CN107948156A - The closed key management method and system of a kind of identity-based - Google Patents

The closed key management method and system of a kind of identity-based Download PDF

Info

Publication number
CN107948156A
CN107948156A CN201711189921.7A CN201711189921A CN107948156A CN 107948156 A CN107948156 A CN 107948156A CN 201711189921 A CN201711189921 A CN 201711189921A CN 107948156 A CN107948156 A CN 107948156A
Authority
CN
China
Prior art keywords
key
user
encryption
module
decryption
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201711189921.7A
Other languages
Chinese (zh)
Other versions
CN107948156B (en
Inventor
陈煜文
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhengzhou Yunhai Information Technology Co Ltd
Original Assignee
Zhengzhou Yunhai Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhengzhou Yunhai Information Technology Co Ltd filed Critical Zhengzhou Yunhai Information Technology Co Ltd
Priority to CN201711189921.7A priority Critical patent/CN107948156B/en
Publication of CN107948156A publication Critical patent/CN107948156A/en
Application granted granted Critical
Publication of CN107948156B publication Critical patent/CN107948156B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3234Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Storage Device Security (AREA)
  • Computer And Data Communications (AREA)

Abstract

The present invention provides a kind of closed key management method and system of identity-based, method:1. submitting ID authentication request to authentication server when user logs in, authentication is by rear, return User Token;2. when user needs encryption and decryption to service, token and user data are submitted to encryption and decryption service module;3. encryption and decryption service module submits User Token to Key Management server, and asks user data key;4. Key Management server is to the validity of authentication server requests verification token, after being verified, Key Management server searches user data key ciphertext by User ID;5. Key Management server decrypts user data key in plain text, and returns to encryption and decryption service module;6. encryption and decryption service module carries out encryption and decryption operation, and return the result by user data key to user data;System includes authentication server, Key Management server, hardware security module and encryption and decryption service module.

Description

The closed key management method and system of a kind of identity-based
Technical field
The invention belongs to information security field, and in particular to a kind of closed key management method of identity-based and be System.
Background technology
In recent years, as the fast development and extensive use of cloud computing, the problem of data safety of cloud computing service become cloud The huge obstacle of application and popularization is calculated, causes extensive concern.Cloud computing framework using multi-tenant, distribution and shared resource as Feature so that the solution of the problem of data safety on cloud computing service becomes difficult point.
Traditional secrete key management system and data ciphering method, realize that user is directly responsible for key management by hardware encryption equipment The management of system and user's IC key cards, key management is separated with user management, of high cost, poor expandability, and deployment is not clever enough It is living, manage and using cumbersome, it is difficult to effectively take precautions against the behavior that cloud management person's malice steals user data, do not adapt to cloud meter Calculate the demand of user's private data safety of the multi-tenant under system architecture.How in cloud computing multi-tenant, distributed environment It is lower to realize convenient, safe, expansible auto key management, it has also become those skilled in the art technology urgently to be resolved hurrily is asked Topic and the emphasis of research.
This is the deficiencies in the prior art, therefore, for drawbacks described above of the prior art, there is provided a kind of envelope of identity-based Enclosed key management method and system, are necessary.
The content of the invention
It is an object of the present invention to be directed to above-mentioned existing key management method poor expandability, using cumbersome defect, carry For the closed key management method and system of a kind of identity-based, to solve above-mentioned technical problem.
To achieve the above object, the present invention provides following technical scheme:
A kind of closed key management method of identity-based, includes the following steps:
ID authentication request is submitted to authentication server when step 1. user logs in, authentication is by rear, return user Token;
Step 2. submits token and user data when user needs encryption and decryption to service, to encryption and decryption service module;
Step 3. encryption and decryption service module submits User Token to Key Management server, and asks user data key;
Validity from step 4. Key Management server to authentication server requests verification token, after being verified, key Management server searches user data key ciphertext by User ID;
Step 5. Key Management server decrypts user data key in plain text, and returns to encryption and decryption service module;
Step 6. encryption and decryption service module carries out encryption and decryption operation, and return the result by user data key to user data.
The User Token request user data key that authenticating user identification of the present invention obtains, avoids user oneself from managing key The cumbersome and error of card, simplifies key management flow, improves the practicality of key management.
Further, the network service process of whole key management, whole process are encrypted logical using SSL/TLS protocol conversations Letter;Full-automatic, totally enclosed type, the interference without user and administrator can be achieved.
The present invention effectively prevent artificial interference during traditional secrete key management and caused using automation, closed design Operation error and administrator's malice steal the behavior of user data, improve security, the availability of key management system.
Further, first registered user when, authentication server automatically generates User ID, and user upload user master is close Key is bound into Key Management server with User ID;
Alternatively, Key Management server calls hardware security module to automatically generate user's master key using root key encryption, preserve In Key Management server, and user bound ID;User ID is the exclusive identification code of user identity.
Uploaded present invention employs user or automatically generate two kinds of key generating modes, easy to the flexible deployment of user key With backup, and automatically generate key mode using hardware security module be used as rear end encryption device, improve key data store Security.
Further, in step 4, Key Management server judges whether that the corresponding user data key of User ID is close Text:If it is, continue to execute step 5;If it is not, then automatically generating user data key by using householder's key, and encrypt Preserve, be further continued for performing step 5.
The present invention is automatically generated using user data key and improves key pipe without intervention with encrypting storing mode, user Manage efficiency and security.
Further, it is first after Key Management server finds user data key ciphertext by User ID in step 5 First pass through hardware security module and decrypt user's master key in plain text, then user data key is decrypted in plain text with user's master key.
For the present invention to user's master key and user data key using ciphertext storage, when use, will pass through hardware security module Decryption, improves the security of key data storage.
The present invention gives following technical solution:
A kind of closed key management system of identity-based, including authentication server, Key Management server, hardware peace Full module and encryption and decryption service module;
Authentication server, for authenticating user identification, provides User Token, verifies the validity of User Token;Key pipe Server is managed, for user's master key and the Key life cycle management of user data key, Key life cycle management includes Generation, storage and the distribution of key;
Hardware security module, is the back-end hardware encryption device of Key Management server, preserves root key, is cipher key management services Device provides key generation, data encrypting and deciphering service, is the root of trust of key management system;
Encryption and decryption service module, user data key is asked according to User Token, and provides encryption and decryption service for user data;Add Decryption service module is distributed across some module of software and hardware of information system everywhere, can be diversified forms, such as encrypted virtual magnetic Dish driving, hardware encryption card, encrypted file system.
Further, Key Management server includes authentication module, first password module, cipher key storage block and close Key distribution module;
Authentication module, receives request of the encryption and decryption service module to specified user data key, and is taken to authentication The validity for device requests verification User Token of being engaged in, and control whether the request of response encryption and decryption service module;
First password module, calls hardware security module generation key and carries out encryption and decryption to key data;
Cipher key storage block, user's master key ciphertext and user data key ciphertext are stored according to User ID, and provide inquiry work( Energy;
Key distribution module, for returning to user data key in plain text to encryption and decryption service module.
Further, hardware security module includes at least root key memory module and the second crypto module;
Root key memory module, preserves root key;
Second crypto module, externally provides the service that encryption and decryption is carried out using root key.
Further, authentication server, including at least user management module and token management module;
User management module, authentication is carried out for registering new user, and to user;
Token management module, for generating token of the user to resource access rights, verifies the validity of token.
Further, encryption and decryption service module, asks processing submodule and encryption and decryption to calculate submodule including at least encryption and decryption Block;
Encryption and decryption request processing submodule, for receiving the request of user data encryption and decryption, is taken by User Token to key management Business device request user data key, and call encryption and decryption calculating sub module to carry out encryption and decryption to user data, return to number to user According to ciphertext;
Encryption and decryption calculating sub module, is used for realization the computing function of user's encryption and decryption.Encryption and decryption calculating sub module using hardware or Software, respective encrypted algorithm species is supported according to user demand.
Further, between user and authentication server, between authentication server and Key Management server, Between Key Management server and hardware security module, between Key Management server and encryption and decryption service module, pass through net Network communicates, and communication is encrypted using SSL/TLS protocol conversations in communication process whole process.
Further, Key Management server automatically generates or receives the close with householder of user's importing in user's registration Key, is encrypted and stored by hardware security module;User data key is encrypted and is stored using user's master key;With Householder's key and user data key data can be backuped on other Key Management servers, realize that system extension and load are equal Weighing apparatus.
The beneficial effects of the present invention are:
The present invention provides a kind of safe efficient, expansible key management method and system for cloud computing cluster, simplifies key pipe Flow is managed, the security risk that user and administrator artificially interfere in cipher key management procedures is avoided, effectively reduces key management system The dependence united to hardware security module, greatly improves key management and the flexibility of data encryption system and scalability, more The multi-tenant key management usage scenario under cloud computing framework is adapted to well, effectively facilitates cloud computing private data safety problem Solve.
The present invention is directed to the application problem of key management system under cloud computing framework, there is provided a kind of complete solution party Case, solves the problems, such as that the management of traditional secrete key management system is cumbersome, can not share, poor expandability so that key management and number According to encryption system can the extensive use on cloud, promote cloud problem of data safety solution, promote cloud computing practicality with promote.
In addition, design principle of the present invention is reliable, and it is simple in structure, there is very extensive application prospect.
It can be seen from the above that compared with prior art, the present invention with prominent substantive distinguishing features and significant progress, it is implemented Beneficial effect be also obvious.
Brief description of the drawings
Fig. 1 is the method flow schematic diagram of the present invention;
Fig. 2 is the system composition schematic diagram of the present invention;
Fig. 3 is each module composition schematic diagram of system of the present invention;
Wherein, 1- authentication servers;1.1- user management module;1.2- token management modules;2- Key Management servers; 2.1- authentication module;2.2- first password modules;2.3- cipher key storage block;2.4- key distribution modules;3- hardware is pacified Full module;3.1- root key memory modules;The second crypto modules of 3.2-;4- encryption and decryption service modules;At 4.1- encryption and decryption requests Manage submodule;4.2- encryption and decryption calculating sub modules.
Embodiment:
To enable the purpose of the present invention, feature, advantage more obvious and understandable, it is embodied below in conjunction with the present invention Attached drawing in example, is clearly and completely described the technical solution in the present invention.
As shown in Figure 1, the present invention provides a kind of closed key management method of identity-based, it is characterised in that including Following steps:
ID authentication request is submitted to authentication server when step 1. user logs in, authentication is by rear, return user Token;
Step 2. submits token and user data when user needs encryption and decryption to service, to encryption and decryption service module;
Step 3. encryption and decryption service module submits User Token to Key Management server, and asks user data key;
Validity from step 4. Key Management server to authentication server requests verification token, after being verified, key Management server searches user data key ciphertext by User ID;
Step 5. Key Management server decrypts user data key in plain text, and returns to encryption and decryption service module;
Step 6. encryption and decryption service module carries out encryption and decryption operation, and return the result by user data key to user data.
In the above method, the network service process of whole key management, whole process is encrypted using SSL/TLS protocol conversations Communication.
In the above method, first during registered user, authentication server automatically generates User ID, user upload user master Key is bound into Key Management server with User ID;
Alternatively, Key Management server calls hardware security module to automatically generate user's master key using root key encryption, preserve In Key Management server, and user bound ID.
In above-mentioned steps 4, Key Management server judges whether the corresponding user data key ciphertext of User ID:Such as Fruit is then to continue to execute step 5;If it is not, then user data key, and encrypting storing are automatically generated by using householder's key, It is further continued for performing step 5.
In above-mentioned steps 5, after Key Management server finds user data key ciphertext by User ID, pass through first Hardware security module decrypts user's master key in plain text, then decrypts user data key in plain text with user's master key.
As shown in Fig. 2, the present invention also provides a kind of closed key management system of identity-based, including authentication Server 1, Key Management server 2, hardware security module 3 and encryption and decryption service module 4;
Authentication server 1, for authenticating user identification, provides User Token, verifies the validity of User Token;
Key Management server 2, for user's master key and the Key life cycle management of user data key, key Life Cycle Period management includes generation, storage and the distribution of key;
Hardware security module 3, is the back-end hardware encryption device of Key Management server, preserves root key, is taken for key management Business device provides key generation, data encrypting and deciphering service, is the root of trust of key management system;
Encryption and decryption service module 4, user data key is asked according to User Token, and provides encryption and decryption service for user data;
As shown in figure 3,
Authentication server 1, including at least user management module 1.1 and token management module 1.2;
User management module 1.1, authentication is carried out for registering new user, and to user;
Token management module 1.2, for generating token of the user to resource access rights, verifies the validity of token;
Key Management server 2 includes authentication module 2.1, first password module 2.2, cipher key storage block 2.3 and key Distribution module 2.4;
Authentication module 2.1, receives encryption and decryption 4 request to specified user data key of service module, and recognizes to identity The validity of 1 requests verification User Token of server is demonstrate,proved, and controls whether the request of response encryption and decryption service module 4;
First password module 2.2, calls hardware security module 3 to generate key and carries out encryption and decryption to key data;
Cipher key storage block 2.3, user's master key ciphertext and user data key ciphertext are stored according to User ID, and provide inquiry Function;
Key distribution module 2.4, for returning to user data key in plain text to encryption and decryption service module 4;
Hardware security module 3 includes at least 3.1 and second crypto module 3.2 of root key memory module;
Root key memory module 3.1, preserves root key;
Second crypto module 3.2, externally provides the service that encryption and decryption is carried out using root key;
Encryption and decryption service module 4, processing submodule 4.1 and encryption and decryption calculating sub module 4.2 are asked including at least encryption and decryption;
Encryption and decryption request processing submodule 4.1, for receiving the request of user data encryption and decryption, by User Token to key management Server 2 asks user data key, and calls encryption and decryption calculating sub module 4.2 to carry out encryption and decryption to user data, to user Returned data ciphertext;
Encryption and decryption calculating sub module 4.2, is used for realization the computing function of user's encryption and decryption;
Between user and authentication server 1, between authentication server 1 and Key Management server 2, key management clothes It is engaged between device 2 and hardware security module 3, between Key Management server 2 and encryption and decryption service module 4, is carried out by network Communication is encrypted using SSL/TLS protocol conversations in communication, communication process whole process;
Key Management server 2 automatically generates or receives user's master key of user's importing in user's registration, is pacified by hardware Full module 3 is encrypted and stores;User data key is encrypted and is stored using user's master key;User's master key and use User data key data can be backuped on other Key Management servers, realize system extension and load balancing
SSL/TLS agreements, SSL (Secure Sockets Layer Secure Socket Layer), and its successor's Transport Layer Security (Transport Layer Security, TLS)It is a kind of security protocol that safety and data integrity are provided for network service. TLS and SSL is encrypted network connection in transport layer.
Cryptographic algorithm can be regarded as a complicated functional transformation, and the function that plaintext is participated in by key is changed generation Ciphertext.Ciphertext, is the character string obtained after encrypting;In plain text, it is character string to be encrypted;Key, is secret selected one A character string.
The embodiment of the present invention is illustrative and not restrictive, and above-described embodiment is only to aid in understanding the present invention, because This is every by those skilled in the art's technique according to the invention the invention is not restricted to the embodiment described in embodiment Other embodiments that scheme is drawn, also belong to the scope of protection of the invention.

Claims (10)

1. the closed key management method of a kind of identity-based, it is characterised in that include the following steps:
ID authentication request is submitted to authentication server when step 1. user logs in, authentication is by rear, return user Token;
Step 2. submits token and user data when user needs encryption and decryption to service, to encryption and decryption service module;
Step 3. encryption and decryption service module submits User Token to Key Management server, and asks user data key;
Validity from step 4. Key Management server to authentication server requests verification token, after being verified, key Management server searches user data key ciphertext by User ID;
Step 5. Key Management server decrypts user data key in plain text, and returns to encryption and decryption service module;
Step 6. encryption and decryption service module carries out encryption and decryption operation, and return the result by user data key to user data.
A kind of 2. closed key management method of identity-based as claimed in claim 1, it is characterised in that whole key pipe Communication is encrypted using SSL/TLS protocol conversations in the network service process of reason, whole process.
3. the closed key management method of a kind of identity-based as claimed in claim 1 or 2, it is characterised in that note first During volume user, authentication server automatically generates User ID, user's upload user master key into Key Management server with User ID is bound;
Alternatively, Key Management server calls hardware security module to automatically generate user's master key using root key encryption, preserve In Key Management server, and user bound ID.
4. the closed key management method of a kind of identity-based as claimed in claim 1, it is characterised in that close in step 4 Key management server judges whether the corresponding user data key ciphertext of User ID:If it is, continue to execute step 5; If it is not, then automatically generating user data key, and encrypting storing by using householder's key, it is further continued for performing step 5.
5. the closed key management method of a kind of identity-based as claimed in claim 1, it is characterised in that close in step 5 After key management server finds user data key ciphertext by User ID, user is decrypted by hardware security module first Master key decrypts user data key in plain text in plain text, then with user's master key.
6. the closed key management system of a kind of identity-based, it is characterised in that including authentication server(1), key Management server(2), hardware security module(3)With encryption and decryption service module(4);
Authentication server(1), for authenticating user identification, User Token is provided, verifies the validity of User Token;
Key Management server(2), for user's master key and the Key life cycle management of user data key, key life Cycle management includes generation, storage and the distribution of key;
Hardware security module(3), be Key Management server back-end hardware encryption device, preserve root key, be key management Server provides key generation, data encrypting and deciphering service, is the root of trust of key management system;
Encryption and decryption service module(4), user data key is asked according to User Token, and encryption and decryption clothes are provided for user data Business.
7. the closed key management system of a kind of identity-based as claimed in claim 6, it is characterised in that key management takes Business device(2)Including authentication module(2.1), first password module(2.2), cipher key storage block(2.3)And key distribution mould Block(2.4);
Authentication module(2.1), receive encryption and decryption service module(4)Request to specified user data key, and to body Part certificate server(1)The validity of requests verification User Token, and control whether response encryption and decryption service module(4)Please Ask;
First password module(2.2), call hardware security module(3)Generate key and encryption and decryption is carried out to key data;
Cipher key storage block(2.3), user's master key ciphertext and user data key ciphertext are stored according to User ID, and provide and look into Ask function;
Key distribution module(2.4), for encryption and decryption service module(4)Return to user data key in plain text.
A kind of 8. closed key management system of identity-based as claimed in claim 6, it is characterised in that hardware security mould Block(3)Including at least root key memory module(3.1)With the second crypto module(3.2);
Root key memory module(3.1), preserve root key;
Second crypto module(3.2), the service that encryption and decryption is carried out using root key is externally provided.
9. the closed key management system of a kind of identity-based as claimed in claim 6, it is characterised in that authentication takes Business device(1), including at least user management module(1.1)With token management module(1.2);
User management module(1.1), authentication is carried out for registering new user, and to user;
Token management module(1.2), for generating token of the user to resource access rights, verify the validity of token.
10. the closed key management system of a kind of identity-based as claimed in claim 6, it is characterised in that encryption and decryption takes Business module(4), processing submodule is asked including at least encryption and decryption(4.1)With encryption and decryption calculating sub module(4.2);
Encryption and decryption request processing submodule(4.1), for receiving the request of user data encryption and decryption, by User Token to key pipe Manage server(2)User data key is asked, and calls encryption and decryption calculating sub module(4.2)Encryption and decryption is carried out to user data, To user's returned data ciphertext;
Encryption and decryption calculating sub module(4.2), it is used for realization the computing function of user's encryption and decryption.
CN201711189921.7A 2017-11-24 2017-11-24 Identity-based closed key management method and system Active CN107948156B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711189921.7A CN107948156B (en) 2017-11-24 2017-11-24 Identity-based closed key management method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711189921.7A CN107948156B (en) 2017-11-24 2017-11-24 Identity-based closed key management method and system

Publications (2)

Publication Number Publication Date
CN107948156A true CN107948156A (en) 2018-04-20
CN107948156B CN107948156B (en) 2021-10-22

Family

ID=61949586

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711189921.7A Active CN107948156B (en) 2017-11-24 2017-11-24 Identity-based closed key management method and system

Country Status (1)

Country Link
CN (1) CN107948156B (en)

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108769992A (en) * 2018-06-12 2018-11-06 腾讯科技(深圳)有限公司 User authen method, device, terminal and storage medium
CN109088889A (en) * 2018-10-16 2018-12-25 深信服科技股份有限公司 A kind of SSL encipher-decipher method, system and computer readable storage medium
CN109104273A (en) * 2018-07-04 2018-12-28 华为技术有限公司 Message processing method and receiving end server
CN109214221A (en) * 2018-08-23 2019-01-15 武汉普利商用机器有限公司 A kind of identity card reader verification method, host computer and identity card reader
CN109510822A (en) * 2018-11-08 2019-03-22 蓝信移动(北京)科技有限公司 Obtain the method and system of public and private key
CN109599170A (en) * 2018-12-05 2019-04-09 易必祥 Medical management method and system based on big data
CN109670325A (en) * 2018-12-21 2019-04-23 北京思源互联科技有限公司 A kind of devices and methods therefor of configuration file encryption and decryption
CN112769560A (en) * 2020-12-31 2021-05-07 中国农业银行股份有限公司 Key management method and related device
CN113468596A (en) * 2021-06-28 2021-10-01 深圳供电局有限公司 Multi-element identity authentication method and system for power grid data outsourcing calculation
CN114793169A (en) * 2022-03-21 2022-07-26 中国信息通信研究院 Full-flow data encryption protection method for big data platform
CN115811625A (en) * 2021-09-14 2023-03-17 果核数位股份有限公司 Streaming media service method and system for customizing information security level

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1547142A (en) * 2003-12-12 2004-11-17 ���пƼ���ѧ A dynamic identity certification method and system
CN102821096A (en) * 2012-07-17 2012-12-12 华中科技大学 Distributed storage system and file sharing method thereof
CN103259651A (en) * 2013-05-30 2013-08-21 成都欣知科技有限公司 Encryption and decryption method and system of terminal data
CN103269266A (en) * 2013-04-27 2013-08-28 北京宏基恒信科技有限责任公司 Safety authentication method and system of dynamic password
CN105656864A (en) * 2014-11-27 2016-06-08 航天恒星科技有限公司 TCM-based key management system and management method
US20160170907A1 (en) * 2012-07-18 2016-06-16 Sypris Electronics, Llc Resilient device authentication system with metadata binding
CN107359990A (en) * 2017-08-03 2017-11-17 北京奇艺世纪科技有限公司 A kind of secret information processing method, apparatus and system

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1547142A (en) * 2003-12-12 2004-11-17 ���пƼ���ѧ A dynamic identity certification method and system
CN102821096A (en) * 2012-07-17 2012-12-12 华中科技大学 Distributed storage system and file sharing method thereof
US20160170907A1 (en) * 2012-07-18 2016-06-16 Sypris Electronics, Llc Resilient device authentication system with metadata binding
CN103269266A (en) * 2013-04-27 2013-08-28 北京宏基恒信科技有限责任公司 Safety authentication method and system of dynamic password
CN103259651A (en) * 2013-05-30 2013-08-21 成都欣知科技有限公司 Encryption and decryption method and system of terminal data
CN105656864A (en) * 2014-11-27 2016-06-08 航天恒星科技有限公司 TCM-based key management system and management method
CN107359990A (en) * 2017-08-03 2017-11-17 北京奇艺世纪科技有限公司 A kind of secret information processing method, apparatus and system

Cited By (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108769992A (en) * 2018-06-12 2018-11-06 腾讯科技(深圳)有限公司 User authen method, device, terminal and storage medium
CN108769992B (en) * 2018-06-12 2021-06-18 腾讯科技(深圳)有限公司 User authentication method, device, terminal and storage medium
WO2020007308A1 (en) * 2018-07-04 2020-01-09 华为技术有限公司 Message processing method and receiving-end server
CN109104273A (en) * 2018-07-04 2018-12-28 华为技术有限公司 Message processing method and receiving end server
CN109104273B (en) * 2018-07-04 2021-03-30 华为技术有限公司 Message processing method and receiving end server
CN109214221A (en) * 2018-08-23 2019-01-15 武汉普利商用机器有限公司 A kind of identity card reader verification method, host computer and identity card reader
CN109088889A (en) * 2018-10-16 2018-12-25 深信服科技股份有限公司 A kind of SSL encipher-decipher method, system and computer readable storage medium
CN109510822A (en) * 2018-11-08 2019-03-22 蓝信移动(北京)科技有限公司 Obtain the method and system of public and private key
CN109599170A (en) * 2018-12-05 2019-04-09 易必祥 Medical management method and system based on big data
CN109670325A (en) * 2018-12-21 2019-04-23 北京思源互联科技有限公司 A kind of devices and methods therefor of configuration file encryption and decryption
CN109670325B (en) * 2018-12-21 2023-03-28 北京思源理想控股集团有限公司 Device and method for encrypting and decrypting configuration file
CN112769560A (en) * 2020-12-31 2021-05-07 中国农业银行股份有限公司 Key management method and related device
CN112769560B (en) * 2020-12-31 2023-03-24 中国农业银行股份有限公司 Key management method and related device
CN113468596A (en) * 2021-06-28 2021-10-01 深圳供电局有限公司 Multi-element identity authentication method and system for power grid data outsourcing calculation
CN113468596B (en) * 2021-06-28 2023-10-13 深圳供电局有限公司 Multi-element identity authentication method and system for outsourcing calculation of power grid data
CN115811625A (en) * 2021-09-14 2023-03-17 果核数位股份有限公司 Streaming media service method and system for customizing information security level
CN114793169A (en) * 2022-03-21 2022-07-26 中国信息通信研究院 Full-flow data encryption protection method for big data platform

Also Published As

Publication number Publication date
CN107948156B (en) 2021-10-22

Similar Documents

Publication Publication Date Title
CN107948156A (en) The closed key management method and system of a kind of identity-based
CN109495274B (en) Decentralized intelligent lock electronic key distribution method and system
TWI715537B (en) Encryption machine key injection system, method and device based on cloud environment
CN106341232B (en) A kind of anonymous entity discrimination method based on password
CN107359998B (en) A kind of foundation and operating method of portable intelligent password management system
CN101771699A (en) Method and system for improving SaaS application security
CN102025503B (en) Data security implementation method in cluster environment and high-security cluster
CN110572258B (en) Cloud password computing platform and computing service method
CN106789042A (en) User in IBC domains accesses the authentication key agreement method of the resource in PKI domains
EP2767029B1 (en) Secure communication
CN110519046A (en) Quantum communications service station cryptographic key negotiation method and system based on disposable asymmetric key pair and QKD
CN114036539A (en) Safety auditable Internet of things data sharing system and method based on block chain
CN106936588A (en) A kind of trustship method, the apparatus and system of hardware controls lock
CN110138548A (en) Based on unsymmetrical key pond to and DH agreement quantum communications service station cryptographic key negotiation method and system
CN113645195A (en) Ciphertext access control system and method based on CP-ABE and SM4
TWI476629B (en) Data security and security systems and methods
CN105871866B (en) A kind of password management system and method based on computer hardware information
CN1953366B (en) Password management method and system for intelligent secret key device
CN110098925A (en) Based on unsymmetrical key pond to and random number quantum communications service station cryptographic key negotiation method and system
CN103944721A (en) Method and device for protecting terminal data security on basis of web
CN107911221A (en) The key management method of solid-state disk data safety storage
US11861597B1 (en) Database encryption wallet
CN114154185A (en) Data encryption storage method based on national cryptographic algorithm
CN113972985A (en) Private cloud encryption storage method based on cloud cipher machine key management
Hammami et al. Security issues in cloud computing and associated alleviation approaches

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant