CN103916237A - Method and system for managing user encrypted-key retrieval - Google Patents
Method and system for managing user encrypted-key retrieval Download PDFInfo
- Publication number
- CN103916237A CN103916237A CN201210591471.5A CN201210591471A CN103916237A CN 103916237 A CN103916237 A CN 103916237A CN 201210591471 A CN201210591471 A CN 201210591471A CN 103916237 A CN103916237 A CN 103916237A
- Authority
- CN
- China
- Prior art keywords
- user
- key
- recovery
- certificate
- key recovery
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Storage Device Security (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The embodiment of the invention provides a method and system for managing user encrypted-key retrieval. The method includes: a certificate authority receives a user certificate key retrieval request sent by a certificate registration center and the certificate authority adds retrieval application reason information into an expansion option of a user certificate and sends a key retrieval service request, which includes the expansion option of the user certificate, to a key management center; and the key management center analyzes the key retrieval request information and obtains user information and a retrieval application reason and retrieves a encrypted-key pair of the user according to the user information and performs correlation saving on the retrieval application reason and the encrypted-key pair and then returns the encrypted-key pair to the certificate authority. Through introducing the user key retrieval information into the expansion option of the user certificate, the method and system for managing user encrypted-key retrieval are capable of realizing that the key management center is enabled to obtain more complete key retrieval application information and thus it is realized that the key management center manages and identifies user encrypted-key retrieval effectively.
Description
Technical field
The present invention relates to key management technology field, relate in particular to a kind of method and system that user encryption key recovery is managed.
Background technology
Based on PKI(Public Key Infrastructure, PKIX) digital certificate of technology in the application such as ecommerce, E-Government, Web bank, use more and more extensive, user's sharp increase.PKI is by guaranteeing system information safety with public key technique and digital certificate, and is responsible for a kind of system of checking digital certificate holder identity.One intactly PKI system formed by parts such as certification authority, KMC, registration body, directory service and safety certification application software, certificate application services.
CA(certificate authority, authentication center) as the third party who is trusted in e-commerce transaction, solve specially the legitimacy problem of PKI in PKI system.CA is that the user of each use public-key cryptography provides a digital certificate, and the effect of digital certificate is to confirm that the user's name of listing in certificate is corresponding with the public-key cryptography of listing in certificate.The digital signature of CA makes assailant's certificate of can not forging and juggle the figures.
KM(Key Management, key management) system is responsible for CA system that the cipher key service such as the generation of key, preservation, backup, renewal, recovery, inquiry are provided, KM system is except providing the universal key management service of encryption key, the service of judicial evidence collection can also be provided for judicial personnel, can solve the cipher key management considerations that in distributed enterprise applied environment, extensive cryptographic applications is brought.It should support SM2 algorithm and RSA Algorithm, and the right storage of key is also all based on national regulation, meets the requirement of national regulation completely with the interface specification of CA system, meets the due safety of KMC, function, performance requirement as a high standard.
The management of key is safety problem the most key in PKI system, and CA system is signed and issued after user's double certificate, and for signing certificate, private key is preserved by user self, and externally issues public key certificate.If user's private key leaks, assailant can utilize this private key to forge user's signature information, also can decipher this user's enciphered message, and the fail safe that therefore guarantees private key for user is the content of core in key management.And for encrypted certificate, public and private key produces and management by KM, the distribution of private key is also the key problem of key management, if user damages USBKEY, need to submit key recovery application to, regain encrypted certificate, the ciphertext that could encrypt front encrypted certificate is decrypted, and meets daily need.
The key of PKI system safety problem is key management.PKI in signing certificate publishes by public key certificate, is guaranteed its integrality by the signature of certificate authority CA.Private key is preserved by user is secret, once leak, assailant just likely deciphers the enciphered message of issuing private key user, or forges the signature of cipher key user.Therefore, the key issue of key management is exactly to guarantee the fail safe of private key.The physical characteristic of current main employing hardware device is protected the being perfectly safe property of private key.User's private key is generated by hardware device and is only kept in storage medium and cannot derive.Access the password that this private key for user can only set by user self and visit, this has just guaranteed except user, and all other men all cannot use this private key information.
And using in encrypted certificate, when user goes out active or damages the situation of equipment of itself, user's mode such as can report the loss in time stops the use right to this key.But the existing encrypt file of user cannot be deciphered and read, therefore in PKI management system, provide encryption key right recovery management, this also can provide support for judicial evidence collection simultaneously.
In existing key recovery mechanism, realized generation and the recovery of encryption key by KMC.Situation about recovering at KM end during except judicial evidence collection, other situations are user at RA(Register Authority, Registration Authority) the end mode of filing an application.In the time that user need to recover key, first accept a little and file an application by RA by user, after keeper's audit is passed through, RA just sends application to CA, the key recovery interface that CA calls KMC sends request, KMC returns to CA by digital envelope by this user's encryption key, and CA returns to RA by this key to signing and issuing user certificate, finally downloads in the storage medium of user certificate.In whole process, only have RA keeper to apply for, all the other links are system and automatically complete, CA and KMC all do not recover to control and restriction, lack perfect management, be unfavorable for that KM system is multiple CA services, cannot record and manage user's key recovery event.
Summary of the invention
Embodiments of the invention provide a kind of method and system that user encryption key recovery is managed, and to realize, user encryption key recovery are effectively managed, is identified.
The method that user encryption key recovery is managed, comprising:
Authentication center receives the user certificate key recovery request that Registration Authority sends, described authentication center adds in the scaling option of user certificate recovers application thing by information, sends the key recovery service request of the scaling option that comprises described user certificate to KMC;
Described KMC resolves described key recovery solicited message, obtain user profile and recover the application origin of an incident, recover user's encryption key pair according to described user profile, by the described recovery application origin of an incident with encryption key to carrying out associated preservation, and by described encryption key to returning to described authentication center.
The system that user encryption key recovery is managed, comprising:
Authentication center, the user certificate key recovery request sending for acceptance certificate registration center, in the scaling option of user certificate, add and recover application thing by information, send the key recovery service request of the scaling option that comprises described user certificate to KMC;
KMC, resolve for the key recovery request that described authentication center is sended over, obtain user profile and recover the application origin of an incident, recover user's encryption key pair according to described user profile, by the described recovery application origin of an incident with encryption key to carrying out associated preservation, and by described encryption key to returning to described authentication center.
The technical scheme being provided by the embodiment of the invention described above can be found out, the embodiment of the present invention is recovered information by CA by user key and (is comprised user's recovery time, recover the application origin of an incident, recover number of times information) be incorporated in the scaling option of user certificate, can realize and allow KMC obtain more perfect key recovery application information, having realized KMC effectively manages user encryption key recovery, identification, and can review key recovery event according to user certificate information, ensure that user key recovers fail safe and the efficient manageability of flow process.
Accompanying drawing explanation
In order to be illustrated more clearly in the technical scheme of the embodiment of the present invention, below the accompanying drawing of required use during embodiment is described is briefly described, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skills, do not paying under the prerequisite of creative work, can also obtain according to these accompanying drawings other accompanying drawing.
The handling process schematic diagram of a kind of method that user encryption key recovery is managed that Fig. 1 provides for the embodiment of the present invention one;
The structural representation of a kind of system that user encryption key recovery is managed that Fig. 2 provides for the embodiment of the present invention two.
Embodiment
For ease of the understanding to the embodiment of the present invention, be further explained explanation below in conjunction with accompanying drawing as an example of several specific embodiments example, and each embodiment does not form the restriction to the embodiment of the present invention.
Embodiment mono-
The handling process schematic diagram of a kind of method that user encryption key recovery is managed that the embodiment of the present invention provides as shown in Figure 1, comprises following treatment step:
Step 1, user's user terminal is accepted a submission key recovery application to RA, in this key recovery application, comprise key recovery application form and user related information, in above-mentioned key recovery application form, comprise user recovery time, recover the application origin of an incident, recover number of times information;
The keeper that step 2, RA accept a little carries out first trial to above-mentioned key recovery application request, and the main authentication of users personally identifiable information of this first trial, comprises user name, user certificate, and checking asks whether the user of the key recovering is above-mentioned user.
Step 3, eligible when the key recovery application of above-mentioned user terminal, after first trial is qualified, the key recovery application that RA accepts the above-mentioned user terminal of naming a person for a particular job sends to RA center; If the key recovery application first trial of above-mentioned user terminal is defective, refuse;
Examine the key recovery application of above-mentioned user terminal at step 4, RA center, whether above-mentioned user is mainly examined in this audit is validated user, and whether this RA accept and a little have authority to submit this user's key recovery application request to, whether this user returns this RA to accept a management.
Step 5, eligible when the key recovery application of above-mentioned user terminal, examine qualified after, the keeper at RA center sends above-mentioned user's certificate key recovery request to CA according to above-mentioned key recovery application form and user related information; If the key recovery application of above-mentioned user terminal audit is defective, refuse;
Step 6, CA receive after above-mentioned user's certificate key recovery request, store the relevant information of above-mentioned user's certificate key recovery application, comprising above-mentioned key recovery application form and user related information;
Step 7, CA organize key recovery service request according to the relevant information of the above-mentioned user's of storage certificate key recovery application, and above-mentioned user's digital certificate are expanded.
The scaling option of digital certificate is mainly used in writing this digital certificate needed data message in the time of practical application, it has good flexibility, in actual applications, the concrete business that digital certificate uses can be signed and issued institute registration scaling option to CA as required.Each scaling option comprises three fields: type, could default, value, and wherein, type field has defined the data type in expanding value field, and this type can be simple character string, numerical value, date, picture or a complicated data type; Could default field be a bit identification position.When expansion is designated indispensable saving time, illustrate that corresponding expanding value is extremely important, application program can not be ignored this information.If use the application program of digital certificate can not process the content of this field, just should refuse this digital certificate; Expanding value field has comprised this and has expanded actual data, reads use by the application program with digital certificate.
Above-mentioned key recovery service request comprises protocol version, service request identifier, CA identifier, the scaling option of digital certificate and the signature of solicited message, in the scaling option of digital certificate, add user key to recover information, this user key recovery information comprises user requestTime recovery time, recovers application origin of an incident requestReason, recovers the information such as number of times requestList.
The form of the scaling option of above-mentioned digital certificate is as follows:
ReqProofValue=Sign{reqType||requestList||requestTime||requestReason};
Above-mentioned key recovery service request is sent to KMC by step 8, CA;
Step 9, KMC receive the above-mentioned key recovery service request that CA sends, and check the legitimacy of determining this key recovery service request;
If step 10 checks that above-mentioned key recovery service request is illegal, KMC refuses this key recovery service request; If check, above-mentioned key recovery service request is legal, and KMC carries out next step.
Step 11, KMC then resolve above-mentioned key recovery service request, obtain user profile and user recovery time, recover the application origin of an incident, recover the information such as number of times.The user profile obtaining according to parsing, by this user's of key recovery module recovery encryption key pair, comprising private key and PKI, is carried out digital envelope processing and returns to CA private key, meanwhile, also returns to the information GeiCA centers such as client public key.
Above-mentioned user key is recovered to information (comprise user recovery time, recover the application origin of an incident, recover number of times) in KMC and user key deposits database in to information association, for the business such as follow-up management person's inquiry, audit, judicial evidence collection provide service.
The digital envelope deblocking that step 12, CA return above-mentioned KMC, obtain private key and the public key information of the user's that above-mentioned KMC returns encryption key centering, according to the private key of this encryption key centering and public key information tissue and sign and issue user certificate, in the scaling option of user certificate, add the relative recording information of this key recovery, comprising: user recovery time, recover the application origin of an incident, recover number of times information.
CA is associated with the relevant information of the above-mentioned user's of storage certificate key recovery application before by the user certificate information of signing and issuing simultaneously, deposits database in, for the business such as log audit, certificate management, judicial evidence collection provide service.
Step 13, CA carry out after digital envelope processing the user certificate information of signing and issuing, by SSL(Secure Sockets Layer, SSL) safety encipher passage sends to RA center;
Step 14, RA center, by digital envelope deblocking is recovered to above-mentioned user certificate, download to the user certificate information of this recovery in user's key storage media, complete a user key and recover flow process.
Embodiment bis-
The structural representation of a kind of system that user encryption key recovery is managed that this embodiment provides as shown in Figure 2, comprising:
Authentication center 21, the user certificate key recovery request sending for acceptance certificate registration center, in the scaling option of user certificate, add and recover application thing by information, send the key recovery service request of the scaling option that comprises described user certificate to KMC;
KMC 22, resolve for the key recovery request that described authentication center is sended over, obtain user profile and recover the application origin of an incident, recover user's encryption key pair according to described user profile, by the described recovery application origin of an incident with encryption key to carrying out associated preservation, and by described encryption key to returning to described authentication center.
Further, described system can also comprise:
Registration Authority accepts a little 23, the key recovery application sending for receiving user's user terminal, in this key recovery application, comprise key recovery application form and user related information, in described key recovery application form, comprise user recovery time, recover the application origin of an incident, recover number of times information, described key recovery application request is carried out to first trial, after first trial is qualified, described key recovery application is sent to Registration Authority;
Registration Authority 24, examine for the key recovery application of described Registration Authority being accepted to a transmission, after audit is qualified, send described user's certificate key recovery request to authentication center according to described key recovery application form and user related information.
Concrete, described authentication center 21, also, for receiving after the request of described certificate key recovery, stores described key recovery application form and user related information;
Organize key recovery service request according to described key recovery application form and the user related information of storage, this key recovery service request comprises protocol version, service request identifier, authentication center's identifier, the scaling option of digital certificate and the signature of solicited message, adds access customer recovery time, recovers the application origin of an incident, recovers number of times information in the scaling option of described digital certificate;
Described key recovery service request is sent to KMC.
Concrete, described KMC 22, also for receiving after described key recovery service request, check the legitimacy of determining described key recovery service request, after checking that definite described key recovery service request is legal, resolve described key recovery service request, obtain user profile and user recovery time, recover the application origin of an incident, recover number of times information;
The user profile obtaining according to parsing recovers described user's the encryption key pair that comprises private key and PKI, by described user's encryption key to described user recovery time, recover the application origin of an incident, recover number of times information and carry out association store;
Described private key is carried out after digital envelope processing, described private key and PKI are sent to described authentication center.
Concrete, described authentication center 21, the also digital envelope deblocking for described KMC is returned, obtain the user's that described KMC returns encryption key pair, according to this encryption key to organizing and sign and issue user certificate, in the scaling option of user certificate, add the relative recording information of this key recovery, this relative recording information comprises: user recovery time, recover the application origin of an incident, recover number of times information;
The user certificate information of signing and issuing is carried out associated with described user recovery time, the recovery application origin of an incident, the recovery number of times information of storage before;
The user certificate information of signing and issuing is carried out, after digital envelope processing, sending to Registration Authority by safety encipher passage;
Concrete, described Registration Authority 24, also the digital envelope deblocking for described authentication center is returned, recovers described user certificate, and the user certificate information of recovery is downloaded in user's key storage media, completes a user key and recovers flow process.
Carry out by the system of the embodiment of the present invention detailed process and preceding method embodiment that user encryption key recovery is managed similar, repeat no more herein.
One of ordinary skill in the art will appreciate that: accompanying drawing is the schematic diagram of an embodiment, the module in accompanying drawing or flow process might not be that enforcement the present invention is necessary.
One of ordinary skill in the art will appreciate that: the module in the equipment in embodiment can be described and be distributed in the equipment of embodiment according to embodiment, also can carry out respective change and be arranged in the one or more equipment that are different from the present embodiment.The module of above-described embodiment can be merged into a module, also can further split into multiple submodules.
In sum, the embodiment of the present invention is recovered information (comprise user recovery time, recover the application origin of an incident, recover number of times information) by CA by user key and is incorporated in the scaling option of user certificate, the communication protocol of expansion CA and KMC, can realize and allow KMC obtain more perfect key recovery application information, and in the database of KMC, increase key recovery log recording.Having realized KMC effectively manages, identifies user encryption key recovery, and can review key recovery event according to user certificate information, ensure that user key recovers fail safe and the efficient manageability of flow process, effectively supplements and optimizes the safety management of PKI system.Also can provide service for business such as follow-up log audit, certificate management, judicial evidence collections simultaneously.
In the embodiment of the present invention, in CA database, the user certificate recovering is associated with user key recovery information, and store user key and recover relevant log information, can realize CA and recover flow process for user key and does not all recover to control and limit, being conducive to KM system provides service for multiple CA.
The above; only for preferably embodiment of the present invention, but protection scope of the present invention is not limited to this, is anyly familiar with in technical scope that those skilled in the art disclose in the present invention; the variation that can expect easily or replacement, within all should being encompassed in protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion with the protection range of claim.
Claims (10)
1. method user encryption key recovery being managed, is characterized in that, comprising:
Authentication center receives the user certificate key recovery request that Registration Authority sends, described authentication center adds in the scaling option of user certificate recovers application thing by information, sends the key recovery service request of the scaling option that comprises described user certificate to KMC;
Described KMC resolves described key recovery solicited message, obtain user profile and recover the application origin of an incident, recover user's encryption key pair according to described user profile, by the described recovery application origin of an incident with encryption key to carrying out associated preservation, and by described encryption key to returning to described authentication center.
2. the method that user encryption key recovery is managed according to claim 1, is characterized in that, described authentication center also comprises before receiving the user certificate key recovery request of Registration Authority transmission:
User's user terminal is accepted a submission key recovery application to Registration Authority, in this key recovery application, comprise key recovery application form and user related information, in above-mentioned key recovery application form, comprise user recovery time, recover the application origin of an incident, recover number of times information;
Described Registration Authority is accepted a little described key recovery application request is carried out to first trial, after first trial is qualified, described Registration Authority is accepted the described key recovery application of naming a person for a particular job and is sent to Registration Authority, and this Registration Authority is examined described key recovery application;
After audit is qualified, described Registration Authority sends described user's certificate key recovery request to authentication center according to described key recovery application form and user related information.
3. the method that user encryption key recovery is managed according to claim 1, it is characterized in that, described authentication center adds in the scaling option of user certificate recovers application thing by information, the key recovery service request that sends the scaling option that comprises described user certificate to KMC, comprising:
Authentication center receives after the request of described certificate key recovery, stores described key recovery application form and user related information;
Described authentication center organizes key recovery service request according to described key recovery application form and the user related information of storage, this key recovery service request comprises protocol version, service request identifier, authentication center's identifier, the scaling option of digital certificate and the signature of solicited message, adds access customer recovery time, recovers the application origin of an incident, recovers number of times information in the scaling option of described digital certificate;
Described key recovery service request is sent to KMC by described authentication center.
4. according to the method that user encryption key recovery is managed described in claim 1 or 2 or 3, it is characterized in that, described by the described recovery application origin of an incident with encryption key to carrying out associated preservation, and by described encryption key to returning to described authentication center, comprising:
Described KMC receives after described key recovery service request, check the legitimacy of determining described key recovery service request, after checking that definite described key recovery service request is legal, described KMC resolves described key recovery service request, obtains user profile and user recovery time, recovers the application origin of an incident, recovers number of times information;
The user profile that described KMC obtains according to parsing recovers described user's the encryption key pair that comprises private key and PKI, by described user's encryption key to described user recovery time, recover the application origin of an incident, recover number of times information and carry out association store;
Described KMC carries out after digital envelope processing described private key, and described private key and PKI are sent to described authentication center.
5. the method that user encryption key recovery is managed according to claim 4, is characterized in that, described method also comprises:
The digital envelope deblocking that authentication center returns described KMC, obtain the user's that described KMC returns encryption key pair, according to this encryption key to organizing and sign and issue user certificate, in the scaling option of user certificate, add the relative recording information of this key recovery, this relative recording information comprises: user recovery time, recover the application origin of an incident, recover number of times information;
Described authentication center carries out associated by the user certificate information of signing and issuing with described user recovery time, the recovery application origin of an incident, the recovery number of times information of storage before;
Described authentication center carries out after digital envelope processing the user certificate information of signing and issuing, send to Registration Authority by safety encipher passage, the digital envelope deblocking that described Registration Authority returns described authentication center, recover described user certificate, the user certificate information of recovery is downloaded in user's key storage media, complete a user key and recover flow process.
6. system user encryption key recovery being managed, is characterized in that, comprising:
Authentication center, the user certificate key recovery request sending for acceptance certificate registration center, in the scaling option of user certificate, add and recover application thing by information, send the key recovery service request of the scaling option that comprises described user certificate to KMC;
KMC, resolve for the key recovery request that described authentication center is sended over, obtain user profile and recover the application origin of an incident, recover user's encryption key pair according to described user profile, by the described recovery application origin of an incident with encryption key to carrying out associated preservation, and by described encryption key to returning to described authentication center.
7. the system that user encryption key recovery is managed according to claim 6, is characterized in that, described system also comprises:
Registration Authority is accepted a little, the key recovery application sending for receiving user's user terminal, in this key recovery application, comprise key recovery application form and user related information, in described key recovery application form, comprise user recovery time, recover the application origin of an incident, recover number of times information, described key recovery application request is carried out to first trial, after first trial is qualified, described key recovery application is sent to Registration Authority;
Registration Authority, examines for the key recovery application of described Registration Authority being accepted to a transmission, after audit is qualified, sends described user's certificate key recovery request according to described key recovery application form and user related information to authentication center.
8. the system that user encryption key recovery is managed according to claim 6, is characterized in that:
Described authentication center, also, for receiving after the request of described certificate key recovery, stores described key recovery application form and user related information;
Organize key recovery service request according to described key recovery application form and the user related information of storage, this key recovery service request comprises protocol version, service request identifier, authentication center's identifier, the scaling option of digital certificate and the signature of solicited message, adds access customer recovery time, recovers the application origin of an incident, recovers number of times information in the scaling option of described digital certificate;
Described key recovery service request is sent to KMC.
9. according to the system that user encryption key recovery is managed described in claim 6 or 7 or 8, it is characterized in that:
Described KMC, also for receiving after described key recovery service request, check the legitimacy of determining described key recovery service request, after checking that definite described key recovery service request is legal, resolve described key recovery service request, obtain user profile and user recovery time, recover the application origin of an incident, recover number of times information;
The user profile obtaining according to parsing recovers described user's the encryption key pair that comprises private key and PKI, by described user's encryption key to described user recovery time, recover the application origin of an incident, recover number of times information and carry out association store;
Described private key is carried out after digital envelope processing, described private key and PKI are sent to described authentication center.
10. the system that user encryption key recovery is managed according to claim 9, is characterized in that:
Described authentication center, the also digital envelope deblocking for described KMC is returned, obtain the user's that described KMC returns encryption key pair, according to this encryption key to organizing and sign and issue user certificate, in the scaling option of user certificate, add the relative recording information of this key recovery, this relative recording information comprises: user recovery time, recover the application origin of an incident, recover number of times information;
The user certificate information of signing and issuing is carried out associated with described user recovery time, the recovery application origin of an incident, the recovery number of times information of storage before;
The user certificate information of signing and issuing is carried out, after digital envelope processing, sending to Registration Authority by safety encipher passage;
Described Registration Authority, also the digital envelope deblocking for described authentication center is returned, recovers described user certificate, and the user certificate information of recovery is downloaded in user's key storage media, completes a user key and recovers flow process.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210591471.5A CN103916237B (en) | 2012-12-30 | 2012-12-30 | Method and system for managing user encrypted-key retrieval |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210591471.5A CN103916237B (en) | 2012-12-30 | 2012-12-30 | Method and system for managing user encrypted-key retrieval |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103916237A true CN103916237A (en) | 2014-07-09 |
| CN103916237B CN103916237B (en) | 2017-02-15 |
Family
ID=51041658
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210591471.5A Active CN103916237B (en) | 2012-12-30 | 2012-12-30 | Method and system for managing user encrypted-key retrieval |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103916237B (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111628873A (en) * | 2020-07-28 | 2020-09-04 | 四川省数字证书认证管理中心有限公司 | Method for storing digital certificate solidified data telegraph text |
| CN112636927A (en) * | 2020-12-28 | 2021-04-09 | 郑州信大先进技术研究院 | KPI (Key performance indicator) double-certificate-based cloud platform encryption method |
| CN113541935A (en) * | 2021-06-08 | 2021-10-22 | 西安电子科技大学 | Encryption cloud storage method, system, equipment and terminal supporting key escrow |
| CN115102788A (en) * | 2022-08-10 | 2022-09-23 | 北京安盟信息技术股份有限公司 | Method for improving performance of digital envelope through key reuse and digital envelope |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1162779A2 (en) * | 2000-06-09 | 2001-12-12 | TRW Inc. | System and method for third party recovery of encryption certificates in a public key infrastructure |
| CN101567780A (en) * | 2009-03-20 | 2009-10-28 | 武汉理工大学 | Key management and recovery method for encrypted digital certificate |
| CN102299927A (en) * | 2011-08-31 | 2011-12-28 | 四川长虹电器股份有限公司 | Content security supervision system and method |
-
2012
- 2012-12-30 CN CN201210591471.5A patent/CN103916237B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1162779A2 (en) * | 2000-06-09 | 2001-12-12 | TRW Inc. | System and method for third party recovery of encryption certificates in a public key infrastructure |
| CN101567780A (en) * | 2009-03-20 | 2009-10-28 | 武汉理工大学 | Key management and recovery method for encrypted digital certificate |
| CN102299927A (en) * | 2011-08-31 | 2011-12-28 | 四川长虹电器股份有限公司 | Content security supervision system and method |
Non-Patent Citations (1)
| Title |
|---|
| 李超零: ""可信计算中PrivacyCA系统的研究与实现"", 《中国优秀硕士学位论文全文数据库信息科技辑》 * |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111628873A (en) * | 2020-07-28 | 2020-09-04 | 四川省数字证书认证管理中心有限公司 | Method for storing digital certificate solidified data telegraph text |
| CN112636927A (en) * | 2020-12-28 | 2021-04-09 | 郑州信大先进技术研究院 | KPI (Key performance indicator) double-certificate-based cloud platform encryption method |
| CN113541935A (en) * | 2021-06-08 | 2021-10-22 | 西安电子科技大学 | Encryption cloud storage method, system, equipment and terminal supporting key escrow |
| CN113541935B (en) * | 2021-06-08 | 2022-06-03 | 西安电子科技大学 | Encryption cloud storage method, system, equipment and terminal supporting key escrow |
| CN115102788A (en) * | 2022-08-10 | 2022-09-23 | 北京安盟信息技术股份有限公司 | Method for improving performance of digital envelope through key reuse and digital envelope |
| CN115102788B (en) * | 2022-08-10 | 2023-01-17 | 北京安盟信息技术股份有限公司 | Method for improving performance of digital envelope through key reuse and digital envelope |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103916237B (en) | 2017-02-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109377198B (en) | Signing system based on multi-party consensus of alliance chain | |
| TWI748853B (en) | Secure multiparty loss resistant storage and transfer of cryptographic keys for blockchain based systems in conjunction with a wallet management system | |
| CN106789052B (en) | Remote key issuing system based on quantum communication network and use method thereof | |
| US9806889B2 (en) | Key downloading method, management method, downloading management method, device and system | |
| CN101605137B (en) | Safe distribution file system | |
| CN110519046B (en) | Quantum communication service station key negotiation method and system based on one-time asymmetric key pair and QKD | |
| CN101515319B (en) | Cipher key processing method, cipher key cryptography service system and cipher key consultation method | |
| US20100005318A1 (en) | Process for securing data in a storage unit | |
| JPH1127253A (en) | Key recovery system, key recovery device, recording medium for storing key recovery program and key recovery method | |
| CN101771699A (en) | Method and system for improving SaaS application security | |
| US11831753B2 (en) | Secure distributed key management system | |
| CN101399666A (en) | Safety control method and system for digital certificate of file | |
| CN114900304B (en) | Digital signature method and apparatus, electronic device, and computer-readable storage medium | |
| CN112766962A (en) | Method for receiving and sending certificate, transaction system, storage medium and electronic device | |
| CN112507296B (en) | User login verification method and system based on blockchain | |
| CN113824551B (en) | Quantum key distribution method applied to secure storage system | |
| CN111625852A (en) | Electronic signature method based on document and user private key under hybrid cloud architecture | |
| CN103916237A (en) | Method and system for managing user encrypted-key retrieval | |
| CN109040109B (en) | Data transaction method and system based on key management mechanism | |
| CN114154181A (en) | Privacy calculation method based on distributed storage | |
| CN112417502B (en) | Distributed instant messaging system and method based on block chain and decentralized deployment | |
| CN110719174B (en) | Ukey-based certificate issuing method | |
| JP4995667B2 (en) | Information processing apparatus, server apparatus, information processing program, and method | |
| CN103856463A (en) | Lightweight directory access protocol realizing method and device based on key exchange protocol | |
| CN114157488B (en) | Key acquisition method, device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |