| 摘要 |
A method for generating data encryption keys providing an increased level of security and versatility is provided for use with data communications between a server and a client. According to this method, a Master Key (MK) is stored in a secured area that is inaccessible to external systems. Also stored in this secured area are several Series Numbers (SN). Based on one of several offered mechanisms, an SN is selected. The selected SN is then encrypted by a conventional data encryption algorithm, such as Data Encryption Standard (DES), using the MK. Through use of the MK, the SN is encrypted by the algorithm to generate a Derived Key (DK). The DK is then used in a second conventional data encryption algorithm. This second algorithm is used to encrypt data that is to be exchanged with an external system, or used to authenticate access. It may also be used to generate an electronic signature. |
