CN102013976B - Key management method and system - Google Patents

Key management method and system Download PDF

Info

Publication number
CN102013976B
CN102013976B CN201010597643.0A CN201010597643A CN102013976B CN 102013976 B CN102013976 B CN 102013976B CN 201010597643 A CN201010597643 A CN 201010597643A CN 102013976 B CN102013976 B CN 102013976B
Authority
CN
China
Prior art keywords
key
mic
clerks
construction method
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201010597643.0A
Other languages
Chinese (zh)
Other versions
CN102013976A (en
Inventor
李志勇
颜湘
张化鹏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Iwncomm Co Ltd
Original Assignee
China Iwncomm Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Iwncomm Co Ltd filed Critical China Iwncomm Co Ltd
Priority to CN201010597643.0A priority Critical patent/CN102013976B/en
Publication of CN102013976A publication Critical patent/CN102013976A/en
Application granted granted Critical
Publication of CN102013976B publication Critical patent/CN102013976B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

本发明涉及一种密钥管理方法及系统,该方法包括以下步骤:1)将若干密钥员口令采用分组加密算法进行信息完整性校验码MIC运算,得到MIC校验值;2)将步骤1)所得到的MIC校验值作为对各密钥员身份鉴别的依据完成密钥管理操作。本发明提供了一种可以防止密钥员口令泄露、提升了密钥管理的可靠性的密钥管理方法及系统。

The present invention relates to a key management method and system. The method comprises the following steps: 1) using a group encryption algorithm to perform MIC operation on information integrity check codes for several key clerk passwords to obtain the MIC check value; 2) combining the steps 1) The obtained MIC check value is used as the basis for identifying the identity of each key operator to complete the key management operation. The invention provides a key management method and system which can prevent key clerk password leakage and improve the reliability of key management.

Description

A kind of key management method and system
Technical field
The invention belongs to field of information security technology, relate to a kind of key management method and system.
Background technology
All secrets are resided among the key, are basic principles of contemporary cryptology.In public-key cryptosystem, the fail safe of key information has determined whole reliability of communication procedure, and effectively key management method provides sound assurance to the fail safe of key information.In the key management method specific implementation process, adopt a plurality of key management persons to implement cipher key management operation simultaneously, be the main security control form of current key management.Cryptographic algorithm can disclose, and encryption device can be lost, but key can not be revealed.Enciphered message just can be decoded fully in case key is revealed, and no confidentiality can be sayed.In addition, the approach of stealing key is more much smaller than the cost of the algorithm that breaks a code, and in many incidents of network attack, the safety management of key is a key link of attacking.Therefore, must strengthen key management for the fail safe that improves system.As shown in Figure 1, key management is a comprehensive technology, and under the general situation, key management mainly comprises five kinds of operations: key generation and renewal, the renewal of key person's password, key recovery, cipher key backup and cipher key destruction.Include key person's password verification (as the step among Fig. 1) in the flow process of these five kinds of operations.Yet there is the danger of revealing in key person's password, and this can cause key management system to be attacked.
Summary of the invention
In order to solve the above-mentioned technical problem that exists in the background technology, the invention provides a kind of key person's password that can prevent and reveal, promoted the key management method and the system of the reliability of key management.
Technical solution of the present invention is: the invention provides a kind of key management method, its special character is: said method comprising the steps of:
1) adopts block encryption algorithm to carry out information integrity check code MIC computing some key person's passwords, obtain the MIC check value;
2) the resulting MIC check value of step 1) is finished cipher key management operation as the foundation that each key person's identity is differentiated.
Above-mentioned cipher key management operation comprises that carrying out key generates with renewal operation, key person's password renewal operation, key recovery operation, cipher key backup is operated and the cipher key destruction operation.
Above-mentioned some key persons carry out the cipher key management operation or the optional cipher key management operation of key person of all key person's participations.
When above-mentioned some key persons carried out the cipher key management operation of all key person's participations, described some key persons are on the scene and Attended Operation simultaneously, and at this moment, the specific implementation of described step 1) is:
1.1.1) key person's password choosing arbitrarily in some key person's passwords makes up Key;
1.1.2) utilize except that step 1.1.1) and all key person's passwords structure data;
1.1.3) adopt block encryption algorithm to utilize step 1.1.1) constructed Key is to step 1.1.2) constructed data carry out the MIC computing, obtain the MIC operation result, described MIC operation result is the MIC check value.
Above-mentioned key management method be all key persons participate in cipher key management operation the time, described step 2) specific implementation be:
2.1.1) key person's password choosing in some key person's passwords makes up Key ', wherein, making up selected key person of Key ' and step 1.1.1) the selected key person of the middle Key of structure is same key person, and the building mode of Key ' is consistent with the building mode of Key;
2.1.2) utilize except that step 2.1.1) and all key person's passwords structure data;
2.1.3) adopt block encryption algorithm to utilize step 2.1.1) constructed Key ' is to step 2.1.2) constructed data carry out the MIC computing, obtain the MIC operation result, described MIC operation result is a MIC ' check value, wherein building mode and the input order and step 1.1.3 of input data in the computing MIC ' process) building mode and the input order of importing data in the computing MIC process be consistent;
2.1.4) with step 2.1.3) resulting MIC ' check value and step 1.1.3) resulting MIC check value compares, if compare successfully, then allows key person to implement cipher key management operation; If comparison is unsuccessful, then withdraw from cipher key management operation.
When above-mentioned some key persons carried out the optional cipher key management operation of key person, described some key persons' number was M, and it is N that the key person of the optional cipher key management operation of described key person participates in quantity, described M>N 〉=2; At this moment, the specific implementation of described step 1) is:
1.2.1) to M position key person according to 1,2,3......M-1, M nature preface is numbered;
1.2.2) in the key person of M position, choose N position key person arbitrarily and constitute a combination, co-exist in C M NIndividual combination in combination in any, is chosen the minimum key person's password structure Key of numbering among the key person of N position;
1.2.3) utilize except that step 1.2.2) and all the other N-1 position key person's passwords structure data;
1.2.4) adopt block encryption algorithm to utilize step 1.2.2) constructed Key is to step 1.2.3) constructed data carry out the MIC computing, obtain the MIC operation result, described MIC operation result is the MIC check value;
1.2.5) choose and choose N position key person among the key person of M position arbitrarily and constitute described C M NStep 1.2.2 is adopted in next combination in the individual combination)~step 1.2.4) in same compute mode N position key person's password in this combination is carried out the MIC computing, obtain the MIC operation result;
1.2.6) repeating step 1.2.5), until covering described C M NThe MIC operation result of individual combination.
When above-mentioned some key persons carried out the optional cipher key management operation of key person, when described cipher key management operation was the cipher key backup operation, M position key person is Attended Operation simultaneously, this moment described step 2) specific implementation be:
2.2.1.1) choose first and make up to N position key person, make up Key ' with first key person's password;
2.2.1.2) utilize except that step 2.2.1.1) and all the other N-1 position key person's passwords structure data;
2.2.1.3) adopt block encryption algorithm to utilize step 2.2.1.1) constructed Key ' is to step 2.2.1.2) constructed data carry out MIC ' computing; Wherein, the building mode of described Key ' and step 1.2.2) in the building mode of Key consistent; Building mode and the input order and step 1.2.4 of input data in the computing MIC ' process) import data in the computing MIC process building mode and input order consistent;
2.2.1.4) with MIC ' operation result and step 1.2.4) and in resulting each MIC compare one by one, if compare successfully, carry out next group combination MIC ' computing and with each MIC of storage operation of comparing one by one, otherwise withdraw from cipher key management operation; Wherein, described next group combination building mode is removed from current combination for numbering minimum key person, maximum key person in the current combination is numbered corresponding next one numbering key person is added to current combination, comprise numbering M key person be combined as last need MIC ' computing and with compare the one by one combination of operation of each MIC of storage.Wherein, the described next one is numbered in the described current combination maximum key person numbering and increases progressively and add 1.
When above-mentioned some key persons carried out the optional cipher key management operation of key person, described cipher key management operation was key person's password when upgrading operation, and M position key person is Attended Operation simultaneously, this moment described step 2) specific implementation be:
2.2.2.1) choose first and make up to N position key person, make up Key ' with first key person's password;
2.2.2.2) utilize except that step 2.2.2.1) and all the other N-1 position key person's passwords structure data;
2.2.2.3) adopt block encryption algorithm to utilize step 2.2.2.1) constructed Key ' is to step 2.2.2.2) constructed data carry out MIC ' computing; Wherein, the building mode of described Key ' and step 1.2.2) in the building mode of Key consistent; Building mode and the input order and step 1.2.4 of input data in the computing MIC ' process) import data in the computing MIC process building mode and input order consistent;
2.2.2.4) with MIC ' operation result and step 1.2.4) and in resulting each MIC compare one by one, if compare successfully, carry out next group combination MIC ' computing and with each MIC of storage operation of comparing one by one, otherwise withdraw from cipher key management operation; Wherein, described next group combination building mode is removed from current combination for numbering minimum key person, maximum key person in the current combination is numbered corresponding next one numbering key person is added to current combination, comprise numbering M key person be combined as last need MIC ' computing and with compare the one by one combination of operation of each MIC of storage.Wherein, the described next one is numbered in the described current combination maximum key person numbering and increases progressively and add 1.
When above-mentioned some key persons carry out the optional cipher key management operation of key person, described cipher key management operation is that key generates and renewal operation, key recovery operation or cipher key destruction operation, at this moment, choose N position key person among the key person of M position arbitrarily and operate described step 2) specific implementation be:
2.2.3.1) utilize key person's password of numbering minimum among the key person of N position to make up Key ';
2.2.3.2) utilize except that step 2.2.3.1) and all the other N-1 position key person's passwords structure data;
2.2.3.3) adopt block encryption algorithm to utilize step 2.2.3.1) constructed Key ' is to step 2.2.3.2) constructed data carry out MIC ' computing to key person's password, obtain MIC ' operation result; Wherein, the building mode of described Key ' and step 1.2.2) in the building mode of Key consistent; Building mode and the input order and step 1.2.4 of input data in the computing MIC ' process) import data in the computing MIC process building mode and input order consistent;
2.2.3.4) with this MIC ' and step 1.2.4) and in resulting each MIC compare one by one, if exist a MIC identical, then compare successfully with MIC ', then allow to implement key generate upgrade operation, key recovery is operated or cipher key destruction is operated; Otherwise withdraw from cipher key management operation.
A kind of key management system, its special character is: described key management system comprises key person's password input module of being used to obtain some key person's passwords, be used for adopting block encryption algorithms to carry out the MIC computing of information integrity check code some key person's passwords and with this as key person's password verification module that each key person's identity is differentiated and be used for cipher key management operation enforcement module that cipher key management operation is issued; Described cipher key management operation is that key generates with renewal operation, key person's password renewal operation, key recovery operation, cipher key backup is operated and the cipher key destruction operation.
Advantage of the present invention is:
The invention provides a kind of key management method and system, this method has been carried out method innovation in key person's password check part, makes the key management reliability be improved, and its advantage is as follows:
1, key person's password is not directly compared, but the MIC value of key person's password is compared, need not storage key person's password like this, but the MIC value of storage key person's password, because the MIC computing is irreversible, even the MIC value is acquired, also can't obtain key person's password expressly by backstepping by the MIC value, therefore reduced the risk that key person's password leaks;
2, adopt this method some key person's password information hash can be unified to judge together, reduced key person's password verification complexity;
3, because MIC need be stored in the equipment, be used for the later stage relatively, and the MIC value is the data of one section regular length, the length because of key person's password does not change, the increase because of key person's quantity does not change, store M IC value length is fixed like this, reduces the requirement to device memory, and is also relatively convenient simultaneously.
The present invention adopts block encryption algorithm to carry out information integrity check code (MIC) computing some key management person's passwords, then with the MIC check value as the foundation that each key management person's identity is differentiated, finishing the authority of cipher key management operation judges, the method has substituted the conventional method of expressly directly comparing with password, reduce the risk that password is revealed, promoted the reliability of key management.
Description of drawings
Fig. 1 is existing key management system schematic flow sheet.
Fig. 2 is a key management method schematic flow sheet provided by the present invention.
Embodiment
Referring to Fig. 2, the invention provides a kind of key management method, its difference with the prior art is: the present invention adopts block encryption algorithm to carry out information integrity check code (MIC) computing some key person's passwords, then with the MIC check value as the foundation that each key person's identity is differentiated, finishing the authority of cipher key management operation judges, the method has substituted the conventional method of expressly directly comparing with password, has reduced the risk that password is revealed, and has promoted the reliability of key management.
Referring to Fig. 2, method and system provided by the present invention are specifically described:
As first kind of embodiment of the present invention, method provided by the present invention participates in cipher key management operation simultaneously by some (M position) key person fully, when promptly carrying out key generation and renewal, the renewal of key person's password, key recovery, cipher key backup and cipher key destruction operations, M position key person is on the scene and Attended Operation simultaneously, and its concrete grammar may further comprise the steps:
When key management system is created (key person's number is at least 2, M 〉=2):
(1) chooses key person's password arbitrarily and make up Key (key), other key person's passwords make up data, adopt block encryption algorithm to utilize described Key that described data are carried out the MIC computing, obtain MIC operation result (it is relevant with data input requirement with method that makes up described The data and selected block encryption algorithm key to make up described Key, and wherein selected block encryption algorithm can be known algorithm);
(2) MIC that calculates in the storing step (1);
When key management system uses:
(3) key person's password is carried out same operation with step (1), promptly choose key person's password and make up Key ' (key), other key person's passwords make up data, adopt block encryption algorithm to utilize described Key ' that described data are carried out MIC ' computing, obtain MIC ' operation result.Wherein, the key person that the key person who is used for making up Key ' and step (1) are used to make up Key is same key person, and Key ' is consistent with the building mode of Key; The building mode and the input order that are used for MIC ' computing input data are consistent with building mode and input order that step (1) is used for MIC computing input data; Then the MIC ' and the MIC of the middle storage of step (2) are compared;
(4) compare successfully, then allow to implement ensuing cipher key management operation (key generation and renewal, the renewal of key person's password, key recovery, cipher key backup and cipher key destruction), otherwise withdraw from.
As second kind of embodiment of the present invention, method provided by the present invention participates in the renewal of key person's password, cipher key backup operation simultaneously by M position key person fully, when promptly carrying out the renewal of key person's password, cipher key backup operations, M position key person is on the scene and Attended Operation simultaneously; Or, N position key person participates in the key generation simultaneously and renewal, key recovery, cipher key destruction are operated by choosing arbitrarily among the key person of M position, when promptly carrying out key generation and renewal, key recovery, cipher key destruction operation, have at least the N position must be simultaneously on the scene and N position Attended Operation wherein among the key person of M position, all the other M-N position key persons are Attended Operation not, its concrete grammar may further comprise the steps: when key management system is created (key person's number is at least 2, M>N 〉=2):
(1) M position key person according to 1,2,3......M-1, M nature preface is numbered, key management system is created each key person's numbering of back and is remained unchanged;
(2) in the key person of M position, choose N position key person arbitrarily and constitute a combination, co-exist in C M NIndividual combination, in combination in any, choose the minimum key person's password structure Key of numbering among the key person of N position, all the other N-1 position key person's passwords make up data, adopt block encryption algorithm that key person's password is carried out the MIC computing, obtain the MIC operation result, the MIC operation result is stored (it is relevant with data input requirement with method that makes up described The data and selected block encryption algorithm key to make up described Key, and wherein selected block encryption algorithm can be known algorithm);
(3) choose and choose N position key person among the key person of M position arbitrarily and constitute described C M NNext combination in the individual combination, same compute mode is carried out the MIC computing to N position key person's password in this combination in the employing step (2), obtains MIC operation result and storage;
(4) repeating step (3) is until covering described C M NIndividual combination, and the corresponding MIC value of each combination of storage.
When key management system uses:
(5) when cipher key management operation be that key generates and upgrades, key recovery, during the cipher key destruction operation, choosing N position key person among the key person of M position arbitrarily operates, utilize the minimum key person's password structure Key ' of numbering among the key person of N position this moment, all the other N-1 position key person's passwords make up data, adopt block encryption algorithm that key person's password is carried out MIC ' computing, obtain MIC ' operation result, wherein, the building mode of Key ' is consistent with the building mode of Key in the step (2), and the building mode and the input order that are used for MIC ' computing input data are consistent with building mode and input order that step (2) is used for MIC computing input data; This MIC ' and each MIC of storage are compared one by one,, then compare successfully, then allow to implement ensuing key and generate renewal, key recovery, cipher key destruction operation, otherwise withdraw from if exist a MIC identical with MIC '.
When key person's password upgrades operation, M position key person needs Attended Operation simultaneously, at first choosing first this moment makes up to N position key person, make up Key ' with first key person's password then, all the other N-1 position key person's passwords make up data, adopt block encryption algorithm that key person's password is carried out MIC ' computing, obtain MIC ' operation result, wherein, the building mode of Key ' is consistent with the building mode of Key in the step (2), and the building mode and the input order that are used for MIC ' computing input data are consistent with building mode and input order that step (2) is used for MIC computing input data; Each MIC of MIC ' operation result and storage is compared one by one, if compare successfully, carry out next group combination MIC ' computing and with each MIC of storage operation of comparing one by one, otherwise withdraw from.Wherein next group combination building mode is removed from current combination for numbering minimum key person, maximum key person in the current combination is numbered corresponding next one numbering (increase progressively and add 1) key person be added to current combination.In each combination, all make up Key with lowest number key person password, all the other N-1 position key person's passwords make up data and carry out MIC ' computing, then each MIC with storage compares one by one, and the key person of maximum numbering participates in computing in the key person of M position, and comparison is finished.If all compare successfully, then carry out step (2), (3), (4) operation, be key person's new password and participate in key person's password of computing this moment.
When cipher key backup is operated, M position key person needs Attended Operation simultaneously, at first choosing first this moment makes up to N position key person, make up Key ' with first key person's password then, all the other N-1 position key person's passwords make up data, adopt block encryption algorithm that key person's password is carried out MIC ' computing, obtain MIC ' operation result, wherein, the building mode of Key ' is consistent with the building mode of Key in the step (2), and the building mode and the input order that are used for MIC ' computing input data are consistent with building mode and input order that step (2) is used for MIC computing input data; Each MIC of MIC ' operation result and storage is compared one by one, if compare successfully, carry out next group combination MIC ' computing and with each MIC of storage operation of comparing one by one, otherwise withdraw from.Wherein next group combination building mode is removed from current combination for numbering minimum key person, maximum key person in the current combination is numbered corresponding next one numbering (increase progressively and add 1) key person be added to current combination.In each combination, all make up Key with lowest number key person password, all the other N-1 position key person's passwords make up data and carry out MIC ' computing, then each MIC with storage compares one by one, and the key person of maximum numbering participates in computing in the key person of M position, and comparison is finished.If all compare successfully, then allow to implement ensuing cipher key backup operation.
In addition, the present invention is when providing a kind of key management method, a kind of key management system also is provided, this system comprises key person's password input module of being used to obtain some key person's passwords, be used for adopting block encryption algorithms to carry out the MIC computing of information integrity check code some key person's passwords and with this as key person's password verification module that each key person's identity is differentiated and be used for cipher key management operation enforcement module that cipher key management operation is issued; Described cipher key management operation is that key generates with renewal operation, key person's password renewal operation, key recovery operation, cipher key backup is operated and the cipher key destruction operation.

Claims (10)

1.一种密钥管理方法,其特征在于:所述方法包括以下步骤:1. A key management method, characterized in that: the method comprises the following steps: 1)将密钥员口令采用分组加密算法进行信息完整性校验码MIC运算,得到MIC校验值:1) Use the group encryption algorithm to perform the MIC operation of the information integrity check code on the password of the key clerk, and obtain the MIC check value: 1.1) 设所述密钥员总数为M,其中M≥2;1.1) Let the total number of key operators be M, where M≥2; 1.2) 从M位密钥员中任意选取N位密钥员构成一个组合,其中M≥N≥2,则密钥员的可能选取结果存在CM N种组合;1.2) Randomly select N key clerks from M key clerks to form a combination, where M≥N≥2, then there are C M N combinations of possible selection results of key clerks; 1.3) 确定采用分组加密算法进行信息完整性校验码MIC运算时,Key的选取及构建方式,以及数据的构建方式;其中,Key由所选取的N位密钥员中的一位密钥员所持有的口令构建而成,数据由所选取的其余N-1位密钥员各自持有的密钥员口令构建而成;1.3) Determine the selection and construction method of the Key and the construction method of the data when the block encryption algorithm is used for the MIC operation of the information integrity check code; wherein, the Key is determined by one of the selected N key personnel. The data is constructed from the passwords held by the other N-1 selected key administrators; 1.4) 根据步骤1.3)确定的Key的选取及构建方式,以及数据的构建方式,采用分组加密算法进行信息完整性校验码MIC运算,具体操作为:根据步骤1.3)中确定的Key的选取及构建方式生成Key,根据步骤1.3)中确定的数据构建方式生成数据,采用分组加密算法进行信息完整性校验码MIC运算,将运算生成的MIC值作为密钥员身份鉴别的依据,进行存储;1.4) According to the selection and construction method of the Key determined in step 1.3), and the construction method of the data, the group encryption algorithm is used to perform the MIC operation of the information integrity check code. The specific operation is: according to the selection and construction of the Key determined in step 1.3). The construction method generates Key, generates data according to the data construction method determined in step 1.3), adopts the group encryption algorithm to carry out the information integrity check code MIC operation, and stores the MIC value generated by the operation as the basis for the identity authentication of the key operator; 1.5)从步骤1.2)所述的CM N种组合中选取另一组合,重复步骤1.4)的操作,直至覆盖所述CM N种组合而生成并储存CM N个MIC;1.5) Select another combination from the C M N combinations described in step 1.2), and repeat the operation of step 1.4), until the C M N combinations are covered to generate and store C M N MICs; 2)将步骤1)所得到的MIC校验值作为对各密钥员身份鉴别的依据完成密钥管理操作,其中:2) Use the MIC verification value obtained in step 1) as the basis for identifying the identity of each key operator to complete the key management operation, where: 当所进行的密钥管理操作需要全部密钥员均参与时:When the key management operation requires the participation of all key administrators: 2.1) 从M位密钥员中任意选取N位密钥员,其中M≥N≥2;2.1) Randomly select N key clerks from M key clerks, where M≥N≥2; 2.2)采用与步骤1)中确定的Key的选取及构建方式,以及数据的构建方式完全一致的方式,进行MIC’运算,具体操作为:选用与步骤1)中确定的Key的选取及构建方式完全一致的方式,在N位密钥员中选取一位密钥员所持有的口令构建Key,选用与步骤1)中确定的数据的构建方式完全一致的方式,将其余N-1位密钥员各自持有的口令构建成数据,采用分组加密算法进行信息完整性校验码MIC’运算;2.2) Perform the MIC' calculation in the same way as the key selection and construction method determined in step 1), and the data construction method. The specific operation is: select the key selection and construction method determined in step 1) In a completely consistent way, select a password held by a key clerk among the N key clerks to construct a Key, choose a method that is completely consistent with the data construction method determined in step 1), and use the remaining N-1 key clerks The passwords held by the key clerks are constructed into data, and the block encryption algorithm is used to perform the operation of the information integrity check code MIC'; 2.3)将生成的MIC’ 与步骤1)中所存储的所述CM N个MIC逐个进行比对,如果存在一个MIC与MIC’比对成功,则执行步骤2.4);否则,密钥员身份鉴别失败,退出密钥管理操作;2.3) Compare the generated MIC' with the C M N MICs stored in step 1) one by one, if there is a successful comparison between MIC and MIC', then perform step 2.4); otherwise, the key operator identity If the authentication fails, exit the key management operation; 2.4)从所选取的N位密钥员中去除任意一位参与过步骤2.2)和步骤2.3)的密钥员,加入一位未参与过步骤2.2)和步骤2.3)的密钥员,进行步骤2.2)和步骤2.3)所描述的相同的操作;2.4) Remove any key clerk who has participated in step 2.2) and step 2.3) from the selected N key clerks, and add a key clerk who has not participated in step 2.2) and step 2.3), and proceed to step 2.2) and the same operation as described in step 2.3); 2.5) 重复步骤2.4),直至所述M位密钥员均参与了步骤2.2)和步骤2.3)所描述的操作;当各次MIC’校验均成功时,允许进行密钥管理操作,否则退出密钥管理操作;2.5) Repeat step 2.4) until the M key officers have participated in the operations described in step 2.2) and step 2.3); when all MIC' verifications are successful, the key management operation is allowed, otherwise exit Key management operations; 当所进行的密钥管理操作无需全部密钥员均参与时:When performing key management operations without the participation of all key administrators: 2.6) 从M位密钥员中任意选取N位密钥员,其中M≥N≥2;2.6) Randomly select N key clerks from M key clerks, where M≥N≥2; 2.7)采用与步骤1)中确定的Key的选取及构建方式,以及数据的构建方式完全一致的方式,进行MIC’运算,具体操作为:选用与步骤1)中确定的Key的选取及构建方式完全一致的方式,在N位密钥员中选取一位密钥员所持有的口令构建Key,选用与步骤1)中确定的数据的构建方式完全一致的方式,将其余N-1位密钥员各自持有的口令构建成数据,采用分组加密算法进行信息完整性校验码MIC’运算;2.7) Perform the MIC' operation in the same way as the key selection and construction method determined in step 1) and the data construction method. The specific operation is: select the key selection and construction method determined in step 1) In a completely consistent way, select a password held by a key clerk among the N key clerks to construct a Key, choose a method that is completely consistent with the data construction method determined in step 1), and use the remaining N-1 key clerks The passwords held by the key clerks are constructed into data, and the block encryption algorithm is used to perform the operation of the information integrity check code MIC'; 2.8)将生成的MIC’ 与步骤1)中所存储的所述CM N个校验码MIC逐个进行比对,如果存在一个MIC与MIC’比对成功,则所选密钥员身份鉴别通过,允许进行密钥管理操作;否则退出密钥管理操作。2.8) Compare the generated MIC' with the C M N verification codes MIC stored in step 1) one by one, if there is a successful comparison between MIC and MIC', the identity authentication of the selected key operator is passed , to allow key management operations; otherwise, exit key management operations. 2.根据权利要求1所述的密钥管理方法,其特征在于:所述密钥管理操作包括进行密钥生成与更新操作、密钥员口令更新操作、密钥恢复操作、密钥备份操作以及密钥销毁操作。2. The key management method according to claim 1, characterized in that: said key management operations include key generation and update operations, key clerk password update operations, key recovery operations, key backup operations, and Key destruction operation. 3.根据权利要求2所述的密钥管理方法,其特征在于:所述若干密钥员进行全部密钥员参与的密钥管理操作,此时所选密钥员的数量N满足N=M;或密钥员可选的密钥管理操作,此时所选密钥员的数量N满足M>N≥2。3. The key management method according to claim 2, characterized in that: said several key officers perform key management operations in which all key officers participate, and the number N of selected key officers satisfies N=M ; or optional key management operations by key clerks, at this time the number N of selected key clerks satisfies M>N≥2. 4.根据权利要求3所述的密钥管理方法,其特征在于:所述若干密钥员进行全部密钥员参与的密钥管理操作时,所述若干密钥员必须同时在场并参与操作,此时,所选密钥员的数量N等于M,所述步骤1)的具体实现方式是:4. The key management method according to claim 3, characterized in that: when said several key personnel perform key management operations in which all key personnel participate, said several key personnel must be present and participate in the operation at the same time, At this time, the number N of selected keymen is equal to M, and the specific implementation of the step 1) is: 1.1.1)任意选取所选N位密钥员口令中的一个密钥员口令构建Key;1.1.1) Randomly select one of the selected N key clerk passwords to construct the Key; 1.1.2)利用除步骤1.1.1)外的所有密钥员口令构建数据;1.1.2) Construct data using all key clerk passwords except step 1.1.1); 1.1.3)采用分组加密算法利用步骤1.1.1)所构建的Key对步骤1.1.2)所构建的数据进行MIC运算,得到MIC运算结果,所述MIC运算结果是MIC校验值。1.1.3) Use the block encryption algorithm to use the Key constructed in step 1.1.1) to perform MIC operation on the data constructed in step 1.1.2) to obtain the MIC operation result, which is the MIC check value. 5.根据权利要求4所述的密钥管理方法,其特征在于:所述密钥管理方法是全部密钥员参与的密钥管理操作时,所选密钥员的数量N等于M,所述步骤2)的具体实现方式是:5. The key management method according to claim 4, characterized in that: when the key management method is a key management operation in which all key personnel participate, the number N of selected key personnel is equal to M, and the The specific implementation of step 2) is: 2.1.1)选取所选N位密钥员口令中的一个密钥员口令构建Key’,其中,构建Key’所选取的密钥员与步骤1.1.1)中构建Key所选取的密钥员为同一密钥员,且Key’的构建方式与Key的构建方式一致;2.1.1) Select one of the selected N passwords of the key officer to construct Key', where the key officer selected for building Key' is the same as the key officer selected for building Key in step 1.1.1) are the same key operator, and the construction method of Key' is consistent with the construction method of Key; 2.1.2)利用除步骤2.1.1)外的所有密钥员口令构建数据;2.1.2) Construct data using all key clerk passwords except step 2.1.1); 2.1.3)采用分组加密算法利用步骤2.1.1)所构建的Key’对步骤2.1.2)所构建的数据进行MIC运算,得到MIC运算结果,所述MIC运算结果是MIC’校验值,其中运算MIC’过程中输入数据的构建方式及输入次序与步骤1.1.3)运算MIC过程中输入数据的构建方式及输入次序一致;2.1.3) Use the block encryption algorithm to use the Key' constructed in step 2.1.1) to perform MIC operation on the data constructed in step 2.1.2) to obtain the MIC operation result, which is the MIC' check value, The construction method and input order of input data in the process of calculating MIC' are consistent with the construction method and input order of input data in step 1.1.3) in the process of calculating MIC; 2.1.4)将步骤2.1.3)所得到的MIC’校验值与步骤1.1.3)所得到的MIC校验值进行比对,若比对成功,则允许密钥员实施密钥管理操作;若比对不成功,则退出密钥管理操作。2.1.4) Compare the MIC' verification value obtained in step 2.1.3) with the MIC verification value obtained in step 1.1.3). If the comparison is successful, the key operator is allowed to implement key management operations ; If the comparison is unsuccessful, exit the key management operation. 6.根据权利要求3所述的密钥管理方法,其特征在于:所述若干密钥员进行密钥员可选的密钥管理操作时,所述若干密钥员的个数是M,所述密钥员可选的密钥管理操作的密钥员参与数量为N,所述M>N≥2;此时,所述步骤1)的具体实现方式是:6. The key management method according to claim 3, characterized in that: when said several key personnel perform optional key management operations of the key personnel, the number of said several key personnel is M, so The number of key clerks participating in the optional key management operation of the key clerk is N, and the said M>N≥2; at this time, the specific implementation of the step 1) is: 1.2.1)对M位密钥员按照1、2、3……M-1、M自然序进行编号;1.2.1) Number the M key operators according to the natural order of 1, 2, 3...M-1, M; 1.2.2)在M位密钥员中任意选取N位密钥员构成一个组合,共存在CM N个组合,在任意组合中,选取N位密钥员中编号最小的密钥员口令构建Key;1.2.2) Randomly select N key clerks from M key clerks to form a combination. There are C M N combinations. In any combination, select the key clerk with the smallest number among the N key clerks to construct a password key; 1.2.3)利用除步骤1.2.2)外的其余N-1位密钥员口令构建数据;1.2.3) Use the remaining N-1 key clerk passwords except step 1.2.2) to construct data; 1.2.4)采用分组加密算法利用步骤1.2.2)所构建的Key对步骤1.2.3)所构建的数据进行MIC运算,得到MIC运算结果,所述MIC运算结果是MIC校验值;1.2.4) Using the block encryption algorithm to use the Key constructed in step 1.2.2) to perform MIC operation on the data constructed in step 1.2.3) to obtain the MIC operation result, which is the MIC check value; 1.2.5)选取M位密钥员中任意选取N位密钥员构成所述CM N个组合中的下一组合,采用步骤1.2.2)~步骤1.2.4)中同样的运算方式对该组合中N位密钥员口令进行MIC运算,得到MIC运算结果;1.2.5) Randomly select N key clerks from among the M key clerks to form the next combination of the C M N combinations, and use the same operation method in steps 1.2.2) to 1.2.4) to In this combination, the passwords of the N-bit key clerks are subjected to MIC operations to obtain the results of the MIC operations; 1.2.6)重复步骤1.2.5),直至覆盖所述CM N个组合的MIC运算结果。1.2.6) Step 1.2.5) is repeated until the MIC operation results of the C M N combinations are covered. 7.根据权利要求6所述的密钥管理方法,其特征在于:所述若干密钥员进行密钥员可选的密钥管理操作时,所述的密钥管理操作是密钥备份操作时,M位密钥员必须同时参与操作,此时所述步骤2)的具体实现方式是:7. The key management method according to claim 6, characterized in that: when said several key clerks perform optional key management operations for key clerks, said key management operation is a key backup operation , M key administrators must participate in the operation at the same time. At this time, the specific implementation method of step 2) is: 2.2.1.1)选取第一位至第N位密钥员进行组合,以第一位密钥员口令构建Key’;2.2.1.1) Select the first to N key clerks to combine, and build Key’ with the password of the first key clerk; 2.2.1.2)利用除步骤2.2.1.1)外的其余N-1位密钥员口令构建数据;2.2.1.2) Use the remaining N-1 key clerk passwords except step 2.2.1.1) to construct data; 2.2.1.3)采用分组加密算法利用步骤2.2.1.1)所构建的Key’对步骤2.2.1.2)所构建的数据进行MIC’运算;其中,所述Key’的构建方式与步骤1.2.2)中Key的构建方式一致;运算MIC’过程中输入数据的构建方式及输入次序与步骤1.2.4)运算MIC过程中输入数据的构建方式及输入次序一致;2.2.1.3) Use the block encryption algorithm to use the Key' constructed in step 2.2.1.1) to perform MIC' operations on the data constructed in step 2.2.1.2); wherein, the Key' is constructed in the same way as in step 1.2.2) The construction method of Key is the same; the construction method and input order of input data in the process of calculating MIC' are consistent with the construction method and input order of input data in the process of calculating MIC in step 1.2.4); 2.2.1.4)将MIC’运算结果与步骤1.2.4)中所得到的各MIC逐个进行比对,如果比对成功,进行下一组组合MIC’运算及与存储的各MIC逐个进行比对操作,否则退出密钥管理操作;其中,所述下一组组合构建方式为将编号最小的密钥员从当前组合中去除,将当前组合中最大密钥员编号对应的下一个编号密钥员加入至当前组合,包含编号M密钥员的组合为最后一个需要MIC’运算及与存储的各MIC逐个进行比对操作的组合。其中,所述下一个编号为所述当前组合中最大密钥员编号递增加1。2.2.1.4) Compare the MIC' calculation result with the MICs obtained in step 1.2.4) one by one, if the comparison is successful, perform the next group of combined MIC' calculations and compare them with the stored MICs one by one , otherwise exit the key management operation; wherein, the construction method of the next group of combinations is to remove the key operator with the smallest number from the current combination, and add the key operator with the next number corresponding to the largest key operator number in the current combination Up to the current combination, the combination containing the number M keykeeper is the last combination that requires MIC' operation and comparison operation with each stored MIC one by one. Wherein, the next number is the number of the largest key operator in the current combination incremented by 1. 8.根据权利要求6所述的密钥管理方法,其特征在于:所述若干密钥员进行密钥员可选的密钥管理操作时,所述的密钥管理操作是密钥员口令更新操作时,M位密钥员必须同时参与操作,此时所述步骤2)的具体实现方式是:8. The key management method according to claim 6, characterized in that: when said several key clerks perform optional key management operations for key clerks, said key management operation is key clerk password update During the operation, M key administrators must participate in the operation at the same time. At this time, the specific implementation method of step 2) is: 2.2.2.1)选取第一位至第N位密钥员进行组合,以第一位密钥员口令构建Key’;2.2.2.1) Select the first to N key clerks to combine, and use the password of the first key clerk to construct Key’; 2.2.2.2)利用除步骤2.2.2.1)外的其余N-1位密钥员口令构建数据;2.2.2.2) Use the remaining N-1 key clerk passwords except step 2.2.2.1) to construct data; 2.2.2.3)采用分组加密算法利用步骤2.2.2.1)所构建的Key’对步骤2.2.2.2)所构建的数据进行MIC’运算;其中,所述Key’的构建方式与步骤1.2.2)中Key的构建方式一致;运算MIC’过程中输入数据的构建方式及输入次序与步骤1.2.4)运算MIC过程中输入数据的构建方式及输入次序一致;2.2.2.3) Use the block encryption algorithm to use the Key' constructed in step 2.2.2.1) to perform MIC' operations on the data constructed in step 2.2.2.2); wherein, the Key' is constructed in the same way as in step 1.2.2) The construction method of Key is the same; the construction method and input order of input data in the process of calculating MIC' are consistent with the construction method and input order of input data in the process of calculating MIC in step 1.2.4); 2.2.2.4)将MIC’运算结果与步骤1.2.4)中所得到的各MIC逐个进行比对,如果比对成功,进行下一组组合MIC’运算及与存储的各MIC逐个进行比对操作,否则退出密钥管理操作;其中,所述下一组组合构建方式为将编号最小的密钥员从当前组合中去除,将当前组合中最大密钥员编号对应的下一个编号密钥员加入至当前组合,包含编号M密钥员的组合为最后一个需要MIC’运算及与存储的各MIC逐个进行比对操作的组合。其中,所述下一个编号为所述当前组合中最大密钥员编号递增加1。2.2.2.4) Compare the MIC' calculation result with the MICs obtained in step 1.2.4) one by one, if the comparison is successful, perform the next group of combined MIC' calculations and compare them with the stored MICs one by one , otherwise exit the key management operation; wherein, the construction method of the next group of combinations is to remove the key operator with the smallest number from the current combination, and add the key operator with the next number corresponding to the largest key operator number in the current combination Up to the current combination, the combination containing the number M keykeeper is the last combination that requires MIC' operation and comparison operation with each stored MIC one by one. Wherein, the next number is the number of the largest key operator in the current combination incremented by 1. 9.根据权利要求6所述的密钥管理方法,其特征在于:所述若干密钥员进行密钥员可选的密钥管理操作时,所述的密钥管理操作是密钥生成与更新操作、密钥恢复操作或密钥销毁操作,此时,M位密钥员中任意选取N位密钥员进行操作,所述步骤2)的具体实现方式是:9. The key management method according to claim 6, characterized in that: when said several key clerks perform optional key management operations for key clerks, said key management operations are key generation and update operation, key recovery operation or key destruction operation, at this time, N key clerks are arbitrarily selected from M key clerks to operate, and the specific implementation of step 2) is as follows: 2.2.3.1)利用N位密钥员中编号最小的密钥员口令构建Key’;2.2.3.1) Use the password of the key clerk with the smallest number among the N key clerks to construct Key’; 2.2.3.2) 利用除步骤2.2.3.1)外的其余N-1位密钥员口令构建数据;2.2.3.2) Use the remaining N-1 key clerk passwords except step 2.2.3.1) to construct data; 2.2.3.3)采用分组加密算法利用步骤2.2.3.1)所构建的Key’对步骤2.2.3.2)所构建的数据对密钥员口令进行MIC’运算,得到MIC’运算结果;其中,所述Key’的构建方式与步骤1.2.2)中Key的构建方式一致;运算MIC’过程中输入数据的构建方式及输入次序与步骤1.2.4)运算MIC过程中输入数据的构建方式及输入次序一致;2.2.3.3) Use the block encryption algorithm to use the Key' constructed in step 2.2.3.1) to perform the MIC' operation on the password of the key operator on the data constructed in step 2.2.3.2), and obtain the result of the MIC' operation; wherein, the Key The construction method of ' is consistent with the construction method of Key in step 1.2.2); the construction method and input order of input data in the process of computing MIC' are consistent with the construction method and input sequence of input data in the process of computing MIC in step 1.2.4); 2.2.3.4)将该MIC’与步骤1.2.4)中所得到的各MIC逐个进行比对,如果存在一个MIC与MIC’相同,则比对成功,则允许实施密钥生成更新操作、密钥恢复操作或密钥销毁操作;否则退出密钥管理操作。2.2.3.4) Compare this MIC' with the MICs obtained in step 1.2.4) one by one. If there is a MIC that is the same as MIC', the comparison is successful, and the key generation update operation, key A recovery operation or a key destruction operation; otherwise, the key management operation is aborted. 10.一种密钥管理系统,其特征在于:所述密钥管理系统包括用于获取若干密钥员口令的密钥员口令输入模块、用于将若干密钥员口令采用分组加密算法进行信息完整性校验码MIC运算并以此作为对各密钥员身份鉴别的密钥员口令校验模块以及用于将密钥管理操作下发的密钥管理操作实施模块;所述密钥管理操作是密钥生成与更新操作、密钥员口令更新操作、密钥恢复操作、密钥备份操作以及密钥销毁操作;所述密钥员口令校验模块进行信息完整性校验码MIC运算并以此作为对各密钥员身份鉴别的具体方式是:1)将密钥员口令采用分组加密算法进行信息完整性校验码MIC运算,得到MIC校验值:10. A key management system, characterized in that: the key management system includes a key clerk password input module for obtaining several key clerk passwords, and is used to convert several key clerk passwords into information using a group encryption algorithm. Integrity check code MIC calculation and use it as a key officer password verification module for identifying the identity of each key officer and a key management operation implementation module for issuing key management operations; the key management operation It is a key generation and update operation, a key clerk password update operation, a key recovery operation, a key backup operation, and a key destruction operation; the key clerk password verification module performs an information integrity check code MIC operation and uses The specific method for identifying the identity of each key operator is: 1) Use the block encryption algorithm to perform the MIC operation of the information integrity check code on the password of the key operator to obtain the MIC check value: 1.1) 设所述密钥员总数为M,其中M≥2;1.1) Let the total number of key operators be M, where M≥2; 1.2) 从M位密钥员中任意选取N位密钥员构成一个组合,其中M≥N≥2,则密钥员的可能选取结果存在CM N种组合;1.2) Randomly select N key clerks from M key clerks to form a combination, where M≥N≥2, then there are C M N combinations of possible selection results of key clerks; 1.3) 确定采用分组加密算法进行信息完整性校验码MIC运算时,Key的选取及构建方式,以及数据的构建方式;其中,Key由所选取的N位密钥员中的一位密钥员所持有的口令构建而成,数据由所选取的其余N-1位密钥员各自持有的密钥员口令构建而成;1.3) Determine the selection and construction method of the Key and the construction method of the data when the block encryption algorithm is used for the MIC operation of the information integrity check code; wherein, the Key is determined by one of the selected N key personnel. The data is constructed from the passwords held by the other N-1 selected key administrators; 1.4) 根据步骤1.3)确定的Key的选取及构建方式,以及数据的构建方式,采用分组加密算法进行信息完整性校验码MIC运算,具体操作为:根据步骤1.3)中确定的Key的选取及构建方式生成Key,根据步骤1.3)中确定的数据构建方式生成数据,采用分组加密算法进行信息完整性校验码MIC运算,将运算生成的MIC值作为密钥员身份鉴别的依据,进行存储;1.4) According to the selection and construction method of the Key determined in step 1.3), and the construction method of the data, the group encryption algorithm is used to perform the MIC operation of the information integrity check code. The specific operation is: according to the selection and construction of the Key determined in step 1.3). The construction method generates Key, generates data according to the data construction method determined in step 1.3), adopts the group encryption algorithm to carry out the information integrity check code MIC operation, and stores the MIC value generated by the operation as the basis for the identity authentication of the key operator; 1.5)从步骤1.2)所述的CM N种组合中选取另一组合,重复步骤1.4)的操作,直至覆盖所述CM N种组合而生成并储存CM N个MIC;1.5) Select another combination from the C M N combinations described in step 1.2), and repeat the operation of step 1.4), until the C M N combinations are covered to generate and store C M N MICs; 密钥管理操作实施模块将密钥管理操作下发,其中:当所进行的密钥管理操作需要全部密钥员均参与时:The key management operation implementation module issues the key management operation, wherein: when the key management operation requires the participation of all key personnel: 2.1) 从M位密钥员中任意选取N位密钥员,其中M≥N≥2;2.1) Randomly select N key clerks from M key clerks, where M≥N≥2; 2.2)采用与步骤1)中确定的Key的选取及构建方式,以及数据的构建方式完全一致的方式,进行MIC’运算,具体操作为:选用与步骤1)中确定的Key的选取及构建方式完全一致的方式,在N位密钥员中选取一位密钥员所持有的口令构建Key,选用与步骤1)中确定的数据的构建方式完全一致的方式,将其余N-1位密钥员各自持有的口令构建成数据,采用分组加密算法进行信息完整性校验码MIC’运算;2.2) Perform the MIC' calculation in the same way as the key selection and construction method determined in step 1), and the data construction method. The specific operation is: select the key selection and construction method determined in step 1) In a completely consistent way, select a password held by a key clerk among the N key clerks to construct a Key, choose a method that is completely consistent with the data construction method determined in step 1), and use the remaining N-1 key clerks The passwords held by the key clerks are constructed into data, and the block encryption algorithm is used to perform the operation of the information integrity check code MIC'; 2.3)将生成的MIC’ 与步骤1)中所存储的所述CM N个MIC逐个进行比对,如果存在一个MIC与MIC’比对成功,则执行步骤2.4);否则,密钥员身份鉴别失败,退出密钥管理操作;2.3) Compare the generated MIC' with the C M N MICs stored in step 1) one by one, if there is a successful comparison between MIC and MIC', then perform step 2.4); otherwise, the key operator identity If the authentication fails, exit the key management operation; 2.4)从所选取的N位密钥员中去除任意一位参与过步骤2.2)和步骤2.3)的密钥员,加入一位未参与过步骤2.2)和步骤2.3)的密钥员,进行步骤2.2)和步骤2.3)所描述的相同的操作;2.4) Remove any key clerk who has participated in step 2.2) and step 2.3) from the selected N key clerks, and add a key clerk who has not participated in step 2.2) and step 2.3), and proceed to step 2.2) and the same operation as described in step 2.3); 2.5) 重复步骤2.4),直至所述M位密钥员均参与了步骤2.2)和步骤2.3)所描述的操作;当各次MIC’校验均成功时,允许进行密钥管理操作,否则退出密钥管理操作;2.5) Repeat step 2.4) until the M key officers have participated in the operations described in step 2.2) and step 2.3); when all MIC' verifications are successful, the key management operation is allowed, otherwise exit Key management operations; 当所进行的密钥管理操作无需全部密钥员均参与时:When performing key management operations without the participation of all key administrators: 2.6) 从M位密钥员中任意选取N位密钥员,其中M≥N≥2;2.6) Randomly select N key clerks from M key clerks, where M≥N≥2; 2.7)采用与步骤1)中确定的Key的选取及构建方式,以及数据的构建方式完全一致的方式,进行MIC’运算,具体操作为:选用与步骤1)中确定的Key的选取及构建方式完全一致的方式,在N位密钥员中选取一位密钥员所持有的口令构建Key,选用与步骤1)中确定的数据的构建方式完全一致的方式,将其余N-1位密钥员各自持有的口令构建成数据,采用分组加密算法进行信息完整性校验码MIC’运算;2.7) Perform the MIC' operation in the same way as the key selection and construction method determined in step 1) and the data construction method. The specific operation is: select the key selection and construction method determined in step 1) In a completely consistent way, select a password held by a key clerk among the N key clerks to construct a Key, choose a method that is completely consistent with the data construction method determined in step 1), and use the remaining N-1 key clerks The passwords held by the key clerks are constructed into data, and the block encryption algorithm is used to perform the operation of the information integrity check code MIC'; 2.8)将生成的MIC’ 与步骤1)中所存储的所述CM N个校验码MIC逐个进行比对,如果存在一个MIC与MIC’比对成功,则所选密钥员身份鉴别通过,允许进行密钥管理操作;否则退出密钥管理操作。2.8) Compare the generated MIC' with the C M N verification codes MIC stored in step 1) one by one, if there is a successful comparison between MIC and MIC', the identity authentication of the selected key operator is passed , to allow key management operations; otherwise, exit key management operations.
CN201010597643.0A 2010-12-20 2010-12-20 Key management method and system Expired - Fee Related CN102013976B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201010597643.0A CN102013976B (en) 2010-12-20 2010-12-20 Key management method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201010597643.0A CN102013976B (en) 2010-12-20 2010-12-20 Key management method and system

Publications (2)

Publication Number Publication Date
CN102013976A CN102013976A (en) 2011-04-13
CN102013976B true CN102013976B (en) 2013-07-31

Family

ID=43844007

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201010597643.0A Expired - Fee Related CN102013976B (en) 2010-12-20 2010-12-20 Key management method and system

Country Status (1)

Country Link
CN (1) CN102013976B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103312494A (en) * 2012-03-14 2013-09-18 中国人民银行印制科学技术研究所 Data scatter storage method, data recovery method and data card
CN105162772B (en) * 2015-08-04 2019-03-15 三星电子(中国)研发中心 A kind of internet of things equipment certifiede-mail protocol method and apparatus
CN111416788B (en) * 2019-01-04 2023-08-08 北京京东尚科信息技术有限公司 Method and device for preventing transmission data from being tampered

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1249589A (en) * 1999-09-08 2000-04-05 北京龙安计算机技术开发有限公司 Signature/verification method for nonshared key algorithm
CN101616412A (en) * 2009-08-07 2009-12-30 杭州华三通信技术有限公司 The method of calibration of management frames in wireless local area and equipment
CN101719908A (en) * 2009-11-26 2010-06-02 大连大学 Image encryption method based on chaos theory and DNA splice model

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1249589A (en) * 1999-09-08 2000-04-05 北京龙安计算机技术开发有限公司 Signature/verification method for nonshared key algorithm
CN101616412A (en) * 2009-08-07 2009-12-30 杭州华三通信技术有限公司 The method of calibration of management frames in wireless local area and equipment
CN101719908A (en) * 2009-11-26 2010-06-02 大连大学 Image encryption method based on chaos theory and DNA splice model

Also Published As

Publication number Publication date
CN102013976A (en) 2011-04-13

Similar Documents

Publication Publication Date Title
Stokkink et al. Deployment of a blockchain-based self-sovereign identity
US8526606B2 (en) On-demand secure key generation in a vehicle-to-vehicle communication network
US8713329B2 (en) Authenticated secret sharing
CN107220820A (en) Resource transfers method, device and storage medium
EP3410633B1 (en) Device and system with global tamper resistance
CN107563112A (en) A kind of medical information sharing system
CN110071812A (en) A kind of editable can link, the ring signatures method of non-repudiation
CN109190384B (en) Multi-center block chain fusing protection system and method
CN106416123A (en) Password-based authentication
JP2008524727A5 (en)
CN107171796A (en) A kind of many KMC key recovery methods
DE102005030590A1 (en) Safe correction system
CN103095452A (en) Random encryption method needing to adopt exhaustion method for deciphering
CN110912705A (en) Distributed electronic voting method and system based on block chain
CN101753304A (en) Method for binding biological specificity and key
CN110011998A (en) An Identity-Based Multi-Backup Remote Data Possession Verification Method
CN102013976B (en) Key management method and system
US20190288833A1 (en) System and Method for Securing Private Keys Behind a Biometric Authentication Gateway
CN111865595B (en) Block chain consensus method and device
HanataniI et al. A study on computational formal verification for practical cryptographic protocol: the case of synchronous RFID authentication
CN102983969A (en) Security login system and security login method for operating system
CN113591103B (en) Identity authentication method and system between intelligent terminals of electric power Internet of things
CN110391912B (en) Distributed evaluation decision method and system based on secret sharing mechanism
CN114980037B (en) Group communication method and system based on hierarchical asymmetric key pool
CN110111103B (en) Password resetting method and system for digital currency wallet

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20130731

CF01 Termination of patent right due to non-payment of annual fee