CN109756333A - key management system - Google Patents
key management system Download PDFInfo
- Publication number
- CN109756333A CN109756333A CN201910220635.5A CN201910220635A CN109756333A CN 109756333 A CN109756333 A CN 109756333A CN 201910220635 A CN201910220635 A CN 201910220635A CN 109756333 A CN109756333 A CN 109756333A
- Authority
- CN
- China
- Prior art keywords
- key
- management module
- key management
- cipher
- algorithm
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses key management systems, it is characterised in that it includes providing the data cipher of highest key, the calculation server for providing decryption cryptographic calculation basis, the database server for storing key and its related data, the Platform Server for providing system service, being deployed on Platform Server for providing the cipher key management services system of cipher key service to intelligent terminal and application system;The data cipher, calculation server, database server are connected with the cipher key management services system respectively, and the Platform Server is equipped with the interface being connected for cipher key management services system with intelligent terminal and application system;The present invention provides the cipher key management services of system perfecting to intelligent terminal and application system, provides comprehensive encipherment protection to information, it is ensured that the safety of information is not revealed.
Description
Technical field
The present invention relates to a kind of information security management technical fields, specifically, being to be related to a kind of key management system.
Background technique
With the continuous development of information technology, bring efficiently, information sharing while, also giving information security
Many problems are brought, the information security on network gradually becomes to be even more important.Especially in intelligent terminal, application system, finance
In industry, the as low as account password of user, personal information, greatly to important business informations such as financial statement, research and development data, once letter
Breath leaks and will all cause serious consequence.Simultaneously because the IT application of enterprises is increasing, dependence of the enterprise for IT
Reinforce, this results in the channel of information leakage also to increase significantly, and security risk is ubiquitous.Then, for being used for important information
The technical need transmitted safely gradually increase.
Currently, coping with the traditional mode of this problem is mainly utilized in application system level or operating system kernel layer to data
Implement encipherment protection, i.e., all devices are all in its password of local management in system, and application program is by reading local configuration text
Part, or the operating system password of respective host is obtained by accessing the password saved in database, and password is in configuration text
It is saved in the form of plaintext in part or code.In this process, most important problem is the safety management of key, is related to close
Key generation, key updating etc., traditional key management not only low efficiency, and also it is cumbersome, in the encipherment protection side to information
Face is also not comprehensive enough.
Summary of the invention
The purpose of the present invention is to provide a kind of key management systems, provide system perfecting to intelligent terminal and application system
Cipher key management services, give information to provide comprehensive encipherment protection.
To achieve the above object, The technical solution adopted by the invention is as follows:
Key management system, including providing the data cipher of highest key, providing the operation on decryption cryptographic calculation basis
Server, the Platform Server for providing system service, is deployed in the database server for storing key and its related data
For providing the cipher key management services system of cipher key service to intelligent terminal and application system on Platform Server;The data are close
Ink recorder, calculation server, database server are connected with the cipher key management services system respectively, and the Platform Server is equipped with
The interface being connected for cipher key management services system with intelligent terminal and application system;
The cipher key management services system includes the key management module for generating, updating, applying for key, for managing
The intelligent terminal of the interface and the peripheral system management module of application system have been accessed, key management system is used to provide the described
Administrator, operator, auditor's rights management and its personal information management attendant's management module;
The key management module respectively with the database server, the data cipher, the calculation server
It is connected;Attendant's management module is connected with the database server;
The peripheral system management module is connected with the key management module, key management module system administration to the periphery
Module provides information cryptographic services;
Its realization process includes the following steps:
(1) attendant's management module of cipher key management services system distributes initial administrator's account and password, then by
Administrator's dispensing operator in attendant's management module carries out the key in key management module by operator corresponding
Configuration update, and administrator's account information, operator's account information are stored in database server;
(2) intelligent terminal and application system access the interface, by administrator in peripheral system management module to its into
The typing and management of row information, intelligent terminal and application message are stored in database server;
(3) key management module is bright to the secondary encryption of intelligent terminal and application system offer account password of access, information
Text transmission encryption, code keyboard cryptographic services, calculation server provide its Encryption Algorithm operation;And association key is stored in number
According in the server of library, the unified update of association key is carried out by operator, generates management;And to can to association key carry out again
The highest key storage of encryption is in data cipher;
Further, the key management module includes that public key and its private key for encrypting in information transmission generate, more
Newly, increased unsymmetrical key management module, the encryption of generation, the update of the transmission key for being encrypted in plaintext encrypted transmission
Transmission key management module, MAC KEY and the PIN KEY in the secondary encryption of account password for intelligent terminal and application system
The working key management module for generating, updating, the code keyboard key management mould for generating, updating to code keyboard key
Block.
Further, the peripheral system management module includes organization management module and mobile application management module.
Further, Encryption Algorithm includes RSA Algorithm and SM2 algorithm in the unsymmetrical key management module.
Further, the encrypted transmission key management module Encryption Algorithm include DES algorithm, 3DES_128 algorithm,
3DES_192 algorithm, SM4 algorithm.
Further, the Encryption Algorithm of the working key of the working key management module includes DES algorithm, 3DES_128
Algorithm, 3DES_192 algorithm, SM4 algorithm.
Further, the operator includes for the system configuration personnel of system configuration and for the daily O&M of system
Operation maintenance personnel, the cipher key management services system only allow a system configuration personnel to operate online.
Compared with prior art, the invention has the following advantages:
(1) present invention passes through the unsymmetrical key management module in key management module, transmission key management module, work
Key management module and code keyboard key management module solve the cryptography issue to information, pass through a variety of keys and encryption
Mode provides safety guarantee to information in intelligent terminal and application system.
(2) present invention is encrypted by the way that data cipher is arranged to key again, and encryption key is arranged in data
On cipher machine hardware, hardware encryption can prevent the leakage of key, and then protect information security.
(3) present invention setting database server to key, attendant and intelligent terminal and application system information into
Gone unified management and storage, convenient for relevant information increasing, the operational administratives such as delete, change.
(4) present invention provides operating basis guarantee to Encryption Algorithm by setting calculation server, while shortening fortune
Evaluation time is conducive to the timely transmission of information, provides preferably experience service to intelligent terminal and application system.
Detailed description of the invention
Fig. 1 is overall structure diagram of the invention.
Specific embodiment
The invention will be further described with embodiment for explanation with reference to the accompanying drawing, and mode of the invention includes but not only limits
In following embodiment.
Embodiment
As shown in Figure 1, key management system disclosed by the invention, including providing the data cipher of highest key, providing
Calculation server, the database server for storing key and its related data, offer system on cryptographic calculation basis are provided
The Platform Server of service is deployed on Platform Server for providing the key of cipher key service to intelligent terminal and application system
Management service system;The data cipher, calculation server, database server respectively with the cipher key management services system
It is connected, the Platform Server is equipped with the interface being connected for cipher key management services system with intelligent terminal and application system;
The cipher key management services system includes the key management module for generating, updating, applying for key, for managing
The intelligent terminal of the interface and the peripheral system management module of application system have been accessed, key management system is used to provide the described
Administrator, operator, auditor's rights management and its personal information management attendant's management module;
The key management module respectively with the database server, the data cipher, the calculation server
It is connected;Attendant's management module is connected with the database server;
The peripheral system management module is connected with the key management module, key management module system administration to the periphery
Module provides information cryptographic services;
The key management module includes that the public key and its private key for encrypting in information transmission are generated, updated, increased
Unsymmetrical key management module, the encrypted transmission key of generation, the update of the transmission key for being encrypted in plaintext encrypted transmission
Management module, MAC KEY and the PIN KEY in the secondary encryption of account password for intelligent terminal and application system are generated, more
New working key management module, the code keyboard key management module for generating, updating to code keyboard key.
The peripheral system management module includes organization management module and mobile application management module.
Encryption Algorithm includes RSA Algorithm and SM2 algorithm in the unsymmetrical key management module.
The encrypted transmission key management module Encryption Algorithm includes DES algorithm, 3DES_128 algorithm, 3DES_192 calculation
Method, SM4 algorithm.
The Encryption Algorithm of the working key of the working key management module include DES algorithm, 3DES_128 algorithm,
3DES_192 algorithm, SM4 algorithm.
The operator includes the system configuration personnel for system configuration and the operation maintenance personnel for the daily O&M of system,
The cipher key management services system only allows a system configuration personnel to operate online.
Its realization process includes the following steps:
(1) attendant's management module of cipher key management services system distributes initial administrator's account and password, then by
Administrator's dispensing operator in attendant's management module carries out the key in key management module by operator corresponding
Configuration update, and administrator's account information, operator's account information are stored in database server;
(2) intelligent terminal and application system access the interface, by administrator in peripheral system management module to its into
The typing and management of row information, intelligent terminal and application message are stored in database server;
(3) key management module is bright to the secondary encryption of intelligent terminal and application system offer account password of access, information
Text transmission encryption, code keyboard cryptographic services, calculation server provide its Encryption Algorithm operation;And association key is stored in number
According in the server of library, the unified update of association key is carried out by operator, generates management;And to can to association key carry out again
The highest key storage of encryption is in data cipher;
The present invention provides the cipher key management services of system perfecting by above-mentioned design, to intelligent terminal and application system,
Comprehensive encipherment protection is provided to information.
Above-described embodiment is only one of the preferred embodiment of the present invention, should not be taken to limit protection model of the invention
It encloses, as long as that in body design thought of the invention and mentally makes has no the change of essential meaning or polishing, is solved
The technical issues of it is still consistent with the present invention, should all be included within protection scope of the present invention.
Claims (7)
1. key management system, which is characterized in that including providing the data cipher of highest key, providing decryption cryptographic calculation base
The calculation server of plinth, provides the platform service of system service at the database server for storing key and its related data
Device is deployed on Platform Server for providing the cipher key management services system of cipher key service to intelligent terminal and application system;
The data cipher, calculation server, database server are connected with the cipher key management services system respectively, the platform
Server is equipped with the interface being connected for cipher key management services system with intelligent terminal and application system;
The cipher key management services system includes the key management module for generating, updating, applying for key, for managing access
The intelligent terminal of the interface and the peripheral system management module of application system, are used to provide the described the pipe of key management system
Reason person, operator, auditor's rights management and its personal information management attendant's management module;
The key management module is connected with the database server, the data cipher, the calculation server respectively;
Attendant's management module is connected with the database server;
The peripheral system management module is connected with the key management module, key management module system management module to the periphery
Information cryptographic services are provided;
Its realization process includes the following steps:
(1) attendant's management module of cipher key management services system distributes initial administrator's account and password, then by managing
Member's dispensing operator in attendant's management module, matches the key in key management module by operator accordingly
Update is set, and administrator's account information, operator's account information are stored in database server;
(2) intelligent terminal and application system access the interface, carry out letter to it in peripheral system management module by administrator
The typing and management of breath, intelligent terminal and application message are stored in database server;
(3) key management module provides the secondary encryption of account password to the intelligent terminal and application system of access, information passes in plain text
Defeated encryption, code keyboard cryptographic services, calculation server provide its Encryption Algorithm operation;And association key is stored in database
In server, the unified update of association key is carried out by operator, generates management;And it is re-encrypted most to association key progress
High key is stored in data cipher.
2. cipher key management services system according to claim 1, which is characterized in that the key management module includes being used for
The public key and its private key encrypted in information transmission is generated, is updated, increased unsymmetrical key management module, is passed for encrypting in plain text
The encrypted transmission key management module of generation, the update of the transmission key of defeated middle encryption, for intelligent terminal and application system
The working key management module that MAC KEY and PIN KEY in the secondary encryption of account password is generated, updated, for cryptographic key
The code keyboard key management module that disk key is generated, updated.
3. cipher key management services system according to claim 1, which is characterized in that the peripheral system management module includes
Organization management module and mobile application management module.
4. patent name according to claim 2, which is characterized in that Encryption Algorithm in the unsymmetrical key management module
Including RSA Algorithm and SM2 algorithm.
5. cipher key management services system according to claim 2, which is characterized in that the encrypted transmission key management module
Encryption Algorithm includes DES algorithm, 3DES_128 algorithm, 3DES_192 algorithm, SM4 algorithm.
6. cipher key management services system according to claim 2, which is characterized in that the work of the working key management module
The Encryption Algorithm for making key includes DES algorithm, 3DES_128 algorithm, 3DES_192 algorithm, SM4 algorithm.
7. cipher key management services system according to claim 1, which is characterized in that the operator includes matching for system
The system configuration personnel set and the operation maintenance personnel for the daily O&M of system, the cipher key management services system only allow one and are
It is under unified central planning to set personnel and operate online.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811415368 | 2018-11-26 | ||
| CN2018114153689 | 2018-11-26 |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109756333A true CN109756333A (en) | 2019-05-14 |
Family
ID=66409210
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910220635.5A Pending CN109756333A (en) | 2018-11-26 | 2019-03-22 | key management system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109756333A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110351082A (en) * | 2019-07-12 | 2019-10-18 | 上海瀚银信息技术有限公司 | A kind of key management system |
| CN114614985A (en) * | 2022-05-12 | 2022-06-10 | 施维智能计量系统服务(长沙)有限公司 | Communication key updating method, key server and readable storage medium |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2006082298A1 (en) * | 2005-02-03 | 2006-08-10 | France Telecom | Implementing a remote cryptographic operation of a public key infrastructure (pki) |
| CN101631020A (en) * | 2008-07-16 | 2010-01-20 | 上海方立数码科技有限公司 | Identity authentication system combining fingerprint identification and PKI system |
| US20120022707A1 (en) * | 2003-08-08 | 2012-01-26 | Electric Power Group, Llc | Wide-area, real-time monitoring and visualization system |
| CN105260884A (en) * | 2015-11-18 | 2016-01-20 | 北京微智全景信息技术有限公司 | POS machine key distributing method and device |
| CN105656621A (en) * | 2014-11-12 | 2016-06-08 | 江苏威盾网络科技有限公司 | Safety management method for cryptographic device |
| CN107147728A (en) * | 2017-05-31 | 2017-09-08 | 莫倩 | A kind of management method of object storage system multi-tenant |
-
2019
- 2019-03-22 CN CN201910220635.5A patent/CN109756333A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20120022707A1 (en) * | 2003-08-08 | 2012-01-26 | Electric Power Group, Llc | Wide-area, real-time monitoring and visualization system |
| WO2006082298A1 (en) * | 2005-02-03 | 2006-08-10 | France Telecom | Implementing a remote cryptographic operation of a public key infrastructure (pki) |
| CN101631020A (en) * | 2008-07-16 | 2010-01-20 | 上海方立数码科技有限公司 | Identity authentication system combining fingerprint identification and PKI system |
| CN105656621A (en) * | 2014-11-12 | 2016-06-08 | 江苏威盾网络科技有限公司 | Safety management method for cryptographic device |
| CN105260884A (en) * | 2015-11-18 | 2016-01-20 | 北京微智全景信息技术有限公司 | POS machine key distributing method and device |
| CN107147728A (en) * | 2017-05-31 | 2017-09-08 | 莫倩 | A kind of management method of object storage system multi-tenant |
Non-Patent Citations (1)
| Title |
|---|
| 黄利繁: "密码安全服务平台研究", 《中国优秀硕士学位论文全文数据库》 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110351082A (en) * | 2019-07-12 | 2019-10-18 | 上海瀚银信息技术有限公司 | A kind of key management system |
| CN114614985A (en) * | 2022-05-12 | 2022-06-10 | 施维智能计量系统服务(长沙)有限公司 | Communication key updating method, key server and readable storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106330868B (en) | A kind of high speed network encryption storage key management system and method | |
| CN102402664B (en) | Data access control device and data access control method | |
| CN101593389B (en) | Key management method and key management system for POS terminal | |
| CN102236766B (en) | Security data item level database encryption system | |
| CN105656864B (en) | Key management system and management method based on TCM | |
| WO2018182890A1 (en) | Method and system for protecting data keys in trusted computing | |
| CN107347058A (en) | Data ciphering method, data decryption method, apparatus and system | |
| CN103378971B (en) | A kind of data encryption system and method | |
| CN102508792B (en) | Method for realizing secure access of data in hard disk | |
| CN109936580A (en) | Password management services platform towards intelligent terminal and application system | |
| CN103618705A (en) | Personal code managing tool and method under open cloud platform | |
| CN103107994A (en) | Vitualization environment data security partition method and system | |
| CN106656490B (en) | Quantum whiteboard data storage method | |
| CN102752109A (en) | Secret key management method and device for encrypting data base column | |
| CN103560892A (en) | Secret key generation method and secret key generation device | |
| CN206611427U (en) | A kind of key storage management system based on trust computing device | |
| CN105761066A (en) | Bank card password protection method and system | |
| CN202455386U (en) | Safety system for cloud storage | |
| CN110138548A (en) | Based on unsymmetrical key pond to and DH agreement quantum communications service station cryptographic key negotiation method and system | |
| CN111666558B (en) | Key rotation method, device, computer equipment and storage medium | |
| CN109756333A (en) | key management system | |
| CN102752112B (en) | Based on authority control method and the device of SM1/SM2 algorithm | |
| CN102945339A (en) | Data protection system for computer | |
| CN107733936A (en) | A kind of encryption method of mobile data | |
| CN1953366A (en) | Password management method and system for intelligent secret key device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20210615 Address after: Room 10701-7941, 7th floor, Ruiji building, 15 Gaoxin 2nd Road, Zhangba Street office, Gaoxin District, Xi'an City, Shaanxi Province, 710000 Applicant after: XI'AN DEAN INFORMATION TECHNOLOGY Co.,Ltd. Address before: Unit 22101, building 2, Huixin ibc1, No.1 zhangbayi Road, high tech Zone, Xi'an City, Shaanxi Province, 710000 Applicant before: XI'AN DEAN INFORMATION TECHNOLOGY Co.,Ltd. Applicant before: SHAANXI YOUAN XINCHENG INFORMATION TECHNOLOGY Co.,Ltd. |
|
| TA01 | Transfer of patent application right | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190514 |
|
| RJ01 | Rejection of invention patent application after publication |