CN104052592B - A kind of cipher key backup and moving method and system based on trust computing - Google Patents

A kind of cipher key backup and moving method and system based on trust computing Download PDF

Info

Publication number
CN104052592B
CN104052592B CN201410179133.XA CN201410179133A CN104052592B CN 104052592 B CN104052592 B CN 104052592B CN 201410179133 A CN201410179133 A CN 201410179133A CN 104052592 B CN104052592 B CN 104052592B
Authority
CN
China
Prior art keywords
key
migration
backup
user
transportable
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201410179133.XA
Other languages
Chinese (zh)
Other versions
CN104052592A (en
Inventor
沈晴霓
杨雅辉
杨欣
徐磊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Peking University
Huawei Technologies Co Ltd
Original Assignee
Peking University
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Peking University, Huawei Technologies Co Ltd filed Critical Peking University
Priority to CN201410179133.XA priority Critical patent/CN104052592B/en
Priority claimed from CN201110205512.8A external-priority patent/CN102355351B/en
Publication of CN104052592A publication Critical patent/CN104052592A/en
Application granted granted Critical
Publication of CN104052592B publication Critical patent/CN104052592B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Abstract

The present invention is applied to field of computer technology there is provided a kind of cipher key backup based on trust computing and moving method and system, including:The backup request of the migration key of user's input is received, the migration key is the transportable key of platform, the transportable key of user or Binding key;Control credible platform module to obtain the private key of the migration key, OAEP codings are carried out to the private key of the migration key of acquisition;Control the credible platform module to generate a random number, the random number is subjected to XOR with carrying out the private key of the migration key after OAEP codings;Result data after XOR is encrypted the public key provided using backup server, obtains the Backup Data of the migration key, the Backup Data is sent into the backup server.The present invention is by the migration of backup, reduction and key that key is realized based on the creditable calculation modules in trust computing, the security in the transition process of the backup, reduction and key that improve key.

Description

A kind of cipher key backup and moving method and system based on trust computing
Technical field
The invention belongs to field of computer technology, more particularly to a kind of cipher key backup and moving method based on trust computing And system.
Background technology
Cloud storage (Cloud Storage) is in cloud computing (Cloud Computing) conceptive extension and developed A new concept, refer to by functions such as cluster application, grid or distributed file systems, will be a large amount of each in network Plant different types of storage device and collaborative work is gathered by application software, it is common that data storage and business visit are externally provided Ask a system of function.
With cloud computing, the continuous release of the product such as cloud storage, the demand to Information Security in cloud is outstanding day by day, works as number The security threat from various aspects will be faced according to data when in cloud are placed into, be mainly manifested in:User is difficult by effective Technological means ensures that cloud storage service supplier (control absolute to the computer of user's storage data) will not illegally obtain The data stored with use user, secondly as data are stored in cloud storage equipment, with being stored in user personal computer The data of difference, the data of a user and another user may be close adjacent, neighboring user can by various modes come Unauthorized access or the data for stealing neighboring user, in addition, similar with traditional storage system, the data in cloud can also face hacker Steal.However, prior art can not provide a kind of effective data encryption mode to ensure that the data of user in cloud storage are pacified Entirely, cause Information Security in cloud storage not high, user's private data is difficult to preferably be protected, and hinders cloud storage service Further development.
The content of the invention
The purpose of the embodiment of the present invention is to provide a kind of key generation method based on trust computing, it is intended to solve due to Prior art can not provide a kind of effective data encryption mode to ensure the data safety of user in cloud storage, cause cloud storage The problem of middle Information Security is not high.
The embodiment of the present invention is achieved in that a kind of key generation method based on trust computing, and methods described includes Following step:
Receive the key generation request of user's input;
Control credible platform module to generate a transportable key of platform, use the public key pair of credible platform module root key The transportable key of platform is encrypted, and preserves the ciphertext key of the transportable key of platform;
The credible platform module is controlled to generate the transportable key of user of the user, it is transportable close using the platform The transportable key of the user is encrypted the public key of key, preserves the ciphertext key of the transportable key of user;
Control the credible platform module to generate the Binding key of the user, use the public affairs of the transportable key of the user The Binding key is encrypted key, preserves the ciphertext key of the Binding key.
The another object of the embodiment of the present invention is to provide a kind of key generation system based on trust computing, the system Including:
Request reception unit is generated, the key for receiving user's input generates request;
First key generation unit, for controlling credible platform module to generate a transportable key of platform, using credible The transportable key of the platform is encrypted the public key of console module root key, preserves the ciphertext of the transportable key of platform Key;
Second Key generating unit, for controlling the user of the credible platform module generation user transportable close Key, the transportable key of the user is encrypted using the public key of the transportable key of the platform, and preserving the user can move Move the ciphertext key of key;And
3rd Key generating unit, for controlling the credible platform module to generate the Binding key of the user, is used The Binding key is encrypted the public key of the transportable key of user, preserves the ciphertext key of the Binding key.
The another object of the embodiment of the present invention is to provide a kind of cipher key backup method based on trust computing, methods described Comprise the steps:
The backup request of the migration key of user's input is received, the migration key is the transportable key of platform, Yong Huke Migration key or Binding key;
Control credible platform module to obtain the private key of the migration key, the private key of the migration key of acquisition is carried out OAEP is encoded;
The credible platform module is controlled to generate a random number, described in after the random number and progress OAEP codings The private key of migration key carries out XOR;
The result data after XOR is encrypted using the public key of the offer of backup server, the migration is obtained The Backup Data of key, the backup server is sent to by the Backup Data.
The another object of the embodiment of the present invention is to provide a kind of cipher key backup system based on trust computing, the system Including:
Backup request receiving unit, the backup request of the migration key for receiving user's input, the migration key is The transportable key of platform, the transportable key of user or Binding key;
First coding unit, for controlling credible platform module to obtain the private key of the migration key, to described in acquisition The private key of migration key carries out OAEP codings;
First XOR unit, for controlling credible platform module to generate a random number, by the random number with entering The private key of the migration key after row OAEP codings carries out XOR;And
Backup Data transmitting element, the public key for the offer using backup server is to the result data after XOR It is encrypted, obtains the Backup Data of the migration key, the Backup Data is sent to the backup server.
The another object of the embodiment of the present invention is to provide a kind of cipher key backup restoring method based on trust computing, described Method comprises the steps:
The backup and reduction request of the migration key of user's input is received, the migration key is the transportable key of platform, use The transportable key in family or Binding key;
Credible platform module is controlled to obtain the public and private corresponding private key of the backup migration key, the migration to storage The Backup Data of key is decrypted;
Prestore random number is subjected to XOR with the Backup Data after decryption, the bright of migration key is obtained Literary key;
The clear text key is encrypted using the public and private of migration key is backed up, the close of the migration key is preserved Literary key.
The another object of the embodiment of the present invention is to provide a kind of cipher key backup based on trust computing also original system, described System includes:
Backup and reduction request unit, the backup and reduction request of the migration key for receiving user's input, the migration is close Key is the transportable key of platform, the transportable key of user or Binding key;
Backup Data decryption unit, for controlling credible platform module to obtain the public and private corresponding of the backup migration key Private key, the Backup Data of the migration key of storage is decrypted;
Clear text key acquiring unit, for prestore random number to be carried out into XOR with the Backup Data after decryption Computing, obtains the clear text key of migration key;And
Key holding unit, for the clear text key to be encrypted using backup the public and private of migration key, is protected Deposit the ciphertext key of the migration key.
The another object of the embodiment of the present invention is to provide a kind of key migration method based on trust computing, methods described Comprise the steps:
The migration request of the migration key of user's input is received, the migration key is the transportable key of platform, Yong Huke Migration key or Binding key;
Control credible platform module to obtain the private key of the migration key, the private key of the migration key of acquisition is carried out OAEP is encoded;
The credible platform module is controlled to generate a random number, described in after the random number and progress OAEP codings The private key of migration key carries out XOR;
Using move target the public key of offer of server the result data after XOR is encrypted, obtain institute The migration ciphertext data of migration key are stated, ciphertext data with being sent to move target server is migrated by described.
The another object of the embodiment of the present invention is to provide a kind of key migration system based on trust computing, the system Including:
Migration request receiving unit, the migration request of the migration key for receiving user's input, the migration key is The transportable key of platform, the transportable key of user or Binding key;
Second coding unit, for controlling credible platform module to obtain the private key of the migration key, to described in acquisition The private key of migration key carries out OAEP codings;
Second XOR unit, for controlling the credible platform module to generate a random number, by the random number Private key progress XOR with carrying out the migration key after OAEP codings;
Migrating data transmitting element, the public key for the using move target offer of server is to the knot after XOR Fruit data are encrypted, and obtain the migration ciphertext data of the migration key, and the migration ciphertext data are sent into described move Move destination server.
The embodiment of the present invention based on the creditable calculation modules in trust computing, realize the generation of key, backup, reduce with And the migration of key, by the root key of creditable calculation modules, realize the encrypting storing layer by layer of the key of generation, it is ensured that generation The security of key, by using OAEP codings and encryption technology, it is ensured that key in backup and the security of transition process, The security of key after reduction is ensure that during key recovery using decryption, random number, XOR and encryption technology etc..
Brief description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, embodiment will be described below In required for the accompanying drawing that uses be briefly described, it should be apparent that, drawings in the following description are some implementations of the present invention Example, for those of ordinary skill in the art, on the premise of not paying creative work, can also be obtained according to these accompanying drawings Obtain other accompanying drawings.
Fig. 1 is a kind of implementation process for key generation method based on trust computing that first embodiment of the invention is provided Figure;
Fig. 2 is that the key tree that the key generation method based on trust computing that first embodiment of the invention is provided is set up is specific Instance graph;
Fig. 3 is a kind of implementation process for key generation method based on trust computing that second embodiment of the invention is provided Figure;
Fig. 4 is the structure chart for the key generation system based on trust computing that third embodiment of the invention is provided;
Fig. 5 is the structure chart for the key generation system based on trust computing that fourth embodiment of the invention is provided;
Fig. 6 is the structure chart for the migration granted unit that fourth embodiment of the invention is provided;
Fig. 7 is a kind of implementation process for cipher key backup method based on trust computing that fifth embodiment of the invention is provided Figure;
Fig. 8 is a kind of implementation process for cipher key backup method based on trust computing that sixth embodiment of the invention is provided Figure;
Fig. 9 is the structure chart for the cipher key backup system based on trust computing that seventh embodiment of the invention is provided;
Figure 10 is the structure chart for the cipher key backup system based on trust computing that eighth embodiment of the invention is provided;
Figure 11 is the structure chart for the first authorization identifying unit that eighth embodiment of the invention is provided;
Figure 12 is a kind of realization for cipher key backup restoring method based on trust computing that ninth embodiment of the invention is provided Flow chart;
Figure 13 is the structure chart for the also original system of the cipher key backup based on trust computing that tenth embodiment of the invention is provided;
Figure 14 is a kind of reality for cipher key backup moving method based on trust computing that eleventh embodiment of the invention is provided Existing flow chart;
Figure 15 is a kind of reality for cipher key backup moving method based on trust computing that twelveth embodiment of the invention is provided Existing flow chart;
Figure 16 is the structure chart for the key migration system based on trust computing that thriteenth embodiment of the invention is provided;
Figure 17 is the structure chart for the key migration system based on trust computing that fourteenth embodiment of the invention is provided;
Figure 18 is the structure chart for the second authorization identifying unit that fourteenth embodiment of the invention is provided.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete Site preparation is described;Obviously, described embodiment is only a part of embodiment of the invention, rather than whole embodiments.It is based on Embodiment in the present invention, it is every other that those of ordinary skill in the art are obtained under the premise of creative work is not made Embodiment, belongs to the scope of protection of the invention.
The embodiment of the present invention is by based on the creditable calculation modules in trust computing, realizing the generation of key, backup, also The migration of former and key, by the root key of creditable calculation modules, realizes the encrypting storing layer by layer of the key of generation, it is ensured that The security of key is generated, by using OAEP codings and encryption technology, it is ensured that key is in backup and the safety of transition process Property, the peace of key after ensure that reduction using decryption, random number, XOR and encryption technology etc. during key recovery Quan Xing.
Implementing for the present invention is described in detail below in conjunction with specific embodiment:
Embodiment one:
Credible platform module (Trust Platform Module, be abbreviated as TPM) be it is a kind of be placed in computer it is new Embedded security subsystem, the safety of terminal platform is protected by functions such as authentication public key, integrity measurement, remote authentications. Key in credible platform module can be divided into transportable key and can not migration key, wherein root key SRK is can not move Key is moved, is set up trusting relationship basic, Binding key belongs to transportable key, these keys are all unsymmetrical key RSA, The transportable key of the platform of generation is encrypted preservation using root key as father's key in embodiments of the present invention, then by platform Preservation is encrypted to the transportable key of user as father's key in transportable key, so that a key tree is constructed, each section There is trusting relationship between point, finally ensure the security of key in whole tree by root key.
Fig. 1 shows a kind of realization stream for key generation method based on trust computing that first embodiment of the invention is provided Journey, details are as follows:
In step S101, the key generation request of user's input is received.
In step s 102, control credible platform module generates a transportable key of platform, uses credible platform module The transportable key of the platform is encrypted the public key of root key, preserves the ciphertext key of the transportable key of platform.
In embodiments of the present invention, after the key generation request of user's input is received, in triggering credible platform module The key generator in portion generates a transportable key of platform, and the key is RSA key, in order to ensure the security of key, will As father's key in the root key of credible platform module, the private key of the transportable key of the platform is carried out using the public key of root key Encryption obtains corresponding ciphertext key, the ciphertext key is preserved, in addition, the private key that should set up the transportable key of the platform is right with it The incidence relation for the public key answered., can be close by the ciphertext for encrypting the obtained transportable key of platform in specific implementation process Key is exported to outside credible platform module and preserved, and can also be preserved inside credible platform module, specifically can basis The capacity and security of credible platform module internal register are determined.
In step s 103, control credible platform module generates the transportable key of user of user, transportable using platform The transportable key of user is encrypted the public key of key, preserves the ciphertext key of the transportable key of user.
In embodiments of the present invention, further control credible platform module calls its internal key generator to generate one The transportable key of user, using the transportable key of platform as father's key, using the public key of the transportable key of platform to the use of generation The transportable key in family is encrypted, and preserves the ciphertext key of the transportable key of user.Equally, in specific implementation process, plus The ciphertext key of the close transportable key of obtained user, which can be exported to outside credible platform module, to be preserved, can also be credible Preserved, can specifically be determined by the capacity and security requirement of credible platform module internal register inside console module.
In step S104, control credible platform module generates the Binding key of user, uses the transportable key of user Binding key is encrypted public key, preserves the ciphertext key of Binding key.
Binding key belongs to RSA key, is mainly used in encrypting low volume data, such as encrypted symmetric key, of the invention real Apply in example, after controlling credible platform module to generate the Binding key of user, using the transportable key of user as father's key, utilize The public key of the transportable key of user is encrypted and preserved to the private key of the Binding key of generation, equally, implements specifically Cheng Zhong, encrypts the obtained ciphertext key of Binding key and can export to outside credible platform module and is preserved, can also be can Preserved, can specifically be determined according to the capacity of TMP internal registers inside letter console module.
In embodiments of the present invention, by controlling credible platform module, progressively the transportable key of generating platform, user can move Key and Binding key are moved, and preservation is encrypted layer by layer, so as to construct a key tree, key tree as shown in Figure 2 Instantiation, including generation root key SRK, the transportable key of platform, the transportable key of user of user 1 and three Binding key.
Embodiment two:
In embodiments of the present invention, by setting the migration model of key and carrying out migration mandate to the key of generation, So as to ensure that the levying property of safety of generation key, prevent from not migrating the key of generation by the user authorized, enter one Step improves the security of key.
Fig. 3 shows a kind of realization stream for key generation method based on trust computing that second embodiment of the invention is provided Journey, details are as follows:
In step S301, the key generation request of user's input is received.
In step s 302, control credible platform module generates a transportable key of platform, uses credible platform module The transportable key of platform is encrypted the public key of root key, preserves the ciphertext key of the transportable key of platform.
In step S303, control credible platform module generates the transportable key of user of user, transportable using platform The transportable key of user is encrypted the public key of key, preserves the ciphertext key of the transportable key of user.
In step s 304, control credible platform module generates the Binding key of user, uses the transportable key of user Binding key is encrypted public key, preserves the ciphertext key of Binding key.
In step S305, set the ciphertext key of the transportable key of platform, the transportable key of user ciphertext key with And the migration model of the ciphertext key of Binding key, the migration model is backup mode or non-backup mode.
In embodiments of the present invention, the migration model of the key of generation includes two kinds:Backup mode and non-backup mode, it is standby Part pattern refers to that the key can only be to backup on the alternate device specified in the form of backup, and non-backup mode refers to general close Key is migrated, can be from an equipment transportation to another equipment.When the transportable key of platform, the transportable key of user and tie up Determine key generation and after being preserved in the form of ciphertext key, the migration model of each key can be set, so as to ensure receiving To user backup request when use corresponding migration model, when the migration model with setting is not inconsistent, export corresponding to user Prompt message or reject the service request, so as to improve the security of key.
In step S306, ciphertext key, the ciphertext key of the transportable key of user to the transportable key of platform and The ciphertext key of Binding key carries out migration mandate.
In embodiments of the present invention, in order to further improve the security of key, to the transportable key of platform of generation The ciphertext key of ciphertext key, the ciphertext key of the transportable key of user and Binding key carries out migration mandate, can unify The key of generation is authorized, can also be authorized respectively, the migration of key can just be carried out by only meeting the user of mandate. In specific implementation process, the migration of key is authorized and be able to can also be directly based upon in the form of password (such as usemame/password) TPM is authorized.When carrying out the migration mandate of key based on TPM, following step is specifically included:
First, the public key of trusted third party's offer and the completeness of platform information of credible platform module are provided.
Secondly, public key, completeness of platform information and the migration model information of setting provided trusted third party is carried out Or computing.
Finally, the digital digest of the result of generation or computing, can be moved according to the ciphertext key of the transportable key of platform, user The migration model information of the ciphertext key of key and the ciphertext key of Binding key is moved, digital digest its is set to corresponding Migration is authorized.
In embodiments of the present invention, the completeness of platform information of credible platform module refers to credible platform module TpmProof information, tpmProof information is bound with credible platform module, as long as the owner of credible platform module is become Change, tpmProof can also change, and the public key that trusted third party provides further ensures the legitimacy of authorized user, when Public key, completeness of platform information and the migration model information of setting or the result of computing provided trusted third party enters line number When word summary (using TPM SHA-1 functions) is calculated, if the owner of credible platform module is changed, tpmProof It can change, digital digest can also change, so as to ensure that mandate is effective in credible platform module life cycle Property.
In specific implementation process, corresponding data structure can be set up for the mandate, be carried for storing trusted third party The migration model information of the public key of confession, the completeness of platform information of credible platform module and acquisition.Wherein trusted third party carries The public key of confession can be preserved with data certificate CA, and trusted third party is an authoritative digital certificate management mechanism CA.
struct TPM_MIGRATIONKEYAUTH{
TPM_PUBKEY migrationKey;
TPM_MIGRATE_SCHEME migrationScheme;
TPM_DIGEST digest;
}TPM_MIGRATIONKEYAUTH;
Wherein, the public key that migrationKey provides for trusted third party, migrationScheme is transportable for what is set The migration model of key, digest=SHA-1 (migrationKey | | migrationScheme | | TPM_PERMANENT_ DATA->tpmProof)。
The instantiation for the data structure that migration is authorized is these are only, herein not to limit the present invention.
Embodiment three:
Fig. 4 shows a kind of structure for key generation system based on trust computing that third embodiment of the invention is provided, For convenience of description, the part related to the embodiment of the present invention is illustrate only, wherein:
Generate the key generation request that request reception unit 41 receives user's input.The control of first key generation unit 42 can Believe that console module generates a transportable key of platform, using the public key of credible platform module root key to the transportable key of platform It is encrypted, preserves the ciphertext key of the transportable key of platform.
Second Key generating unit 43 control credible platform module generates the transportable key of user of user, can using platform The transportable key of user is encrypted the public key of migration key, preserves the ciphertext key of the transportable key of user.
3rd Key generating unit 44 control credible platform module generates the Binding key of user, transportable close using user Binding key is encrypted the public key of key, preserves the ciphertext key of Binding key.
Example IV:
Fig. 5 shows a kind of structure for key generation system based on trust computing that fourth embodiment of the invention is provided, For convenience of description, it illustrate only the part related to the embodiment of the present invention.
Generate the key generation request that request reception unit 51 receives user's input.
The control credible platform module of first key generation unit 52 generates a transportable key of platform, uses credible platform The transportable key of platform is encrypted the public key of module root key, preserves the ciphertext key of the transportable key of platform.
In embodiments of the present invention, request reception unit 51 is generated after the key generation request of user's input is received, Key generator inside the credible platform module of first key generation unit 52 generates a transportable key of platform, and the key is RSA key, in order to ensure the security of key, using in the root key of credible platform module as father's key, using root key Public key is encrypted to the private key of the transportable key of the platform and obtains corresponding ciphertext key, preserves the ciphertext key, in addition, should Set up the incidence relation of the corresponding public key of private key of the transportable key of the platform., can be by specific implementation process The ciphertext key for the transportable key of platform that encryption is obtained, which is exported to outside credible platform module, to be preserved, can also be credible flat Platform inside modules are preserved.
Second Key generating unit 53 control credible platform module generates the transportable key of user of user, can using platform The transportable key of user is encrypted the public key of migration key, preserves the ciphertext key of the transportable key of user.
3rd Key generating unit 54 control credible platform module generates the Binding key of user, transportable close using user Binding key is encrypted the public key of key, preserves the ciphertext key of Binding key.
In embodiments of the present invention, the second Key generating unit 53 and the 3rd Key generating unit 54 control credible platform mould The key generator that block calls it internal generates a transportable key of user and Binding key respectively, and storage is encrypted. Equally, in specific implementation process, the progress that encrypting obtained ciphertext key can export to outside credible platform module is preserved, It can also be preserved inside credible platform module.
Migration model setting unit 55 sets the ciphertext of the ciphertext key of the transportable key of platform, the transportable key of user close The migration model of the ciphertext key of key and Binding key, the migration model is backup mode or non-backup mode.
Migrate granted unit 56 to the ciphertext key of the transportable key of platform, the ciphertext key of the transportable key of user and The ciphertext key of Binding key carries out migration mandate.
In embodiments of the present invention, to the transportable key of platform of generation ciphertext key, the transportable key of user it is close The ciphertext key of literary key and Binding key carries out migration mandate, can unify to authorize the key of generation, can also Authorize respectively, the migration of key can just be carried out by only meeting the user of mandate.In specific implementation process, the migration of key is awarded Power can also be directly based upon credible platform module and be authorized in the form of password (such as usemame/password).When based on can When believing that console module carries out the migration mandate of key, migration granted unit 56 is specific as shown in fig. 6, obtaining single including the first information Member 561, first or the migration of arithmetic element 562 and first authorize setting unit 563, wherein:
First information acquiring unit 561, for obtaining the public key of trusted third party's offer and putting down for credible platform module Platform integrity information;
First or arithmetic element 562, for moving for the public key provided trusted third party, completeness of platform information and setting Mode shifter information is carried out or computing;And
First migration authorizes setting unit 563, transportable according to platform for generation or the digital digest of the result of computing The migration model of the ciphertext key of the ciphertext key of key, the ciphertext key of the transportable key of user and Binding key, by number Word summary is set to its corresponding migration and authorized.
Embodiment five:
Because key is related to the safety of encrypted data, in embodiments of the present invention, after generation key, key is carried out Backup, is encoded the safety of the backup to strengthen key using OAEP in backup procedure, further increases the security of key.
Fig. 7 shows a kind of realization stream for cipher key backup method based on trust computing that fifth embodiment of the invention is provided Journey, details are as follows:
In step s 701, the backup request of the migration key of user's input is received, the migration key is that platform is transportable Key, the transportable key of user or Binding key.
In step S702, control credible platform module obtains the private key of migration key, the private to the migration key of acquisition Key carries out OAEP codings.
In embodiments of the present invention, when receiving the backup request of migration key of user's input, it is necessary first to will use The migration key that family is specified is taken out from the key tree of generation to be decrypted, and last reach is solved layer by layer since root key It is close, the migration key that user specifies is reached, the private key for the migration key that user is specified is decrypted, and obtains the bright of migration key After literary key, OAEP codings are carried out to it.OAEP codings are defined in RSA PKCS1V2.1, by migration key Clear text key carry out OAEP codings and prevent the malice to the clear text key from distorting.
In step S703, control credible platform module generates a random number, by random number with carrying out after OAEP codings Migration key private key carry out XOR.
In embodiments of the present invention, control credible platform module is generated after a random number, by random number with carrying out OAEP The private key of migration key after coding carries out XOR, while the random number is preserved, for follow-up backup and reduction Operation.
In step S704, the public key using the offer of backup server is added to the result data after XOR It is close, the Backup Data of migration key is obtained, Backup Data is sent to backup server.
In embodiments of the present invention, the public key of backup server can be provided by trusted third party, can also be passed through Held consultation acquisition with backup server, finally using backup server offer public key to the result data after XOR It is encrypted, obtains the Backup Data of migration key, Backup Data is sent to backup server, completes the standby of migration key Part, improve the security of key.
Embodiment six:
, should be according to the specific authorized party of key when cipher key backup needs to carry out authority checking during cipher key backup Formula is verified, for example, when the migration mandate of key is in the form of password (such as usemame/password) or certificate, then standby Checking user provides during part password or certificate, in embodiments of the present invention, are tested with the mandate carried out based on credible platform module Demonstrate,prove and illustrated for embodiment, it is close by the migration inputted to user when being backed up according to user request information to key The backup request of key carries out migration authorization identifying, so as to ensure that the levying property of safety of cipher key backup.
Fig. 8 shows a kind of realization stream for cipher key backup method based on trust computing that sixth embodiment of the invention is provided Journey, details are as follows:
In step S801, the backup request of the migration key of user's input is received, the migration key is that platform is transportable Key, the transportable key of user or Binding key.
In step S802, the public key of trusted third party's offer and the completeness of platform letter of credible platform module are obtained Breath.
In step S803, public key, completeness of platform information and the migration key that trusted third party provides are pre-set Migration model information carry out or computing, the migration model be non-backup mode.
In step S804, digital digest is set to moving for migration key by the digital digest of the result of generation or computing Move and authorize.
In embodiments of the present invention, the completeness of platform information of credible platform module refers to credible platform module TpmProof information, tpmProof information is bound with credible platform module, as long as the owner of credible platform module is become Change, tpmProof can also change, and the public key that trusted third party provides further ensures the legitimacy of authorized user, when Public key, completeness of platform information and the migration model information of setting or the result of computing provided trusted third party enters line number During word summary (using the SHA-1 functions in credible platform module), if the owner of credible platform module is changed, TpmProof can also change, and digital digest can also change, so as to ensure that mandate in credible platform module Life Cycle Validity in phase.
In step S805, judge whether migration key is identical with the migration mandate prestored, be to perform step S806, otherwise performs step S809.
In embodiments of the present invention, the migration that judgment step S804 calculating is obtained, which authorizes the migration mandate prestored, is It is no identical, the identical next step for then carrying out cipher key backup, otherwise refusal execution cipher key backup instruction.
In step S806, control credible platform module obtains the private key of migration key, the private to the migration key of acquisition Key carries out OAEP codings.
In embodiments of the present invention, when receiving the backup request of migration key of user's input, it is necessary first to will use The migration key that family is specified is taken out from the key tree of generation to be decrypted, and last reach is solved layer by layer since root key It is close, the migration key that user specifies is reached, the private key for the migration key that user is specified is decrypted, and obtains the bright of migration key After literary key, OAEP codings are carried out to it.OAEP codings are defined in RSA PKCS1V2.1, by migration key Clear text key carry out OAEP codings and prevent the malice to the clear text key from distorting.
In step S807, control credible platform module generates a random number, by random number with carrying out after OAEP codings Migration key private key carry out XOR.
In step S808, the public key using the offer of backup server is added to the result data after XOR It is close, the Backup Data of migration key is obtained, Backup Data is sent to backup server.
In step S809, refusal performs cipher key backup instruction.
Embodiment seven:
Fig. 9 shows a kind of structure for cipher key backup system based on trust computing that seventh embodiment of the invention is provided, For convenience of description, it illustrate only the part related to the embodiment of the present invention.
Backup request receiving unit 91 receives the backup request of the migration key of user's input, and the migration key is that platform can Migration key, the transportable key of user or Binding key.
First coding unit 92 control credible platform module obtains the private key of migration key, the private to the migration key of acquisition Key carries out OAEP codings.
First XOR unit 93 control credible platform module generates a random number, by random number with carrying out OAEP volumes The private key of migration key after code carries out XOR.
In embodiments of the present invention, control TPM is generated after a random number, by random number with carrying out moving after OAEP codings The private key for moving key carries out XOR, while the random number is preserved, is operated for follow-up backup and reduction.
Backup Data transmitting element 94 is entered using the public key of the offer of backup server to the result data after XOR Row encryption, obtains the Backup Data of migration key, Backup Data is sent into backup server.
In embodiments of the present invention, the public key of backup server can be provided (such as with certificate by trusted third party Form provided), can also be by being held consultation acquisition with backup server, finally using the offer of backup server Result data after XOR is encrypted public key, obtains the Backup Data of migration key, Backup Data is sent to standby Part server, completes the backup of migration key.
Embodiment eight:
Figure 10 shows a kind of structure for cipher key backup system based on trust computing that eighth embodiment of the invention is provided, For convenience of description, the part related to the embodiment of the present invention is illustrate only, wherein:
Backup request receiving unit 101 receives the backup request of the migration key of user's input, and the migration key is platform Transportable key, the transportable key of user or Binding key.
The backup request for the migration key that first authorization identifying unit 102 is inputted to user carries out migration authorization identifying.
First coding unit 103 control credible platform module obtains the private key of migration key, to the migration key of acquisition Private key carries out OAEP codings.
First XOR unit 104 control credible platform module generates a random number, by random number with carrying out OAEP The private key of migration key after coding carries out XOR.
Backup Data transmitting element 105 is entered using the public key of the offer of backup server to the result data after XOR Row encryption, obtains the Backup Data of migration key, Backup Data is sent into backup server.
In embodiments of the present invention, the completeness of platform information of credible platform module refers to credible platform module TpmProof information, tpmProof information is bound with credible platform module, as long as the owner of credible platform module is become Change, tpmProof can also change, and the public key that trusted third party provides further ensures the legitimacy of authorized user, when Public key, completeness of platform information and the migration model information of setting or the result of computing provided trusted third party enters line number During word summary (using the SHA-1 functions in credible platform module), if the owner of credible platform module is changed, TpmProof can also change, and digital digest can also change, so as to ensure that mandate is effective in TPM life cycles Property.Therefore, in specific implementation process, the first authorization identifying unit 102 is as shown in figure 11, including first information acquiring unit 1021st, first or arithmetic element 1022, first migration authorize setting unit 1023 and first authorize validity authentication unit 1024, wherein:
First information acquiring unit 1021, for obtaining the public key of trusted third party's offer and putting down for credible platform module Platform integrity information;
First or arithmetic element 1022, public key, completeness of platform information and the migration for being used for or providing trusted third party The migration model information that key is pre-set is carried out or computing, and migration model is backup mode;
First migration authorizes setting unit 1023, and for generation or the digital digest of the result of computing, digital digest is set It is set to the migration mandate of the migration key;And
First authorizes validity authentication unit 1024, for by the migration key of setting and the migration that prestores authorize into Row contrast, judges the validity that migration is authorized.
Embodiment nine:
Figure 12 shows a kind of cipher key backup restoring method based on trust computing that ninth embodiment of the invention is provided Implementation process, details are as follows:
In step S1201, the backup and reduction request of the migration key of user's input is received, the migration key is that platform can Migration key, the transportable key of user or Binding key.
In embodiments of the present invention, backup keys to be restored are stored in the form of ciphertext data, the ciphertext number It is different using the public key encryption of backup server according to being that the random number for being encoded and being produced with TPM by OAEP is carried out after XOR Or the result data after computing is obtained.
In step S1202, control credible platform module obtains the public and private corresponding private key of backup migration key, to storage The Backup Data of migration key be decrypted.
In embodiments of the present invention, the corresponding private key of public key of outer layer encryption, the private key when obtaining backup keys first Stored in the form of ciphertext key, accordingly, it would be desirable to control the credible platform module of reduction apparatus to take out phase from key tree The ciphertext key is decrypted the public key answered, the public key of outer layer encryption when obtaining backup keys, finally to the migration of storage The Backup Data of key is decrypted.
In step S1203, prestore random number is subjected to XOR with the Backup Data after decryption, obtained Obtain the clear text key of migration key.
In embodiments of the present invention, prestore random number is subjected to XOR fortune with the Backup Data after decryption Calculate, obtain migration key clear text key, the random number back up the migration key when using and preserve.
In step S1204, clear text key is encrypted public and private using backup migration key, preserves migration key Ciphertext key.
In embodiments of the present invention, after the migration key for obtaining backup, using the public and private to close in plain text of backup migration key Key is encrypted, and the ciphertext key of migration key is preserved, so that the migration key is added into credible platform mould in reduction apparatus In the key tree of block, and it ensure that the security of key in reduction process.
Embodiment ten:
Figure 13 shows a kind of cipher key backup based on trust computing also original system that tenth embodiment of the invention is provided Structure, for convenience of description, illustrate only the part related to the embodiment of the present invention, wherein:
Backup and reduction request unit 131 receives the backup and reduction request of the migration key of user's input, and the migration key is The transportable key of platform, the transportable key of user or Binding key.
In embodiments of the present invention, backup keys to be restored are stored in the form of ciphertext data, the ciphertext number According to being that the random number for encoding and being produced with credible platform module by OAEP is carried out after XOR, the public affairs of backup server are used Result data after key encryption XOR is obtained.
The control credible platform module of Backup Data decryption unit 132 obtains the public and private corresponding private key of backup migration key, The Backup Data of the migration key of storage is decrypted.
In embodiments of the present invention, the corresponding private key of public key of outer layer encryption, the private key when obtaining backup keys first Stored in the form of ciphertext key, accordingly, it would be desirable to control the credible platform module of reduction apparatus to take out phase from key tree The ciphertext key is decrypted the public key answered, the public key of outer layer encryption when obtaining backup keys, finally to the migration of storage The Backup Data of key is decrypted.
Prestore random number is carried out XOR fortune by clear text key acquiring unit 133 with the Backup Data after decryption Calculate, obtain the clear text key of migration key.
Clear text key is encrypted using the public and private of backup migration key for key holding unit 134, preserves migration key Ciphertext key.
Embodiment 11:
Figure 14 shows a kind of reality for key migration method based on trust computing that eleventh embodiment of the invention is provided Existing flow, details are as follows:
In step S1401, the migration request of the migration key of user's input is received, the migration key is that platform is transportable Key, the transportable key of user or Binding key.
In step S1402, control credible platform module obtains the private key of migration key, the private to the migration key of acquisition Key carries out OAEP codings.
In embodiments of the present invention, when receiving the migration request of migration key of user's input, it is necessary first to will use The migration key that family is specified is taken out from the key tree of generation to be decrypted, and last reach is solved layer by layer since root key It is close, the migration key that user specifies is reached, the private key for the migration key that user is specified is decrypted, and obtains the bright of migration key After literary key, OAEP codings are carried out to it.OAEP codings are defined in RSA PKCS1V2.1, by migration key Clear text key carry out OAEP codings and prevent the malice to the clear text key from distorting.
In step S1403, control credible platform module generates a random number, by random number with carrying out after OAEP codings Migration key private key carry out XOR.
In embodiments of the present invention, control TPM is generated after a random number, by random number with carrying out moving after OAEP codings The private key for moving key carries out XOR, while the random number is preserved, for follow-up key recovery.
In step S1404, using move target server offer public key to the result data after XOR It is encrypted, obtains the migration ciphertext data of migration key, ciphertext data with being sent to move target server will be migrated.
In embodiments of the present invention, the public key of destination server can be provided by trusted third party, can also be led to Cross and held consultation acquisition with destination server, finally using destination server offer public key to the knot after XOR Fruit data are encrypted, and encrypted data is sent into destination server, complete the migration of migration key, meanwhile, in key Transition process in by being transmitted after encryption, be effectively improved the security of key.
Embodiment 12:
, should be according to the specific authorized party of key when key migration needs to carry out authority checking during key migration Formula is verified, for example, when the migration mandate of key is in the form of password (such as usemame/password) or certificate, then to move Password or certificate that user provides are verified during shifting, in embodiments of the present invention, is tested with the mandate carried out based on credible platform module Demonstrate,prove and illustrated for embodiment, when being migrated according to user's migration request information to key, pass through moving for being inputted to user The migration request for moving key carries out migration authorization identifying, so as to ensure that the levying property of safety of key migration.
Figure 15 shows a kind of reality for key generation method based on trust computing that twelveth embodiment of the invention is provided Existing flow, details are as follows:
In step S1501, the migration request of the migration key of user's input is received, the migration key is that platform is transportable Key, the transportable key of user or Binding key.
In step S1502, the public key of trusted third party's offer and the completeness of platform letter of credible platform module are obtained Breath.
In step S1503, public key, completeness of platform information and the migration key that trusted third party provides are pre-set Migration model information carry out or computing, the migration model be non-backup mode.
In step S1504, digital digest is set to moving for migration key by the digital digest of the result of generation or computing Move and authorize.
In embodiments of the present invention, the completeness of platform information of credible platform module refers to credible platform module TpmProof information, tpmProof information is bound with credible platform module, as long as the owner of credible platform module is become Change, tpmProof can also change, and the public key that trusted third party provides further ensures the legitimacy of authorized user, when Public key, completeness of platform information and the migration model information of setting or the result of computing provided trusted third party enters line number During word summary (using the SHA-1 functions in credible platform module), if the owner of credible platform module is changed, TpmProof can also change, and digital digest can also change, so as to ensure that mandate in credible platform module Life Cycle Validity in phase.
In step S1505, judge whether migration key is identical with the migration mandate prestored, be to perform step S1506, otherwise performs step S1509.
In embodiments of the present invention, judgment step S1504 calculates obtained migration and authorizes the migration mandate prestored It is whether identical, the identical next step for then carrying out key migration, otherwise refusal execution key migration request.
In step S1506, control credible platform module obtains the private key of migration key, the private to the migration key of acquisition Key carries out OAEP codings.
In step S1507, control credible platform module generates a random number, by the random number with carrying out OAEP volumes The private key of the migration key after code carries out XOR.
In step S1508, using move target server offer public key to the result data after XOR It is encrypted, obtains the migration ciphertext data of migration key, ciphertext data with being sent to move target server will be migrated.
In step S1509, refusal performs the key migration request of user's input.
In embodiments of the present invention, the mandate opinion that key migration asks user is carried out before the step of key is migrated Card, drastically increases the security of data.
Embodiment 13:
Figure 16 shows a kind of knot for key migration system based on trust computing that thriteenth embodiment of the invention is provided Structure, for convenience of description, illustrate only the part related to the embodiment of the present invention, wherein:
Migration request receiving unit 161 receives the migration request of the migration key of user's input, and the migration key is platform Transportable key, the transportable key of user or Binding key.
Second coding unit 162 control credible platform module obtains the private key of migration key, to the migration key of acquisition Private key carries out OAEP codings.
Second XOR unit 163 control credible platform module generates a random number, by random number with carrying out OAEP The private key of migration key after coding carries out XOR.
Migrating data transmitting element 164 using move target the offer of server public key to the result after XOR Data are encrypted, and obtain the migration ciphertext data of migration key, will migrate ciphertext data with being sent to move target server.
Embodiment 14:
Figure 17 shows a kind of knot for key migration system based on trust computing that fourteenth embodiment of the invention is provided Structure, for convenience of description, illustrate only the part related to the embodiment of the present invention, wherein:
Migration request receiving unit 171 receives the migration request of the migration key of user's input, and the migration key is platform Transportable key, the transportable key of user or Binding key;
The migration request for the migration key that second authorization identifying unit 172 is inputted to user carries out migration authorization identifying.
Second coding unit 173 control credible platform module obtains the private key of the migration key, and the migration to acquisition is close The private key of key carries out OAEP codings.
Second XOR unit 174 control credible platform module generates a random number, by the random number with carrying out The private key of migration key after OAEP codings carries out XOR.
Migrating data transmitting element 175 using move target the offer of server public key to the result after XOR Data are encrypted, and obtain the migration ciphertext data of migration key, the migration ciphertext data are serviced with being sent to move target Device.
, should be according to the specific authorized party of key when key migration needs to carry out authority checking during key migration Formula is verified, for example, when the migration mandate of key is in the form of password (such as usemame/password) or certificate, then to move Password or certificate that user provides are verified during shifting, in embodiments of the present invention, is tested with the mandate carried out based on credible platform module Demonstrate,prove and illustrated for embodiment, when being migrated according to user's migration request information to key, pass through moving for being inputted to user The migration request for moving key carries out migration authorization identifying, so as to ensure that the levying property of safety of key migration.Therefore, the second mandate is recognized Card unit 172 specifically includes the second information acquisition unit 1721, second or the migration of arithmetic element 1722, second authorizes setting unit 1723 and second validity authentication unit 1724 is authorized, wherein:
Second information acquisition unit 1721, for obtaining the public key of trusted third party's offer and putting down for credible platform module Platform integrity information;
Second or arithmetic element 1722, for the public key provided trusted third party, completeness of platform information and migrate close The migration model information that key is pre-set is carried out or computing, and the migration model is non-backup mode;
Second migration authorizes setting unit 1723, for generation or the digital digest of the result of computing, by the digital digest It is set to the migration mandate of migration key;And
Second authorizes validity authentication unit 1724, for by the migration key of setting and the migration that prestores authorize into Row contrast, judges the validity that migration is authorized.
Can be with one of ordinary skill in the art will appreciate that realizing that all or part of step in above-described embodiment method is The hardware of correlation is instructed to complete by program, described program can be stored in a computer read/write memory medium, Described storage medium, such as ROM/RAM, disk, CD.
The embodiment of the present invention based on the creditable calculation modules in trust computing, realize the generation of key, backup, reduce with And the migration of key, by the root key of creditable calculation modules, realize the encrypting storing layer by layer of the key of generation, it is ensured that generation The security of key, by using OAEP codings and encryption technology, it is ensured that key in backup and the security of transition process, The security of key after reduction is ensure that during key recovery using decryption, random number, XOR and encryption technology etc..
The foregoing is merely illustrative of the preferred embodiments of the present invention, is not intended to limit the invention, all essences in the present invention Any modifications, equivalent substitutions and improvements made within refreshing and principle etc., should be included in the scope of the protection.

Claims (4)

1. a kind of cipher key backup method based on trust computing, it is characterised in that methods described comprises the steps:
The backup request of the migration key of user's input is received, the migration key is the transportable key of platform, user is transportable Key or Binding key;
The public key of trusted third party's offer and the completeness of platform information of credible platform module are provided;
The migration that public key, the completeness of platform information and the migration key to trusted third party offer are pre-set Pattern information is carried out or computing, and the migration model is backup mode;
The digital digest of the result of described or computing is generated, the migration that the digital digest is set into the migration key is awarded Power;
The migration key and the migration mandate that prestores are contrasted, the validity that migration is authorized is judged;
Control credible platform module to obtain the private key of the migration key, OAEP is carried out to the private key of the migration key of acquisition Coding;
The credible platform module is controlled to generate a random number, by the random number with carrying out the migration after OAEP codings The private key of key carries out XOR;
Result data after XOR is encrypted the public key provided using backup server, obtains the migration key Backup Data, the backup server is sent to by the Backup Data.
2. a kind of cipher key backup system based on trust computing, it is characterised in that the system includes:
Backup request receiving unit, the backup request of the migration key for receiving user's input, the migration key is platform Transportable key, the transportable key of user or Binding key;
First coding unit, for controlling credible platform module to obtain the private key of the migration key, the migration to acquisition The private key of key carries out OAEP codings;
First XOR unit, for controlling credible platform module to generate a random number, by the random number with carrying out The private key of the migration key after OAEP codings carries out XOR;And
Backup Data transmitting element, the public key for being provided using backup server is added to the result data after XOR It is close, the Backup Data of the migration key is obtained, the Backup Data is sent to the backup server;
First authorization identifying unit, the backup request of the migration key for being inputted to user carries out migration authorization identifying;
The first authorization identifying unit is specifically included:
First information acquiring unit, for obtain trusted third party offer public key and the credible platform module platform it is complete Whole property information;
First or arithmetic element, for the public key provided the trusted third party, the completeness of platform information and described move The progress of migration model information or computing that key is pre-set are moved, the migration model is backup mode;
First migration authorizes setting unit, the digital digest of the result for generating described or computing, and the digital digest is set It is set to the migration mandate of the migration key;And
First authorizes validity authentication unit, for the migration key of setting and the migration mandate that prestores to be contrasted, Judge the validity that migration is authorized.
3. a kind of key migration method based on trust computing, it is characterised in that methods described comprises the steps:
The migration request of the migration key of user's input is received, the migration key is the transportable key of platform, user is transportable Key or Binding key;
The public key of trusted third party's offer and the completeness of platform information of credible platform module are provided;
The migration that public key, the completeness of platform information and the migration key to trusted third party offer are pre-set Pattern information is carried out or computing, and the migration model is non-backup mode;
The digital digest of the result of described or computing is generated, the migration that the digital digest is set into the migration key is awarded Power;
The migration key and the migration mandate that prestores are contrasted, the validity that migration is authorized is judged;
Control credible platform module to obtain the private key of the migration key, OAEP is carried out to the private key of the migration key of acquisition Coding;
The credible platform module is controlled to generate a random number, by the random number with carrying out the migration after OAEP codings The private key of key carries out XOR;
Using move target the public key of offer of server the result data after XOR is encrypted, obtain described in move The migration ciphertext data of key are moved, ciphertext data with being sent to move target server is migrated by described.
4. a kind of key migration system based on trust computing, it is characterised in that the system includes:
Migration request receiving unit, the migration request of the migration key for receiving user's input, the migration key is platform Transportable key, the transportable key of user or Binding key;
Second coding unit, for controlling credible platform module to obtain the private key of the migration key, the migration to acquisition The private key of key carries out OAEP codings;
Second XOR unit, for controlling the credible platform module to generate a random number, by the random number with entering The private key of the migration key after row OAEP codings carries out XOR;
Migrating data transmitting element, the public key for the using move target offer of server is to the number of results after XOR According to being encrypted, the migration ciphertext data of the migration key are obtained, the migration ciphertext data are sent to the migration mesh Ground server;
Second authorization identifying unit, the migration request of the migration key for being inputted to user carries out migration authorization identifying;
The second authorization identifying unit is specifically included:
Second information acquisition unit, for obtain trusted third party offer public key and the credible platform module platform it is complete Whole property information;
Second or arithmetic element, for the public key provided the trusted third party, the completeness of platform information and described move The progress of migration model information or computing that key is pre-set are moved, the migration model is non-backup mode;
Second migration authorizes setting unit, the digital digest of the result for generating described or computing, and the digital digest is set It is set to the migration mandate of the migration key;And
Second authorizes validity authentication unit, for the migration key of setting and the migration mandate that prestores to be contrasted, Judge the validity that migration is authorized.
CN201410179133.XA 2011-07-21 2011-07-21 A kind of cipher key backup and moving method and system based on trust computing Expired - Fee Related CN104052592B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410179133.XA CN104052592B (en) 2011-07-21 2011-07-21 A kind of cipher key backup and moving method and system based on trust computing

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201410179133.XA CN104052592B (en) 2011-07-21 2011-07-21 A kind of cipher key backup and moving method and system based on trust computing
CN201110205512.8A CN102355351B (en) 2011-07-21 2011-07-21 Key generation, backup and migration method and system based on trusted computing

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
CN201110205512.8A Division CN102355351B (en) 2011-07-21 2011-07-21 Key generation, backup and migration method and system based on trusted computing

Publications (2)

Publication Number Publication Date
CN104052592A CN104052592A (en) 2014-09-17
CN104052592B true CN104052592B (en) 2017-08-25

Family

ID=51504979

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410179133.XA Expired - Fee Related CN104052592B (en) 2011-07-21 2011-07-21 A kind of cipher key backup and moving method and system based on trust computing

Country Status (1)

Country Link
CN (1) CN104052592B (en)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106656915A (en) * 2015-10-30 2017-05-10 深圳市中电智慧信息安全技术有限公司 Cloud security server based on trusted computing
CN105871918A (en) * 2016-06-08 2016-08-17 美的集团股份有限公司 Household appliance, communication system and method between household appliance and cloud server as well as cloud server
CN110535645A (en) * 2018-05-24 2019-12-03 上海赢亥信息科技有限公司 A kind of standby system and method for digital asset management device
CN109903047A (en) * 2019-02-22 2019-06-18 矩阵元技术(深圳)有限公司 Key migration method and apparatus
CN113411287B (en) * 2020-03-16 2023-05-26 阿里巴巴集团控股有限公司 Key management system, method, device and equipment
CN111881474B (en) * 2020-07-24 2023-09-15 杭州弦冰科技有限公司 Private key management method and device based on trusted computing environment
CN113965340A (en) * 2021-08-30 2022-01-21 广东南方通信建设有限公司 Cross-platform data migration method, system and readable medium

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1460797B1 (en) * 2003-03-18 2014-11-19 Broadcom Corporation Secure access and processing of an encryption/decryption key
CN100531027C (en) * 2005-07-28 2009-08-19 深圳兆日技术有限公司 Key transplanting method based on safety environment
JP2009130882A (en) * 2007-11-28 2009-06-11 Oki Electric Ind Co Ltd Check value confirming method and apparatus
CN101937357B (en) * 2009-07-01 2013-11-06 华为技术有限公司 Virtual machine migration decision-making method, device and system
CN101651543B (en) * 2009-09-04 2012-02-01 瑞达信息安全产业股份有限公司 Creditable calculation platform key migration system and key migration method thereof
CN201479144U (en) * 2009-09-04 2010-05-19 瑞达信息安全产业股份有限公司 Key migrating system of trusted computing platform

Also Published As

Publication number Publication date
CN104052592A (en) 2014-09-17

Similar Documents

Publication Publication Date Title
CN102355351B (en) Key generation, backup and migration method and system based on trusted computing
CN109033855B (en) Data transmission method and device based on block chain and storage medium
CN104052592B (en) A kind of cipher key backup and moving method and system based on trust computing
CN110061845A (en) Block chain data ciphering method, device, computer equipment and storage medium
Ullah et al. Towards blockchain-based secure storage and trusted data sharing scheme for IoT environment
CN107743133A (en) Mobile terminal and its access control method and system based on trustable security environment
CN109697365A (en) Information processing method and block chain node, electronic equipment
Awadallah et al. An integrated architecture for maintaining security in cloud computing based on blockchain
CN103221961A (en) Method and apparatus including architecture for protecting multi-ser sensitive code and data
Gürgens et al. Security evaluation of scenarios based on the TCG’s TPM specification
CN108123795A (en) Distributing method, application process, publishing platform and the system of quantum key chip
CN113626852A (en) Safe and efficient method, system and application for anonymizing chain elements of unlicensed blocks
CN115242553B (en) Data exchange method and system supporting safe multi-party calculation
JP2023535040A (en) Master key escrow process
Xu et al. An efficient blockchain‐based privacy‐preserving scheme with attribute and homomorphic encryption
CN115147224A (en) Transaction data sharing method and device based on alliance chain
Yu et al. Veridedup: A verifiable cloud data deduplication scheme with integrity and duplication proof
CN102270285B (en) Key authorization information management method and device
CN114997867A (en) Data element multi-mode delivery system and method based on block chain and privacy calculation
CN106411520A (en) Method, device and system for processing virtual resource data
CN105404470A (en) Data storage method, data security apparatus and data storage system
Yang et al. A lightweight anonymous mobile shopping scheme based on DAA for trusted mobile platform
CN111464298A (en) Data processing method and device in block chain and block chain network
Amelino et al. An IP core remote anonymous activation protocol
CN109768969A (en) Authority control method and internet-of-things terminal, electronic equipment

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20170825

Termination date: 20180721

CF01 Termination of patent right due to non-payment of annual fee