CN109981592A - Multi-client multiserver joint generates the method and electronic equipment of key - Google Patents

Multi-client multiserver joint generates the method and electronic equipment of key Download PDF

Info

Publication number
CN109981592A
CN109981592A CN201910153545.9A CN201910153545A CN109981592A CN 109981592 A CN109981592 A CN 109981592A CN 201910153545 A CN201910153545 A CN 201910153545A CN 109981592 A CN109981592 A CN 109981592A
Authority
CN
China
Prior art keywords
key
client
server
mpc
key server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910153545.9A
Other languages
Chinese (zh)
Other versions
CN109981592B (en
Inventor
颜泽
谢翔
傅志敬
孙立林
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Matrix Technology (shenzhen) Co Ltd
Original Assignee
Matrix Technology (shenzhen) Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Matrix Technology (shenzhen) Co Ltd filed Critical Matrix Technology (shenzhen) Co Ltd
Priority to CN201910153545.9A priority Critical patent/CN109981592B/en
Publication of CN109981592A publication Critical patent/CN109981592A/en
Application granted granted Critical
Publication of CN109981592B publication Critical patent/CN109981592B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Abstract

Combine the method and electronic equipment for generating key this application provides a kind of multi-client multiserver, applied to key management system, the key management system includes: N number of client and N number of key server, wherein, N is positive integer more than or equal to 2, this method comprises: N number of client and each self-generating key components of N number of key server and saving;N number of client establishes safe lane by two-way authentication with N number of key server;N number of client and N number of key server are based on respective key components by the safe lane, obtain Target Public Key.It solves the problems, such as that safety in the presence of existing key management system and flexibility are lower through the above way, has reached effective technical effect for promoting key management system safety and flexibility.

Description

Multi-client multiserver joint generates the method and electronic equipment of key
Technical field
The application belongs to field of information security technology more particularly to a kind of multi-client multiserver joint generates key Method and electronic equipment.
Background technique
Currently, typically generating key by a key server for cipher key service system, then will generate Key be distributed to key user, will definitely increase the burden of key server in this way, and because be by single cipher key service What device generated, leading to all key create-rules is all that key server itself is specified and maintenance, flexibility be not high.
For the above problem in the presence of existing cipher key system, currently no effective solution has been proposed.
Summary of the invention
The application is designed to provide the method and electronic equipment of a kind of multi-client multiserver joint generation key, can To realize the purpose of the safety and flexibility that effectively promote key management.
The application provide a kind of multi-client multiserver joint generate the method for key and electronic equipment to set be such reality Existing:
A kind of method that multi-client multiserver joint generates key, is applied to key management system, the key management System includes: N number of client and N number of key server, wherein N is the positive integer more than or equal to 2, which comprises
N number of client and each self-generating key components of N number of key server simultaneously save;
N number of client establishes safe lane by two-way authentication with N number of key server;
N number of client and N number of key server are based on respective key components by the safe lane, obtain To Target Public Key.
In one embodiment, N number of client and N number of key server are logical based on respective key components The safe lane is crossed, Target Public Key is obtained, comprising:
Select two equipment as the calculating side MPC from N number of key server and N number of client;
Each client and key clothes in N number of client and N number of key server in addition to the calculating side MPC Itself corresponding key components is split as the first sub-key and the second sub-key by business device, and passes through the safe lane for first Sub-key is sent to the first equipment in the calculating side MPC, the second equipment the second sub-key being sent in the calculating side MPC;
First equipment and second equipment are initiated MPC by the safe lane and are calculated, and it is public to obtain the target Key.
In one embodiment, respective key components are based in N number of client and N number of key server By the safe lane, after obtaining Target Public Key, further includes:
First client initiates signature request, wherein data to be signed, first visitor are carried in the signature request Family end is a client in N number of client;
Each client and key clothes in N number of client and N number of key server in addition to the calculating side MPC The key components that itself is generated are split as the first sub-key and the second sub-key by business device, and pass through the safe lane for first Sub-key is sent to the first equipment in the calculating side MPC, the second equipment the second sub-key being sent in the calculating side MPC;
First equipment and second equipment are initiated MPC by the safe lane and are calculated to the data to be signed It signs, obtains signature file;
Signature file is sent to each in addition to the calculating side MPC in N number of client and N number of key server A client and key server.
In one embodiment, respective key components are based in N number of client and N number of key server By the safe lane, after obtaining Target Public Key, further includes:
First client initiates operation requests, wherein first client is a client in N number of client End;
Each client and key clothes in N number of client and N number of key server in addition to the calculating side MPC Itself corresponding key components is split as the first sub-key and the second sub-key by business device, and passes through the safe lane for first Sub-key is sent to the first equipment in the calculating side MPC, the second equipment the second sub-key being sent in the calculating side MPC;
First equipment and second equipment initiate MPC and 2N parts of operation components are calculated, and grasp to described 2N parts It signs as component, obtains 2N parts of signature files;
By the 2N parts of operation component and the 2N parts of signature file, it is issued to N number of client and N number of close correspondingly Key server;
N number of client and N number of key server pass through the Target Public Key and are verifying the signature file received just True property saves the operation component received in the case where being verified.
In one embodiment, the operation requests include at least one of: backup request, recovery request and refreshing Request.
In one embodiment, N number of client and N number of key server are logical based on respective key components The safe lane is crossed, Target Public Key is obtained, comprising:
N number of client and N number of key server are initiated MPC and calculated, obtained described by the safe lane Target Public Key.
In one embodiment, respective key components are based in N number of client and N number of key server By the safe lane, after obtaining Target Public Key, further includes:
First client initiates signature request, wherein data to be signed and the target are carried in the signature request Public key, first client are a client in N number of client;
N number of client and N number of key server are initiated MPC by the safe lane and are calculated, to described Data to be signed carry out signature operation, obtain signature file, and verify the correct of the signature file according to the Target Public Key Property.
In one embodiment, respective key components are based in N number of client and N number of key server By the safe lane, after obtaining Target Public Key, further includes:
First client initiates operation requests, wherein first client is a client in N number of client End;
N number of client and N number of key server initiate MPC and 2N parts of operation components are calculated, and to described 2N parts of operation components are signed, and 2N parts of signature files are obtained;
By the 2N parts of operation component and the 2N parts of signature file, it is issued to N number of client and N number of close correspondingly Key server;
N number of client and N number of key server pass through the Target Public Key and are verifying the signature file received just True property saves the operation component received in the case where being verified.
In one embodiment, the operation requests include at least one of: backup request, recovery request and refreshing Request.
A kind of electronic equipment, including processor and for the memory of storage processor executable instruction, the processing The step of device realizes following method when executing described instruction:
N number of client and each self-generating key components of N number of key server simultaneously save;
N number of client establishes safe lane by two-way authentication with N number of key server;
N number of client and N number of key server are based on respective key components by the safe lane, obtain To Target Public Key.
A kind of computer readable storage medium is stored thereon with computer instruction, and it is as follows that described instruction is performed realization The step of method:
N number of client and each self-generating key components of N number of key server simultaneously save;
N number of client establishes safe lane by two-way authentication with N number of key server;
N number of client and N number of key server are based on respective key components by the safe lane, obtain To Target Public Key.
Multi-client multiserver provided by the present application joint generates the method and electronic equipment of key, multi-client and more Server is respectively locally generated the key components of itself, and exit passageway is established between client and server, is then based on this Exit passageway obtains Target Public Key, to complete the generation and management of key.Solves existing key pipe through the above way The lower problem of safety and flexibility in the presence of reason system, has reached effective promotion key management system safety and spirit Active technical effect.
Detailed description of the invention
In order to illustrate the technical solutions in the embodiments of the present application or in the prior art more clearly, to embodiment or will show below There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this The some embodiments recorded in application, for those of ordinary skill in the art, in the premise of not making the creative labor property Under, it is also possible to obtain other drawings based on these drawings.
Fig. 1 is the architecture diagram of cipher key system provided by the present application;
Fig. 2 is the flow chart for the method that multi-client multiserver joint provided by the present application generates key;
Fig. 3 is the interaction schematic diagram that the key of example 1 provided by the present application generates;
Fig. 4 is the interaction schematic diagram that the key of example 1 provided by the present application uses;
Fig. 5 is the interaction schematic diagram of the cipher key backup of example 1 provided by the present application;
Fig. 6 is the interaction schematic diagram of the key recovery of example 1 provided by the present application;
Fig. 7 is the interaction schematic diagram of the key freshness of example 1 provided by the present application;
Fig. 8 is the interaction schematic diagram that the key of example 2 provided by the present application generates;
Fig. 9 is the interaction schematic diagram that the key of example 2 provided by the present application uses;
Figure 10 is the interaction schematic diagram of the cipher key backup of example 1 provided by the present application;
Figure 11 is the interaction schematic diagram of the key recovery of example 2 provided by the present application;
Figure 12 is the interaction schematic diagram of the key freshness of example 2 provided by the present application;
Figure 13 is the structural schematic diagram of electronic equipment provided by the present application.
Specific embodiment
In order to make those skilled in the art better understand the technical solutions in the application, below in conjunction with the application reality The attached drawing in example is applied, the technical scheme in the embodiment of the application is clearly and completely described, it is clear that described implementation Example is merely a part but not all of the embodiments of the present application.Based on the embodiment in the application, this field is common The application protection all should belong in technical staff's every other embodiment obtained without creative efforts Range.
In view of it is existing be that key is unilaterally generated by single key server, cause flexibility and safety lower Problem, in this example, multi-client and multiserver are respectively locally generated the key components of itself, client and server it Between establish exit passageway, be then based on the exit passageway and obtain Target Public Key, so that the generation and management of key are completed, to reach Effective technical effect for promoting key management system safety and flexibility.
A kind of method that multi-client multiserver joint generates key is provided in this example, is applied to key management system In system, as shown in Figure 1, the key management system may include: N number of client and N number of key server, wherein N be greater than etc. In 2 integer.
Fig. 2 is the method for method one embodiment that a kind of herein described multi-client multiserver joint generates key Flow chart.Although being based on this application provides as the following examples or method operating procedure shown in the drawings or apparatus structure Routine may include more or less operating procedure or mould in the method or device without creative labor Module unit.In the step of there is no necessary causalities in logicality or structure, the execution sequences of these steps or device Modular structure is not limited to the embodiment of the present application description and execution shown in the drawings sequence or modular structure.The method or module The device in practice or end product of structure are in application, can be according to embodiment or method shown in the drawings or module knot Structure connection carry out sequence execution or parallel execution (such as the environment of parallel processor or multiple threads, or even it is distributed Processing environment).
Specifically, as shown in Fig. 2, a kind of a kind of multi-client multiserver joint generation of embodiment offer of the application is close The method of key may include step:
201:N client of step and each self-generating key components of N number of key server simultaneously save;
Wherein, above-mentioned client is key user, and including but not limited to App, application server etc., client is specific Exist in which form to select according to actual needs, and the application is not construed as limiting this.Above-mentioned key server is key Service side, for providing key related service.
That is, 1~N of client and 1~N of key server are respectively locally generated key components and save.
Step 202: N number of client establishes safe lane by two-way authentication with N number of key server;
Specifically, client and key server can pass through KYC (Know your customer confirms identity procedure) Two-way authentication is completed, and issues authentication material and completes register flow path;Wherein, confirmation identity procedure can include but is not limited to following At least one: SMS, mailbox identifying code, account number cipher, fingerprint, face, certificate etc..
Step 203: N number of client and N number of key server are based on respective key components and pass through the peace All channel obtains Target Public Key.
When realizing, N number of client and N number of key server are based on respective key components and are believed by the safety Road, obtaining Target Public Key can be through multi-party MPC (Secure Multi-Party Computation, multi-party computations) Obtain Target Public Key, that is, all key servers and client are involved in MPC calculating, can also obtain mesh by two side MPC Mark public key, that is, select two MPC participants to participate in MPC in key server and client and calculate.
The use of the key components under both MPC calculating modes is described as follows below:
1) two side MPC:
N number of client and N number of key server are based on respective key components by the safe lane, obtain target public affairs Key may include steps of:
S1: select two equipment as the calculating side MPC from N number of key server and N number of client;
Each client and key clothes in S2:N client and N number of key server in addition to the calculating side MPC Itself corresponding key components is split as the first sub-key and the second sub-key by business device, and passes through the safe lane for first Sub-key is sent to the first equipment in the calculating side MPC, the second equipment the second sub-key being sent in the calculating side MPC;
S3: the first equipment and second equipment are initiated MPC by the safe lane and are calculated, and it is public to obtain the target Key.
Such as: key server 1,2 pass through safe lane initiate MPC calculate: by key components SK1, SK2, (SK3~ 2n) -1, (SK3~2n) -2 calculates private key SK, and calculates public key PK by private key SK, and return to client after PK is saved End and key server.Because whole process is that complete MPC is calculated, actually there is no really generated private key SK (either in calculating process or in use process), SK1~2n do not occur (not existing in calculating interactive process Network layer transport SK1~2n is for calculating).
Respective key components, which are based on, in N number of client and N number of key server passes through the safe lane, After obtaining Target Public Key, it can be signed in accordance with the following steps using key components:
S1: the first client initiates signature request, wherein carry data to be signed in the signature request, described the One client is a client in N number of client;
S2: each client in N number of client and N number of key server in addition to the calculating side MPC and close The key components that itself is generated are split as the first sub-key and the second sub-key by key server, and passing through the safe lane will First sub-key is sent to the first equipment in the calculating side MPC, and second that the second sub-key is sent in the calculating side MPC sets It is standby;
S3: the first equipment and second equipment are initiated MPC by the safe lane and are calculated to the data to be signed It signs, obtains signature file;
S4: signature file is sent in N number of client and N number of key server in addition to the calculating side MPC Each client and key server.
After obtaining Target Public Key and key components, also needs to back up key components sometimes, restore, refresh Operation, specifically, backup, recovery and the refreshing to key components can be realized in accordance with the following steps:
S1: the first client initiates operation requests, wherein first client is one in N number of client Client;
Each client and key clothes in S2:N client and N number of key server in addition to the calculating side MPC Itself corresponding key components is split as the first sub-key and the second sub-key by business device, and passes through the safe lane for first Sub-key is sent to the first equipment in the calculating side MPC, the second equipment the second sub-key being sent in the calculating side MPC;
S3: the first equipment and second equipment initiate MPC and 2N parts of operation components are calculated, and operate to described 2N parts Component is signed, and 2N parts of signature files are obtained;
S4: by the 2N parts of operation component and the 2N parts of signature file, it is issued to N number of client and N correspondingly A key server;
S5:N client and N number of key server pass through the correct of the signature file that Target Public Key verifying receives Property, in the case where being verified, save the operation component received.
That is, aforesaid operations request can include but is not limited at least one of: backup request, recovery request and refreshing are asked It asks.
2) multi-party MPC:
N number of client and N number of key server are based on respective key components by the safe lane, obtain target public affairs Key may include being: N number of client and N number of key server are initiated MPC and are calculated, obtain the mesh by the safe lane Mark public key.
Such as: client and key server are authenticated by authentication material and establish safe lane, are initiated MPC and are calculated: passing through Key components SK1~2n calculates private key SK, and calculates public key PK by private key SK.And public key is returned into client and key Server saves respectively.Because whole process is that complete MPC is calculated, actually there is no really generated private key SK (either in calculating process or in use process), SK1~2n do not occur (not existing in calculating interactive process Network layer transport SK1~2n is for calculating).
Respective key components, which are based on, in N number of client and N number of key server passes through the safe lane, After obtaining Target Public Key, it can be signed in accordance with the following steps using key components:
S1: the first client initiates signature request, wherein data to be signed and the mesh are carried in the signature request Public key is marked, first client is a client in N number of client;
S2:N client and N number of key server are initiated MPC by the safe lane and are calculated, with to it is described to Signed data carries out signature operation, obtains signature file, and the correctness of the signature file is verified according to the Target Public Key.
After obtaining Target Public Key and key components, also needs to back up key components sometimes, restore, refresh Operation, specifically, backup, recovery and the refreshing to key components can be realized in accordance with the following steps:
S1: the first client initiates operation requests, wherein first client is one in N number of client Client;Aforesaid operations request can include but is not limited at least one of: backup request, recovery request and refresh requests.
S2:N client and N number of key server initiate MPC and 2N parts of operation components are calculated, and to the 2N Part operation component is signed, and 2N parts of signature files are obtained;
S3: by the 2N parts of operation component and the 2N parts of signature file, it is issued to N number of client and N correspondingly A key server;
S4:N client and N number of key server pass through the correct of the signature file that Target Public Key verifying receives Property, in the case where being verified, save the operation component received.
The above method is illustrated below with reference to several specific examples, it should be noted, however, that the specific embodiment Merely to the application is better described, do not constitute an undue limitation on the present application.
A kind of key management for generating and taking care of by multiple server-sides based on secure two party computation is provided in this example Method applies the key generation in key management system, use, storage, backup, recovery, refreshing etc. to operate.Specifically, different Client and key server independently generate key components, finally generate public key using two side MPC, are used by two side MPC more A client and multiple key server calculate the signatures.
Specifically, being based on the scene, key generation, use, storage, backup, recovery, refreshing can be held as follows Row:
1) it generates
As shown in figure 3, may include steps of:
S1: client 1 generates component SKn+1 and saves;
S2: client and key server issue authentication material and complete register flow path by KYC completion two-way authentication, Client 1 initiates key and generates request;
S3: 2~n of client is locally generated key components SK2~2n with 1~n of key server respectively and saves;
S4: server-side randomly chooses two clients or key server as the calculating side MPC, it is assumed that selection cipher key service Device 1 and key server 2 are used as the calculating side MPC;
S5: 1~n of the client safe lane established with 1~n of key server by two-way authentication, SK3 is split into SK3-1 is transmitted to key server 1 by SK3-1, SK3-2, SK3-2 is transmitted to key server 2;And so on, SK2n is split into (SK2n) (SK2n) -1 is transmitted to key server 1 by -1, (SK2n) -2, (SK2n) -2 is transmitted to key server 2;
S6: key server 1,2 pass through safe lane initiate MPC calculate: by key components SK1, SK2, (SK3~ 2n) -1, (SK3~2n) -2 calculates private key SK, and calculates public key PK by private key SK, and return to client after PK is saved End and key server.Because whole process is that complete MPC is calculated, actually there is no really generated private key SK (either in calculating process or in use process), SK1~2n do not occur (not existing in calculating interactive process Network layer transport SK1~2n is for calculating).
2) it uses
As shown in figure 4, may include steps of:
S1: client 1 initiates signature request, and provides public key PK as unique identification and data to be signed;
S2: server-side randomly chooses two clients or key server as the calculating side MPC, it is assumed that selection cipher key service Device 1 and key server 2 are used as the calculating side MPC;
S3: 1~n of client completes two-way authentication by KYC with 1~n of key server and establishes safe lane, then, SK3 is split into SK3-1, SK3-2, SK3-1 is transmitted to key server 1, SK3-2 is transmitted to key server 2;And so on, SK2n splits into (SK2n) -1, (SK2n) -2, (SK2n) -1 is transmitted to key server 1, (SK2n) -2 is transmitted to key server 2;
S4: key server 1,2 pass through safe lane initiate MPC calculate: by key components SK1, SK2, (SK3~ 2n) -1, (SK3~2n) -2 calculates private key SK, and is signed by private key SK to data to be signed.And signature is returned to Client and key server.Because whole process is that complete MPC is calculated, actually there is no really raw by private key SK At (either in calculating process or in use process) is crossed, SK1~2n does not occur (not having in calculating interactive process Have in network layer transport SK1~2n for calculating).
3) it stores
Key or key components can be saved through but not limited to one of following form:
Database: key or key components are saved by database, wherein key or key components can be with encrypting storings;
Key file: key or key components are saved by export key file form, wherein key or key components can With encrypting storing;
HSM: key or key components are saved by hardware security module, wherein key or key components can encrypt guarantor It deposits;
Mnemonic word: key key components living are generated into a series of mnemonic words by conversion and are saved;
Two dimensional code: corresponding two dimensional code is generated by key or key components and is saved, wherein key or key components can With encrypting storing.
4) it backs up
As shown in figure 5, may include steps of:
S1: client 1 initiates backup request;
S2: server-side randomly chooses two clients or key server as the calculating side MPC, it is assumed that selection cipher key service Device 1 and key server 2 are used as the calculating side MPC;
S3: 1~n of client, 1~n of key server completes two-way authentication by KYC and establishes safe lane, then, will SK3 splits into SK3-1, SK3-2, SK3-1 is transmitted to key server 1, SK3-2 is transmitted to key server 2;And so on, SK2n splits into (SK2n) -1, (SK2n) -2, (SK2n) -1 is transmitted to key server 1, (SK2n) -2 is transmitted to key server 2;
S4: key server 1,2 pass through safe lane initiate MPC calculate: by key components SK1, SK2, (SK3~ 2n) -1, (SK3~2n) -2 calculates private key SK, and carries out secret sharing by private key SK and generate new backup component SK1~2n`, and new SK1~2n` is signed.SK1`~SK2n` and its signature are handed down to corresponding key clothes respectively Business device and client.Because whole process is that complete MPC is calculated, actually there is no really generated (no private key SK Pipe is in calculating process or in use process), SK1~2n does not occur in calculating interactive process (i.e. not in network Layer transmission SK1~2n is for calculating);
S5: client, key server are after receiving relevant information, the backup that is received by the signature verification received The correctness of component saves the backup component received if being verified.
5) restore
As shown in fig. 6, may include steps of:
S1: client 1 obtains backup component by backup mode, initiates recovery request;
S2: server-side randomly chooses two clients or server as the calculating side MPC, it is assumed that selection key server 1 The calculating side MPC is used as with key server 2;
S3: 1~n of client, 1~n of key server completes two-way authentication by KYC and establishes safe lane, then will Backup component SK3` splits into SK3`-1, SK3`-2, SK3`-1 is transmitted to key server 1, SK3`-2 is transmitted to key server 2;And so on, SK2n` splits into (SK2n`) -1, (SK2n`) -2, and (SK2n`) -1 is transmitted to key server 1, (SK2n`) - 2 are transmitted to key server 2;
S4: key server 1,2 pass through safe lane initiate MPC calculate: by backup component SK1`, SK2`, (SK3~ 2n`) -1, (SK3~2n`) -2 calculates private key SK, and by private key SK carry out secret sharing generate new SK1~ 2n.And new SK1~2n is signed.SK1~SK2n and its signature are handed down to corresponding client and cipher key service respectively Device.Because whole process is that complete MPC is calculated, actually there is no really generated (either to calculate by private key SK In Cheng Zhong or use process), SK1~2n` does not occur in calculating interactive process (i.e. not in network layer transport SK1 ~2n` is for calculating);
S5: client and key server are received new after receiving relevant information by the signature verification received The correctness of key components.If being verified, it is updated the new key component for saving and receiving.
6) refresh
As shown in fig. 7, may include steps of:
S1: client 1 initiates key freshness request;
S2: server-side randomly chooses two clients or server as the calculating side MPC, it is assumed that selection key server 1 The calculating side MPC is used as with key server 2;
S3: 1~n of client, 1~n of key server completes two-way authentication by KYC and establishes safe lane, then, will SK3 splits into SK3-1, SK3-2, SK3-1 is transmitted to key server 1, SK3-2 is transmitted to key server 2;And so on, SK2n splits into (SK2n) -1, (SK2n) -2, (SK2n) -1 is transmitted to key server 1, (SK2n`) -2 is transmitted to key server 2;
S4: key server 1,2 is initiated MPC by safe lane and is calculated: passing through SK1, SK2, (SK3~2n) -1, (SK3 ~2n) -2 calculate private key SK, and secret sharing is carried out by private key SK and generates new SK1~2n.And by new SK1 ~2n signs.SK1~SK2n and its signature are handed down to corresponding client and key server respectively.Because of entire mistake Journey is that complete MPC is calculated, and therefore, actually there is no really generated (either in calculating process, or to use by private key SK In the process), SK1~2n does not occur in calculating interactive process (i.e. not in network layer transport SK1~2n for calculating);
S5: client and key server are received close after receiving relevant information by the signature verification received The correctness of key component.If being verified, to updating and save the key components received.
Example 2
A kind of key management for generating and taking care of by multiple server-sides based on multi-party computations is provided in this example Method applies the key generation in key management system, use, storage, backup, recovery, refreshing etc. to operate.Specifically, multiple Client and multiple cipher key service ends generate private key component by MPC acquisition public key respectively, by MPC multiple client with it is multiple Key server calculate the signature carries out MPC by private key component and calculates point for refreshing multiple client with multiple key servers Amount.
Specifically, being based on the scene, key generation, use, storage, backup, recovery, refreshing can be held as follows Row:
1) it generates
As shown in figure 8, may include steps of:
S1: client 1 generates component SKn+1 and saves;
S2: client and key server issue authentication material and complete register flow path by KYC completion two-way authentication, Client 1 initiates key and generates request;
S3: after client receives key generation request with key server, generating key components respectively, such as: key clothes Be engaged in the generation key components SK1 of device 1, and key server 2 generates key components SK2;And so on, key server n generates key Component SKn.Client 2 generates key classification SKn+2;And so on, client n generates key components SK2n;
S4: client and key server are authenticated by authentication material and establish safe lane, are initiated MPC and are calculated: by close Key component SK1~2n calculates private key SK, and calculates public key PK by private key SK.And public key is returned into client and key clothes Business device, saves respectively.Because whole process is that complete MPC is calculated, actually there is no really generated private key SK (either in calculating process or in use process), SK1~2n do not occur (not existing in calculating interactive process Network layer transport SK1~2n is for calculating).
2) it uses
As shown in figure 9, may include steps of:
S1: client 1 initiates signature request, and provides public key PK as unique identification and data to be signed;
S2: two-way authentication is completed by KYC between client and key server and establishes safe lane;
S3: client and key server are initiated MPC by safe lane and are calculated: carrying out signature behaviour to data to be signed Make, and the correctness signed by PK public key verifications.
3) it stores
Key or key components can be saved through but not limited to one of following form:
Database: key or key components are saved by database, wherein key or key components can be with encrypting storings;
Key file: key or key components are saved by export key file form, wherein key or key components can With encrypting storing;
HSM: key or key components are saved by hardware security module, wherein key or key components can encrypt guarantor It deposits;
Mnemonic word: key key components living are generated into a series of mnemonic words by conversion and are saved;
Two dimensional code: corresponding two dimensional code is generated by key or key components and is saved, wherein key or key components can With encrypting storing.
4) it backs up
As shown in Figure 10, it may include steps of:
S1: client 1 initiates backup keys request;
S2: establishing safe lane by KYC between client and key server, initiates MPC and calculates: private key SK is generated, and Backup keys component SK1`~SK2n` is generated by secret sharing algorithm, SK1`~SK2n` is signed using SK Name generates signature S1`~S2n`.Signature and backup keys component are handed down to different key servers respectively, such as: it issues SK1`, S1` are to key server 1;SK2`, S2` are issued to key server 2;And so on, SKn`, Sn` are issued to key clothes Be engaged in device n.Signature and backup keys component are handed down to different clients respectively, such as: SKn+1`, Sn+1` are issued to client End 1;SKn+2`, Sn+2` are issued to client 2;And so on, SK2n`, S2n` are issued to client n.Because whole process is Complete MPC is calculated, and therefore, actually there is no really generated (either in calculating process or use process by private key SK In);
S3: each client verifies the effective of the signature received with the public key PK that key server stores before Property, if effectively, saving the backup keys component received.
5) restore
As shown in figure 11, it may include steps of:
S1: client 1 obtains backup component by backup mode and initiates recovery request;
S2: two-way authentication is completed by KYC between client and key server and establishes safe lane, passes through backup mode Backup keys are obtained, whether correct MPC calculating verifying backup component is carried out: calculating private key SK, public key PK is generated by SK, if PK It is identical as PK is saved, then it is verified.If generating SK1~SK2n by verifying by secret sharing algorithm, using SK signs to SK1~SK2n, generates signature S1~S2n.SK1~SK2n and signature S1~S2n are handed down to difference respectively Client and key server, such as: issue SK1, S1 to key server 1;SK2, S2 are issued to key server 2;With This analogizes, and issues SKn, Sn to key server n, issues SKn+1, Sn+1 to client 1;SKn+2, Sn+2 are issued to client 2;And so on, SK2n, S2n are issued to client n.Because whole process is that complete MPC is calculated, private key SK is practical It is upper that there is no really generated (either in calculating process or in use process).
S3: the validity of the public key PK verifying signature of each key server and the client storage before, if effectively, It then updates and saves key components.
6) refresh
As shown in figure 12, it may include steps of:
S1: client 1 initiates refresh keys request;
S2: completing two-way authentication by KYC between client and key server and establishes safe lane, initiates MPC meter Calculate: generating private key SK, and generate new work component SK1~SK2n by secret sharing algorithm, using SK to SK1~ SK2n signs, and generates signature S1~S2n.Signature is handed down to different key server and client respectively, such as: under SK1, S1 are sent out to key server 1;SK2, S2 are issued to key server 2;And so on, SKn, Sn are issued to key server N issues SKn+1, Sn+1 to client 1;SKn+2, Sn+2 are issued to client 2;And so on, SK2n, S2n are issued to client Hold n.Because whole process is that complete MPC is calculated, actually there is no really generated (either to calculate by private key SK In the process or in use process);
S3: the validity for the public key PK verifying signature that each key server, client store before, if effectively, It then updates and saves key components, that is, save new work component.
Embodiment of the method provided by the above embodiments of the present application can be in mobile terminal, terminal or similar It is executed in arithmetic unit.For running on an electronic device, Figure 13 is that a kind of multi-client of the embodiment of the present invention services more Device joint generates the hardware block diagram of the electronic equipment of the method for key.As shown in figure 13, terminal 10 may include (processor 102 can include but is not limited to Micro-processor MCV or can one or more (one is only shown in figure) processors 102 The processing unit of programmed logic device FPGA etc.), memory 104 for storing data and the transmission for communication function Module 106.It will appreciated by the skilled person that structure shown in Figure 13 is only to illustrate, above-mentioned electronics is not filled The structure set causes to limit.For example, electronic equipment 10 may also include more perhaps less component or tool than shown in Figure 13 There is the configuration different from shown in Figure 13.
Memory 104 can be used for storing the software program and module of application software, such as the mostly visitor in the embodiment of the present invention Multiserver joint in family end generates the corresponding program instruction/module of method of key, and processor 102 is stored in storage by operation Software program and module in device 104 realize above-mentioned application journey thereby executing various function application and data processing The method that the multi-client multiserver joint of sequence generates key.Memory 104 may include high speed random access memory, may also include Nonvolatile memory, such as one or more magnetic storage device, flash memory or other non-volatile solid state memories.? In some examples, memory 104 can further comprise the memory remotely located relative to processor 102, these long-range storages Device can pass through network connection to terminal 10.The example of above-mentioned network include but is not limited to internet, intranet, Local area network, mobile radio communication and combinations thereof.
Transmission module 106 is used to that data to be received or sent via a network.Above-mentioned network specific example may include The wireless network that the communication providers of terminal 10 provide.In an example, transmission module 106 includes that a network is suitable Orchestration (Network Interface Controller, NIC), can be connected by base station with other network equipments so as to Internet is communicated.In an example, transmission module 106 can be radio frequency (Radio Frequency, RF) module, For wirelessly being communicated with internet.
It is close that embodiments herein also provides the multi-client multiserver joint generation that can be realized in above-described embodiment The specific embodiment of a kind of electronic equipment of Overall Steps in the method for key, the electronic equipment specifically include following content: Processor (processor), memory (memory), communication interface (Communications Interface) and bus;Its In, the processor, memory, communication interface complete mutual communication by the bus;The processor is for calling Computer program in the memory, the processor are realized mostly objective in above-described embodiment when executing the computer program Multiserver joint in family end generates the Overall Steps in the method for key, for example, the processor executes the computer program Shi Shixian following step:
1:N client of step and each self-generating key components of N number of key server simultaneously save;
2:N client of step establishes safe lane by two-way authentication with N number of key server;
3:N client of step and N number of key server are based on respective key components and pass through the safe lane, Obtain Target Public Key.
As can be seen from the above description, the embodiment of the present application multi-client multiserver joint generates the method for key and electronics is set Standby, multi-client and multiserver are respectively locally generated the key components of itself, and safety is established between client and server Channel is then based on the exit passageway and obtains Target Public Key, to complete the generation and management of key.It solves through the above way The lower problem of safety and flexibility in the presence of existing key management system, has reached effective promotion key management The technical effect of security of system and flexibility.
It is close that embodiments herein also provides the multi-client multiserver joint generation that can be realized in above-described embodiment A kind of computer readable storage medium of Overall Steps in the method for key is stored with calculating on the computer readable storage medium Machine program, which realizes that the joint of the multi-client multiserver in above-described embodiment generates when being executed by processor close The Overall Steps of the method for key, for example, the processor realizes following step when executing the computer program:
1:N client of step and each self-generating key components of N number of key server simultaneously save;
2:N client of step establishes safe lane by two-way authentication with N number of key server;
3:N client of step and N number of key server are based on respective key components and pass through the safe lane, Obtain Target Public Key.
As can be seen from the above description, the embodiment of the present application multi-client multiserver joint generates the method for key and electronics is set Standby, multi-client and multiserver are respectively locally generated the key components of itself, and safety is established between client and server Channel is then based on the exit passageway and obtains Target Public Key, to complete the generation and management of key.It solves through the above way The lower problem of safety and flexibility in the presence of existing key management system, has reached effective promotion key management The technical effect of security of system and flexibility.
All the embodiments in this specification are described in a progressive manner, same and similar portion between each embodiment Dividing may refer to each other, and each embodiment focuses on the differences from other embodiments.Especially for hardware+ For program class embodiment, since it is substantially similar to the method embodiment, so being described relatively simple, related place is referring to side The part of method embodiment illustrates.
It is above-mentioned that this specification specific embodiment is described.Other embodiments are in the scope of the appended claims It is interior.In some cases, the movement recorded in detail in the claims or step can be come according to the sequence being different from embodiment It executes and desired result still may be implemented.In addition, process depicted in the drawing not necessarily require show it is specific suitable Sequence or consecutive order are just able to achieve desired result.In some embodiments, multitasking and parallel processing be also can With or may be advantageous.
Although this application provides the method operating procedure as described in embodiment or flow chart, based on conventional or noninvasive The labour for the property made may include more or less operating procedure.The step of enumerating in embodiment sequence is only numerous steps One of execution sequence mode, does not represent and unique executes sequence.It, can when device or client production in practice executes To execute or parallel execute (such as at parallel processor or multithreading according to embodiment or method shown in the drawings sequence The environment of reason).
System, device, module or the unit that above-described embodiment illustrates can specifically realize by computer chip or entity, Or it is realized by the product with certain function.It is a kind of typically to realize that equipment is computer.Specifically, computer for example may be used Think personal computer, laptop computer, vehicle-mounted human-computer interaction device, cellular phone, camera phone, smart phone, individual Digital assistants, media player, navigation equipment, electronic mail equipment, game console, tablet computer, wearable device or The combination of any equipment in these equipment of person.
Although this specification embodiment provides the method operating procedure as described in embodiment or flow chart, based on conventional It may include either more or less operating procedure without creative means.The step of being enumerated in embodiment sequence be only One of numerous step execution sequence mode does not represent and unique executes sequence.Device or end product in practice is held When row, can be executed according to embodiment or method shown in the drawings sequence or it is parallel execute (such as parallel processor or The environment of multiple threads, even distributed data processing environment).The terms "include", "comprise" or its any other change Body is intended to non-exclusive inclusion, so that process, method, product or equipment including a series of elements are not only wrapped Those elements are included, but also including other elements that are not explicitly listed, or further includes for this process, method, product Or the element that equipment is intrinsic.In the absence of more restrictions, being not precluded is including process, the side of the element There is also other identical or equivalent elements in method, product or equipment.
For convenience of description, it is divided into various modules when description apparatus above with function to describe respectively.Certainly, implementing this The function of each module can be realized in the same or multiple software and or hardware when specification embodiment, it can also be by reality Show the module of same function by the combination realization etc. of multiple submodule or subelement.Installation practice described above is only Schematically, for example, the division of the unit, only a kind of logical function partition, can there is other draw in actual implementation The mode of dividing, such as multiple units or components can be combined or can be integrated into another system, or some features can be ignored, Or it does not execute.Another point, shown or discussed mutual coupling, direct-coupling or communication connection can be by one The indirect coupling or communication connection of a little interfaces, device or unit can be electrical property, mechanical or other forms.
It is also known in the art that other than realizing controller in a manner of pure computer readable program code, it is complete Entirely can by by method and step carry out programming in logic come so that controller with logic gate, switch, specific integrated circuit, programmable Logic controller realizes identical function with the form for being embedded in microcontroller etc..Therefore this controller is considered one kind Hardware component, and the structure that the device for realizing various functions that its inside includes can also be considered as in hardware component.Or Person even, can will be considered as realizing the device of various functions either the software module of implementation method can be hardware again Structure in component.
The present invention be referring to according to the method for the embodiment of the present invention, the process of equipment (system) and computer program product Figure and/or block diagram describe.It should be understood that every one stream in flowchart and/or the block diagram can be realized by computer program instructions The combination of process and/or box in journey and/or box and flowchart and/or the block diagram.It can provide these computer programs Instruct the processor of general purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices to produce A raw machine, so that being generated by the instruction that computer or the processor of other programmable data processing devices execute for real The device for the function of being specified in present one or more flows of the flowchart and/or one or more blocks of the block diagram.
These computer program instructions, which may also be stored in, is able to guide computer or other programmable data processing devices with spy Determine in the computer-readable memory that mode works, so that it includes referring to that instruction stored in the computer readable memory, which generates, Enable the manufacture of device, the command device realize in one box of one or more flows of the flowchart and/or block diagram or The function of being specified in multiple boxes.
These computer program instructions also can be loaded onto a computer or other programmable data processing device, so that counting Series of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, thus in computer or The instruction executed on other programmable devices is provided for realizing in one or more flows of the flowchart and/or block diagram one The step of function of being specified in a box or multiple boxes.
In a typical configuration, calculating equipment includes one or more processors (CPU), input/output interface, net Network interface and memory.
Memory may include the non-volatile memory in computer-readable medium, random access memory (RAM) and/or The forms such as Nonvolatile memory, such as read-only memory (ROM) or flash memory (flash RAM).Memory is computer-readable medium Example.
Computer-readable medium includes permanent and non-permanent, removable and non-removable media can be by any method Or technology come realize information store.Information can be computer readable instructions, data structure, the module of program or other data. The example of the storage medium of computer includes, but are not limited to phase change memory (PRAM), static random access memory (SRAM), moves State random access memory (DRAM), other kinds of random access memory (RAM), read-only memory (ROM), electric erasable Programmable read only memory (EEPROM), flash memory or other memory techniques, read-only disc read only memory (CD-ROM) (CD-ROM), Digital versatile disc (DVD) or other optical storage, magnetic cassettes, tape magnetic disk storage or other magnetic storage devices Or any other non-transmission medium, can be used for storage can be accessed by a computing device information.As defined in this article, it calculates Machine readable medium does not include temporary computer readable media (transitory media), such as the data-signal and carrier wave of modulation.
It will be understood by those skilled in the art that the embodiment of this specification can provide as the production of method, system or computer program Product.Therefore, in terms of this specification embodiment can be used complete hardware embodiment, complete software embodiment or combine software and hardware Embodiment form.Moreover, it wherein includes computer available programs that this specification embodiment, which can be used in one or more, Implement in the computer-usable storage medium (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.) of code The form of computer program product.
This specification embodiment can describe in the general context of computer-executable instructions executed by a computer, Such as program module.Generally, program module includes routines performing specific tasks or implementing specific abstract data types, journey Sequence, object, component, data structure etc..This specification embodiment can also be practiced in a distributed computing environment, in these points Cloth calculates in environment, by executing task by the connected remote processing devices of communication network.In distributed computing ring In border, program module can be located in the local and remote computer storage media including storage equipment.
All the embodiments in this specification are described in a progressive manner, same and similar portion between each embodiment Dividing may refer to each other, and each embodiment focuses on the differences from other embodiments.Especially for system reality For applying example, since it is substantially similar to the method embodiment, so being described relatively simple, related place is referring to embodiment of the method Part explanation.In the description of this specification, reference term " one embodiment ", " some embodiments ", " example ", The description of " specific example " or " some examples " etc. means specific features described in conjunction with this embodiment or example, structure, material Or feature is contained at least one embodiment or example of this specification embodiment.In the present specification, to above-mentioned term Schematic representation be necessarily directed to identical embodiment or example.Moreover, description specific features, structure, material or Person's feature may be combined in any suitable manner in any one or more of the embodiments or examples.In addition, in not conflicting feelings Under condition, those skilled in the art by different embodiments or examples described in this specification and different embodiment or can show The feature of example is combined.
The foregoing is merely the embodiments of this specification embodiment, are not limited to this specification embodiment.It is right For those skilled in the art, this specification embodiment can have various modifications and variations.It is all in this specification embodiment Any modification, equivalent replacement, improvement and so within spirit and principle, the right that should be included in this specification embodiment are wanted Within the scope of asking.

Claims (11)

1. a kind of method that multi-client multiserver joint generates key, is applied to key management system, the key management system System includes: N number of client and N number of key server, wherein N is the positive integer more than or equal to 2, which is characterized in that the method Include:
N number of client and each self-generating key components of N number of key server simultaneously save;
N number of client establishes safe lane by two-way authentication with N number of key server;
N number of client and N number of key server are based on respective key components by the safe lane, obtain mesh Mark public key.
2. the method according to claim 1, wherein N number of client is based on N number of key server Respective key components obtain Target Public Key by the safe lane, comprising:
Select two equipment as the calculating side MPC from N number of key server and N number of client;
Each client and key server in N number of client and N number of key server in addition to the calculating side MPC Itself corresponding key components is split as the first sub-key and the second sub-key, and by the safe lane that the first son is close Key is sent to the first equipment in the calculating side MPC, the second equipment the second sub-key being sent in the calculating side MPC;
First equipment and second equipment are initiated MPC by the safe lane and are calculated, and the Target Public Key is obtained.
3. according to the method described in claim 2, it is characterized in that, in N number of client and N number of key server base In respective key components by the safe lane, after obtaining Target Public Key, further includes:
First client initiates signature request, wherein data to be signed, first client are carried in the signature request For a client in N number of client;
Each client and key server in N number of client and N number of key server in addition to the calculating side MPC The key components that itself is generated are split as the first sub-key and the second sub-key, and by the safe lane that the first son is close Key is sent to the first equipment in the calculating side MPC, the second equipment the second sub-key being sent in the calculating side MPC;
First equipment and second equipment are initiated MPC by the safe lane and are calculated to data to be signed progress Signature, obtains signature file;
Signature file is sent to each visitor in N number of client and N number of key server in addition to the calculating side MPC Family end and key server.
4. according to the method described in claim 2, it is characterized in that, in N number of client and N number of key server base In respective key components by the safe lane, after obtaining Target Public Key, further includes:
First client initiates operation requests, wherein first client is a client in N number of client;
Each client and key server in N number of client and N number of key server in addition to the calculating side MPC Itself corresponding key components is split as the first sub-key and the second sub-key, and by the safe lane that the first son is close Key is sent to the first equipment in the calculating side MPC, the second equipment the second sub-key being sent in the calculating side MPC;
First equipment and second equipment initiate MPC and 2N parts of operation components are calculated, and to described 2N parts operation point Amount is signed, and 2N parts of signature files are obtained;
By the 2N parts of operation component and the 2N parts of signature file, it is issued to N number of client and N number of key clothes correspondingly Business device;
The correctness for the signature file that N number of client and N number of key server are received by Target Public Key verifying, In the case where being verified, the operation component received is saved.
5. according to the method described in claim 4, it is characterized in that, the operation requests include at least one of: backup is asked It asks, recovery request and refresh requests.
6. the method according to claim 1, wherein N number of client is based on N number of key server Respective key components obtain Target Public Key by the safe lane, comprising:
N number of client and N number of key server are initiated MPC and are calculated, obtain the target by the safe lane Public key.
7. according to the method described in claim 6, it is characterized in that, in N number of client and N number of key server base In respective key components by the safe lane, after obtaining Target Public Key, further includes:
First client initiates signature request, wherein data to be signed and the Target Public Key are carried in the signature request, First client is a client in N number of client;
N number of client and N number of key server are initiated MPC by the safe lane and are calculated, with to described wait sign Name data carry out signature operation, obtain signature file, and the correctness of the signature file is verified according to the Target Public Key.
8. according to the method described in claim 6, it is characterized in that, in N number of client and N number of key server base In respective key components by the safe lane, after obtaining Target Public Key, further includes:
First client initiates operation requests, wherein first client is a client in N number of client;
N number of client and N number of key server initiate MPC and 2N parts of operation components are calculated, and to 2N parts described Operation component is signed, and 2N parts of signature files are obtained;
By the 2N parts of operation component and the 2N parts of signature file, it is issued to N number of client and N number of key clothes correspondingly Business device;
The correctness for the signature file that N number of client and N number of key server are received by Target Public Key verifying, In the case where being verified, the operation component received is saved.
9. according to the method described in claim 8, it is characterized in that, the operation requests include at least one of: backup is asked It asks, recovery request and refresh requests.
10. a kind of electronic equipment, including processor and for the memory of storage processor executable instruction, the processor It is realized when executing described instruction: the step of any one of claims 1 to 9 the method.
11. a kind of computer readable storage medium is stored thereon with computer instruction, described instruction, which is performed, realizes that right is wanted The step of seeking any one of 1 to 9 the method.
CN201910153545.9A 2019-02-28 2019-02-28 Method and electronic equipment for generating key by combining multiple clients and multiple servers Active CN109981592B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910153545.9A CN109981592B (en) 2019-02-28 2019-02-28 Method and electronic equipment for generating key by combining multiple clients and multiple servers

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910153545.9A CN109981592B (en) 2019-02-28 2019-02-28 Method and electronic equipment for generating key by combining multiple clients and multiple servers

Publications (2)

Publication Number Publication Date
CN109981592A true CN109981592A (en) 2019-07-05
CN109981592B CN109981592B (en) 2021-07-16

Family

ID=67077649

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910153545.9A Active CN109981592B (en) 2019-02-28 2019-02-28 Method and electronic equipment for generating key by combining multiple clients and multiple servers

Country Status (1)

Country Link
CN (1) CN109981592B (en)

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9449177B1 (en) * 2013-03-13 2016-09-20 Hrl Laboratories, Llc General protocol for proactively secure computation
CN107017993A (en) * 2017-04-01 2017-08-04 北京江南天安科技有限公司 A kind of multi-party joint key is produced and digital signature method and system
CN107171796A (en) * 2017-06-27 2017-09-15 济南浪潮高新科技投资发展有限公司 A kind of many KMC key recovery methods
CN108199835A (en) * 2018-01-19 2018-06-22 北京江南天安科技有限公司 A kind of multi-party joint private key decryption method and system
CN109241016A (en) * 2018-08-14 2019-01-18 阿里巴巴集团控股有限公司 Secure calculation method and device, electronic equipment
CN109274503A (en) * 2018-11-05 2019-01-25 北京仁信证科技有限公司 Distributed collaboration endorsement method and distributed collaboration signature apparatus, soft shield system
CN109309569A (en) * 2018-09-29 2019-02-05 北京信安世纪科技股份有限公司 The method, apparatus and storage medium of collaboration signature based on SM2 algorithm
CN109359470A (en) * 2018-08-14 2019-02-19 阿里巴巴集团控股有限公司 Secure calculation method and device, electronic equipment
CN109388960A (en) * 2018-10-24 2019-02-26 全链通有限公司 Information sharing and multi-party computations model based on block chain

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9449177B1 (en) * 2013-03-13 2016-09-20 Hrl Laboratories, Llc General protocol for proactively secure computation
CN107017993A (en) * 2017-04-01 2017-08-04 北京江南天安科技有限公司 A kind of multi-party joint key is produced and digital signature method and system
CN107171796A (en) * 2017-06-27 2017-09-15 济南浪潮高新科技投资发展有限公司 A kind of many KMC key recovery methods
CN108199835A (en) * 2018-01-19 2018-06-22 北京江南天安科技有限公司 A kind of multi-party joint private key decryption method and system
CN109241016A (en) * 2018-08-14 2019-01-18 阿里巴巴集团控股有限公司 Secure calculation method and device, electronic equipment
CN109359470A (en) * 2018-08-14 2019-02-19 阿里巴巴集团控股有限公司 Secure calculation method and device, electronic equipment
CN109309569A (en) * 2018-09-29 2019-02-05 北京信安世纪科技股份有限公司 The method, apparatus and storage medium of collaboration signature based on SM2 algorithm
CN109388960A (en) * 2018-10-24 2019-02-26 全链通有限公司 Information sharing and multi-party computations model based on block chain
CN109274503A (en) * 2018-11-05 2019-01-25 北京仁信证科技有限公司 Distributed collaboration endorsement method and distributed collaboration signature apparatus, soft shield system

Also Published As

Publication number Publication date
CN109981592B (en) 2021-07-16

Similar Documents

Publication Publication Date Title
CN109714165A (en) The key management method and electronic equipment of each self-generating key components of client
CN107392040B (en) A kind of method and device of common recognition verifying
CN107257340B (en) A kind of authentication method, authentication data processing method and equipment based on block chain
CN108600272A (en) A kind of block chain data processing method, device, processing equipment and system
CN108737403A (en) A kind of block chain data processing method, device, processing equipment and system
CN108647968A (en) A kind of block chain data processing method, device, processing equipment and system
CN110278078B (en) Data processing method, device and system
CN108632045A (en) A kind of block chain data processing method, device, processing equipment and system
CN109787762A (en) Key management method, the electronic equipment of each self-generating key components of server
CN109617699A (en) A kind of key generation method, block chain network service platform and storage medium
CN109583886A (en) Method of commerce, device and remittance abroad method, apparatus based on block chain
CN107395557A (en) A kind of processing method and processing device of service request
CN108076049A (en) The system of backpack body
EP3232634A1 (en) Identity authentication method and device
CN110197082A (en) Data processing method, data processing equipment and computer system
CN109886687A (en) A kind of result verification method and system for realizing multi-party computations based on block chain
CN109993530A (en) A kind of virtual resource management method, device and electronic equipment
CN105847000A (en) Token generation method and communication system based on same
CN109474927A (en) Information interacting method, home network, user terminal and information interaction system
CN109818754A (en) Client is method, the equipment that multiple client and single server generate key
CN110278255A (en) A kind of method and device of the Internet of Things IOT communication between devices based on block chain
CN108833133A (en) Network configuration management method, apparatus and storage medium based on system for cloud computing
CN109818753A (en) Selecting a client is the method and apparatus that multi-client multiserver generates key
CN109981591A (en) Single client generates key management method, the electronic equipment of private key
CN112052954A (en) Gradient lifting tree modeling method and device and terminal

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
REG Reference to a national code

Ref country code: HK

Ref legal event code: DE

Ref document number: 40010244

Country of ref document: HK

GR01 Patent grant
GR01 Patent grant