CN105978690B - A kind of safety method and system based on asymmetric key pair - Google Patents

A kind of safety method and system based on asymmetric key pair Download PDF

Info

Publication number
CN105978690B
CN105978690B CN201610517022.4A CN201610517022A CN105978690B CN 105978690 B CN105978690 B CN 105978690B CN 201610517022 A CN201610517022 A CN 201610517022A CN 105978690 B CN105978690 B CN 105978690B
Authority
CN
China
Prior art keywords
certificate
key
unique identification
public
reservoir
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610517022.4A
Other languages
Chinese (zh)
Other versions
CN105978690A (en
Inventor
杜立翠
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hengbao Co Ltd
Original Assignee
Hengbao Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hengbao Co Ltd filed Critical Hengbao Co Ltd
Priority to CN201610517022.4A priority Critical patent/CN105978690B/en
Publication of CN105978690A publication Critical patent/CN105978690A/en
Application granted granted Critical
Publication of CN105978690B publication Critical patent/CN105978690B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/068Network architectures or network communication protocols for network security for supporting key management in a packet data network using time-dependent keys, e.g. periodically changing keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a kind of safety method and system based on asymmetric key pair, is related to computer application technology, for simplifying the operating process of asymmetric key pair, guarantees the safety of COS.The safety method includes: to be instructed to generate certificate according to generation, and asymmetric key pair corresponding with certificate, asymmetric key pair includes corresponding public-key cryptography and private cipher key;Certificate is stored in certificate reservoir;Public-key cryptography, private cipher key unique identification and certificate unique identification are stored in the first reservoir;Public-key cryptography unique identification, certificate unique identification and private cipher key are stored in the second reservoir;Private cipher key unique identification is associated with private cipher key, and certificate unique identification is associated with certificate;Public-key cryptography unique identification is associated with public-key cryptography;Signal is connected each other for certificate reservoir, the first reservoir and the second reservoir;Using the asymmetric key pair and certificate of generation.The present invention is for encrypting or decrypting to data.

Description

A kind of safety method and system based on asymmetric key pair
Technical field
The present invention relates to computer technology application field more particularly to a kind of safety method based on asymmetric key pair and System.
Background technique
With the development and application of Internet of Things and ubiquitous network technology, the information security under network environment is particularly important. Currently, the core to ensure information security is the key management of cryptosystem, and the safety certification being consequently formed and encryption are led to Letter system protects the safety of information for example, by using the mode of asymmetric key pair.
Specifically, asymmetric key pair includes a pair of different key (public-key cryptography and private cipher key), if with open Data key is encrypted, and could only be decrypted with corresponding private cipher key;If encrypted with private cipher key pair data, So it could only be decrypted with corresponding public-key cryptography.By the above it is found that the public-key cryptography of unsymmetrical key centering and private Have key that must occur in pairs, if therefore the operation such as generated, updated and deleted to public-key cryptography, it is also necessary to it is opposite to its The private cipher key answered such as is generated, updated and is deleted at the operation.
But since public-key cryptography is different from the storage location of private cipher key, cannot disposably complete to public-key cryptography and The processing of private cipher key, so that the process operated to asymmetric key pair is complicated;And to public-key cryptography or private cipher key During being operated, it is easy to produce data remanence, these remaining data can interfere other public-key cryptography or privately owned close The pairing of key uses, and then influences the management of chip operating system (Chip Operating System, hereinafter referred to as COS).
Summary of the invention
The purpose of the present invention is to provide a kind of safety method and system based on asymmetric key pair, it is non-right for simplifying Claim the operating process such as generation, update, the deletion of key pair, and then guarantees the safety of COS.
In order to achieve the above objectives, the present invention adopts the following technical scheme:
The first aspect of the present invention provides a kind of safety method based on asymmetric key pair, should be based on unsymmetrical key Pair safety method include:
S11, generation certificate, and asymmetric key pair corresponding with certificate, asymmetric key pair are instructed according to generation Including corresponding public-key cryptography and private cipher key.
S12, certificate is stored in certificate reservoir;Public-key cryptography, private cipher key unique identification and certificate are uniquely marked Knowledge is stored in the first reservoir.By public-key cryptography unique identification, certificate unique identification and institute corresponding with public-key cryptography Private cipher key is stated to be stored in the second reservoir.Wherein, private cipher key unique identification is associated with private cipher key, and certificate is uniquely marked Knowledge is associated with the certificate, and public-key cryptography unique identification is associated with public-key cryptography.Certificate reservoir, the first reservoir and Signal is connected two reservoirs each other.
S13, asymmetric key pair and certificate using generation.
Safety method provided by the invention based on asymmetric key pair include the steps that it is as described above so that right It, can also be to the private cipher key unique identification and certificate in the first reservoir when public-key cryptography in first reservoir operates Unique identification carries out corresponding operation, and since signal is connect each other for the first reservoir, the second reservoir and certificate reservoir, private There is key unique identification associated with private cipher key, certificate unique identification is associated with certificate, therefore, in the first reservoir Corresponding private cipher key and certificate after private cipher key unique identification and certificate unique identification make operation, in the second reservoir Also corresponding operation is just completed, the certificate in certificate reservoir also completes corresponding operation, is completed at this time to open The operation of key, private cipher key and certificate.Same reason, after the content stored in the second reservoir operates, the The content stored in one reservoir and certificate reservoir also will do it corresponding operation.Therefore, compared with prior art, in this hair The process operated in bright to asymmetric key pair is simple, and in the process operated to public-key cryptography or private cipher key In, data remanence will not be generated, so that COS is easy management.
Further include between above-mentioned steps S12 and S13 verifying private cipher key storage location and public-key cryptography storage location whether It is associated:
When private cipher key storage location and associated public-key cryptography storage location, the private cipher key and public-key cryptography conduct Asymmetric key pair.
When the private cipher key storage location of generation is unrelated to the public-key cryptography storage location, it is non-right to forbid generating Claim key pair.
Safety method based on asymmetric key pair further include: delete asymmetric key pair and card according to deleting to instruct Book.
According to deleting, asymmetric key pair is deleted in instruction and certificate includes:
The public-key cryptography being stored in the first reservoir and private cipher key unique identification and card are deleted according to instruction is deleted Book unique identification;Private cipher key associated with private cipher key unique identification is identified according to private cipher key unique identification, deletes storage There are the private cipher keys in the second reservoir;Certificate associated with certificate unique identification is identified according to certificate unique identification, is deleted Except the certificate being stored in certificate reservoir.
According to deleting, asymmetric key pair is deleted in instruction and certificate includes:
The private cipher key being stored in the second reservoir and public-key cryptography unique identification and card are deleted according to instruction is deleted Book unique identification;Public-key cryptography associated with public-key cryptography unique identification is identified according to public-key cryptography unique identification, deletes storage There are the public-key cryptography in the first reservoir;Certificate associated with certificate unique identification is identified according to certificate unique identification, is deleted Except the certificate being stored in certificate reservoir.
Safety method based on asymmetric key pair further include:
Asymmetric key pair and certificate are updated according to more new command;Using the certificate and new unsymmetrical key of update It is right;Delete old certificate and old asymmetric key pair.
Asymmetric key pair is updated according to more new command and certificate includes:
S21, certificate is updated according to more new command.
S22, new asymmetric key pair corresponding with the certificate updated is generated according to more new command.
S23, the certificate of update is stored in certificate reservoir;New public-key cryptography, new private cipher key are uniquely marked The certificate unique identification known and updated is stored in the first reservoir;By new private cipher key, new public-key cryptography unique identification It is stored in the second reservoir with the certificate unique identification of update;Wherein, new private cipher key unique identification and newly privately owned close Key is associated, and the certificate unique identification of update is associated with the certificate of update, new public-key cryptography unique identification and public-key cryptography It is associated.
It deletes old certificate and old asymmetric key pair includes:
Old certificate is deleted, old certificate unique identification associated with old certificate is deleted;It deletes and old certificate phase Corresponding old public-key cryptography deletes old public-key cryptography unique identification associated with old public-key cryptography;It deletes and old The corresponding old private cipher key of public-key cryptography deletes old private cipher key unique identification associated with old private cipher key.
The second aspect of the present invention provides a kind of security system based on asymmetric key pair, described based on asymmetric close Key security system be suitable for the invention the safety method described in first aspect based on asymmetric key pair, it is described to be based on The security system of asymmetric key pair includes: trigger module, and the generation module being connected with trigger module is connected with generation module Storage module, and the application module being connected with storage module.Storage module include: the certificate reservoir that signal is connected each other, First reservoir and the second reservoir.Wherein, for trigger module for generating triggering command, triggering command includes generating instruction, raw It is used to be instructed according to generation at module and generates asymmetric key pair and certificate.
Certificate reservoir is for storing certificate;First reservoir for store public-key cryptography, private cipher key unique identification and Certificate unique identification;Second reservoir is for storing private cipher key, public-key cryptography unique identification and certificate unique identification;Wherein, Public-key cryptography is associated with public-key cryptography unique identification, and private cipher key is associated with private cipher key unique identification, certificate and certificate Unique identification is associated.
Application module is used to apply asymmetric key pair and certificate.
The beneficial effect of the second aspect of the present invention and the beneficial effect of the first aspect of the present invention are identical, no longer superfluous herein It states.
Security system based on asymmetric key pair further includes removing module and/or update module, removing module and triggering Module is connected with storage module, and update module is connected with trigger module and storage module, triggering command further include delete instruction and/ Or more new command.Wherein,
Removing module is used to delete generated asymmetric key pair and certificate according to deletion instruction.
Update module is used to update certificate according to more new command, generates new asymmetric key pair, wherein the certificate of update It is corresponding with new asymmetric key pair.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, embodiment will be described below Needed in attached drawing be briefly described, it should be apparent that, the accompanying drawings in the following description is only of the invention some Embodiment for those of ordinary skill in the art without creative efforts, can also be attached according to these Figure obtains other attached drawings.
Fig. 1 is the flow chart one of the safety method based on asymmetric key pair in the embodiment of the present invention one;
Fig. 2 is the flowchart 2 of the safety method based on asymmetric key pair in the embodiment of the present invention one;
Fig. 3 is the structure chart of the security system of the asymmetric key pair in the embodiment of the present invention two.
Description of symbols:
1- trigger module;2- generation module;3- storage module;
4- application module.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete Site preparation description, it is clear that described embodiments are some of the embodiments of the present invention, instead of all the embodiments.Based on this hair Embodiment in bright, every other implementation obtained by those of ordinary skill in the art without making creative efforts Example, shall fall within the protection scope of the present invention.
Embodiment one
The embodiment of the invention provides a kind of safety methods based on unsymmetrical key, as shown in Figure 1, above-mentioned based on non-right Claim key pair safety method include:
S11, generation certificate, and asymmetric key pair corresponding with certificate, asymmetric key pair are instructed according to generation Including corresponding public-key cryptography and private cipher key.
S12, certificate is stored in certificate reservoir;Public-key cryptography, private cipher key unique identification and certificate are uniquely marked Knowledge is stored in the first reservoir.Private cipher key, public-key cryptography unique identification and certificate unique identification are stored in the second storage In device.Wherein, private cipher key unique identification is associated with private cipher key, and certificate unique identification is associated with certificate, and key is unique It identifies associated with public-key cryptography.Signal is connected each other for certificate reservoir, the first reservoir and the second reservoir.
S13, asymmetric key pair and certificate using generation.
Wherein, the public-key cryptography and private cipher key of unsymmetrical key centering occur in pairs, if with public-key cryptography pair The data encryption to maintain secrecy, the data deciphering that can only be maintained secrecy with private cipher key pair corresponding with public-key cryptography; If the data encryption to be maintained secrecy using private cipher key pair, it can only be decrypted with corresponding public-key cryptography.
Safety method provided by the invention based on asymmetric key pair include the steps that it is as described above so that right It, can also be to the private cipher key unique identification and certificate in the first reservoir when public-key cryptography in first reservoir operates Unique identification carries out corresponding operation, and since signal connects each other for the first reservoir, the second reservoir and certificate reservoir, private There is key unique identification associated with private cipher key, certificate unique identification is associated with certificate, therefore, in the first reservoir Corresponding private cipher key and certificate after private cipher key unique identification and certificate unique identification make operation, in the second reservoir Also corresponding operation is just completed, the certificate in certificate reservoir also completes corresponding operation, is completed at this time to open The operation of key, private cipher key and certificate.Same reason, after the content stored in the second reservoir operates, the The content stored in one reservoir and in certificate reservoir also will do it corresponding operation.Therefore, compared with prior art, at this The process operated in invention to asymmetric key pair is simple, and in the process operated to public-key cryptography or private cipher key In, data remanence will not be generated, so that COS is easy management.
It is existing for the clearer safety method for introducing asymmetric key pair in the present embodiment for example:
There are many ways to generating certificate 0x01, generating certificate 0x01 is instructed according to generating, the present embodiment can preferably lead to The mode for crossing downloading generates certificate, generates asymmetric key pair, this asymmetric key pair is corresponding with certificate 0x01.By certificate 0x01 is stored in certificate reservoir, which is named as ID=0x0001, and ID=0x0001 then indicates certificate at this time Unique identification.Public-key cryptography 0xEF02 is stored in the first reservoir, the first reservoir is named as ID=0xEF02, at this time ID =0xEF02 is public-key cryptography unique identification.Private cipher key 0xEF01 is stored in the second reservoir, the second reservoir life Entitled ID=0xEF01, ID=0xEF01 is private cipher key unique identification at this time.It is also stored in the first reservoir privately owned Key unique ID=0xEF01 and certificate unique ID=0x0001.Likewise, also being stored in the second reservoir Public-key cryptography unique ID=0xEF02 and certificate unique ID=0x0001.Wherein, private cipher key unique ID= 0xEF01 is associated with private cipher key 0xEF01, and certificate unique ID=0x0001 is associated with certificate 0x01, public-key cryptography Unique ID=0xEF02 is associated with public-key cryptography 0xEF02.Certificate reservoir, the first reservoir and the second reservoir that The connection of this signal.It at this time can be right using the certificate 0x01 and unsymmetrical key that generate.
It should be pointed out that certificate and the storage location of asymmetric key pair include but is not limited to store in the present embodiment Device can also store hereof, and the present embodiment is preferably stored in reservoir.
It further include verifying private cipher key storage location between above-mentioned steps S12 and S13 and public-key cryptography storage location is No associated: when private cipher key storage location is associated with public-key cryptography storage location, the private cipher key and public-key cryptography are made For asymmetric key pair;When private cipher key storage location and unrelated public-key cryptography storage location, forbid generating asymmetric Key pair.Data can not be encrypted or be decrypted this avoid not corresponding with private cipher key due to public-key cryptography, be simplified Follow-up work process, so that COS management is simplified.
Illustrate the difference of the prior art and the present embodiment.Assuming that there are two public-key cryptography reservoirs, respectively 0xEF05 reservoir and 0xEF06 reservoir, the ID of two public-key cryptography reservoirs are respectively ID=0xEF05 reservoir and ID= 0xEF06 reservoir;And two private cipher key reservoirs, respectively 0xEF07 reservoir and 0xEF08 reservoir are above-mentioned two The ID of private cipher key reservoir is respectively ID=0xEF07 reservoir and ID=0xEF08 reservoir.Now be intended to generate two pairs it is asymmetric Key pair:
In the prior art, in the unsymmetrical key pair that first time generates, public-key cryptography and private cipher key are separately stored in In 0xEF05 reservoir and 0xEF07 reservoir.And unsymmetrical key clock synchronization is generated at second, public-key cryptography can store again In 0xEF05 reservoir, private cipher key has been stored in 0xEF08 reservoir.It will lead to storage public-key cryptography in this way 0xEF06 reservoir can not be matched with other private cipher key reservoirs and be used, to occupy storage space, be managed subsequent COS Cause trouble.
And in the present embodiment, whether be associated, also if can verify public-key cryptography storage location and private cipher key storage location It is to say, can be associated with 0xEF07 reservoir by 0xEF05 reservoir, 0xEF06 reservoir is associated with 0xEF08 reservoir.I.e. It is generated in unsymmetrical key pair in first time, public-key cryptography and private cipher key are separately stored in 0xEF05 reservoir and 0xEF07 storage In storage, due at this time public-key cryptography reservoir and private cipher key reservoir be it is associated, it is non-right that this can be generated Claim key pair;Generating second of unsymmetrical key clock synchronization, it is assumed that public-key cryptography has been stored again in 0xEF05 reservoir, private There is key to be stored in 0xEF08 reservoir, since 0xEF05 reservoir is unrelated to 0xEF08 reservoir, forbids giving birth to At second of asymmetric key pair.Further, the storage location of the asymmetric key pair generated due to first time is to force to close Connection, data will not occur again, so that second of public-key cryptography generated and private cipher key can only be separately stored in In 0xEF06 reservoir and 0xEF08 reservoir, and then guarantee to generate public-key cryptography storage location and private cipher key storage location phase Association simplifies the management of subsequent COS.
If being needed in use according to deletion instruction by the above-mentioned asymmetric key pair generated and certificate It deletes, then can illustratively be deleted by the following two kinds method:
First method: according to deleting, the public-key cryptography being located in the first reservoir is deleted in instruction, private cipher key is uniquely marked Knowledge and certificate unique identification, since private cipher key unique identification is associated with private cipher key, certificate unique identification is related to certificate Connection, when deleting private cipher key unique identification, private cipher key is also just deleted, and when deleting certificate unique identification, is located at certificate reservoir Interior certificate is also just with deletion.
Second method: according to deleting, the private cipher key being located in the second reservoir is deleted in instruction, public-key cryptography is uniquely marked Knowledge and certificate unique identification, since public-key cryptography unique identification is associated with public-key cryptography, certificate unique identification is related to certificate Connection, therefore when deletion public-key cryptography unique identification, public-key cryptography is also deleted therewith, when deleting certificate unique identification, is located at certificate Certificate in reservoir is also deleted therewith.
In addition, the safety method in the present embodiment based on asymmetric key pair may also include that basis more new command update is non- Symmetric key pair and certificate;Certificate and new asymmetric key pair using update;Delete old certificate and old non- Symmetric key pair.
Further, as shown in Fig. 2, above-mentioned more new command updates asymmetric key pair and certificate specifically includes:
S21, certificate is updated according to more new command.
S22, new asymmetric key pair associated with the certificate updated is generated according to more new command.
S23, the certificate of update is stored in certificate reservoir;New public-key cryptography, new private cipher key are uniquely marked The certificate unique identification known and updated is stored in the first reservoir;By new private cipher key, new public-key cryptography unique identification It is stored in the second reservoir with the certificate unique identification of update;Wherein, new private cipher key unique identification and newly privately owned close Key is associated, and the certificate unique identification of update is associated with the certificate of update, new public-key cryptography unique identification and public-key cryptography It is associated.
The method of the old certificate of above-mentioned deletion and old asymmetric key pair includes: to delete old certificate, delete with it is old The associated old certificate unique identification of certificate;Old public-key cryptography corresponding with old certificate is deleted, is deleted and old The associated old public-key cryptography unique identification of public-key cryptography;Old private cipher key corresponding with old public-key cryptography is deleted, Delete old private cipher key unique identification associated with old private cipher key.At this point, completing old certificate and old The deletion process of asymmetric key pair, the storage space that in this way can also occupy old asymmetric key pair discharges, and is not present The residual of asymmetric key pair so that the public-key cryptography or private cipher key that will not generate to next time interfere, and then simplifies The management of COS.
The present embodiment carries out specifically the detailed process of update for being updated the certificate of above-mentioned generation below It is bright:
Certificate 0x01 is updated to certificate 0x02, replaces old certificate 0x01 using updated certificate 0x02, update Certificate can preferably be updated by downloading mode, generate new asymmetric key pair by the certificate 0x02 of update, and new is non-right Title key pair is 0xEF04 with the certificate 0x02 of update corresponding and new public-key cryptography, corresponding with public-key cryptography 0xEF04 Private cipher key be 0xEF03.At this point, new public-key cryptography unique identification associated with new public-key cryptography 0xEF04 is ID =0xEF04, new private cipher key unique identification associated with new private cipher key EF03 is ID=0xEF03, with update The certificate unique identification of the associated update of certificate 0x02 is ID=0x0002.By new public-key cryptography 0xEF04, new privately owned Key unique ID=0xEF03 and certificate unique ID=0x0002 of update are stored in the first reservoir;It will be new Private cipher key 0xEF03, new public-key cryptography unique ID=0xEF04, update certificate unique ID=0x0002 storage There are in the second reservoir.At this point, can be right using the certificate 0x02 and new unsymmetrical key that update.
Then, old asymmetric key pair can also be deleted in the embodiment of the present invention, discharges storage space, detailed process Are as follows: old certificate 0x01 is deleted, old public-key cryptography 0xEF02 corresponding with old certificate 0x01 is deleted, is deleted and old public affairs Open the corresponding private cipher key 0xEF01 of key 0xEF02;Old certificate unique identification associated at this time, old public-key cryptography Unique identification and old private cipher key unique identification can also delete therewith.
Embodiment two
A kind of security system based on asymmetric key pair is present embodiments provided, based on non-right mentioned by the present embodiment The safety method based on asymmetric key pair for claiming the matched security system of key pair to be suitable for above-described embodiment one, such as Fig. 3 institute Show, the security system based on asymmetric key pair in the present embodiment include: trigger module 1, generation module 2, storage module 3, Application module 4, wherein trigger module 1 includes generating instruction for generating triggering command, triggering command.Generation module 2 and triggering Module 1 is connected, and generation module 2, which is used to be instructed according to generation, generates asymmetric key pair and certificate.Storage module 3 and generation module 2 are connected, and storage module 3 includes certificate reservoir, the first reservoir and the second reservoir that signal is connected each other: certificate reservoir For storing certificate, the first reservoir is for storing public-key cryptography, private cipher key unique identification and certificate unique identification;Second storage Storage is connect with the first reservoir signal, and the second reservoir is for storing private cipher key, public-key cryptography unique identification and certificate only One mark, wherein public-key cryptography is associated with public-key cryptography unique identification, and private cipher key is related to private cipher key unique identification Connection, certificate are associated with certificate unique identification.Application module 4 is connected with storage module 3, and it is asymmetric that application module 4 is used for application Key pair and certificate.
Since asymmetric key pair is corresponding with certificate, and certificate is associated with certificate unique identification, asymmetric key pair In public-key cryptography it is associated with public-key cryptography unique identification, the private cipher key of unsymmetrical key centering is uniquely marked with private cipher key Sensible association, therefore, when do exercises to certificate make when, asymmetric key pair corresponding thereto is also made that corresponding operation, from It is stored in space without remaining in data information, convenient for release storage space;It, will not be right due to no remaining data The pairing use of other public-key cryptography or private cipher key interferes, and then is convenient for the management of COS.
The security system based on asymmetric key pair in the present embodiment further includes removing module and/or update module, is deleted Except module is connected with trigger module and storage module, update module is connected with trigger module and storage module.Triggering command is also wrapped Include deletion instruction and/or more new command, wherein removing module is used to delete generated asymmetric key pair according to deletion instruction And certificate;Update module is used to update certificate according to more new command, generates new asymmetric key pair, wherein the certificate of update It is corresponding with new asymmetric key pair.
The above description is merely a specific embodiment, but scope of protection of the present invention is not limited thereto, any Those familiar with the art in the technical scope disclosed by the present invention, can easily think of the change or the replacement, and should all contain Lid is within protection scope of the present invention.Therefore, protection scope of the present invention should be based on the protection scope of the described claims.

Claims (9)

1. a kind of safety method based on asymmetric key pair characterized by comprising
S11, certificate is generated according to generation instruction, and asymmetric key pair corresponding with certificate, asymmetric key pair include Corresponding public-key cryptography and private cipher key;
S12, certificate is stored in certificate reservoir;Public-key cryptography, private cipher key unique identification and certificate unique identification are stored up There are in the first reservoir;Public-key cryptography unique identification, certificate unique identification and private cipher key are stored in the second reservoir It is interior;Wherein, private cipher key unique identification is associated with private cipher key, and certificate unique identification is associated with certificate, and public-key cryptography is only One mark is associated with public-key cryptography;Signal is connected each other for certificate reservoir, the first reservoir and the second reservoir;
S13, asymmetric key pair and certificate using generation;
It further include whether verifying private cipher key storage location and the position that public-key cryptography stores are related between step S12 and S13 Connection:
When private cipher key storage location and associated public-key cryptography storage location, the private cipher key and public-key cryptography are as non-right Claim key pair;
When the private cipher key storage location of generation is unrelated to the public-key cryptography storage location, forbid generating asymmetric close Key pair.
2. the safety method according to claim 1 based on asymmetric key pair, which is characterized in that further include: according to deleting Except asymmetric key pair and certificate are deleted in instruction.
3. the safety method according to claim 2 based on asymmetric key pair, which is characterized in that deleted according to instruction is deleted Except asymmetric key pair and certificate include:
The public-key cryptography being stored in the first reservoir and private cipher key unique identification and certificate are deleted only according to instruction is deleted One mark;
Private cipher key associated with private cipher key unique identification is identified according to private cipher key unique identification, and deletion is stored in second Private cipher key in reservoir;
Certificate associated with certificate unique identification is identified according to certificate unique identification, deletes the card being stored in certificate reservoir Book.
4. the safety method according to claim 2 based on asymmetric key pair, which is characterized in that deleted according to instruction is deleted Except asymmetric key pair and certificate include:
The private cipher key being stored in the second reservoir and public-key cryptography unique identification and certificate are deleted only according to instruction is deleted One mark;
Public-key cryptography associated with public-key cryptography unique identification is identified according to public-key cryptography unique identification, and deletion is stored in first Public-key cryptography in reservoir;
Certificate associated with certificate unique identification is identified according to certificate unique identification, deletes the card being stored in certificate reservoir Book.
5. the safety method according to claim 1 based on asymmetric key pair, which is characterized in that further include:
Asymmetric key pair and certificate are updated according to more new command;
Certificate and new asymmetric key pair using update;
Delete old certificate and old asymmetric key pair.
6. the safety method according to claim 5 based on asymmetric key pair, which is characterized in that more according to more new command New asymmetric key pair and certificate include:
S21, certificate is updated according to more new command;
S22, new asymmetric key pair corresponding with the certificate updated is generated according to more new command;
S23, the certificate of update is stored in certificate reservoir;By new public-key cryptography, new private cipher key unique identification and The certificate unique identification of update is stored in the first reservoir;By new private cipher key, new public-key cryptography unique identification and more New certificate unique identification is stored in the second reservoir;Wherein, new private cipher key unique identification and new private cipher key phase Association, the certificate unique identification of update is associated with the certificate of update, and new public-key cryptography unique identification is related to public-key cryptography Connection.
7. the safety method according to claim 5 based on asymmetric key pair, which is characterized in that delete old certificate with And old asymmetric key pair includes:
Old certificate is deleted, old certificate unique identification associated with old certificate is deleted;
Old public-key cryptography corresponding with old certificate is deleted, old public-key cryptography associated with old public-key cryptography is deleted Unique identification;
Delete corresponding with old public-key cryptography old private cipher key, deletion is associated with old private cipher key old privately owned Key unique identification.
8. a kind of security system based on asymmetric key pair, which is characterized in that the safety system based on asymmetric key pair System is suitable for the safety method as described in any one of claims 1 to 7 based on asymmetric key pair, described based on asymmetric close The security system of key pair includes: trigger module, the generation module being connected with trigger module, the storage mould being connected with generation module Block, and the application module being connected with storage module, storage module include: the certificate reservoir that signal is connected each other, the first storage Storage and the second reservoir;Wherein,
Trigger module includes generating instruction for generating triggering command, triggering command;
Generation module, which is used to be instructed according to generation, generates asymmetric key pair and certificate;
Certificate reservoir is for storing certificate;First reservoir is for storing public-key cryptography, private cipher key unique identification and certificate Unique identification;Second reservoir is for storing private cipher key, public-key cryptography unique identification and certificate unique identification;Wherein, open Key is associated with public-key cryptography unique identification, and private cipher key is associated with private cipher key unique identification, and certificate is unique with certificate Mark is associated;
Application module is used to apply asymmetric key pair and certificate.
9. the security system according to claim 8 based on asymmetric key pair, which is characterized in that further include removing module And/or update module, removing module are connected with trigger module and storage module, update module and trigger module and storage module phase Even, triggering command further includes deleting instruction and/or more new command;Wherein,
Removing module is used to delete generated asymmetric key pair and certificate according to deletion instruction;
Update module is used to update certificate according to more new command, generates new asymmetric key pair, wherein the certificate of update and new Asymmetric key pair it is corresponding.
CN201610517022.4A 2016-07-03 2016-07-03 A kind of safety method and system based on asymmetric key pair Active CN105978690B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610517022.4A CN105978690B (en) 2016-07-03 2016-07-03 A kind of safety method and system based on asymmetric key pair

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610517022.4A CN105978690B (en) 2016-07-03 2016-07-03 A kind of safety method and system based on asymmetric key pair

Publications (2)

Publication Number Publication Date
CN105978690A CN105978690A (en) 2016-09-28
CN105978690B true CN105978690B (en) 2019-03-26

Family

ID=56955199

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610517022.4A Active CN105978690B (en) 2016-07-03 2016-07-03 A kind of safety method and system based on asymmetric key pair

Country Status (1)

Country Link
CN (1) CN105978690B (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102959559A (en) * 2010-06-28 2013-03-06 联邦印刷有限公司 Method for generating certificate
CN103354498A (en) * 2013-05-31 2013-10-16 北京鹏宇成软件技术有限公司 Identity-based file encryption transmission method
CN105637915A (en) * 2013-10-17 2016-06-01 阿姆Ip有限公司 Method for assigning an agent device from a first device registry to a second device registry

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102959559A (en) * 2010-06-28 2013-03-06 联邦印刷有限公司 Method for generating certificate
CN103354498A (en) * 2013-05-31 2013-10-16 北京鹏宇成软件技术有限公司 Identity-based file encryption transmission method
CN105637915A (en) * 2013-10-17 2016-06-01 阿姆Ip有限公司 Method for assigning an agent device from a first device registry to a second device registry

Also Published As

Publication number Publication date
CN105978690A (en) 2016-09-28

Similar Documents

Publication Publication Date Title
CN109040090B (en) A kind of data ciphering method and device
CN109583217B (en) Internet e-commerce platform user privacy data encryption and decryption method
US10601801B2 (en) Identity authentication method and apparatus
CN103731823B (en) Subscription manager-secure routing equipment switching method and equipment
CN106130982B (en) Intelligent household appliance remote control method based on PKI system
CN105933125B (en) South orientation safety certifying method and device in a kind of software defined network
CN108880800B (en) Power distribution and utilization communication system and method based on quantum secret communication
CN103546289B (en) USB (universal serial bus) Key based secure data transmission method and system
US8948397B2 (en) Major management apparatus, authorized management apparatus, electronic apparatus for delegated key management, and key management methods thereof
CN104090853A (en) Solid-state disc encryption method and system
CN101753539B (en) Network data storage method and server
CN105790938A (en) System and method for generating safety unit key based on reliable execution environment
CN104202170B (en) A kind of identity authorization system and method based on mark
CN109347625A (en) Crypto-operation, method, cryptographic service platform and the equipment for creating working key
WO2018209986A1 (en) Method and device for downloading euicc subscription data
CN102083055A (en) IMEI (International Mobile Equipment Identity) authentication method, IMEI-protecting mobile communication terminal and initializing device thereof
CN109309910A (en) Communication data transmission method, system, equipment and computer readable storage medium
CN105634884B (en) A kind of control instruction wiring method, intelligent home furnishing control method and relevant apparatus
CN113612746B (en) Sensitive information storage method and system based on Android system
CN112291268A (en) Information transmission method, device, equipment and storage medium
CN101174941B (en) Off-line digital copyright protection method and device for mobile terminal document
CN107566112A (en) Dynamic encryption and decryption method and server
CN104618380A (en) Secret key update method suitable for internet of things
CN110176992A (en) Security key management system and method and its safety element
CN111541690B (en) Safety protection method for communication between intelligent terminal and server

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant