CN114221768A - Method and system for proving that key pair is protected by hardware - Google Patents
Method and system for proving that key pair is protected by hardware Download PDFInfo
- Publication number
- CN114221768A CN114221768A CN202111320965.5A CN202111320965A CN114221768A CN 114221768 A CN114221768 A CN 114221768A CN 202111320965 A CN202111320965 A CN 202111320965A CN 114221768 A CN114221768 A CN 114221768A
- Authority
- CN
- China
- Prior art keywords
- certificate
- hardware security
- security environment
- key
- hardware
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 32
- 238000002347 injection Methods 0.000 claims description 7
- 239000007924 injection Substances 0.000 claims description 7
- 238000012795 verification Methods 0.000 description 5
- 238000010586 diagram Methods 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 230000007812 deficiency Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 239000000243 solution Substances 0.000 description 1
- 238000010200 validation analysis Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
- H04L9/3265—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate chains, trees or paths; Hierarchical trust model
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/12—Details relating to cryptographic hardware or logic circuitry
Abstract
The invention relates to a method and a system for proving that a key pair is protected by hardware, belonging to the fields of cryptography and information security. When the device needs to disclose the key pair generated for the application system to the external entity, the method and the system of the invention are generated in the hardware security environment, the hardware security environment outputs the key certificate chain to replace the public key output in the traditional technology. The cryptographic proof can be given to the fact that the key pair is generated in the hardware security environment and the fact that the hardware security environment of the key pair is generated is true and credible, and the proof can be verified only by using the root certificate of the equipment manufacturer, so that the cost is reduced.
Description
Technical Field
The invention belongs to the fields of cryptography and information security, and particularly relates to a method and a system for generating an asymmetric key pair to provide key generation proof to the outside and for generating a provable key pair in a hardware security environment.
Background
Common applications of public key cryptography (also known as asymmetric cryptography) in the field of information security include:
1) data encryption: the first party generates a pair of public and private keys and publishes the public key to the second party; the party B encrypts the confidential information by using the secret key (the public key of the party A) and then sends the encrypted confidential information to the party A; the first party decrypts the ciphertext information by using a private key of the first party;
2) data signing: the first party generates a pair of public and private keys and publishes the public key to the second party; the first party signs the confidential information by using a private key of the first party and then sends the signed confidential information to the second party; and the party B uses the public key of the party A to carry out signature verification on the data sent by the party A.
In public key cryptography, a participant typically needs to generate a pair of public and private keys, the public key being published to other participants while the private key is kept secret from the other participants. In an application scenario with a high requirement on security, an asymmetric key pair is generally generated and confidential information is processed in a dedicated hardware security environment (such as a security chip, a trusted execution environment, and the like), and a private key and other confidential information are protected by the hardware security environment and are prevented from being illegally accessed or leaked. At this point, the key used in the validation system is crucial to whether it is generated by a legitimate hardware security environment:
1) in a data encryption scenario, if a key pair of an information receiver is generated in an insecure environment, confidential information encrypted with a public key of the information receiver may also be decrypted in the insecure environment, and the confidential information may be leaked;
2) in the data signature scenario, if the signer generates a key pair in an insecure environment, the private key of the signer may be used in an unauthorized manner, and the non-repudiation of the signature is destroyed (cannot be repudiated).
Thus, when using public key cryptography in a high security system, proof of whether a key pair is generated within a legitimate hardware security environment may be required to ensure that confidential information in the system is always protected by the hardware security environment, and that signatures in the system have non-repudiation.
In the prior art, a mobile intelligent terminal generates an unpaired secret key pair by using a security chip, and binds and transmits information such as a public key, a unique identifier of the security chip, a unique identifier of a terminal and the like for describing a security environment for generating the secret key pair. However, this practice is a non-cryptographic proof that the identity associated with the public key may be tampered with during transmission.
Or, when the mobile intelligent terminal in the prior art has the embedded security chip supporting the GP JavaCard specification, the security chip may establish a security channel after authenticating with an external entity, and the operations of key pair generation, private key signature, private key decryption, and the like, which are controlled and executed in the security channel, may be confident to be completed inside the security chip. However, only the external entity having the security domain key can establish a secure channel with the security chip, and other parties cannot verify the generation position of the key pair through the above mechanism. On the other hand, managing and storing the secure domain root key in the system adds additional cost.
Disclosure of Invention
In view of the deficiencies in the prior art, it is an object of the present invention to provide a method and system for proving that a key pair is hardware protected. The method and system overcome the disadvantages of the prior art, prove that the key pair used in the system is generated in the hardware security environment, and prove the authenticity of the hardware security environment in which the key pair is generated.
To achieve the above object, the present invention provides a method for proving that a key pair is protected by hardware, which is used for supporting a single service application on the same device, and comprises the following steps:
(1) the equipment with the hardware security environment needs to complete the issuing and injection of a hardware security environment certificate before leaving a factory;
(2) in the use stage, when equipment needs to generate a service key pair for an application system in a hardware security environment, the hardware security environment issues a key certificate according to a certificate request and generates a certificate chain;
(3) the key in the certificate chain certifies the public key of the certificate, i.e. the public key of the newly generated service key pair.
Optionally, in step (1), the equipment with the hardware security environment needs to complete issuing and injecting of the hardware security environment certificate before leaving the factory, specifically,
before leaving factory, a hardware security environment key pair and a certificate request are generated in a hardware security environment of equipment, a hardware security environment certificate is issued to the certificate request by using a root certificate of an equipment manufacturer, and the hardware security environment certificate is injected into the hardware security environment of the equipment.
Optionally, in step (2), when the device needs to generate a service key pair for the application system in the hardware security environment, the hardware security environment issues a key certificate and generates a certificate chain, specifically,
the hardware security environment firstly generates a service key pair, then generates a certificate request, and issues a key certificate to the newly generated certificate request by using the hardware security environment certificate injected before leaving the factory and generates a certificate chain. The public key in the key certificate, i.e. the public key in the newly generated service key pair.
Optionally, the hardware secure environment is a Trusted Execution Environment (TEE) and/or a Secure Element (SE).
The invention further provides a method for proving that the key pair is protected by hardware, which is used for supporting a plurality of service applications on the same equipment and comprises the following steps:
(1) the equipment with the hardware security environment needs to complete the issuing and injection of a hardware security environment certificate before leaving a factory;
(2) when the equipment is initialized, generating an application domain key pair in a hardware security environment of the equipment, and signing and issuing an application domain certificate by using a hardware security environment certificate;
(3) in the use stage, when equipment needs to generate a service key pair for an application system in a hardware security environment, the hardware security environment signs a key certificate according to an application domain certificate and generates a certificate chain;
(4) the key in the certificate chain certifies the public key of the certificate, i.e. the public key of the newly generated service key pair.
Optionally, in step (1), the equipment with the hardware security environment needs to complete issuing and injecting of the hardware security environment certificate before leaving the factory, specifically,
before leaving factory, a hardware security environment key pair and a first certificate request are generated in a hardware security environment of equipment, a hardware security environment certificate is issued to the first certificate request by using a root certificate of an equipment manufacturer, and the hardware security environment certificate is injected into the hardware security environment of the equipment.
Optionally, in step (2), in the device initialization stage, the hardware security environment generates an application domain key pair, and issues an application domain certificate according to the hardware security environment certificate, specifically,
generating an application domain key pair and a second certificate request in a hardware security environment;
and in the hardware security environment, the application domain certificate is issued to the second certificate request by using the hardware security environment certificate and is stored in the hardware security environment.
Optionally, in the step (3), in the using stage, when the device needs to generate a service key pair for the application system in the hardware security environment, the hardware security environment issues a key certificate and generates a certificate chain according to the application domain certificate, specifically,
generating a service key pair and a third certificate request in a hardware security environment;
and in the hardware security environment, the application domain certificate issues a key certification certificate to the third certificate request and generates a certificate chain, and the certificate chain is stored in the hardware security environment.
Optionally, the hardware secure environment is a Trusted Execution Environment (TEE) and/or a Secure Element (SE).
Optionally, the application domain corresponds to one or more applications of one service provider.
The invention further provides a system for proving that the key pair is protected by hardware, which comprises a hardware security environment on the equipment, an application APP on the equipment and an application system, and the key is proved by adopting the method.
The invention has the following effects: by adopting the method and the system, when the public key password is used in a high security system, whether the key pair is generated in a legal hardware security environment or not may need to be proved so as to ensure that confidential information in the system is always protected by the hardware security environment and signature in the system has non-repudiation. The existing key certification method belongs to non-cryptography certification, and identification associated with a public key can be tampered in the transmission process. In the second conventional key certification method, only an external entity having a security domain key can establish a security channel with a security chip, and other parties cannot verify the generation position of a key pair through the mechanism. On the other hand, managing and storing the secure domain root key in the system adds additional cost. When the device needs to disclose the key pair generated for the application system to the external entity, the method and the system of the invention are generated in the hardware security environment, the hardware security environment outputs the key certificate chain to replace the public key output in the traditional technology. The cryptographic proof can be given to the fact that the key pair is generated in the hardware security environment and the fact that the hardware security environment of the key pair is generated is true and credible, and the proof can be verified only by using the root certificate of the equipment manufacturer, so that the cost is reduced.
Drawings
FIG. 1 is a key and certificate structure in a hardware security environment in accordance with an embodiment of the present invention;
FIG. 2 is a key and certificate structure in a hardware security environment for multiple application domains in an embodiment of the present invention;
fig. 3 shows a process for verifying a key certificate in a public key cryptography application in accordance with an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments of the present invention without making any creative effort, shall fall within the protection scope of the present invention. The invention is further described with reference to the following figures and detailed description.
Hardware security environments on a mobile intelligent terminal such as a Trusted Execution Environment (TEE) and a Secure Element (SE, generally provided in the form of a chip). The TEE is a secure area residing on a main processor of the mobile intelligent terminal, and provides secure services such as secure storage of sensitive data, approved cryptographic algorithms, and the like. The Secure Element (SE) provides a secure execution environment for secure applications, and the SE can securely store data and code logic while providing secure services, such as cryptographic algorithms and key protection, for the secure applications.
Example one
Please refer to fig. 1, which is a schematic diagram illustrating a structure of a key and a certificate in a hardware security environment according to the present application. In this embodiment, a key and certificate structure in a hardware security environment, a participant includes: equipment manufacturers and equipment.
Optionally, the device vendor has a device vendor root key and a device vendor root certificate. Also, the device manufacturer may generate a device manufacturer root certificate using the device manufacturer root key. The method for generating the root certificate by using the root key is conventional in the art and will not be described in detail herein.
Optionally, the device has a hardware security environment therein. The hardware security environment may include a Trusted Execution Environment (TEE) and/or a Secure Element (SE), and combinations thereof. The device manufacturer may inject the device vendor root certificate into the hardware secure environment of the device. The equipment with the hardware security environment needs to complete the issuing and injection of the hardware security environment certificate before leaving the factory.
In this embodiment, the method for generating the key certificate includes:
s1, before leaving factory, completing issuing and injecting of hardware security environment certificate with hardware security environment equipment;
optionally, before leaving the factory, a hardware security environment key pair and a certificate request are generated in a hardware security environment of the device, and a device manufacturer root certificate is used to issue a hardware security environment certificate to the certificate request. And injecting the obtained hardware security environment certificate into the hardware security environment of the equipment.
S2, in the use stage, when the device needs to generate the service key pair for the application system in the hardware security environment: the hardware security environment firstly generates a service key pair, then generates a certificate request, and issues a key certificate to the newly generated certificate request by using the hardware security environment certificate injected before delivery and generates a certificate chain. The public key in the key certificate, i.e. the public key in the newly generated service key pair.
Example two
Please refer to fig. 2, which is a schematic diagram illustrating a structure of a key and a certificate in a hardware security environment under a multi-application domain condition according to the present application. In this embodiment, under the condition of multiple application domains, the participants of the key and certificate structures in the hardware security environment include: equipment manufacturers and equipment.
Optionally, the device vendor has a device vendor root key and a device vendor root certificate. Also, the device manufacturer may generate a device manufacturer root certificate using the device manufacturer root key. The method for generating the root certificate by using the root key is conventional in the art and will not be described in detail herein.
Optionally, the device has a hardware security environment therein. Unlike the first embodiment, in this embodiment, in order to support multiple service applications on the same device, multiple application domains are further included in the hardware security environment. Each application domain may correspond to one or more applications of one service provider.
In this embodiment, the method for generating the key certificate includes:
s1, generating a hardware security environment key pair and a certificate request A in the hardware security environment of the equipment;
s2, issuing a hardware security environment certificate to the certificate request A by the commercial equipment manufacturer root certificate of the equipment factory, and injecting the hardware security environment certificate into the hardware security environment;
s3, generating an application domain key pair and a certificate request B in a hardware security environment;
s4, in the hardware security environment, the application domain certificate is issued to the certificate request B by the hardware security environment certificate and stored in the hardware security environment;
s5, in the use stage, when the device needs to generate the service key pair for the application system in the hardware security environment: the hardware security environment firstly generates a service key pair, then generates a certificate request, and uses the corresponding application domain certificate to issue a key certificate to the newly generated certificate request and generate a certificate chain. The chain of key certificate certificates includes: a device manufacturer root certificate, a hardware security environment certificate, an application domain certificate, and a key certificate. The public key in the key proof certificate, i.e. the public key in the newly generated key pair.
EXAMPLE III
Please refer to fig. 3, which is a diagram illustrating an exemplary process of verifying the key certificate in a public key cryptography application system according to the present application. In this embodiment, a process participant for verifying the key certificate in a public key cryptographic application system includes: a secure environment on the device, an application APP on the device, and an application system.
When the device needs to disclose the public key of the key pair generated by the device for the application system to an external entity, the hardware security environment outputs a key certificate chain to replace the public key output in the traditional technology.
The application system knows the certificate information of the device vendor root certificate and optionally the certificate information of the hardware security environment certificate. The application system can firstly check the certificate chain of the key certificate step by step; after the signature verification is passed, checking whether a root certificate of the certificate chain is a device manufacturer root certificate or not; then checking the certificate information (optional) of the hardware security environment certificate in the certificate chain; if the verification is passed, the key pair to which the public key in the last-stage certificate of the certificate chain belongs is generated in the hardware security environment, and meanwhile, the authenticity of the hardware security environment for generating the key pair can be proved; otherwise, the key pair is considered to be untrusted.
Specifically, in an initialization stage, a hardware security environment certificate is injected into a hardware security environment of the device, and an application domain certificate is signed and issued by using the hardware security environment certificate and stored in the hardware security environment.
In the use stage, an application APP on the equipment requests a hardware security environment to generate a service key pair, the hardware security environment on the equipment generates the service key pair, a key certificate is issued, a certificate chain is generated, and the certificate chain is returned to the application APP. And the APP on the equipment transmits the key certification certificate chain to the application system. The application system checks the certificate chain of the key certificate step by step; after the signature verification is passed, checking whether a root certificate of the certificate chain is a device manufacturer root certificate or not; then checking the certificate information (optional) of the hardware security environment certificate in the certificate chain; if the verification passes, the key pair to which the public key in the last certificate of the certificate chain belongs can be certified as being generated in a hardware secure environment.
It will be appreciated by those skilled in the art that the method and system of the present invention are not limited to the embodiments described in the detailed description, which is for the purpose of explanation and not limitation. Other embodiments will be apparent to those skilled in the art from the following detailed description, which is intended to cover all modifications, equivalents, and alternatives falling within the spirit and scope of the invention as defined by the appended claims.
Claims (10)
1. A method for proving hardware protection of a key pair for supporting a single service application on the same device, comprising the steps of:
(1) the equipment with the hardware security environment needs to complete the issuing and injection of a hardware security environment certificate before leaving a factory;
(2) in the use stage, when equipment needs to generate a service key pair for an application system in a hardware security environment, the hardware security environment issues a key certificate according to a certificate request and generates a certificate chain;
(3) the key in the certificate chain certifies the public key of the certificate, i.e. the public key of the newly generated service key pair.
2. A method of certifying that a key pair is hardware protected as claimed in claim 1, characterized by: in the step (1), the equipment with the hardware security environment needs to complete the issuing and injection of the hardware security environment certificate before leaving the factory, specifically,
before leaving factory, a hardware security environment key pair and a certificate request are generated in a hardware security environment of equipment, a hardware security environment certificate is issued to the certificate request by using a root certificate of an equipment manufacturer, and the hardware security environment certificate is injected into the hardware security environment of the equipment.
3. A method of certifying that a key pair is hardware protected as claimed in claim 1, characterized by: in the step (2), when the device needs to generate a service key pair for the application system in the hardware security environment, the hardware security environment issues a key certificate, specifically,
the hardware security environment firstly generates a service key pair, then generates a certificate request, issues a key certificate to the newly generated certificate request by using the hardware security environment certificate injected before leaving the factory and generates a certificate chain, wherein a public key in the key certificate is the public key in the newly generated service key pair.
4. A method of certifying that a key pair is hardware protected according to any one of claims 1 to 3, characterized in that: the hardware secure environment is a trusted execution environment and/or a secure element.
5. A method for proving hardware protection of a key pair, for supporting a plurality of service applications on the same device, comprising the steps of:
(1) signing of hardware security environment certificate is required to be completed before equipment with hardware security environment leaves factory
Performing hair sending and injection;
(2) when the equipment is initialized, the equipment generates an application domain key pair in a hardware security environment and uses a hardware security environment certificate to sign and issue an application domain certificate;
(3) in the use stage, when equipment needs to generate a service key pair for an application system in a hardware security environment, the hardware security environment signs a key certificate according to an application domain certificate and generates a certificate chain;
(4) the public key certified by the key certificate in the certificate chain is the public key in the newly generated service key pair.
6. A method of certifying that a key pair is hardware protected as claimed in claim 5, characterized by: in the step (1), the equipment with the hardware security environment needs to complete the issuing and injection of the hardware security environment certificate before leaving the factory, specifically,
before leaving factory, a hardware security environment key pair and a first certificate request are generated in a hardware security environment of equipment, a hardware security environment certificate is issued to the first certificate request by using a root certificate of an equipment manufacturer, and the hardware security environment certificate is injected into the hardware security environment of the equipment.
7. A method of certifying that a key pair is hardware protected as claimed in claim 5, characterized by: in the step (2), in the device initialization stage, the hardware security environment generates an application domain key pair, and issues an application domain certificate according to the hardware security environment certificate, specifically,
generating an application domain key pair and a second certificate request in a hardware security environment;
and in the hardware security environment, the application domain certificate is issued to the second certificate request by using the hardware security environment certificate and is stored in the hardware security environment.
8. A method of certifying that a key pair is hardware protected as claimed in claim 5, characterized by: in the step (3), in the using stage, when the device needs to generate a service key pair for the application system in the hardware security environment, the hardware security environment issues a key certificate and generates a certificate chain according to the application domain certificate, specifically,
generating a service key pair and a third certificate request in a hardware security environment;
and in the hardware security environment, the application domain certificate issues a key certification certificate to the third certificate request and generates a certificate chain, and the certificate chain is stored in the hardware security environment.
9. A method of certifying that a key pair is hardware protected according to any one of claims 5 to 7, characterized in that: the hardware security environment is a trusted execution environment and/or a secure element, and the application domain corresponds to one or more applications of a service provider.
10. A system for proving key pair protection by hardware, comprising a hardware security environment on a device, an application APP on the device and an application system, characterized in that the key proof is performed by the method according to any of claims 1-9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111320965.5A CN114221768A (en) | 2021-11-09 | 2021-11-09 | Method and system for proving that key pair is protected by hardware |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111320965.5A CN114221768A (en) | 2021-11-09 | 2021-11-09 | Method and system for proving that key pair is protected by hardware |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114221768A true CN114221768A (en) | 2022-03-22 |
Family
ID=80696738
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111320965.5A Pending CN114221768A (en) | 2021-11-09 | 2021-11-09 | Method and system for proving that key pair is protected by hardware |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114221768A (en) |
-
2021
- 2021-11-09 CN CN202111320965.5A patent/CN114221768A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20240007308A1 (en) | Confidential authentication and provisioning | |
| US20190089527A1 (en) | System and method of enforcing a computer policy | |
| US8724819B2 (en) | Credential provisioning | |
| US7526649B2 (en) | Session key exchange | |
| US20030005317A1 (en) | Method and system for generating and verifying a key protection certificate | |
| CN109639427B (en) | Data sending method and equipment | |
| US20100268942A1 (en) | Systems and Methods for Using Cryptographic Keys | |
| US7693286B2 (en) | Method of delivering direct proof private keys in signed groups to devices using a distribution CD | |
| KR20130056199A (en) | Secure key generation | |
| JP2006505041A (en) | Secure integration and use of device-specific security data | |
| KR101004829B1 (en) | An apparatus and method for direct anonymous attestation from bilinear maps | |
| CN106656499B (en) | Terminal equipment credibility authentication method in digital copyright protection system | |
| CN116707983A (en) | Authorization authentication method and device, access authentication method and device, equipment and medium | |
| CN108418692B (en) | On-line writing method of authentication certificate | |
| KR20130100032A (en) | Method for distributting smartphone application by using code-signing scheme | |
| US20230327884A1 (en) | Method for electronic signing and authenticaton strongly linked to the authenticator factors possession and knowledge | |
| CN110572257B (en) | Identity-based data source identification method and system | |
| CN114221768A (en) | Method and system for proving that key pair is protected by hardware | |
| EP3185504A1 (en) | Security management system for securing a communication between a remote server and an electronic device | |
| CN113114458A (en) | Encryption certificate generation method, decryption method, encryption certificate generation device, decryption device and encryption certificate system | |
| KR100897075B1 (en) | Method of delivering direct proof private keys in signed groups to devices using a distribution cd | |
| CN111641507B (en) | Software communication architecture component registration management method and device | |
| Verheul | SECDSA: Mobile signing and authentication under classical``sole control'' | |
| RU2771928C2 (en) | Secure data exchange ensuring direct secrecy | |
| CN117499032A (en) | Communication method, device, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |