CN106850208A - A kind of method and device of secret data segmentation - Google Patents
A kind of method and device of secret data segmentation Download PDFInfo
- Publication number
- CN106850208A CN106850208A CN201710114708.3A CN201710114708A CN106850208A CN 106850208 A CN106850208 A CN 106850208A CN 201710114708 A CN201710114708 A CN 201710114708A CN 106850208 A CN106850208 A CN 106850208A
- Authority
- CN
- China
- Prior art keywords
- secret data
- encryption
- secret
- key
- usbkey
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/085—Secret sharing or secret splitting, e.g. threshold schemes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0877—Generation of secret information including derivation or calculation of cryptographic keys or passwords using additional device, e.g. trusted platform module [TPM], smartcard, USB or hardware security module [HSM]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3234—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of method and device of secret data segmentation, methods described includes:When service end failure is activated, PKI system, the secret data that acquisition is pre-saved are logged in;Thresholding segmentation is carried out to the secret data, many parts of secret data fragments that thresholding segmentation is obtained are written in the hardware device USBKey of the USB interface of each normal work;The secret data fragment of specified quantity, successful activation service end are obtained from the USBKey of the normal work.Due in embodiments of the present invention, secret data is pre-saved, when service end failure is activated, the secret data that will can be pre-saved carries out thresholding segmentation, the many parts of secret data fragments that will be obtained are write in the USBKey of each normal work, the secret data fragment of specified quantity, successful activation service end are obtained from the USBKey of the normal work.
Description
Technical field
The present invention relates to secret data technical field, more particularly to the method and device that a kind of secret data is split.
Background technology
With the fast development of information technology, the application of computer and Internet technology has become modern society must
A scarce part, the work and life that internet gives people brings many facilities.However, by internet have it is wide
General property, open and anonymity, determines that simple internet is inevitably present information security hidden danger, PKIX
The appearance of (Public Key Infrastructure, PKI) system efficiently solves the safety problem of internet.
PKI system be a kind of utilization public key cryptography for following standard for the development of ecommerce is provided a set of safe base
The technology and specification of plinth platform, are directed to the secret data of PKI system generation, it is necessary to secret data is carried out into thresholding segmentation, obtain
To many parts of secret data fragments, many parts of secret data fragments are stored in USB (Universe Serial
Bus, USB) interface hardware device (Universe Serial Bus Key, USBKey) in, log in PKI system after, it is necessary to obtain
The secret data fragment of specified quantity is taken, could successful activation service end.And the USBKey of secret data fragment storage is that have to make
With life-span, and the risk that presence is damaged, if activate service end, because the damage of USBKey causes to obtain specified
The secret data fragment of quantity, then will be unable to activate service end.
The content of the invention
A kind of method and device of secret data segmentation is the embodiment of the invention provides, is used to solve the damage due to USBKey
The bad secret data fragment for causing that specified quantity cannot be obtained, so cannot successful activation service end problem.
The embodiment of the invention discloses a kind of method of secret data segmentation, the method includes:
When service end failure is activated, PKI system, the secret data that acquisition is pre-saved are logged in;
Thresholding segmentation is carried out to the secret data, many parts of secret data fragments that thresholding segmentation is obtained are written to each
In the hardware device USBKey of the USB interface of normal work;
The secret data fragment of specified quantity, successful activation service end are obtained from the USBKey of the normal work.
Further, the process for pre-saving secret data includes:
In advance secret data is preserved local;Or
Secret data is preserved in encryption device in advance.
Further, the secret data of the preservation is the secret number after the public key encryption using unsymmetrical key centering
According to.
Further, if preserving secret data local in advance, and the secret data for preserving is to use unsymmetrical key
Secret data after the public key encryption of centering, it is described thresholding segmentation is carried out to the secret data before, methods described also includes:
Using the private key of unsymmetrical key centering, treatment is decrypted to the secret data after the encryption.
Further, if preserving secret data in encryption device in advance, and the secret data for preserving is using non-right
Claim cipher key pair public key encryption after secret data, it is described thresholding segmentation is carried out to the secret data before, methods described
Also include:
The secret data that the encryption device sends is received, wherein the secret data is non-right for the encryption device is used
The private key of cipher key pair is claimed to be decrypted what treatment was obtained;Or
The secret data after the public key encryption of the use unsymmetrical key centering that the encryption device sends is received, using non-
The private key of symmetric key centering, treatment is decrypted to the secret data after the encryption.
On the other hand, the embodiment of the invention discloses a kind of secret data segmenting device, described device includes:
Acquisition module, for when service end failure is activated, logging in PKI system, the secret data that acquisition is pre-saved;
Writing module, for carrying out thresholding segmentation to the secret data, many parts of secret datas that thresholding segmentation is obtained
Fragment is written in the hardware device USBKey of the USB interface of each normal work;
Active module, the secret data fragment for obtaining specified quantity from the USBKey of the normal work, success
Activation service end.
Further, the acquisition module, specifically for when service end failure is activated, logging in PKI system, obtains advance
In the local secret data for preserving or the secret data for being preserved in encryption device in advance.
Further, the acquisition module, specifically for when service end failure is activated, logging in PKI system, obtains advance
Secret data after public key encryption in the local use unsymmetrical key pair for preserving is preserved in encryption device in advance
Using the secret data after the public key encryption of unsymmetrical key centering.
Further, described device also includes:
Deciphering module, for the private key using unsymmetrical key centering, is decrypted to the secret data after the encryption
Treatment.
Further, described device also includes:
Receiver module, for receiving the secret data that the encryption device sends, wherein the secret data adds for described
Close equipment is decrypted what treatment was obtained using the private key of unsymmetrical key centering;Or receive the use that the encryption device sends
Secret data after the public key encryption of unsymmetrical key centering, using the private key of unsymmetrical key centering, after the encryption
Secret data is decrypted treatment.
The embodiment of the invention discloses a kind of method and device of secret data segmentation, methods described includes:When activation takes
When business end fails, PKI system, the secret data that acquisition is pre-saved are logged in;Thresholding segmentation is carried out to the secret data, by door
The many parts of secret data fragments that limit segmentation is obtained are written in the hardware device USBKey of the USB interface of each normal work;From
The secret data fragment of specified quantity, successful activation service end are obtained in the USBKey of the normal work.Due in the present invention
In embodiment, secret data is pre-saved, when service end failure is activated, the secret data that will can be pre-saved carries out door
Limit segmentation, many parts of secret data fragments that will be obtained are write in the USBKey of each normal work, from the normal work
The secret data fragment of specified quantity, successful activation service end are obtained in USBKey.
Brief description of the drawings
Technical scheme in order to illustrate more clearly the embodiments of the present invention, below will be to that will make needed for embodiment description
Accompanying drawing is briefly introduced, it should be apparent that, drawings in the following description are only some embodiments of the present invention, for this
For the those of ordinary skill in field, on the premise of not paying creative work, other can also be obtained according to these accompanying drawings
Accompanying drawing.
Fig. 1 is a kind of process schematic of secret data segmentation that the embodiment of the present invention 1 is provided;
Fig. 2 is a kind of process schematic of secret data segmentation that the embodiment of the present invention 3 is provided;
Fig. 3 is a kind of process schematic of secret data segmentation that the embodiment of the present invention 4 is provided;
Fig. 4 is a kind of secret data segmenting device structural representation provided in an embodiment of the present invention.
Specific embodiment
In order that the object, technical solutions and advantages of the present invention are clearer, below in conjunction with accompanying drawing the present invention is made into
One step ground is described in detail, it is clear that described embodiment is only some embodiments of the invention, rather than whole implementation
Example.Based on the embodiment in the present invention, what those of ordinary skill in the art were obtained under the premise of creative work is not made
All other embodiment, belongs to the scope of protection of the invention.
Embodiment 1:
Fig. 1 is a kind of process schematic of secret data segmentation provided in an embodiment of the present invention, and the process includes following step
Suddenly:
S101:When service end failure is activated, PKI system, the secret data that acquisition is pre-saved are logged in.
The method of secret data segmentation provided in an embodiment of the present invention is applied to server.
For the secret data that PKI system is produced, the secret data is pre-saved, when server is due to cannot be from
The secret data fragment of specified quantity is obtained in USBKey, when activation service end fails, after logging in PKI system, server can be with
The secret data that acquisition is pre-saved.
S102:Thresholding segmentation is carried out to the secret data, many parts of secret data fragments write-in that thresholding segmentation is obtained
To in the USBKey of each normal work.
After server obtains the secret data for pre-saving, thresholding segmentation can be carried out to the secret data, wherein, this
When thresholding segmentation is carried out to the secret data method, can with obtain the current secret data fragment preserved in USBKey
Thresholding dividing method it is identical.Many parts of secret data fragments are obtained by thresholding segmentation, splits what is obtained by thresholding by described
Many parts of secret data fragments are written in the USBKey of each normal work.
And when server is lost due to that cannot obtain the secret data fragment of specified quantity, activation service end from USBKey
When losing, illustrate to there is currently the USBKey of damage, the USBKey cannot provide the secret data fragment of its preservation, so if working as
, it is necessary on the server connect more when the quantity of the USBKey of preceding normal work is less than the quantity for splitting the secret data fragment for obtaining
Several USBKey are met, the numbers of the USBKey not less than the secret data fragment that segmentation is obtained of the normal work connected on server
, now be written to many parts of secret data fragments that thresholding segmentation is obtained in the USBKey of each normal work by amount.
In embodiments of the present invention, thresholding segmentation is carried out to the secret data, and many parts that thresholding segmentation is obtained
The process that secret data fragment is written in each USBKey belongs to prior art, and no longer this process is repeated herein.
S103:The secret data fragment of specified quantity, successful activation service are obtained from the USBKey of the normal work
End.
After many parts of secret data fragments obtaining of thresholding segmentation are written in the USBKey of each normal work, service
Device can obtain the secret data fragment of specified quantity from the USBKey of the normal work, such that it is able to successful activation service
End.
Due in embodiments of the present invention, having pre-saved secret data, when service end failure is activated, can in advance
The secret data of preservation carries out thresholding segmentation, and many parts of secret data fragments that will be obtained write the USBKey of each normal work
In, the secret data fragment of specified quantity is obtained from the USBKey of the normal work, so that successful activation service end.
Embodiment 2:
On the basis of above-described embodiment, in embodiments of the present invention, the process for pre-saving secret data includes:
In advance secret data is preserved local;Or
Secret data is preserved in encryption device in advance.
, it is necessary to pre-save the secret data of PKI system generation before thresholding segmentation is carried out to secret data, wherein,
Server can locally preserve the secret data in advance, it is also possible to the secret data is preserved in encryption device in advance,
The encryption device includes the equipment such as encryption equipment or secret card.Furthermore it is also possible to the secret data that PKI system is produced is stored in
In equipment outside the server and encryption device, the address information of the equipment is wherein preserved in server, work as needs
It is described pre-save secret data when, the address information of the equipment that server is preserved according to itself, by the secret number
It is local according to copying back into.
Due to the secret data of PKI system generation is saved in local or encryption device in advance, therefore, when activation is serviced
During the failure of end, PKI system is logged in, the secret data for pre-saving can be obtained, and subsequently the secret data is carried out
The step of thresholding is split.
Embodiment 3:
On the basis of above-described embodiment, in order to prevent the secret data for pre-saving from revealing, in embodiments of the present invention,
The secret data of the preservation is the secret data after the public key encryption using unsymmetrical key centering.
For the secret data that PKI system is produced, server can be using the public key of unsymmetrical key centering to described secret
Ciphertext data is encrypted, and the secret data after the public key encryption of the use unsymmetrical key centering is stored in locally,
Or be stored in encryption device.In addition, the secret data produced for PKI system, it is non-right that the encryption device can be used
Claim the public key of cipher key pair to be encrypted the secret data, set encryption is stored in by the data after encryption
In standby, or preserve in the server.
Because the secret data in embodiments of the present invention, pre-saving is using after the public key encryption in unsymmetrical key
Secret data, therefore can prevent the secret data that pre-saves from revealing.
On the basis of above-described embodiment, the secret data of the preservation is the public key encryption using unsymmetrical key centering
Secret data afterwards, it is in embodiments of the present invention, described that the secret data is entered if locally preserving secret data in advance
Before the segmentation of row thresholding, methods described also includes:
Using the private key of unsymmetrical key centering, treatment is decrypted to the secret data after the encryption.
The secret data for pre-saving is the secret data after the public key encryption treatment using unsymmetrical key centering, if
The secret data is pre-stored in locally, when service end failure is activated, logs in PKI system, the secret that acquisition is pre-saved
, it is necessary to using the private key of unsymmetrical key centering, treatment is decrypted to the secret data after the encryption, for warp after data
The secret data crossed after decryption processing, server could carry out thresholding segmentation to the secret data, and subsequently successfully swash
The step of service end living.
Fig. 2 is a kind of process schematic of secret data segmentation provided in an embodiment of the present invention, and the process includes following step
Suddenly:
S201:When service end failure is activated, PKI system, the use unsymmetrical key centering that acquisition is pre-saved are logged in
Public key encryption after secret data.
S202:Using the private key of unsymmetrical key centering, treatment is decrypted to the secret data after the encryption.
S203:Thresholding segmentation is carried out to the secret data after the decryption processing, many parts of secrets that thresholding segmentation is obtained
Data slot is written in the USBKey of each normal work.
S204:The secret data fragment of specified quantity, successful activation service are obtained from the USBKey of the normal work
End.
Embodiment 4:
On the basis of above-described embodiment, the secret data of the preservation is the public key encryption using unsymmetrical key centering
Secret data afterwards, in embodiments of the present invention, if secret data is preserved in encryption device in advance, and the secret number for preserving
It is described thresholding is carried out to the secret data to split it according to for using the secret data after the public key encryption of unsymmetrical key centering
Before, methods described also includes:
The secret data that the encryption device sends is received, wherein the secret data is non-right for the encryption device is used
The private key of cipher key pair is claimed to be decrypted what treatment was obtained;Or
The secret data after the public key encryption of the use unsymmetrical key centering that the encryption device sends is received, using non-
The private key of symmetric key centering, treatment is decrypted to the secret data after the encryption.
The secret data for pre-saving is the secret data after the public key encryption treatment using unsymmetrical key centering, if
The secret data is pre-stored in encryption device, when service end failure is activated, logs in PKI system, and server can connect
The secret data that the encryption device sends is received, wherein the secret data is the encryption device uses unsymmetrical key centering
Private key be decrypted treatment and obtain, i.e., described encryption device using unsymmetrical key centering private key, after the encryption
Secret data be decrypted treatment, the secret data after decryption processing is sent to server, server is directed to what is received
Secret data after decryption processing carries out thresholding segmentation, and the step of carry out follow-up successful activation service end;Or, when activation takes
When business end fails, PKI system is logged in, server can receive the public affairs of the use unsymmetrical key centering that the encryption device sends
Secret data after key encryption, using the private key of unsymmetrical key centering, place is decrypted to the secret data after the encryption
Secret data after public key encryption using unsymmetrical key centering is sent to server by reason, i.e., described encryption device, is serviced
Device is decrypted treatment to the secret data after the encryption using the private key of unsymmetrical key centering, and server is for decryption
Secret data after treatment carries out thresholding segmentation, and the step of carry out follow-up successful activation service end.
Specifically, when pre-saving secret data, server can send control extension and instruct to encryption device, make described
Encryption device is encrypted using the public key of unsymmetrical key centering to secret data;What is pre-saved described in obtaining is secret
During ciphertext data, server can send decryption control instruction to encryption device, the encryption device is used unsymmetrical key pair
In private key, treatment is decrypted to the secret data after the public key encryption of the use unsymmetrical key centering.
Fig. 3 is a kind of process schematic of secret data segmentation provided in an embodiment of the present invention, and the process includes following step
Suddenly:
S301:When service end failure is activated, PKI system is logged in, receive the secret data that the encryption device sends, its
Described in secret data to be the encryption device be decrypted treatment using the private key of unsymmetrical key centering obtains.
Or the secret data after the public key encryption of the use unsymmetrical key centering that the encryption device sends is received, use
The private key of unsymmetrical key centering, treatment is decrypted to the secret data after the encryption.
S302:Thresholding segmentation is carried out to the secret data after the decryption processing, many parts of secrets that thresholding segmentation is obtained
Data slot is written in the USBKey of each normal work.
S303:The secret data fragment of specified quantity, successful activation service are obtained from the USBKey of the normal work
End.
Fig. 4 is a kind of secret data segmenting device structural representation provided in an embodiment of the present invention, and the device includes:
Acquisition module 41, for when service end failure is activated, logging in PKI system, the secret data that acquisition is pre-saved;
Writing module 42, for carrying out thresholding segmentation to the secret data, many parts of secret numbers that thresholding segmentation is obtained
It is written in the hardware device USBKey of the USB interface of each normal work according to fragment;
Active module 43, the secret data fragment for obtaining specified quantity from the USBKey of the normal work, into
Work(activates service end.
The acquisition module 41, specifically for when service end failure is activated, logging in PKI system, obtains in advance local
The secret data of preservation or the secret data for being preserved in encryption device in advance.
The acquisition module 41, specifically for when service end failure is activated, logging in PKI system, obtains in advance local
Secret data or the advance use preserved in encryption device after the public key encryption of the use unsymmetrical key centering of preservation is non-
Secret data after the public key encryption of symmetric key centering.
Described device also includes:
Deciphering module 44, for the private key using unsymmetrical key centering, solves to the secret data after the encryption
Close treatment.
Described device also includes:
Receiver module 45, for receiving the secret data that the encryption device sends, wherein the secret data is described
Encryption device is decrypted what treatment was obtained using the private key of unsymmetrical key centering;Or receive adopting for the encryption device transmission
With the secret data after the public key encryption of unsymmetrical key centering, using the private key of unsymmetrical key centering, after the encryption
Secret data be decrypted treatment.
The embodiment of the invention discloses a kind of method and device of secret data segmentation, methods described includes:When activation takes
When business end fails, PKI system, the secret data that acquisition is pre-saved are logged in;Thresholding segmentation is carried out to the secret data, by door
The many parts of secret data fragments that limit segmentation is obtained are written in the hardware device USBKey of the USB interface of each normal work;From
The secret data fragment of specified quantity, successful activation service end are obtained in the USBKey of the normal work.Due in the present invention
In embodiment, secret data is pre-saved, when service end failure is activated, the secret data that will can be pre-saved carries out door
Limit segmentation, many parts of secret data fragments that will be obtained are write in the USBKey of each normal work, from the normal work
The secret data fragment of specified quantity, successful activation service end are obtained in USBKey.
The present invention is the flow with reference to method according to embodiments of the present invention, equipment (system) and computer program product
Figure and/or block diagram are described.It should be understood that every first-class during flow chart and/or block diagram can be realized by computer program instructions
The combination of flow and/or square frame in journey and/or square frame and flow chart and/or block diagram.These computer programs can be provided
The processor of all-purpose computer, special-purpose computer, Embedded Processor or other programmable data processing devices is instructed to produce
A raw machine so that produced for reality by the instruction of computer or the computing device of other programmable data processing devices
The device of the function of being specified in present one flow of flow chart or multiple one square frame of flow and/or block diagram or multiple square frames.
These computer program instructions may be alternatively stored in can guide computer or other programmable data processing devices with spy
In determining the computer-readable memory that mode works so that instruction of the storage in the computer-readable memory is produced and include finger
Make the manufacture of device, the command device realize in one flow of flow chart or multiple one square frame of flow and/or block diagram or
The function of being specified in multiple square frames.
These computer program instructions can be also loaded into computer or other programmable data processing devices so that in meter
Series of operation steps is performed on calculation machine or other programmable devices to produce computer implemented treatment, so as in computer or
The instruction performed on other programmable devices is provided for realizing in one flow of flow chart or multiple flows and/or block diagram one
The step of function of being specified in individual square frame or multiple square frames.
, but those skilled in the art once know basic creation although preferred embodiments of the present invention have been described
Property concept, then can make other change and modification to these embodiments.So, appended claims are intended to be construed to include excellent
Select embodiment and fall into having altered and changing for the scope of the invention.
Obviously, those skilled in the art can carry out various changes and modification without deviating from essence of the invention to the present invention
God and scope.So, if these modifications of the invention and modification belong to the scope of the claims in the present invention and its equivalent technologies
Within, then the present invention is also intended to comprising these changes and modification.
Claims (10)
1. a kind of method that secret data is split, it is characterised in that be applied to server, methods described includes:
When service end failure is activated, PKI system, the secret data that acquisition is pre-saved are logged in;
Thresholding segmentation is carried out to the secret data, it is normal that many parts of secret data fragments that thresholding segmentation is obtained are written into each
In the hardware device USBKey of the USB interface of work;
The secret data fragment of specified quantity, successful activation service end are obtained from the USBKey of the normal work.
2. the method for claim 1, it is characterised in that the process for pre-saving secret data includes:
In advance secret data is preserved local;Or
Secret data is preserved in encryption device in advance.
3. method as claimed in claim 2, it is characterised in that the secret data of the preservation is using unsymmetrical key centering
Public key encryption after secret data.
4. method as claimed in claim 3, it is characterised in that if preserve secret data local in advance, and preserve it is secret
Ciphertext data is the secret data after the public key encryption using unsymmetrical key centering, described that thresholding point is carried out to the secret data
Before cutting, methods described also includes:
Using the private key of unsymmetrical key centering, treatment is decrypted to the secret data after the encryption.
5. method as claimed in claim 3, it is characterised in that if preserving secret data in encryption device in advance, and protect
The secret data deposited is the secret data after the public key encryption using unsymmetrical key centering, described that the secret data is carried out
Before thresholding segmentation, methods described also includes:
The secret data that the encryption device sends is received, wherein the secret data is asymmetric close for the encryption device is used
The private key of key centering is decrypted what treatment was obtained;Or
The secret data after the public key encryption of the use unsymmetrical key centering that the encryption device sends is received, using asymmetric
The private key of cipher key pair, treatment is decrypted to the secret data after the encryption.
6. a kind of secret data segmenting device, it is characterised in that described device includes:
Acquisition module, for when service end failure is activated, logging in PKI system, the secret data that acquisition is pre-saved;
Writing module, for carrying out thresholding segmentation to the secret data, many parts of secret data fragments that thresholding segmentation is obtained
It is written in the hardware device USBKey of the USB interface of each normal work;
Active module, the secret data fragment for obtaining specified quantity from the USBKey of the normal work, successful activation
Service end.
7. device as claimed in claim 6, it is characterised in that the acquisition module, specifically for when activation service end failure
When, PKI system is logged in, obtain in advance in the local secret data for preserving or the secret data for being preserved in encryption device in advance.
8. device as claimed in claim 7, it is characterised in that the acquisition module, specifically for when activation service end failure
When, log in PKI system, obtain the secret data after the public key encryption in advance in the local use unsymmetrical key pair for preserving or
The secret data after public key encryption in the use unsymmetrical key pair for being preserved in encryption device in advance.
9. device as claimed in claim 8, it is characterised in that described device also includes:
Deciphering module, for the private key using unsymmetrical key centering, treatment is decrypted to the secret data after the encryption.
10. device as claimed in claim 8, it is characterised in that described device also includes:
Receiver module, for receiving the secret data that the encryption device sends, wherein the secret data sets for the encryption
The standby private key using unsymmetrical key centering is decrypted what treatment was obtained;Or the use of the reception encryption device transmission is non-right
Claim the secret data after the public key encryption of cipher key pair, using the private key of unsymmetrical key centering, to the secret after the encryption
Data are decrypted treatment.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710114708.3A CN106850208A (en) | 2017-02-28 | 2017-02-28 | A kind of method and device of secret data segmentation |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710114708.3A CN106850208A (en) | 2017-02-28 | 2017-02-28 | A kind of method and device of secret data segmentation |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106850208A true CN106850208A (en) | 2017-06-13 |
Family
ID=59138324
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710114708.3A Pending CN106850208A (en) | 2017-02-28 | 2017-02-28 | A kind of method and device of secret data segmentation |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106850208A (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109936546A (en) * | 2017-12-18 | 2019-06-25 | 北京三快在线科技有限公司 | Data encryption storage method and device and calculating equipment |
CN111448779A (en) * | 2018-05-01 | 2020-07-24 | 华为技术有限公司 | System, device and method for hybrid secret sharing |
CN112202550A (en) * | 2020-09-18 | 2021-01-08 | 苏州浪潮智能科技有限公司 | Ukey authentication key storage method, device and authentication method |
CN113890731A (en) * | 2021-09-29 | 2022-01-04 | 北京天融信网络安全技术有限公司 | Key management method, key management device, electronic equipment and storage medium |
US11321471B2 (en) | 2017-12-18 | 2022-05-03 | Beijing Sankuai Online Technology Co., Ltd | Encrypted storage of data |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101236590A (en) * | 2008-03-07 | 2008-08-06 | 北京邮电大学 | Threshold password system based software division protection accomplishing method |
CN101650693A (en) * | 2009-08-11 | 2010-02-17 | 刘鸣宇 | Security control method for mobile hard disk and security mobile hard disk |
CN103580855A (en) * | 2013-11-07 | 2014-02-12 | 江南大学 | Usbkey management plan based on sharing technology |
CN106027234A (en) * | 2016-05-12 | 2016-10-12 | 山东渔翁信息技术股份有限公司 | Key protection method |
-
2017
- 2017-02-28 CN CN201710114708.3A patent/CN106850208A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101236590A (en) * | 2008-03-07 | 2008-08-06 | 北京邮电大学 | Threshold password system based software division protection accomplishing method |
CN101650693A (en) * | 2009-08-11 | 2010-02-17 | 刘鸣宇 | Security control method for mobile hard disk and security mobile hard disk |
CN103580855A (en) * | 2013-11-07 | 2014-02-12 | 江南大学 | Usbkey management plan based on sharing technology |
CN106027234A (en) * | 2016-05-12 | 2016-10-12 | 山东渔翁信息技术股份有限公司 | Key protection method |
Non-Patent Citations (1)
Title |
---|
耿旭峰: "基于PKI的电子密钥安全登录系统的设计与实现", 《中国优秀硕士论文全文数据库 信息科技辑》 * |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109936546A (en) * | 2017-12-18 | 2019-06-25 | 北京三快在线科技有限公司 | Data encryption storage method and device and calculating equipment |
CN109936546B (en) * | 2017-12-18 | 2021-01-26 | 北京三快在线科技有限公司 | Data encryption storage method and device and computing equipment |
US11321471B2 (en) | 2017-12-18 | 2022-05-03 | Beijing Sankuai Online Technology Co., Ltd | Encrypted storage of data |
CN111448779A (en) * | 2018-05-01 | 2020-07-24 | 华为技术有限公司 | System, device and method for hybrid secret sharing |
US11063754B2 (en) | 2018-05-01 | 2021-07-13 | Huawei Technologies Co., Ltd. | Systems, devices, and methods for hybrid secret sharing |
CN111448779B (en) * | 2018-05-01 | 2022-09-16 | 华为技术有限公司 | System, device and method for hybrid secret sharing |
CN112202550A (en) * | 2020-09-18 | 2021-01-08 | 苏州浪潮智能科技有限公司 | Ukey authentication key storage method, device and authentication method |
CN113890731A (en) * | 2021-09-29 | 2022-01-04 | 北京天融信网络安全技术有限公司 | Key management method, key management device, electronic equipment and storage medium |
CN113890731B (en) * | 2021-09-29 | 2024-04-19 | 北京天融信网络安全技术有限公司 | Key management method, device, electronic equipment and storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106850208A (en) | A kind of method and device of secret data segmentation | |
US10601801B2 (en) | Identity authentication method and apparatus | |
CN103856640B (en) | Method and system for processing user resource information | |
CN103259651B (en) | A kind of method and system to terminal data encryption and decryption | |
CN106708489A (en) | Debugging method and system of equipment | |
CN105812332A (en) | Data protection method | |
CN204360381U (en) | mobile device | |
CN106790156A (en) | A kind of smart machine binding method and device | |
CN110225014B (en) | Internet of things equipment identity authentication method based on fingerprint centralized issuing mode | |
CN107368737A (en) | A kind of processing method for preventing copy-attack, server and client | |
CN104573548A (en) | Information encryption and decryption methods and devices and terminal | |
CN108270568A (en) | A kind of mobile digital certificate device and its update method | |
CN106533677A (en) | User login method, user terminal and server | |
CN104951366A (en) | Mobile terminal application program login method and equipment | |
CN104428803A (en) | Payment method and apparatus and payment element processing method and apparatus | |
CN114139176A (en) | Industrial internet core data protection method and system based on state secret | |
CN105577361A (en) | Information processing method and device thereof | |
CN112987942B (en) | Method, device and system for inputting information by keyboard, electronic equipment and storage medium | |
CN104883341A (en) | Application management device, terminal and application management method | |
CN114221927A (en) | Mail encryption service system and method based on national encryption algorithm | |
CN106341226A (en) | Data encryption and decryption method and system | |
CN103873245B (en) | Dummy machine system data ciphering method and equipment | |
CN110601836B (en) | Key acquisition method, device, server and medium | |
CN115129518B (en) | Backup and recovery method, device, equipment and medium for TEE (trusted execution environment) internal storage data | |
CN104636662A (en) | Data processing method and terminal device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
CB02 | Change of applicant information | ||
CB02 | Change of applicant information |
Address after: 100093 Haidian District, Haidian District, Beijing, No. 23, No. 2, No. 1001 Applicant after: Beijing Xin'an century Polytron Technologies Inc Address before: 100052 Beijing city Haidian District Bei wa Lu Xi Li No. 21 block A No. 8246 Applicant before: Beijing Infosec Technologies Co.,Ltd. |
|
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170613 |