CN102170356A - Authentication system realizing method supporting exclusive control of digital signature key - Google Patents

Authentication system realizing method supporting exclusive control of digital signature key Download PDF

Info

Publication number
CN102170356A
CN102170356A CN2011101197672A CN201110119767A CN102170356A CN 102170356 A CN102170356 A CN 102170356A CN 2011101197672 A CN2011101197672 A CN 2011101197672A CN 201110119767 A CN201110119767 A CN 201110119767A CN 102170356 A CN102170356 A CN 102170356A
Authority
CN
China
Prior art keywords
key
private key
seed
digital signature
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN2011101197672A
Other languages
Chinese (zh)
Other versions
CN102170356B (en
Inventor
赵建国
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
BEIJING LIANHE ZHIHUA ELECTRONIC TECHNOLOGY Co Ltd
Original Assignee
BEIJING LIANHE ZHIHUA ELECTRONIC TECHNOLOGY Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by BEIJING LIANHE ZHIHUA ELECTRONIC TECHNOLOGY Co Ltd filed Critical BEIJING LIANHE ZHIHUA ELECTRONIC TECHNOLOGY Co Ltd
Priority to CN2011101197672A priority Critical patent/CN102170356B/en
Publication of CN102170356A publication Critical patent/CN102170356A/en
Application granted granted Critical
Publication of CN102170356B publication Critical patent/CN102170356B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

The invention relates to the technical field of information security, in particular to an authentication system supporting exclusive control of a digital signature key on the basis of a combined public key. A seed key consisting of multiple key sections is constructed and comprises a seed public key and a seed private key; by using a user identifier, a key management centre generates a user identifier private key through the seed private key and writes the user identifier private key into a key device; the key device starts an initialization program to automatically generate a composite private key for digital signature and a random public key digitally signed by the user identifier private key while used for the first time; and the composite private key and the digitally signed random public key are written into a secure storage area of the key device, and the user identifier private key and process data are destructed. The digital signature key is automatically produced and controlled by the user so that regulations of relevant laws are satisfied; furthermore, the exclusive control of the digital signature key by the user is assured through a third party of register link; and one-way key exchange, key escrow and key recovery are realized through providing the identifier key for the key exchange.

Description

The Verification System implementation method of the exclusive control of a kind of digital signature supporting key
Technical field
The present invention relates to field of information security technology, particularly a kind of Verification System implementation method of the exclusive control of digital signature supporting private key based on Conbined public or double key (CPK).
Background technology
Along with network and information technology progress into people's production and life, the authenticity of protection information, fail safe, be responsible for property (non repudiation) and become government and social questions of common interest, address the above problem, need Verification System to provide support.Structure around Verification System has now formed two big technical systems, and one is based on the certificate verification of conventional public-key password, and as the Public Key Infrastructure(PKI) Verification System, two are based on the ID authentication of sign public key cryptography, as Conbined public or double key (CPK) Verification System.Though two kinds of authentication system mechanism differences, but all need solve same problem, promptly according to relevant law (as the digital signature method) regulation, in order to guarantee the responsible property (non repudiation) of signed data, signature private key (data are made in electronic signature) should be controlled by the signer.
For this reason, the PKI system provides two kinds of patterns: the one, and signature key is generated by user oneself, and the 2nd, assist to generate by authentication center (CA).According to first kind of pattern, its process is as follows:
A) user is according to the method for Verification System defined, and it is right to select key generation method to generate public and private key voluntarily, private key is preserved voluntarily, and submitted to oneself PKI and proof of identification to CA;
B) CA carries out authentication to the user, and the intensity and the holder of key examined.After audit was passed through, CA made digital signature with its root key to the PKI that the user submits to, with its generation public key certificate, by face-to-face, letter or electronics mode public key certificate was provided safely to the user then;
C) CA is published to corresponding LIST SERVER with user's public key certificate.
When adopting second kind of pattern, its process is as follows:
A) user is right to production of CA center and acquisition key;
B) CA answers the user key of auto-destruct this locality to copy after finishing key production;
C) user obtain key to after, keep oneself private key, and PKI delivered to CA;
D) CA makes digital signature with its root key to the PKI that the user submits to, and it is generated public key certificate, by secured fashion public key certificate is provided to the user then;
E) CA is published to corresponding LIST SERVER for inquiry, download with user's public key certificate.
It is rigorous that said method seems, two critical problems of physical presence: one, although signature private key is gone up on the surface and the key generative process is grasped by the user, but real trust guarantee effect is the digital signature that CA does public key certificate with its root key.Therefore, CA has the ability to issue on LIST SERVER with the public key certificate replacement user's who oneself generates public key certificate fully, thereby with false Dai Zhen.Its two, above-mentioned key generating mode is quite loaded down with trivial details and complicated, domestic consumer is difficult to operation and implements, therefore, to generate be to be made arrangements of on the other hand by CA to most user keys in the reality, user's right does not ensure reliably.
In addition, one-pass key exchange (being the static keys exchange) and key recovery are the difficult problems that the PKI Verification System is difficult to overcome always.Under the two-way communication condition, the user can directly send to the other side by information interaction with public key certificate, but under unidirectional applied environment (as encrypted E-mail), must at first obtain the other side's PKI.For this reason, the PKI Verification System has designed certificate repository, for user inquiring, download public key certificate.To cause data not recover in order preventing to lose, also to need special private key standby system, be used for the backup and the recovery of private key because of user key.And so, just need provide two group keys (comprising private key and public key certificate), and one is used for digital signature, and private key is grasped by user oneself; Another one is used for cipher key change, and private key backs up so that key recovery at CA.
Solved key based on sign based on the ID authentication system of CPK system and generated and manage this global problem, digital signature identification and key exchange process do not need CA and online database support, and architecture is simplified greatly.But this system is to be root of trust with KMC (KMC) at present, and KMC can calculate all users' private key by the seed private key of its grasp, can not satisfy the requirement that the desired digital signature keys of relevant law is controlled by the user.
Summary of the invention
In view of this, the purpose of this invention is to provide a kind of Verification System implementation method,, generate the compound private key that is used for digital signature automatically, reach the purpose of digital cipher by the control of signer commissioner's office by starting key device by the user based on the CPK system.Simultaneously, by generating the sign private key that is used for cipher key change in addition by KMC, realized single, double to cipher key change based on what identify, and greatly simplified private key for user backup link (KMC only need preserve the seed private key can recover user key at any time), when strengthening fail safe, greatly reduce the system management use cost.
The Verification System implementation method of a kind of exclusive control of digital signature supporting key based on Conbined public or double key provided by the invention may further comprise the steps:
Step a. makes up the seed key that is made of a plurality of cipher key sections, contains seed PKI seedPK and seed private key seedsk;
The KMC of step b. KMC utilizes user ID to generate user ID private key isk and write key device by seed private key seedsk;
The step c key device starts initialize routine and generates compound private key csk that is used for digital signature and the aPK of PKI at random that signs through user ID private key isk automatically when using first SIG
Steps d. with compound private key csk and PKI aPK at random SIGWrite in the secure storage areas of key device, and destroy user ID private key isk and process data.
Further, the described seed private key of step a seedsk is a random sequence of utilizing randomizer to generate, and seed PKI seedPK is generated through the computing of elliptic curve group scalar multiplication by seed private key seedsk.
Further, the described seed key of step a is made of a master key section and at least one branch cipher key sections.
Preferably, seed key adopts to concentrate and generates or the segmentation generating mode; Described concentrated generation refers to the seed key sequence of disposable generation Len req, then its logical division is become a plurality of seed key sections; It is to generate independently cipher key sections earlier that described segmentation generates, and then again it is assembled seed key.
Further, the KMC of step b KMC is the input of hash function with the user ID, calculate the hash value H_ID of this sign, and make up with H_ID and to choose ordered series of numbers, choose and add computing from seed private key seedsk and generate user ID private key isk through mould, and, offer the user who has this sign with its secure storage areas that writes key device.
Preferably, the described ordered series of numbers of choosing is divided into plurality of sections, at first the master key section of seed private key seedsk is chosen with whole ordered series of numbers, then with arbitrary fixedly ordered series of numbers section successively to each minute cipher key sections choose, and will choose the result and carry out mould and add and generate user ID private key isk.
Further, described step c key device starts when using first that initialize routine automatically generates the compound private key csk that is used for digital signature and through the aPK of PKI at random of user ID private key isk signature SIG, comprising:
1) utilizes randomizer to generate one section random sequence conduct private key ask at random, and generate the corresponding with it aPK of PKI at random by the computing of elliptic curve group scalar multiplication;
2) private key ask and user ID private key isk add the compound private key csk of generation by mould at random;
3) with user ID private key isk PKI aPK is at random made the aPK of PKI at random after digital signature generates digital signature SIG
As a kind of preferred implementation, further, also comprise step e, generate the standard digital signed data with compound private key csk, submit third party's notarization of putting on record to.
As another kind of preferred implementation, further, also comprise step f, the KMC of KMC utilizes user ID to pass through another one seed private key seedsk 2Generate sign private key isk 2, and write same key device, be used for one-pass key exchange, key escrow and recovery.
Further, announce seed PKI seedPK and seed PKI seedPK 2, the sign PKI iPK that is used to calculate the composite public key cPK of digital signature and is used for cipher key change 2Described seed PKI seedPK 2By seed private key seedsk 2Generate through the computing of elliptic curve group scalar multiplication.
As another kind of preferred implementation, further, with seed PKI seedPK and seed PKI seedPK 2The secure storage areas that writes chip is interior to satisfy particular demands, as single-chip solution, specific security requirement etc.
The present invention is by providing by the compound private key that is used for digital signature, in abundant assurance, when strengthening the every function of Verification System, the real realization produced voluntarily by the user, the control figure signature key, thereby satisfying the relevant electronic signature of relevant law, to make data proprietary and by the regulation requirement of my control for the signer, further, generate the sign private key by another one seed private key, and write same key device, be used for the one-pass key exchange, key escrow and recovery, insoluble always one-pass key exchange of PKI Verification System and key escrow have thoroughly been solved, recover a difficult problem, the present invention program is simple, applied widely, it is convenient to manipulate.
Description of drawings
Fig. 1 is the exclusive control method preferred embodiment of a digital cipher of the present invention flow chart;
Fig. 2 chooses pattern diagram for seed key of the present invention;
Fig. 3 is composite public key computational process figure of the present invention;
Wherein, ∑ ++ the computing of expression elliptic curve group scalar multiplication, ∑+expression mould n integer arithmetic .G represents the elliptic curve group scalar multiplication,
Figure 2011101197672100002DEST_PATH_IMAGE001
Represent secret part,
Figure 298016DEST_PATH_IMAGE002
The open part of expression, Sig represents the digital signature operation.
Embodiment
In order to make purpose of the present invention, technical scheme and advantage clearer,, the present invention is described in further details below in conjunction with drawings and Examples.
1, makes up seed key and seed public key sets
Seed key is the calculating base that the CPK system is used to calculate tagged keys, is made of seed PKI seedPK and seed private key seedsk, and wherein, seed private key seedsk is used to generate user ID private key isk by the secret keeping of the KMC of KMC; Seed PKI seedPK can disclose, and is used to calculate user's sign PKI iPK.
The seed public key sets of indication is formed by 2 seed PKI set among the present invention, and one of them is used to calculate digital signature PKI cPK, and another is used for the calculating of the sign PKI of cipher key change.The key that is used for digital signature and checking and the key that is used for cipher key change to generating, are for the consideration that prevents to replace attack by different seed keys.
Resist the ability of decoding attack in order to strengthen the CPK system, this method is divided into a plurality of cipher key sections based on the linear transformation principle with seed key.Implementation step comprises:
The form and the building mode of A, the KMC of KMC definition seed key (comprising seed private key seedsk and seed PKI seedPK), as cipher key sections length (length and anti-attack ability are proportional) quantity (2--N is divided cipher key sections comprising a master key section and at least one).
B, regulation are chosen pattern, at first the master key section is chosen with the whole sequence of choosing, then use from H_ID choose the sequence specify one fixedly the ordered series of numbers section successively each cipher key sections is chosen, at last selected numerical value is carried out mould and adds, draw user ID private key isk, as shown in Figure 2; The described ordered series of numbers of choosing is made up by H_ID, and described H_ID is that the KMC of KMC is the input of hash function with the user ID, calculates the hash value of this sign.
Preferably, for guaranteeing that seed key generates quality (randomness), the KMC of KMC utilizes randomizer to generate random sequence as seed private key seedsk, and calculates corresponding with it seed PKI seedPK by the elliptic curve group scalar multiplication.
Preferably, the seed key generating mode can be taked to concentrate and generate or segmentation generation dual mode.Concentrated generation refers to the seed key sequence of disposable generation Len req, then its logical division is become a plurality of seed key sections.It then is to generate independently cipher key sections earlier that segmentation generates, and again it is assembled seed key, and the two effect is identical, and to concentrate generation comparatively easy.
2, compound private key generates
Compound private key (csk) by the sign private key and at random private key two parts be composited, be mainly used in digital signature, also can support two-way cipher key change, by the disposable automatic generation of key device.As shown in Figure 1, concrete steps are as follows:
A, the KMC of KMC utilize user ID to pass through seed private key seedsk and generate user ID private key isk, and it is write key device and is distributed to the user.
Preferably, if any the one-pass key switching requirement, the KMC of KMC need be expressed as seedsk and seedsk with two different seed private keys 2, and generate two sign private key isk and isk respectively 2Wherein isk is used to generate compound private key csk, isk 2Be directly used in cipher key change, and it is write same key device respectively provide to the user.Adopt different seed keys to generate isk and isk2 respectively, main for the consideration that prevents to replace attack.
Described key device is mainly used in the protection private key for user, and its hardware core is a slice safety chip, can be packaged into variforms such as USB-key, IC-card, TF card.Except that general physical devices such as microprocessor, memory, randomizer, also comprise the various algorithms and the agreement of special chip operating system (COS) and digital signature supporting and cipher key change in the chip.Compound private key generating run involved in the present invention is mainly finished by predefined initialize routine in key device automatically.
B, when using key device first, system will start initialize routine voluntarily, automatically generate the compound private key csk that is used for digital signature.Detailed process is as follows:
1) start random sequence that randomizer in the safety chip generates one section length-specific as private key ask at random, buffer memory is standby;
2) calculate and the corresponding PKI at random of private key ask aPK at random by the elliptic curve group scalar multiplication with private key ask at random, buffer memory is standby;
3) user ID private key isk is added by mould with private key ask at random generate compound private key csk;
4) with user ID private key isk PKI aPK is at random made digital signature, and the aPKSIG of PKI at random after the digital signature is deposited in the secure storage areas of chip;
5) compound private key csk is write the secure storage areas of chip;
6) destroy the interior user ID private key isk of buffer area;
7) ask of private key at random in the destruction buffer area and PKI aPK at random;
So far, compound private key generative process finishes.At this moment, only be useful in the chip place of safety the compound private key csk of digital signature and be used for digital signature that composite public key cPK calculates after the aPK of PKI at random SIG,, also comprise sign private key isk as supporting the one-pass key exchange 2
As a kind of optimal way, cause duplication of production or forgery user's digital signature keys in order to prevent the KMC of KMC because of the work carelessness, spy of the present invention has increased the third party and has put, put to the proof link on record, comprising:
The common identification of A, KMC and user is a certain to have the mechanism of public credibility as number signature evidence sample preservation, discriminating and arbitration organ;
After B, user finish the key devices initialization, should in the prescribed time-limit, carry out digital signature to specified data, and submit to this mechanism to file the signing messages that generates and put on record with compound private key csk;
C, in case dispute occurs, the user can submit to this arbitration organ to differentiate the relevant evidence data.
3, composite public key calculates
In the CPK system, sign PKI iPK is that the seed PKI seedPK that utilizes user ID to pass through externally to announce calculates and obtains, and the aPK of PKI at random after the composite public key cPK digital signature that to be sign PKI iPK and signer provide with signed data SIGBe composited,, therefore do not need the support of online certificate repository because computational process is proof procedure.As shown in Figure 3, concrete steps are as follows:
1) iPK calculates: utilize hash function (hash function) that sign ID is calculated H_ID, make up with H_ID and to choose ordered series of numbers, calculate through the elliptic curve group scalar multiplication by seed private key seedsk from seed PKI seedPK(generate) choose and generate sign PKI iPK through the computing of elliptic curve group scalar multiplication;
2) aPK that provides with sign PKI iPK checking the other side SIGDigital signature;
3) then will identify the aPK of PKI at random after PKI iPK and the digital signature if the verification passes SIGMutually compound, generate composite public key cPK.
In view of compound private key csk is difficult to support the one-pass key exchange, the present invention's regulation is by independently seed private key seedsk of the KMC of KMC 2Generate another one sign private key isk 2, and with compound private key csk and digital signature after the aPK of PKI at random SIGWrite key device in the lump.The user can use the other side's the user ID and the seed PKI seedPK of announcement 2Directly calculate corresponding identification PKI iPK with it 2Be used for cipher key change.Isk 2Except that can be used for the one-pass key exchange, also can support two-way cipher key change more quickly and easily, and digital signature (applied environment that data need not signer's control is made in electronic signature).The big benefit of another of this method is to have simplified the user key trustship greatly and resume work.The KMC of KMC only need preserve the seedsk that is used to generate the user ID private key 2, need not to back up one by one private key for user.Lose when need recovering when the user ID private key, only need with sign ID and seedsk 2Can calculate this user's sign private key isk 2Thereby, greatly alleviated the burden of the KMC of KMC.
The present invention has carried out further detailed description for execution mode or embodiment to the purpose, technical solutions and advantages of the present invention; institute is understood that; above only is preferred implementation of the present invention for execution mode or embodiment; not in order to restriction the present invention; all within the spirit and principles in the present invention to any modification that the present invention did, be equal to replacement, improvement etc., all should be included within protection scope of the present invention.

Claims (11)

1. the Verification System implementation method of the exclusive control of a digital signature supporting key is characterized in that, comprising:
Step a. makes up the seed key that is made of a plurality of cipher key sections, contains seed PKI seedPK and seed private key seedsk;
The KMC of step b. KMC utilizes user ID to generate user ID private key isk and write key device by seed private key seedsk;
The step c key device starts initialize routine and generates compound private key csk and the aPK of PKI at random after user ID private key isk digital signature that is used for digital signature automatically when using first SIG
Steps d. with the aPK of PKI at random after compound private key csk and the digital signature SIGWrite in the secure storage areas of key device, and destroy user ID private key isk and process data.
2. according to the Verification System implementation method of the exclusive control of the described digital signature supporting key of claim 1, it is characterized in that, the described seed private key of step a seedsk is a random sequence of utilizing randomizer to generate, and seed PKI seedPK is generated through the computing of elliptic curve group scalar multiplication by seed private key seedsk.
3. according to the Verification System implementation method of claim 1 or the exclusive control of 2 described digital signature supporting keys, it is characterized in that the described seed key of step a is made of a master key section and at least one branch cipher key sections.
4. according to the Verification System implementation method of the exclusive control of the described digital signature supporting key of claim 3, it is characterized in that the described seed key of step a adopts to concentrate and generates or the segmentation generating mode; Described concentrated generation refers to the seed key sequence of disposable generation Len req, then its logical division is become a plurality of seed key sections; It is to generate independently cipher key sections earlier that described segmentation generates, and then again it is assembled seed key.
5. according to the Verification System implementation method of the exclusive control of the described digital signature supporting key of claim 1, it is characterized in that, the KMC of step b KMC is the input of hash function with the user ID, calculate the hash value H_ID of this sign, and make up with H_ID and to choose ordered series of numbers, choose and add computing from seed private key seedsk and generate user ID private key isk through mould.
6. according to the Verification System implementation method of the exclusive control of the described digital signature supporting key of claim 5, it is characterized in that, the described ordered series of numbers of choosing is divided into plurality of sections, at first the master key section of seed private key seedsk is chosen with whole ordered series of numbers, then with arbitrary fixedly ordered series of numbers section successively to each minute cipher key sections choose, and will choose the result and carry out mould and add and generate user ID private key isk.
7. according to the Verification System implementation method of the exclusive control of the described digital signature supporting key of claim 1, it is characterized in that described step c key device starts initialize routine and generates compound private key csk and the aPK of PKI at random behind user ID private key isk signature that is used for digital signature automatically when using first SIG, comprising:
1) utilizes randomizer to generate one section random sequence conduct private key ask at random, and generate the corresponding with it aPK of PKI at random by the computing of elliptic curve group scalar multiplication;
2) private key ask and user ID private key isk add the compound private key csk of generation by mould at random;
3) with user ID private key isk PKI aPK is at random made the aPK of PKI at random after digital signature generates digital signature SIG
8. according to the Verification System implementation method of the exclusive control of the described digital signature supporting key of claim 1, it is characterized in that, also comprise step e, generate the standard digital signed data, submit third party's notarization of putting on record to compound private key csk.
9. according to the Verification System implementation method of claim 1 or the exclusive control of 8 described digital signature supporting keys, it is characterized in that, also comprise step f, the KMC of KMC utilizes user ID to pass through another one seed private key seedsk 2Generate sign private key isk 2, and write same key device, be used for one-pass key exchange, key escrow and recovery.
10. according to the Verification System implementation method of the exclusive control of the described digital signature supporting key of claim 9, it is characterized in that, announce seed PKI seedPK and seed PKI seedPK 2, the sign PKI iPK that is used to calculate the composite public key cPK of digital signature and is used for cipher key change 2Described seed PKI seedPK 2By seed private key seedsk 2Generate through the computing of elliptic curve group scalar multiplication.
11. the Verification System implementation method according to the exclusive control of the described digital signature supporting key of claim 9 is characterized in that, with seed PKI seedPK and seed PKI seedPK 2Write in the secure storage areas of chip.
CN2011101197672A 2011-05-10 2011-05-10 Authentication system realizing method supporting exclusive control of digital signature key Expired - Fee Related CN102170356B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2011101197672A CN102170356B (en) 2011-05-10 2011-05-10 Authentication system realizing method supporting exclusive control of digital signature key

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2011101197672A CN102170356B (en) 2011-05-10 2011-05-10 Authentication system realizing method supporting exclusive control of digital signature key

Publications (2)

Publication Number Publication Date
CN102170356A true CN102170356A (en) 2011-08-31
CN102170356B CN102170356B (en) 2013-12-04

Family

ID=44491341

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2011101197672A Expired - Fee Related CN102170356B (en) 2011-05-10 2011-05-10 Authentication system realizing method supporting exclusive control of digital signature key

Country Status (1)

Country Link
CN (1) CN102170356B (en)

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102571355A (en) * 2012-02-02 2012-07-11 飞天诚信科技股份有限公司 Method and device for importing secret key without landing
CN103346883A (en) * 2013-06-19 2013-10-09 天地融科技股份有限公司 Method and device for initializing electronic signature tool
CN104821884A (en) * 2015-05-14 2015-08-05 收付宝科技有限公司 Private key protection method based on asymmetric secret key system
CN104901804A (en) * 2014-08-28 2015-09-09 赵捷 User autonomy-based identity authentication implementation method
CN105577373A (en) * 2015-12-15 2016-05-11 四川长虹电器股份有限公司 Generating method of identification secret key
CN108632031A (en) * 2017-03-23 2018-10-09 三星Sds株式会社 Key generating device and method, encryption device and method
CN108683506A (en) * 2018-05-02 2018-10-19 济南浪潮高新科技投资发展有限公司 A kind of applying digital certificate method, system, mist node and certificate authority
CN109067545A (en) * 2018-08-10 2018-12-21 航天信息股份有限公司 Key management method, device and storage medium
CN109194465A (en) * 2018-09-30 2019-01-11 巍乾全球技术集团有限责任公司 For managing method, user equipment, management equipment, storage medium and the computer program product of key
CN109412810A (en) * 2019-01-03 2019-03-01 李维刚 A kind of key generation method based on mark
TWI666908B (en) * 2018-04-27 2019-07-21 來毅數位科技股份有限公司 Key management method and system
CN111277417A (en) * 2020-01-15 2020-06-12 浙江华云信息科技有限公司 Electronic signature implementation method based on national network security technology architecture
CN111988147A (en) * 2020-08-20 2020-11-24 上海万向区块链股份公司 Combined signature and signature verification method, system and storage medium
CN112712357A (en) * 2020-12-30 2021-04-27 普华云创科技(北京)有限公司 Multi-mechanism multi-chain multi-currency multi-account private key management method and system
CN113259097A (en) * 2021-05-13 2021-08-13 晋商博创(北京)科技有限公司 CPK-based key generation method and device capable of multi-state configuration
CN114666063A (en) * 2022-03-21 2022-06-24 矩阵时光数字科技有限公司 Traditional Hash algorithm-based digital asset tracing method

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107493166A (en) * 2016-06-13 2017-12-19 阿里巴巴集团控股有限公司 The storage and read method of a kind of private key, device and server

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1768503A (en) * 2003-02-06 2006-05-03 梅里迪财务软件公司 Method for setting up a secure connection using public and private key generated in user terminal
US20060184786A1 (en) * 2005-02-14 2006-08-17 Tricipher, Inc. Technique for asymmetric crypto-key generation
CN101488853A (en) * 2009-01-15 2009-07-22 赵建国 Cross-certification method based on seed key management
CN101938473A (en) * 2010-08-24 2011-01-05 北京易恒信认证科技有限公司 Single-point login system and single-point login method

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1768503A (en) * 2003-02-06 2006-05-03 梅里迪财务软件公司 Method for setting up a secure connection using public and private key generated in user terminal
US20060184786A1 (en) * 2005-02-14 2006-08-17 Tricipher, Inc. Technique for asymmetric crypto-key generation
CN101488853A (en) * 2009-01-15 2009-07-22 赵建国 Cross-certification method based on seed key management
CN101938473A (en) * 2010-08-24 2011-01-05 北京易恒信认证科技有限公司 Single-point login system and single-point login method

Cited By (22)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102571355A (en) * 2012-02-02 2012-07-11 飞天诚信科技股份有限公司 Method and device for importing secret key without landing
CN103346883A (en) * 2013-06-19 2013-10-09 天地融科技股份有限公司 Method and device for initializing electronic signature tool
CN103346883B (en) * 2013-06-19 2016-12-28 天地融科技股份有限公司 A kind of method and device initializing electric signing tools
CN104901804A (en) * 2014-08-28 2015-09-09 赵捷 User autonomy-based identity authentication implementation method
CN104821884A (en) * 2015-05-14 2015-08-05 收付宝科技有限公司 Private key protection method based on asymmetric secret key system
CN104821884B (en) * 2015-05-14 2019-01-22 收付宝科技有限公司 Private key protection method based on unsymmetrical key system
CN105577373B (en) * 2015-12-15 2018-10-19 四川长虹电器股份有限公司 Identify the generation method of secret key
CN105577373A (en) * 2015-12-15 2016-05-11 四川长虹电器股份有限公司 Generating method of identification secret key
CN108632031A (en) * 2017-03-23 2018-10-09 三星Sds株式会社 Key generating device and method, encryption device and method
TWI666908B (en) * 2018-04-27 2019-07-21 來毅數位科技股份有限公司 Key management method and system
CN108683506A (en) * 2018-05-02 2018-10-19 济南浪潮高新科技投资发展有限公司 A kind of applying digital certificate method, system, mist node and certificate authority
CN108683506B (en) * 2018-05-02 2021-01-01 浪潮集团有限公司 Digital certificate application method, system, fog node and certificate authority
CN109067545A (en) * 2018-08-10 2018-12-21 航天信息股份有限公司 Key management method, device and storage medium
CN109194465A (en) * 2018-09-30 2019-01-11 巍乾全球技术集团有限责任公司 For managing method, user equipment, management equipment, storage medium and the computer program product of key
CN109412810A (en) * 2019-01-03 2019-03-01 李维刚 A kind of key generation method based on mark
CN111277417A (en) * 2020-01-15 2020-06-12 浙江华云信息科技有限公司 Electronic signature implementation method based on national network security technology architecture
CN111277417B (en) * 2020-01-15 2023-12-29 浙江华云信息科技有限公司 Electronic signature implementation method based on national network security technology architecture
CN111988147A (en) * 2020-08-20 2020-11-24 上海万向区块链股份公司 Combined signature and signature verification method, system and storage medium
CN112712357A (en) * 2020-12-30 2021-04-27 普华云创科技(北京)有限公司 Multi-mechanism multi-chain multi-currency multi-account private key management method and system
CN113259097A (en) * 2021-05-13 2021-08-13 晋商博创(北京)科技有限公司 CPK-based key generation method and device capable of multi-state configuration
CN114666063A (en) * 2022-03-21 2022-06-24 矩阵时光数字科技有限公司 Traditional Hash algorithm-based digital asset tracing method
CN114666063B (en) * 2022-03-21 2023-09-19 矩阵时光数字科技有限公司 Digital asset tracing method based on traditional hash algorithm

Also Published As

Publication number Publication date
CN102170356B (en) 2013-12-04

Similar Documents

Publication Publication Date Title
CN102170356B (en) Authentication system realizing method supporting exclusive control of digital signature key
JP7472338B2 (en) Pseudorandom number generation in blockchain
Yin et al. An anti-quantum transaction authentication approach in blockchain
KR102409819B1 (en) Distributed transaction propagation and verification system
Goyal et al. Storing and retrieving secrets on a blockchain
US10846372B1 (en) Systems and methods for trustless proof of possession and transmission of secured data
JP7428704B2 (en) Computer-implemented systems and methods for transferring access to digital resources
CN111064734B (en) Block chain system user identity anonymity and traceable method, corresponding storage medium and electronic device
JP7231630B2 (en) Blockchain-implemented security systems and methods for blinded consequent selection
CN110034917A (en) A kind of alliance's chain data processing method and device based on homomorphic encryption algorithm
WO2020051710A1 (en) System and process for managing digitized security tokens
CN110784320A (en) Distributed key implementation method and system and user identity management method and system
Saranya et al. Efficient mobile security for E health care application in cloud for secure payment using key distribution
El Defrawy et al. Founding digital currency on secure computation
US11676111B1 (en) Apparatuses and methods for determining and processing dormant user data in a job resume immutable sequential listing
Kuykendall et al. Cryptography for# metoo
Li et al. Astraea: Anonymous and secure auditing based on private smart contracts for donation systems
Li et al. Non-equivocation in blockchain: double-authentication-preventing signatures gone contractual
Ye et al. A Coercion-Resistant E-Voting System Based on Blockchain Technology
Li et al. A forward-secure certificate-based signature scheme
CN110363528A (en) Cooperate with generation, trading signature method and device, the storage medium of address
Espel et al. Proposal for protocol on a quorum blockchain with zero knowledge
CN113139209A (en) Verifiable credential implementation method and system based on atomic signature
Lu et al. Self-tallying e-voting with public traceability based on blockchain
US11856095B2 (en) Apparatus and methods for validating user data by using cryptography

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20131204

Termination date: 20200510

CF01 Termination of patent right due to non-payment of annual fee