configured to generate a key user identifier node, add the key user identifier node as a child node of the key node to the key node, and add the key user identifier as a text node to the key user identifier node.

33. The encoding apparatus of claim 24,

the reading module is further used for reading a key starting date, a key ending date and key use information from the key attribute list;

the generation module is further configured to generate a policy node, add the policy node as a child node of the key node to the key node, generate a start date node, an end date node, and a key usage node, add the start date node, the end date node, and the key usage node as child nodes of the policy node to the policy node, add the key start date as a text node to the start date node, add the key end date as a text node to the end date node, and add the key usage information as a text node to the key usage node.

34. The encoding apparatus of claim 24,

the reading module is further configured to read a response code length, response code encoding information, an initial value of a time factor, a time interval value, and an initial value of a time offset from the key attribute list;

the generation module is further configured to generate an algorithm parameter node, add the algorithm parameter node as a child node of the key node to the key node, generate a response code format node, add the response code format node as a child node of the algorithm parameter node to the algorithm parameter node, generate a response code length node according to the response code length, generate a response code encoding information node according to the response code encoding information, and add the response code length node and the response code encoding information node as attribute nodes to the response code format node; generating a time node, adding the time node as a child node of the data node into the data node, generating a second plaintext node, adding the second plaintext node as a child node of the time node into the time node, and adding an initial value of the time factor as a text node into the second plaintext node; generating a time interval node, adding the time interval node as a child node of the data node into the data node, generating a third plain node, adding the third plain node as a child node of the time interval node into the time interval node, and adding the time interval value as a text node into the third plain node; generating a time offset node, adding the time offset node as a child node of the data node to the data node, generating a fourth plaintext node, adding the fourth plaintext node as a child node of the time offset node to the time offset node, and adding an initial value of the time offset as a text node to the fourth plaintext node.

35. The encoding apparatus of claim 24,

the reading module is further configured to read the length of the response code, the encoding information of the response code, and the initial value of the event factor from the key attribute list;

the generation module is further configured to generate an algorithm parameter node, add the algorithm parameter node as a child node of the key node to the key node, generate a response code format node, add the response code format node as a child node of the algorithm parameter node to the algorithm parameter node, generate a response code length node according to the response code length, generate a response code encoding information node according to the response code encoding information, and add the response code length node and the response code encoding information node as attribute nodes to the response code format node; generating a counter node, adding the counter node as a child node of the data node into the data node, generating a fifth plaintext node, adding the fifth plaintext node as a child node of the counter node into the counter node, and adding an initial value of the event factor as a text node into the fifth plaintext node.

36. A decoding apparatus, comprising:

the searching module is used for searching a key package node from a root node of a key file, searching an equipment information node from the key package node if the key package node is searched, searching a manufacturer node and a serial number node from the equipment information node, and searching a key node from the key package node; if the key node is found, searching a data node from the key node; if the data node is found, searching a key value node from the data node;

37. The decoding apparatus of claim 36,

the second obtaining module is specifically configured to search a first plaintext node from the key value node, obtain text contents of child nodes of the first plaintext node, and store the obtained text contents as a key plaintext.

38. The decoding apparatus of claim 36,

the second obtaining module is specifically configured to search a ciphertext node from the key value node, search a first encryption method node and a first password data node from the ciphertext node, obtain an attribute value of a first encryption key algorithm node in the first encryption method node as encryption key algorithm information, search the first password value node from the first password data node, and obtain text contents of child nodes of the first password value node as a key ciphertext;

searching an encryption key node from a root node of the key file, searching a key name node from the encryption key node, acquiring the text content of a child node of the key name node as an encryption key name, and decrypting the key ciphertext by using a strategy corresponding to the encryption key algorithm information according to a key corresponding to the encryption key name to obtain a key plaintext.

39. The decoding apparatus of claim 38,

the search module is further configured to search for a MAC value node from the key value node after searching for the key value node from the data nodes, search for a MAC method node from a root node of the key file, search for a MAC key node from the MAC method node, search for a second encryption method node and a second password data node from the MAC key node, and search for a second password value node from the second password data node;

the first obtaining module is further configured to obtain text contents of child nodes of the MAC value node as digest values, obtain attribute values of MAC algorithm nodes in the MAC method node as MAC algorithm information, obtain attribute values of second encryption key algorithm nodes in the second encryption method node as encryption key algorithm information, obtain text contents of child nodes of the second password value node as MAC key ciphertexts, and decrypt the MAC key ciphertexts by using a policy corresponding to the encryption key algorithm information in the second encryption method node according to keys corresponding to the encryption key names to obtain MAC keys;

the decoding apparatus further includes:

the digest module is used for performing digest processing on the key plaintext according to the MAC key acquired by the first acquisition module;

the judging module is used for judging whether the abstract value obtained by the abstract processing of the abstract module is the same as the abstract value obtained by the first obtaining module from the MAC value node;

the second obtaining module is specifically configured to obtain a key ciphertext from the key value node, decrypt the key ciphertext to obtain a key plaintext, and store the key plaintext when the judging module judges that an digest value obtained by digest processing of the digest module is the same as a digest value obtained by the first obtaining module from an MAC value node in the key value node;

the display module is further configured to display error information when the judgment module judges that the digest value obtained by the digest processing of the digest module is different from the digest value obtained by the first obtaining module from the MAC value node in the key value node.

40. The decoding apparatus of claim 36,

the searching module is further configured to search the issuer node from the key node after the key node is found from the key package node;

the first obtaining module is further configured to obtain the text content of the child node of the issuer node when the issuer node is found by the searching module, and store the obtained text content as issuer information.

41. The decoding apparatus of claim 36,

the searching module is further configured to search the device user identifier node from the device information node after the device information node is searched from the key packet node;

the first obtaining module is further configured to obtain text contents of child nodes of the device user identifier node when the searching module finds the device user identifier node, and store the obtained text contents as a device user identifier.

42. The decoding apparatus of claim 36,

the searching module is further configured to search a cryptographic module node from the cryptographic package node after searching the cryptographic package node from the root node of the key file, and search a cryptographic module identifier node from the cryptographic module node;

the first obtaining module is further configured to obtain text contents of child nodes of the cryptographic module identifier node when the searching module finds the cryptographic module identifier node, and store the obtained text contents as the cryptographic module identifier.

43. The decoding apparatus of claim 36,

the searching module is further configured to search a key user identifier node from the key node after the key node is found from the key package node;

the first obtaining module is further configured to obtain text contents of child nodes of the key user identifier node when the searching module finds the key user identifier node, and store the obtained text contents as the key user identifier.

44. The decoding apparatus of claim 36,

the searching module is further configured to search a policy node from the key node after the key node is found from the key package node, and search a start date node, an end date node, and a key usage node from the policy node;

the first obtaining module is further configured to obtain text contents of child nodes of the start date node when the search module finds the start date node, and store the obtained text contents as a key start date; when the search module finds the ending date node, the text content of the child node of the ending date node is obtained, and the obtained text content is used as the key ending date to be stored; and when the searching module finds the key usage node, acquiring the text content of the child node of the key usage node, and storing the acquired text content as key usage information.

45. The decoding apparatus of claim 36,

the searching module is further configured to search an algorithm parameter node from the key node after the key node is found from the key package node, and search a response code format node from the algorithm parameter node; after finding a data node from the key node, finding a time node, a time interval node and a time offset node from the data node, finding a second plaintext node from the time node, finding a third plaintext node from the time interval node, and finding a fourth plaintext node from the time offset node;

the first obtaining module is further configured to, when the search module finds the response code format node, obtain an attribute value of a response code length node in the response code format node, store the obtained attribute value as a response code length, obtain an attribute value of a response code coding information node in the response code format node, and store the obtained attribute value as response code coding information; when the searching module searches the second plaintext node, acquiring text contents of child nodes of the second plaintext node, and storing the acquired text contents as initial values of time factors; when the searching module searches the third plaintext node, acquiring text contents of child nodes of the third plaintext node, and storing the acquired text contents as time interval values; and when the searching module searches the fourth plaintext node, acquiring the text content of the child node of the fourth plaintext node, and storing the acquired text content as an initial value of the time offset.

46. The decoding apparatus of claim 36,

the searching module is further configured to search an algorithm parameter node from the key node after the key node is found from the key package node, and search a response code format node from the algorithm parameter node; after the data node is found from the key node, a counter node is found from the data node, and a fifth plaintext node is found from the counter node;

the first obtaining module is further configured to, when the search module finds the response code format node, obtain an attribute value of a response code length node in the response code format node, store the obtained attribute value as a response code length, obtain an attribute value of a response code coding information node in the response code format node, and store the obtained attribute value as response code coding information; and when the searching module searches the fifth plaintext node, acquiring the text content of the child node of the fifth plaintext node, and storing the acquired text content as the initial value of the event factor.