CN102170356A - Authentication system realizing method supporting exclusive control of digital signature key - Google Patents
Authentication system realizing method supporting exclusive control of digital signature key Download PDFInfo
- Publication number
- CN102170356A CN102170356A CN2011101197672A CN201110119767A CN102170356A CN 102170356 A CN102170356 A CN 102170356A CN 2011101197672 A CN2011101197672 A CN 2011101197672A CN 201110119767 A CN201110119767 A CN 201110119767A CN 102170356 A CN102170356 A CN 102170356A
- Authority
- CN
- China
- Prior art keywords
- key
- private key
- seed
- digital signature
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention relates to the technical field of information security, in particular to an authentication system supporting exclusive control of a digital signature key on the basis of a combined public key. A seed key consisting of multiple key sections is constructed and comprises a seed public key and a seed private key; by using a user identifier, a key management centre generates a user identifier private key through the seed private key and writes the user identifier private key into a key device; the key device starts an initialization program to automatically generate a composite private key for digital signature and a random public key digitally signed by the user identifier private key while used for the first time; and the composite private key and the digitally signed random public key are written into a secure storage area of the key device, and the user identifier private key and process data are destructed. The digital signature key is automatically produced and controlled by the user so that regulations of relevant laws are satisfied; furthermore, the exclusive control of the digital signature key by the user is assured through a third party of register link; and one-way key exchange, key escrow and key recovery are realized through providing the identifier key for the key exchange.
Description
Technical field
The present invention relates to field of information security technology, particularly a kind of Verification System implementation method of the exclusive control of digital signature supporting private key based on Conbined public or double key (CPK).
Background technology
Along with network and information technology progress into people's production and life, the authenticity of protection information, fail safe, be responsible for property (non repudiation) and become government and social questions of common interest, address the above problem, need Verification System to provide support.Structure around Verification System has now formed two big technical systems, and one is based on the certificate verification of conventional public-key password, and as the Public Key Infrastructure(PKI) Verification System, two are based on the ID authentication of sign public key cryptography, as Conbined public or double key (CPK) Verification System.Though two kinds of authentication system mechanism differences, but all need solve same problem, promptly according to relevant law (as the digital signature method) regulation, in order to guarantee the responsible property (non repudiation) of signed data, signature private key (data are made in electronic signature) should be controlled by the signer.
For this reason, the PKI system provides two kinds of patterns: the one, and signature key is generated by user oneself, and the 2nd, assist to generate by authentication center (CA).According to first kind of pattern, its process is as follows:
A) user is according to the method for Verification System defined, and it is right to select key generation method to generate public and private key voluntarily, private key is preserved voluntarily, and submitted to oneself PKI and proof of identification to CA;
B) CA carries out authentication to the user, and the intensity and the holder of key examined.After audit was passed through, CA made digital signature with its root key to the PKI that the user submits to, with its generation public key certificate, by face-to-face, letter or electronics mode public key certificate was provided safely to the user then;
C) CA is published to corresponding LIST SERVER with user's public key certificate.
When adopting second kind of pattern, its process is as follows:
A) user is right to production of CA center and acquisition key;
B) CA answers the user key of auto-destruct this locality to copy after finishing key production;
C) user obtain key to after, keep oneself private key, and PKI delivered to CA;
D) CA makes digital signature with its root key to the PKI that the user submits to, and it is generated public key certificate, by secured fashion public key certificate is provided to the user then;
E) CA is published to corresponding LIST SERVER for inquiry, download with user's public key certificate.
It is rigorous that said method seems, two critical problems of physical presence: one, although signature private key is gone up on the surface and the key generative process is grasped by the user, but real trust guarantee effect is the digital signature that CA does public key certificate with its root key.Therefore, CA has the ability to issue on LIST SERVER with the public key certificate replacement user's who oneself generates public key certificate fully, thereby with false Dai Zhen.Its two, above-mentioned key generating mode is quite loaded down with trivial details and complicated, domestic consumer is difficult to operation and implements, therefore, to generate be to be made arrangements of on the other hand by CA to most user keys in the reality, user's right does not ensure reliably.
