CN107948156A - The closed key management method and system of a kind of identity-based - Google Patents
The closed key management method and system of a kind of identity-based Download PDFInfo
- Publication number
- CN107948156A CN107948156A CN201711189921.7A CN201711189921A CN107948156A CN 107948156 A CN107948156 A CN 107948156A CN 201711189921 A CN201711189921 A CN 201711189921A CN 107948156 A CN107948156 A CN 107948156A
- Authority
- CN
- China
- Prior art keywords
- key
- user
- encryption
- module
- decryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3234—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Storage Device Security (AREA)
- Computer And Data Communications (AREA)
Abstract
The present invention provides a kind of closed key management method and system of identity-based, method:1. submitting ID authentication request to authentication server when user logs in, authentication is by rear, return User Token;2. when user needs encryption and decryption to service, token and user data are submitted to encryption and decryption service module;3. encryption and decryption service module submits User Token to Key Management server, and asks user data key;4. Key Management server is to the validity of authentication server requests verification token, after being verified, Key Management server searches user data key ciphertext by User ID;5. Key Management server decrypts user data key in plain text, and returns to encryption and decryption service module;6. encryption and decryption service module carries out encryption and decryption operation, and return the result by user data key to user data;System includes authentication server, Key Management server, hardware security module and encryption and decryption service module.
Description
Technical field
The invention belongs to information security field, and in particular to a kind of closed key management method of identity-based and be
System.
Background technology
In recent years, as the fast development and extensive use of cloud computing, the problem of data safety of cloud computing service become cloud
The huge obstacle of application and popularization is calculated, causes extensive concern.Cloud computing framework using multi-tenant, distribution and shared resource as
Feature so that the solution of the problem of data safety on cloud computing service becomes difficult point.
Traditional secrete key management system and data ciphering method, realize that user is directly responsible for key management by hardware encryption equipment
The management of system and user's IC key cards, key management is separated with user management, of high cost, poor expandability, and deployment is not clever enough
It is living, manage and using cumbersome, it is difficult to effectively take precautions against the behavior that cloud management person's malice steals user data, do not adapt to cloud meter
Calculate the demand of user's private data safety of the multi-tenant under system architecture.How in cloud computing multi-tenant, distributed environment
It is lower to realize convenient, safe, expansible auto key management, it has also become those skilled in the art technology urgently to be resolved hurrily is asked
Topic and the emphasis of research.
This is the deficiencies in the prior art, therefore, for drawbacks described above of the prior art, there is provided a kind of envelope of identity-based
Enclosed key management method and system, are necessary.
The content of the invention
It is an object of the present invention to be directed to above-mentioned existing key management method poor expandability, using cumbersome defect, carry
For the closed key management method and system of a kind of identity-based, to solve above-mentioned technical problem.
To achieve the above object, the present invention provides following technical scheme:
A kind of closed key management method of identity-based, includes the following steps:
ID authentication request is submitted to authentication server when step 1. user logs in, authentication is by rear, return user
Token;
Step 2. submits token and user data when user needs encryption and decryption to service, to encryption and decryption service module;
Step 3. encryption and decryption service module submits User Token to Key Management server, and asks user data key;
Validity from step 4. Key Management server to authentication server requests verification token, after being verified, key
Management server searches user data key ciphertext by User ID;
Step 5. Key Management server decrypts user data key in plain text, and returns to encryption and decryption service module;
Step 6. encryption and decryption service module carries out encryption and decryption operation, and return the result by user data key to user data.
The User Token request user data key that authenticating user identification of the present invention obtains, avoids user oneself from managing key
The cumbersome and error of card, simplifies key management flow, improves the practicality of key management.
Further, the network service process of whole key management, whole process are encrypted logical using SSL/TLS protocol conversations
Letter;Full-automatic, totally enclosed type, the interference without user and administrator can be achieved.
The present invention effectively prevent artificial interference during traditional secrete key management and caused using automation, closed design
Operation error and administrator's malice steal the behavior of user data, improve security, the availability of key management system.
Further, first registered user when, authentication server automatically generates User ID, and user upload user master is close
Key is bound into Key Management server with User ID;
Alternatively, Key Management server calls hardware security module to automatically generate user's master key using root key encryption, preserve
In Key Management server, and user bound ID;User ID is the exclusive identification code of user identity.
Uploaded present invention employs user or automatically generate two kinds of key generating modes, easy to the flexible deployment of user key
With backup, and automatically generate key mode using hardware security module be used as rear end encryption device, improve key data store
Security.
Further, in step 4, Key Management server judges whether that the corresponding user data key of User ID is close
Text:If it is, continue to execute step 5;If it is not, then automatically generating user data key by using householder's key, and encrypt
Preserve, be further continued for performing step 5.
The present invention is automatically generated using user data key and improves key pipe without intervention with encrypting storing mode, user
Manage efficiency and security.
Further, it is first after Key Management server finds user data key ciphertext by User ID in step 5
First pass through hardware security module and decrypt user's master key in plain text, then user data key is decrypted in plain text with user's master key.
For the present invention to user's master key and user data key using ciphertext storage, when use, will pass through hardware security module
Decryption, improves the security of key data storage.
The present invention gives following technical solution:
A kind of closed key management system of identity-based, including authentication server, Key Management server, hardware peace
Full module and encryption and decryption service module;
Authentication server, for authenticating user identification, provides User Token, verifies the validity of User Token;Key pipe
Server is managed, for user's master key and the Key life cycle management of user data key, Key life cycle management includes
Generation, storage and the distribution of key;
Hardware security module, is the back-end hardware encryption device of Key Management server, preserves root key, is cipher key management services
Device provides key generation, data encrypting and deciphering service, is the root of trust of key management system;
Encryption and decryption service module, user data key is asked according to User Token, and provides encryption and decryption service for user data;Add
Decryption service module is distributed across some module of software and hardware of information system everywhere, can be diversified forms, such as encrypted virtual magnetic
Dish driving, hardware encryption card, encrypted file system.
Further, Key Management server includes authentication module, first password module, cipher key storage block and close
Key distribution module;
Authentication module, receives request of the encryption and decryption service module to specified user data key, and is taken to authentication
The validity for device requests verification User Token of being engaged in, and control whether the request of response encryption and decryption service module;
First password module, calls hardware security module generation key and carries out encryption and decryption to key data;
Cipher key storage block, user's master key ciphertext and user data key ciphertext are stored according to User ID, and provide inquiry work(
Energy;
Key distribution module, for returning to user data key in plain text to encryption and decryption service module.
Further, hardware security module includes at least root key memory module and the second crypto module;
Root key memory module, preserves root key;
Second crypto module, externally provides the service that encryption and decryption is carried out using root key.
Further, authentication server, including at least user management module and token management module;
User management module, authentication is carried out for registering new user, and to user;
Token management module, for generating token of the user to resource access rights, verifies the validity of token.
Further, encryption and decryption service module, asks processing submodule and encryption and decryption to calculate submodule including at least encryption and decryption
Block;
Encryption and decryption request processing submodule, for receiving the request of user data encryption and decryption, is taken by User Token to key management
Business device request user data key, and call encryption and decryption calculating sub module to carry out encryption and decryption to user data, return to number to user
According to ciphertext;
Encryption and decryption calculating sub module, is used for realization the computing function of user's encryption and decryption.Encryption and decryption calculating sub module using hardware or
Software, respective encrypted algorithm species is supported according to user demand.
Further, between user and authentication server, between authentication server and Key Management server,
Between Key Management server and hardware security module, between Key Management server and encryption and decryption service module, pass through net
Network communicates, and communication is encrypted using SSL/TLS protocol conversations in communication process whole process.
Further, Key Management server automatically generates or receives the close with householder of user's importing in user's registration
Key, is encrypted and stored by hardware security module;User data key is encrypted and is stored using user's master key;With
Householder's key and user data key data can be backuped on other Key Management servers, realize that system extension and load are equal
Weighing apparatus.
The beneficial effects of the present invention are:
The present invention provides a kind of safe efficient, expansible key management method and system for cloud computing cluster, simplifies key pipe
Flow is managed, the security risk that user and administrator artificially interfere in cipher key management procedures is avoided, effectively reduces key management system
The dependence united to hardware security module, greatly improves key management and the flexibility of data encryption system and scalability, more
The multi-tenant key management usage scenario under cloud computing framework is adapted to well, effectively facilitates cloud computing private data safety problem
Solve.
The present invention is directed to the application problem of key management system under cloud computing framework, there is provided a kind of complete solution party
Case, solves the problems, such as that the management of traditional secrete key management system is cumbersome, can not share, poor expandability so that key management and number
According to encryption system can the extensive use on cloud, promote cloud problem of data safety solution, promote cloud computing practicality with promote.
In addition, design principle of the present invention is reliable, and it is simple in structure, there is very extensive application prospect.
It can be seen from the above that compared with prior art, the present invention with prominent substantive distinguishing features and significant progress, it is implemented
Beneficial effect be also obvious.
Brief description of the drawings
Fig. 1 is the method flow schematic diagram of the present invention;
Fig. 2 is the system composition schematic diagram of the present invention;
Fig. 3 is each module composition schematic diagram of system of the present invention;
Wherein, 1- authentication servers;1.1- user management module;1.2- token management modules;2- Key Management servers;
2.1- authentication module;2.2- first password modules;2.3- cipher key storage block;2.4- key distribution modules;3- hardware is pacified
Full module;3.1- root key memory modules;The second crypto modules of 3.2-;4- encryption and decryption service modules;At 4.1- encryption and decryption requests
Manage submodule;4.2- encryption and decryption calculating sub modules.
Embodiment:
To enable the purpose of the present invention, feature, advantage more obvious and understandable, it is embodied below in conjunction with the present invention
Attached drawing in example, is clearly and completely described the technical solution in the present invention.
As shown in Figure 1, the present invention provides a kind of closed key management method of identity-based, it is characterised in that including
Following steps:
ID authentication request is submitted to authentication server when step 1. user logs in, authentication is by rear, return user
Token;
Step 2. submits token and user data when user needs encryption and decryption to service, to encryption and decryption service module;
Step 3. encryption and decryption service module submits User Token to Key Management server, and asks user data key;
Validity from step 4. Key Management server to authentication server requests verification token, after being verified, key
Management server searches user data key ciphertext by User ID;
Step 5. Key Management server decrypts user data key in plain text, and returns to encryption and decryption service module;
Step 6. encryption and decryption service module carries out encryption and decryption operation, and return the result by user data key to user data.
In the above method, the network service process of whole key management, whole process is encrypted using SSL/TLS protocol conversations
Communication.
In the above method, first during registered user, authentication server automatically generates User ID, user upload user master
Key is bound into Key Management server with User ID;
Alternatively, Key Management server calls hardware security module to automatically generate user's master key using root key encryption, preserve
In Key Management server, and user bound ID.
In above-mentioned steps 4, Key Management server judges whether the corresponding user data key ciphertext of User ID:Such as
Fruit is then to continue to execute step 5;If it is not, then user data key, and encrypting storing are automatically generated by using householder's key,
It is further continued for performing step 5.
In above-mentioned steps 5, after Key Management server finds user data key ciphertext by User ID, pass through first
Hardware security module decrypts user's master key in plain text, then decrypts user data key in plain text with user's master key.
As shown in Fig. 2, the present invention also provides a kind of closed key management system of identity-based, including authentication
Server 1, Key Management server 2, hardware security module 3 and encryption and decryption service module 4;
Authentication server 1, for authenticating user identification, provides User Token, verifies the validity of User Token;
Key Management server 2, for user's master key and the Key life cycle management of user data key, key Life Cycle
Period management includes generation, storage and the distribution of key;
Hardware security module 3, is the back-end hardware encryption device of Key Management server, preserves root key, is taken for key management
Business device provides key generation, data encrypting and deciphering service, is the root of trust of key management system;
Encryption and decryption service module 4, user data key is asked according to User Token, and provides encryption and decryption service for user data;
As shown in figure 3,
Authentication server 1, including at least user management module 1.1 and token management module 1.2;
User management module 1.1, authentication is carried out for registering new user, and to user;
Token management module 1.2, for generating token of the user to resource access rights, verifies the validity of token;
Key Management server 2 includes authentication module 2.1, first password module 2.2, cipher key storage block 2.3 and key
Distribution module 2.4;
Authentication module 2.1, receives encryption and decryption 4 request to specified user data key of service module, and recognizes to identity
The validity of 1 requests verification User Token of server is demonstrate,proved, and controls whether the request of response encryption and decryption service module 4;
First password module 2.2, calls hardware security module 3 to generate key and carries out encryption and decryption to key data;
Cipher key storage block 2.3, user's master key ciphertext and user data key ciphertext are stored according to User ID, and provide inquiry
Function;
Key distribution module 2.4, for returning to user data key in plain text to encryption and decryption service module 4;
Hardware security module 3 includes at least 3.1 and second crypto module 3.2 of root key memory module;
Root key memory module 3.1, preserves root key;
Second crypto module 3.2, externally provides the service that encryption and decryption is carried out using root key;
Encryption and decryption service module 4, processing submodule 4.1 and encryption and decryption calculating sub module 4.2 are asked including at least encryption and decryption;
Encryption and decryption request processing submodule 4.1, for receiving the request of user data encryption and decryption, by User Token to key management
Server 2 asks user data key, and calls encryption and decryption calculating sub module 4.2 to carry out encryption and decryption to user data, to user
Returned data ciphertext;
Encryption and decryption calculating sub module 4.2, is used for realization the computing function of user's encryption and decryption;
Between user and authentication server 1, between authentication server 1 and Key Management server 2, key management clothes
It is engaged between device 2 and hardware security module 3, between Key Management server 2 and encryption and decryption service module 4, is carried out by network
Communication is encrypted using SSL/TLS protocol conversations in communication, communication process whole process;
Key Management server 2 automatically generates or receives user's master key of user's importing in user's registration, is pacified by hardware
Full module 3 is encrypted and stores;User data key is encrypted and is stored using user's master key;User's master key and use
User data key data can be backuped on other Key Management servers, realize system extension and load balancing
SSL/TLS agreements, SSL (Secure Sockets Layer Secure Socket Layer), and its successor's Transport Layer Security
(Transport Layer Security, TLS)It is a kind of security protocol that safety and data integrity are provided for network service.
TLS and SSL is encrypted network connection in transport layer.
Cryptographic algorithm can be regarded as a complicated functional transformation, and the function that plaintext is participated in by key is changed generation
Ciphertext.Ciphertext, is the character string obtained after encrypting;In plain text, it is character string to be encrypted;Key, is secret selected one
A character string.
The embodiment of the present invention is illustrative and not restrictive, and above-described embodiment is only to aid in understanding the present invention, because
This is every by those skilled in the art's technique according to the invention the invention is not restricted to the embodiment described in embodiment
Other embodiments that scheme is drawn, also belong to the scope of protection of the invention.
Claims (10)
1. the closed key management method of a kind of identity-based, it is characterised in that include the following steps:
ID authentication request is submitted to authentication server when step 1. user logs in, authentication is by rear, return user
Token;
Step 2. submits token and user data when user needs encryption and decryption to service, to encryption and decryption service module;
Step 3. encryption and decryption service module submits User Token to Key Management server, and asks user data key;
Validity from step 4. Key Management server to authentication server requests verification token, after being verified, key
Management server searches user data key ciphertext by User ID;
Step 5. Key Management server decrypts user data key in plain text, and returns to encryption and decryption service module;
Step 6. encryption and decryption service module carries out encryption and decryption operation, and return the result by user data key to user data.
A kind of 2. closed key management method of identity-based as claimed in claim 1, it is characterised in that whole key pipe
Communication is encrypted using SSL/TLS protocol conversations in the network service process of reason, whole process.
3. the closed key management method of a kind of identity-based as claimed in claim 1 or 2, it is characterised in that note first
During volume user, authentication server automatically generates User ID, user's upload user master key into Key Management server with
User ID is bound;
Alternatively, Key Management server calls hardware security module to automatically generate user's master key using root key encryption, preserve
In Key Management server, and user bound ID.
4. the closed key management method of a kind of identity-based as claimed in claim 1, it is characterised in that close in step 4
Key management server judges whether the corresponding user data key ciphertext of User ID:If it is, continue to execute step 5;
If it is not, then automatically generating user data key, and encrypting storing by using householder's key, it is further continued for performing step 5.
5. the closed key management method of a kind of identity-based as claimed in claim 1, it is characterised in that close in step 5
After key management server finds user data key ciphertext by User ID, user is decrypted by hardware security module first
Master key decrypts user data key in plain text in plain text, then with user's master key.
6. the closed key management system of a kind of identity-based, it is characterised in that including authentication server(1), key
Management server(2), hardware security module(3)With encryption and decryption service module(4);
Authentication server(1), for authenticating user identification, User Token is provided, verifies the validity of User Token;
Key Management server(2), for user's master key and the Key life cycle management of user data key, key life
Cycle management includes generation, storage and the distribution of key;
Hardware security module(3), be Key Management server back-end hardware encryption device, preserve root key, be key management
Server provides key generation, data encrypting and deciphering service, is the root of trust of key management system;
Encryption and decryption service module(4), user data key is asked according to User Token, and encryption and decryption clothes are provided for user data
Business.
7. the closed key management system of a kind of identity-based as claimed in claim 6, it is characterised in that key management takes
Business device(2)Including authentication module(2.1), first password module(2.2), cipher key storage block(2.3)And key distribution mould
Block(2.4);
Authentication module(2.1), receive encryption and decryption service module(4)Request to specified user data key, and to body
Part certificate server(1)The validity of requests verification User Token, and control whether response encryption and decryption service module(4)Please
Ask;
First password module(2.2), call hardware security module(3)Generate key and encryption and decryption is carried out to key data;
Cipher key storage block(2.3), user's master key ciphertext and user data key ciphertext are stored according to User ID, and provide and look into
Ask function;
Key distribution module(2.4), for encryption and decryption service module(4)Return to user data key in plain text.
A kind of 8. closed key management system of identity-based as claimed in claim 6, it is characterised in that hardware security mould
Block(3)Including at least root key memory module(3.1)With the second crypto module(3.2);
Root key memory module(3.1), preserve root key;
Second crypto module(3.2), the service that encryption and decryption is carried out using root key is externally provided.
9. the closed key management system of a kind of identity-based as claimed in claim 6, it is characterised in that authentication takes
Business device(1), including at least user management module(1.1)With token management module(1.2);
User management module(1.1), authentication is carried out for registering new user, and to user;
Token management module(1.2), for generating token of the user to resource access rights, verify the validity of token.
10. the closed key management system of a kind of identity-based as claimed in claim 6, it is characterised in that encryption and decryption takes
Business module(4), processing submodule is asked including at least encryption and decryption(4.1)With encryption and decryption calculating sub module(4.2);
Encryption and decryption request processing submodule(4.1), for receiving the request of user data encryption and decryption, by User Token to key pipe
Manage server(2)User data key is asked, and calls encryption and decryption calculating sub module(4.2)Encryption and decryption is carried out to user data,
To user's returned data ciphertext;
Encryption and decryption calculating sub module(4.2), it is used for realization the computing function of user's encryption and decryption.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711189921.7A CN107948156B (en) | 2017-11-24 | 2017-11-24 | Identity-based closed key management method and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711189921.7A CN107948156B (en) | 2017-11-24 | 2017-11-24 | Identity-based closed key management method and system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107948156A true CN107948156A (en) | 2018-04-20 |
CN107948156B CN107948156B (en) | 2021-10-22 |
Family
ID=61949586
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711189921.7A Active CN107948156B (en) | 2017-11-24 | 2017-11-24 | Identity-based closed key management method and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107948156B (en) |
Cited By (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108769992A (en) * | 2018-06-12 | 2018-11-06 | 腾讯科技(深圳)有限公司 | User authen method, device, terminal and storage medium |
CN109088889A (en) * | 2018-10-16 | 2018-12-25 | 深信服科技股份有限公司 | A kind of SSL encipher-decipher method, system and computer readable storage medium |
CN109104273A (en) * | 2018-07-04 | 2018-12-28 | 华为技术有限公司 | Message processing method and receiving end server |
CN109214221A (en) * | 2018-08-23 | 2019-01-15 | 武汉普利商用机器有限公司 | A kind of identity card reader verification method, host computer and identity card reader |
CN109510822A (en) * | 2018-11-08 | 2019-03-22 | 蓝信移动(北京)科技有限公司 | Obtain the method and system of public and private key |
CN109599170A (en) * | 2018-12-05 | 2019-04-09 | 易必祥 | Medical management method and system based on big data |
CN109670325A (en) * | 2018-12-21 | 2019-04-23 | 北京思源互联科技有限公司 | A kind of devices and methods therefor of configuration file encryption and decryption |
CN112769560A (en) * | 2020-12-31 | 2021-05-07 | 中国农业银行股份有限公司 | Key management method and related device |
CN113468596A (en) * | 2021-06-28 | 2021-10-01 | 深圳供电局有限公司 | Multi-element identity authentication method and system for power grid data outsourcing calculation |
CN114793169A (en) * | 2022-03-21 | 2022-07-26 | 中国信息通信研究院 | Full-flow data encryption protection method for big data platform |
CN115811625A (en) * | 2021-09-14 | 2023-03-17 | 果核数位股份有限公司 | Streaming media service method and system for customizing information security level |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1547142A (en) * | 2003-12-12 | 2004-11-17 | ���пƼ���ѧ | A dynamic identity certification method and system |
CN102821096A (en) * | 2012-07-17 | 2012-12-12 | 华中科技大学 | Distributed storage system and file sharing method thereof |
CN103259651A (en) * | 2013-05-30 | 2013-08-21 | 成都欣知科技有限公司 | Encryption and decryption method and system of terminal data |
CN103269266A (en) * | 2013-04-27 | 2013-08-28 | 北京宏基恒信科技有限责任公司 | Safety authentication method and system of dynamic password |
CN105656864A (en) * | 2014-11-27 | 2016-06-08 | 航天恒星科技有限公司 | TCM-based key management system and management method |
US20160170907A1 (en) * | 2012-07-18 | 2016-06-16 | Sypris Electronics, Llc | Resilient device authentication system with metadata binding |
CN107359990A (en) * | 2017-08-03 | 2017-11-17 | 北京奇艺世纪科技有限公司 | A kind of secret information processing method, apparatus and system |
-
2017
- 2017-11-24 CN CN201711189921.7A patent/CN107948156B/en active Active
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1547142A (en) * | 2003-12-12 | 2004-11-17 | ���пƼ���ѧ | A dynamic identity certification method and system |
CN102821096A (en) * | 2012-07-17 | 2012-12-12 | 华中科技大学 | Distributed storage system and file sharing method thereof |
US20160170907A1 (en) * | 2012-07-18 | 2016-06-16 | Sypris Electronics, Llc | Resilient device authentication system with metadata binding |
CN103269266A (en) * | 2013-04-27 | 2013-08-28 | 北京宏基恒信科技有限责任公司 | Safety authentication method and system of dynamic password |
CN103259651A (en) * | 2013-05-30 | 2013-08-21 | 成都欣知科技有限公司 | Encryption and decryption method and system of terminal data |
CN105656864A (en) * | 2014-11-27 | 2016-06-08 | 航天恒星科技有限公司 | TCM-based key management system and management method |
CN107359990A (en) * | 2017-08-03 | 2017-11-17 | 北京奇艺世纪科技有限公司 | A kind of secret information processing method, apparatus and system |
Cited By (17)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108769992A (en) * | 2018-06-12 | 2018-11-06 | 腾讯科技(深圳)有限公司 | User authen method, device, terminal and storage medium |
CN108769992B (en) * | 2018-06-12 | 2021-06-18 | 腾讯科技(深圳)有限公司 | User authentication method, device, terminal and storage medium |
WO2020007308A1 (en) * | 2018-07-04 | 2020-01-09 | 华为技术有限公司 | Message processing method and receiving-end server |
CN109104273A (en) * | 2018-07-04 | 2018-12-28 | 华为技术有限公司 | Message processing method and receiving end server |
CN109104273B (en) * | 2018-07-04 | 2021-03-30 | 华为技术有限公司 | Message processing method and receiving end server |
CN109214221A (en) * | 2018-08-23 | 2019-01-15 | 武汉普利商用机器有限公司 | A kind of identity card reader verification method, host computer and identity card reader |
CN109088889A (en) * | 2018-10-16 | 2018-12-25 | 深信服科技股份有限公司 | A kind of SSL encipher-decipher method, system and computer readable storage medium |
CN109510822A (en) * | 2018-11-08 | 2019-03-22 | 蓝信移动(北京)科技有限公司 | Obtain the method and system of public and private key |
CN109599170A (en) * | 2018-12-05 | 2019-04-09 | 易必祥 | Medical management method and system based on big data |
CN109670325A (en) * | 2018-12-21 | 2019-04-23 | 北京思源互联科技有限公司 | A kind of devices and methods therefor of configuration file encryption and decryption |
CN109670325B (en) * | 2018-12-21 | 2023-03-28 | 北京思源理想控股集团有限公司 | Device and method for encrypting and decrypting configuration file |
CN112769560A (en) * | 2020-12-31 | 2021-05-07 | 中国农业银行股份有限公司 | Key management method and related device |
CN112769560B (en) * | 2020-12-31 | 2023-03-24 | 中国农业银行股份有限公司 | Key management method and related device |
CN113468596A (en) * | 2021-06-28 | 2021-10-01 | 深圳供电局有限公司 | Multi-element identity authentication method and system for power grid data outsourcing calculation |
CN113468596B (en) * | 2021-06-28 | 2023-10-13 | 深圳供电局有限公司 | Multi-element identity authentication method and system for outsourcing calculation of power grid data |
CN115811625A (en) * | 2021-09-14 | 2023-03-17 | 果核数位股份有限公司 | Streaming media service method and system for customizing information security level |
CN114793169A (en) * | 2022-03-21 | 2022-07-26 | 中国信息通信研究院 | Full-flow data encryption protection method for big data platform |
Also Published As
Publication number | Publication date |
---|---|
CN107948156B (en) | 2021-10-22 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107948156A (en) | The closed key management method and system of a kind of identity-based | |
CN109495274B (en) | Decentralized intelligent lock electronic key distribution method and system | |
TWI715537B (en) | Encryption machine key injection system, method and device based on cloud environment | |
CN106341232B (en) | A kind of anonymous entity discrimination method based on password | |
CN107359998B (en) | A kind of foundation and operating method of portable intelligent password management system | |
CN101771699A (en) | Method and system for improving SaaS application security | |
CN102025503B (en) | Data security implementation method in cluster environment and high-security cluster | |
CN110572258B (en) | Cloud password computing platform and computing service method | |
CN106789042A (en) | User in IBC domains accesses the authentication key agreement method of the resource in PKI domains | |
EP2767029B1 (en) | Secure communication | |
CN110519046A (en) | Quantum communications service station cryptographic key negotiation method and system based on disposable asymmetric key pair and QKD | |
CN114036539A (en) | Safety auditable Internet of things data sharing system and method based on block chain | |
CN106936588A (en) | A kind of trustship method, the apparatus and system of hardware controls lock | |
CN110138548A (en) | Based on unsymmetrical key pond to and DH agreement quantum communications service station cryptographic key negotiation method and system | |
CN113645195A (en) | Ciphertext access control system and method based on CP-ABE and SM4 | |
TWI476629B (en) | Data security and security systems and methods | |
CN105871866B (en) | A kind of password management system and method based on computer hardware information | |
CN1953366B (en) | Password management method and system for intelligent secret key device | |
CN110098925A (en) | Based on unsymmetrical key pond to and random number quantum communications service station cryptographic key negotiation method and system | |
CN103944721A (en) | Method and device for protecting terminal data security on basis of web | |
CN107911221A (en) | The key management method of solid-state disk data safety storage | |
US11861597B1 (en) | Database encryption wallet | |
CN114154185A (en) | Data encryption storage method based on national cryptographic algorithm | |
CN113972985A (en) | Private cloud encryption storage method based on cloud cipher machine key management | |
Hammami et al. | Security issues in cloud computing and associated alleviation approaches |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |