CN101515319B - Cipher key processing method, cipher key cryptography service system and cipher key consultation method - Google Patents

Cipher key processing method, cipher key cryptography service system and cipher key consultation method Download PDF

Info

Publication number
CN101515319B
CN101515319B CN 200810057854 CN200810057854A CN101515319B CN 101515319 B CN101515319 B CN 101515319B CN 200810057854 CN200810057854 CN 200810057854 CN 200810057854 A CN200810057854 A CN 200810057854A CN 101515319 B CN101515319 B CN 101515319B
Authority
CN
China
Prior art keywords
key
special construction
information
construction key
unit
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN 200810057854
Other languages
Chinese (zh)
Other versions
CN101515319A (en
Inventor
李希喆
田宏萍
谢巍
谷云
毛兴中
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Lenovo Beijing Ltd
Original Assignee
Lenovo Beijing Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Lenovo Beijing Ltd filed Critical Lenovo Beijing Ltd
Priority to CN 200810057854 priority Critical patent/CN101515319B/en
Publication of CN101515319A publication Critical patent/CN101515319A/en
Application granted granted Critical
Publication of CN101515319B publication Critical patent/CN101515319B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Abstract

The invention discloses a cipher key processing method, which is applicable to the situation that a binding relation exists between a fixed hardware safety unit and a movable hardware safety unit. The method comprises the following steps: acquiring a cipher key before carrying out a cryptography service; acquiring a purpose range, and checking whether the application range belongs to a preset purpose range of the cipher key to obtain a first checking result; obtaining a life cycle, and checking whether the life cycle belongs to a preset life cycle of the cipher key to obtain a second checking result; obtaining an application range, and checking whether the application range belongs to a preset application range of the cipher key to obtain a third checking result; and when the first, the second and the third checking results are positive, performing the cryptography service. The cipher key processing method, a cipher key cryptography service system and a cipher key consultation method satisfy the safety of the cipher key used by the hardware safety units.

Description

Cipher key processing method, cipher key cryptography service system and cryptographic key negotiation method
Technical field
The present invention relates to a kind of key, refer to a kind of cipher key processing method especially, based on the cryptography service system and the cryptographic key negotiation method of key.
Background technology
Active computer and other equipment are in order to guarantee the safety of equipment of itself, and all portion is provided with safety chip within it, is written into platform credential in safety chip inside, and platform credential externally is used to provide the platform identify label.When computing machine or other equipment and third party device communicated, the platform credential of safety chip inside can provide the identify label of computing machine or other equipment selfs for third party device.This safety chip is fixed hardware security unit.
The key that existing fixed hardware security unit produces refers generally to comprise key itself, key attribute, and platform information such as owner's password, and the key strategy of whether encrypting, whether signing.Though the key of this structure can satisfy user's basic demand, if this key is lost, the fixed hardware security unit that produces this key also can't be taked further remedial measures.
The existing fixed hardware safe unit can only use key that needs are sent or the data of migration are encrypted.And the security of being somebody's turn to do the key of encrypting usefulness is lower, is easy to be decrypted, and can't satisfy the requirement of existing high safety grade system.
Summary of the invention
The purpose of this invention is to provide a kind of cipher key processing method, based on cryptography service system and the cryptographic key negotiation method and the system of key, be used to satisfy the security of the used key of hardware safe unit.
On the one hand, the specific embodiment of the invention provides a kind of disposal route of key, be applicable to the situation that has binding relationship between fixed hardware security unit and the mobile hardware safe unit, described key comprises: the public and private key of unsymmetrical key to or symmetric key, create the platform information of the establishment platform of special construction key, the purposes scope of described key, the life cycle of described key, the scope of application of described key, the disposal route of described key comprises:
Before carrying out the cryptography service, obtain described key;
Obtain described purposes scope, and whether the described purposes scope of verification belong to the predefined purposes scope of described key, obtain first check results;
Obtain described life cycle, and whether verification belong to described key predefined life cycle described life cycle, obtain second check results;
Obtain the described scope of application, and whether the described scope of application of verification belong to the predefined scope of application of described key, obtain the 3rd check results;
When described first, second is the situation that is with the 3rd check results, carry out described cryptography service.
Preferably, described life cycle, be specially: the access times restriction of key;
And/or, restriction service time of key;
And/or whether key is stored;
And/or whether key is destroyed after using;
And/or, with limiting of specific key or particular verified information according to the relation of genus.
Preferably, the described scope of application is specially: the use object of described key;
And/or, the safe class that described key uses;
And/or, the migrating objects of described key;
And/or, the migration circle of described key;
And/or can described key as father's key of other platforms.
Preferably, described when described first, second and the 3rd check results are the situation that is, also comprise before carrying out the service of described cryptography: obtain described platform information, and whether the described platform information of verification conform to the platform information of current platform, obtain the 4th check results;
Described platform information comprises sequence number, and/or father's cipher key feature, and/or algorithm information, and/or binding information, and/or check information, and/or owner's password.
Preferably, described before obtaining described key step before the service of execution cryptography, also comprise:
By described binding relationship described key is migrated to described mobile hardware safe unit from described fixed hardware security unit.
Preferably, described key also comprises log record, described cipher key processing method also comprises: write down the transition process information in the described key migration process of described fixed hardware security unit record renewal, and described transition process information is recorded in the described log record.
Preferably, when described binding relationship changed, described fixed hardware security unit and described mobile hardware safe unit were checked the described key of storage separately.
Preferably, this cipher key processing method also comprises: confirm whether described key has check information, as have check information, then the described check information of verification.
Preferably, described key migrates to described mobile hardware safe unit by described binding relationship from described fixed hardware security unit with plaintext or ciphertext form.
On the other hand, the specific embodiment of the invention provides a kind of cryptography service system based on key, is applicable to the situation that has binding relationship between fixed hardware security unit and the mobile hardware safe unit, and described cryptography service system based on key comprises:
Key acquiring unit, be used for before carrying out the cryptography service, obtaining described key, described key comprises: the public and private key of unsymmetrical key to or symmetric key, create the platform information of the establishment platform of described key, the purposes scope of described key, the life cycle of described key, the scope of application of described key;
Purposes scope verification unit is used to obtain described purposes scope, and whether the described purposes scope of verification belong to the predefined purposes scope of described key, obtains first check results;
Life cycle, verification unit was used to obtain described life cycle, and whether verification belong to described key predefined life cycle described life cycle, obtained second check results;
Scope of application verification unit is used to obtain the described scope of application, and whether the described scope of application of verification belong to the predefined scope of application of described key, obtains the 3rd check results;
Professional performance element is used for carrying out described cryptography service when described first, second is the situation that is with the 3rd check results.
Preferably, comprise described life cycle: the access times restriction of key; And/or, restriction service time of key; And/or whether key is stored; And/or whether key is destroyed after using; And/or, with limiting of specific key or particular verified information according to the relation of genus.
Preferably, the described scope of application comprises: the use object of described key; And/or, the safe class that described key uses; And/or, the migrating objects of described key; And/or, the migration circle of described key; And/or can described key as father's key of other platforms.
Preferably, described cryptography service system based on key also comprises the platform information verification unit that is connected with described professional performance element, be used to obtain described platform information, and whether the described platform information of verification conform to the platform information of current platform, obtain the 4th check results; Wherein, when described professional performance element is the situation that is in the described first, second, third and the 4th check results, carry out described cryptography service;
Described platform information comprises sequence number, and/or father's cipher key feature, and/or algorithm information, and/or binding information, and/or check information, and/or owner's password.
The disposal route of the described key of the embodiment of the invention was obtained described key before carrying out the cryptography service; Comprise and obtain described purposes scope, obtain described life cycle, obtain three steps of the described scope of application, and can determine whether to carry out described cryptography service according to the check results of described purposes scope, life cycle, the scope of application.In case key has exceeded the scope or do not belong to the scope of application of key life cycle that is provided with when using, this key can not carry out the encryption and decryption operation, the operation that can select abort operation or destroy described key guarantees the security that described key uses, the security that has improved key.
Description of drawings
Fig. 1 is the described cipher key processing method process flow diagram of first embodiment of the invention;
Fig. 2 is the described cipher key processing method process flow diagram of second embodiment of the invention;
Fig. 3 is the described cryptography service system structural drawing based on key of the embodiment of the invention;
Fig. 4 is the described cryptographic key negotiation method process flow diagram of the embodiment of the invention.
Embodiment
The invention provides a kind of cipher key processing method, be used to satisfy the security of the used key of hardware safe unit.
Referring to Fig. 1, this figure is the cipher key processing method first embodiment process flow diagram of the present invention.
The described cipher key processing method of first embodiment of the invention, be applicable to the situation that has binding relationship between fixed hardware security unit and the mobile hardware safe unit, described key comprises: the public and private key of unsymmetrical key to or symmetric key, create the platform information of the establishment platform of described special construction key, the purposes scope of described key, the life cycle of described key, the scope of application of described key.
Described key comprises the key attribute of the information such as platform information of key algorithm, Key Tpe, key length, key password, key correspondence.
The platform information that key is created platform comprises platform information itself, also comprises PCR, perhaps sequence number, perhaps Owner (owner's password), perhaps father's cipher key feature, perhaps information such as algorithm information, perhaps more than the combination in any of various information.
When described key is that the platform information that described key is created platform can also comprise this binding information when having the fixed hardware security unit establishment of binding relationship with the mobile hardware safe unit.
Described key can be used for carrying out various cryptography services, includes but not limited to: data are carried out encryption and decryption, signature, checking etc.
The described cipher key processing method of first embodiment of the invention may further comprise the steps:
S110, before carrying out the cryptography service, obtain described key.
S120, obtain described purposes scope, and whether the described purposes scope of verification belong to the predefined purposes scope of described key, obtain first check results.
The purposes scope of described key can comprise whether encrypting usefulness, the usefulness of whether signing, and whether this key can move.
S130, obtain described life cycle, and whether verification belong to described key predefined life cycle described life cycle, obtain second check results
The life cycle of described key, be specially: the access times that key itself is set; Perhaps is set the service time of key itself; Whether key itself perhaps is set stores; Perhaps be provided with and whether destroy; Perhaps the genus of complying with of setting and specific key or particular verified information concerns, perhaps the combination in any of above each setting operation.
Can be according to belong to concern relevant with described binding relationship, specific key, specific PCR etc. described life cycle.
S140, obtain the described scope of application, and whether the described scope of application of verification belong to the predefined scope of application of described key, obtain the 3rd check results.
The scope of application of described key is specially: the use object that described key itself is set; The migrating objects of described key itself perhaps is set; The migration circle of described key itself perhaps is set; Can described key itself perhaps is set as father's key of other platforms, perhaps the combination in any of above each setting operation.The scope of application of the key of described setting itself can not be rewritten, and can the person of being created and user's verification.
S150, when described first, second and the 3rd check results are the situation that is, carry out described cryptography service.
The disposal route of the described key of the embodiment of the invention was obtained described key before carrying out the cryptography service; Comprise and obtain described purposes scope, obtain described life cycle, obtain three steps of the described scope of application, and can determine whether to carry out described cryptography service according to the check results of described purposes scope, life cycle, the scope of application.In case key has exceeded the scope or do not belong to the scope of application of key life cycle that is provided with when using, this key can not carry out the encryption and decryption operation, the operation that can select abort operation or destroy described key guarantees the security that described key uses, the security that has improved key.
Several strategies that will produce this key regulation are for example: the purposes scope of described key, the life cycle of described key, the scope of application of described key etc. all configures, and can be to set by the dialog box of upper layer application prompting, also can be by selecting to set specific strategy.
The above-mentioned definite strategy and the request that produces are issued fixed hardware security unit by TSS (TPM Software Stack, the software protocol stack of trusted root).
Fixed hardware security unit is checked user's legal identity, whether reexamine the fixed hardware security unit internal resource enough, whether the described strategy that reexamines customer requirements is legal, if above-mentioned any one have problem, then return an ErrCode (error logging), and can tell the reason of makeing mistakes.
The inner opening space of fixed hardware security unit is used to deposit described key, if can not open up this space, then returns an ErrCode, and can tell the reason of makeing mistakes.
Produce public and private key to or symmetric key, i.e. " key itself ".Deposit this part data to above-mentioned space of opening up.Return an ErrCode if produce failure, tell the reason of makeing mistakes.
Referring to Fig. 2, this figure is the described cipher key processing method process flow diagram of second embodiment of the invention.
The difference of relative first embodiment of cipher key processing method second embodiment of the present invention is, before the step of carrying out described cryptography service, also comprise: obtain described platform information, and whether the described platform information of verification conform to the platform information of current platform, obtains the 4th check results.
The described cipher key processing method of second embodiment of the invention specifically may further comprise the steps:
S110, before carrying out the cryptography service, obtain described key.
S120, obtain described purposes scope, and whether the described purposes scope of verification belong to the predefined purposes scope of described key, obtain first check results.
The purposes scope of described key can comprise whether encrypting usefulness, the usefulness of whether signing, and whether this key can move.
S130, obtain described life cycle, and whether verification belong to described key predefined life cycle described life cycle, obtain second check results
The life cycle of described key, be specially: the access times that key itself is set; Perhaps is set the service time of key itself; Whether key itself perhaps is set stores; Perhaps be provided with and whether destroy; Perhaps the genus of complying with of setting and specific key or particular verified information concerns, perhaps the combination in any of above each setting operation.
Can be according to belong to concern relevant with described binding relationship, specific key, specific PCR etc. described life cycle.
S140, obtain the described scope of application, and whether the described scope of application of verification belong to the predefined scope of application of described key, obtain the 3rd check results.
The scope of application of described key is specially: the use object that described key itself is set; The migrating objects of described key itself perhaps is set; The migration circle of described key itself perhaps is set; Can described key itself perhaps is set as father's key of other platforms, perhaps the combination in any of above each setting operation.The scope of application of the key of described setting itself can not be rewritten, and can the person of being created and user's verification.
S160, obtain described platform information, and whether the described platform information of verification conform to the platform information of current platform, obtain the 4th check results.
Described platform information comprises sequence number, and/or father's cipher key feature, and/or algorithm information, and/or binding information, and/or check information, and/or owner's password.
S170, when the described first, second, third and the 4th check results is the situation that is, carry out described cryptography service.
Binding relationship between fixed hardware security unit and the mobile hardware safe unit can be set up as follows:
S210, the mobile hardware safe unit that characterizes user's identity is set.
The mobile hardware safe unit can be the identification safety chip in USBKey or the smart card, and USBKey or smart card can be by the USBKey of server authorizes identity or smart card.
Have an identification safety chip in USBKey or the smart card, this identification safety chip can obtain the authentication of server.Server is to the verification process of identification safety chip: the digital certificates that comprise the key that stamped signature uses of this identification safety chip Download Server distribution, the user is by password or other authentication means fingerprint recognition for example, confirm user's identity of USBKey, obtain the exercise of power of key.
When the user when described server is submitted data to, need carry out the digital certificates stamped signature to these data, this stamped signature will be as the important evidence of confirming the described operation of user.
This identification safety chip can be used as the mobile hardware safe unit.
Identification safety chip in the USBKey can produce user's key, this ciphered data of secret key decryption that can only authorize with this user.
S220, the fixed hardware security unit based on computing machine or other equipment of characterization platform identity is set.
Computing machine or other device interiors are provided with the land identification safety chip, and land identification safety chip inside is written into platform credential, are responsible for externally providing the platform identify label.This land identification safety chip can be used as fixed hardware security unit.
Described mobile hardware safe unit and fixed hardware security unit are created both-way communication pipeline.
