CN110969431A - Safe trusteeship method, equipment and system of block chain digital currency private key - Google Patents
Safe trusteeship method, equipment and system of block chain digital currency private key Download PDFInfo
- Publication number
- CN110969431A CN110969431A CN201911178082.8A CN201911178082A CN110969431A CN 110969431 A CN110969431 A CN 110969431A CN 201911178082 A CN201911178082 A CN 201911178082A CN 110969431 A CN110969431 A CN 110969431A
- Authority
- CN
- China
- Prior art keywords
- private key
- key
- ciphertext
- user
- service node
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 36
- 239000012634 fragment Substances 0.000 claims abstract description 58
- 230000001343 mnemonic effect Effects 0.000 claims abstract description 17
- 238000012795 verification Methods 0.000 claims description 3
- 239000003795 chemical substances by application Substances 0.000 description 17
- 238000010586 diagram Methods 0.000 description 6
- 238000012545 processing Methods 0.000 description 6
- 230000006870 function Effects 0.000 description 4
- 238000004891 communication Methods 0.000 description 3
- 238000013500 data storage Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000011160 research Methods 0.000 description 2
- 230000009466 transformation Effects 0.000 description 2
- 238000003491 array Methods 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000009795 derivation Methods 0.000 description 1
- 238000013467 fragmentation Methods 0.000 description 1
- 238000006062 fragmentation reaction Methods 0.000 description 1
- 230000014509 gene expression Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 230000014759 maintenance of location Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000011084 recovery Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3829—Payment protocols; Details thereof insuring higher security of transaction involving key management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
Landscapes
- Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Computer Security & Cryptography (AREA)
- Accounting & Taxation (AREA)
- Physics & Mathematics (AREA)
- Strategic Management (AREA)
- Finance (AREA)
- General Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The application provides a safe trusteeship method, equipment and system for a block chain digital currency private key, wherein the method comprises the following steps: dividing a private key into at least two fragments, and respectively sending the fragments to different service nodes, wherein the private key can be generated from mnemonics; generating a symmetric encryption key under the cooperation of the service node; receiving a ciphertext from the service node, and verifying the ciphertext, wherein the ciphertext is generated by the service node encrypting the private key fragment with the symmetric encryption key; signing the ciphertext with the private key; and sending the signature and a public key corresponding to the private key to the service node. By utilizing the characteristics of the block chain, the method can improve the robustness of the security trusteeship of the private key.
Description
Technical Field
The invention relates to the field of information security, in particular to a safe trusteeship method, equipment and system for a block chain digital currency private key.
Background
Key escrow, also known as key recovery, is a technique that enables acquisition of decryption information in an emergency. The method is used for storing the backup of the private key of the user, can help departments such as national judicial or security and the like to acquire original plaintext information when necessary, and can also recover the plaintext under the condition that the user loses or damages the private key of the user.
The key escrow may employ a secret sharing scheme to divide into several shards and save these shards in the escrow server. However, this key escrow scheme suffers from the problem of the integrity of the escrowed private key fragment.
The blockchain is a novel application mode of computer technologies such as distributed data storage, point-to-point transmission, a consensus mechanism and an encryption algorithm. The blockchain originates from bitcoin and is a string of data blocks associated by using a cryptographic method, wherein each data block contains information of a corresponding bitcoin network transaction and is used for verifying the validity of the data and generating a next block.
The blockchain system has important characteristics of decentralization, openness, independence, safety, anonymity and the like, has potential huge application value in the financial fields of international exchange, credit certificates, stock right registration, stock exchange and the like, and can be combined with the fields of internet of things and logistics. In recent years, research and application of the blockchain become hot, and China takes the blockchain as an important breakthrough for independent innovation of core technology.
Each user of the blockchain has a public-private key pair of a public key cryptosystem from which a short string, referred to as an address in the blockchain, can be derived unidirectionally. The address itself is anonymous, but all transactions are transparent, so all transactions associated with an address can be queried. When the user sends the transaction information, the user signs the transaction information by using the private key of the user, and broadcasts the transaction information and the obtained signature together. When verifying the signature, a billing node in the blockchain verifies whether the address of the user initiating the transaction can be derived from the public key of the user.
As described in BIP 32(Bitcoin Improvement suggestions), each address of the block chain corresponds to a series of mnemonics that are convenient for people to remember, and a private key corresponding to the address can be derived from the mnemonics, that is, the confidentiality of the mnemonics should be equal to that of the private key. However, the length of the mnemonics is too large, and the user often has multiple addresses, and memorizing multiple mnemonics is a great challenge. Therefore, people usually save mnemonics and addresses somewhere, but often the condition of incomplete saving or lost or damaged backup happens. Due to the decentralized characteristic of the block chain, no node can store the private key of the user, and the loss of the private key is equivalent to the loss of the digital currency in the address, so that great economic loss is brought to the user.
With the research on the blockchain, a scheme of adopting the blockchain to escrow the key is proposed. For example, a blockchain key escrow scheme based on a multi-party secure computing base is proposed in patent application CN 108418680A. However, in this scheme, there are problems of encryption key retention and ciphertext integrity, regardless of whether a public key encryption algorithm or a symmetric encryption algorithm is employed. If the ciphertext is tampered or damaged, the user cannot recover the private key, and economic loss is caused.
Disclosure of Invention
The invention mainly aims to provide a method, equipment and a system for safely trusteeling a private key of a block chain digital currency, which can improve the robustness of safely trusteeing the private key.
According to an aspect of the present disclosure, there is provided a method of securely escrowing a private key, the method comprising: dividing a private key into at least two fragments, and respectively sending the fragments to different service nodes, wherein the private key can be generated from mnemonics; generating a symmetric encryption key under the cooperation of the service node; receiving a ciphertext from the service node, and verifying the ciphertext, wherein the ciphertext is generated by the service node encrypting the private key fragment with the symmetric encryption key; signing the ciphertext with the private key; and sending the signature and a public key corresponding to the private key to the service node.
Further, the method further comprises obtaining a ciphertext, a signature and a public key corresponding to the private key fragment from a part or all of the service nodes; verifying the signature and the public key; recovering the symmetric encryption key under the cooperation of the service node; decrypting the ciphertext by using the symmetric encryption key to obtain the private key fragment; and recovering the private key based on a part or all of the private key fragments.
Further, the method further comprises generating the symmetric encryption key based on biometric information or token information; wherein the biometric information comprises fingerprint, palm print or iris information; and the token information comprises characteristic information of a particular user equipment. According to another aspect of the present disclosure, there is provided a method of securely escrowing a private key, the method comprising: receiving a private key fragment from a user; generating a symmetric encryption key in cooperation with the user; encrypting the private key fragments by using the symmetric encryption key, and sending the generated ciphertext to the user; and storing the signature and the public key received from the user, wherein the signature is generated by the user signing the ciphertext by using a private key.
Further, the method also includes generating a random number and generating the symmetric encryption key in cooperation with the user using the random number.
According to another aspect of the present disclosure, there is provided a user equipment including: a processor; and a memory storing instructions that, when executed by the processor, cause the processor to perform the steps of: dividing a private key into at least two fragments, and respectively sending the fragments to different service nodes, wherein the private key can be generated from mnemonics; generating a symmetric encryption key under the cooperation of the service node; receiving a ciphertext from the service node, and verifying the ciphertext, wherein the ciphertext is generated by the service node encrypting the private key fragment with the symmetric encryption key; signing the ciphertext with the private key; and sending the signature and a public key corresponding to the private key to the service node.
Further, the memory further contains instructions that, when executed by the processor, cause the processor to further perform the steps of: obtaining a ciphertext, a signature and a public key corresponding to the private key fragment from a part or all of the service nodes; verifying the signature and the public key; recovering the symmetric encryption key under the cooperation of the service node; decrypting the ciphertext by using the symmetric encryption key to obtain the private key fragment; and recovering the private key based on a part or all of the private key fragments.
According to another aspect of the present disclosure, there is provided an apparatus for secure escrow of a private key, the apparatus comprising: a processor; and a memory storing instructions that, when executed by the processor, cause the processor to perform the steps of: receiving a private key fragment from a user; generating a symmetric encryption key in cooperation with the user; encrypting the private key fragments by using the symmetric encryption key, and sending the generated ciphertext to the user; and storing the signature and the public key received from the user, wherein the signature is generated by the user signing the ciphertext by using a private key.
Further, the memory further contains instructions that, when executed by the processor, cause the processor to further perform the steps of: a random number is generated and the symmetric encryption key is generated in cooperation with the user using the random number.
According to another aspect of the present disclosure, there is provided a system for secure escrow of private keys, the system comprising a user device and a number of service nodes, wherein: the user equipment divides a private key into at least two fragments and respectively sends the fragments to the service nodes, wherein the private key can be generated from mnemonics; the user equipment and the service node cooperate to generate a symmetric encryption key; the service node encrypts the private key fragment by using the symmetric encryption key and sends the private key fragment to the user equipment; the user equipment receives a ciphertext from the service node and verifies the ciphertext; when the verification is passed, the user equipment signs the ciphertext through the private key; the user equipment sends the signature and a public key corresponding to the private key to the service node; and the service node saves the received signature and the public key.
Drawings
Fig. 1 shows a flow diagram of a method of escrowing a key according to an embodiment of the application.
Fig. 2 shows a flow diagram of a method of recovering a key according to an embodiment of the application.
Fig. 3 shows a block diagram of a security escrow system according to an embodiment of the application.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application.
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. The following description of at least one exemplary embodiment is merely illustrative in nature and is in no way intended to limit the invention, its application, or uses. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It is noted that the terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of example embodiments according to the present application. As used herein, the singular forms "a", "an" and "the" are intended to include the plural forms as well, and it should be understood that when the terms "comprises" and/or "comprising" are used in this specification, they specify the presence of stated features, steps, operations, devices, components, and/or combinations thereof, unless the context clearly indicates otherwise.
The relative arrangement of the components and steps, the numerical expressions and numerical values set forth in these embodiments do not limit the scope of the present invention unless specifically stated otherwise. Meanwhile, it should be understood that the sizes of the respective portions shown in the drawings are not drawn in an actual proportional relationship for the convenience of description. Techniques, methods, and apparatus known to those of ordinary skill in the relevant art may not be discussed in detail but are intended to be part of the specification where appropriate. In all examples shown and discussed herein, any particular value should be construed as merely illustrative, and not limiting. Thus, other examples of the exemplary embodiments may have different values. It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, further discussion thereof is not required in subsequent figures.
Fig. 1 shows a flow diagram of a method of escrowing a key according to an embodiment of the application. The figure is merely an example and is not intended to limit the scope of the claimed invention.
Referring to fig. 1, in step 101, when a user wants to host a private key, private key fragmentation is performed. For example, the private key may be sharded in a Shamir secret sharing algorithm, direct addition sharing, and the like. When the Shamir secret sharing mode is adopted, parameters (t, n) need to be specified, the private key is divided into n parts of fragments, and the complete private key can be recovered by using any data which is not less than t parts of the fragments. When direct addition sharing is adopted, the private key is divided into n parts of fragments, and all n parts of fragments are summarized and added to restore the complete private key.
In step 102, the user sends the divided private key fragments to different managed service nodes. Here, a secure communication channel needs to be established between the user and the managed service node to ensure confidentiality and integrity of the communication content. The service node receives the private key fragment from the user and saves (step 106).
In step 103, the user generates a symmetric encryption key under the collaborative work of the escrow service node (step 107). At the user side, can openThe digital password UPWD with a certain length is generated by collecting the biometric information of the user (such as fingerprint, palm print, iris, etc.) or based on the secret information of the hardware token specific to the user. As another embodiment, the digital password UPWD may be generated in advance in a user setting stage, and encrypted by using the collected user biometric information through a biometric cryptography technique (also referred to as a fuzzy cryptography technique); when the user needs to use the UPWD, the user inputs the biological characteristics of the user and restores the set UPWD. On the serving node side, a random number RAND of sufficient length with good randomness can be generated. Then, the user and the service node cooperatively generate an encryption key that can be used in a symmetric encryption algorithm, for example, a key KDF (updd, RAND) can be used to generate the encryption key, where the KDF represents a key derivation function, and may be a hash function H (), a pseudorandom function PBKDF2(), and the like; as another way of cooperatively generating a symmetric encryption key between the user and the service node, a key KDF (UPWD, RAND, NONCE) may also be used, where NONCE is a variable additionally maintained by the user and the service node, so as to facilitate updating the key, for example, in a case that both the user UPWD and the service node RAND are not changed, different keys are generated by different NONCEs, so as to implement updating the key. In addition, the user and the service node may also use the Diffie-Hellman protocol to generate the key: such as key ═ gUPWD)RAND=(gRAND)UPWD。
It should be noted that, in step 103, when the user and the service node cooperate to generate the symmetric encryption key, a negotiation may be performed on the symmetric encryption algorithm, or a fixed algorithm may be used to generate the symmetric encryption key.
In step 104, the user signs the ciphertext received from the service node with the generated symmetric encryption key. The ciphertext is generated by the service node by encrypting the private key fragment using a cooperatively generated symmetric encryption key (step 108). The service node transmits the generated cipher text to the user (step 109). Here, it is also necessary to establish a secure communication channel between the user and the managed service node to ensure that the ciphertext sent from the service node to the user is not tampered by a malicious attacker. And after receiving the ciphertext, the user verifies whether the ciphertext is correct. For example, the ciphertext may be decrypted by the symmetric encryption key generated in step 103 and a determination may be made as to whether the decryption result is consistent with the private key. If the ciphertext is correct, the user signs the ciphertext with the private key to be escrowed and, in step 105, sends the signature to the service node together with the public key. The service node saves the received signature and the public key (step 110).
In the method described in the present application, the key information from which the private key can be derived may be equated to the private key, e.g. a mnemonic or the like. In the blockchain system, the importance of the mnemonic is equivalent to the private key of the account. Accordingly, the public key includes a public key corresponding to an actual private key or a public key corresponding to a private key derived from a mnemonic, and in the blockchain system, the public key of the user account is shortened to an address of the user account after being subjected to one-way transformation (e.g., cryptographic hash function transformation).
Fig. 2 shows a flow diagram of a method of recovering a key according to an embodiment of the application. The figure is merely an example and is not intended to limit the scope of the claimed invention.
Referring to fig. 2, when a user wants to recover a hosted private key, the service node first sends the ciphertext, the signature, and the public key of the private key fragment to the user (step 207), and the user obtains the ciphertext, the signature, and the public key of the private key fragment from the service node (step 201), and then verifies the signature and the public key (step 202). As an example, the way of verifying may include whether the account address of the user can be derived from the public key, and the verification of the digital signature is performed on the signature with the public key. The user does not need to save the key used in generating the ciphertext of the private key fragment, but resumes generating the symmetric encryption key (step 203) under the cooperative work of the service node (step 208). The user may then decrypt the ciphertext of the private key fragment obtained in step 201 using the generated symmetric encryption key (step 204) and obtain the private key fragment (step 205). After obtaining the plurality of private key fragments, the user recovers the complete private key (step 206). If a Shamir secret sharing scheme is adopted to segment the private key during escrow and the utilized parameters are (t, n), the complete private key can be recovered when the user obtains no less than t private key segments; if direct addition sharing is adopted, all the private key fragments need to be obtained and added to restore the complete private key.
Fig. 3 shows a block diagram of a security escrow system according to an embodiment of the application. The figure is merely an example and is not intended to limit the scope of the claimed invention.
The secure escrow system in fig. 3 can be used to escrow private keys/mnemonics for blockchain digital coins. As shown in fig. 3, the security hosting system includes a user agent and several service node agents. The user agent comprises a symmetric key negotiation module, a password operation module, a private key sharing module, a biological characteristic acquisition and processing module and/or a hardware token acquisition and processing module. Each service node agent comprises a symmetric key negotiation module, a password operation module, a safe storage module and a random number generation module. The various functional modules in the user agent and the service node agent shown in fig. 3 work in conjunction to perform together the steps of the method shown in fig. 1 and 2. For example, the biometric collecting and processing module in the user agent may be configured to collect biometric information of the user, including fingerprint, palm print, iris information, and the like, and the hardware token collecting and processing module may collect feature information of a specific device corresponding to the user agent, so that the symmetric key agreement module of the user agent generates a symmetric encryption key; and the random number generation module in the service node agent can also generate a random number so that the symmetric key negotiation module in the service node agent can generate a symmetric encryption key.
The user agent and the service node agent may be any computing device with processing or storage capabilities, including but not limited to a server, a minicomputer, a PC, a notebook PC, a tablet PC, a smartphone, a wearable device, an embedded device, or any combination thereof. In an exemplary embodiment, the user agent and the service node agent may also be implemented by one or more Application Specific Integrated Circuits (ASICs), Digital Signal Processors (DSPs), Digital Signal Processing Devices (DSPDs), Programmable Logic Devices (PLDs), Field Programmable Gate Arrays (FPGAs), controllers, micro-controllers, microprocessors or other electronic components for performing any of the steps of the above-described method of securely escrowing keys.
In an exemplary embodiment, a non-transitory computer-readable storage medium comprising instructions, such as a memory comprising instructions, executable by processors of a user agent and a service node agent to perform the above-described method of securely hosting a key is also provided. For example, the non-transitory computer readable storage medium may be a ROM, a Random Access Memory (RAM), a CD-ROM, a magnetic tape, a floppy disk, an optical data storage device, and the like.
The technical features of the above embodiments can be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the above embodiments are not described, but should be considered as the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present patent shall be subject to the appended claims.
Claims (10)
1. A method of securely escrowing a private key, the method comprising:
dividing a private key into at least two fragments, and respectively sending the fragments to different service nodes, wherein the private key can be generated from mnemonics;
generating a symmetric encryption key under the cooperation of the service node;
receiving a ciphertext from the service node, and verifying the ciphertext, wherein the ciphertext is generated by the service node encrypting the private key fragment with the symmetric encryption key;
signing the ciphertext with the private key; and
and sending the signature and a public key corresponding to the private key to the service node.
2. The method of claim 1, wherein:
obtaining a ciphertext, a signature and a public key corresponding to the private key fragment from a part or all of the service nodes;
verifying the signature and the public key;
recovering the symmetric encryption key under the cooperation of the service node;
decrypting the ciphertext by using the symmetric encryption key to obtain the private key fragment; and
recovering the private key based on a portion or all of the private key fragments.
3. The method of claim 1, wherein:
generating the symmetric encryption key based on biometric information or token information;
wherein the biometric information comprises fingerprint, palm print or iris information; and
the token information includes characteristic information of a particular user device.
4. A method of securely escrowing a private key, the method comprising:
receiving a private key fragment from a user;
generating a symmetric encryption key in cooperation with the user;
encrypting the private key fragments by using the symmetric encryption key, and sending the generated ciphertext to the user; and
and storing the signature and the public key received from the user, wherein the signature is generated by the user by signing the ciphertext through the private key.
5. The method of claim 4, wherein:
a random number is generated and the symmetric encryption key is generated in cooperation with the user using the random number.
6. A user equipment, the user equipment comprising:
a processor; and
a memory storing instructions that, when executed by the processor, cause the processor to perform the steps of:
dividing a private key into at least two fragments, and respectively sending the fragments to different service nodes, wherein the private key can be generated from mnemonics;
generating a symmetric encryption key under the cooperation of the service node;
receiving a ciphertext from the service node, and verifying the ciphertext, wherein the ciphertext is generated by the service node encrypting the private key fragment with the symmetric encryption key;
signing the ciphertext with the private key; and
and sending the signature and a public key corresponding to the private key to the service node.
7. The user equipment of claim 6, wherein the memory further contains instructions that, when executed by the processor, cause the processor to further perform the steps of:
obtaining a ciphertext, a signature and a public key corresponding to the private key fragment from a part or all of the service nodes;
verifying the signature and the public key;
recovering the symmetric encryption key under the cooperation of the service node;
decrypting the ciphertext by using the symmetric encryption key to obtain the private key fragment; and
recovering the private key based on a portion or all of the private key fragments.
8. An apparatus for secure escrow of a private key, the apparatus comprising:
a processor; and
a memory storing instructions that, when executed by the processor, cause the processor to perform the steps of:
receiving a private key fragment from a user;
generating a symmetric encryption key in cooperation with the user;
encrypting the private key fragments by using the symmetric encryption key, and sending the generated ciphertext to the user; and
and storing the signature and the public key received from the user, wherein the signature is generated by the user by signing the ciphertext through the private key.
9. The apparatus of claim 8, wherein the memory further contains instructions that, when executed by the processor, cause the processor to further perform the steps of:
a random number is generated and the symmetric encryption key is generated in cooperation with the user using the random number.
10. A system for secure escrow of private keys, the system comprising a user device and a number of service nodes, wherein:
the user equipment divides a private key into at least two fragments and respectively sends each fragment to one of the service nodes, wherein the private key can be generated from mnemonics;
the user equipment and the service node receiving the private key fragment respectively generate a symmetric encryption key in a cooperative manner;
the service node encrypts the received private key fragments by using the symmetric encryption key and sends the generated ciphertext to the user equipment;
the user equipment receives the ciphertext from the service node and verifies the ciphertext;
when the verification is passed, the user equipment signs the ciphertext through the private key;
the user equipment sends the signature and a public key corresponding to the private key to the service node; and
and the service node saves the received signature and the public key.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911178082.8A CN110969431B (en) | 2019-11-27 | 2019-11-27 | Secure hosting method, device and system for private key of blockchain digital coin |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911178082.8A CN110969431B (en) | 2019-11-27 | 2019-11-27 | Secure hosting method, device and system for private key of blockchain digital coin |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110969431A true CN110969431A (en) | 2020-04-07 |
| CN110969431B CN110969431B (en) | 2024-04-19 |
Family
ID=70031766
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911178082.8A Active CN110969431B (en) | 2019-11-27 | 2019-11-27 | Secure hosting method, device and system for private key of blockchain digital coin |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110969431B (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111800262A (en) * | 2020-07-01 | 2020-10-20 | 北京金山云网络技术有限公司 | Digital asset processing method and device and electronic equipment |
| CN111861336A (en) * | 2020-07-23 | 2020-10-30 | 中国联合网络通信集团有限公司 | Logistics monitoring method, device and system |
| CN112235260A (en) * | 2020-09-25 | 2021-01-15 | 建信金融科技有限责任公司 | Anonymous data storage method, device, equipment and storage medium |
| CN112398648A (en) * | 2020-11-05 | 2021-02-23 | 华控清交信息科技(北京)有限公司 | Key management method and device for key management |
| CN112581285A (en) * | 2020-12-28 | 2021-03-30 | 上海万向区块链股份公司 | Block chain-based account generation method, system and medium in stock right transaction system |
| CN113162765A (en) * | 2021-04-21 | 2021-07-23 | 山东大学 | Trustable public key encryption system and method based on non-interactive key agreement |
| CN114006741A (en) * | 2021-10-27 | 2022-02-01 | 杭州弦冰科技有限公司 | Method and system for realizing cluster security deployment of Intel SGX trusted service |
| CN115544170A (en) * | 2022-11-22 | 2022-12-30 | 中国信息通信研究院 | Data hosting method and device based on block chain, electronic equipment and medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107623569A (en) * | 2017-09-30 | 2018-01-23 | 矩阵元技术(深圳)有限公司 | Block chain key escrow and restoration methods, device based on Secret sharing techniques |
| CN108604983A (en) * | 2015-02-14 | 2018-09-28 | 瓦利梅尔公司 | The commission of the safety of private key is distributed by domain name service |
| US20190036692A1 (en) * | 2016-07-29 | 2019-01-31 | Trusted Key Solutions Inc. | System and method for generating a recovery key and managing credentials using a smart blockchain contract |
| CN109976948A (en) * | 2019-03-18 | 2019-07-05 | 北京思源互联科技有限公司 | Private information backup method and recovery method and system |
| CN110086612A (en) * | 2019-04-26 | 2019-08-02 | 山大地纬软件股份有限公司 | A kind of public and private key backup of block chain and lose method for retrieving and system |
-
2019
- 2019-11-27 CN CN201911178082.8A patent/CN110969431B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108604983A (en) * | 2015-02-14 | 2018-09-28 | 瓦利梅尔公司 | The commission of the safety of private key is distributed by domain name service |
| US20190036692A1 (en) * | 2016-07-29 | 2019-01-31 | Trusted Key Solutions Inc. | System and method for generating a recovery key and managing credentials using a smart blockchain contract |
| CN107623569A (en) * | 2017-09-30 | 2018-01-23 | 矩阵元技术(深圳)有限公司 | Block chain key escrow and restoration methods, device based on Secret sharing techniques |
| CN109976948A (en) * | 2019-03-18 | 2019-07-05 | 北京思源互联科技有限公司 | Private information backup method and recovery method and system |
| CN110086612A (en) * | 2019-04-26 | 2019-08-02 | 山大地纬软件股份有限公司 | A kind of public and private key backup of block chain and lose method for retrieving and system |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111800262A (en) * | 2020-07-01 | 2020-10-20 | 北京金山云网络技术有限公司 | Digital asset processing method and device and electronic equipment |
| CN111800262B (en) * | 2020-07-01 | 2022-10-14 | 北京金山云网络技术有限公司 | Digital asset processing method and device and electronic equipment |
| CN111861336A (en) * | 2020-07-23 | 2020-10-30 | 中国联合网络通信集团有限公司 | Logistics monitoring method, device and system |
| CN111861336B (en) * | 2020-07-23 | 2023-10-17 | 中国联合网络通信集团有限公司 | Logistics monitoring method, device and system |
| CN112235260A (en) * | 2020-09-25 | 2021-01-15 | 建信金融科技有限责任公司 | Anonymous data storage method, device, equipment and storage medium |
| CN112398648A (en) * | 2020-11-05 | 2021-02-23 | 华控清交信息科技(北京)有限公司 | Key management method and device for key management |
| CN112398648B (en) * | 2020-11-05 | 2023-12-29 | 华控清交信息科技(北京)有限公司 | Key management method and device for key management |
| CN112581285A (en) * | 2020-12-28 | 2021-03-30 | 上海万向区块链股份公司 | Block chain-based account generation method, system and medium in stock right transaction system |
| CN113162765A (en) * | 2021-04-21 | 2021-07-23 | 山东大学 | Trustable public key encryption system and method based on non-interactive key agreement |
| CN114006741A (en) * | 2021-10-27 | 2022-02-01 | 杭州弦冰科技有限公司 | Method and system for realizing cluster security deployment of Intel SGX trusted service |
| CN115544170A (en) * | 2022-11-22 | 2022-12-30 | 中国信息通信研究院 | Data hosting method and device based on block chain, electronic equipment and medium |
| CN115544170B (en) * | 2022-11-22 | 2023-03-14 | 中国信息通信研究院 | Data hosting method and device based on block chain, electronic equipment and medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110969431B (en) | 2024-04-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110969431B (en) | Secure hosting method, device and system for private key of blockchain digital coin | |
| CN108292402B (en) | Determination of a common secret and hierarchical deterministic keys for the secure exchange of information | |
| CN107483212B (en) | Method for generating digital signature by cooperation of two parties | |
| US11880831B2 (en) | Encryption system, encryption key wallet and method | |
| CN103124269B (en) | Based on the Bidirectional identity authentication method of dynamic password and biological characteristic under cloud environment | |
| Ngo et al. | Dynamic Key Cryptography and Applications. | |
| CN110519046B (en) | Quantum communication service station key negotiation method and system based on one-time asymmetric key pair and QKD | |
| US20110145576A1 (en) | Secure method of data transmission and encryption and decryption system allowing such transmission | |
| CN110958219B (en) | SM2 proxy re-encryption method and device for medical cloud shared data | |
| US11870891B2 (en) | Certificateless public key encryption using pairings | |
| CN107360002B (en) | Application method of digital certificate | |
| CN110971411B (en) | SM2 homomorphic signature method for encrypting private key by multiplying based on SOTP technology | |
| CN106130716A (en) | Cipher key exchange system based on authentication information and method | |
| CN107171796A (en) | A kind of many KMC key recovery methods | |
| CN112118113A (en) | Multi-party cooperative group signature method, device, system and medium based on SM2 algorithm | |
| CN111416712B (en) | Quantum secret communication identity authentication system and method based on multiple mobile devices | |
| CN116830523A (en) | threshold key exchange | |
| Barman et al. | A novel secure key-exchange protocol using biometrics of the sender and receiver | |
| CN109787747B (en) | Anti-quantum-computation multi-encryption cloud storage method and system based on multiple asymmetric key pools | |
| WO2020042023A1 (en) | Instant messaging data encryption method and apparatus | |
| US20040120519A1 (en) | Method for enhancing security of public key encryption schemas | |
| EP4062350A1 (en) | Method and apparatus for a blockchain-agnostic safe multi-signature digital asset management | |
| Verbücheln | How perfect offline wallets can still leak bitcoin private keys | |
| US20220038267A1 (en) | Methods and devices for secured identity-based encryption systems with two trusted centers | |
| CN109412788B (en) | Anti-quantum computing agent cloud storage security control method and system based on public key pool |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CB02 | Change of applicant information |
Country or region after: China Address after: No. 161, Building 43, No. 69 Zhongmensi Street, Mentougou District, Beijing, 102300 (cluster registration) Applicant after: Beijing Wangtian Technology Co.,Ltd. Address before: Building 32-1-1-320, No. 32 Chuangye Middle Road, Haidian District, Beijing, 100085 Applicant before: Beijing guize System Technology Co.,Ltd. Country or region before: China |
|
| CB02 | Change of applicant information |