In addition, one-pass key exchange (being the static keys exchange) and key recovery are the difficult problems that the PKI Verification System is difficult to overcome always.Under the two-way communication condition, the user can directly send to the other side by information interaction with public key certificate, but under unidirectional applied environment (as encrypted E-mail), must at first obtain the other side's PKI.For this reason, the PKI Verification System has designed certificate repository, for user inquiring, download public key certificate.To cause data not recover in order preventing to lose, also to need special private key standby system, be used for the backup and the recovery of private key because of user key.And so, just need provide two group keys (comprising private key and public key certificate), and one is used for digital signature, and private key is grasped by user oneself; Another one is used for cipher key change, and private key backs up so that key recovery at CA.
Solved key based on sign based on the ID authentication system of CPK system and generated and manage this global problem, digital signature identification and key exchange process do not need CA and online database support, and architecture is simplified greatly.But this system is to be root of trust with KMC (KMC) at present, and KMC can calculate all users' private key by the seed private key of its grasp, can not satisfy the requirement that the desired digital signature keys of relevant law is controlled by the user.
Summary of the invention
In view of this, the purpose of this invention is to provide a kind of Verification System implementation method,, generate the compound private key that is used for digital signature automatically, reach the purpose of digital cipher by the control of signer commissioner's office by starting key device by the user based on the CPK system.Simultaneously, by generating the sign private key that is used for cipher key change in addition by KMC, realized single, double to cipher key change based on what identify, and greatly simplified private key for user backup link (KMC only need preserve the seed private key can recover user key at any time), when strengthening fail safe, greatly reduce the system management use cost.
The Verification System implementation method of a kind of exclusive control of digital signature supporting key based on Conbined public or double key provided by the invention may further comprise the steps:
Step a. makes up the seed key that is made of a plurality of cipher key sections, contains seed PKI seedPK and seed private key seedsk;
The KMC of step b. KMC utilizes user ID to generate user ID private key isk and write key device by seed private key seedsk;
The step c key device starts initialize routine and generates compound private key csk that is used for digital signature and the aPK of PKI at random that signs through user ID private key isk automatically when using first
SIG
Steps d. with compound private key csk and PKI aPK at random
SIGWrite in the secure storage areas of key device, and destroy user ID private key isk and process data.
Further, the described seed private key of step a seedsk is a random sequence of utilizing randomizer to generate, and seed PKI seedPK is generated through the computing of elliptic curve group scalar multiplication by seed private key seedsk.
Further, the described seed key of step a is made of a master key section and at least one branch cipher key sections.
Preferably, seed key adopts to concentrate and generates or the segmentation generating mode; Described concentrated generation refers to the seed key sequence of disposable generation Len req, then its logical division is become a plurality of seed key sections; It is to generate independently cipher key sections earlier that described segmentation generates, and then again it is assembled seed key.
Further, the KMC of step b KMC is the input of hash function with the user ID, calculate the hash value H_ID of this sign, and make up with H_ID and to choose ordered series of numbers, choose and add computing from seed private key seedsk and generate user ID private key isk through mould, and, offer the user who has this sign with its secure storage areas that writes key device.
Preferably, the described ordered series of numbers of choosing is divided into plurality of sections, at first the master key section of seed private key seedsk is chosen with whole ordered series of numbers, then with arbitrary fixedly ordered series of numbers section successively to each minute cipher key sections choose, and will choose the result and carry out mould and add and generate user ID private key isk.
Further, described step c key device starts when using first that initialize routine automatically generates the compound private key csk that is used for digital signature and through the aPK of PKI at random of user ID private key isk signature
SIG, comprising:
1) utilizes randomizer to generate one section random sequence conduct private key ask at random, and generate the corresponding with it aPK of PKI at random by the computing of elliptic curve group scalar multiplication;
2) private key ask and user ID private key isk add the compound private key csk of generation by mould at random;
3) with user ID private key isk PKI aPK is at random made the aPK of PKI at random after digital signature generates digital signature
SIG
As a kind of preferred implementation, further, also comprise step e, generate the standard digital signed data with compound private key csk, submit third party's notarization of putting on record to.
As another kind of preferred implementation, further, also comprise step f, the KMC of KMC utilizes user ID to pass through another one seed private key seedsk
2Generate sign private key isk
2, and write same key device, be used for one-pass key exchange, key escrow and recovery.
Further, announce seed PKI seedPK and seed PKI seedPK
2, the sign PKI iPK that is used to calculate the composite public key cPK of digital signature and is used for cipher key change
2Described seed PKI seedPK
2By seed private key seedsk
2Generate through the computing of elliptic curve group scalar multiplication.
As another kind of preferred implementation, further, with seed PKI seedPK and seed PKI seedPK
2The secure storage areas that writes chip is interior to satisfy particular demands, as single-chip solution, specific security requirement etc.
The present invention is by providing by the compound private key that is used for digital signature, in abundant assurance, when strengthening the every function of Verification System, the real realization produced voluntarily by the user, the control figure signature key, thereby satisfying the relevant electronic signature of relevant law, to make data proprietary and by the regulation requirement of my control for the signer, further, generate the sign private key by another one seed private key, and write same key device, be used for the one-pass key exchange, key escrow and recovery, insoluble always one-pass key exchange of PKI Verification System and key escrow have thoroughly been solved, recover a difficult problem, the present invention program is simple, applied widely, it is convenient to manipulate.
Description of drawings
Fig. 1 is the exclusive control method preferred embodiment of a digital cipher of the present invention flow chart;
Fig. 2 chooses pattern diagram for seed key of the present invention;
Fig. 3 is composite public key computational process figure of the present invention;
Wherein, ∑ ++ the computing of expression elliptic curve group scalar multiplication, ∑+expression mould n integer arithmetic .G represents the elliptic curve group scalar multiplication,
Represent secret part,
The open part of expression, Sig represents the digital signature operation.
Embodiment
In order to make purpose of the present invention, technical scheme and advantage clearer,, the present invention is described in further details below in conjunction with drawings and Examples.
1, makes up seed key and seed public key sets
Seed key is the calculating base that the CPK system is used to calculate tagged keys, is made of seed PKI seedPK and seed private key seedsk, and wherein, seed private key seedsk is used to generate user ID private key isk by the secret keeping of the KMC of KMC; Seed PKI seedPK can disclose, and is used to calculate user's sign PKI iPK.
The seed public key sets of indication is formed by 2 seed PKI set among the present invention, and one of them is used to calculate digital signature PKI cPK, and another is used for the calculating of the sign PKI of cipher key change.The key that is used for digital signature and checking and the key that is used for cipher key change to generating, are for the consideration that prevents to replace attack by different seed keys.
Resist the ability of decoding attack in order to strengthen the CPK system, this method is divided into a plurality of cipher key sections based on the linear transformation principle with seed key.Implementation step comprises:
The form and the building mode of A, the KMC of KMC definition seed key (comprising seed private key seedsk and seed PKI seedPK), as cipher key sections length (length and anti-attack ability are proportional) quantity (2--N is divided cipher key sections comprising a master key section and at least one).
B, regulation are chosen pattern, at first the master key section is chosen with the whole sequence of choosing, then use from H_ID choose the sequence specify one fixedly the ordered series of numbers section successively each cipher key sections is chosen, at last selected numerical value is carried out mould and adds, draw user ID private key isk, as shown in Figure 2; The described ordered series of numbers of choosing is made up by H_ID, and described H_ID is that the KMC of KMC is the input of hash function with the user ID, calculates the hash value of this sign.
Preferably, for guaranteeing that seed key generates quality (randomness), the KMC of KMC utilizes randomizer to generate random sequence as seed private key seedsk, and calculates corresponding with it seed PKI seedPK by the elliptic curve group scalar multiplication.
Preferably, the seed key generating mode can be taked to concentrate and generate or segmentation generation dual mode.Concentrated generation refers to the seed key sequence of disposable generation Len req, then its logical division is become a plurality of seed key sections.It then is to generate independently cipher key sections earlier that segmentation generates, and again it is assembled seed key, and the two effect is identical, and to concentrate generation comparatively easy.
2, compound private key generates
Compound private key (csk) by the sign private key and at random private key two parts be composited, be mainly used in digital signature, also can support two-way cipher key change, by the disposable automatic generation of key device.As shown in Figure 1, concrete steps are as follows:
A, the KMC of KMC utilize user ID to pass through seed private key seedsk and generate user ID private key isk, and it is write key device and is distributed to the user.
Preferably, if any the one-pass key switching requirement, the KMC of KMC need be expressed as seedsk and seedsk with two different seed private keys
2, and generate two sign private key isk and isk respectively
2Wherein isk is used to generate compound private key csk, isk
2Be directly used in cipher key change, and it is write same key device respectively provide to the user.Adopt different seed keys to generate isk and isk2 respectively, main for the consideration that prevents to replace attack.
Described key device is mainly used in the protection private key for user, and its hardware core is a slice safety chip, can be packaged into variforms such as USB-key, IC-card, TF card.Except that general physical devices such as microprocessor, memory, randomizer, also comprise the various algorithms and the agreement of special chip operating system (COS) and digital signature supporting and cipher key change in the chip.Compound private key generating run involved in the present invention is mainly finished by predefined initialize routine in key device automatically.
B, when using key device first, system will start initialize routine voluntarily, automatically generate the compound private key csk that is used for digital signature.Detailed process is as follows:
1) start random sequence that randomizer in the safety chip generates one section length-specific as private key ask at random, buffer memory is standby;
2) calculate and the corresponding PKI at random of private key ask aPK at random by the elliptic curve group scalar multiplication with private key ask at random, buffer memory is standby;
3) user ID private key isk is added by mould with private key ask at random generate compound private key csk;
4) with user ID private key isk PKI aPK is at random made digital signature, and the aPKSIG of PKI at random after the digital signature is deposited in the secure storage areas of chip;
5) compound private key csk is write the secure storage areas of chip;
6) destroy the interior user ID private key isk of buffer area;
7) ask of private key at random in the destruction buffer area and PKI aPK at random;
So far, compound private key generative process finishes.At this moment, only be useful in the chip place of safety the compound private key csk of digital signature and be used for digital signature that composite public key cPK calculates after the aPK of PKI at random
SIG,, also comprise sign private key isk as supporting the one-pass key exchange
2
As a kind of optimal way, cause duplication of production or forgery user's digital signature keys in order to prevent the KMC of KMC because of the work carelessness, spy of the present invention has increased the third party and has put, put to the proof link on record, comprising:
The common identification of A, KMC and user is a certain to have the mechanism of public credibility as number signature evidence sample preservation, discriminating and arbitration organ;
After B, user finish the key devices initialization, should in the prescribed time-limit, carry out digital signature to specified data, and submit to this mechanism to file the signing messages that generates and put on record with compound private key csk;
C, in case dispute occurs, the user can submit to this arbitration organ to differentiate the relevant evidence data.
3, composite public key calculates
In the CPK system, sign PKI iPK is that the seed PKI seedPK that utilizes user ID to pass through externally to announce calculates and obtains, and the aPK of PKI at random after the composite public key cPK digital signature that to be sign PKI iPK and signer provide with signed data
SIGBe composited,, therefore do not need the support of online certificate repository because computational process is proof procedure.As shown in Figure 3, concrete steps are as follows:
1) iPK calculates: utilize hash function (hash function) that sign ID is calculated H_ID, make up with H_ID and to choose ordered series of numbers, calculate through the elliptic curve group scalar multiplication by seed private key seedsk from seed PKI seedPK(generate) choose and generate sign PKI iPK through the computing of elliptic curve group scalar multiplication;
2) aPK that provides with sign PKI iPK checking the other side
SIGDigital signature;
3) then will identify the aPK of PKI at random after PKI iPK and the digital signature if the verification passes
SIGMutually compound, generate composite public key cPK.
In view of compound private key csk is difficult to support the one-pass key exchange, the present invention's regulation is by independently seed private key seedsk of the KMC of KMC
2Generate another one sign private key isk
2, and with compound private key csk and digital signature after the aPK of PKI at random
SIGWrite key device in the lump.The user can use the other side's the user ID and the seed PKI seedPK of announcement
2Directly calculate corresponding identification PKI iPK with it
2Be used for cipher key change.Isk
2Except that can be used for the one-pass key exchange, also can support two-way cipher key change more quickly and easily, and digital signature (applied environment that data need not signer's control is made in electronic signature).The big benefit of another of this method is to have simplified the user key trustship greatly and resume work.The KMC of KMC only need preserve the seedsk that is used to generate the user ID private key
2, need not to back up one by one private key for user.Lose when need recovering when the user ID private key, only need with sign ID and seedsk
2Can calculate this user's sign private key isk
2Thereby, greatly alleviated the burden of the KMC of KMC.
The present invention has carried out further detailed description for execution mode or embodiment to the purpose, technical solutions and advantages of the present invention; institute is understood that; above only is preferred implementation of the present invention for execution mode or embodiment; not in order to restriction the present invention; all within the spirit and principles in the present invention to any modification that the present invention did, be equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (11)
1. the Verification System implementation method of the exclusive control of a digital signature supporting key is characterized in that, comprising:
Step a. makes up the seed key that is made of a plurality of cipher key sections, contains seed PKI seedPK and seed private key seedsk;
The KMC of step b. KMC utilizes user ID to generate user ID private key isk and write key device by seed private key seedsk;
The step c key device starts initialize routine and generates compound private key csk and the aPK of PKI at random after user ID private key isk digital signature that is used for digital signature automatically when using first
SIG
Steps d. with the aPK of PKI at random after compound private key csk and the digital signature
SIGWrite in the secure storage areas of key device, and destroy user ID private key isk and process data.
2. according to the Verification System implementation method of the exclusive control of the described digital signature supporting key of claim 1, it is characterized in that, the described seed private key of step a seedsk is a random sequence of utilizing randomizer to generate, and seed PKI seedPK is generated through the computing of elliptic curve group scalar multiplication by seed private key seedsk.
3. according to the Verification System implementation method of claim 1 or the exclusive control of 2 described digital signature supporting keys, it is characterized in that the described seed key of step a is made of a master key section and at least one branch cipher key sections.
4. according to the Verification System implementation method of the exclusive control of the described digital signature supporting key of claim 3, it is characterized in that the described seed key of step a adopts to concentrate and generates or the segmentation generating mode; Described concentrated generation refers to the seed key sequence of disposable generation Len req, then its logical division is become a plurality of seed key sections; It is to generate independently cipher key sections earlier that described segmentation generates, and then again it is assembled seed key.
5. according to the Verification System implementation method of the exclusive control of the described digital signature supporting key of claim 1, it is characterized in that, the KMC of step b KMC is the input of hash function with the user ID, calculate the hash value H_ID of this sign, and make up with H_ID and to choose ordered series of numbers, choose and add computing from seed private key seedsk and generate user ID private key isk through mould.
6. according to the Verification System implementation method of the exclusive control of the described digital signature supporting key of claim 5, it is characterized in that, the described ordered series of numbers of choosing is divided into plurality of sections, at first the master key section of seed private key seedsk is chosen with whole ordered series of numbers, then with arbitrary fixedly ordered series of numbers section successively to each minute cipher key sections choose, and will choose the result and carry out mould and add and generate user ID private key isk.
7. according to the Verification System implementation method of the exclusive control of the described digital signature supporting key of claim 1, it is characterized in that described step c key device starts initialize routine and generates compound private key csk and the aPK of PKI at random behind user ID private key isk signature that is used for digital signature automatically when using first
SIG, comprising:
1) utilizes randomizer to generate one section random sequence conduct private key ask at random, and generate the corresponding with it aPK of PKI at random by the computing of elliptic curve group scalar multiplication;
2) private key ask and user ID private key isk add the compound private key csk of generation by mould at random;
3) with user ID private key isk PKI aPK is at random made the aPK of PKI at random after digital signature generates digital signature
SIG
8. according to the Verification System implementation method of the exclusive control of the described digital signature supporting key of claim 1, it is characterized in that, also comprise step e, generate the standard digital signed data, submit third party's notarization of putting on record to compound private key csk.
9. according to the Verification System implementation method of claim 1 or the exclusive control of 8 described digital signature supporting keys, it is characterized in that, also comprise step f, the KMC of KMC utilizes user ID to pass through another one seed private key seedsk
2Generate sign private key isk
2, and write same key device, be used for one-pass key exchange, key escrow and recovery.
10. according to the Verification System implementation method of the exclusive control of the described digital signature supporting key of claim 9, it is characterized in that, announce seed PKI seedPK and seed PKI seedPK
2, the sign PKI iPK that is used to calculate the composite public key cPK of digital signature and is used for cipher key change
2Described seed PKI seedPK
2By seed private key seedsk
2Generate through the computing of elliptic curve group scalar multiplication.
11. the Verification System implementation method according to the exclusive control of the described digital signature supporting key of claim 9 is characterized in that, with seed PKI seedPK and seed PKI seedPK
2Write in the secure storage areas of chip.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2011101197672A CN102170356B (en) | 2011-05-10 | 2011-05-10 | Authentication system realizing method supporting exclusive control of digital signature key |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2011101197672A CN102170356B (en) | 2011-05-10 | 2011-05-10 | Authentication system realizing method supporting exclusive control of digital signature key |
Publications (2)
Publication Number | Publication Date |
---|---|
CN102170356A true CN102170356A (en) | 2011-08-31 |
CN102170356B CN102170356B (en) | 2013-12-04 |
Family
ID=44491341
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN2011101197672A Expired - Fee Related CN102170356B (en) | 2011-05-10 | 2011-05-10 | Authentication system realizing method supporting exclusive control of digital signature key |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN102170356B (en) |
Cited By (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102571355A (en) * | 2012-02-02 | 2012-07-11 | 飞天诚信科技股份有限公司 | Method and device for importing secret key without landing |
CN103346883A (en) * | 2013-06-19 | 2013-10-09 | 天地融科技股份有限公司 | Method and device for initializing electronic signature tool |
CN104821884A (en) * | 2015-05-14 | 2015-08-05 | 收付宝科技有限公司 | Private key protection method based on asymmetric secret key system |
CN104901804A (en) * | 2014-08-28 | 2015-09-09 | 赵捷 | User autonomy-based identity authentication implementation method |
CN105577373A (en) * | 2015-12-15 | 2016-05-11 | 四川长虹电器股份有限公司 | Generating method of identification secret key |
CN108632031A (en) * | 2017-03-23 | 2018-10-09 | 三星Sds株式会社 | Key generating device and method, encryption device and method |
CN108683506A (en) * | 2018-05-02 | 2018-10-19 | 济南浪潮高新科技投资发展有限公司 | A kind of applying digital certificate method, system, mist node and certificate authority |
CN109067545A (en) * | 2018-08-10 | 2018-12-21 | 航天信息股份有限公司 | Key management method, device and storage medium |
CN109194465A (en) * | 2018-09-30 | 2019-01-11 | 巍乾全球技术集团有限责任公司 | For managing method, user equipment, management equipment, storage medium and the computer program product of key |
CN109412810A (en) * | 2019-01-03 | 2019-03-01 | 李维刚 | A kind of key generation method based on mark |
TWI666908B (en) * | 2018-04-27 | 2019-07-21 | 來毅數位科技股份有限公司 | Key management method and system |
CN111277417A (en) * | 2020-01-15 | 2020-06-12 | 浙江华云信息科技有限公司 | Electronic signature implementation method based on national network security technology architecture |
CN111988147A (en) * | 2020-08-20 | 2020-11-24 | 上海万向区块链股份公司 | Combined signature and signature verification method, system and storage medium |
CN112712357A (en) * | 2020-12-30 | 2021-04-27 | 普华云创科技(北京)有限公司 | Multi-mechanism multi-chain multi-currency multi-account private key management method and system |
CN113259097A (en) * | 2021-05-13 | 2021-08-13 | 晋商博创(北京)科技有限公司 | CPK-based key generation method and device capable of multi-state configuration |
CN114666063A (en) * | 2022-03-21 | 2022-06-24 | 矩阵时光数字科技有限公司 | Traditional Hash algorithm-based digital asset tracing method |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107493166A (en) * | 2016-06-13 | 2017-12-19 | 阿里巴巴集团控股有限公司 | The storage and read method of a kind of private key, device and server |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1768503A (en) * | 2003-02-06 | 2006-05-03 | 梅里迪财务软件公司 | Method for setting up a secure connection using public and private key generated in user terminal |
US20060184786A1 (en) * | 2005-02-14 | 2006-08-17 | Tricipher, Inc. | Technique for asymmetric crypto-key generation |
CN101488853A (en) * | 2009-01-15 | 2009-07-22 | 赵建国 | Cross-certification method based on seed key management |
CN101938473A (en) * | 2010-08-24 | 2011-01-05 | 北京易恒信认证科技有限公司 | Single-point login system and single-point login method |
-
2011
- 2011-05-10 CN CN2011101197672A patent/CN102170356B/en not_active Expired - Fee Related
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1768503A (en) * | 2003-02-06 | 2006-05-03 | 梅里迪财务软件公司 | Method for setting up a secure connection using public and private key generated in user terminal |
US20060184786A1 (en) * | 2005-02-14 | 2006-08-17 | Tricipher, Inc. | Technique for asymmetric crypto-key generation |
CN101488853A (en) * | 2009-01-15 | 2009-07-22 | 赵建国 | Cross-certification method based on seed key management |
CN101938473A (en) * | 2010-08-24 | 2011-01-05 | 北京易恒信认证科技有限公司 | Single-point login system and single-point login method |
Cited By (22)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102571355A (en) * | 2012-02-02 | 2012-07-11 | 飞天诚信科技股份有限公司 | Method and device for importing secret key without landing |
CN103346883A (en) * | 2013-06-19 | 2013-10-09 | 天地融科技股份有限公司 | Method and device for initializing electronic signature tool |
CN103346883B (en) * | 2013-06-19 | 2016-12-28 | 天地融科技股份有限公司 | A kind of method and device initializing electric signing tools |
CN104901804A (en) * | 2014-08-28 | 2015-09-09 | 赵捷 | User autonomy-based identity authentication implementation method |
CN104821884A (en) * | 2015-05-14 | 2015-08-05 | 收付宝科技有限公司 | Private key protection method based on asymmetric secret key system |
CN104821884B (en) * | 2015-05-14 | 2019-01-22 | 收付宝科技有限公司 | Private key protection method based on unsymmetrical key system |
CN105577373B (en) * | 2015-12-15 | 2018-10-19 | 四川长虹电器股份有限公司 | Identify the generation method of secret key |
CN105577373A (en) * | 2015-12-15 | 2016-05-11 | 四川长虹电器股份有限公司 | Generating method of identification secret key |
CN108632031A (en) * | 2017-03-23 | 2018-10-09 | 三星Sds株式会社 | Key generating device and method, encryption device and method |
TWI666908B (en) * | 2018-04-27 | 2019-07-21 | 來毅數位科技股份有限公司 | Key management method and system |
CN108683506A (en) * | 2018-05-02 | 2018-10-19 | 济南浪潮高新科技投资发展有限公司 | A kind of applying digital certificate method, system, mist node and certificate authority |
CN108683506B (en) * | 2018-05-02 | 2021-01-01 | 浪潮集团有限公司 | Digital certificate application method, system, fog node and certificate authority |
CN109067545A (en) * | 2018-08-10 | 2018-12-21 | 航天信息股份有限公司 | Key management method, device and storage medium |
CN109194465A (en) * | 2018-09-30 | 2019-01-11 | 巍乾全球技术集团有限责任公司 | For managing method, user equipment, management equipment, storage medium and the computer program product of key |
CN109412810A (en) * | 2019-01-03 | 2019-03-01 | 李维刚 | A kind of key generation method based on mark |
CN111277417A (en) * | 2020-01-15 | 2020-06-12 | 浙江华云信息科技有限公司 | Electronic signature implementation method based on national network security technology architecture |
CN111277417B (en) * | 2020-01-15 | 2023-12-29 | 浙江华云信息科技有限公司 | Electronic signature implementation method based on national network security technology architecture |
CN111988147A (en) * | 2020-08-20 | 2020-11-24 | 上海万向区块链股份公司 | Combined signature and signature verification method, system and storage medium |
CN112712357A (en) * | 2020-12-30 | 2021-04-27 | 普华云创科技(北京)有限公司 | Multi-mechanism multi-chain multi-currency multi-account private key management method and system |
CN113259097A (en) * | 2021-05-13 | 2021-08-13 | 晋商博创(北京)科技有限公司 | CPK-based key generation method and device capable of multi-state configuration |
CN114666063A (en) * | 2022-03-21 | 2022-06-24 | 矩阵时光数字科技有限公司 | Traditional Hash algorithm-based digital asset tracing method |
CN114666063B (en) * | 2022-03-21 | 2023-09-19 | 矩阵时光数字科技有限公司 | Digital asset tracing method based on traditional hash algorithm |
Also Published As
Publication number | Publication date |
---|---|
CN102170356B (en) | 2013-12-04 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN102170356B (en) | Authentication system realizing method supporting exclusive control of digital signature key | |
JP7472338B2 (en) | Pseudorandom number generation in blockchain | |
Yin et al. | An anti-quantum transaction authentication approach in blockchain | |
KR102409819B1 (en) | Distributed transaction propagation and verification system | |
Goyal et al. | Storing and retrieving secrets on a blockchain | |
US10846372B1 (en) | Systems and methods for trustless proof of possession and transmission of secured data | |
JP7428704B2 (en) | Computer-implemented systems and methods for transferring access to digital resources | |
CN111064734B (en) | Block chain system user identity anonymity and traceable method, corresponding storage medium and electronic device | |
JP7231630B2 (en) | Blockchain-implemented security systems and methods for blinded consequent selection | |
CN110034917A (en) | A kind of alliance's chain data processing method and device based on homomorphic encryption algorithm | |
WO2020051710A1 (en) | System and process for managing digitized security tokens | |
CN110784320A (en) | Distributed key implementation method and system and user identity management method and system | |
Saranya et al. | Efficient mobile security for E health care application in cloud for secure payment using key distribution | |
El Defrawy et al. | Founding digital currency on secure computation | |
US11676111B1 (en) | Apparatuses and methods for determining and processing dormant user data in a job resume immutable sequential listing | |
Kuykendall et al. | Cryptography for# metoo | |
Li et al. | Astraea: Anonymous and secure auditing based on private smart contracts for donation systems | |
Li et al. | Non-equivocation in blockchain: double-authentication-preventing signatures gone contractual | |
Ye et al. | A Coercion-Resistant E-Voting System Based on Blockchain Technology | |
Li et al. | A forward-secure certificate-based signature scheme | |
CN110363528A (en) | Cooperate with generation, trading signature method and device, the storage medium of address | |
Espel et al. | Proposal for protocol on a quorum blockchain with zero knowledge | |
CN113139209A (en) | Verifiable credential implementation method and system based on atomic signature | |
Lu et al. | Self-tallying e-voting with public traceability based on blockchain | |
US11856095B2 (en) | Apparatus and methods for validating user data by using cryptography |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20131204 Termination date: 20200510 |
|
CF01 | Termination of patent right due to non-payment of annual fee |