Described mobile hardware safe unit and fixed hardware security unit can be created both-way communication pipeline by the means of exchange of public keys.
So-called exchange of public keys, give the mobile hardware safe unit PKI Ka of fixed hardware security unit exactly, give fixed hardware security unit the PKI Kb of mobile hardware safe unit, mobile hardware safe unit and fixed hardware security unit private key Ka ', Kb ' separately oneself keeps.
Described mobile hardware safe unit and fixed hardware security unit can also be created both-way communication pipeline by the means of key agreement.
In unsafe environment, cipher key system is through being usually used in to the information encryption that sends needing corresponding decruption key to decrypts information to reach security and integrality requirement the receiving party.
Traditional cipher key system is called as single cipher key system, is characterized in encryption key and decruption key can derive the mutually sender and the recipient of information.
In single cipher key system, the member can enough cipher key shared enciphered messages pass to other members again, if but both sides' distance is far, be not easy to set up the key session.
1976, Whit Diffie and Martin Hellman proposed Diffie-Hellman algorithm (being called for short DH) jointly, and this is a kind of two side's Internet Key Exchange Protocol, is used for two peer-entities negotiating about cipher key shared safely.DH algorithm essence is the agreement that a communicating pair carries out cryptographic key agreement, and the DH algorithm security is based on the difficulty of calculating discrete logarithm on the Galois field.
The Diffie-Hellman Internet Key Exchange Protocol is as follows:
At first, Alice and Bob both sides arrange 2 big Integer n and g, 1<g<n wherein, and these two integers need not to maintain secrecy, and then, carry out following processes:
1) Alice selects a big integer x (maintaining secrecy) at random, and calculates X=gx mod n;
2) Bob selects a big integer y (maintaining secrecy) at random, and calculates Y=gy mod n;
3) Alice sends to Bob to X, and Bob sends to Alice to Y;
4) Alice calculating K=Yx mod n;
5) Bob calculating K=Xy mod n.
K promptly is a cipher key shared.
Prison hearer Oscar can only listen to X and Y on network, but can't pass through X, and Y calculates x and y, and therefore, Oscar can't calculate K=gxy mod n.
Described communication pipe can be upgraded or abolishment by described mobile hardware safe unit or fixed hardware security unit.Described communication pipe also can or be abolished by described mobile hardware safe unit and the common renewal of fixed hardware security unit.
The communication pipe renewal process: described mobile hardware safe unit or fixed hardware security unit send to the other side by described communication pipe with former encryption keys new key, re-use new cipher key communication, and described communication pipe has been realized renewal.
The communication pipe delete procedure: directly original key deletion, described communication pipe is discarded for described mobile hardware safe unit or fixed hardware security unit.
The condition that certain described communication pipe can also be set according to described mobile hardware safe unit or fixed hardware security unit is such as predetermined amount of time or pre-determined number, upgrades or abolishes.When time or data interaction number of times reached predetermined amount of time or pre-determined number, described communication pipe upgraded or abolishes.
When described mobile hardware safe unit and fixed hardware security unit are created both-way communication pipeline, described mobile hardware safe unit or fixed hardware security unit can be set section effective time of both-way communication pipeline, for example preestablish 1 hour and be section effective time of both-way communication pipeline, after the time arrived 1 hour, described both-way communication pipeline was promptly abolished.
When described mobile hardware safe unit and fixed hardware security unit were created both-way communication pipeline, described mobile hardware safe unit or fixed hardware security unit can be set the valid data interaction times of both-way communication pipeline.It is the valid data interaction times that for example described mobile hardware safe unit or fixed hardware security unit are set 100 times, after the data interaction number of times between described mobile hardware safe unit and the fixed hardware security unit reached 100 times, described both-way communication pipeline was promptly abolished.
When described mobile hardware safe unit and fixed hardware security unit were created both-way communication pipeline, described mobile hardware safe unit or fixed hardware security unit can be set requirement update time of both-way communication pipeline.For example preestablish 1 hour and be requirement update time of both-way communication pipeline, when the time arrives 1 hour, promptly reached the update condition of both-way communication pipeline so, described both-way communication pipeline will be upgraded according to predefined update content.
When described mobile hardware safe unit and fixed hardware security unit were created both-way communication pipeline, the update condition that described mobile hardware safe unit or fixed hardware security unit can be set both-way communication pipeline was the data interaction number of times between described mobile hardware safe unit and the fixed hardware security unit.For example state the setting of mobile hardware safe unit or fixed hardware security unit and be the update condition of both-way communication pipeline 100 times, so after the data interaction number of times between described mobile hardware safe unit and the fixed hardware security unit reaches 100 times, promptly reached the update condition of both-way communication pipeline, described both-way communication pipeline will be upgraded according to predefined update content.
Described communication pipe can also be according to the common condition of setting of described mobile hardware safe unit and fixed hardware security unit such as predetermined amount of time or pre-determined number, upgrades or abolishes.When time or data interaction number of times reached predetermined amount of time or pre-determined number, described communication pipe upgraded or abolishes.
The common condition of setting of described mobile hardware safe unit and fixed hardware security unit, can be that described mobile hardware safe unit and fixed hardware security unit are consulted the condition determined mutually, also can be that condition and the fixed hardware security unit that described mobile hardware safe unit is set set another condition, when two conditions satisfy jointly, just carry out the corresponding operation of upgrading or abolishing.
Described mobile hardware safe unit and fixed hardware security unit are mutual by unique identifying information, realize binding mutually.
The unique identifying information that is specially described mobile hardware safe unit alternately of described unique identifying information sends to described fixed hardware security unit, and the unique identifying information of described mobile hardware safe unit is discerned and write down to described fixed hardware security unit.The unique identifying information of described fixed hardware security unit sends to described mobile hardware safe unit simultaneously, and the unique identifying information of described fixed hardware security unit is discerned and write down to described mobile hardware safe unit.This process of discerning mutually and writing down is the constructive process of binding between described mobile hardware safe unit and the described fixed hardware security unit.
The unique identifying information of described mobile hardware safe unit unique identifying information or described fixed hardware security unit carries out mutual after can handling by cryptography method again.Mutual content can be by cryptographic method, carries out some assorted, encryptions of mixing, expansion, operations such as HASH, HMAC, the result who handles.With result's mutual " exchange " of described processing, be re-used as the foundation of binding, identification.Certainly, raw information can not handled yet, and directly carries out " exchange ".
Described mobile hardware safe unit unique identifying information and described fixed hardware security unit unique identifying information carry out mutual after all can handling by cryptography method again.
Described mobile hardware safe unit and described fixed hardware security unit can be undertaken alternately by unique identifying informations such as certificate, key, ID, passwords, realize binding mutually.
Because after above-mentioned communication pipe was set up, all communication all was required to carry out in described communication pipe.And described communication pipe is through encrypting, and in fact binding is exactly a process of identification and record mutually, remembers that the other side fixes, unique separately from each other and identifiable information, or the HASH value of these information.
Binding between described mobile hardware safe unit and the described fixed hardware security unit can be inquired about or be deleted.
Described mobile hardware safe unit is with, unique and identifiable information fixing by the described fixed hardware security unit of input, or the HASH value of these information inquires about between described fixed hardware security unit and the described mobile hardware safe unit whether have binding relationship.
Described fixed hardware security unit is with, unique and identifiable information fixing by the described mobile hardware safe unit of input, or the HASH value of these information inquires about between described mobile hardware safe unit and the described fixed hardware security unit whether have binding relationship.
Binding between described mobile hardware safe unit and described fixed hardware security unit deletion is meant that described mobile hardware safe unit or described fixed hardware security unit delete the unique identifying information of described fixed hardware security unit or described mobile hardware safe unit.
Binding between described mobile hardware safe unit and the described fixed hardware security unit also can be upgraded by condition ground (as timing, fixed inferior) or be discarded, with the safety of assurance binding.
Binding between described mobile hardware safe unit and the described fixed hardware security unit can be set section effective time of described binding, for example preestablishes 1 hour and is section effective time of described binding, and after the time arrived 1 hour, described binding was promptly abolished.
Binding between described mobile hardware safe unit and the described fixed hardware security unit can be set the valid data interaction times between described mobile hardware safe unit and the described fixed hardware security unit.It is the valid data interaction times that for example described mobile hardware safe unit or fixed hardware security unit are set 100 times, and after the data interaction number of times between described mobile hardware safe unit and the fixed hardware security unit reached 100 times, described binding was promptly abolished.
Binding between described mobile hardware safe unit and the described fixed hardware security unit can be set requirement update time of described binding.For example preestablish 1 hour and be requirement update time of described binding, when the time arrives 1 hour, promptly reached the update condition of described binding so, described both-way communication pipeline will be upgraded according to predefined update content.
The update condition that binding between described mobile hardware safe unit and the described fixed hardware security unit can be set described binding is the data interaction number of times between described mobile hardware safe unit and the fixed hardware security unit.For example state the setting of mobile hardware safe unit or fixed hardware security unit and be the update condition of described binding 100 times, so after the data interaction number of times between described mobile hardware safe unit and the fixed hardware security unit reaches 100 times, promptly reached the update condition of described binding, described binding will be upgraded according to predefined update content.
Be pre-created key by the described fixed hardware security unit of described binding relationship.
Described key can comprise: platform information, key purposes, cryptographic key existence cycle, the key scope of application of key itself, key attribute, establishment platform.
The key attribute can comprise the information such as platform information of key algorithm, Key Tpe, key length, key password, key correspondence.Key itself can be the public and private key created to or symmetric key.
The platform information that key is created platform comprises platform information itself, also comprises PCR, perhaps sequence number, perhaps Owner (owner's password), perhaps father's cipher key feature, perhaps information such as algorithm information.
The platform information that key is created platform also can comprise information such as platform information itself, PCR, sequence number, Owner, father's cipher key feature and algorithm information.
When described key is that the platform information that described key is created platform can also comprise this binding information when having the fixed hardware security unit establishment of binding relationship with the mobile hardware safe unit.
The key purposes can be whether key encrypts usefulness, the usefulness of whether signing, and whether this key can move.
The cryptographic key existence cycle is specifically as follows: the access times that key itself is set; Perhaps is set the service time of key itself; Whether key itself perhaps is set stores; Perhaps be provided with and whether destroy; Perhaps setting and specific key or particular verified information concerns according to belonging to.
The described life cycle that key itself is set, the access times of key itself can be set also; Also is set the service time of key itself; Whether key itself also is set stores; Also be provided with and whether destroy; Also setting and specific key or particular verified information concerns according to belonging to.
Can be according to belong to concern relevant with described binding relationship, specific key, specific PCR etc. described life cycle.
The key scope of application is specifically as follows: the use object that described key itself is set; The migrating objects of described key itself perhaps is set; The migration circle of described key itself perhaps is set; Can described key itself perhaps is set as father's key of other platforms.The scope of application of the key of described setting itself can not be rewritten, and can the person of being created and user's verification.
The described scope of application that key itself is set also can be provided with the use object of described key itself; The migrating objects of described key itself is set; The migration circle of described key itself is set; Can simultaneously described key itself is set again as father's key of other platforms.
Fixed hardware security unit carries out verification according to the residing platform information of described fixed hardware security unit of storage inside and the platform information of described key record to key.
When described key was used, described fixed hardware security unit carried out verification according to the platform information of the usage platform of the application of its storage inside and the platform information of described key record.As find that this key exceeds the scope of above-mentioned information record, can handle by selecting operations such as abort operation or destruction key.
Described key migrates to described mobile hardware safe unit by described binding relationship from described fixed hardware security unit.
Described key can migrate to the mobile hardware safe unit with plaintext or ciphertext form.
Described fixed hardware security unit has the key K eyA under the unbundling relation, described key K eyA is moved to described mobile hardware safe unit according to described binding relationship, and described mobile hardware safe unit is handled described key K eyA according to the inherently safe strategy;
Perhaps, described mobile hardware safe unit has the key K eyA under the unbundling relation, described key K eyA is moved to described fixed hardware security unit according to described binding relationship, and described fixed hardware security is single to be handled described key K eyA according to the inherently safe strategy.
Described fixed hardware security unit or described mobile hardware safe unit may store the key that produces under the unbundling collaboration mode.Mobile hardware safe unit for example, an external key K eyA who moves from the third party is arranged, when this key moves to fixed hardware security unit by the mobile hardware safe unit, fixed hardware security unit can be judged the processing mode of selection to KeyA according to security strategy of oneself or user's intervention.Processing mode can be refusal migration, only preservation, limited use, the normal use.
The described cipher key processing method of the embodiment of the invention before obtaining described key step before the service of execution cryptography, can also comprise:
By described binding relationship described key is migrated to described mobile hardware safe unit from described fixed hardware security unit.
Described key also comprises log record, and this method can also comprise: write down the transition process information in the described key migration process of described fixed hardware security unit record renewal, and described transition process information is recorded in the described log record.
Key strategy according to log record is provided with key; Carry out the initialization of the key strategy of log record then.
Described fixed hardware security unit can also write down the transition process information of upgrading in the described key migration process.And described transition process information is recorded in the log record of described key.
The described cipher key processing method of the embodiment of the invention can also comprise: confirm whether described key has check information, as have check information, then the described check information of verification.
Binding relationship between described fixed hardware security unit and mobile hardware safe unit changes, and described fixed hardware security unit and described mobile hardware safe unit are checked the described key of storage separately and managed.
The described cipher key processing method of the embodiment of the invention, described key migrates to described mobile hardware safe unit by described binding relationship from described fixed hardware security unit with plaintext or ciphertext form.
When fixed hardware security unit has an external key K eyA who moves from the third party, when this key moves to the mobile hardware safe unit by fixed hardware security unit, the mobile hardware safe unit can be judged the processing mode of selection to KeyA according to security strategy of oneself or user's intervention.Processing mode can be refusal migration, only preservation, limited use, the normal use.
Described key can move in described binding relationship and use, and record upgrades the transition process information in the described key migration process.
Be supported in the binding relationship migration and use as a key, then in transition process, need record transition process information, specifically comprise platform information, sequence number, Owner or the like the information of migration side.And need upgrade this partial information of key.
Key migration uses pattern: key can by expressly or decrypted the other side be plaintext, migrate to another hardware safe unit, and, be subjected to the platform management and the use of described another hardware safe unit according to the intrinsic condition of key.
The key migration storage mode: key also can be by another hardware safe unit that migrates to of ciphertext, and accept the management of described another hardware safe unit, but in the time of can't in the environment of described another hardware safe unit, using, moved and to be used with the cipher key cache zone of the safety enough as just migration side.
In migration and follow-up key use, the both sides of participation will have the use of pair key to write down and recall required enough spaces and ability.
Described key migration and use exist with ... described binding relationship.Described binding relationship creates, discarded, upgrade after, described fixed hardware security unit and described mobile hardware safe unit will be checked and manage the key of self storage.
The plaintext that described fixed hardware security unit and mobile hardware safe unit send needs uses key separately to carry out superencipher and/or signature.
The ciphertext that described fixed hardware security unit and mobile hardware safe unit send needs uses key separately to carry out secondary deciphering and/or checking.
When the cryptography service is provided, for example add, decipher or sign or verify, can under user's intervention or predefined strategy, provide: expressly separately encrypt, sign, separately deciphering of ciphertext, checking.
Fixedly safe hardware unit and mobile hardware safe unit use key separately to carry out superencipher or dual signature, carry out secondary deciphering or secondary checking.
Fixedly safe hardware unit in safe hardware unit and the mobile hardware safe unit is with key K eyA encrypting plaintext, and it is digital envelope that another safe hardware unit is responsible for the KeyA encrypted process.Guarantee that with this digital envelope fixedly safe hardware unit and mobile hardware safe unit exists simultaneously and authorizes, this cryptography service just can move, and further improves security.
Described fixed hardware security unit or mobile hardware safe unit send to the some or all of ciphertext form with data block of described key the opposing party's hardware safe unit of described binding relationship.
For particular key KeyX, fixed hardware security unit or mobile hardware safe unit can as data block, be transferred to the ciphertext of its some characteristic KeyX-Half or whole KeyX another hardware safe unit and encrypt.When using this key, need described another hardware safe unit at first to decrypt the ciphertext of KeyX-Half or KeyX, just can obtain complete KeyX.Can guarantee also that with this fixedly safe hardware unit and mobile hardware safe unit exist simultaneously and authorize, this cryptography service just can move, and further improves security.
The invention provides a kind of cryptography service system, be used to satisfy the security of the used key of hardware safe unit based on key.Referring to Fig. 3, this figure is the described cryptography service system structural drawing based on key of the embodiment of the invention.
The described cryptography service system based on key of the embodiment of the invention is applicable to the situation that has binding relationship between fixed hardware security unit and the mobile hardware safe unit.
The described cryptography service system based on key of the embodiment of the invention comprises key acquiring unit 11, professional performance element 12, purposes scope verification unit 13, life cycle verification unit 14 and scope of application verification unit 15.
Key acquiring unit 11, be used for before carrying out certain cryptography service, obtaining and the relevant key of described cryptography service, described key comprises: the public and private key of unsymmetrical key to or symmetric key, create the platform information of the establishment platform of described key, the purposes scope of described key, the life cycle of described key, the scope of application of described key.
Purposes scope verification unit 13 is used to obtain described purposes scope, and whether the described purposes scope of verification belong to the predefined purposes scope of described key, obtains first check results.
Life cycle, verification unit 14, were used to obtain described life cycle, and whether verification belong to described key predefined life cycle described life cycle, obtained second check results.
Comprise described life cycle: whether restriction service time of the restriction of the access times of key, key, key are stored, whether key is destroyed after using and with specific key or particular verified information according to belonging to one or more in the relation restriction.
Scope of application verification unit 15 is used to obtain the described scope of application, and whether the described scope of application of verification belong to the predefined scope of application of described key, obtains the 3rd check results.
The described scope of application comprises: what can the migration circle of the safe class that the use object of described key, described key use, the migrating objects of described key, described key and described key as in father's key of other platforms is one or more.
Professional performance element 12 is used for carrying out described cryptography service when described first, second is the situation that is with the 3rd check results.
The described cryptography service system based on key of the embodiment of the invention comprises the purposes scope verification unit 13 of obtaining described purposes scope, obtain described life cycle life cycle, verification unit 14, obtain the scope of application verification unit 15 of the described scope of application, and can determine whether to carry out described cryptography service by professional performance element 12 according to the check results of described purposes scope, life cycle, the scope of application.In case key has exceeded the scope or do not belong to the scope of application of key life cycle that is provided with when using, this key can not carry out the encryption and decryption operation, the operation that can select abort operation or destroy described key guarantees the security that described key uses, the security that has improved key.
The described cryptography service system of the embodiment of the invention based on key, can also comprise: the platform information verification unit 16 that is connected with described professional performance element 12, be used to obtain described platform information, and whether the described platform information of verification conform to the platform information of current platform, obtains the 4th check results.Wherein, when described professional performance element 12 is the situation that is in the described first, second, third and the 4th check results, carry out described cryptography service.
Described platform information comprises the one or more information in sequence number, father's cipher key feature, algorithm information, binding information, check information and the owner's password.
The invention provides a kind of cryptographic key negotiation method, be used to satisfy the security of the used key of hardware safe unit.
Referring to Fig. 4, this figure is the described cryptographic key negotiation method process flow diagram of the embodiment of the invention.
The described cryptographic key negotiation method of the embodiment of the invention is applicable to the situation that has binding relationship between fixed hardware security unit and the mobile hardware safe unit, and described machinery of consultation comprises:
S310, described fixed hardware security unit or described mobile hardware safe unit are with some or all of the opposing party who sends to described binding relationship with the ciphertext form of data block of described key.
S320, described fixed hardware security unit and described mobile hardware safe unit negotiate the key that real data is carried out encryption and decryption by the means of key agreement.
Described fixed hardware security unit and described mobile hardware safe unit are grasped unsymmetrical key A1 respectively, A2 and B1, and B2, unsymmetrical key A1, A2, B1, B2 are the keys that is saved.By key A 1, A2, B1, B2 can negotiate key A 3 or key B3, (annotate: A3=B3).In actual the use, use key A 3 or B3 that real data is carried out cryptographic operation.Just use key A 3 if described fixed hardware security unit is encrypted, just use key B3 if described mobile hardware safe unit is encrypted.Key A 3, B3 is the key that real data is carried out encryption and decryption.Key A 1, A2, B1, B2 are used to produce key A 3, B3, and be not used in real data encrypting and deciphering.If key A 3, B3 is saved, in the time of deciphering, and the key A 3 that described fixed hardware security unit or described mobile hardware safe unit utilization are preserved, B3 can finish decryption work.
If key A 3, B3 goes out of use, in the time of deciphering, also must described fixed hardware security unit and described mobile hardware safe unit together, with key A 1, A2, B1, B2 consult out key A 3 once more, B3 just can decipher.So, encryption and decryption all needs described fixed hardware security unit and described mobile hardware safe unit fellowship, and which side is lost all and can not finish encryption and decryption work for described fixed hardware security unit and described mobile hardware safe unit, therefore improves security.
Described key uses under the authorization simultaneously at described fixed hardware security unit and described mobile hardware safe unit.Key after the use can be abandoned or be preserved.If select to preserve, when then using this secret key decryption, only need preservation side's permission of hardware safe unit to use.If select to discard, then when deciphering, also need fixed hardware security unit and mobile hardware safe unit key agreement once more.
The above only is a preferred implementation of the present invention, does not constitute the qualification to protection domain of the present invention.Any any modification of being done within the spirit and principles in the present invention, be equal to and replace and improvement etc., all should be included within the claim protection domain of the present invention.

Claims (13)

1. the disposal route of a special construction key, be applicable to the situation that has binding relationship between fixed hardware security unit and the mobile hardware safe unit, the special construction key comprises: the public and private key of unsymmetrical key to or symmetric key, create the platform information of the establishment platform of special construction key, the purposes scope of described special construction key, the life cycle of described special construction key, the scope of application of described special construction key, it is characterized in that the disposal route of described special construction key comprises:
Before carrying out the cryptography service, obtain described special construction key;
Obtain described purposes scope, and whether the described purposes scope of verification belong to the predefined purposes scope of described special construction key, obtain first check results;
Obtain described life cycle, and whether verification belong to described special construction key predefined life cycle described life cycle, obtain second check results;
Obtain the described scope of application, and whether the described scope of application of verification belong to the predefined scope of application of described special construction key, obtain the 3rd check results;
When described first, second is the situation that is with the 3rd check results, carry out described cryptography service.
2. special construction cipher key processing method according to claim 1 is characterized in that, comprises described life cycle: the access times restriction of special construction key;
And/or, restriction service time of special construction key;
And/or whether the special construction key is stored;
And/or whether the special construction key is destroyed after using;
And/or concerning according to genus of special construction key and specific key or particular verified information limits.
3. special construction cipher key processing method according to claim 1 and 2 is characterized in that, the described scope of application comprises: the use object of described special construction key;
And/or, the safe class that described special construction key uses;
And/or, the migrating objects of described special construction key;
And/or, the migration circle of described special construction key;
And/or can described special construction key as father's key of other platforms.
4. special construction cipher key processing method according to claim 1, it is characterized in that, described when described first, second and the 3rd check results are the situation that is, also comprise before carrying out described cryptography service: obtain described platform information, and whether the described platform information of verification conform to the platform information of current platform, obtains the 4th check results;
Described platform information comprises sequence number, and/or father's cipher key feature, and/or algorithm information, and/or binding information, and/or check information, and/or owner's password.
5. special construction cipher key processing method according to claim 1 is characterized in that, and is described before obtaining described special construction key step before the service of execution cryptography, also comprises:
By described binding relationship described special construction key is migrated to described mobile hardware safe unit from described fixed hardware security unit.
6. special construction cipher key processing method according to claim 5, it is characterized in that, described special construction key also comprises log record, this method also comprises: write down the transition process information in the described special construction key migration process of described fixed hardware security unit record renewal, and described transition process information is recorded in the described log record.
7. according to claim 5 or 6 described special construction cipher key processing methods, it is characterized in that, when described binding relationship changed, described fixed hardware security unit and described mobile hardware safe unit were checked the described special construction key of storage separately.
8. special construction cipher key processing method according to claim 7 is characterized in that, also comprises: confirm whether described special construction key has check information, as have check information, then the described check information of verification.
9. special construction cipher key processing method according to claim 8 is characterized in that, described special construction key migrates to described mobile hardware safe unit by described binding relationship from described fixed hardware security unit with plaintext or ciphertext form.
10. the cryptography service system based on the special construction key is applicable to the situation that has binding relationship between fixed hardware security unit and the mobile hardware safe unit, it is characterized in that, comprising:
Key acquiring unit, be used for before carrying out the cryptography service, obtaining the special construction key, described special construction key comprises: the public and private key of unsymmetrical key to or symmetric key, create the platform information of the establishment platform of described special construction key, the purposes scope of described special construction key, the life cycle of described special construction key, the scope of application of described special construction key;
Purposes scope verification unit is used to obtain described purposes scope, and whether the described purposes scope of verification belong to the predefined purposes scope of described special construction key, obtains first check results;
Life cycle, verification unit was used to obtain described life cycle, and whether verification belong to described special construction key predefined life cycle described life cycle, obtained second check results;
Scope of application verification unit is used to obtain the described scope of application, and whether the described scope of application of verification belong to the predefined scope of application of described special construction key, obtains the 3rd check results;
Professional performance element is used for carrying out described cryptography service when described first, second is the situation that is with the 3rd check results.
11. the cryptography service system based on the special construction key according to claim 10 is characterized in that, comprises described life cycle: the access times restriction of special construction key;
And/or, restriction service time of special construction key;
And/or whether the special construction key is stored;
And/or whether the special construction key is destroyed after using;
And/or concerning according to genus of special construction key and specific key or particular verified information limits.
12., it is characterized in that the described scope of application comprises: the use object of described special construction key according to claim 10 or 11 described cryptography service systems based on the special construction key;
And/or, the safe class that described special construction key uses;
And/or, the migrating objects of described special construction key;
And/or, the migration circle of described special construction key;
And/or can described special construction key as father's key of other platforms.
13. the cryptography service system based on the special construction key according to claim 10, it is characterized in that, also comprise: the platform information verification unit that is connected with described professional performance element, be used to obtain described platform information, and whether the described platform information of verification conform to the platform information of current platform, obtains the 4th check results;
When described professional performance element is the situation that is in the described first, second, third and the 4th check results, carry out described cryptography service;
Described platform information comprises sequence number, and/or father's cipher key feature, and/or algorithm information, and/or binding information, and/or check information, and/or owner's password.
CN 200810057854 2008-02-19 2008-02-19 Cipher key processing method, cipher key cryptography service system and cipher key consultation method Active CN101515319B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN 200810057854 CN101515319B (en) 2008-02-19 2008-02-19 Cipher key processing method, cipher key cryptography service system and cipher key consultation method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN 200810057854 CN101515319B (en) 2008-02-19 2008-02-19 Cipher key processing method, cipher key cryptography service system and cipher key consultation method

Publications (2)

Publication Number Publication Date
CN101515319A CN101515319A (en) 2009-08-26
CN101515319B true CN101515319B (en) 2011-01-26

Family

ID=41039771

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 200810057854 Active CN101515319B (en) 2008-02-19 2008-02-19 Cipher key processing method, cipher key cryptography service system and cipher key consultation method

Country Status (1)

Country Link
CN (1) CN101515319B (en)

Families Citing this family (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2572471A1 (en) * 2010-05-19 2013-03-27 Koninklijke Philips Electronics N.V. Attribute-based digital signature system
GB201105765D0 (en) 2011-04-05 2011-05-18 Visa Europe Ltd Payment system
US9203613B2 (en) 2011-09-29 2015-12-01 Amazon Technologies, Inc. Techniques for client constructed sessions
CN103401683A (en) * 2013-07-30 2013-11-20 成都卫士通信息产业股份有限公司 Key packaging method and key security management method based on key packaging method
CN103414554B (en) * 2013-08-13 2016-06-22 成都卫士通信息产业股份有限公司 A kind of key management method of objectification key management system
AU2014368949A1 (en) 2013-12-19 2016-06-09 Visa International Service Association Cloud-based transactions methods and systems
US9922322B2 (en) 2013-12-19 2018-03-20 Visa International Service Association Cloud-based transactions with magnetic secure transmission
AU2015264124B2 (en) 2014-05-21 2019-05-09 Visa International Service Association Offline authentication
US9775029B2 (en) 2014-08-22 2017-09-26 Visa International Service Association Embedding cloud-based functionalities in a communication device
CN116471105A (en) 2016-07-11 2023-07-21 维萨国际服务协会 Encryption key exchange procedure using access means
US10116440B1 (en) 2016-08-09 2018-10-30 Amazon Technologies, Inc. Cryptographic key management for imported cryptographic keys
CN109446784A (en) * 2018-09-28 2019-03-08 深圳市英威腾电源有限公司 A kind of hardware decryption method, apparatus, system and decryption device
CN109921902B (en) 2019-03-22 2020-10-23 创新先进技术有限公司 Key management method, security chip, service server and information system

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1834977A (en) * 2006-03-23 2006-09-20 李岳 Authentication protection method based on USB device
CN1987885A (en) * 2005-12-22 2007-06-27 三菱电机株式会社 Computer implemented method for securely acquiring a binding key and securely binding system

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1987885A (en) * 2005-12-22 2007-06-27 三菱电机株式会社 Computer implemented method for securely acquiring a binding key and securely binding system
CN1834977A (en) * 2006-03-23 2006-09-20 李岳 Authentication protection method based on USB device

Also Published As

Publication number Publication date
CN101515319A (en) 2009-08-26

Similar Documents

Publication Publication Date Title
CN101515319B (en) Cipher key processing method, cipher key cryptography service system and cipher key consultation method
US11621833B2 (en) Secure multiparty loss resistant storage and transfer of cryptographic keys for blockchain based systems in conjunction with a wallet management system
CN109495274B (en) Decentralized intelligent lock electronic key distribution method and system
CN106161402B (en) Encryption equipment key injected system, method and device based on cloud environment
US8059818B2 (en) Accessing protected data on network storage from multiple devices
CN101464932B (en) Cooperation method and system for hardware security units, and its application apparatus
US20170244687A1 (en) Techniques for confidential delivery of random data over a network
CN101640590B (en) Method for obtaining a secret key for identifying cryptographic algorithm and cryptographic center thereof
RU2584500C2 (en) Cryptographic authentication and identification method with real-time encryption
US10057060B2 (en) Password-based generation and management of secret cryptographic keys
CN101465732B (en) Method and terminal for ensuring digital certificate safety
CN101771699A (en) Method and system for improving SaaS application security
CN108632296B (en) Dynamic encryption and decryption method for network communication
CN107920052B (en) Encryption method and intelligent device
CN108199847B (en) Digital security processing method, computer device, and storage medium
CN108471352A (en) Processing method, system, computer equipment based on distributed private key and storage medium
US20210105136A1 (en) Method for securing a data exchange in a distributed infrastructure
CN109478214A (en) Device and method for certificate registration
CN109347923B (en) Anti-quantum computing cloud storage method and system based on asymmetric key pool
JP2010231404A (en) System, method, and program for managing secret information
CN104253692B (en) Key management method and device based on SE
CN106257859A (en) A kind of password using method
CN100561913C (en) A kind of method of access code equipment
CN115801232A (en) Private key protection method, device, equipment and storage medium
CN103312671A (en) Method and system for verifying server

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant