Key management system
Technical field
The present invention relates to a kind of information security management technical fields, specifically, being to be related to a kind of key management system.
Background technique
With the continuous development of information technology, bring efficiently, information sharing while, also giving information security
Many problems are brought, the information security on network gradually becomes to be even more important.Especially in intelligent terminal, application system, finance
In industry, the as low as account password of user, personal information, greatly to important business informations such as financial statement, research and development data, once letter
Breath leaks and will all cause serious consequence.Simultaneously because the IT application of enterprises is increasing, dependence of the enterprise for IT
Reinforce, this results in the channel of information leakage also to increase significantly, and security risk is ubiquitous.Then, for being used for important information
The technical need transmitted safely gradually increase.
Currently, coping with the traditional mode of this problem is mainly utilized in application system level or operating system kernel layer to data
Implement encipherment protection, i.e., all devices are all in its password of local management in system, and application program is by reading local configuration text
Part, or the operating system password of respective host is obtained by accessing the password saved in database, and password is in configuration text
It is saved in the form of plaintext in part or code.In this process, most important problem is the safety management of key, is related to close
Key generation, key updating etc., traditional key management not only low efficiency, and also it is cumbersome, in the encipherment protection side to information
Face is also not comprehensive enough.
Summary of the invention
The purpose of the present invention is to provide a kind of key management systems, provide system perfecting to intelligent terminal and application system
Cipher key management services, give information to provide comprehensive encipherment protection.
To achieve the above object, The technical solution adopted by the invention is as follows:
Key management system, including providing the data cipher of highest key, providing the operation on decryption cryptographic calculation basis
Server, the Platform Server for providing system service, is deployed in the database server for storing key and its related data
For providing the cipher key management services system of cipher key service to intelligent terminal and application system on Platform Server;The data are close
Ink recorder, calculation server, database server are connected with the cipher key management services system respectively, and the Platform Server is equipped with
The interface being connected for cipher key management services system with intelligent terminal and application system;
The cipher key management services system includes the key management module for generating, updating, applying for key, for managing
The intelligent terminal of the interface and the peripheral system management module of application system have been accessed, key management system is used to provide the described
Administrator, operator, auditor's rights management and its personal information management attendant's management module;
The key management module respectively with the database server, the data cipher, the calculation server
It is connected;Attendant's management module is connected with the database server;
The peripheral system management module is connected with the key management module, key management module system administration to the periphery
Module provides information cryptographic services;
Its realization process includes the following steps:
(1) attendant's management module of cipher key management services system distributes initial administrator's account and password, then by
Administrator's dispensing operator in attendant's management module carries out the key in key management module by operator corresponding
Configuration update, and administrator's account information, operator's account information are stored in database server;
(2) intelligent terminal and application system access the interface, by administrator in peripheral system management module to its into
The typing and management of row information, intelligent terminal and application message are stored in database server;
(3) key management module is bright to the secondary encryption of intelligent terminal and application system offer account password of access, information
Text transmission encryption, code keyboard cryptographic services, calculation server provide its Encryption Algorithm operation;And association key is stored in number
According in the server of library, the unified update of association key is carried out by operator, generates management;And to can to association key carry out again
The highest key storage of encryption is in data cipher;
Further, the key management module includes that public key and its private key for encrypting in information transmission generate, more
Newly, increased unsymmetrical key management module, the encryption of generation, the update of the transmission key for being encrypted in plaintext encrypted transmission
Transmission key management module, MAC KEY and the PIN KEY in the secondary encryption of account password for intelligent terminal and application system
The working key management module for generating, updating, the code keyboard key management mould for generating, updating to code keyboard key
Block.
Further, the peripheral system management module includes organization management module and mobile application management module.
Further, Encryption Algorithm includes RSA Algorithm and SM2 algorithm in the unsymmetrical key management module.
Further, the encrypted transmission key management module Encryption Algorithm include DES algorithm, 3DES_128 algorithm,
3DES_192 algorithm, SM4 algorithm.
Further, the Encryption Algorithm of the working key of the working key management module includes DES algorithm, 3DES_128
Algorithm, 3DES_192 algorithm, SM4 algorithm.
Further, the operator includes for the system configuration personnel of system configuration and for the daily O&M of system
Operation maintenance personnel, the cipher key management services system only allow a system configuration personnel to operate online.
Compared with prior art, the invention has the following advantages:
(1) present invention passes through the unsymmetrical key management module in key management module, transmission key management module, work
Key management module and code keyboard key management module solve the cryptography issue to information, pass through a variety of keys and encryption
Mode provides safety guarantee to information in intelligent terminal and application system.
(2) present invention is encrypted by the way that data cipher is arranged to key again, and encryption key is arranged in data
On cipher machine hardware, hardware encryption can prevent the leakage of key, and then protect information security.
(3) present invention setting database server to key, attendant and intelligent terminal and application system information into
Gone unified management and storage, convenient for relevant information increasing, the operational administratives such as delete, change.
(4) present invention provides operating basis guarantee to Encryption Algorithm by setting calculation server, while shortening fortune
Evaluation time is conducive to the timely transmission of information, provides preferably experience service to intelligent terminal and application system.
Detailed description of the invention
Fig. 1 is overall structure diagram of the invention.
Specific embodiment
The invention will be further described with embodiment for explanation with reference to the accompanying drawing, and mode of the invention includes but not only limits
In following embodiment.
Embodiment
As shown in Figure 1, key management system disclosed by the invention, including providing the data cipher of highest key, providing
Calculation server, the database server for storing key and its related data, offer system on cryptographic calculation basis are provided
The Platform Server of service is deployed on Platform Server for providing the key of cipher key service to intelligent terminal and application system
Management service system;The data cipher, calculation server, database server respectively with the cipher key management services system
It is connected, the Platform Server is equipped with the interface being connected for cipher key management services system with intelligent terminal and application system;
The cipher key management services system includes the key management module for generating, updating, applying for key, for managing
The intelligent terminal of the interface and the peripheral system management module of application system have been accessed, key management system is used to provide the described
Administrator, operator, auditor's rights management and its personal information management attendant's management module;
The key management module respectively with the database server, the data cipher, the calculation server
It is connected;Attendant's management module is connected with the database server;
The peripheral system management module is connected with the key management module, key management module system administration to the periphery
Module provides information cryptographic services;
The key management module includes that the public key and its private key for encrypting in information transmission are generated, updated, increased
Unsymmetrical key management module, the encrypted transmission key of generation, the update of the transmission key for being encrypted in plaintext encrypted transmission
Management module, MAC KEY and the PIN KEY in the secondary encryption of account password for intelligent terminal and application system are generated, more
New working key management module, the code keyboard key management module for generating, updating to code keyboard key.
The peripheral system management module includes organization management module and mobile application management module.
Encryption Algorithm includes RSA Algorithm and SM2 algorithm in the unsymmetrical key management module.
The encrypted transmission key management module Encryption Algorithm includes DES algorithm, 3DES_128 algorithm, 3DES_192 calculation
Method, SM4 algorithm.
The Encryption Algorithm of the working key of the working key management module include DES algorithm, 3DES_128 algorithm,
3DES_192 algorithm, SM4 algorithm.
The operator includes the system configuration personnel for system configuration and the operation maintenance personnel for the daily O&M of system,
The cipher key management services system only allows a system configuration personnel to operate online.
Its realization process includes the following steps:
(1) attendant's management module of cipher key management services system distributes initial administrator's account and password, then by
Administrator's dispensing operator in attendant's management module carries out the key in key management module by operator corresponding
Configuration update, and administrator's account information, operator's account information are stored in database server;
(2) intelligent terminal and application system access the interface, by administrator in peripheral system management module to its into
The typing and management of row information, intelligent terminal and application message are stored in database server;
(3) key management module is bright to the secondary encryption of intelligent terminal and application system offer account password of access, information
Text transmission encryption, code keyboard cryptographic services, calculation server provide its Encryption Algorithm operation;And association key is stored in number
According in the server of library, the unified update of association key is carried out by operator, generates management;And to can to association key carry out again
The highest key storage of encryption is in data cipher;
The present invention provides the cipher key management services of system perfecting by above-mentioned design, to intelligent terminal and application system,
Comprehensive encipherment protection is provided to information.
Above-described embodiment is only one of the preferred embodiment of the present invention, should not be taken to limit protection model of the invention
It encloses, as long as that in body design thought of the invention and mentally makes has no the change of essential meaning or polishing, is solved
The technical issues of it is still consistent with the present invention, should all be included within protection scope of the present invention.